阅读说明：本技术 数据的处理方法、装置、密码设备和存储介质 (Data processing method and device, cryptographic equipment and storage medium ) 是由 胡伯良 蒋红宇 安晓江 于 2021-07-21 设计创作，主要内容包括：本发明实施例公开了一种数据的处理方法、装置、密码设备和存储介质。该方法包括：获取预设长度的数据,构成第一数据片段,所述数据为目标设备发送的数据；通过密码算法单元采用预设算法对所述第一数据片段进行处理,同时,获取预设长度的数据,构成第二数据片段,以在所述第一数据片段处理完成后,继续通过所述密码算法单元对所述第二数据片段进行处理,其中,所述预设算法为加密算法或解密算法。本发明实施例通过采用上述技术方案,能够减少密码设备对数据进行加解密所耗费的时间,提高密码算法单元的加解密速度。(The embodiment of the invention discloses a data processing method, a data processing device, a password device and a storage medium. The method comprises the following steps: acquiring data with a preset length to form a first data segment, wherein the data is data sent by target equipment; and processing the first data segment by adopting a preset algorithm through a cryptographic algorithm unit, acquiring data with a preset length to form a second data segment, and continuously processing the second data segment through the cryptographic algorithm unit after the first data segment is processed, wherein the preset algorithm is an encryption algorithm or a decryption algorithm. By adopting the technical scheme, the embodiment of the invention can reduce the time consumed by the encryption equipment for encrypting and decrypting the data and improve the encryption and decryption speed of the encryption algorithm unit.)

1. A method for processing data, comprising:

acquiring data with a preset length to form a first data segment, wherein the data is data sent by target equipment;

and processing the first data segment by adopting a preset algorithm through a cryptographic algorithm unit, acquiring data with a preset length to form a second data segment, and continuously processing the second data segment through the cryptographic algorithm unit after the first data segment is processed, wherein the preset algorithm is an encryption algorithm or a decryption algorithm.

2. The method according to claim 1, wherein after said obtaining the data with the preset length to form the second data segment, further comprising:

processing the second data segment by the cryptographic algorithm unit by adopting the preset algorithm, and simultaneously sending the processed first data segment to the target device;

and after the second data fragment is processed, sending the processed second data fragment to the target device.

3. The method of claim 2, further comprising, after the sending the processed second data segment to the target device:

and returning to execute the operation of acquiring the data with the preset length to form a first data segment until the data sent by the target equipment cannot be acquired.

4. The method of claim 1, further comprising:

and if only the data with the data length smaller than the preset length is acquired, adopting the acquired data to form a corresponding data segment, wherein the data segment comprises the first data segment or the second data segment.

5. The method of any of claims 1-4, wherein the predetermined length is less than or equal to 1/2 of a maximum data length that the cryptographic algorithm unit can process at a single time.

6. The method of claim 5, further comprising, before said obtaining data of a preset length:

and determining the preset length of the data acquired at a single time, so that the absolute value of the difference between the first time length spent on the local terminal acquiring the data with the preset length and the second time length spent on the cryptographic algorithm unit processing the data with the preset length is less than or equal to a preset threshold value.

7. The method of claim 5, wherein the obtaining the data with the preset length to form a first data segment comprises:

receiving data with preset length sent by the target equipment, forming a first data segment, and writing the first data segment into a buffer area of the local terminal;

and acquiring the first data segment from the buffer area through a direct memory access unit, and writing the first data segment into a first sub-storage space of the cryptographic algorithm unit.

8. An apparatus for processing data, comprising:

the data acquisition module is used for acquiring data with a preset length to form a first data segment, wherein the data is data sent by target equipment;

and the data processing module is used for processing the first data segment by adopting a preset algorithm through the cryptographic algorithm unit, acquiring data with a preset length to form a second data segment, and continuously processing the second data segment through the cryptographic algorithm unit after the first data segment is processed, wherein the preset algorithm is an encryption algorithm or a decryption algorithm.

9. A cryptographic device, comprising:

one or more processors;

a memory for storing one or more programs,

when executed by the one or more processors, cause the one or more processors to implement a method of processing data as claimed in any one of claims 1-7.

10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out a method for processing data according to any one of claims 1 to 7.

Technical Field

The present invention relates to the field of information security technologies, and in particular, to a data processing method and apparatus, a cryptographic device, and a storage medium.

Background

At present, the SM4 algorithm can be used to encrypt and decrypt information by a cryptographic device to improve the security of the information.

When the SM4 algorithm is used for encryption and decryption, the cryptographic device generally obtains data to be processed whose length matches the storage space of the cryptographic algorithm unit configured in the cryptographic device from the connected computer and writes the data into the storage space of the cryptographic algorithm unit; after the writing is finished, the data to be processed is encrypted and decrypted through the cryptographic algorithm unit; after the encryption and decryption are finished, returning the data obtained by the encryption and decryption to the computer; and after the data is returned to the computer, returning to execute the operation of acquiring the data to be processed with the length consistent with the storage space of the cryptographic algorithm unit configured in the cryptographic equipment from the connected computer until all the data required to be encrypted and decrypted in the computer is processed.

However, in the existing encryption and decryption method, the speed of encrypting and decrypting data by the cryptographic device is slow, so that the encryption and decryption process of the data needs to take a long time.

Disclosure of Invention

In view of the above, embodiments of the present invention provide a method for increasing the encryption and decryption speed of a cryptographic device.

In a first aspect, an embodiment of the present invention provides a method, including:

acquiring data with a preset length to form a first data segment, wherein the data is data sent by target equipment;

and processing the first data segment by adopting a preset algorithm through a cryptographic algorithm unit, acquiring data with a preset length to form a second data segment, and continuously processing the second data segment through the cryptographic algorithm unit after the first data segment is processed, wherein the preset algorithm is an encryption algorithm or a decryption algorithm.

Optionally, after the obtaining of the data with the preset length to form the second data segment, the method further includes:

processing the second data segment by the cryptographic algorithm unit by adopting the preset algorithm, and simultaneously sending the processed first data segment to the target device;

and after the second data fragment is processed, sending the processed second data fragment to the target device.

Optionally, after the sending the processed second data segment to the target device, the method further includes:

and returning to execute the operation of acquiring the data with the preset length to form a first data segment until the data sent by the target equipment cannot be acquired.

Optionally, the data processing method further includes:

and if only the data with the data length smaller than the preset length is acquired, adopting the acquired data to form a corresponding data segment, wherein the data segment comprises the first data segment or the second data segment.

Optionally, the preset length is smaller than or equal to 1/2 of the maximum data length that the cryptographic algorithm unit can process at a single time.

Optionally, before the acquiring the data with the preset length, the method further includes:

and determining the preset length of the data acquired at a single time, so that the absolute value of the difference between the first time length spent on the local terminal acquiring the data with the preset length and the second time length spent on the cryptographic algorithm unit processing the data with the preset length is less than or equal to a preset threshold value.

Optionally, the obtaining of the data with the preset length to form a first data segment includes:

receiving data with preset length sent by the target equipment, forming a first data segment, and writing the first data segment into a buffer area of the local terminal;

and acquiring the first data segment from the buffer area through a direct memory access unit, and writing the first data segment into a first sub-storage space of the cryptographic algorithm unit.

Optionally, before the obtaining the data with the preset length to form the first data segment, the method further includes:

intercepting two sections of sub-storage spaces from a storage space of a cryptographic algorithm unit to serve as a first sub-storage space and a second sub-storage space, so as to store the first data segment through the first sub-storage space and store the second data segment through the second sub-storage space, wherein the capacity of each sub-storage space is greater than or equal to the preset length.

In a second aspect, an embodiment of the present invention provides an apparatus for processing data, including:

the data acquisition module is used for acquiring data with a preset length to form a first data segment, wherein the data is data sent by target equipment;

and the data processing module is used for processing the first data segment by adopting a preset algorithm through the cryptographic algorithm unit, acquiring data with a preset length to form a second data segment, and continuously processing the second data segment through the cryptographic algorithm unit after the first data segment is processed, wherein the preset algorithm is an encryption algorithm or a decryption algorithm.

Optionally, the data processing apparatus further includes:

the first data sending module is used for processing a second data segment by the preset algorithm through the cryptographic algorithm unit after the second data segment is formed by acquiring the data with the preset length, and sending the processed first data segment to the target device;

and the second data sending module is used for sending the processed second data fragment to the target device after the second data fragment is processed.

Optionally, the data processing apparatus further includes:

and the return module is used for returning to the data acquisition module after the processed second data segment is sent to the target equipment until the data sent by the target equipment cannot be acquired.

Optionally, the data processing apparatus further includes:

and the segment forming module is used for forming a corresponding data segment by adopting the data obtained this time when only the data with the data length smaller than the preset length is obtained, wherein the data segment comprises the first data segment or the second data segment.

Optionally, the preset length is smaller than or equal to 1/2 of the maximum data length that the cryptographic algorithm unit can process at a single time.

Optionally, the data processing apparatus further includes:

the length determining module is used for determining the preset length of the data acquired in a single time before the data with the preset length is acquired, so that the absolute value of the difference value between the first time length spent on the local terminal acquiring the data with the preset length and the second time length spent on the cryptographic algorithm unit processing the data with the preset length is smaller than or equal to a preset threshold value.

Optionally, the data obtaining module is specifically configured to:

receiving data with preset length sent by the target equipment, forming a first data segment, and writing the first data segment into a buffer area of the local terminal;

and acquiring the first data segment from the buffer area through a direct memory access unit, and writing the first data segment into a first sub-storage space of the cryptographic algorithm unit.

Optionally, the data processing apparatus further includes:

and the space intercepting module is used for intercepting two sections of sub-storage spaces from the storage space of the cryptographic algorithm unit before the data with the preset length is acquired to form a first data fragment, wherein the two sections of sub-storage spaces are used as a first sub-storage space and a second sub-storage space, so that the first data fragment is stored through the first sub-storage space, and the second data fragment is stored through the second sub-storage space, wherein the capacity of each sub-storage space is greater than or equal to the preset length.

In a third aspect, an embodiment of the present invention provides a cryptographic apparatus, including:

one or more processors;

a memory for storing one or more programs,

when the one or more programs are executed by the one or more processors, the one or more processors implement the data processing method according to the embodiment of the present invention.

In a fourth aspect, the embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, and the computer program, when executed by a processor, implements the data processing method according to the embodiment of the present invention.

In the technical scheme for processing data, data with preset length sent by target equipment is obtained to form a first data segment; and processing the first data segment by adopting a preset encryption algorithm or a preset decryption algorithm through the cryptographic algorithm unit, and simultaneously acquiring data with a preset length to form a second data segment so as to continue processing the second data segment through the cryptographic algorithm unit after the first data segment is processed. By adopting the technical scheme, the embodiment of the invention can acquire the next data segment needing to be encrypted and decrypted while encrypting and decrypting a certain data segment, can reduce the time consumed by the encryption equipment for encrypting and decrypting the data, and improve the encryption and decryption speed of the encryption algorithm unit.

Drawings

Other features, objects and advantages of the invention will become more apparent upon reading of the detailed description of non-limiting embodiments made with reference to the following drawings:

fig. 1 is a schematic flowchart of a data processing method according to an embodiment of the present invention;

fig. 2 is a schematic flowchart of a data processing method according to a second embodiment of the present invention;

fig. 3 is a block diagram of a data processing apparatus according to a third embodiment of the present invention;

fig. 4 is a schematic structural diagram of a cryptographic device according to a fourth embodiment of the present invention.

Detailed Description

The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some but not all of the relevant aspects of the present invention are shown in the drawings. In addition, the embodiments and features of the embodiments in the present invention may be combined with each other without conflict.

Example one

The embodiment of the invention provides a data processing method. The method may be performed by a data processing apparatus, wherein the apparatus may be implemented by software and/or hardware, may be configured in an electronic device, and may typically be configured in a cryptographic device. The data processing method provided by the embodiment of the invention is suitable for a scene of encrypting and decrypting data sent by other equipment. As shown in fig. 1, the data processing method provided in this embodiment may include:

s110, obtaining data with preset length to form a first data segment, wherein the data is data sent by target equipment.

The preset length may not exceed the data length of the maximum data length that can be processed by the cryptographic algorithm unit configured in the local terminal (i.e., the cryptographic device) at a single time, and the specific value may be set as needed, and in consideration of the writing of the subsequent first data segment and the second data segment, preferably, the preset length may be less than or equal to 1/2 of the maximum data length that can be processed by the cryptographic algorithm unit at a single time (e.g., the maximum capacity of the storage space of the cryptographic algorithm unit). The target device may be a device to which the local terminal is connected, that is, a device that establishes a connection with the cryptographic device.

In this embodiment, the cryptographic device may be used to encrypt and decrypt data stored in other devices (e.g., target devices).

Specifically, when data in the target device needs to be encrypted/decrypted, the target device may establish a communication connection with the cryptographic device, for example, establish a connection through a Universal Serial Bus (USB) interface. Therefore, the target device can determine the data which needs to be encrypted/decrypted and is stored by the target device based on the triggering operation of the user, and sequentially send the data which needs to be encrypted/decrypted to the password device through the USB interface. Correspondingly, the cryptographic device may receive data with a preset length sent by the target device, form a first data segment, and store the first data segment in a buffer at the local end, or write the first data segment in a storage space of the cryptographic algorithm unit.

In order to further increase the encryption and decryption speed of the cryptographic device, when acquiring data with a preset length (such as the first data segment and/or the second data segment), the data with the preset length may be written into the cryptographic algorithm unit, so that the cryptographic algorithm unit may subsequently directly encrypt and decrypt the data with the preset length, where, preferably, the acquiring data with the preset length constitutes the first data segment, including: receiving data with preset length sent by the target equipment, forming a first data segment, and writing the first data segment into a buffer area of the local terminal; and acquiring the first data segment from the buffer area through a direct memory access unit, and writing the first data segment into a first sub-storage space of the cryptographic algorithm unit. This case will be described below as an example.

The buffer may be a buffer of the cryptographic device itself, such as a USB communication buffer of the cryptographic device. The storage space of the cryptographic algorithm unit may be a cache space of the cryptographic algorithm unit, and may include at least two sub-storage spaces, so that the first data segment and the second data segment obtained when the first data segment is processed may be stored in two of the at least two sub-storage spaces, respectively. Accordingly, the first sub-storage space may be understood as a sub-storage space for writing the retrieved first data segment.

Illustratively, a Direct Memory Access (DMA) unit may be configured within the cryptographic device. After the connection between the cryptographic device and the target device is established, or after the last second data segment is processed and the processed last second data segment is sent to the target device, the cryptographic device may receive or continue to receive data with a preset length sent by the target device to form a first data segment, write the first data segment into its own USB communication buffer, and after the write is completed, start its own DMA, and move the first data segment from the USB communication buffer to the first sub-storage space of the cryptographic algorithm unit through the DMA.

In the foregoing embodiment, preferably, before the obtaining the data with the preset length to form the first data segment, the method further includes: intercepting two sections of sub-storage spaces from a storage space of a cryptographic algorithm unit to serve as a first sub-storage space and a second sub-storage space, so as to store the first data segment through the first sub-storage space and store the second data segment through the second sub-storage space, wherein the capacity of each sub-storage space is greater than or equal to the preset length.

For example, taking an example of intercepting only two segments of sub-storage spaces from a cryptographic algorithm unit, the storage space of the cryptographic algorithm unit can be directly divided into two parts with capacities greater than or equal to a preset length, and the two parts are used as a first sub-storage space and a second sub-storage space; or intercepting a sub-storage space with the capacity larger than or equal to the preset length from the cryptographic algorithm unit to serve as a first sub-storage space, and intercepting a sub-storage space with the capacity larger than or equal to the preset length behind the first sub-storage space to serve as a second sub-storage space. The capacity of the first sub-storage space and the capacity of the second sub-storage space may be the same or different, and this embodiment does not limit this.

And S120, processing the first data segment by adopting a preset algorithm through a cryptographic algorithm unit, and meanwhile, acquiring data with a preset length to form a second data segment, so as to continue processing the second data segment through the cryptographic algorithm unit after the first data segment is processed, wherein the preset algorithm is an encryption algorithm or a decryption algorithm.

The preset algorithm may be a preset encryption and decryption algorithm, which may be set as needed, for example, the preset algorithm may be an SM4 algorithm, and the like. The second piece of data may be a piece of data that is acquired while other pieces of data (e.g., the first piece of data) are being processed.

In this embodiment, when one data segment is encrypted and decrypted, the next data segment to be encrypted and decrypted may be obtained, that is, the encryption and decryption process of the current data segment and the obtaining process of the next data segment may be executed in parallel. Therefore, after the encryption and decryption of the current data segment are completed, the next data segment can be directly encrypted and decrypted, the encryption algorithm unit does not need to be started after all data which can be encrypted and decrypted by the encryption algorithm unit at a single time are obtained, the obtained data are encrypted and decrypted through the encryption algorithm unit, the next data segment which needs to be encrypted and decrypted does not need to be obtained after the encryption and decryption of the current data segment are completed, the time consumed by the encryption equipment for encrypting and decrypting the data can be greatly shortened, and the encryption and decryption speed of the encryption equipment is improved.

For example, after writing the first data segment into the first sub-storage space of the cryptographic algorithm unit, the cryptographic apparatus may start the cryptographic algorithm unit, and encrypt and decrypt, by the cryptographic algorithm unit, the first data segment stored in the first sub-storage space; and when the first data segment is encrypted and decrypted by the cryptographic algorithm unit, receiving the data sent by the target device again, writing the data into a USB communication buffer of the target device, stopping receiving the data when the received data reaches a preset length, thus obtaining a second data segment, starting DMA after the second data segment is obtained, and writing the second data segment into a second sub-storage space of the cryptographic algorithm unit through the DMA. Therefore, after the cryptographic device completes processing of the first data segment and writes the second data segment into the second sub-storage space of the cryptographic algorithm unit, the cryptographic algorithm unit can be directly started, and the second sub-data segment is processed through the cryptographic algorithm unit.

Optionally, the obtaining of the data with the preset length to form a second data segment includes: receiving data with preset length sent by the target equipment, forming a second data segment, and writing the second data segment into a buffer area of the local terminal; and acquiring the second data segment from the buffer area through a direct memory access unit, and writing the second data segment into a second sub-storage space of the cryptographic algorithm unit.

In this embodiment, after the DMA writes a certain data segment (e.g., the first data segment or the second data segment) into the storage space of the cryptographic algorithm unit, or after the cryptographic algorithm unit completes processing a certain data segment, the DMA may automatically stop running. Therefore, after the password equipment writes a certain data segment into the USB communication buffer area of the password equipment, the DMA can be started, and the data segment is written into the storage space of the password algorithm unit through the DMA; when the cryptographic device needs to process a certain data segment, the cryptographic algorithm unit can be started, and the data segment is processed through the cryptographic algorithm unit.

It can be understood that, when the length of the data that remains to be processed in the target device is smaller than the preset length, that is, when the received data is smaller than the preset length, only the data smaller than the preset length may be used as the currently acquired data segment, in this case, the data length of the data segment may be smaller than the preset length. At this time, optionally, the method for processing data provided in this embodiment may further include: and if only the data with the data length smaller than the preset length is acquired, adopting the acquired data to form a corresponding data segment, wherein the data segment comprises the first data segment or the second data segment.

For example, when data used for forming a first data segment is received, if the data that can be received is smaller than a preset length, it may be considered that data that needs to be processed in the target device has been sent completely, at this time, the data that is smaller than the preset length and received this time may be used to form the first data segment, the first data segment is processed by the cryptographic algorithm unit, and an operation of obtaining the data with the preset length and forming a second data segment is not performed any more. Accordingly, when data for forming the second data segment is received, if the data that can be received is smaller than the preset length, the second data segment may be formed only by using the data that is smaller than the preset length and is received this time.

In addition, before the data with the preset length is obtained to form the second data segment, whether the target device continues to send data to the local terminal or not can be further judged, namely whether the data in the target device are all sent completely or not is judged, if yes, the operation of obtaining the data with the preset length and forming the second data segment is not executed any more; if not, the data with the preset length can be obtained to form a second data segment.

In the data processing method provided by this embodiment, data with a preset length sent by a target device is obtained to form a first data segment; and processing the first data segment by adopting a preset encryption algorithm or a preset decryption algorithm through the cryptographic algorithm unit, and simultaneously acquiring data with a preset length to form a second data segment so as to continue processing the second data segment through the cryptographic algorithm unit after the first data segment is processed. By adopting the above technical scheme, when a certain data segment is encrypted and decrypted, the next data segment which needs to be encrypted and decrypted is obtained, so that the time consumed by the encryption device for encrypting and decrypting the data can be reduced, and the encryption and decryption speed of the encryption algorithm unit is increased.

Example two

Fig. 2 is a flowchart illustrating a data processing method according to a second embodiment of the present invention. The present embodiment is optimized on the basis of the foregoing embodiment, and optionally, after the obtaining the data with the preset length to form the second data segment, the method further includes: processing the second data segment by the cryptographic algorithm unit by adopting the preset algorithm, and simultaneously sending the processed first data segment to the target device; and after the second data fragment is processed, sending the processed second data fragment to the target device.

Optionally, after the sending the processed second data segment to the target device, the method further includes: and returning to execute the operation of acquiring the data with the preset length to form a first data segment until the data sent by the target equipment cannot be acquired.

Optionally, before the acquiring the data with the preset length, the method further includes: and determining the preset length of the data acquired at a single time, so that the absolute value of the difference between the first time length spent on the local terminal acquiring the data with the preset length and the second time length spent on the cryptographic algorithm unit processing the data with the preset length is less than or equal to a preset threshold value.

Correspondingly, as shown in fig. 2, the data processing method provided in this embodiment may include:

s210, determining a preset length of data acquired at a single time, so that an absolute value of a difference value between a first time length spent on acquiring the data with the preset length and a second time length spent on processing the data with the preset length by the cryptographic algorithm unit is smaller than or equal to a preset threshold, wherein the preset length is smaller than or equal to 1/2 of the maximum data length which can be processed at a single time by the cryptographic algorithm unit.

In this embodiment, the preset length may be determined according to the maximum data length (e.g. the capacity of the storage space of the cryptographic algorithm unit) that can be processed at a single time by the cryptographic algorithm unit, for example, the preset length may be set to 1/2 where the cryptographic algorithm is larger than the maximum data length that can be processed at a single time.

For example, the length of the data acquired once may be sequentially set to different length values, and the time taken for the cryptographic algorithm unit to encrypt or decrypt the data with the data length of the set length value (i.e., the first duration) and the time taken for the cryptographic algorithm unit to encrypt or decrypt the data with the data length of the corresponding length value (i.e., the second duration) may be recorded separately. Then, for each length value, calculating an absolute value of a difference value between the corresponding first time length and the corresponding second time length, and selecting a length value which is less than or equal to 1/2 of the maximum data length which can be processed by the cryptographic algorithm unit at a time and has the smallest absolute value of the difference value as a preset length of the data acquired at a time; or, determining a first data size-time curve when the cryptographic device acquires data according to each length value and a first time length corresponding to each length value, determining a second data size-time curve when the cryptographic algorithm unit encrypts and decrypts the data according to each length value and a second time length corresponding to each length value, obtaining a data size of 1/2, which enables the absolute value of the difference between the first time length and the second time length to be less than or equal to the maximum data length that the cryptographic algorithm unit can process at a single time, according to the first data size-time curve and the second data size-time curve, and determining the data size as the preset length of data acquired at a single time.

S220, obtaining data with preset length to form a first data segment, wherein the data is data sent by target equipment.

And S230, processing the first data segment by adopting a preset algorithm through a cryptographic algorithm unit, and simultaneously acquiring data with a preset length to form a second data segment, wherein the preset algorithm is an encryption algorithm or a decryption algorithm.

S240, processing the second data segment by the preset algorithm through the cryptographic algorithm unit, and meanwhile, sending the processed first data segment to the target device.

In this embodiment, considering that the cryptographic algorithm unit can only process one data segment at a time, the cryptographic device may restart the cryptographic algorithm unit and the DMA after the cryptographic algorithm unit completes processing the first data segment and the DMA writes the second data segment into the cryptographic algorithm unit, process the second data segment through the cryptographic algorithm unit, write the processed first data segment into the buffer of the cryptographic device through the DMA, and further send the processed first data segment stored in the buffer to the target device after the writing is completed. Thus, the target device may receive the processed first data segment sent by the cryptographic device and store it.

And S250, after the second data segment is processed, sending the processed second data segment to the target device.

Specifically, after the cryptographic algorithm unit completes processing of the second data segment and transmission of the processed first data segment is completed, the DMA may be started again, the processed second data segment is written into the buffer of the cryptographic device by the DMA, and the processed second data segment stored in the buffer is further transmitted to the target device for storage after the writing is completed.

It should be noted that, this embodiment may also intercept more than 2 segments of sub-storage spaces from the storage space of the cryptographic algorithm unit. At this time, for example, assuming that n (n is greater than or equal to 2) sub-storage spaces are intercepted from the cryptographic algorithm unit, the cryptographic device may receive data with a preset length to form a data segment while processing the data segment in the ith (i is greater than or equal to 1 and less than n) sub-storage space of the cryptographic algorithm unit, write the data segment into the (i + 1) th sub-storage space of the cryptographic algorithm unit, when processing the data segment in the ith sub-storage space of the cryptographic algorithm unit is completed, make i be i +1, and return to perform the above operation until processing the data segment in the (n-1) th sub-storage space of the cryptographic algorithm unit is completed; therefore, after the data segment in the nth-1 sub-storage space of the cryptographic algorithm unit is processed, the data segment in the nth sub-storage space of the cryptographic algorithm unit can be continuously processed, the processed data segments in the 1 st-n-1 sub-storage spaces of the cryptographic algorithm unit are sequentially sent to the target device for storage, and the processed data segments in the nth sub-storage space of the cryptographic algorithm unit are continuously sent to the target device for storage after the data segments are sent; and repeatedly executing the operations until the data needing to be processed in the target equipment are processed completely. Therefore, the encryption and decryption of the data in the target device can be realized.

S260, judging whether the target equipment still sends data to the local terminal, if so, returning to execute S220; if not, the operation is ended.

In this embodiment, after the processed second data segment is sent to the target device, it may be determined whether the target device is still sending data to the home terminal, and if so, the process may return to step S220 to continue processing the remaining unprocessed data in the target device; if not, the data needing to be processed in the target device can be judged to be processed completely, and the operation is ended.

In an alternative embodiment, assuming that the maximum data length that the cryptographic algorithm unit can encrypt and decrypt at a single time is N, at this time, N (N ≦ N) may be predetermined, so that the difference between time t1 when the cryptographic apparatus receives and writes N/2 bytes of data into the cryptographic algorithm unit and time t2 required by the cryptographic algorithm unit to encrypt and decrypt the N/2 bytes of data is small, for example, the absolute value of the difference between t1 and t2 is smaller than a preset threshold or the absolute value of the difference between t1 and t2 is minimized on the premise that the absolute value is achievable, and the storage space of the cryptographic algorithm unit is divided into a first half storage space and a second half storage space, each of which has a capacity greater than or equal to N/2. At this time, the process of encrypting data by the cryptographic device may be described as:

a. n/2 bytes of data are received and written into the first half of the memory space of the cryptographic algorithm unit.

For example, n/2 bytes of data may be received and written into the USB communication buffer, and after the writing is completed, DMA may be initiated to move the n/2 bytes of data from the USB communication buffer into the first half of the memory space of the cryptographic algorithm unit via DMA.

b. And starting the cryptographic algorithm unit, encrypting the n/2 bytes of data written into the storage space of the first half part of the cryptographic algorithm unit through the cryptographic algorithm unit, and simultaneously receiving the n/2 bytes of data again and writing the data into the storage space of the second half part of the cryptographic algorithm unit.

c. And c, when the step b is executed, starting the cryptographic algorithm unit, encrypting the data of n/2 bytes written into the storage space of the rear half part of the cryptographic algorithm unit through the cryptographic algorithm unit, and simultaneously sending the encryption result stored in the storage space of the front half part of the cryptographic algorithm unit (namely the encryption result of the data of n/2 bytes written into the storage space of the front half part of the cryptographic storage unit) to the target device.

When the encryption result is sent to the target device, the DMA may be started first, the encryption result is moved from the first half storage space of the cryptographic algorithm unit into the USB communication buffer by the DMA, and after the encryption result is moved into the USB communication buffer, the encryption result in the USB communication buffer is sent to the target device.

d. And c, when the step c is executed, sending the encryption result stored in the latter half storage space of the encryption algorithm unit (namely the encryption result of the data of n/2 bytes written in the latter half storage space of the encryption storage unit) to the target device.

e. When the step d is finished, judging whether the data in the target equipment are processed completely, if so, finishing the operation; if not, returning to execute the step a.

In addition, the process of decrypting the data by the cryptographic device is similar to the above process, and is not described herein again.

The data processing method provided in this embodiment is configured to, while processing a certain data segment, send a last data segment that has been processed to the target device, or acquire a next data segment that needs to be processed, so as to further shorten time consumed by the cryptographic device for encryption and decryption, and improve encryption and decryption speed of the cryptographic device.

EXAMPLE III

The third embodiment of the invention provides a data processing device. The apparatus can be implemented by software and/or hardware, can be configured in an electronic device, and typically can be configured in a cryptographic device, and can encrypt and decrypt data by performing a processing method of the data. As shown in fig. 3, the data processing apparatus provided in this embodiment may include: a data acquisition module 301 and a data processing module 302, wherein,

the data acquiring module 301 is configured to acquire data with a preset length to form a first data segment, where the data is data sent by a target device;

the data processing module 302 is configured to process the first data segment through a cryptographic algorithm unit by using a preset algorithm, and at the same time, obtain data of a preset length to form a second data segment, so as to continue to process the second data segment through the cryptographic algorithm unit after the first data segment is processed, where the preset algorithm is an encryption algorithm or a decryption algorithm.

The data processing apparatus provided in this embodiment acquires, by a data acquisition module, data of a preset length sent by a target device, and forms a first data segment; and controlling a cryptographic algorithm unit to process the first data segment by adopting a preset encryption algorithm or a preset decryption algorithm through a data processing module, and simultaneously acquiring data with a preset length to form a second data segment so as to continue processing the second data segment through the cryptographic algorithm unit after the first data segment is processed. By adopting the above technical scheme, when a certain data segment is encrypted and decrypted, the next data segment which needs to be encrypted and decrypted is obtained, so that the time consumed by the encryption device for encrypting and decrypting the data can be reduced, and the encryption and decryption speed of the encryption algorithm unit is increased.

Further, the data processing apparatus provided in this embodiment may further include: the first data sending module is used for processing a second data segment by the preset algorithm through the cryptographic algorithm unit after the second data segment is formed by acquiring the data with the preset length, and sending the processed first data segment to the target device; and the second data sending module is used for sending the processed second data fragment to the target device after the second data fragment is processed.

Further, the data processing apparatus provided in this embodiment may further include: and the return module is used for returning to the data acquisition module after the processed second data segment is sent to the target equipment until the data sent by the target equipment cannot be acquired.

Further, the data processing apparatus provided in this embodiment may further include: and the segment forming module is used for forming a corresponding data segment by adopting the data obtained this time when only the data with the data length smaller than the preset length is obtained, wherein the data segment comprises the first data segment or the second data segment.

In the above solution, the preset length may be smaller than or equal to 1/2 of the maximum data length that the cryptographic algorithm unit can process at a single time.

Further, the data processing apparatus provided in this embodiment may further include: the length determining module is used for determining the preset length of the data acquired in a single time before the data with the preset length is acquired, so that the absolute value of the difference value between the first time length spent on the local terminal acquiring the data with the preset length and the second time length spent on the cryptographic algorithm unit processing the data with the preset length is smaller than or equal to a preset threshold value.

In the foregoing solution, the data obtaining module 301 may specifically be configured to: receiving data with preset length sent by the target equipment, forming a first data segment, and writing the first data segment into a buffer area of the local terminal; and acquiring the first data segment from the buffer area through a direct memory access unit, and writing the first data segment into a first sub-storage space of the cryptographic algorithm unit.

Further, the data processing apparatus provided in this embodiment may further include: and the space intercepting module is used for intercepting two sections of sub-storage spaces from the storage space of the cryptographic algorithm unit before the data with the preset length is acquired to form a first data fragment, wherein the two sections of sub-storage spaces are used as a first sub-storage space and a second sub-storage space, so that the first data fragment is stored through the first sub-storage space, and the second data fragment is stored through the second sub-storage space, wherein the capacity of each sub-storage space is greater than or equal to the preset length.

The data processing device provided by the third embodiment of the invention can execute the data processing method provided by any embodiment of the invention, and has the corresponding functional module and beneficial effect of the data processing method. For details of the data processing method provided in any embodiment of the present invention, reference may be made to the technical details not described in detail in this embodiment.

Example four

Fig. 4 is a schematic structural diagram of a cryptographic device according to a fourth embodiment of the present invention, as shown in fig. 4, the cryptographic device includes a processor 40 and a memory 41, and may further include a cryptographic algorithm unit 42 and a direct memory access unit 43; the number of processors 40 in the cryptographic device may be one or more, and one processor 40 is taken as an example in fig. 4; the processor 40, the memory 41, the cryptographic algorithm unit 42 and the direct memory access unit 43 in the cryptographic device may be connected by a bus or other means, which is exemplified in fig. 4.

The memory 41, as a computer-readable storage medium, may be used to store software programs, computer-executable programs, and modules, such as program instructions/modules corresponding to the processing method of data in the embodiment of the present invention (for example, the data acquisition module 301 and the data processing module 302 in the data processing apparatus). The processor 40 executes various functional applications of the cryptographic device and data processing, i.e., implements the above-described data processing method, by executing software programs, instructions, and modules stored in the memory 41.

The memory 41 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created according to the use of the terminal, and the like. Further, the memory 41 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some examples, memory 41 may further include memory located remotely from processor 40, which may be connected to a cryptographic device over a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.

The cryptographic algorithm unit 42 may be used to encrypt/decrypt data, generating an encryption/decryption result. The direct storage access unit 43 may be used to write data in a buffer of the cryptographic device to the cryptographic algorithm unit 42 and to move the encryption/decryption results generated by the cryptographic algorithm unit 42 into the buffer of the cryptographic device.

An embodiment of the present invention further provides a storage medium containing computer-executable instructions, which when executed by a computer processor, perform a data processing method, including:

acquiring data with a preset length to form a first data segment, wherein the data is data sent by target equipment;

and processing the first data segment by adopting a preset algorithm through a cryptographic algorithm unit, acquiring data with a preset length to form a second data segment, and continuously processing the second data segment through the cryptographic algorithm unit after the first data segment is processed, wherein the preset algorithm is an encryption algorithm or a decryption algorithm.

Of course, the storage medium provided by the embodiment of the present invention contains computer-executable instructions, and the computer-executable instructions are not limited to the method operations described above, and may also perform related operations in the data processing method provided by any embodiment of the present invention.

From the above description of the embodiments, it is obvious for those skilled in the art that the present invention can be implemented by software and necessary general hardware, and certainly, can also be implemented by hardware, but the former is a better embodiment in many cases. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which can be stored in a computer-readable storage medium, such as a floppy disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a FLASH Memory (FLASH), a hard disk or an optical disk of a computer, and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network device) to execute the methods according to the embodiments of the present invention.

It should be noted that, in the embodiment of the data processing apparatus, the included units and modules are merely divided according to functional logic, but are not limited to the above division as long as the corresponding functions can be implemented; in addition, specific names of the functional units are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present invention.

It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.