Search

CN-121997388-A - Device, method, integrated circuit, radio device and terminal equipment for protecting data security of external memory

CN121997388ACN 121997388 ACN121997388 ACN 121997388ACN-121997388-A

Abstract

This application relates to the field of vehicle regulation data security technology, specifically to a device, method, integrated circuit, wireless electrical device, and terminal device for protecting the security of external storage data, which can be applied to board level devices such as automotive components. By pre embedding keys, segment configuration, and mapping relationships, and combining mapping relationships and permission control techniques, the confidentiality and integrity of data can be ensured to achieve an efficient and secure data protection mechanism, ensuring that data in external storage will not be illegally accessed and/or tampered with.

Inventors

  • ZHANG BINJIE

Assignees

  • 加特兰微电子科技(上海)有限公司

Dates

Publication Date
20260508
Application Date
20241108

Claims (19)

  1. 1. A device for protecting the data security of an external memory is characterized in that the device comprises a chip and the external memory, The chip comprises an active security unit and a storage security management unit, wherein the active security unit can be configured to be internally provided with a mapping relation and at least one group of keys, and the mapping relation comprises mapping between an external storage segment and the keys; Wherein when the chip is powered on, the active security element is configurable to key the storage security management element based on the mapping relationship and the at least one set of keys, and to external storage segment mapping relationship configuration, and When the chip performs data read/write operation on the external memory, the storage security management unit may be configured to automatically perform segmented mapping on the external memory based on configuration, and call keys corresponding to different segments to perform decryption/encryption operation.
  2. 2. The apparatus of claim 1, wherein the storage security management unit is configurable to automatically map the external memory segments based on configuration and invoke keys corresponding to different segments for decryption/encryption operations, comprising: The storage security management unit may be configured to locate desired segments based on the segment map configuration and to perform separate decryption or encryption operations on each segment based on the key configuration.
  3. 3. The apparatus according to claim 1 or 2, wherein keys respectively corresponding to at least two segments are different.
  4. 4. The apparatus of any of claims 1-3, wherein the chip comprises at least two processors, at least two segments configurable for data read and/or write operations by different processors.
  5. 5. The apparatus of any of claims 1-4, wherein the storage security management unit is configurable to perform a de/encryption operation on the external memory based on a symmetric cryptographic algorithm.
  6. 6. The apparatus of any of claims 1-5, wherein the symmetric cryptographic algorithm comprises at least one of AES-XTS, AES-GCM, AES-SM 4.
  7. 7. The apparatus of any of claims 1-6, wherein the storage security management unit is configurable to perform a de/encryption operation with different algorithms for at least two segments in the external memory.
  8. 8. The device according to any one of claims 1 to 7, wherein the external memory is a non-volatile memory and/or, The chip is an SoC chip.
  9. 9. The apparatus of any one of claims 1-8, wherein the chip comprises an OTP module and an XIP module; Wherein the active security unit is disposed in the OTP module and the storage security management unit is disposed in the XIP module, or The active security unit and the storage security management unit are both arranged in the OTP module.
  10. 10. A method for protecting data security of an external memory, which is applied to an SoC chip with the external memory, wherein the SoC chip is internally provided with a mapping relation and at least one group of keys, the mapping relation comprises mapping between an external memory segment and the at least one group of keys, the external memory is segmented in advance based on the mapping relation, the method comprises: When the SoC chip performs data reading/writing operation on the external memory, based on the mapping relation and the at least one group of keys, keys corresponding to different segments are called to perform decryption/encryption operation on each segment of the external memory.
  11. 11. The method of claim 10, wherein the SoC chip includes at least two processors, at least two segments of the method being configurable for data read and/or write operations by different processors.
  12. 12. An apparatus for securing data, comprising: a chip with at least one set of keys built in, and An external memory; Wherein, when the chip performs data writing and/or reading operation on the external memory, the at least one set of keys can be configured to perform segmented encryption and/or decryption operation on application layer data and/or the external memory.
  13. 13. The apparatus of claim 12, wherein the chip comprises a storage security management unit comprising at least one set of key slots that match the at least one set of keys; The chip performs secure read and/or write operations of dynamic segmentation on the external memory based on the mapping relation and the secret key.
  14. 14. The apparatus of claim 12 or 13, wherein the chip comprises at least two processors, at least two segments being configurable for data read and/or write operations by different processors.
  15. 15. The apparatus according to any of claims 12-14, wherein separate AES algorithms are used for each segment for separate encryption and/or decryption operations.
  16. 16. An integrated circuit is characterized by comprising a radio frequency module, an analog signal processing module and a digital signal processing module which are connected in sequence; the radio frequency module may be configured to generate a radio frequency transmit signal and receive a radio frequency receive signal; the analog signal processing module may be configured to down-convert the RF received signal to an analog-to-digital conversion to obtain a digital signal, and The digital signal processing module may be configured to digitally signal process the digital signal for target detection and/or wireless communication; Wherein the signal processing module, when performing digital signal processing, may be configured for performing a secure read and/or write operation of dynamic segmentation of the external memory.
  17. 17. The integrated circuit of claim 16, wherein the integrated circuit is a millimeter wave chip and/or, The integrated circuit is a chip in the device of any one of claims 1-9, 12-13.
  18. 18. A radio device, comprising: A carrier; an integrated circuit as claimed in claim 16 or 17, disposed on a carrier; the antenna is arranged on the supporting body, or the antenna and the integrated circuit are integrated into a whole device and arranged on the supporting body; The integrated circuit is connected with the antenna and is used for transmitting the radio frequency transmitting signal and/or receiving the radio frequency receiving signal.
  19. 19. A terminal device, comprising: An apparatus body, and The radio device of claim 18 disposed on the device body; Wherein the radio is for object detection and/or communication to provide reference information to the operation of the device body.

Description

Device, method, integrated circuit, radio device and terminal equipment for protecting data security of external memory Technical Field The application relates to the technical field of vehicle-mounted data security, in particular to a device, a method, an integrated circuit, a radio device and terminal equipment for protecting the data security of an external memory. Background With the continuous increase of the electronic degree of automobiles, data security becomes an important problem. In particular, data stored in the external memory of the system, once leaked or tampered with, can have a serious impact on the safety of the vehicle. Disclosure of Invention In order to solve the technical problems, the application provides a device, a method, an integrated circuit, a radio device and a terminal device for protecting the data security of an external memory, which can be applied to products such as board-level equipment of automobile parts, and the like, and can ensure the confidentiality and the integrity of the data by combining technical means such as a pre-built secret key, a segmented configuration, a mapping relation and the like, the mapping relation, authority control and the like, so as to realize an efficient and safe data protection mechanism and ensure that the data in the external memory cannot be illegally accessed and/or tampered and the like. The application provides a device for protecting data security of an external memory, which comprises a chip and the external memory, wherein the chip comprises an active security unit and a storage security management unit, the active security unit can be configured to be internally provided with a mapping relation and at least one group of keys, the mapping relation comprises mapping between external storage segments and the keys, when the chip is powered on, the active security unit can be configured to carry out key configuration on the storage security management unit and external memory segment mapping relation configuration based on the mapping relation and the at least one group of keys, and when the chip carries out data read/write operation on the external memory, the storage security management unit can be configured to automatically carry out segment mapping on the external memory based on the configuration, and call keys corresponding to different segments to carry out decryption/encryption operation. In some alternative embodiments, the storage security management unit can be configured to automatically map segments of the external memory based on configuration and call keys corresponding to different segments to perform decryption/encryption operations, including the storage security management unit can be configured to locate desired segments based on segment mapping configuration and perform separate decryption or encryption operations on each segment based on key configuration. In some alternative embodiments, the keys respectively corresponding between at least two segments are different. In some alternative embodiments, the chip includes at least two processors, at least two segments being configurable for data read and/or write operations by different processors. In some alternative embodiments, the storage security management unit may be configured to perform a decryption/encryption operation on the external memory based on a symmetric cryptographic algorithm. In some alternative embodiments, the symmetric cryptographic algorithm includes at least one of AES-XTS, AES-GCM, SM 4. In some alternative embodiments, the storage security management unit may be configured to perform the decryption/encryption operations using different algorithms for at least two segments in the external memory. In some alternative embodiments, the external memory is a non-volatile memory and/or the chip is a SoC chip. In some alternative embodiments, the chip comprises an OTP module and an XIP module, wherein the active security unit is arranged in the OTP module, the storage security management unit is arranged in the XIP module, or both the active security unit and the storage security management unit are arranged in the OTP module. The application also provides a method for protecting the data security of the external memory, which can be applied to an SoC chip with the external memory, wherein the SoC chip is internally provided with a mapping relation and at least one group of keys, the mapping relation comprises mapping between external memory segments and the at least one group of keys, the external memory is segmented in advance based on the mapping relation, and when the SoC chip performs data reading/writing operation on the external memory, the method comprises the steps of calling keys corresponding to different segments to execute decryption/encryption operation on each segment of the external memory based on the mapping relation and the at least one group of keys. In some alternative embodiments, the SoC chip includes at least two processo