Movatterモバイル変換

[0]ホーム
URL:

CN114117484B - Device for improving host cache data security and cache data reading and writing method and device - Google Patents

Device for improving host cache data security and cache data reading and writing method and deviceDownload PDF

Info

Publication number
CN114117484B
CN114117484BCN202111388870.7ACN202111388870ACN114117484BCN 114117484 BCN114117484 BCN 114117484BCN 202111388870 ACN202111388870 ACN 202111388870ACN 114117484 BCN114117484 BCN 114117484B
Authority
CN
China
Prior art keywords
data
cache
host
encryption
host cache
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111388870.7A
Other languages
Chinese (zh)
Other versions
CN114117484A (en
Inventor
巴书法
滕向阳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Green Crystal Semiconductor Technology Beijing Co ltd
Original Assignee
Green Crystal Semiconductor Technology Beijing Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Green Crystal Semiconductor Technology Beijing Co ltdfiledCriticalGreen Crystal Semiconductor Technology Beijing Co ltd
Priority to CN202111388870.7ApriorityCriticalpatent/CN114117484B/en
Publication of CN114117484ApublicationCriticalpatent/CN114117484A/en
Application grantedgrantedCritical
Publication of CN114117484BpublicationCriticalpatent/CN114117484B/en
Activelegal-statusCriticalCurrent
Anticipated expirationlegal-statusCritical

Links

Images

Classifications

Landscapes

Abstract

The application relates to a device for improving host cache data security, comprising: the device comprises a transmission control unit, a verification module and an encryption and decryption module; the transmission control unit, the verification module and the encryption and decryption module are all suitable for being loaded in a storage hard disk which performs data interaction with a host cache; the transmission control unit, the verification module and the encryption and decryption module are electrically connected in sequence; the transmission control unit is suitable for being in communication connection with an on-chip cache module in the storage hard disk and is configured to transmit and exchange data between the storage hard disk and a host cache; the checking module is configured to check data transmitted between the storage hard disk and the host cache; and the encryption and decryption module is configured to encrypt the data written into the host cache by the storage hard disk and decrypt the data read from the host cache to the storage hard disk. The method and the device effectively prevent the condition that the on-chip cache data is analyzed and cracked after being stored in the host cache, and greatly reduce the risk of user data leakage.

Description

Device for improving host cache data security and cache data reading and writing method and device
Technical Field
The present application relates to the field of data security technologies, and in particular, to an apparatus for improving host cache data security, and a method and an apparatus for reading and writing cache data.
Background
The HMB is called a Host Memory Buffer, that is, a Host Memory caching technology, so that the SSD (solid state disk) can improve the performance of the SSD itself by means of the high-speed read-write characteristic of the Host Memory without the help of the DRAM (dynamic random access Memory), and finally achieve the performance equivalent to the SSD with the DRAM. When the NVMe SSD supporting the HMB function is read and written, the function can be automatically started to improve and optimize the performance, and the principle of the HMB technology is that a cache area is reserved in the memory of a host and is specially used by the SSD. The partial area only occupies a small space of the PC memory, and the sufficient space is reserved in the memory to coordinate and complete data exchange between the CPU and the SSD.
In order to cache the internal mapping table of the SSD as much as possible, the SSD management unit usually temporarily stores the internal mapping table on the HMB to speed up retrieval and loading. However, in a general case, mapping table data is stored in a host HMB cache in clear code, which makes it easy for mapping table information to be analyzed and cracked, thereby causing great potential safety hazard to leakage of user data.
Disclosure of Invention
In view of this, the present application provides an apparatus for improving host cache data security, which can effectively improve security of user data cache and prevent leakage of user data.
According to an aspect of the present application, there is provided an apparatus for improving host cache data security, including: the device comprises a transmission control unit, a verification module and an encryption and decryption module;
the transmission control unit, the verification module and the encryption and decryption module are all suitable for being loaded in a storage hard disk which performs data interaction with a host cache;
the transmission control unit, the verification module and the encryption and decryption module are electrically connected in sequence;
the transmission control unit is suitable for being in communication connection with an on-chip cache module in the storage hard disk and is configured to perform transmission exchange of data between the storage hard disk and the host cache;
the checking module is configured to check data transmitted between the storage hard disk and the host cache;
the encryption and decryption module is configured to encrypt data written into the host cache by the storage hard disk and decrypt data read from the host cache to the storage hard disk.
In one possible implementation manner, the encryption and decryption module includes: the encryption and decryption device comprises a key list submodule, an encryption and decryption configuration register, a key generator and an encryption and decryption operation submodule;
the key list submodule is configured to store an initial key pre-allocated to each cache page in the storage hard disk;
the configuration register is configured to be used for starting page information and characteristic word information when data are written or read currently;
the key generator is configured to perform operation according to the initial key selected by the key list submodule and the configured characteristic word information to generate a corresponding key;
and the encryption and decryption operation submodule is configured to encrypt or decrypt the currently written data or the read data according to the key generated by the key generator.
In one possible implementation, the checking module, when configured to check the data transferred between the storage hard disk and the host cache, is performed based on a CRC16 algorithm.
According to another aspect of the present application, there is provided a host cache data writing method for writing cache data in a storage hard disk into a host cache by using any one of the above apparatuses, including:
the checking module checks the cache data which is written into the host cache currently to generate end-to-end protection information;
the encryption and decryption module encrypts the cache data to generate a corresponding ciphertext;
and the transmission control unit acquires the ciphertext generated by the encryption and decryption module and writes the ciphertext into the host cache.
In a possible implementation manner, the encryption and decryption module encrypts the cache data, and generates a corresponding ciphertext according to the management page cached by the host and the initial encryption key corresponding to each management page.
In a possible implementation manner, the management pages cached by the host and the initial encryption keys corresponding to the management pages are obtained from the management page information cached by the host through a CPU in the storage hard disk, and corresponding initial encryption keys are obtained according to the obtained management page information.
According to another aspect of the present application, there is provided a method for reading data in a host cache to a storage hard disk by using the apparatus described in any one of the preceding paragraphs, including:
the encryption and decryption module decrypts the data read from the host cache at present to obtain a corresponding decrypted ciphertext;
the verification module verifies the decrypted ciphertext, and when the verification result is correct, the decrypted ciphertext is transmitted to the transmission control unit;
and the transmission control unit forwards the decrypted ciphertext to an on-chip cache module of the storage hard disk.
In a possible implementation manner, when the verification module verifies the decrypted ciphertext, the verification module compares a verification code in the decrypted ciphertext with a verification code generated when the data is written into the host cache.
In a possible implementation manner, when the encryption and decryption module decrypts the data currently read from the host cache, the decryption is performed based on an initial encryption key corresponding to a management page of the data in the host cache.
According to another aspect of the present application, there is also provided an apparatus for improving security of host cache data, including:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to carry out the executable instructions to implement any of the methods described above.
The device for improving the host cache data security is additionally arranged in the storage hard disk, a transmission control single path of the device for improving the host cache data security is electrically connected with an on-chip cache module in the storage hard disk, and the encryption and decryption module is used as a data interaction interface and is used for communicating with a host cache, so that when the storage hard disk adopts the HMB technology, when data in the on-chip cache module is cached to the host cache, corresponding check codes are respectively generated on the on-chip cache data through the check module, the encryption and decryption module encrypts the on-chip cache data to obtain corresponding ciphertexts, and then the ciphertexts obtained through encryption are cached to the host cache, so that the on-chip cache data can be stored into the host cache in a ciphertexts manner, the conditions that the on-chip cache data is analyzed and cracked after being stored in the host cache are effectively prevented, and the risk of user data leakage is greatly reduced.
Other features and aspects of the present application will become apparent from the following detailed description of exemplary embodiments, which proceeds with reference to the accompanying drawings.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate exemplary embodiments, features, and aspects of the application and, together with the description, serve to explain the principles of the application.
Fig. 1 is a block diagram illustrating a structure of an apparatus for improving security of host cache data according to an embodiment of the present disclosure;
fig. 2 is a schematic structural diagram illustrating an encryption/decryption module in the apparatus for improving security of host cache data according to the embodiment of the present application;
FIG. 3 shows a schematic structural diagram between a host and an SSD according to an embodiment of the present application;
FIG. 4 is a flow chart illustrating a host cache data writing method according to an embodiment of the present disclosure;
fig. 5 is a schematic diagram illustrating a page number key encrypted and decrypted according to an HMB cache page in an apparatus for improving security of host cache data in an embodiment of the present application;
FIG. 6 is a flowchart illustrating a host cache data reading method according to an embodiment of the present disclosure;
fig. 7 shows a block diagram of a device for improving security of host cache data according to an embodiment of the present application.
Detailed Description
Various exemplary embodiments, features and aspects of the present application will be described in detail below with reference to the accompanying drawings. In the drawings, like reference numbers can indicate functionally identical or similar elements. While the various aspects of the embodiments are presented in drawings, the drawings are not necessarily drawn to scale unless specifically indicated.
The word "exemplary" is used exclusively herein to mean "serving as an example, embodiment, or illustration. Any embodiment described herein as "exemplary" is not necessarily to be construed as preferred or advantageous over other embodiments.
Furthermore, in the following detailed description, numerous specific details are set forth in order to provide a better understanding of the present application. It will be understood by those skilled in the art that the present application may be practiced without some of these specific details. In some instances, methods, means, elements and circuits that are well known to those skilled in the art have not been described in detail so as not to obscure the present application.
Fig. 1 is a block diagram illustrating an apparatus for improving security of host cache data according to an embodiment of the present application. As shown in fig. 1, the apparatus for improving the security of host cache data includes: atransmission control unit 110, averification module 120 and an encryption anddecryption module 130.
Here, it should be noted that the apparatus for improving host cache data security according to the embodiment of the present application is suitable for being configured in a storage hard disk (e.g., SSD), and is configured in the SSD to interact with an on-chip cache and a CPU in the SSD, so that when the SSD stores data by using the HMB technology, data to be written into the host cache can be encrypted by the apparatus for improving host cache data security, so that the data stored in the host cache can be stored in a ciphertext manner, which effectively improves the security of host cache data.
Specifically, referring to fig. 1, the apparatus for improving host cache data security according to the embodiment of the present application includes atransmission control unit 110, averification module 120, and an encryption/decryption module 130. Thetransmission control unit 110, theverification module 120 and the encryption anddecryption module 130 are electrically connected in sequence.
Thetransmission control unit 110 is configured to perform transmission and exchange of data between the storage hard disk and the host cache, is suitable for communication connection with the on-chip cache module in the storage hard disk, and is mainly responsible for managing transmission and exchange of internal cache data and host-side HMB cache data, so as to ensure efficient data transmission and reduce CPU load.
Theverification module 120 is configured to verify data transmitted between the storage hard disk and the host cache, and specifically includes: when data of the on-chip cache module is written into the host cache, corresponding check codes are generated for the on-chip cache data, and when the data cached by the host is read into the on-chip cache module, the read data is checked, so that an end-to-end protection function is realized.
The encryption anddecryption module 130, as a data encryption unit, is adapted to be in communication connection with the host cache, and is configured to encrypt data written from the storage hard disk into the host cache and decrypt data read from the host cache into the storage hard disk.
Therefore, by adding the device for improving the host cache data security of the embodiment of the application in the storage hard disk, the transmission control single path of the device for improving the host cache data security is electrically connected with the on-chip cache module in the storage hard disk, and the encryption anddecryption module 130 is used as an interface for data interaction and is used for communicating with the host cache, so that when the storage hard disk adopts the HMB technology, and data in the on-chip cache module is cached in the host cache, the on-chip cache data is respectively generated into corresponding check codes through thecheck module 120, the encryption anddecryption module 130 encrypts the on-chip cache data to obtain corresponding ciphertexts, and then the ciphertexts obtained through encryption are cached in the host cache, so that the on-chip cache data can be stored in the host cache in the form of the ciphertexts, the conditions that the on-chip cache data is analyzed and cracked after being stored in the host cache are effectively prevented, and the risk of user data leakage is greatly reduced.
Moreover, according to the device for improving host cache data security provided by the embodiment of the application, when the data cached in the host cache is read out by the storage hard disk, the data stored in a ciphertext form is decrypted through the encryption anddecryption module 130, and then the plaintext data obtained after decryption is verified through theverification module 120, so that the read data is ensured to be the data originally cached in the host cache, the situation of reading wrong data is effectively prevented, and deviation or error of user data read by the SSD is avoided.
In a possible implementation manner, thetransmission control unit 110 may be directly implemented by using a circuit module with a data transmission switching function, which is conventional in the art, and is not specifically limited herein.
In addition, in the apparatus for improving host cache data security provided in the embodiment of the present application, when thechecking module 120 is configured to check data transmitted between the storage hard disk and the host cache, the checking may be performed based on a CRC16 algorithm, and may also be implemented by using a simple xor check code or a CRC32 algorithm.
For example, when the CRC16 algorithm is used to check data transmitted between a storage hard disk and a host cache, the CRC algorithm mainly includes two parts, one part is: when the on-chip cache data of the on-chip cache module in the storage hard disk is cached to the host cache (namely, data is written into the host cache), the on-chip cache data which is written into the host cache at present is operated through a CRC16 algorithm, a corresponding check code is generated, and the check code is stored.
The other part is as follows: when the data stored in the host cache is read to the on-chip cache of the storage hard disk (i.e., the data is read from the host cache), after the encryption anddecryption module 130 decrypts the read data, thecheck module 120 performs CRC16 operation on the decrypted plaintext data by executing a CRC16 algorithm to obtain a corresponding check code, and simultaneously compares the obtained check code with the check code generated when the data is written into the host cache. When the check code generated when the data is written into the host cache is consistent with the check code generated after the data is read out from the host cache, the data read at present is accurate, and the data can be normally used without being tampered. When the check codes obtained twice are inconsistent, the data read from the surface may be tampered, and a deviation occurs between the data and the specific content of the data when the data is written into the host cache, and at this time, an error processing flow may be entered, so as to avoid a situation that the SSD end uses wrong data to perform calculation.
In addition, in the apparatus for improving host cache data security according to the embodiment of the present application, the encryption anddecryption module 130 is a core part for improving data security, which may be implemented in the following manner.
That is, referring to fig. 2, in one possible implementation, the encryption and decryption module includes a key list submodule, an encryption and decryption configuration register, a key generator, and an encryption and decryption operation submodule. The key list submodule is configured to store an initial key pre-allocated to each cache page in the storage hard disk. And the configuration register is configured to be used for starting page information and characteristic word information when data is currently written or read. And the key generator is configured to operate according to the initial key selected by the key list submodule and the configured characteristic word information so as to generate a corresponding key. And the encryption and decryption operation sub-module is configured to encrypt or decrypt the currently written data or the read data according to the key generated by the key generator.
The initial keys configured for each cache page of the storage hard disk stored in the key list submodule are stored in a list mode. That is, each initial key is stored in a list form (i.e., a key list) in a one-to-one correspondence with its corresponding cache page. That is, the key list stores the device memory space that is used to store the initial pre-allocated keys corresponding to the HMB memory pages.
The transmission control unit sends the page number, the page length, the key starting address and the page feature word of the current transmission to the encryption and decryption configuration register to configure the key information involved in the current encryption and decryption.
After the equipment starts transmission, the key generator continuously acquires key information and combines the selected key and the characteristic word to carry out scrambling operation. The characteristic word can select the updating times of the HMB page as a code word, and the scrambling code design greatly improves the safety. Even for the same data, the generated ciphertext is different for different update times.
And finally generating a secret key and sending the secret key to an encryption and decryption arithmetic unit to finish the encryption and decryption actions. Here, it should be noted that, when the encryption/decryption operation submodule performs the encryption/decryption operation based on the finally generated key, the encryption/decryption operation submodule may be implemented by using a simple xor algorithm.
Correspondingly, based on any one of the above devices for improving the host cache data security, the present application also provides a host cache data writing method. It should be noted that the host cache data writing method provided by the present application is implemented mainly based on any one of the aforementioned devices for improving host cache data security.
That is to say, the host cache data writing method provided by the present application mainly refers to a process of caching on-chip cache data of a storage hard disk into a host cache by using an HMB technology. The storage hard disk is provided with any one of the above devices for improving host cache data security (as shown in fig. 3).
Referring to fig. 4, the host cache data writing method provided by the present application includes: step S100, thechecking module 120 checks the cache data currently to be written into the host cache, and generates end-to-end protection information. Then, in step S200, the encryption/decryption module 130 encrypts the cached data to generate a corresponding ciphertext. Finally, in step S300, thetransmission control unit 110 obtains the ciphertext generated by the encryption anddecryption module 130, and writes the ciphertext into the host buffer.
The encryption anddecryption module 130 encrypts the cached data to generate a corresponding ciphertext, and generates the corresponding initial encryption key according to the management page cached by the host and each management page.
That is to say, in the host cache data writing method according to the embodiment of the present application, when performing encryption processing on the cache data to be written into the host cache, the encryption/decryption module 130 performs encryption processing based on the management page to be written into the host cache by the cache data.
That is, the cache data is encrypted by obtaining the specific position of the cache data to be written into the host cache, and then according to the initial encryption key corresponding to the specific position of the cache data to be written into the host cache, so as to generate the corresponding ciphertext data.
Here, it should be noted that the specific location in the host cache where the cache data is currently written refers to the management page in the host cache where the main cache data is currently written. As will be understood by those skilled in the art, the management pages cached by the host are usually multiple pages, and different management pages are distinguished by different page numbers.
Referring to fig. 5, in a possible implementation manner, each management page cached by the host is correspondingly provided with a corresponding initial encryption key. Such as: managing pages in a host cache includes:HMB page 1, HMB page 2, HMB page 3, \ 8230 \ 8230;, HMB page N. Correspondingly, the initial encryption key of theHMB page 1 is key 1, the initial encryption key of the HMB page 2 is key 2, the initial encryption key of the HMB page 3 is key 3, \8230;, and the initial encryption key of the HMB page N is key N.
Therefore, when the encryption anddecryption module 130 encrypts the on-chip cache data that is currently to be written into the host cache, the on-chip cache data is directly encrypted according to the initial encryption key corresponding to the management page that is to be written into the host cache by the on-chip cache data.
The on-chip cache data is encrypted according to the initial encryption key corresponding to the management page to be written into the host cache, so that a host cache partition protection mechanism is realized, and the security and the concealment of the host cache data are further improved.
Furthermore, the management page cached by the host and the initial encryption key corresponding to each management page acquire the management page information cached by the host through a Central Processing Unit (CPU) in the storage hard disk, and acquire the corresponding initial encryption key according to the acquired management page information.
As shown in fig. 4, before starting writing data into the host cache, first, management page information of the host cache is acquired in step S001. Here, as will be understood by those skilled in the art, the retrieved host cached management page information refers to host cached HMB management page information. Specifically, the HMB management page information includes: and information such as an HMB page number and an HMB page characteristic word corresponding to the disk logical space.
In step S002, the corresponding initial key information is obtained according to the obtained management page information cached by the host. The initial key information comprises an initial key page number and an initial key address, and as each management page in the host cache is correspondingly provided with a corresponding key, each management page and the corresponding key can be stored in the database in advance, so that after the specific management page information is acquired, the matched initial encryption key can be searched in the database according to the specific management page information.
In one possible implementation manner, each management page of the host cache and the corresponding initial encryption key may be stored in a mapping table, or may be stored in another manner.
Then, the obtained initial encryption key information is set to thetransmission control unit 110 again in step S003. Here, as will be understood by those skilled in the art, the initial encryption key information is written into a hardware register of the transmission control unit.
Further, in step S004, the cache address information of the management page to be cached by the on-chip cache data to the host cache, and the transmission length are set. Then, in step S005, write transfer is started, so that thetransfer control unit 110 obtains corresponding on-chip cache data from the on-chip cache module of the storage hard disk according to the currently set transfer length, and transfers the on-chip cache data according to the set transfer length.
When thetransmission control unit 110 transmits the on-chip cache data according to the set transmission length, thetransmission control unit 110 first transmits the on-chip cache data to thecheck module 120, and thecheck module 120 performs corresponding processing on the on-chip cache data to generate end-to-end protection information (i.e., a check code). Then, the encryption/decryption module 130 encrypts the on-chip cache data according to the generated encryption key to obtain corresponding ciphertext data. Here, as can be understood by those skilled in the art, the encryption key used when the encryption/decryption module 130 encrypts the on-chip cache data is generated by performing a scrambling operation on the initial encryption key corresponding to the selected management page and combining with the corresponding feature word information.
Finally, the encryption anddecryption module 130 writes the obtained ciphertext data into the management page of the host cache according to the set cache address information. The encryption key used by the encryption/decryption module 130 to encrypt the on-chip cache data may be directly read by the CPU.
Furthermore, based on the above device for improving host cache data security, the present application also provides a host cache data reading method. The host cache data reading method of the embodiment of the application mainly comprises the process of reading the data stored in the host cache to the storage hard disk through any one of the devices for improving the host cache data safety.
It will be understood by those skilled in the art that the specific process of the host cache data reading method corresponds to the specific process of the host cache data writing method described above.
Referring to fig. 6, the method for reading host cache data according to the embodiment of the present application includes: in step S100', the encryption/decryption module 130 decrypts the data currently read from the host buffer to obtain a corresponding decrypted ciphertext. In step S200', theverification module 120 verifies the decrypted ciphertext, and transmits the decrypted ciphertext to thetransmission control unit 110 when the verification result is correct. Step S300' forwards the decrypted ciphertext to an on-chip cache module storing a hard disk by thetransmission control unit 110.
When the encryption/decryption module 130 decrypts the data currently read from the host cache, the decryption of the read cache data in the ciphertext format may be realized by performing the reverse operation according to the initial encryption key corresponding to the management page cached by the host.
Meanwhile, in a possible implementation manner, the initial encryption key corresponding to the management page cached by the host may also be obtained by the CPU of the storage hard disk.
That is, referring to fig. 6, before starting reading data, management page information cached by the host is first acquired by the CPU storing the hard disk, through step S001'. Here, it should be noted that the principle and implementation manner of the management page information of the obtained host cache are the same as or similar to the previous principle and implementation manner of obtaining the management page information when performing on-chip cache data writing to the host cache. The difference is that when the host caches the read data, the obtained management page information of the host caches is the management page where the data to be read is cached in the host caches.
After the management page information of the data to be read currently in the host cache is obtained, in step S002', a corresponding initial encryption key is obtained according to the obtained management page information. According to the foregoing, each management page in the host cache is correspondingly provided with a corresponding initial encryption key, and each management page and the corresponding initial encryption key can be pre-stored in the database, so that after specific management page information is acquired, a matched key is searched for from the database according to the specific management page information.
In a possible implementation manner, each management page of the host cache and the corresponding initial key may be stored in a mapping table, or may be stored in another manner, and the storage manner of each management page of the host cache and the corresponding key data is not particularly limited in this application.
After obtaining the initial key information corresponding to the management page of the cached data to be currently read in the host cache, the obtained initial key information is set to thetransmission control unit 110 in step S003', the cache address information and the transmission length when the cached data is read by the host cache are set in step S004', and then step S005' is performed to start the read transmission.
After the read transmission is started, step S100' may be executed, in which the encryption anddecryption module 130 reads corresponding cache data from the host cache according to the set cache address information, and decrypts the read cache data.
When the encryption/decryption module 130 decrypts the data currently read from the host cache, the decryption may be performed based on the initial encryption key corresponding to the management page of the data in the host cache.
Specifically, when the cache data is decrypted, thetransmission control unit 110 may directly read the encryption key corresponding to the management page where the cache data is located, and then perform an encryption reverse operation based on the read encryption key to decrypt the read cache data, so as to obtain the plaintext data of the cache data.
After the plaintext data is obtained, theverification module 120 verifies the decrypted plaintext data in step S200'. Here, it should be noted that when the cache data is written into the host cache, a corresponding check code is correspondingly generated, the generated check code is also stored in the on-chip cache module, and meanwhile, different identifiers are correspondingly marked on the check codes of different cache data, so as to implement the correspondence between the check code and the cache data.
Thus, when the decrypted ciphertext is verified byverification module 120, this is done by comparing the check code in the decrypted ciphertext with the check code that the data generated when written to the host cache.
Specifically, when thecheck module 120 checks the decrypted plaintext data, the corresponding check code may be read from the on-chip cache module according to the data identifier in the plaintext data, and then check the plaintext data based on the read check code.
When the verification is accurate (that is, when the check code regenerated for the plaintext data is identical to the check code read by the on-chip cache module), it indicates that the currently read cache data is accurate and is the data originally written into the host cache, so that thetransmission control unit 110 may directly write the plaintext data obtained by decryption into the on-chip cache module according to the set transmission length in step S300'.
When the check result is inaccurate (that is, when the check code generated again for the plaintext data is inconsistent with the check code read by the on-chip cache module), it indicates that the currently read cache data is inconsistent with the original data previously written into the host cache, and a deviation occurs, so that in this case, to avoid a situation that data operation is erroneous due to writing erroneous data into the on-chip cache module, the error processing flow is entered through step S400'.
Therefore, when data is written into the host cache, the host cache data writing method according to the embodiment of the present application encrypts the data to be written into the host cache through the encryption anddecryption module 130, so that the data written into the host cache can be stored in a form of a ciphertext, which effectively prevents the data from being analyzed and decrypted, and when the data is encrypted, the data is written into the management page of the host cache through the encryption key corresponding to the management page, so that an HMB partition protection mechanism through control firmware is implemented, and thus, the security and the concealment of the data in the host cache are further improved.
Meanwhile, when data is written into the host cache, the corresponding check code is generated through theset check module 120, so that when the data is read from the host cache, the read data is checked by thecheck module 120 according to the check code when the data is written, and the end-to-end protection of the data is increased. Therefore, even if the data is tampered after being written into the host cache, the management unit in the SSD can detect the condition that the data is modified in time, so that the condition that wrong data is adopted for operation is avoided, and the fault tolerance and the safety of the system are greatly improved.
It should be noted that, although the apparatus for improving the security of the host cache data and the host cache data writing and reading method as described above are described by taking fig. 1 to fig. 6 as examples, those skilled in the art will understand that the present application should not be limited thereto. In fact, the user can flexibly set the specific implementation manner of each module in the device according to personal preference and/or actual application scenarios, as long as the security of data caching can be ensured when the HMB technology is used for data caching.
Still further, according to another aspect of the present application, there is also provided anapparatus 200 for improving security of host cache data. Referring to fig. 7, theapparatus 200 for improving host cache data security according to the embodiment of the present application includes aprocessor 210 and amemory 220 for storing instructions executable by theprocessor 210. Wherein theprocessor 210 is configured to execute the executable instructions to implement any of the above-described methods for improving security of host cache data.
Here, it should be noted that the number of theprocessors 210 may be one or more. Meanwhile, in theapparatus 200 for improving security of host cache data according to the embodiment of the present application, aninput device 230 and anoutput device 240 may be further included. Theprocessor 210, thememory 220, theinput device 230, and theoutput device 240 may be connected via a bus, or may be connected via other methods, which is not limited in detail herein.
Thememory 220, which is a computer-readable storage medium, may be used to store software programs, computer-executable programs, and various modules, such as: the program or the module corresponding to the method for improving the security of the host cache data in the embodiment of the application. Theprocessor 210 executes various functional applications and data processing of theapparatus 200 for improving host cache data security by running software programs or modules stored in thememory 220.
Theinput device 230 may be used to receive an input number or signal. Wherein the signal may be a key signal generated in connection with user settings and function control of the device/terminal/server. Theoutput device 240 may include a display device such as a display screen.
Having described embodiments of the present application, the foregoing description is intended to be exemplary, not exhaustive, and not limited to the disclosed embodiments. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the described embodiments. The terminology used herein was chosen in order to best explain the principles of the embodiments, the practical application, or technical improvements to the technology in the marketplace, or to enable others of ordinary skill in the art to understand the embodiments disclosed herein.

Claims (5)

the other part is as follows: when the data stored in the host cache is read into the on-chip cache of the storage hard disk, after the read data is decrypted by the encryption and decryption module, the check module performs CRC16 operation on the decrypted plaintext data by executing a CRC16 algorithm to obtain a corresponding check code, and simultaneously, the obtained check code is compared with the check code generated when the data is written into the host cache; when the check code generated when the data is written into the host cache is consistent with the check code generated after the data is read out from the host cache, the currently read data is accurate and can be normally used without being tampered; when the check codes obtained twice are inconsistent, it is indicated that the read data may be tampered, and a deviation occurs between the read data and the specific content of the data when the data is written into the host cache.
CN202111388870.7A2021-11-222021-11-22Device for improving host cache data security and cache data reading and writing method and deviceActiveCN114117484B (en)

Priority Applications (1)

Application NumberPriority DateFiling DateTitle
CN202111388870.7ACN114117484B (en)2021-11-222021-11-22Device for improving host cache data security and cache data reading and writing method and device

Applications Claiming Priority (1)

Application NumberPriority DateFiling DateTitle
CN202111388870.7ACN114117484B (en)2021-11-222021-11-22Device for improving host cache data security and cache data reading and writing method and device

Publications (2)

Publication NumberPublication Date
CN114117484A CN114117484A (en)2022-03-01
CN114117484Btrue CN114117484B (en)2023-03-17

Family

ID=80439749

Family Applications (1)

Application NumberTitlePriority DateFiling Date
CN202111388870.7AActiveCN114117484B (en)2021-11-222021-11-22Device for improving host cache data security and cache data reading and writing method and device

Country Status (1)

CountryLink
CN (1)CN114117484B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication numberPriority datePublication dateAssigneeTitle
CN114969850A (en)*2022-06-132022-08-30长江存储科技有限责任公司Data transmission method and storage system
CN117311593A (en)*2022-06-252023-12-29华为技术有限公司Data processing method, device and system
CN120045493B (en)*2025-04-272025-07-18山东云海国创云计算装备产业创新中心有限公司 A host bus adapter, control method and related equipment

Citations (1)

* Cited by examiner, † Cited by third party
Publication numberPriority datePublication dateAssigneeTitle
CN112887085A (en)*2021-01-132021-06-01深圳安捷丽新技术有限公司Method, device and system for generating security key of SSD (solid State disk) main control chip

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication numberPriority datePublication dateAssigneeTitle
CN102930224A (en)*2012-10-192013-02-13华为技术有限公司Hard drive data write/read method and device
WO2017101122A1 (en)*2015-12-182017-06-22深圳市振华微电子有限公司Computer encryption lock having separating management and use
JP2020149222A (en)*2019-03-122020-09-17キオクシア株式会社 Memory system
JP2021043708A (en)*2019-09-112021-03-18キオクシア株式会社Memory system

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication numberPriority datePublication dateAssigneeTitle
CN112887085A (en)*2021-01-132021-06-01深圳安捷丽新技术有限公司Method, device and system for generating security key of SSD (solid State disk) main control chip

Also Published As

Publication numberPublication date
CN114117484A (en)2022-03-01

Similar Documents

PublicationPublication DateTitle
CN114117484B (en)Device for improving host cache data security and cache data reading and writing method and device
US12386651B2 (en)Technologies for memory replay prevention using compressive encryption
US20190278583A1 (en)Method for updating firmware, terminal and computer readable non-volatile storage medium
US8054972B2 (en)Encryption processor of memory card and method for writing and reading data using the same
CN111752743A (en)Combined secure MAC and device correction using encrypted parity with multiple key domains
US11263350B2 (en)Cryptographic apparatus and self-test method of cryptographic apparatus
CN113127896B (en)Data processing method and device based on independent encryption chip
US12321616B2 (en)Memory systems and devices including examples of accessing memory and generating access codes using an authenticated stream cipher
EP2317439B1 (en)Error Detection
US20230099564A1 (en)Interface for Revision-Limited Memory
EP4202685A1 (en)Algebraic and deterministic memory authentication and correction with coupled cacheline metadata
US11601283B2 (en)Message authentication code (MAC) based compression and decompression
CN113536331B (en)Data security for memory and computing systems
CN107861892B (en)Method and terminal for realizing data processing
CN115766889B (en)Data frame structure and data communication method
US20240179009A1 (en)Apparatus and method for performing authenticated encryption with associated data operation of encrypted instruction with corresponding golden tag stored in memory device in event of cache miss
US12430042B2 (en)Memory buffer devices with modal encryption
US12314190B2 (en)Micro-controller chip and access method thereof
WO2025074073A1 (en)Controlling access to memory blocks
CN117786699A (en)Chip initialization method, device, module, electronic equipment and storage medium
CN118296628A (en) Sensitive information writing method, reading method, device and reading and writing system
CN120123140A (en) QSPI controller, control method and device
JP2024011421A (en) Memory abnormality determination method and common key writing system
CN119475394A (en) A full disk encryption storage method and device transparent to upper layer
CN110659226A (en)Method for accessing data and related circuit

Legal Events

DateCodeTitleDescription
PB01Publication
PB01Publication
SE01Entry into force of request for substantive examination
SE01Entry into force of request for substantive examination
GR01Patent grant
GR01Patent grant
[8]ページ先頭
©2009-2025 Movatter.jp