CN118551419A - Data read/write method, data read/write device, and computer-readable storage medium - Google Patents

Data read/write method, data read/write device, and computer-readable storage medium Download PDF

Info

Publication number
CN118551419A
CN118551419A CN202410633720.5A CN202410633720A CN118551419A CN 118551419 A CN118551419 A CN 118551419A CN 202410633720 A CN202410633720 A CN 202410633720A CN 118551419 A CN118551419 A CN 118551419A
Authority
CN
China
Prior art keywords
data
written
address
user
initial address
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202410633720.5A
Other languages
Chinese (zh)
Inventor
邢清瑞
高伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Lianhe Storage Technology Jiangsu Co ltd
Original Assignee
Lianhe Storage Technology Jiangsu Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Lianhe Storage Technology Jiangsu Co ltd filed Critical Lianhe Storage Technology Jiangsu Co ltd
Priority to CN202410633720.5A priority Critical patent/CN118551419A/en
Publication of CN118551419A publication Critical patent/CN118551419A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1408Protection against unauthorised use of memory or access to memory by using cryptography
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

本发明公开一种数据读写方法、数据读写设备和计算机可读存储介质,该数据读写方法通过响应于用户对目标存储器的写入请求,获取待写入数据的初始地址。基于初始地址以及预设的加密算法,确定待写入数据的加密物理地址。将在初始地址写入的待写入数据,对应存储于与初始地址对应的加密物理地址中,得到目标存储数据。因此,通过在数据读写的过程中,根据待写入数据的初始地址以及预设的加密算法,确定待写入数据中每个数据块对应的加密物理地址,并基于该加密物理地址实现数据的存储,有效地提高了数据存储的安全性。

The present invention discloses a data reading and writing method, a data reading and writing device, and a computer-readable storage medium. The data reading and writing method obtains the initial address of the data to be written in response to a user's write request to a target memory. Based on the initial address and a preset encryption algorithm, the encrypted physical address of the data to be written is determined. The data to be written written at the initial address is stored in the encrypted physical address corresponding to the initial address to obtain the target storage data. Therefore, in the process of data reading and writing, the encrypted physical address corresponding to each data block in the data to be written is determined according to the initial address of the data to be written and the preset encryption algorithm, and the data is stored based on the encrypted physical address, thereby effectively improving the security of data storage.

Description

数据读写方法、数据读写设备和计算机可读存储介质Data reading and writing method, data reading and writing device, and computer readable storage medium

技术领域Technical Field

本发明涉及数据处理领域,特别涉及一种数据读写方法、数据读写设备和计算机可读存储介质。The present invention relates to the field of data processing, and in particular to a data reading and writing method, a data reading and writing device, and a computer-readable storage medium.

背景技术Background Art

随着芯片技术的不断发展,对芯片安全性的需求逐渐提高,因此,如何提高芯片的安全性成为一项重要的技术问题。在相关技术中,往往通过对芯片内的存储内容整体进行加密,然而,该加密方法无法有效提高芯片中数据存储的安全性,芯片安全仍为一项难以解决的技术问题。With the continuous development of chip technology, the demand for chip security has gradually increased. Therefore, how to improve chip security has become an important technical issue. In related technologies, the storage content in the chip is often encrypted as a whole. However, this encryption method cannot effectively improve the security of data storage in the chip. Chip security is still a difficult technical problem to solve.

发明内容Summary of the invention

本发明的主要目的是提出一种数据读写方法,旨在提高数据存储的安全性。The main purpose of the present invention is to provide a data reading and writing method, aiming to improve the security of data storage.

为实现上述目的,本发明提出一种数据读写方法,该数据读写方法包括:To achieve the above object, the present invention provides a data reading and writing method, which comprises:

响应于用户对目标存储器的写入请求,获取待写入数据的初始地址;In response to a user's write request to a target memory, obtaining an initial address of data to be written;

基于所述初始地址以及预设的加密算法,确定所述待写入数据的加密物理地址;Based on the initial address and a preset encryption algorithm, determining the encrypted physical address of the data to be written;

将在所述初始地址写入的所述待写入数据,对应存储于与所述初始地址对应的所述加密物理地址中,得到目标存储数据。The data to be written written at the initial address is stored in the encrypted physical address corresponding to the initial address to obtain target storage data.

优选地,在所述响应于用户对目标存储器的写入请求之后,且在基于所述初始地址以及预设的加密算法确定所述待写入数据的加密物理地址之前,所述数据读写方法还包括:Preferably, after responding to the user's write request to the target memory and before determining the encrypted physical address of the data to be written based on the initial address and a preset encryption algorithm, the data reading and writing method further includes:

输出对所述待写入数据的写入是否进行加密的加密提示信息;Outputting encryption prompt information indicating whether to encrypt the writing of the data to be written;

响应于用户对所述加密提示信息的确认操作,验证所述用户的密钥信息;In response to a confirmation operation of the user on the encryption prompt information, verifying the key information of the user;

所述获取待写入数据的初始地址,包括:The obtaining of the initial address of the data to be written comprises:

在所述密钥信息满足预设条件的情况下,获取所述待写入数据的初始地址。When the key information satisfies a preset condition, an initial address of the data to be written is obtained.

优选地所述基于所述初始地址以及预设的加密算法,确定所述待写入数据的加密物理地址,包括:Preferably, determining the encrypted physical address of the data to be written based on the initial address and a preset encryption algorithm includes:

基于预设的随机加密算法,对所述初始地址对应的所述待写入数据的存储顺序进行随机处理,得到所述待写入数据对应的第一地址排序;Based on a preset random encryption algorithm, the storage order of the data to be written corresponding to the initial address is randomly processed to obtain a first address order corresponding to the data to be written;

根据所述第一地址排序确定第一加密映射关系;Determine a first encrypted mapping relationship according to the first address sorting;

根据所述初始地址和所述第一加密映射关系确定所述待写入数据的加密物理地址。The encrypted physical address of the data to be written is determined according to the initial address and the first encrypted mapping relationship.

优选地,所述基于所述初始地址以及预设的加密算法,确定所述待写入数据的加密物理地址,包括:Preferably, determining the encrypted physical address of the data to be written based on the initial address and a preset encryption algorithm includes:

对所述初始地址对应的所述待写入数据的存储顺序的奇数位优先写入,得到所述待写入数据对应的第二地址排序;或The odd-numbered bits of the storage sequence of the data to be written corresponding to the initial address are written first to obtain a second address sequence corresponding to the data to be written; or

对所述初始地址对应的所述待写入数据的存储顺序的偶数位优先写入,得到所述待写入数据对应的第三地址排序;The even-numbered bits of the storage sequence of the data to be written corresponding to the initial address are written first, so as to obtain a third address sequence corresponding to the data to be written;

根据所述第二地址排序或所述第三地址排序确定对应的第二加密映射关系;Determine a corresponding second encrypted mapping relationship according to the second address sorting or the third address sorting;

根据所述初始地址和所述第二加密映射关系确定所述待写入数据的加密物理地址。The encrypted physical address of the data to be written is determined according to the initial address and the second encrypted mapping relationship.

优选地,在所述将在所述初始地址写入的所述待写入数据,对应存储于与所述初始地址对应的所述加密物理地址中,得到目标存储数据的步骤之后,所述数据读写方法还包括:Preferably, after the step of storing the data to be written at the initial address in the encrypted physical address corresponding to the initial address to obtain the target stored data, the data reading and writing method further comprises:

响应于用户对所述目标存储数据的读取请求,验证所述用户对所述目标存储数据的访问权限;In response to a user's request to read the target storage data, verifying the user's access rights to the target storage data;

在所述用户存在访问权限的情况下,根据所述加密算法确定目标存储数据对应的加密物理地址;In the case where the user has access rights, determining an encrypted physical address corresponding to the target storage data according to the encryption algorithm;

从所述加密物理地址中读取所述目标存储数据。The target storage data is read from the encrypted physical address.

优选地,在验证所述用户对所述目标存储数据的访问权限之后,所述数据读写方法还包括:Preferably, after verifying the user's access rights to the target storage data, the data reading and writing method further includes:

在所述用户不存在访问权限的情况下,将所述目标存储数据对应的加密物理地址转换为初始地址;In the case where the user does not have access rights, converting the encrypted physical address corresponding to the target storage data into an initial address;

从所述初始地址读取对应的存储数据。The corresponding storage data is read from the initial address.

优选地,所述验证所述用户对所述目标存储数据的访问权限,包括:Preferably, the verifying the user's access rights to the target storage data includes:

接收来自所述用户的密钥信息;receiving key information from the user;

根据所述密钥信息验证所述用户是否具有基于加密算法读取所述目标存储数据的访问权限。Verify, based on the key information, whether the user has access rights to read the target storage data based on an encryption algorithm.

作为一种实施方式,所述目标存储器为Nand-flash存储器。As an implementation manner, the target memory is a Nand-flash memory.

本发明进一步提出一种数据读写设备,该数据读写设备包括目标存储器、计算机可读存储介质和处理器。其中,该目标存储器用于读写数据,该目标存储器为Nand-flash存储器;改计算机可读存储介质,用于存储计算机程序;改处理器,用于在执行所述计算机程序时实现如上述的数据读写方法的步骤。The present invention further proposes a data reading and writing device, which includes a target memory, a computer-readable storage medium and a processor. The target memory is used to read and write data, and the target memory is a Nand-flash memory; the computer-readable storage medium is used to store a computer program; and the processor is used to implement the steps of the data reading and writing method as described above when executing the computer program.

本发明进一步提出一种计算机可读存储介质,所述计算机可读存储介质上存储有计算机程序,所述计算机程序被处理器执行时实现如上述的数据读写方法的步骤。The present invention further proposes a computer-readable storage medium, on which a computer program is stored. When the computer program is executed by a processor, the steps of the data reading and writing method as described above are implemented.

本申请实施例中,目标存储器可以通过响应于用户对目标存储器的写入请求,获取待写入数据的初始地址。基于初始地址以及预设的加密算法,确定待写入数据的加密物理地址。将在初始地址写入的待写入数据,对应存储于与初始地址对应的加密物理地址中,得到目标存储数据。In the embodiment of the present application, the target memory can obtain the initial address of the data to be written by responding to the user's write request to the target memory. Based on the initial address and a preset encryption algorithm, the encrypted physical address of the data to be written is determined. The data to be written written at the initial address is stored in the encrypted physical address corresponding to the initial address to obtain the target storage data.

相比于现有技术,在本申请实施例中,在响应用户需要在目标存储器中写入数据的写入请求时,可以先获取待写入数据的初始地址,在获取到待写入数据的初始地址后,根据该初始地址和预设的加密算法确定对待写入地址进行加密写入的加密物理地址。在确定加密物理地址后,可以将待写入数据对应存储至加密物理地址中,得到目标存储数据。Compared with the prior art, in the embodiment of the present application, in response to a user's write request to write data in the target memory, the initial address of the data to be written can be obtained first, and after obtaining the initial address of the data to be written, the encrypted physical address for encrypting the address to be written is determined according to the initial address and a preset encryption algorithm. After determining the encrypted physical address, the data to be written can be stored in the encrypted physical address to obtain the target storage data.

本发明技术方案的有益效果在于:通过在数据读写的过程中,根据待写入数据的初始地址以及预设的加密算法,确定待写入数据中每个数据块对应的加密物理地址,并基于该加密物理地址实现数据的存储,有效地提高了数据存储的安全性。The beneficial effect of the technical solution of the present invention is that: during the process of data reading and writing, the encrypted physical address corresponding to each data block in the data to be written is determined according to the initial address of the data to be written and a preset encryption algorithm, and data storage is realized based on the encrypted physical address, thereby effectively improving the security of data storage.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

为了更清楚地说明本申请实施例中的技术方案,下面将对实施例描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请的一些实施例,对于本领域技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings required for use in the description of the embodiments will be briefly introduced below. Obviously, the drawings described below are only some embodiments of the present application. For those skilled in the art, other drawings can be obtained based on these drawings without creative work.

图1为本发明数据读写方法的一个实施例的流程示意图;FIG1 is a schematic flow chart of an embodiment of a data reading and writing method of the present invention;

图2本发明数据读写方法的另一个实施例的流程示意图。FIG. 2 is a flow chart of another embodiment of the data reading and writing method of the present invention.

本发明目的的实现、功能特点及优点将结合实施例,参照附图做进一步说明。The realization of the purpose, functional features and advantages of the present invention will be further explained in conjunction with embodiments and with reference to the accompanying drawings.

具体实施方式DETAILED DESCRIPTION

下面将结合本发明实施例中的附图,对本发明实施例中的方案进行清楚完整的描述,显然,所描述的实施例仅是本发明中的一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The scheme in the embodiment of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiment of the present invention. Obviously, the described embodiment is only a part of the embodiments of the present invention, not all of the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by ordinary technicians in this field without creative work are within the scope of protection of the present invention.

需要说明,本发明实施例中所有方向性指示(诸如上、下、左、右、前、后……)仅用于解释在某一特定姿态(如附图所示)下各部件之间的相对位置关系、运动情况等,如果该特定姿态发生改变时,则该方向性指示也相应地随之改变。It should be noted that all directional indications in the embodiments of the present invention (such as up, down, left, right, front, back, etc.) are only used to explain the relative position relationship, movement status, etc. between the components under a certain specific posture (as shown in the accompanying drawings). If the specific posture changes, the directional indication will also change accordingly.

还需要说明的是,当元件被称为“固定于”或“设置于”另一个元件上时,它可以直接在另一个元件上或者可能同时存在居中元件。当一个元件被称为是“连接”另一个元件,它可以是直接连接另一个元件或者可能同时存在居中元件。It should also be noted that when an element is referred to as being "fixed on" or "disposed on" another element, it may be directly on the other element or there may be an intermediate element at the same time. When an element is referred to as being "connected to" another element, it may be directly connected to the other element or there may be an intermediate element at the same time.

另外,在本发明中涉及“第一”、“第二”等的描述仅用于描述目的,而不能理解为指示或暗示其相对重要性或者隐含指明所指示的技术特征的数量。由此,限定有“第一”、“第二”的特征可以明示或者隐含地包括至少一个该特征。另外,各个实施例之间的技术方案可以相互结合,但是必须是以本领域普通技术人员能够实现为基础,当技术方案的结合出现相互矛盾或无法实现时应当认为这种技术方案的结合不存在,也不在本发明要求的保护范围之内。In addition, the descriptions of "first", "second", etc. in the present invention are only used for descriptive purposes and cannot be understood as indicating or implying their relative importance or implicitly indicating the number of the indicated technical features. Therefore, the features defined as "first" and "second" may explicitly or implicitly include at least one of the features. In addition, the technical solutions between the various embodiments can be combined with each other, but they must be based on the ability of ordinary technicians in the field to implement them. When the combination of technical solutions is contradictory or cannot be implemented, it should be deemed that such a combination of technical solutions does not exist and is not within the scope of protection required by the present invention.

本发明提出一种数据读写方法,参照图1,图1是本申请实施例公开的一种数据读写方法的流程示意图。其中,该数据读写方法可以应用于目标存储器。如图1所示,该数据读写方法可以包括以下步骤。The present invention proposes a data reading and writing method, referring to FIG1, which is a flow chart of a data reading and writing method disclosed in an embodiment of the present application. The data reading and writing method can be applied to a target memory. As shown in FIG1, the data reading and writing method can include the following steps.

步骤101、响应于用户对目标存储器的写入请求,获取待写入数据的初始地址。Step 101: In response to a user's write request to a target memory, an initial address of data to be written is obtained.

其中,该目标存储器可以是Nand-flash存储器,在该Nand-flash存储器中,数据块Block是最小的擦除单位,一个Block中可以包括多个读写页Page,一个Page可以包括多个字节Byte。The target memory may be a Nand-flash memory, in which a data block Block is the smallest erasing unit, a Block may include multiple read-write pages Page, and a Page may include multiple bytes Byte.

具体地,该目标存储器还可以是装载主控的小容量SPI nand flash和emmc、ssd等大容量的nand flash。Specifically, the target memory may also be a small-capacity SPI nand flash for loading the master control and a large-capacity nand flash such as emmc, ssd, etc.

该写入请求可以是根据用户通过客户端执行的写入操作确定的数据写入请求,该写入请求可以用于启动将待写入数据写入该目标存储器。The write request may be a data write request determined according to a write operation performed by a user through a client, and the write request may be used to start writing the to-be-written data into the target storage.

该待写入数据可以包括多个数据块Block,该待写入数据中的多个数据块可以按照预设的顺序进行排列。该待写入数据写入存储器的过程可以是多个数据块向存储器的不同数据块位置进行数据的一一映射的过程。The data to be written may include multiple data blocks, and the multiple data blocks in the data to be written may be arranged in a preset order. The process of writing the data to be written into the memory may be a process of mapping the multiple data blocks to different data block positions in the memory one by one.

该初始地址可以是与该待写入数据的多个数据块按照一一映射的顺序确定的数据块预设的写入地址,该初始地址可以是待写入数据在进行数据加密前的数据排列顺序。该初始地址可以用于表征包括多个数据块与多个数据块原本的排列顺序所对应存储的数据地址。The initial address may be a preset write address of a data block determined in a one-to-one mapping order with respect to the multiple data blocks of the data to be written, and the initial address may be a data arrangement order of the data to be written before data encryption. The initial address may be used to represent the data address stored corresponding to the multiple data blocks and the original arrangement order of the multiple data blocks.

需要说明的是,在用户需要将数据写入目标存储器时,用户可以通过客户端向目标存储器发送写入请求,目标存储器在接收到用户发出的写入请求后,可以直接获取与待写入数据的顺序对应的初始地址。It should be noted that when the user needs to write data into the target storage, the user can send a write request to the target storage through the client. After receiving the write request from the user, the target storage can directly obtain the initial address corresponding to the order of the data to be written.

步骤102、基于初始地址以及预设的加密算法,确定待写入数据的加密物理地址。Step 102: Determine the encrypted physical address of the data to be written based on the initial address and a preset encryption algorithm.

其中,该加密算法可以用于对待写入数据的多个数据块的写入顺序进行加密,进而得到加密写入后的多个数据块对应的加密物理地址。该加密算法可以包括但不限于对待写入数据的多个数据块的写入顺序进行随机处理的随机算法、按照目标存储器的分区原理进行写入顺序调整的调整算法以及根据待写入数据的排列顺序的奇偶对写入顺序重排列的排列算法等。The encryption algorithm can be used to encrypt the writing order of multiple data blocks of data to be written, and then obtain the encrypted physical addresses corresponding to the multiple data blocks after encryption. The encryption algorithm can include but is not limited to a random algorithm for randomly processing the writing order of multiple data blocks of data to be written, an adjustment algorithm for adjusting the writing order according to the partition principle of the target memory, and an arrangement algorithm for rearranging the writing order according to the parity of the arrangement order of the data to be written.

该加密物理地址可以是该待写入数据的多个数据块按照加密后的映射关系实际写入该目标存储器的写入地址。该加密物理地址可以用于表征在对该待写入数据对应分区的写入顺序进行加密后确定的写入目标存储器的多个数据块对应的数据地址。The encrypted physical address can be the write address where the multiple data blocks of the data to be written are actually written into the target memory according to the encrypted mapping relationship. The encrypted physical address can be used to represent the data addresses corresponding to the multiple data blocks written into the target memory determined after the write order of the partition corresponding to the data to be written is encrypted.

在获取待写入数据的初始地址后,可以基于初始地址以及预设的加密算法,确定待写入数据的加密物理地址。具体地,可以根据待写入数据的多个数据块对应的初始地址确定多个数据块对应的写入顺序。该写入顺序可以是多个数据块按照预设的顺序写入目标存储器的预设写入顺序。在确定该初始地址对应的预设写入顺序后,可以基于预设的加密算法对该预设写入顺序进行加密,以确定对写入顺序进行加密后多个数据块对应的目标写入顺序。在确定多个数据块写入目标存储器对应的目标写入顺序后,可以确定待写入数据的多个数据块对应的初始地址。After obtaining the initial address of the data to be written, the encrypted physical address of the data to be written can be determined based on the initial address and a preset encryption algorithm. Specifically, the writing order corresponding to the multiple data blocks can be determined according to the initial addresses corresponding to the multiple data blocks of the data to be written. The writing order can be a preset writing order in which the multiple data blocks are written to the target memory in a preset order. After determining the preset writing order corresponding to the initial address, the preset writing order can be encrypted based on a preset encryption algorithm to determine the target writing order corresponding to the multiple data blocks after the writing order is encrypted. After determining the target writing order corresponding to the multiple data blocks being written to the target memory, the initial addresses corresponding to the multiple data blocks of the data to be written can be determined.

步骤103、将在初始地址写入的待写入数据,对应存储于与初始地址对应的加密物理地址中,得到目标存储数据。Step 103: The data to be written at the initial address is stored in the encrypted physical address corresponding to the initial address to obtain the target storage data.

其中,该目标存储数据可以是存储至该加密物理地址的目标数据块,该目标数据块可以是多个数据块中的任一数据块。该目标存储数据存储在对应的加密物理地址中可以便于后续的查询、使用。The target storage data may be a target data block stored at the encrypted physical address, and the target data block may be any data block among a plurality of data blocks. The target storage data is stored in the corresponding encrypted physical address to facilitate subsequent query and use.

在确定待写入数据的多个数据块对应的加密物理地址后,可以将该多个数据块写入对应的加密物理地址,并在数据写入后对每个加密物理地址对应的数据块进行存储,得到目标存储数据。After determining the encrypted physical addresses corresponding to the multiple data blocks to be written, the multiple data blocks can be written to the corresponding encrypted physical addresses, and after the data is written, the data block corresponding to each encrypted physical address is stored to obtain the target storage data.

在另一实施例中,可以在将初始地址写入的待写入数据,对应存储与初始地址对应的加密物理地址中,得到目标存储数据之后,响应于用户对目标存储数据的读取请求,验证用户对目标存储数据的访问权限。在用户存在访问权限的情况下,根据加密算法确定目标存储数据对应的加密物理地址。从加密物理地址中读取目标存储数据。In another embodiment, after the target storage data is obtained by writing the data to be written at the initial address and storing the encrypted physical address corresponding to the initial address, the user's access right to the target storage data is verified in response to the user's request to read the target storage data. If the user has access rights, the encrypted physical address corresponding to the target storage data is determined according to the encryption algorithm. The target storage data is read from the encrypted physical address.

在另一实施方式中,在用户不存在访问权限的情况下,将目标存储数据对应的加密地址转换为初始地址,从该初始地址读取对应的存储数据。In another embodiment, when the user does not have access rights, the encrypted address corresponding to the target storage data is converted into an initial address, and the corresponding storage data is read from the initial address.

需要说明的是,在将多个数据块写入对应的加密物理地址并存储后,用户可以通过客户端向目标存储器发送对目标存储数据的读取请求。该目标存储器可以接收到用户发送的读取请求,并响应于该读取请求,验证用户对目标存储数据的访问权限。在用户存在访问权限的情况下,可以根据对应的加密算法确定该目标存储数据对应的加密物理地址,饼子啊确定该目标存储数据对应的加密物理地址后,从该加密物理地址中读取该目标存储数据。在用户对该目标存储数据存在访问权限的情况下,可以从目标存储器的加密物理地址中读取正确定目标存储数据。It should be noted that after multiple data blocks are written to the corresponding encrypted physical addresses and stored, the user can send a read request for the target storage data to the target storage through the client. The target storage can receive the read request sent by the user, and respond to the read request to verify the user's access rights to the target storage data. If the user has access rights, the encrypted physical address corresponding to the target storage data can be determined according to the corresponding encryption algorithm. After determining the encrypted physical address corresponding to the target storage data, the target storage data can be read from the encrypted physical address. If the user has access rights to the target storage data, the target storage data can be read from the encrypted physical address of the target storage.

在用户不存在访问权限的情况下,可以确定目标存储数据对应的初始地址,并读取该初始地址中的存储数据。该初始地址中的存储数据并非目标存储数据,即,在用户对目标存储数据进行读取时,若用户对目标存储数据不存在访问权限,则直接将目标存储数据对应的加密物理地址作为初始地址,读取初始地址中的存储数据。In the case where the user does not have access rights, the initial address corresponding to the target storage data can be determined, and the storage data at the initial address can be read. The storage data at the initial address is not the target storage data, that is, when the user reads the target storage data, if the user does not have access rights to the target storage data, the encrypted physical address corresponding to the target storage data is directly used as the initial address to read the storage data at the initial address.

在图1所描述的方法实施例中,可以通过响应于用户对目标存储器的写入请求,获取待写入数据的初始地址。基于初始地址以及预设的加密算法,确定待写入数据的加密物理地址。将在初始地址写入的待写入数据,对应存储于与初始地址对应的加密物理地址中,得到目标存储数据。因此,通过在数据读写的过程中,根据待写入数据的初始地址以及预设的加密算法,确定待写入数据中每个数据块对应的加密物理地址,并基于该加密物理地址实现数据的存储,有效地提高了数据存储的安全性。In the method embodiment described in FIG. 1 , the initial address of the data to be written can be obtained by responding to a user's write request to the target memory. Based on the initial address and a preset encryption algorithm, the encrypted physical address of the data to be written is determined. The data to be written at the initial address is stored in the encrypted physical address corresponding to the initial address to obtain the target storage data. Therefore, during the process of reading and writing data, the encrypted physical address corresponding to each data block in the data to be written is determined according to the initial address of the data to be written and the preset encryption algorithm, and the data is stored based on the encrypted physical address, thereby effectively improving the security of data storage.

参照图2,图2是本申请实施例公开的另一种数据读写方法的流程示意图。其中,该数据读写方法可以应用于目标存储器,该目标存储器可以是Nand-flash存储器。如图1所示,该数据读写方法可以包括以下步骤。Referring to Figure 2, Figure 2 is a flow chart of another data reading and writing method disclosed in an embodiment of the present application. The data reading and writing method can be applied to a target memory, which can be a Nand-flash memory. As shown in Figure 1, the data reading and writing method can include the following steps.

步骤201、响应于用户对目标存储器的写入请求,输出对待写入数据的写入是否进行加密的加密提示信息。Step 201 : In response to a user's write request to a target storage device, output encryption prompt information indicating whether to encrypt the writing of the data to be written.

其中,该加密提示信息可以用于提示用户此次写入是否执行加密处理。The encryption prompt information can be used to prompt the user whether to perform encryption processing during this writing.

需要说明的是,若用户确认对此次写入执行加密处理,则可以实现对此次写入的加密处理,按照加密处理后的加密映射关系将待写入数据写入目标存储器。并在根据加密处理后的加密映射关系将待写入的数据写入目标存储器后,可以记录加密映射关系与加密物理地址之间的映射关系。若用户对此次加密提示信息的取消操作,则可以按照预设的写入顺序将待写入数据写入该目标存储器。且在用户取消此次加密操作后,可以按照加密逻辑写入,但不记录对应的映射关系。It should be noted that if the user confirms to perform encryption processing on this write, the encryption processing of this write can be implemented, and the data to be written can be written into the target memory according to the encrypted mapping relationship after the encryption processing. And after the data to be written is written into the target memory according to the encrypted mapping relationship after the encryption processing, the mapping relationship between the encrypted mapping relationship and the encrypted physical address can be recorded. If the user cancels the encryption prompt information this time, the data to be written can be written into the target memory according to the preset writing order. And after the user cancels the encryption operation, it can be written according to the encryption logic, but the corresponding mapping relationship is not recorded.

步骤202、响应于用户对加密提示信息的确认操作,验证用户的密钥信息。Step 202: In response to the user's confirmation operation on the encryption prompt information, verify the user's key information.

其中,该密钥信息可以是用户通过客户端输入的验证信息,该密钥信息可以包括用户指纹信息、用户密码信息等。The key information may be verification information input by the user through the client, and the key information may include user fingerprint information, user password information, etc.

目标存储器在接收到用户对加密提示信息的确认操作后,可以响应于用户对该加密提示信息的确认操作,验证用户的密钥信息,以确定该用户对该目标存储器是否存在进行写入加密的权限。After receiving the user's confirmation operation on the encryption prompt information, the target storage can respond to the user's confirmation operation on the encryption prompt information and verify the user's key information to determine whether the user has the permission to write encryption to the target storage.

步骤203、在密钥信息满足预设条件的情况下,获取待写入数据的初始地址。Step 203: When the key information meets the preset conditions, the initial address of the data to be written is obtained.

在密钥信息满足预设条件的情况下,即,确定该用户对该目标存储器存在进行写入加密的权限的情况下,可以执行将待写入数据的多个数据块的写入顺序由与目标存储器的分区位置一一映射转换为与目标存储器的分区位置加密映射。因此,在用户的密钥信息满足预设条件的情况下,可以获取待写入数据的多个数据块对应的初始地址。When the key information satisfies the preset conditions, that is, when it is determined that the user has the permission to write encryption to the target storage, the writing order of the multiple data blocks of the data to be written can be converted from a one-to-one mapping with the partition position of the target storage to an encrypted mapping with the partition position of the target storage. Therefore, when the user's key information satisfies the preset conditions, the initial addresses corresponding to the multiple data blocks of the data to be written can be obtained.

在另一些实施例中,在密钥信息不满足预设条件的情况下,即,确定该用户对该目标存储器不存在进行写入加密的权限的情况下,可以通过客户端提示用户无法进行加密写入,并基于原有的初始地址写入该待写入数据的多个数据块,并将写入的多个数据块存储至对应的初始地址。In other embodiments, when the key information does not meet the preset conditions, that is, when it is determined that the user does not have the permission to write encrypted data to the target storage, the client can prompt the user that encrypted writing cannot be performed, and write multiple data blocks of the data to be written based on the original initial address, and store the written multiple data blocks to the corresponding initial address.

步骤204、基于预设的随机加密算法,对初始地址的顺序进行随机处理,得到待写入数据对应的第一地址排序。Step 204: Based on a preset random encryption algorithm, the sequence of the initial addresses is randomly processed to obtain a first address sequence corresponding to the data to be written.

其中,该第一地址排序可以是写入待写入数据的多个数据块的数据进行随机处理的写入顺序。The first address sequence may be a write order in which data of a plurality of data blocks to be written are randomly processed.

在确定此次写入执行加密操作的情况下,可以基于预设的随机加密算法,对初始地址的顺序进行随机处理,以打乱初始地址的写入顺序,得到待写入数据对应的第一地址排序。When it is determined that the encryption operation is performed during this writing, the order of the initial addresses can be randomly processed based on a preset random encryption algorithm to disrupt the writing order of the initial addresses and obtain a first address sequence corresponding to the data to be written.

步骤205、根据第一地址排序确定第一加密映射关系。Step 205: Determine a first encrypted mapping relationship according to the first address sorting.

其中,该第一加密映射关系可以是基于随机加密算法确定的写入顺序(已打乱的写入顺序)与实际写入的数据块的顺序之间的对应关系。The first encryption mapping relationship may be a correspondence between a writing order (a disrupted writing order) determined based on a random encryption algorithm and an order of data blocks actually written.

在确定第一地址排序后,可以根据第一地址排序确定第一加密映射关系。具体地,可以根据第一地址排序与该待写入数据的多个数据块写入对应的初始地址的顺序确定对应的第一加密映射关系。After determining the first address sequence, the first encryption mapping relationship can be determined according to the first address sequence. Specifically, the first encryption mapping relationship can be determined according to the first address sequence and the order in which the multiple data blocks to be written are written into the corresponding initial addresses.

步骤206、根据初始地址和第一加密映射关系确定待写入数据的加密物理地址。Step 206: Determine the encrypted physical address of the data to be written according to the initial address and the first encrypted mapping relationship.

在确定第一加密映射关系后,可以根据第一加密映射关系和待写入数据中多个数据块对应的初始地址确定待写入数据中的每个数据块对应的加密物理地址。After the first encryption mapping relationship is determined, the encrypted physical address corresponding to each data block in the data to be written may be determined according to the first encryption mapping relationship and initial addresses corresponding to multiple data blocks in the data to be written.

示例性地,在对待写入数据的写入顺序进行加密之前,待写入数据的多个数据块与其对应的初始地址可以如表(1)所示:Exemplarily, before encrypting the writing order of the data to be written, the multiple data blocks of the data to be written and their corresponding initial addresses may be as shown in Table (1):

写入的数据块The data block written block位置Block location 11 11 22 22 33 33 44 44 55 55 66 66 77 77 88 88 99 99 1010 1010 10241024 10241024

表(1)Table (1)

示例性地,在确定待写入数据的多个数据块对应的初始地址后,可以对待写入的数据块写入其对应的数据块位置的顺序进行随机加密,得到随机加密处理后对应的加密物理地址,该物理加密地址可以如表(2)所示:Exemplarily, after determining the initial addresses corresponding to the multiple data blocks to be written, the order in which the data blocks to be written are written into their corresponding data block positions can be randomly encrypted to obtain the corresponding encrypted physical addresses after random encryption. The physical encrypted addresses can be shown in Table (2):

写入的数据块The data block written 加入映射表Add mapping table block位置Block location 11 1-X11-X1 11 22 2-X22-X2 22 33 3-X33-X3 33 44 4-X44-X4 44 55 5-X55-X5 55 66 6-X66-X6 66 77 7-X77-X7 77 88 8-X88-X8 88 99 9-X99-X9 99 1010 10-X1010-X10 1010 10241024 10241024

表(2)Table (2)

示例性地,对待写入的数据块写入其对应的数据块位置的顺序进行加密的方式可以是基于随机加密的算法,随机加密前后待写入地址对应的顺序可以如表(3)所示:For example, the method of encrypting the order in which the data blocks to be written are written into their corresponding data block positions may be based on a random encryption algorithm. The order of the addresses to be written before and after the random encryption may be as shown in Table (3):

表(3)Table (3)

步骤207、对初始地址对应的待写入数据的存储顺序的奇数位优先写入,得到待写入数据对应的第二地址排序。Step 207 : The odd-numbered bits of the storage sequence of the data to be written corresponding to the initial address are written first, so as to obtain a second address sequence corresponding to the data to be written.

其中,第二地址排序可以是写入待写入数据的多个数据块的顺序按照奇数位优先写入的调整顺序,对写入数据块的不同分区的顺序进行调整后的写入顺序。The second address sorting may be a writing order in which the order of writing multiple data blocks of data to be written is adjusted according to the odd-bit-first writing adjustment order, and the order of writing different partitions of the data blocks is adjusted.

示例性地,在目标存储器分为1-11个分区的情况下,可以优先将奇数位的存储区域进行排列放置,再将偶数位的存储区域进行排列放置,得到以该排列顺序确定的第二地址排序。Exemplarily, when the target memory is divided into 1-11 partitions, the odd-numbered storage areas may be arranged and placed first, and then the even-numbered storage areas may be arranged and placed, to obtain a second address sorting determined by the arrangement order.

具体地,可以参照表(4),表(4)为根据目标存储器的存储区域的序号的奇偶位中将奇数位的存储区域进行排列放置确定的排序地址示意图:Specifically, reference may be made to Table (4), which is a schematic diagram of a sorting address determined by arranging and placing the storage areas of odd bits according to the parity bits of the sequence numbers of the storage areas of the target memory:

表(4)Table (4)

步骤208、对初始地址对应的待写入数据的存储顺序的偶数位优先写入,得到待写入数据对应的第三地址排序。Step 208 , the even-numbered bits of the storage sequence of the data to be written corresponding to the initial address are written first, so as to obtain a third address sequence corresponding to the data to be written.

其中,第三地址排序可以是写入待写入数据的多个数据块的顺序按照偶数位优先写入的调整顺序,对写入数据块的不同分区的顺序进行调整后的写入顺序。The third address sorting may be a writing order in which the order of writing multiple data blocks of data to be written is adjusted according to the adjustment order of writing even bits first, and the order of writing different partitions of the data blocks is adjusted.

需要说明的是,步骤208与步骤207为并行的技术方案。分别是以奇偶为优先写入的顺序调整后的地址排序。It should be noted that step 208 and step 207 are parallel technical solutions, and are respectively address sorting adjusted in the order of odd and even priority writing.

具体地,根据目标存储器的分区再根据分区序号按照不同规律对每个需要的存储区域进行序号打乱,可以在目标存储器分为1-11个分区的情况下,还可以优先将偶数位的存储区域进行排列放置,再将奇数位的存储区域进行排列放置,从而得到一个新的地址排序,即第二地址排序。Specifically, according to the partitions of the target memory and then the partition serial numbers, the serial numbers of each required storage area are shuffled according to different rules. When the target memory is divided into 1-11 partitions, the storage areas with even bits can be arranged and placed preferentially, and then the storage areas with odd bits can be arranged and placed, thereby obtaining a new address sort, i.e., the second address sort.

参照表(5),表(5)根据目标存储器的存储区域的序号的奇偶位中将偶数位的存储区域进行排列放置确定的排序地址示意图。Referring to Table (5), Table (5) is a schematic diagram of a sorting address determined by arranging and placing the storage areas with even bits according to the parity bits of the serial numbers of the storage areas of the target memory.

表(5)Table (5)

在另一些实施方式中,在确定此次写入执行加密操作的情况下,还可以按照目标存储器的分区原理,将不同的分区调换为不同的数据块对应的写入块,从而调整待写入数据的多个数据块对应的第二地址排序。In other implementations, when it is determined that the write operation is to be encrypted, different partitions may be exchanged for write blocks corresponding to different data blocks according to the partition principle of the target memory, thereby adjusting the second address order corresponding to the multiple data blocks to be written.

示例性地,可以根据目标存储器的分区再划分为不同的区域,例如,在目标存储器分为1-10个分区的情况下,可以将分区序号为1-5的存储区域与6-10的存储区域进行顺序的交叉排列放置,从而得到一个新的地址排序,即,第二地址排序。Exemplarily, the target memory can be further divided into different areas according to the partitions. For example, when the target memory is divided into 1-10 partitions, the storage areas with partition numbers 1-5 and the storage areas 6-10 can be arranged crosswise in sequence to obtain a new address sort, i.e., the second address sort.

参照表(6),表(6)为对目标存储器的存储区域进行再次划分从而确定新的排序地址的示意图。Referring to Table (6), Table (6) is a schematic diagram of re-dividing the storage area of the target memory to determine a new sorting address.

表(6)Table (6)

步骤209、根据第二地址排序或第三地址排序确定对应的第二加密映射关系。Step 209: Determine a corresponding second encryption mapping relationship according to the second address sorting or the third address sorting.

其中,该第二加密映射关系可以是基于上述调整方法对待写入数据的写入地址进行调整后确定的第二地址排序与目标存储器中的多个存储区域之间的对应关系。The second encrypted mapping relationship may be a correspondence between a second address sequence determined after adjusting the write address of the data to be written based on the above adjustment method and a plurality of storage areas in the target memory.

在确定第二地址排序后,可以根据第二地址排序确定第二加密映射关系。具体地,可以根据第二地址排序与该待写入数据的多个数据块写入对应的初始地址的顺序确定对应的第二加密映射关系。After determining the second address sequence, the second encrypted mapping relationship can be determined according to the second address sequence. Specifically, the corresponding second encrypted mapping relationship can be determined according to the second address sequence and the order in which the multiple data blocks to be written are written into the corresponding initial addresses.

步骤210、根据初始地址和第二加密映射关系确定待写入数据的加密物理地址。Step 210: Determine the encrypted physical address of the data to be written according to the initial address and the second encrypted mapping relationship.

在确定第二加密映射关系后,可以根据第二加密映射关系和待写入数据中多个数据块对应的初始地址确定待写入数据中的每个数据块对应的加密物理地址。After the second encrypted mapping relationship is determined, the encrypted physical address corresponding to each data block in the data to be written may be determined according to the second encrypted mapping relationship and initial addresses corresponding to multiple data blocks in the data to be written.

其中,步骤204至步骤206与步骤207至步骤209为并列方案,两个并列方案可以执行其中一种,以实现加密写入的数据读写方法。Among them, steps 204 to 206 and steps 207 to 209 are parallel schemes, and one of the two parallel schemes can be executed to implement the encrypted data reading and writing method.

步骤211、响应于用户对目标存储数据的读取请求,验证用户对目标存储数据的访问权限。Step 211: In response to a user's request to read target storage data, verify the user's access rights to the target storage data.

其中,该读取请求可以使用户通过客户端向目标存储器发出的对目标存储数据进行读取的请求,该访问权限可以是用户是否对目标存储数据具备读取的权限。The read request may be a request for a user to send a read request to a target storage device through a client to read target storage data, and the access permission may be whether the user has the permission to read the target storage data.

在一些具体的实施方式中,验证用户对目标存储数据的访问权限可以通过接收来自用户的密钥信息。在接收到来自用户的密钥信息后,可以根据密钥信息验证用户对目标存储数据的访问权限。In some specific implementations, verifying the user's access rights to the target storage data may be done by receiving key information from the user. After receiving the key information from the user, the user's access rights to the target storage data may be verified based on the key information.

需要说明的是,若来自该用户的密钥信息与写入该目标存储数据时对应的密钥信息一致时,可以确定该用户对目标存储数据存在访问权限;若来自该用户的密钥信息与写入该目标存储数据时对应的密钥信息不一致时,可以确定该用户对目标存储数据不存在访问权限。It should be noted that if the key information from the user is consistent with the key information corresponding to when the target storage data is written, it can be determined that the user has access rights to the target storage data; if the key information from the user is inconsistent with the key information corresponding to when the target storage data is written, it can be determined that the user does not have access rights to the target storage data.

步骤212、在用户存在访问权限的情况下,根据加密算法确定目标存储数据对应的加密物理地址。Step 212: If the user has access rights, determine the encrypted physical address corresponding to the target storage data according to the encryption algorithm.

在用户存在对目标存储数据的访问权限的情况下,可以根据加密算法确定目标存储数据对应的加密物理地址。In the case where the user has access rights to the target storage data, the encrypted physical address corresponding to the target storage data can be determined according to the encryption algorithm.

步骤213、从加密物理地址中读取目标存储数据。Step 213: Read the target storage data from the encrypted physical address.

在确定目标存储数据对应的加密物理地址后,可以从加密物理地址中读取目标存储数据。After the encrypted physical address corresponding to the target storage data is determined, the target storage data can be read from the encrypted physical address.

需要说明的是,在确定用户对目标数据存在访问权限的情况下,说明可以根据目标存储数据对应的加密物理地址读取存储的数据,得到目标存储数据。It should be noted that, when it is determined that the user has access rights to the target data, it means that the stored data can be read according to the encrypted physical address corresponding to the target stored data to obtain the target stored data.

步骤214、在用户不存在访问权限的情况下,将目标存储数据对应的加密物理地址转换为初始地址。Step 214: When the user does not have access rights, the encrypted physical address corresponding to the target storage data is converted into an initial address.

在用户不存在对目标存储数据的访问权限的情况下,可以直接根据目标存储数据的加密物理地址确定对应的初始地址。具体地,可以根据已确定的第一加密映射关系或第二加密映射关系确定目标存储数据的加密物理地址对应的初始地址。When the user does not have access rights to the target storage data, the corresponding initial address can be directly determined according to the encrypted physical address of the target storage data. Specifically, the initial address corresponding to the encrypted physical address of the target storage data can be determined according to the determined first encryption mapping relationship or the second encryption mapping relationship.

步骤215、从初始地址读取对应的存储数据。Step 215: Read the corresponding storage data from the initial address.

在确定加密物理地址对应的初始地址后,可以从该初始地址读取对应的存储数据。After the initial address corresponding to the encrypted physical address is determined, the corresponding storage data can be read from the initial address.

需要说明的是,从该初始地址无法读取正确的目标存储数据。再改用户不存在对目标存储数据的访问权限的情况下,无法读取正确的目标存储数据。可以在读取初始地址对应的存储数据之后,向用户发送访问权限提示信息。该访问权限提示信息可以用于提示用户不存在目标存储数据的访问权限。It should be noted that the correct target storage data cannot be read from the initial address. If the user does not have access rights to the target storage data, the correct target storage data cannot be read. After reading the storage data corresponding to the initial address, an access rights prompt message may be sent to the user. The access rights prompt message may be used to prompt the user that the user does not have access rights to the target storage data.

在图2所描述的方法实施例中,可以通过响应于用户对目标存储器的写入请求,获取待写入数据的初始地址。基于初始地址以及预设的加密算法,确定待写入数据的加密物理地址。将在初始地址写入的待写入数据,对应存储于与初始地址对应的加密物理地址中,得到目标存储数据。因此,通过在数据读写的过程中,根据待写入数据的初始地址以及预设的加密算法,确定待写入数据中每个数据块对应的加密物理地址,并基于该加密物理地址实现数据的存储,有效地提高了数据存储的安全性。In the method embodiment described in FIG. 2 , the initial address of the data to be written can be obtained by responding to a user's write request to the target memory. Based on the initial address and a preset encryption algorithm, the encrypted physical address of the data to be written is determined. The data to be written at the initial address is stored in the encrypted physical address corresponding to the initial address to obtain the target storage data. Therefore, during the process of reading and writing data, the encrypted physical address corresponding to each data block in the data to be written is determined according to the initial address of the data to be written and the preset encryption algorithm, and the data is stored based on the encrypted physical address, thereby effectively improving the security of data storage.

应理解,上述不同实施例中的相同或相应的信息可以相互参考。It should be understood that the same or corresponding information in the above different embodiments can be referenced to each other.

应该理解的是,虽然图1、2的流程图中的各个步骤按照箭头的指示依次显示,但是这些步骤并不是必然按照箭头指示的顺序依次执行。除非本文中有明确的说明,这些步骤的执行并没有严格的顺序限制,这些步骤可以以其它的顺序执行。而且,图1、2中的至少一部分步骤可以包括多个子步骤或者多个阶段,这些子步骤或者阶段并不必然是在同一时刻执行完成,而是可以在不同的时刻执行,这些子步骤或者阶段的执行顺序也不必然是依次进行,而是可以与其它步骤或者其它步骤的子步骤或者阶段的至少一部分轮流或者交替地执行。It should be understood that, although the various steps in the flowcharts of Figures 1 and 2 are displayed in sequence according to the indication of the arrows, these steps are not necessarily executed in sequence in the order indicated by the arrows. Unless there is a clear description in this article, there is no strict order restriction on the execution of these steps, and these steps can be executed in other orders. Moreover, at least a part of the steps in Figures 1 and 2 may include multiple sub-steps or multiple stages, and these sub-steps or stages are not necessarily executed at the same time, but can be executed at different times, and the execution order of these sub-steps or stages is not necessarily to be carried out in sequence, but can be executed in turn or alternately with other steps or at least a part of the sub-steps or stages of other steps.

以上所述的仅为本发明的部分或优选实施例,无论是文字还是附图都不能因此限制本发明保护的范围,凡是在与本发明一个整体的构思下,利用本发明说明书及附图内容所作的等效结构变换,或直接/间接运用在其他相关的技术领域均包括在本发明保护的范围内。The above description is only a partial or preferred embodiment of the present invention. Neither the text nor the drawings can limit the scope of protection of the present invention. All equivalent structural changes made by using the contents of the present invention specification and drawings under the overall concept of the present invention, or direct/indirect application in other related technical fields are included in the scope of protection of the present invention.

Claims (10)

1. The data reading and writing method is characterized by comprising the following steps of:
responding to a writing request of a user to a target memory, and acquiring an initial address of data to be written;
Determining an encrypted physical address of the data to be written based on the initial address and a preset encryption algorithm;
and correspondingly storing the data to be written in the initial address in the encrypted physical address corresponding to the initial address to obtain target storage data.
2. The data read-write method according to claim 1, characterized in that after said responding to a user's write request to a target memory and before determining the encrypted physical address of the data to be written based on the initial address and a preset encryption algorithm, the data read-write method further comprises:
outputting encryption prompt information of whether the writing of the data to be written is encrypted or not;
responding to the confirmation operation of the user on the encryption prompt information, and verifying the key information of the user;
The obtaining the initial address of the data to be written includes:
And under the condition that the key information meets the preset condition, acquiring the initial address of the data to be written.
3. The method according to claim 1, wherein the determining the encrypted physical address of the data to be written based on the initial address and a preset encryption algorithm includes: based on a preset random encryption algorithm, carrying out random processing on the storage sequence of the data to be written corresponding to the initial address to obtain a first address ordering corresponding to the data to be written;
Determining a first encryption mapping relation according to the first address ordering;
and determining the encrypted physical address of the data to be written according to the initial address and the first encryption mapping relation.
4. The method according to claim 1, wherein the determining the encrypted physical address of the data to be written based on the initial address and a preset encryption algorithm includes:
Preferentially writing odd bits of the storage sequence of the data to be written corresponding to the initial address to obtain a second address ordering corresponding to the data to be written; or (b)
Preferentially writing even bits of the storage sequence of the data to be written corresponding to the initial address to obtain a third address ordering corresponding to the data to be written;
Determining a corresponding second encryption mapping relation according to the second address ordering or the third address ordering;
And determining the encrypted physical address of the data to be written according to the initial address and the second encryption mapping relation.
5. The data reading and writing method according to any one of claims 1 to 4, wherein after the step of obtaining target storage data, the data to be written at the initial address is correspondingly stored in the encrypted physical address corresponding to the initial address, the data reading and writing method further comprises:
Responding to a read request of a user for the target storage data, and verifying the access authority of the user for the target storage data;
Under the condition that the user has access rights, determining an encrypted physical address corresponding to target storage data according to the encryption algorithm;
and reading the target storage data from the encrypted physical address.
6. The data read-write method according to claim 5, characterized in that after verifying the user's access right to the target storage data, the data read-write method further comprises:
under the condition that the user does not have access rights, converting an encrypted physical address corresponding to the target storage data into an initial address;
And reading corresponding storage data from the initial address.
7. The data read-write method according to claim 5, wherein said verifying the access right of the user to the target storage data includes:
Receiving key information from the user;
And verifying whether the user has access rights for reading the target storage data based on an encryption algorithm according to the key information.
8. The method according to any one of claims 1 to 4, wherein the target memory is a Nand-flash memory.
9. A data reading and writing apparatus, characterized in that the data reading and writing apparatus comprises:
the target memory is used for reading and writing data and is a Nand-flash memory;
a computer readable storage medium storing a computer program;
processor for implementing the steps of the data read-write method according to any one of claims 1-8 when executing said computer program.
10. A computer readable storage medium, characterized in that the computer readable storage medium has stored thereon a computer program which, when executed by a processor, implements the steps of the data read-write method according to any of claims 1-8.
CN202410633720.5A 2024-05-21 2024-05-21 Data read/write method, data read/write device, and computer-readable storage medium Pending CN118551419A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410633720.5A CN118551419A (en) 2024-05-21 2024-05-21 Data read/write method, data read/write device, and computer-readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410633720.5A CN118551419A (en) 2024-05-21 2024-05-21 Data read/write method, data read/write device, and computer-readable storage medium

Publications (1)

Publication Number Publication Date
CN118551419A true CN118551419A (en) 2024-08-27

Family

ID=92455187

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410633720.5A Pending CN118551419A (en) 2024-05-21 2024-05-21 Data read/write method, data read/write device, and computer-readable storage medium

Country Status (1)

Country Link
CN (1) CN118551419A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103154963A (en) * 2010-10-05 2013-06-12 惠普发展公司,有限责任合伙企业 Scrambling an address and encrypting write data for storing in a storage device
CN109947671A (en) * 2019-03-05 2019-06-28 龙芯中科技术有限公司 A kind of address conversion method, device, electronic equipment and storage medium
CN113504876A (en) * 2021-07-09 2021-10-15 杭州华澜微电子股份有限公司 Data writing method and device, data reading method and device, and electronic device
CN114244508A (en) * 2021-12-15 2022-03-25 平安科技(深圳)有限公司 Data encryption method, device, equipment and storage medium
CN117763636A (en) * 2023-12-08 2024-03-26 支付宝(杭州)信息技术有限公司 Data writing method, recovery method, reading method and corresponding device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103154963A (en) * 2010-10-05 2013-06-12 惠普发展公司,有限责任合伙企业 Scrambling an address and encrypting write data for storing in a storage device
CN109947671A (en) * 2019-03-05 2019-06-28 龙芯中科技术有限公司 A kind of address conversion method, device, electronic equipment and storage medium
CN113504876A (en) * 2021-07-09 2021-10-15 杭州华澜微电子股份有限公司 Data writing method and device, data reading method and device, and electronic device
CN114244508A (en) * 2021-12-15 2022-03-25 平安科技(深圳)有限公司 Data encryption method, device, equipment and storage medium
CN117763636A (en) * 2023-12-08 2024-03-26 支付宝(杭州)信息技术有限公司 Data writing method, recovery method, reading method and corresponding device

Similar Documents

Publication Publication Date Title
US11368313B2 (en) Data storage devices and methods for encrypting a firmware file thereof
CN111475871B (en) memory system
US10409717B2 (en) Data storage device and method for operating data storage device
CN103777904B (en) Data storage device and data scrambling and descrambling method
US20250156338A1 (en) Data integrity protection for relocating data in a memory system
US20130080787A1 (en) Memory storage apparatus, memory controller and password verification method
TW200903250A (en) Cache memory device and data processing method of the device
CN104364760A (en) Parallel computation with multiple storage devices
CN113767387A (en) Verifying data stored in memory using cryptographic hashes
US12120100B2 (en) Secure communication between an intermediary device and a network
CN111699467A (en) Secure element, data processing apparatus, and data processing method
CN116011041A (en) Key management method, data protection method, system, chip and computer equipment
US10445199B2 (en) Bad page management in storage devices
JP2020021385A (en) Memory system
US10372627B2 (en) Method to generate pattern data over garbage data when encryption parameters are changed
CN118551419A (en) Data read/write method, data read/write device, and computer-readable storage medium
TWI869715B (en) Semiconductor device, and system and method for managing secure operations in the same
CN110516457A (en) A data storage method and reading method, and storage device
CN115129500A (en) A method, system, device and storage medium for obtaining logs
US11861374B2 (en) Batch transfer of commands and data in a secure computer system
CN117150496A (en) Device identifier combination engine 3-layer architecture
CN119917117A (en) A chip burning system and method for dynamic data
CN117850663A (en) Method for managing data and related products
CN117827695A (en) Row address remapping method and system on multi-channel DIMM
CN120994465A (en) Data copying method and device based on solid state disk and computer equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination