Data encryption methods applied to SoC and SoC

By generating dynamic keys and randomly shuffling the order of data blocks in the SoC, the security and isolation issues of traditional SoC data encryption methods are solved. This achieves a close association between the dynamic key and the data content, enhancing data protection and making reverse engineering more difficult.

CN121456922BActive Publication Date: 2026-07-03ZITAI MICROELECTRONICS (SHANGHAI) CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
ZITAI MICROELECTRONICS (SHANGHAI) CO LTD
Filing Date
2026-01-07
Publication Date
2026-07-03

AI Technical Summary

Technical Problem

Traditional SoC data encryption methods suffer from several drawbacks: keys are easily extracted, leading to data protection failure; the encryption process is unrelated to the data content and is easily tampered with; and there is a lack of isolation mechanisms in multi-customer shared scenarios, resulting in firmware leaks.

Method used

Data is received through the interface module and divided into data blocks. Dynamic keys are generated using the content characteristics of the data blocks for encryption. Nonlinear perturbation transformation and stream encryption are combined to randomly shuffle the order of the data blocks and perform double-layer encryption using a fixed key to generate metadata tags and encrypted digest files.

Benefits of technology

It achieves a tight association between dynamic keys and data content, enhancing the security and reverse engineering difficulty of data encryption, and automatically identifies and isolates firmware protection in multi-customer usage scenarios.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN121456922B_ABST
    Figure CN121456922B_ABST
Patent Text Reader

Abstract

This application provides a data encryption method and an SoC for use in a SoC. The method includes: receiving external data to be written through an interface module, and dividing the external data into consecutive data blocks in a first order; generating corresponding dynamic keys for each data block based on its content characteristics through a processing module; encrypting the corresponding data blocks using the dynamic keys through the processing module to obtain encrypted data blocks; scattering the encrypted data blocks into a second order according to a pre-set rule and encrypting them again using a pre-stored fixed key to obtain encrypted external data; and writing the encrypted external data to an external storage device through the processing module. In this embodiment, the dynamic keys are determined by the content characteristics of each data block; different data generates different keys, and even if partial ciphertext is obtained, the decryption method for other blocks cannot be deduced.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application relates to the field of SoC, and more specifically, to a data encryption method for use in SoC and an SoC. Background Technology

[0002] With the widespread application of System-on-Chips (SoCs) in smart terminals, IoT devices, industrial control, and other fields, the security issues of embedded systems are becoming increasingly prominent. Traditional data encryption methods typically use a unified key to encrypt the entire program or directly burn the plaintext into external non-volatile memory. These methods have several security vulnerabilities: First, once the fixed key is extracted, the data protection mechanisms of all devices become ineffective; second, the encryption process is independent of the data content, allowing attackers to maliciously tamper with code by replacing parts of the code without being detected; third, in scenarios where multiple customers or projects share the same SoC platform, the lack of effective isolation mechanisms can easily lead to firmware leaks across customers. Summary of the Invention

[0003] The purpose of this application is to provide a data encryption method and a SoC for use in SoC, so as to solve the above-mentioned technical problems.

[0004] In a first aspect, the present invention provides a data encryption method applied to a SoC (System-on-a-Chip), wherein the SoC includes an interface module, a processing module, and a storage module; the method includes:

[0005] The interface module receives external data to be written and divides the external data into data blocks that are consecutive in a first order.

[0006] The processing module generates a corresponding dynamic key based on the content characteristics of each data block. The dynamic key includes a sequence number part and a key part, and the sequence number part corresponds to the first sequence.

[0007] The processing module encrypts the corresponding data blocks using the dynamic key to obtain encrypted data blocks. The encrypted data blocks are then broken into a second order according to a pre-set rule and encrypted using a pre-stored fixed key to obtain encrypted external data.

[0008] The encrypted external data is written to the external storage device through the processing module.

[0009] In an optional implementation, before generating the dynamic key, the following is also included:

[0010] Content features are extracted for each data block, including data entropy distribution, local repetition pattern density, and byte frequency offset, which are used to characterize the uniqueness of the information in the data block.

[0011] In an optional implementation, the processing module generates corresponding dynamic keys based on the content characteristics of each data block, including:

[0012] The key portion of the dynamic key is generated by performing a nonlinear perturbation transformation on the content features. The nonlinear perturbation transformation includes one or more of the following: multi-round displacement mapping, cross-obfuscation, and feedback loop processing.

[0013] In an optional implementation, the step of encrypting the corresponding data blocks using the dynamic key by the processing module includes:

[0014] The processing module inputs the key portion of the dynamic key as an initial seed into the stream encryption engine to generate a key stream with the same length as the data block. Then, it performs a bitwise XOR operation between the key stream and the data block to complete the encryption of the data block.

[0015] In an optional implementation, before encrypting the shuffled data using a fixed key, a metadata tag is attached to each encrypted data block. The metadata tag includes the original sequence number, checksum, and timestamp.

[0016] In an optional implementation, the processing module monitors resource usage in real time during the encryption process. When it detects that memory or bandwidth pressure exceeds a threshold, it dynamically adjusts the data block size and encryption granularity to balance performance and security.

[0017] In an optional implementation, before breaking the encrypted data blocks into a second order, the method further includes:

[0018] Fingerprint information is generated based on the content features of the data block, and the fingerprint information is bound to the original sequence number and recorded in the metadata tag.

[0019] In an optional implementation, after completing all data writing, the processing module further includes:

[0020] A cryptographic digest file is generated, which includes the original sequence number of each data block, the sequence number part of the corresponding dynamic key, the storage location mapping table, and the overall check value. The digest file is then encrypted using a fixed key and stored separately in a protected area.

[0021] In an optional implementation, it further includes:

[0022] The interface module reads encrypted data and encrypted digest files from an external storage device.

[0023] Decrypt the digest file using an internal fixed key to obtain a storage location mapping table;

[0024] The second order is restored to the first order based on the mapping table, and each block is decrypted using the corresponding dynamic key to finally recover the original external data.

[0025] In a second aspect, the present invention provides a SoC including an interface module, a processing module, and a storage module. The storage module stores machine-executable instructions that can be executed by the processing module. The processing module can execute the machine-executable instructions to implement the method described in any of the foregoing embodiments.

[0026] The dynamic key in this embodiment is determined by the content characteristics of each data block; different data generate different keys, and even if partial ciphertext is obtained, the decryption method for other blocks cannot be deduced. Since the key originates from the data itself, any tampering will lead to key mismatch, thus automatically identifying anomalies during the decryption stage. The encrypted data blocks are reordered according to preset rules and written to external storage, disrupting the program's spatial continuity and increasing the difficulty of reverse engineering. Attached Figure Description

[0027] To more clearly illustrate the technical solutions of the embodiments of this application, the accompanying drawings used in the embodiments of this application will be briefly introduced below. It should be understood that the following drawings only show some embodiments of this application and should not be regarded as a limitation of the scope. For those skilled in the art, other related drawings can be obtained based on these drawings without creative effort.

[0028] Figure 1 This application provides a schematic flowchart of a data encryption method for SoC.

[0029] Figure 2 This is a schematic diagram of a SoC structure provided in an embodiment of this application. Detailed Implementation

[0030] The technical solutions in the embodiments of this application will now be described with reference to the accompanying drawings.

[0031] Figure 1 This is a schematic flowchart illustrating a data encryption method applied to a SoC (System-on-a-Chip) according to an embodiment of this application. The SoC includes an interface module, a processing module, and a storage module; as shown... Figure 1 As shown, the method includes:

[0032] S110 receives external data to be written through the interface module and divides the external data into data blocks that are consecutive in a first order.

[0033] The interface module serves as the communication interface between the SoC and external devices (such as sensors and host computers). It is responsible for receiving raw data to be written to external storage devices, such as user files and configuration information. The first order refers to the natural, consecutive arrangement of data blocks within the raw data, which can be denoted as... , where i is the sequence number, 1≤i≤n, and n is the total number of data blocks. This data block is the basic unit of encryption processing, and its size can be dynamically adjusted.

[0034] In some embodiments, data blocks may include multiple partitioning methods. For example, a fixed initial partitioning can be used: assuming the total size of the external data is D (bytes), the initial data block size is... The initial number of data blocks ;in, To round up, the i-th data block For the original data from (i-1)S0+1 to The byte segment. The partitioning can also be dynamically adjusted: if resource pressure is detected later, the actual data block size... The quantity n will be adjusted in real time.

[0035] S120, the processing module generates corresponding dynamic keys according to the content characteristics of each data block. The dynamic key includes a sequence number part and a key part, and the sequence number part corresponds to the first sequence.

[0036] First, content features can be extracted for each data block. These features include data entropy distribution, local repetition pattern density, and byte frequency offset, which are used to characterize the uniqueness of the information in the data block.

[0037] The key portion of the dynamic key generated by performing a nonlinear perturbation transformation on the content features includes one or more of the following: multi-round displacement mapping, cross-mixing, and feedback loop processing.

[0038] In some embodiments, the dynamic key may consist of a sequence number portion. and key part composition. Corresponding to the first sequence number, it identifies the associated data block; The key is generated by nonlinear perturbation transformation of data block content features, which enhances the correlation between the key and the data content.

[0039] Three features (H) can be selected to characterize the uniqueness of information in a data block. i R i F i () as a content feature.

[0040] As an example, a data block can be set. Length is bytes, sliding window size Byte, step size ,common A window.

[0041] Entropy of each window w ;

[0042] in, The frequency of byte b within window w. Avoid setting the value to 0.

[0043] Data entropy distribution ;in, Standard deviation, The mean, A larger value indicates a more significant difference in local randomness.

[0044] As an example, pattern length Given bytes, count the number of times each repeating pattern appears ≥2 under each L, N(L). (Where, the weight is the pattern length L, highlighting the influence of long repeating patterns). A higher value indicates a higher degree of data redundancy.

[0045] As an example, the expected frequency of byte b under uniform distribution actual frequency ;in, This represents the number of times byte b appears. Weight w(b): The weight of the ASCII character (0x20~0x7E). ,other ,but ;in, A larger value indicates a more uneven distribution of bytes.

[0046] It can be generated based on nonlinear perturbation transformation .

[0047] For example, for feature combination values Perform three rounds of transformation; among them, Weighting coefficients:

[0048] Multi-round displacement mapping, for example, Wheel: Displacement of the m-th wheel ; where mod32 is used to limit the displacement range, and the direction is determined by Parity determines whether the operation is even or odd; even shift left, odd shift right, update. .

[0049] Feedback loop processing ( (next iteration): feedback function ;in, A prime constant, initially iteration ,final .

[0050] S130: The processing module encrypts the corresponding data blocks using dynamic keys to obtain encrypted data blocks. The encrypted data blocks are then broken into a second order according to pre-set rules and encrypted using pre-stored fixed keys to obtain encrypted external data.

[0051] The processing module can input the key portion of the dynamic key as the initial seed into the stream encryption engine to generate a key stream with the same length as the data block. Then, the key stream and the data block are XORed bit by bit to complete the encryption of the data block.

[0052] Before encrypting the shuffled data using a fixed key, a metadata tag is attached to each encrypted data block. The metadata tag includes the original sequence number, checksum, and timestamp.

[0053] In some embodiments, before breaking the encrypted data block into a second sequence, the method further includes: generating fingerprint information based on the content characteristics of the data block, binding the fingerprint information with the original sequence number, and recording it in the metadata tag.

[0054] The data block can be encrypted first with a dynamic key, then the metadata tag is attached and the order is shuffled according to the rules. Finally, the whole block is encrypted with a fixed key to achieve "double encryption + order obfuscation".

[0055] An improved NLFSR (Non-linear Feedback Shift Register) stream encryption engine can be used to associate the key stream with the characteristics of the data block content:

[0056] Keystream generation: Initial seed Data block length Bytes, need to be generated Byte key stream .

[0057] NLFSR Status Update: ;in, Initial state, key stream bytes , take the high 8 bits.

[0058] encryption: (Byte-by-byte XOR).

[0059] In some embodiments, metadata tags Appended to encrypted data blocks, the following can be included:

[0060] Original sequence number: i is the first sequence number;

[0061] Integrity verification can be enhanced by combining CRC with content characteristics;

[0062] The system time is used to encrypt the start time.

[0063] Fingerprint information: The first 16 bytes; these are the unique identifiers of the data block and are bound to the original sequence number.

[0064] In some embodiments, the data block fingerprints can be shuffled using a pseudo-random arrangement. The specific rule is: Let the shuffling mapping be... ;in, It is a prime number. If the fingerprint is represented by an integer, then the second order Where j is the second sequence number, To ensure no repetition in a double-shot attack.

[0065] In some embodiments, a fixed key It can be 256 bits long and can be stored in the SoC secure area. The encrypted object is tagged, shuffled data. ; where T'j is the label of C'j.

[0066] Adopting an improved CTR-GCM mode:

[0067] IV=SHA-256T stamp,global The first 12 bytes of n (T) stamp,global Let n be the global encrypted timestamp and n be the total number of data blocks. .

[0068] S140 writes the encrypted external data to the external storage device through the processing module.

[0069] In some embodiments, the processing module monitors resource usage in real time during encryption. When memory or bandwidth pressure exceeds a threshold, it dynamically adjusts the data block size and encryption granularity to balance performance and security.

[0070] In some embodiments, an encrypted digest file may also be generated, which includes the original sequence number of each data block, the sequence number part of the corresponding dynamic key, a storage location mapping table, and an overall check value. The digest file is then encrypted using a fixed key and stored separately in a protected area.

[0071] In some embodiments, encrypted data and encrypted digest files in an external storage device can also be read through an interface; the digest file can be decrypted using an internal fixed key to obtain a storage location mapping table; the second order can be restored to the first order according to the mapping table, and the corresponding dynamic key can be used to decrypt each block to finally restore the original external data.

[0072] In some embodiments, encrypted external data E can be written to an external storage device (such as Flash) via a DMA controller to accelerate transmission and reduce CPU usage.

[0073] In some embodiments, memory usage can be monitored. > (Threshold) or bandwidth utilization (BW) usage >BW th (Threshold).

[0074] Adjust strategy:

[0075] Data block size: ;in, For coefficients, Increase S to reduce the number of data blocks;

[0076] Encryption granularity:

[0077] ;in, M is the number of nonlinear perturbation transformation rounds. Reducing M reduces the computational load and balances performance and security.

[0078] In some embodiments, the original sequence number i and the dynamic key sequence number Storage location mapping table Overall check value . This is the inverse mapping from the second order to the first order. .

[0079] use Encrypted digest file:

[0080] ;

[0081] in, Stored in a protected area.

[0082] In some embodiments, the decryption process may be as follows:

[0083] Read E and ;

[0084] use Decryption , obtain ;

[0085] according to Restore the second order to the first order ;

[0086] block by block Regenerate the keystream and decrypt: ;

[0087] verify and To restore the original external data.

[0088] In some embodiments, when the data volume is less than a minimum threshold, data blocks can be forcibly divided into one block (to avoid fragmentation); when the data volume is large, offsets can be used to... Adjust the trigger condition for rounding up, for example... hour, .5 + 1 / S_0≈1.5); hour, .5 - 1 / S_0≈1.5), (Originally 1), to avoid dividing small data blocks separately and improve subsequent encryption efficiency.

[0089] In some embodiments, it can also be used when memory usage is high. Or bandwidth utilization Adjustments are triggered at specific times, among which ,Should Use a lag threshold to avoid frequent adjustments.

[0090] In some embodiments, data entropy distribution It can also be determined based on the following formula: ;in: Let w be the entropy of window w; This represents the average covariance of the entropy of adjacent windows.

[0091] This formula is added It can capture the changing trends of randomness, such as the high covariance of entropy changes in alternating "paragraph-blank" patterns in text data, while the covariance of random data is close to 0, thus enhancing the ability to distinguish data types.

[0092] In some embodiments, local repeating pattern density It can also be determined based on the following formula: ;

[0093] in: The average interval of the repeating pattern of length (L) For each repeating pattern, calculate the positional difference between the first occurrence and subsequent occurrences, and take the average; if , .pass It highlights long and dense repetitive patterns, more accurately reflecting data redundancy.

[0094] In some embodiments, byte frequency offset It can be determined based on the following formula: ;

[0095] Where: w'(b) is the dynamic weight; The maximum offset weighting coefficient; This represents the maximum frequency offset across all bytes.

[0096] Enhance sensitivity to text data through w'(b), and through Capture extreme offsets to improve the ability to distinguish data of specific formats.

[0097] In some embodiments, the NLFSR state update can also be determined based on the following formula: ;

[0098] Wherein: Initial state: , , , ;

[0099] Keystream bytes: .

[0100] By joining (Enhanced nonlinearity) (Integration of three wheel features) and (Extending the state dependency chain) makes the key stream more closely associated with content features, thus improving the resistance to differential analysis.

[0101] In some embodiments, when memory usage or bandwidth utilization exceeds a preset threshold during the encryption process, it is necessary to balance performance and security by adjusting the data block size and encryption granularity. The data block size adjustment strategy can also be determined based on the following formula: ;

[0102] in: For data type factors (text data) binary data (High text redundancy can be further adjusted). Use the historical average data block length to avoid excessively large adjustments in a single instance. Adapting to the redundancy characteristics of different data, through Limit the adjustment range (slow down the adjustment if the current size is close to the historical average) to avoid performance fluctuations.

[0103] Based on the same inventive concept, this application also provides a SoC in its embodiments. For example... Figure 2 As shown, the SoC includes an interface module 201, a processing module 202, and a storage module 203. The storage module 203 stores machine-executable instructions that can be executed by the processing module 202. The processing module 202 can execute the machine-executable instructions to implement the content shown in the aforementioned method embodiment.

[0104] The SoC provided in this application embodiment may further include a bus connecting different components, including an interface module 201, a processing module 202, and a storage module 203. Here, "bus" refers to one or more types of bus structures, including memory bus, peripheral bus, local area bus, etc.

[0105] Processing module 202 may include a readable storage medium in the form of volatile memory, such as random access memory (RAM) and / or cache memory, and may further include read-only memory (ROM). Storage module 203 may also include a program tool having a set (at least one) of program modules, including but not limited to an operating subsystem, one or more application programs, other program modules, and program data, each or some combination of these examples may include an implementation of a network environment.

[0106] The processing module 202 can be a single processing element or a collective term for multiple processing elements. For example, the processing module 202 can be a central processing unit (CPU) or one or more integrated circuits configured to implement the methods provided in the embodiments of this application. Specifically, the processing module 202 can be a general-purpose processor, including but not limited to a CPU, an application-specific integrated circuit (ASIC), a field-programmable gate array (FPGA), or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc.

[0107] It should be noted that, Figure 2 The SoC shown is merely an example and should not impose any limitations on the functionality and scope of use of the embodiments in this application.

[0108] The computer-readable storage medium provided in the embodiments of this application is described below. The computer-readable storage medium provided in the embodiments of this application stores computer instructions, which, when executed by a processor, implement the methods provided in the embodiments of this application. Specifically, the computer instructions may be built into or installed in a processor, so that the processor can implement the methods provided in the embodiments of this application by executing the built-in or installed computer instructions.

[0109] Furthermore, the method provided in this application embodiment can also be implemented as a computer program product, which includes program code that implements the method provided in this application embodiment when run on a processor.

[0110] The computer program product provided in this application embodiment may employ one or more computer-readable storage media, which may be, but is not limited to, an electrical, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination thereof. Specifically, more specific examples (a non-exhaustive list) of computer-readable storage media include: electrical connections having one or more wires, portable disks, hard disks, RAM, ROM, erasable programmable read-only memory (EPROM), optical fibers, portable compact disc read-only memory (CD-ROM), optical storage devices, magnetic storage devices, or any suitable combination thereof.

[0111] The computer program product provided in this application embodiment can be a CD-ROM and include program code, and can also run on electronic devices such as computers. However, the computer program product provided in this application embodiment is not limited thereto. In this application embodiment, the computer-readable storage medium can be any tangible medium that contains or stores program code, which can be used by or in conjunction with an instruction execution system, device, or apparatus.

[0112] It should be noted that although several units or sub-units of the device have been mentioned in the detailed description above, this division is merely exemplary and not mandatory. In fact, according to embodiments of this application, the features and functions of two or more units described above can be embodied in one unit. Conversely, the features and functions of one unit described above can be further divided and embodied by multiple units.

[0113] Furthermore, although the operations of the method of this application are described in a specific order in the accompanying drawings, this does not require or imply that these operations must be performed in that specific order, or that all the operations shown must be performed to achieve the desired result. Additionally or alternatively, certain steps may be omitted, multiple steps may be combined into one step, and / or one step may be broken down into multiple steps.

[0114] Although preferred embodiments of this application have been described, those skilled in the art, upon learning the basic inventive concept, can make other changes and modifications to these embodiments. Therefore, the appended claims are intended to be interpreted as including the preferred embodiments as well as all changes and modifications falling within the scope of this application.

[0115] Obviously, those skilled in the art can make various modifications and variations to the embodiments of this application without departing from the spirit and scope of the embodiments of this application. Therefore, if these modifications and variations to the embodiments of this application fall within the scope of the claims of this application and their equivalents, this application also intends to include these modifications and variations.

Claims

1. A data encryption method applied to a SoC, characterized in that, The SoC includes an interface module, a processing module, and a storage module; the method includes: The interface module receives external data to be written and divides the external data into data blocks that are consecutive in a first order. Content features are extracted for each data block, including data entropy distribution, local repetition pattern density, and byte frequency offset. The processing module generates corresponding dynamic keys based on the content characteristics of each data block. Each dynamic key includes a sequence number and a key portion, with the sequence number corresponding to the first sequence. The key portion of the dynamic key is generated by performing a nonlinear perturbation transformation on the content characteristics. This nonlinear perturbation transformation includes: first, weighting and combining the data entropy distribution, local repetition pattern density, and byte frequency offset to obtain a combined value; then, performing multiple rounds of displacement mapping; and finally, performing a feedback loop. The processing module encrypts corresponding data blocks using the dynamic key to obtain encrypted data blocks. These encrypted data blocks are then shuffled into a second order according to pre-defined rules and encrypted again using a pre-stored fixed key to obtain encrypted external data. Specifically, the encryption includes: inputting the key portion of the dynamic key as an initial seed into the stream encryption engine to generate a key stream of the same length as the data block; and then performing a bitwise XOR operation between the key stream and the data block to encrypt the data block. The pre-defined rules include: shuffling the data blocks according to a pseudo-random arrangement of their fingerprints, where the data block fingerprints are generated based on the content features of the data blocks, and the shuffling mapping is... Where p and q are prime numbers, The fingerprint is represented by an integer, where n is the total number of data blocks; The encrypted external data is written to the external storage device through the processing module.

2. The data encryption method according to claim 1, characterized in that, Before encrypting the shuffled data using a fixed key, a metadata tag is attached to each encrypted data block. The metadata tag includes the original sequence number, checksum, and timestamp.

3. The method according to claim 1, characterized in that, The processing module monitors resource usage in real time during encryption. When memory or bandwidth pressure exceeds a threshold, it dynamically adjusts the data block size and encryption granularity to balance performance and security.

4. The method according to claim 2, characterized in that, Before breaking the encrypted data blocks into a second order, the process also includes: Fingerprint information is generated based on the content features of the data block, and the fingerprint information is bound to the original sequence number and recorded in the metadata tag.

5. The method according to claim 1, characterized in that, After completing the writing of all data, the processing module further includes: A cryptographic digest file is generated, which includes the original sequence number of each data block, the sequence number part of the corresponding dynamic key, the storage location mapping table, and the overall check value. The digest file is then encrypted using a fixed key and stored separately in a protected area.

6. The method according to claim 5, characterized in that, Also includes: The interface module reads encrypted data and encrypted digest files from an external storage device. Decrypt the digest file using an internal fixed key to obtain a storage location mapping table; The second order is restored to the first order based on the mapping table, and each block is decrypted using the corresponding dynamic key to finally recover the original external data.

7. A SoC, characterized in that, It includes an interface module, a processing module, and a storage module. The storage module stores machine-executable instructions that can be executed by the processing module. The processing module can execute the machine-executable instructions to implement the method according to any one of claims 1 to 6.