1. The method for protecting the data in the OTP memory is applied to an OTP controller and comprises the following steps:

acquiring a target key after receiving a programming request sent by the OTP memory;

acquiring security data to be encrypted, and reading a parameter configuration area of the OTP memory to determine a target encryption algorithm;

and encrypting the security data to be encrypted by using the target encryption algorithm and the target key to obtain encrypted security data, and storing the encrypted security data to a security data area of the OTP memory.

2. The method of claim 1, wherein the obtaining a target key comprises:

and reading a preset fixed key in a key configuration field in the parameter configuration area of the OTP memory, and taking the fixed key as the target key.

3. The method of OTP in-memory data protection according to claim 1, wherein the target encryption algorithm comprises advanced data encryption standard, triple data encryption standard and SM4 encryption algorithm.

4. The method of claim 1, wherein the obtaining a target key comprises:

sending a random number request to a random number generator, and acquiring a random number value fed back by the random number generator;

and taking the random number value as the target key and storing the target key in a random data area of the OTP memory.

5. The method for protecting data in an OTP memory according to claim 4, wherein after storing the encrypted secure data in the secure data area of the OTP memory, the method further comprises:

and respectively carrying out latch configuration of read operation and/or write operation on the random data area, the safety data area and the parameter configuration area by utilizing the latch state configuration area of the OTP memory.

6. The method of protecting data in an OTP memory according to claim 4, further comprising:

when a starting signal sent by the random number generator after the system is reset is received, reading a random number flag bit of the random data area in the OTP memory to judge whether a random number value exists in the random data area;

if the random data area, the safety data area, the parameter configuration area and the latch state configuration area exist, data information in the random data area, the safety data area, the parameter configuration area and the latch state configuration area is read, and the data information is stored to the local;

judging whether the data in the safe data area is encrypted or not according to the algorithm configuration field in the parameter configuration area;

and if the data information is not encrypted, sending the locally stored data information to a system external module through a local interface output module so that the system external module can generate a key by using the data information.

7. The method of claim 6, wherein after determining whether the data in the secure data area is encrypted, the method further comprises:

if the encrypted data is encrypted, decrypting the encrypted data in the secure data area according to a target key corresponding to a key configuration field in the parameter configuration area and a target encryption algorithm corresponding to an algorithm configuration field to obtain decrypted secure data;

and sending the data information in the locally stored random data area, the parameter configuration area and the latch state configuration area, and the decrypted safety data to the system external module through a local interface output module.

8. An OTP in-memory data protection device, applied to an OTP controller, comprises:

the target key acquisition module is used for acquiring a target key after receiving a programming request sent by the OTP memory;

the data and encryption algorithm acquisition module is used for acquiring the security data to be encrypted and reading the parameter configuration area of the OTP memory to determine a target encryption algorithm;

and the encryption storage module is used for encrypting the security data to be encrypted by using the target encryption algorithm and the target key to obtain encrypted security data and storing the encrypted security data to a security data area of the OTP memory.

9. An electronic device, comprising:

a memory for storing a computer program;

a processor for executing the computer program to implement the OTP in-memory data protection method of any of claims 1 to 7.

10. A computer-readable storage medium for storing a computer program; wherein the computer program when executed by a processor implements the method of in-OTP memory data protection according to any of claims 1 to 7.

Background

At present, the requirement on the security performance of products is higher and higher, and in order to meet the protection requirement of security sensitive data in a hardware system, for example, sensitive data with higher security requirements such as a security root key and identity information in a chip, an OTP (One Time Programmable) memory can meet the requirements of high confidentiality and high reliability to a certain extent due to the non-volatility and high reliability of the stored data, however, how to further improve the security and reliability of the OTP memory is a problem of wide attention at present. In the prior art, through research on the OTP memory, the data stability of the OTP memory is improved in a physical manufacturing level, but the data is not protected, and the security of data storage is reduced.

Disclosure of Invention

In view of the above, an object of the present invention is to provide a method, an apparatus, a device and a medium for protecting data in an OTP memory, which can enhance the security and confidentiality after OTP data programming. The specific scheme is as follows:

in a first aspect, the present application discloses a method for protecting data in an OTP memory, comprising:

acquiring a target key after receiving a programming request sent by the OTP memory;

acquiring security data to be encrypted, and reading a parameter configuration area of the OTP memory to determine a target encryption algorithm;

and encrypting the security data to be encrypted by using the target encryption algorithm and the target key to obtain encrypted security data, and storing the encrypted security data to a security data area of the OTP memory.

Optionally, the obtaining the target key includes:

and reading a preset fixed key in a key configuration field in the parameter configuration area of the OTP memory, and taking the fixed key as the target key.

Optionally, the target encryption algorithm includes an advanced data encryption standard, a triple data encryption standard, and an SM4 encryption algorithm.

Optionally, the obtaining the target key includes:

sending a random number request to a random number generator, and acquiring a random number value fed back by the random number generator;

and taking the random number value as the target key and storing the target key in a random data area of the OTP memory.

Optionally, after storing the encrypted secure data to the secure data area of the OTP memory, the method further includes:

and respectively carrying out latch configuration of read operation and/or write operation on the random data area, the safety data area and the parameter configuration area by utilizing the latch state configuration area of the OTP memory.

Optionally, the method for protecting data in the OTP memory further includes:

when a starting signal sent by the random number generator after the system is reset is received, reading a random number flag bit of the random data area in the OTP memory to judge whether a random number value exists in the random data area;

if the random data area, the safety data area, the parameter configuration area and the latch state configuration area exist, data information in the random data area, the safety data area, the parameter configuration area and the latch state configuration area is read, and the data information is stored to the local;

judging whether the data in the safe data area is encrypted or not according to the algorithm configuration field in the parameter configuration area;

and if the data information is not encrypted, sending the locally stored data information to a system external module through a local interface output module so that the system external module can generate a key by using the data information.

Optionally, after determining whether the data in the secure data area is encrypted, the method further includes:

if the encrypted data is encrypted, decrypting the encrypted data in the secure data area according to a target key corresponding to a key configuration field in the parameter configuration area and a target encryption algorithm corresponding to an algorithm configuration field to obtain decrypted secure data;

and sending the data information in the locally stored random data area, the parameter configuration area and the latch state configuration area, and the decrypted safety data to the system external module through a local interface output module.

In a second aspect, the present application discloses an OTP memory data protection apparatus, comprising:

the target key acquisition module is used for acquiring a target key after receiving a programming request sent by the OTP memory;

the data and encryption algorithm acquisition module is used for acquiring the security data to be encrypted and reading the parameter configuration area of the OTP memory to determine a target encryption algorithm;

and the encryption storage module is used for encrypting the security data to be encrypted by using the target encryption algorithm and the target key to obtain encrypted security data and storing the encrypted security data to a security data area of the OTP memory.

In a third aspect, the present application discloses an electronic device, comprising:

a memory for storing a computer program;

a processor for executing the computer program to implement the aforementioned OTP memory data protection method.

In a fourth aspect, the present application discloses a computer readable storage medium for storing a computer program; wherein the computer program when executed by the processor implements the aforementioned OTP memory data protection method.

In the application, a target key is obtained after a programming request sent by the OTP memory is received; acquiring security data to be encrypted, and reading a parameter configuration area of the OTP memory to determine a target encryption algorithm; and encrypting the security data to be encrypted by using the target encryption algorithm and the target key to obtain encrypted security data, and storing the encrypted security data to a security data area of the OTP memory. Therefore, the OTP controller encrypts the security sensitive data and programs the encrypted security sensitive data into the security data area, and performs hardware selection on the encryption and decryption algorithms to realize processing of different encryption and decryption keys and selection of the encryption and decryption algorithms, so that the security and confidentiality of the security data encryption are improved, the security and confidentiality of the programmed OTP data can be enhanced, and the data can be prevented from being tampered or important sensitive data can be prevented from being illegally stolen.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.

FIG. 1 is a flowchart illustrating a method for protecting data in an OTP memory according to the present disclosure;

FIG. 2 is a specific target algorithm configuration provided herein;

FIG. 3 is a flow chart of a specific OTP memory data protection method provided herein;

fig. 4 is a specific target key configuration manner provided in the present application;

FIG. 5 is a diagram illustrating a hardware architecture of an OTP memory system and a hardware architecture of an OTP controller according to an embodiment of the present disclosure;

FIG. 6 is a flowchart of OTP initialization provided herein;

FIG. 7 is a flowchart illustrating a specific OTP initialization process provided herein;

FIG. 8 is a flowchart of a specific random number obtaining method provided herein;

FIG. 9 is a schematic structural diagram of an OTP memory data protection apparatus according to the present application;

fig. 10 is a block diagram of an electronic device provided in the present application.

Detailed Description

In the prior art, through research on the OTP memory, the data stability of the OTP memory is improved in a physical manufacturing level, but the data is not protected, and the security of data storage is reduced. In order to overcome the technical problem, the application provides a method for protecting data in an OTP memory, which can enhance the security and confidentiality of OTP data after programming.

The embodiment of the application discloses a method for protecting data in an OTP memory, which is applied to an OTP controller and can comprise the following steps:

step S11: and acquiring a target key after receiving a programming request sent by the OTP memory.

In this embodiment, after receiving a programming request sent by the OTP memory, the target key is obtained, it can be understood that the OTP memory initiates the programming request to the OTP controller through the external serial port, and the OTP controller actively obtains the target key after receiving the programming request. In this embodiment, the obtaining the target key may include: reading a fixed key preset in a key configuration field in a parameter configuration area of the OTP memory, and using the fixed key as the target key, that is, storing a fixed key in the key configuration field in the parameter configuration area of the OTP memory in advance, after receiving a programming request sent by the OTP memory, the OTP controller reads the fixed key preset in the key configuration field in the parameter configuration area of the OTP memory, and uses the fixed key as the target key to encrypt the secure data.

Step S12: and acquiring security data to be encrypted, and reading a parameter configuration area of the OTP memory to determine a target encryption algorithm.

In this embodiment, to-be-encrypted security data is obtained, where the to-be-encrypted security data includes, but is not limited to, data with high security requirements, such as a security root key and identity information, and a parameter configuration area of the OTP memory is read to determine a target encryption algorithm, and specifically, a corresponding target encryption algorithm may be determined according to a field of the parameter configuration area. In this embodiment, the target Encryption algorithm includes, but is not limited to, Advanced Encryption Standard (AES), Triple Data Encryption Standard (TDES), and SM4 Encryption algorithm, and it can be understood that a parameter configuration area stores a string having a mapping relationship and a corresponding algorithm type in advance, a specific algorithm configuration MODE is, for example, as shown in fig. 2, a PROGRAM _ MODE field is set as a target algorithm configuration field, and when the PROGRAM _ MODE value is 2' b00, security Data to be encrypted is not encrypted; when PROGRAM _ MODE is 2' b01, encrypting using AES algorithm; when PROGRAM _ MODE is 2' b10, encrypting using SM4 algorithm; when PROGRAM _ MODE is 2' b11, TDES algorithm encryption is used.

Step S13: and encrypting the security data to be encrypted by using the target encryption algorithm and the target key to obtain encrypted security data, and storing the encrypted security data to a security data area of the OTP memory.

In this embodiment, the secure data to be encrypted is encrypted according to the determined target encryption algorithm and the target key to obtain encrypted secure data, and the encrypted secure data is stored in the secure data area of the OTP memory.

As can be seen from the above, in this embodiment, the target key is obtained after the programming request sent by the OTP memory is received; acquiring security data to be encrypted, and reading a parameter configuration area of the OTP memory to determine a target encryption algorithm; and encrypting the security data to be encrypted by using the target encryption algorithm and the target key to obtain encrypted security data, and storing the encrypted security data to a security data area of the OTP memory. Therefore, the OTP controller is used for encrypting the security sensitive data and programming the encrypted security sensitive data to the security data area, and selecting the encryption and decryption algorithms through hardware, so that different encryption and decryption keys are processed and the encryption and decryption algorithms are selected, the security confidentiality of the security data encryption is improved, the security and the confidentiality of the programmed OTP data can be enhanced, the data is prevented from being tampered or important sensitive data is prevented from being illegally stolen, and a safe and effective data security protection mechanism is added by means of the safety and the reliability of the OTP at present so as to effectively protect the security sensitive data and improve the data security and the data confidentiality of the security sensitive data in a product or a system.

The embodiment of the application discloses a specific method for protecting data in an OTP memory, and referring to fig. 3, the method may include the following steps:

step S21: after receiving a programming request sent by the OTP memory, sending a random number request to a random number generator, and acquiring a random number value fed back by the random number generator.

In this embodiment, after receiving a programming request sent by the OTP memory, a Random Number request is sent to a Random Number Generator (TRNG) and a Random Number fed back by the Random Number Generator is obtained.

Step S22: and taking the random number value as a target key and storing the target key in a random data area of the OTP memory.

In this embodiment, the random number is used as a target key and is stored in a random data area of the OTP memory. It is understood that, instead of using a fixed KEY as the target KEY, a random number may be used as the encryption KEY of the secure data, and specifically, for example, as shown in fig. 4, a PROGRAM _ KEY _ SEL configuration field may be set in a parameter configuration area of the OTP memory, when the field is 0, a fixed KEY OTP _ KEY in the OTP interval may be selected as the target KEY, and when the field value is 1, a random number may be selected as the target KEY.

Step S23: and acquiring security data to be encrypted, and reading a parameter configuration area of the OTP memory to determine a target encryption algorithm.

Step S24: and encrypting the security data to be encrypted by using the target encryption algorithm and the target key to obtain encrypted security data, and storing the encrypted security data to a security data area of the OTP memory.

Step S25: and respectively carrying out latch configuration of read operation and/or write operation on the random data area, the safety data area and the parameter configuration area by utilizing the latch state configuration area of the OTP memory.

In this embodiment, at the end of the programming configuration flow, the latch state configuration area of the OTP memory is used to perform programming configuration, and the latch configuration of the read operation and/or the write operation is performed on the random data area, the secure data area, and the parameter configuration area, respectively. In particular, the programming operation of the parameter configuration area, the secure data area, may be latched to prevent a second programming of the area. And latching the read operation of the random data area to ensure that the area cannot be read by other external modules such as a host and the like, so as to ensure the randomness and unpredictability of the value of the area, and improve the confidentiality and the security of encryption and decryption.

For example, as shown in fig. 5, there is provided a hardware architecture of an OTP memory system and a hardware architecture in an OTP controller, HOST is used as a HOST to initiate a request for programming or reading OTP, TRNG is a true random number generator, and during OTP factory production, during an OTP system initialization phase, the OTP controller sends a random number request to a TRNG module to apply for a set of 128BIT random number data and program the set of data into a secure data area of OTP; the OTP _ WRAPPER is an OTP controller, wherein the OTP _ ASYNC is a synchronization module for programming or reading the OTP by an external host; the OTP _ CTRL is a main control module of the OTP controller, and it can be understood that, in this embodiment, the programming address and the programming data are sent to the OTP _ ASYNC module, and then sent to the OTP main control module OTP _ CTRL after being synchronized; the OTP _ INIT is an initialization control module of the OTP, is responsible for reading each region in the OTP in stages after the OTP is powered on, completes initialization of an OTP OUTPUT value of the whole system, sends security sensitive data generated by initialization to OTP _ OUTPUT, and finally sends the security sensitive data to other modules outside the system; OTP _ PROGRAM is a programming interface module of OTP; the OTP _ READ module is a READ operation interface module of OTP; the OTP _ ALGO module is an encryption and decryption algorithm operation module in the OTP controller, and comprises an SM4, AES and TDES encryption and decryption algorithm hardware realization module. The module is used for carrying out encryption operation on the sensitive security data and then sending the encrypted data to the OTP _ PROGRAM module. During the system initialization phase, the OTP _ ALGO module is used to provide decryption of secure data. And the OTP _ OUTPUT module is an interface module of the OTP _ WRAPPER and an external module and OUTPUTs the security sensitive data.

It can be understood that, in the embodiment, the OTP memory is divided into four regions, the RANDOM data region OTP _ TRNG _ RANDOM _ AREA is used for programming the RANDOM number for storing 128 BITs, and is generated by the external true RANDOM number generation module TRNG for the subsequent encryption and decryption operation, and after the latch state is programmed to be 1, the region is ensured to be invisible to both the external HOST and the external module; the secure data AREA OTP _ SECURITY _ AREA is used for programming and storing SECURITY sensitive data; the parameter configuration AREA OTP _ CONFIG _ AREA is used for programming the configuration data of the storage hardware, for example, 2 bits of PROGRAM _ MODE field for configuring the encryption and decryption algorithm, and 1bit of PROGRAM _ KEY _ SEL field for selecting and configuring the encryption and decryption KEY; the latch state configuration region OTP _ LOCK _ AREA is used to program and store latch state information.

For the specific processes of step S23 and step S24, reference may be made to the corresponding contents disclosed in the foregoing embodiments, and details are not repeated here.

As can be seen from the above, in this embodiment, a series of security protection measures, such as performing random number processing on the encryption and decryption keys and performing data decryption after encryption only by the OTP controller in the OTP initialization stage, improve the security and confidentiality of the security sensitive data programmed into the OTP. The random value provided by the true random number generator ensures the randomness and uncertainty of the value programmed into the security data area, i.e. the randomness of the key used for encrypting the security data, and improves the unpredictability of the encryption and decryption processing of the confidential data. On the basis, the invisibility of the random key and the data validity of the security sensitive data programming area are ensured by a data latching mechanism during the use of the data. Therefore, when an external host reads the sensitive data programmed in the safety data area, the read value is the encrypted data, and the safety and confidentiality of the data are improved.

An OTP initialization process is disclosed in an embodiment of the present application, and as shown in fig. 6, the OTP initialization process may include the following steps:

step S31: and when a starting signal sent by the random number generator after the system is reset is received, reading a random number flag bit of a random data area in the OTP memory to judge whether a random number value exists in the random data area.

In this embodiment, for example, in the OTP initialization process shown in fig. 7, after the system reset is released, the true RANDOM number generator automatically completes the initialization configuration and pulls the signal TRNG _ READY to 1, and after receiving the signal, the OTP controller initiates a read operation of the OTP memory of the first stage OTP _ INIT _ STEP1, in which other non-sensitive data areas and the RANDOM number flag TRNG _ RANDOM _ KEY _ READY field are read, if the flag is 1, it indicates that the RANDOM number of 128 BITs has been programmed into the secure data area of the OTP memory in the production stage, and if the flag is 0, it indicates that the RANDOM storage area is not programmed with the OTP, and the initialization process jumps to the end of OTP _ INIT _ FINISH, that is, in the OTP initialization process, the read process of the secure data area is skipped, and the entire OTP initialization process is directly ended. In this case, the valid signal for sensitive data will remain low all the time since the secure data area was not programmed and initially read.

Step S32: and if so, reading data information in a random data area, a safety data area, a parameter configuration area and a latch state configuration area in the OTP memory, and storing the data information to the local.

In this embodiment, if the random number exists, that is, the flag bit of the random number is 0, the OTP is powered on and initialized to enter the second stage OTP _ INIT _ STEP2, and the OTP controller reads data information in the random data area, the secure data area, the parameter configuration area, and the latch state configuration area in the OTP memory, and stores the data information in the local memory. If the flag BIT of the random number is 0, after the initialization process is completed, a request for programming the random number needs to be initiated to the OTP controller through an external serial port, for example, as shown in fig. 8, after the OTP controller receives the request, the OTP controller requests a set of 128BIT random numbers to the random number module, programs the requested true random number into the random data region, and after the programming is completed, programs the flag BIT of the random number to 1. The random number programming request starting register of the OTP controller is configured through an external serial port, and the whole random number request and the programming operation are initiated.

Step S33: and judging whether the data in the safe data area is encrypted or not according to the algorithm configuration field in the parameter configuration area.

In this embodiment, after data is stored, the third phase OTP _ INIT _ STEP3 of the OTP power-on initialization process is entered, the algorithm configuration field in the parameter configuration area is read, and whether the data in the secure data area is encrypted is determined, that is, whether the secure data is encrypted or a corresponding encryption algorithm is determined by reading the algorithm configuration field PROGRAM _ MODE shown in fig. 2.

Step S34: and if the encrypted data is encrypted, decrypting the encrypted data in the secure data area according to the target key corresponding to the key configuration field in the parameter configuration area and the target encryption algorithm corresponding to the algorithm configuration field to obtain the decrypted secure data.

In this embodiment, if the encrypted data is encrypted, the encrypted data in the secure data area is decrypted according to the target key corresponding to the key configuration field in the parameter configuration area and according to the target encryption algorithm corresponding to the algorithm configuration field, so as to obtain the decrypted secure data. Namely, the read security data is processed by decryption operation, the decryption algorithm is selected through the PROGRAM _ MODE field, and the decryption KEY is selected through the PROGRAM _ KEY _ SEL field.

Step S35: and sending the data information in the random data area, the parameter configuration area and the latch state configuration area which are locally stored and the decrypted safety data to the system external module through a local interface output module so that the system external module can generate a secret key by using the data information.

In this embodiment, after the decryption is completed, the OUTPUT stage is entered, and the decrypted security sensitive data in the third stage and the other data initially read in the second stage are sent to the OTP _ OUTPUT module and OUTPUT to the system external module, so that the system external module generates a key by using the root key and the identity information in the security data in the data information, and raises the valid signal of the sensitive data to 1. If the data information is not encrypted, the data information which is read in the initialization mode in the second stage and is locally stored is directly sent to the system external module through the local interface output module, and then the system external module can generate a corresponding key by using a root key, identity information and the like in the secure data area.

As can be seen from the above, in this embodiment, when a start signal sent by the random number generator after the system is reset is received, the random number flag bit of the random data area in the OTP memory is read to determine whether a random number exists in the random data area. And if so, reading data information in a random data area, a safety data area, a parameter configuration area and a latch state configuration area in the OTP memory, and storing the data information to the local. And then, judging whether the data in the safe data area is encrypted or not according to the algorithm configuration field in the parameter configuration area. And if the encrypted data is encrypted, decrypting the encrypted data in the secure data area according to the target key corresponding to the key configuration field in the parameter configuration area and the target encryption algorithm corresponding to the algorithm configuration field to obtain the decrypted secure data. And sending the data information in the random data area, the parameter configuration area and the latch state configuration area which are locally stored and the decrypted safety data to the system external module through a local interface output module so that the system external module can generate a secret key by using the data information. Therefore, the decryption of the secure data in the embodiment only occurs in the OTP initialization stage after the system is powered on, the decryption control of the portion is controlled by hardware, and the portion such as the external host cannot control the decryption, so that the independence and the security of the portion are ensured.

Correspondingly, the embodiment of the present application further discloses an apparatus for protecting data in an OTP memory, as shown in fig. 9, the apparatus includes:

a target key obtaining module 11, configured to obtain a target key after receiving a programming request sent by the OTP memory;

the data and encryption algorithm obtaining module 12 is configured to obtain security data to be encrypted, and read a parameter configuration area of the OTP memory to determine a target encryption algorithm;

and the encryption storage module 13 is configured to encrypt the to-be-encrypted secure data by using the target encryption algorithm and the target key to obtain encrypted secure data, and store the encrypted secure data in a secure data area of the OTP memory.

As can be seen from the above, in this embodiment, the target key is obtained after the programming request sent by the OTP memory is received; acquiring security data to be encrypted, and reading a parameter configuration area of the OTP memory to determine a target encryption algorithm; and encrypting the security data to be encrypted by using the target encryption algorithm and the target key to obtain encrypted security data, and storing the encrypted security data to a security data area of the OTP memory. Therefore, the OTP controller encrypts the security sensitive data and programs the encrypted security sensitive data into the security data area, and performs hardware selection on the encryption and decryption algorithms to realize processing of different encryption and decryption keys and selection of the encryption and decryption algorithms, so that the security and confidentiality of the security data encryption are improved, the security and confidentiality of the programmed OTP data can be enhanced, and the data can be prevented from being tampered or important sensitive data can be prevented from being illegally stolen.

In some specific embodiments, the target key obtaining module 11 may specifically include:

a first key obtaining unit, configured to read a fixed key preset in a key configuration field in the parameter configuration area of the OTP memory, and use the fixed key as the target key;

the second key acquisition unit is used for sending a random number request to the random number generator and acquiring a random number value fed back by the random number generator; and taking the random number value as the target key and storing the target key in a random data area of the OTP memory.

In some specific embodiments, the data protection device in the OTP memory may specifically include:

and the latch module is used for respectively carrying out latch configuration of read operation and/or write operation on the random data area, the safety data area and the parameter configuration area by utilizing a latch state configuration area of the OTP memory.

In some specific embodiments, the data protection device in the OTP memory may specifically include:

the initialization module is used for reading a random number flag bit of the random data area in the OTP memory to judge whether a random number value exists in the random data area or not when receiving a starting signal sent by the random number generator after system reset; if the random data area, the safety data area, the parameter configuration area and the latch state configuration area exist, data information in the random data area, the safety data area, the parameter configuration area and the latch state configuration area is read, and the data information is stored to the local; judging whether the data in the safe data area is encrypted or not according to the algorithm configuration field in the parameter configuration area; and if the data information is not encrypted, sending the locally stored data information to a system external module through a local interface output module so that the system external module can generate a key by using the data information.

In some specific embodiments, the initialization module may specifically include:

the decryption module is used for decrypting the encrypted data in the secure data area according to a target key corresponding to a key configuration field in the parameter configuration area and a target encryption algorithm corresponding to the algorithm configuration field to obtain decrypted secure data if the data in the secure data area is encrypted; and sending the data information in the locally stored random data area, the parameter configuration area and the latch state configuration area, and the decrypted safety data to the system external module through a local interface output module.

Further, the embodiment of the present application also discloses an electronic device, which is shown in fig. 10, and the content in the drawing cannot be considered as any limitation to the application scope.

Fig. 10 is a schematic structural diagram of an electronic device 20 according to an embodiment of the present disclosure. The electronic device 20 may specifically include: at least one processor 21, at least one memory 22, a power supply 23, a communication interface 24, an input output interface 25, and a communication bus 26. Wherein, the memory 22 is used for storing a computer program, and the computer program is loaded and executed by the processor 21 to implement the relevant steps in the OTP memory data protection method disclosed in any of the foregoing embodiments.

In this embodiment, the power supply 23 is configured to provide a working voltage for each hardware device on the electronic device 20; the communication interface 24 can create a data transmission channel between the electronic device 20 and an external device, and a communication protocol followed by the communication interface is any communication protocol applicable to the technical solution of the present application, and is not specifically limited herein; the input/output interface 25 is configured to obtain external input data or output data to the outside, and a specific interface type thereof may be selected according to specific application requirements, which is not specifically limited herein.

In addition, the storage 22 is used as a carrier for resource storage, and may be a read-only memory, a random access memory, a magnetic disk or an optical disk, etc., the resources stored thereon include an operating system 221, a computer program 222, data 223 including security data to be encrypted, etc., and the storage may be a transient storage or a permanent storage.

The operating system 221 is used for managing and controlling each hardware device and the computer program 222 on the electronic device 20, so as to realize the operation and processing of the mass data 223 in the memory 22 by the processor 21, and may be Windows Server, Netware, Unix, Linux, and the like. The computer program 222 may further include a computer program that can be used to perform other specific tasks in addition to the computer program that can be used to perform the OTP memory data protection method disclosed in any of the foregoing embodiments and executed by the electronic device 20.

Further, an embodiment of the present application further discloses a computer storage medium, where computer-executable instructions are stored in the computer storage medium, and when the computer-executable instructions are loaded and executed by a processor, the steps of the method for protecting data in an OTP memory disclosed in any of the foregoing embodiments are implemented.

The embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same or similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.

The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.

Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.

The OTP memory data protection method, apparatus, device and medium provided by the present invention are described in detail above, and a specific example is applied in the present disclosure to illustrate the principle and the implementation of the present invention, and the description of the above embodiment is only used to help understand the method and the core idea of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.