CN111199023A - Key system and decryption method of MCU program - Google Patents

Key system and decryption method of MCU program Download PDF

Info

Publication number
CN111199023A
CN111199023A CN201911340886.3A CN201911340886A CN111199023A CN 111199023 A CN111199023 A CN 111199023A CN 201911340886 A CN201911340886 A CN 201911340886A CN 111199023 A CN111199023 A CN 111199023A
Authority
CN
China
Prior art keywords
key
module
preset
register
input
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201911340886.3A
Other languages
Chinese (zh)
Inventor
李成蹊
李石
秦岭
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Chipways Semiconductor Co ltd
Original Assignee
Shanghai Chipways Semiconductor Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Chipways Semiconductor Co ltd filed Critical Shanghai Chipways Semiconductor Co ltd
Priority to CN201911340886.3A priority Critical patent/CN111199023A/en
Publication of CN111199023A publication Critical patent/CN111199023A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Technology Law (AREA)
  • Multimedia (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to the technical field of a key system of a chip, in particular to a key system of an MCU program, which comprises the following components: the input/output module is used for inputting an access key and reading state information; the storage module is used for storing programs and preset keys; the register module is used for matching the access key with a preset key; the first execution module is used for carrying out encryption operation on a preset key and an access key; and the second execution module decrypts the program of the MCU when the registering module shows that the access key is matched with the preset key, and erases all data in the storage module when the registering module shows that the access key is not matched with the preset key and the accumulated number of times of mismatching reaches a preset number. Has the advantages that: the method can avoid carrying out whole-chip erasing on the FLASH, so that the development and debugging process becomes quicker and more convenient, meanwhile, the security of the secret key can be ensured, and the possibility of cracking the secret key is greatly reduced.

Description

Key system and decryption method of MCU program
Technical Field
The invention relates to the technical field of key systems of chips, in particular to a key system and a decryption method of an MCU program.
Background
The MCU (Micro-controller unit, Micro control unit) is a chip integrated with various functional modules, and a user can develop the MCU according to his/her own needs by purchasing the MCU and combining with the functional modules of the MCU. A program written by a developer is stored in a FLASH (nonvolatile memory), and a part of the program is also stored in an SRAM (Static Random-access memory). For developers, the written programs have extremely high value, and are particularly reflected on algorithms of some control classes, such as motor control, configuration of communication modules and the like. Therefore, in order to protect intellectual property of developers, a common chip has an encryption mode, after the chip is encrypted, a person using the chip cannot read data from the FLASH and write the data, the chip can be executed according to a program sequence predetermined by the developers, and only after the chip is decrypted, the program of the chip can be debugged.
The existing decryption methods include the following: (1) erasing FLASH decryption, wherein erasing FLASH is to erase the FLASH in its entirety, so that programs or data stored in FLASH are lost after decryption by adopting the method; (2) inputting a key for decryption, and inputting a correct key into a decryption register corresponding to the correct key in an encrypted state to finish decryption of a chip, wherein the key is written in a circuit and cannot be changed by a developer, that is, a chip design manufacturer streams once, the same key is used for all chip keys of a batch, and if decryption is required, the chip can be purchased from the chip design manufacturer, so that the key can be easily known.
Therefore, a novel key system is needed, which decrypts the chip under the condition of avoiding erasing the FLASH in a whole piece, so as to store some data required by debugging, make the development and debugging process more rapid and convenient, and simultaneously, ensure the security of the key.
Disclosure of Invention
In view of the above problems in the prior art, a key system and a decryption method for an MCU program are provided.
The specific technical scheme is as follows:
the invention includes a key system of MCU program, is used for encrypting MCU program, the said key system includes:
the input and output module is used for receiving an access key input from the outside and outputting the state information of the key system to the outside;
the storage module is connected with the input and output module and is used for storing the MCU program and a preset secret key written in advance;
the first execution module is respectively connected with the input/output module and the storage module and is used for carrying out encryption operation on the access key and the pre-written preset key;
the register module is respectively connected with the first execution module and the second execution module and is used for receiving the access key and the preset key after encryption operation, matching the access key with the preset key, and forming a matching result to be output to the second execution module;
the second execution module is respectively connected with the register module, the storage module and the input/output module, and when the matching result shows that the access key is matched with the preset key, the second execution module decrypts the program of the MCU;
when the matching result shows that the number of times that the access key is not matched with the preset key reaches a preset number, the second execution module erases all data in the storage module and outputs the state information of the key system to the external device through the input and output module.
Preferably, the register module includes a first register and a second register.
Preferably, the key system further includes a setting module, connected to the storage module, for an encryptor to set the preset key.
Preferably, the first register is a low-order 32-bit register.
Preferably, the second register is a high 31-bit register.
Preferably, the preset key is 63 bits.
Preferably, the preset number is 15.
The invention also comprises a decryption method of the MCU program, which is applied to the key system and comprises the following steps:
step S1, the preset key is called from the storage module into the first execution module, and is output to the register module after being encrypted by the first execution module;
step S2, the user inputs the access key using the input/output module, and the access key enters the first execution module to perform encryption operation and then is output to the register module;
step S3, the register module determines whether the access key matches the preset key:
if the data is matched with the data, the decryption is successful;
if not, the decryption fails, and the process goes to step S4;
step S4, automatically accumulating the number of decryption failures, and determining whether the number of decryption failures reaches the preset number:
if the preset number is not reached, returning to the step S2;
and if the preset quantity is reached, the second execution module erases all data in the storage module.
The technical scheme of the invention has the beneficial effects that: the key system and the decryption method of the MCU program are provided, which can avoid the whole erasing of the FLASH and make the development and debugging process more rapid and convenient; the design has good circuit micro-architecture, each module is only responsible for one or two independent modules, the logic interference between different layers is avoided, and the stability and the reliability of the circuit are improved; meanwhile, the security of the secret key can be ensured, and the possibility of the secret key being cracked is greatly reduced.
Drawings
Embodiments of the present invention will be described more fully with reference to the accompanying drawings. The drawings are, however, to be regarded as illustrative and explanatory only and are not restrictive of the scope of the invention.
FIG. 1 is a functional block diagram of a key system in an embodiment of the invention;
FIG. 2 is a flowchart illustrating the steps of a decryption method according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the embodiments and features of the embodiments may be combined with each other without conflict.
The invention is further described with reference to the following drawings and specific examples, which are not intended to be limiting.
The present invention includes a key system of an MCU program for encrypting the program of the MCU, as shown in fig. 1, the key system includes:
an input/output module 1, for receiving an access key inputted from the outside and outputting the status information of the key system to the outside;
the storage module 2 is connected with the input and output module 1 and is used for storing the MCU program and a preset secret key written in advance;
the first execution module 3 is respectively connected with the input/output module 1 and the storage module 2 and is used for carrying out encryption operation on the preset key and the access key;
the register module 4 is respectively connected with the first execution module 3 and the second execution module 5, and is used for receiving the access key and the preset key after the encryption operation of the first execution module 3, matching the access key with the preset key, and forming a matching result to be output to the second execution module 5;
the second execution module 5 is respectively connected with the input/output module 1, the storage module 2 and the register module 4, and when the matching result output by the register module 4 shows that the access key is matched with the preset key, the second execution module 5 decrypts the program of the MCU;
when the matching result output by the register module 4 indicates that the access key is not matched with the preset key, the number of unmatched times is accumulated, when the accumulated number of unmatched times reaches a preset number, the second execution module 5 erases all data in the storage module 2, and meanwhile, the second execution module 5 can also output the encryption state information and the erasing state information of the key system to the external device through the input and output module 1.
Specifically, in this embodiment, the storage module 2 is Flash, and the register module 4 is a register. The encryptor can set a preset key in Flash in advance, if the user needs to decrypt the program of the MCU, the access key can be input by adopting the input-output module 1, the access key is matched with the preset key by the register module 4, and the access key and the preset key can be decrypted only if the access key and the preset key are completely consistent. By adopting the mode of inputting the access key, Flash is prevented from being erased in a whole piece, data required by debugging is reserved, and the development and debugging process is more rapid and convenient.
Specifically, the preset key is 63 bits, and may be listed as 263And if the number of times of inputting the access key is not limited, the group key can be cracked by an enumeration mode. Therefore, in the present embodiment, the counter 5 is used to record the number of times of decryption failure, and when the number of times of decryption failure reaches a preset number, the second execution module 6 directly erases all data and programs stored in Flash to prevent malicious cracking. The preset number is preferably 15 times, that is, the user has 15 chances to input the access key for decryption, if 15 total matches fail, Flash full erase is caused, and the success rate of cracking attempts is 15/263The probability of successful cracking is greatly reduced, and the preset key can hardly be tried out in an enumeration mode.
The key system of the invention is a system module which supports APB (Advanced Peripheral Bus) and is written by verilog (a hardware description language), and mainly comprises an AMBA (Advanced micro controller Bus Architecture) interface, a register, a Flash interface and the like, wherein the register comprises a high 31-bit register and a low 32-bit register. The AMBA interface matches the APB bus and the system module can be mounted on the APBBridge (bus bridge).
In a preferred embodiment, the key system further includes a setting module 6 connected to the storage module 2 for the encryptor to set the preset key. The preset key in the storage module 2 can be set and changed through the setting module 6, so that the security of the key system is ensured.
In a preferred embodiment, the register module 4 comprises a first register and a second register. The first register is a low-order 32-bit register and the second register is a high-order 31-bit register.
The present invention further includes a decryption method of the MCU program, which is applied to the key system in the above embodiment, as shown in fig. 2, and includes the following steps:
step S1, the preset key is called from the storage module into the first execution module, and is output to the register module after being encrypted by the first execution module;
step S2, the user inputs the access key by the input/output module, and the access key enters the first execution module to be encrypted and then is output to the register module;
step S3, the register module determines whether the access key matches the preset key:
if the data is matched with the data, the decryption is successful;
if not, the decryption fails, and the process goes to step S4;
step S4, automatically accumulating the number of decryption failures, and determining whether the number of decryption failures reaches a preset number:
if the preset number is not reached, returning to the step S2;
and if the preset quantity is reached, the second execution module erases all data in the storage module.
Specifically, in this embodiment, when a user needs to decrypt a program of the MCU, the input/output module 1 is first adopted to input an access key, read a preset key stored in Flash, and triggered by an internal enable signal, the driver register compares the externally input access key with the preset key: if the access key is successfully matched with the preset key, the encrypted signal secure is pulled from 1 to 0, and the chip decrypts; if the matching of the access key and the preset key fails, the counter is automatically added with 1, and if the matching of the input access key fails to reach 15 times, the Flash erasing signal is set to 1, and the data and the program in the Flash are completely erased. By adopting the mode of inputting the access key, Flash is prevented from being erased in a whole piece, data required by debugging is reserved, and the development and debugging process is more rapid and convenient.
Specifically, the preset key is 63 bits, and may be listed as 263And if the number of times of inputting the access key is not limited, the group key can be cracked by an enumeration mode. Therefore, in this embodiment, the counter 5 is used to record the number of times of decryption failure, each time the register 4 determines that matching is unsuccessful, the counter is incremented by 1, and when the accumulated number of counters reaches a preset number, the second execution module 5 directly erases all data and programs stored in Flash to prevent malicious cracking. The preset number is preferably 15 times, that is, the user has 15 chances to input the access key for decryption, if 15 total matches fail, Flash full erase is caused, and the success rate of cracking attempts is 15/263The probability of successful cracking is greatly reduced, and the preset key can hardly be tried out in an enumeration mode.
The technical scheme of the invention has the beneficial effects that: the key system and the decryption method of the MCU program are provided, which can avoid the whole erasing of the FLASH and make the development and debugging process more rapid and convenient; the design has good circuit micro-architecture, each module is only responsible for one or two independent modules, the logic interference between different layers is avoided, and the stability and the reliability of the circuit are improved; meanwhile, the security of the secret key can be ensured, and the possibility of the secret key being cracked is greatly reduced.
While the invention has been described with reference to a preferred embodiment, it will be understood by those skilled in the art that various changes in form and detail may be made therein without departing from the spirit and scope of the invention.

Claims (8)

1. A key system of an MCU program, configured to encrypt the MCU program, the key system comprising:
the input and output module is used for receiving an access key input from the outside and outputting the state information of the key system to the outside;
the storage module is connected with the input and output module and is used for storing the MCU program and a preset secret key written in advance;
the first execution module is respectively connected with the input/output module and the storage module and is used for carrying out encryption operation on the access key and the preset key;
the register module is respectively connected with the first execution module and the second execution module and is used for receiving the access key and the preset key after encryption operation, matching the access key with the preset key, and forming a matching result to be output to the second execution module;
the second execution module is respectively connected with the register module, the storage module and the input/output module, and when the matching result shows that the access key is matched with the preset key, the second execution module decrypts the MCU program;
when the matching result shows that the number of times that the access key is not matched with the preset key reaches a preset number, the second execution module erases all data in the storage module and outputs the state information of the key system to the external device through the input and output module.
2. The key system of claim 1, wherein the register module comprises a first register and a second register.
3. The key system of claim 1, further comprising a setting module, coupled to the storage module, for the encryptor to set the predetermined key.
4. The key system of claim 2, wherein the first register is a low-order 32-bit register.
5. The key system of claim 2, wherein the second register is a high 31-bit register.
6. The key system of claim 1, wherein the pre-defined key is 63 bits.
7. The key system of claim 1, wherein the predetermined number is 15.
8. A decryption method of an MCU program, applied to the key system according to any one of claims 1 to 7, comprising the steps of:
step S1, the preset key is called from the storage module into the first execution module, and is output to the register module after being encrypted by the first execution module;
step S2, the user inputs the access key using the input/output module, and the access key enters the first execution module to perform encryption operation and then is output to the register module;
step S3, the register module determines whether the access key matches the preset key:
if the data is matched with the data, the decryption is successful;
if not, the decryption fails, and the process goes to step S4;
step S4, automatically accumulating the number of decryption failures, and determining whether the number of decryption failures reaches the preset number:
if the preset number is not reached, returning to the step S2;
and if the preset quantity is reached, the second execution module erases all data in the storage module.
CN201911340886.3A 2019-12-23 2019-12-23 Key system and decryption method of MCU program Pending CN111199023A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911340886.3A CN111199023A (en) 2019-12-23 2019-12-23 Key system and decryption method of MCU program

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911340886.3A CN111199023A (en) 2019-12-23 2019-12-23 Key system and decryption method of MCU program

Publications (1)

Publication Number Publication Date
CN111199023A true CN111199023A (en) 2020-05-26

Family

ID=70747051

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911340886.3A Pending CN111199023A (en) 2019-12-23 2019-12-23 Key system and decryption method of MCU program

Country Status (1)

Country Link
CN (1) CN111199023A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112738219A (en) * 2020-12-28 2021-04-30 中国第一汽车股份有限公司 Program running method, program running device, vehicle and storage medium
CN113722732A (en) * 2021-08-26 2021-11-30 安徽敏矽微电子有限公司 2 debugging encryption and decryption security protection system on line
CN116756781A (en) * 2023-08-23 2023-09-15 菁音核创科技(厦门)有限公司 Encryption protection method, device and equipment for chip and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104346585A (en) * 2013-07-23 2015-02-11 航天信息股份有限公司 Portable storage device encryption system and encryption method
CN105677586A (en) * 2016-01-07 2016-06-15 珠海格力电器股份有限公司 Access right control method and device of MCU flash memory
CN106934305A (en) * 2015-12-31 2017-07-07 北京兆易创新科技股份有限公司 A kind of embedded system
US20170277871A1 (en) * 2014-12-30 2017-09-28 Gigadevice Semiconductor (Beijing) Inc. Information protection method and device based on a plurality of sub-areas for mcu chip

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104346585A (en) * 2013-07-23 2015-02-11 航天信息股份有限公司 Portable storage device encryption system and encryption method
US20170277871A1 (en) * 2014-12-30 2017-09-28 Gigadevice Semiconductor (Beijing) Inc. Information protection method and device based on a plurality of sub-areas for mcu chip
CN106934305A (en) * 2015-12-31 2017-07-07 北京兆易创新科技股份有限公司 A kind of embedded system
CN105677586A (en) * 2016-01-07 2016-06-15 珠海格力电器股份有限公司 Access right control method and device of MCU flash memory

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112738219A (en) * 2020-12-28 2021-04-30 中国第一汽车股份有限公司 Program running method, program running device, vehicle and storage medium
CN112738219B (en) * 2020-12-28 2022-06-10 中国第一汽车股份有限公司 Program running method, program running device, vehicle and storage medium
CN113722732A (en) * 2021-08-26 2021-11-30 安徽敏矽微电子有限公司 2 debugging encryption and decryption security protection system on line
CN113722732B (en) * 2021-08-26 2024-02-23 安徽敏矽微电子有限公司 2-line on-chip debugging encryption and decryption safety protection system
CN116756781A (en) * 2023-08-23 2023-09-15 菁音核创科技(厦门)有限公司 Encryption protection method, device and equipment for chip and storage medium
CN116756781B (en) * 2023-08-23 2023-11-14 菁音核创科技(厦门)有限公司 Encryption protection method, device and equipment for chip and storage medium

Similar Documents

Publication Publication Date Title
US20190384939A1 (en) Data Protection Device and Method and Storage Controller
CN110502932B (en) Processing system, related integrated circuit and method
US5594793A (en) Integrated circuit containing a protected memory and secured system using said integrated circuit
US7086087B1 (en) Information processing device, card device and information processing system
CN111199023A (en) Key system and decryption method of MCU program
US20150106558A1 (en) Semiconductor device and data processing method
EP2702526B1 (en) Method and apparatus for securing programming data of a programmable device
US20040034823A1 (en) Embedded sequence checking
US9304943B2 (en) Processor system and control method thereof
US9164927B2 (en) Integrated circuit and memory data protection apparatus and methods thereof
JP2000122931A (en) Digital integrated circuit
JPH08115266A (en) Smart card
US11886717B2 (en) Interface for revision-limited memory
US8397081B2 (en) Device and method for securing software
US11582033B2 (en) Cryptographic management of lifecycle states
US11816039B2 (en) Multi-mode protected memory
EP3091468B1 (en) Integrated circuit access
US20040186947A1 (en) Access control system for nonvolatile memory
US20050268162A1 (en) Method and system for alternatively activating a replaceable hardware unit
CA2505606C (en) Method and system for alternatively activating a replaceable hardware unit
US5657444A (en) Microprocessor with secure programmable read only memory circuit
US20220317184A1 (en) Secured debug
US11080020B2 (en) Information processing device and random number generating method
US11809566B2 (en) Methods for fast, secure boot from nonvolatile memory device and corresponding systems and devices for the same
US20140208125A1 (en) Encryption and decryption device for portable storage device and encryption and decryption method thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20200526

RJ01 Rejection of invention patent application after publication