CN111414611B - Chip verification method and system - Google Patents
Chip verification method and system Download PDFInfo
- Publication number
- CN111414611B CN111414611B CN202010186942.9A CN202010186942A CN111414611B CN 111414611 B CN111414611 B CN 111414611B CN 202010186942 A CN202010186942 A CN 202010186942A CN 111414611 B CN111414611 B CN 111414611B
- Authority
- CN
- China
- Prior art keywords
- chip
- sequence
- identifier
- segment
- verified
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 71
- 238000012795 verification Methods 0.000 title abstract description 47
- 230000011218 segmentation Effects 0.000 claims description 11
- 238000010586 diagram Methods 0.000 description 8
- 230000006870 function Effects 0.000 description 7
- 230000011664 signaling Effects 0.000 description 5
- 238000003860 storage Methods 0.000 description 4
- 230000003068 static effect Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000018109 developmental process Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 238000009776 industrial production Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000011112 process operation Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 238000000638 solvent extraction Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/73—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by creating or determining hardware identification, e.g. serial numbers
Abstract
The invention provides a chip verification method and a chip verification system, which are characterized in that an encryption reference chip identifier is prestored in target equipment, and after the chip identifier corresponding to a chip to be verified is obtained, the prestored encryption reference chip identifier is obtained by encrypting the identifier of the reference chip corresponding to the target equipment by a server through a random number sequence; decrypting the encrypted reference chip identifier to obtain a decrypted reference chip identifier; and verifying the chip to be verified by comparing whether the chip identifier to be verified is consistent with the decrypted reference chip identifier. The invention can verify the validity of the chip to be verified by utilizing the reference chip identifier pre-stored in the target equipment, and the reference chip identifier pre-stored in the target equipment in the invention is in an encryption state, thereby ensuring the safety of the reference chip identifier and further ensuring the accuracy of verifying the validity of the chip to be verified.
Description
Technical Field
The present invention relates to the field of data processing technologies, and in particular, to a chip verification method and system.
Background
With the continued development of electronic technology, more and more embedded devices are being applied to life and production. When the equipment leaves the factory, according to the performance of the equipment and the functions of the processor chips, the processor chips corresponding to the equipment are configured for each equipment, so in order to improve the reliability and the safety of the equipment in the operation process, the requirement for verifying the legality of the processor chips to be operated in the equipment is proposed before the equipment is operated.
Disclosure of Invention
In view of this, the present invention provides a chip verification method and system to verify the legitimacy of a processor chip to be run in a device before the device is run.
In order to achieve the above purpose, the present invention provides the following technical solutions:
a chip authentication method, the method being applied to a target device, the method comprising:
acquiring a chip identifier to be verified corresponding to the chip to be verified;
the method comprises the steps of obtaining a prestored encryption reference chip identifier, wherein the encryption reference chip identifier is obtained by encrypting an identifier of a reference chip corresponding to target equipment by a server through a random number sequence;
decrypting the encrypted reference chip identifier to obtain a decrypted reference chip identifier;
And verifying the chip to be verified by comparing whether the chip identifier to be verified is consistent with the decrypted reference chip identifier.
Preferably, in the case that the encrypted reference chip identifier is an encrypted chip identifier sequence, the decrypting the encrypted reference chip identifier to obtain a decrypted reference chip identifier includes:
sequentially retrieving a segmentation sequence of at least one section of memory chip identifier from the encryption chip identifier sequence according to a preset decryption rule;
extracting the segment chip identification stored in each segment of segment sequence;
splicing the segment chip identifiers corresponding to each segment of the segment sequence according to the index value of the segment sequence, and taking the chip identifiers obtained by splicing as the decrypted reference chip identifiers.
Preferably, the step of sequentially retrieving the segment sequence of at least one segment of the memory chip identifier from the encrypted chip identifier sequence according to a preset decryption rule includes:
sequentially determining offset distances between at least one segment sequence starting zone bit and a segment sequence corresponding to the segment sequence starting zone bit from the encryption chip identification sequence according to a preset decryption rule;
Sequentially determining the index position of at least one segment sequence start zone bit from the encryption chip identification sequence according to a preset decryption rule;
determining the index position of a segment sequence corresponding to each segment sequence starting zone bit by utilizing the index position of at least one segment sequence starting zone bit and the offset distance between the at least one segment sequence starting zone bit and the corresponding segment sequence;
the indexing position of the at least one segment sequence is utilized to locate the at least one segment sequence.
Preferably, the verifying the chip to be verified by comparing whether the chip identifier to be verified is consistent with the decrypted reference chip identifier includes:
comparing whether the chip identifier to be verified is consistent with the decrypted reference chip identifier;
under the condition that the chip identification to be verified is consistent with the decrypted reference chip identification, determining that the chip to be verified is legal;
and under the condition that the chip identification to be verified is inconsistent with the decrypted reference chip identification, determining that the chip to be verified is illegal.
A chip authentication method, the method being applied to a server, the method comprising:
Receiving an identification of a reference chip from a target device;
encrypting the identification of the reference chip to obtain an encrypted reference chip identification;
transmitting the encrypted reference chip identifier to target equipment, so that the target equipment decrypts the encrypted reference chip identifier to obtain a decrypted reference chip identifier; and comparing whether the chip identification to be verified is consistent with the decrypted reference chip identification, and verifying the chip to be verified.
Preferably, when the identifier of the reference chip is a reference chip identifier sequence, the encrypting the identifier of the reference chip to obtain an encrypted reference chip identifier includes:
segmenting the reference chip identification sequence according to a preset encryption rule to obtain a preset number of segmented chip identifications;
setting the preset number of segmented chip identifiers in a random number sequence to obtain an encrypted chip identifier sequence, and taking the encrypted chip identifier sequence as an encrypted reference chip identifier.
Preferably, the setting the preset number of segment chip identifiers in a random number sequence to obtain an encrypted chip identifier sequence, and taking the encrypted chip identifier sequence as an encrypted reference chip identifier includes:
Determining a segment sequence corresponding to each segment chip identifier in the random number sequence, wherein each segment sequence at least meets the size requirement of the segment chip identifier corresponding to the segment sequence;
and modifying the original random number in the corresponding segmented sequence in the random number sequence according to each segmented chip identifier, taking the random number sequence modified by the random number as an encrypted chip identifier sequence, and taking the encrypted chip identifier sequence as an encrypted reference chip identifier.
Preferably, the method further comprises:
setting the start zone bit of the segment sequence corresponding to each segment sequence in the random number sequence, and setting the offset distance between the start zone bit of the segment sequence and the segment sequence corresponding to the start zone bit of the segment sequence in the random number sequence.
A chip authentication system, the system comprising: target equipment and a server;
the target device is used for executing the chip verification method at one side of the target device;
the server is used for executing the chip verification method at the server side.
Compared with the prior art, the chip verification method and the system provided by the invention have the advantages that the encrypted reference chip identifier is prestored in the target equipment, after the chip identifier to be verified corresponding to the chip to be verified is obtained, the prestored encrypted reference chip identifier is obtained by encrypting the identifier of the reference chip corresponding to the target equipment by the server through the random number sequence; decrypting the encrypted reference chip identifier to obtain a decrypted reference chip identifier; and verifying the chip to be verified by comparing whether the chip identifier to be verified is consistent with the decrypted reference chip identifier. That is, the embodiment of the invention can verify the validity of the chip to be verified by using the reference chip identifier pre-stored in the target device, and the reference chip identifier pre-stored in the target device in the embodiment of the invention is in an encryption state, so that the safety of the reference chip identifier is ensured, and the accuracy of verifying the validity of the chip to be verified is further ensured.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only embodiments of the present invention, and that other drawings can be obtained according to the provided drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic structural diagram of a chip verification system according to an embodiment of the present invention;
fig. 2 is a signaling flow chart of a chip verification method according to an embodiment of the present invention;
FIG. 3 is a flowchart of a chip verification method according to an embodiment of the present invention;
FIG. 4 is a flowchart of a method for decrypting the encrypted reference chip identifier to obtain a decrypted reference chip identifier according to an embodiment of the present invention;
FIG. 5 is another flowchart of a chip verification method according to an embodiment of the present invention;
FIG. 6 is a schematic diagram of a random number sequence provided by an embodiment of the present invention;
FIG. 7 is a diagram illustrating a chip verification device according to an embodiment of the present invention;
fig. 8 is a block diagram of another chip verification apparatus according to an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
When the equipment leaves the factory, according to the performance of the equipment and the functions of the processor chips, the processor chips corresponding to the equipment are configured for each equipment, the processor chips corresponding to each equipment correspond to the performance of the equipment and the functions to be realized by the equipment, and if the processor chips in the equipment are installed incorrectly, the normal operation of the chips can be influenced. On the other hand, if the device is mounted with a processor chip with an illegal function, the processor chip with the illegal function may steal various data generated in the running process of the device in the running process of the chip, which has a certain influence on the running safety of the device. In order to improve the reliability and security of the device during operation, a need has arisen to verify the legitimacy of the processor chip to be operated in the device before the device is operated.
In order to solve the technical problems, the embodiment of the invention provides a chip verification method, which is characterized in that an encryption reference chip identifier is prestored in target equipment, and after the chip identifier to be verified corresponding to a chip to be verified is obtained, the prestored encryption reference chip identifier is obtained by encrypting the identifier of a reference chip corresponding to the target equipment by a server through a random number sequence; decrypting the encrypted reference chip identifier to obtain a decrypted reference chip identifier; and verifying the chip to be verified by comparing whether the chip identifier to be verified is consistent with the decrypted reference chip identifier. That is, the embodiment of the invention can verify the validity of the chip to be verified by using the reference chip identifier pre-stored in the target device, and the reference chip identifier pre-stored in the target device in the embodiment of the invention is in an encryption state, so that the safety of the reference chip identifier is ensured, and the accuracy of verifying the validity of the chip to be verified is further ensured.
Fig. 1 is a schematic structural diagram of a chip verification system according to an embodiment of the present invention, and a chip verification method according to an embodiment of the present invention may be implemented by the chip verification system; referring to fig. 1, the chip authentication system may include: a target device 10 and a server 20.
The target device 10 may be any type of device in industrial production, and the embodiment of the present invention is not limited in particular.
The server 20 may be a cluster server having a function of communicating with a target device via a network.
Based on the chip verification system shown in fig. 1, fig. 2 shows a signaling flow chart of a chip verification method provided by an embodiment of the present invention, and referring to fig. 2, the flow may include:
step S10, the target equipment sends the identification of the reference chip to a server;
the target device in the specific embodiment of the invention can be connected with a PC running a desktop operating system Windows/Linux, and the identification of the reference chip is transmitted to the server through the PC.
S11, the server encrypts the identification of the reference chip to obtain an encrypted reference chip identification;
and the server loads the encryption static library, invokes the encryption API from the encryption static library, and encrypts the identification of the reference chip by utilizing the encryption API to obtain the identification of the encryption reference chip.
Step S12, the server sends the encryption reference chip identification to the target equipment;
step S13, the target equipment acquires a chip identifier to be verified, which corresponds to the chip to be verified;
Step S14, the target equipment acquires a prestored encryption reference chip identifier;
the encrypted reference chip identifier is obtained by encrypting the identifier of the reference chip corresponding to the target device by the server through a random number sequence.
S15, the target equipment decrypts the encrypted reference chip identifier to obtain a decrypted reference chip identifier;
under the condition that the chip identifier to be verified needs to be verified, the target device invokes a decryption API from the decryption static library, and decrypts the encrypted reference chip identifier by using the decryption API to obtain the decrypted reference chip identifier.
And S16, the target equipment verifies the chip to be verified by comparing whether the chip identifier to be verified is consistent with the decrypted reference chip identifier.
According to the embodiment of the invention, the identification of the reference chip is encrypted through the server, so that the encrypted reference chip identification is obtained; the method comprises the steps that an encryption reference chip identifier is sent to target equipment, so that the target equipment stores the encryption reference chip identifier in a memory in advance, after the chip identifier to be verified corresponding to a chip to be verified is obtained, the prestored encryption reference chip identifier is obtained from the memory, and the encryption reference chip identifier is obtained by encrypting the identifier of a reference chip corresponding to the target equipment by a server through a random number sequence; decrypting the encrypted reference chip identifier to obtain a decrypted reference chip identifier; and verifying the chip to be verified by comparing whether the chip identifier to be verified is consistent with the decrypted reference chip identifier. That is, the embodiment of the invention can verify the validity of the chip to be verified by using the reference chip identifier pre-stored in the target device, and the reference chip identifier pre-stored in the target device in the embodiment of the invention is in an encryption state, so that the safety of the reference chip identifier is ensured, and the accuracy of verifying the validity of the chip to be verified is further ensured.
The chip verification method provided by the embodiment of the invention is introduced from the perspective of the target device, and the chip verification method described below can be correspondingly referred to the signaling flow content described above.
Fig. 3 is a flowchart of a chip verification method according to an embodiment of the present invention, where the method may be applied to the target device, and referring to fig. 3, the method may include:
step S100, obtaining a chip identifier to be verified, which corresponds to the chip to be verified;
it should be noted that, for the processor chip in the target device, there is an identifier for uniquely identifying the chip, the chip identifiers of different chips are different, and the identifier of the chip to be verified is an identifier capable of uniquely identifying the chip to be verified. Specifically, the chip identifier to be verified may be chip DNA to be verified. The chip identifier to be verified may be an indefinite length sequence composed of any character, for example, an indefinite length sequence composed of only numbers, or an indefinite length sequence composed of only letters, or an indefinite length sequence composed of a combination of numbers and letters, which is not particularly limited in the embodiment of the present invention.
Step S110, obtaining a prestored encryption reference chip identifier;
The encrypted reference chip identifier is obtained by encrypting the identifier of the reference chip corresponding to the target device by the server through a random number sequence.
The embodiment of the invention stores the encryption reference chip identifier in the memory (particularly a nonvolatile memory) in the target equipment in advance, extracts the encryption reference chip identifier from the memory when the chip authentication is required, and authenticates the legitimacy of the chip identifier to be authenticated by using the encryption reference chip identifier.
Step S120, decrypting the encrypted reference chip identifier to obtain a decrypted reference chip identifier;
because the reference chip identifier is encrypted by the server according to the preset encryption rule, correspondingly, when the target device decrypts the encrypted reference chip identifier, the encrypted reference chip identifier needs to be decrypted according to the decryption rule corresponding to the encryption rule, so as to obtain the decrypted reference chip identifier, wherein the decryption rule is that the server synchronously sends the encrypted reference chip identifier to the target device when the server sends the encrypted reference chip identifier to the target device, and each encrypted reference chip identifier corresponds to one decryption rule.
And step S130, verifying the chip to be verified by comparing whether the chip identifier to be verified is consistent with the decrypted reference chip identifier.
Specifically, the embodiment of the invention compares whether the chip identifier to be verified is consistent with the decrypted reference chip identifier; under the condition that the chip identification to be verified is consistent with the decrypted reference chip identification, determining that the chip to be verified is legal; and under the condition that the chip identification to be verified is inconsistent with the decrypted reference chip identification, determining that the chip to be verified is illegal.
After determining that the chip to be verified is legal, triggering the operation of the chip to be verified; after the chip to be verified is determined to be illegal, triggering the chip to be verified to exit operation, and prompting the user of prompt information that the chip validity verification is not passed.
The chip to be verified is legal, namely the chip to be verified is a legal chip corresponding to the target equipment; and the chip to be verified is illegal, namely the chip to be verified is not a legal chip corresponding to the target equipment.
According to the embodiment of the invention, the identification of the reference chip is encrypted through the server, so that the encrypted reference chip identification is obtained; the method comprises the steps that an encryption reference chip identifier is sent to target equipment, so that the target equipment stores the encryption reference chip identifier in a memory in advance, after the chip identifier to be verified corresponding to a chip to be verified is obtained, the prestored encryption reference chip identifier is obtained from the memory, and the encryption reference chip identifier is obtained by encrypting the identifier of a reference chip corresponding to the target equipment by a server through a random number sequence; decrypting the encrypted reference chip identifier to obtain a decrypted reference chip identifier; and verifying the chip to be verified by comparing whether the chip identifier to be verified is consistent with the decrypted reference chip identifier. That is, the embodiment of the invention can verify the validity of the chip to be verified by using the reference chip identifier pre-stored in the target device, and the reference chip identifier pre-stored in the target device in the embodiment of the invention is in an encryption state, so that the safety of the reference chip identifier is ensured, and the accuracy of verifying the validity of the chip to be verified is further ensured. Therefore, when designing the embedded application program, the chip verification program disclosed by the embodiment of the invention needs to be added into key code blocks (such as important functions, algorithm entries and the like), so that the legality of the operation of the embedded application program is ensured.
Preferably, in the case where the encrypted reference chip identifier is an encrypted chip identifier sequence, fig. 4 shows a flowchart of a method for decrypting the encrypted reference chip identifier to obtain a decrypted reference chip identifier, and referring to fig. 4, the method may include:
step 200, sequentially retrieving a segment sequence of at least one segment of memory chip identifier from the encrypted chip identifier sequence according to a preset decryption rule;
in the embodiment of the invention, after the reference chip identification sequence is segmented according to the preset segmentation rule, the segmented reference chip identification sequence is obtained, and the segmented reference chip identification sequence is randomly dispersed and arranged in a segment of random number sequence, so that the encrypted chip identification sequence is obtained. Therefore, at least one segment sequence storing the identification of the reference chip needs to be retrieved from the encrypted chip identification sequence during decryption to recover the reference chip identification from the segment sequence.
The decryption rule in the embodiment of the invention corresponds to an encryption rule adopted by the server for encrypting the reference chip identifier.
Specifically, in the embodiment of the present invention, according to a preset decryption rule, an offset distance between at least one segment sequence start flag bit and a segment sequence corresponding to the segment sequence start flag bit may be sequentially determined from the encrypted chip identification sequence; sequentially determining the index position of at least one segment sequence start zone bit from the encryption chip identification sequence according to a preset decryption rule; determining the index position of a segment sequence corresponding to each segment sequence starting zone bit by utilizing the index position of at least one segment sequence starting zone bit and the offset distance between the at least one segment sequence starting zone bit and the corresponding segment sequence; the indexing position of the at least one segment sequence is utilized to locate the at least one segment sequence.
It should be noted that, the offset distance between the start flag bit of the segment sequence and the segment sequence corresponding to the start flag bit of the segment sequence is stored in a certain position in the encrypted chip identification sequence, and the position information of the position is also stored in the encrypted chip identification sequence, so that the embodiment of the invention can determine and recover the offset distance from the random number corresponding to the position by determining the position information corresponding to the position storing the offset distance in the encrypted chip identification sequence, and then positioning the position information to the position storing the offset distance in the encrypted chip identification sequence.
The method and the device have the advantages that the index position of the starting zone bit of the segmented sequence in the random number sequence is determined, and the offset distance between the starting zone bit of the segmented sequence and a segmented sequence corresponding to the starting zone bit of the segmented sequence is utilized to obtain the index position of the segmented sequence.
Step S210, extracting the segment chip identification stored in each segment of segment sequence;
since the segment chip identifier is stored in the segment sequence, in order to improve encryption security, a spoofing byte may also be stored in the segment sequence, and a storage location of the segment chip identifier in the segment sequence may be preset in a server, for example: the high 8 bytes in the segment sequence store segment chip identification, the low 8 bytes store spoofed bytes, etc., and embodiments of the present invention are not particularly limited.
And step S220, splicing the segmented chip identifiers corresponding to each segmented sequence according to the index value of the segmented sequence, and taking the chip identifiers obtained by splicing as decrypted reference chip identifiers.
According to the embodiment of the invention, the segmented chip identifiers extracted from each segmented sequence can be spliced according to the sequence from small to large of the index value of the segmented sequence or according to the sequence from large to small of the index value of the segmented sequence, and the spliced chip identifiers are used as the decrypted reference chip identifiers. The specific splicing sequence may be preset in the server, and the embodiment of the present invention is not limited specifically.
The embodiment of the invention stores the encrypted reference chip identifier in the target device, the encrypted reference chip identifier is obtained by encrypting the identifier of the reference chip corresponding to the target device by the server by utilizing the random number sequence, the security of the reference chip identifier is improved, the reference chip identifier is prevented from being tampered, the encrypted reference chip identifier is decrypted only when the chip identifier to be verified is required to be verified, the decrypted reference chip identifier is obtained, the decrypted reference chip identifier is used for verifying the chip identifier to be verified, and the validity verification accuracy of the chip to be verified is further ensured. The chip verification method provided by the embodiment of the invention is introduced from the perspective of the server, and the chip verification method described below can be correspondingly referred to the signaling flow content described above and the chip verification method described by the perspective of the target device.
Fig. 5 is another flowchart of a chip verification method according to an embodiment of the present invention, where the method may be applied to a server, and the method needs to be applied in combination with the chip verification method from the perspective of the target device described above to implement chip verification. In the embodiment of the invention, the server is mainly used for encrypting the identifier of the reference chip, and the encrypting process is the inverse process of the decrypting process, and the specific contents can be correspondingly referred to each other. The encryption process may be performed before the target device leaves the factory, and referring to fig. 5, the method may include:
step S300, receiving the identification of the reference chip from the target equipment;
step S310, encrypting the identification of the reference chip to obtain an encrypted reference chip identification;
the embodiment of the invention mainly comprises the steps of segmenting the identification of the reference chip and dispersing and hiding the segmented reference chip identification into a random number sequence to form the encrypted reference chip identification.
When the reference chip identifier is a character (number, letter, special character, etc.), then the character may be hidden in a random number sequence to form an encrypted reference chip identifier.
Encrypting the identification of the reference chip in the case that the identification of the reference chip is a reference chip identification sequence (at least consisting of two characters), the obtaining of the encrypted reference chip identification comprises:
Segmenting the reference chip identification sequence according to a preset encryption rule to obtain a preset number of segmented chip identifications; setting the preset number of segmented chip identifiers in a random number sequence to obtain an encrypted chip identifier sequence, and taking the encrypted chip identifier sequence as an encrypted reference chip identifier.
Specifically, in the embodiment of the present invention, the reference chip identifier sequence may be segmented with equal length according to the length of the reference chip identifier sequence, and the reference chip identifier sequence may also be segmented with unequal length.
The embodiment of the invention mainly replaces the random number at a certain position in the random number sequence with each segment of segmented chip identification, thereby achieving the purpose of hiding the reference chip identification sequence in the random number sequence and obtaining the encrypted chip identification sequence.
Based on this, specifically, the preset number of segment chip identifiers are set in a random number sequence to obtain an encrypted chip identifier sequence, and the step of using the encrypted chip identifier sequence as an encrypted reference chip identifier includes:
determining a segment sequence corresponding to each segment chip identifier in the random number sequence, wherein each segment sequence at least meets the size requirement of the segment chip identifier corresponding to the segment sequence; and modifying the original random number in the corresponding segmented sequence in the random number sequence according to each segmented chip identifier, taking the random number sequence modified by the random number as an encrypted chip identifier sequence, and taking the encrypted chip identifier sequence as an encrypted reference chip identifier.
According to the embodiment of the invention, the segmentation sequence corresponding to each segmentation chip identifier can be found in the random number sequence according to a preset rule, the length of the segmentation sequence is greater than or equal to that of the segmentation chip identifier corresponding to the segmentation sequence, and the random number at the corresponding position in the corresponding segmentation sequence is replaced by each segmentation chip identifier, so that the final encryption chip identifier sequence is obtained.
Optionally, in order to further improve the security of the reference chip identifier, in the case that the length of the segment sequence is greater than the length of the segment chip identifier corresponding to the segment sequence, after the segment chip identifier is replaced by the random number at the corresponding position in the segment sequence, the random numbers at the rest positions in the segment sequence may be set to be preset spoofed bytes, thereby increasing the complexity of the encryption algorithm.
In order to accurately store the position of each segment sequence in the encryption chip identification sequence, so that the segment sequence can be accurately positioned during decryption, and the segment chip identification can be conveniently decrypted, the embodiment of the invention further comprises the following steps:
setting the start zone bit of the segment sequence corresponding to each segment sequence in the random number sequence, and setting the offset distance between the start zone bit of the segment sequence and the segment sequence corresponding to the start zone bit of the segment sequence in the random number sequence.
Determining a first index position for storing offset distances between a segment sequence start flag bit and a segment sequence corresponding to the segment sequence start flag bit in the random number sequence; and replacing the value of the offset distance by the random value which is determined in the random number sequence and is positioned at the first index position, so that the offset distance between the starting zone bit of the segment sequence and the segment sequence corresponding to the starting zone bit of the segment sequence is stored at the first index position. Determining a second index position for storing a segment sequence start flag bit in the random number sequence; the value of the segment sequence start flag bit is replaced by the random value at the second index position determined in the random number sequence, so that the segment sequence start flag bit is stored at the second index position.
It should be noted that, in the embodiment of the present invention, a third index position for storing the position information of the first index position is further determined in the random number sequence, and the position information of the first index position is replaced by the random number value located at the third index position and determined in the random number sequence, so that the position information of the first index position is stored in the third index position; in addition, the embodiment of the invention also needs to determine a fourth index position for storing the position information of the second index position in the random number sequence, and replace the position information of the second index position by the random number value located at the fourth index position and determined in the random number sequence, so that the position information of the second index position is stored at the fourth index position.
In the decryption process, the position information of the first index position is firstly acquired at the third index position, and the position information of the first index position is positioned to the position of the first index according to the position information of the first index position, so that the information of the first index position is acquired; and then acquiring the position information of the second index position on the fourth index position, positioning the position information to the second index position according to the position information of the second index position, and further acquiring the information of the second index position.
The embodiment of the invention mainly utilizes the position of the start zone bit of the segmented sequence and the offset distance between the start zone bit of the segmented sequence and the segmented sequence corresponding to the start zone bit of the segmented sequence to position the segmented sequence.
Step S320, the encrypted reference chip identifier is sent to target equipment, so that the target equipment decrypts the encrypted reference chip identifier to obtain a decrypted reference chip identifier; and comparing whether the chip identification to be verified is consistent with the decrypted reference chip identification, and verifying the chip to be verified.
The embodiment of the invention sends the encryption reference chip identifier to the target equipment and simultaneously sends the encryption algorithm to the target equipment.
According to the encryption method, the identification of the reference chip is segmented, the segmented reference chip identification is scattered and hidden in the random number sequence to form the encrypted reference chip identification, the purpose of encrypting the identification of the reference chip is achieved, the safety of the reference chip identification is improved, the reference chip identification is prevented from being tampered, the encrypted reference chip identification is sent to the target equipment, meanwhile, an encryption algorithm is sent to the target equipment, the encrypted reference chip identification is decrypted only when the chip identification to be verified needs to be verified, the decrypted reference chip identification is obtained, the chip identification to be verified is verified by the decrypted reference chip identification, and the accuracy of verification of the validity of the chip to be verified is further guaranteed.
The encryption mode in the embodiment of the invention is a software encryption mode, does not need additional hardware support, and has the advantages of convenient use, low cost and simple process operation.
The application example of encrypting/decrypting the reference chip identifier provided by the embodiment of the invention can be as follows:
the reference chip is identified as a 64-bit length chip DNA, and is hidden in 160-bit byte random data, so that the encryption effect is achieved. A random number sequence diagram as shown with reference to fig. 6;
Encryption process:
1. firstly, the reference chip identification sequence is segmented, the 64-bit length chip DNA is divided into 3 segmented chip identifications', and the 3 segmented chip identifications are separately hidden in random data. The partitioning rules are shown in Table 1:
TABLE 1
2. Referring to the random number sequence scheme shown in fig. 6, in 160 bytes of random data, the content embedded in the portion identified by "1" shown in fig. 6 is the position information of the portion identified by "2", the portion length of the portion identified by "2" is 3 bytes, each byte indicates the offset distance between the "segment sequence start flag bit" (portion identified by 4, 5, 6 in fig. 6) and the "segment sequence" of the corresponding memory segment chip identification (portion identified by 7, 8, 9 in fig. 6), namely: the offset distance between the portion labeled "4" and the portion labeled "7", the offset distance between the portion labeled "5" and the portion labeled "8", and the offset distance between the portion labeled "6" and the portion labeled "9" in fig. 6.
3. The position information of the "segment sequence start flag bit" is given by the identification "3" part in fig. 6, the identification "3" part is 2 bytes after the identification "2" part, the length of the identification "3" part is 10 bytes, and only 5 bytes store the position information of the "segment sequence start flag bit". Specifically, the 5 bytes used for storing the related information of the "segment sequence start flag bit" may be the first 5 bytes of the "3" part, or may be the last 5 bytes of the "3" part, which is not limited in particular in the embodiment of the present invention. The method specifically adopts the first 5 bytes in the identification '3' part or the last 5 bytes in the identification '3' part, is determined by the parity of the major version number of the program running in the target equipment, and selects the first 5 bytes in the identification '3' part when the major version number of the program running in the target equipment is odd; when the major version number of the program running in the target device is even, the last 5 bytes of the "3" portion are selected.
Of the 5 bytes for storing the information about the "segment sequence start flag", the 0 th byte is an index byte (for identifying which information is stored in a specific byte of the following four bytes), and the 1 st to 4 th bytes are the position of each "segment sequence start flag" and a spoofed byte. The index values of these 4 bytes are 0, 1, 2 and 3, respectively. For example: the [1:0] bit of the index byte is an index value identifying the "4" portion; [3:2] puts an index value identifying the "5" part; [5:4] put the index value of the spoofed byte; [7:6] places an index value identifying the "6" portion.
4. Replacing the content of the segment sequence start zone bit corresponding to each segment sequence by the random number value at the position of the segment sequence start zone bit determined in the random number sequence.
5. And replacing the random number value at the position of the segment sequence determined in the random number sequence by each segment of segment chip identifier to form an encrypted chip identifier sequence.
Decryption:
1. according to a decryption algorithm, position information of a part of an identification "2" is acquired from a part of an identification sequence identification "1" of the encryption chip, so that the position of the part of the identification "2" is positioned;
2. Acquiring the offset distance between each segment sequence starting zone bit (4, 5 and 6 in fig. 6) and the corresponding segment sequence (7, 8 and 9 in fig. 6) of the storage segment chip identifier from the identifier '2'; the position of each segment sequence starting zone bit is obtained from the part of the mark '3';
3. determining the position of each segment sequence according to the position of each segment sequence start zone bit and the offset distance between each segment sequence start zone bit and the corresponding segment sequence storing segment chip identification, and extracting the segment chip identification from each segment sequence; and splicing the chip identifiers of each segment according to the index value of each segment sequence, and taking the chip identifiers obtained by splicing as decrypted reference chip identifiers.
The chip verification device provided by the embodiment of the invention is described below, and the chip verification device described below can be referred to correspondingly to the chip verification method.
Fig. 7 is a block diagram of a chip verification apparatus according to an embodiment of the present invention, where the chip verification apparatus may specifically be a target device, and referring to fig. 7, the chip verification apparatus may include:
A chip identifier to be verified obtaining unit 400, configured to obtain a chip identifier to be verified corresponding to the chip to be verified;
an encryption reference chip identifier obtaining unit 410, configured to obtain a prestored encryption reference chip identifier, where the encryption reference chip identifier is obtained by encrypting, by a server, an identifier of a reference chip corresponding to the target device using a random number sequence;
a decryption unit 420, configured to decrypt the encrypted reference chip identifier to obtain a decrypted reference chip identifier;
and the verification unit 430 is configured to verify the chip to be verified by comparing whether the chip identifier to be verified is consistent with the decrypted reference chip identifier.
In the case where the encryption reference chip identifier is an encryption chip identifier sequence, the decryption unit includes:
the segmented sequence retrieval unit is used for sequentially retrieving the segmented sequence of at least one segment of storage chip identifier from the encrypted chip identifier sequence according to a preset decryption rule;
the segment chip identification extraction unit is used for extracting the segment chip identification stored in each segment of segment sequence;
and the splicing unit is used for splicing the segmented chip identifiers corresponding to each segmented sequence according to the index value of the segmented sequence, and taking the chip identifiers obtained by splicing as decrypted reference chip identifiers.
The segment sequence retrieval unit includes:
the offset distance determining unit is used for sequentially determining the offset distance between at least one segment sequence starting zone bit and a segment sequence corresponding to the segment sequence starting zone bit from the encryption chip identification sequence according to a preset decryption rule;
the first index position determining unit is used for sequentially determining the index position of at least one segment sequence starting zone bit from the encryption chip identification sequence according to a preset decryption rule;
the second index position determining unit is used for determining the index position of a segment sequence corresponding to each segment sequence starting zone bit by utilizing the index position of at least one segment sequence starting zone bit and the offset distance between the at least one segment sequence starting zone bit and the segment sequence corresponding to the at least one segment sequence starting zone bit;
and the segment sequence positioning unit is used for positioning at least one segment of segment sequence by utilizing the index position of the at least one segment of segment sequence.
The authentication unit includes:
the verification unit subunit is used for comparing whether the chip identifier to be verified is consistent with the decrypted reference chip identifier; under the condition that the chip identification to be verified is consistent with the decrypted reference chip identification, determining that the chip to be verified is legal; and under the condition that the chip identification to be verified is inconsistent with the decrypted reference chip identification, determining that the chip to be verified is illegal.
The following describes another chip verification device provided in the embodiment of the present invention, which may be specifically a server, and the chip verification device described below may be referred to correspondingly with the content of the signaling flow and the chip verification method described in terms of the server.
Fig. 8 is another block diagram of a chip verification apparatus according to an embodiment of the present invention, referring to fig. 8, the chip verification apparatus may include:
a reference chip identification receiving unit 500 for receiving an identification of a reference chip from a target device;
an encryption unit 510, configured to encrypt the identifier of the reference chip to obtain an encrypted reference chip identifier;
an encryption reference chip identifier sending unit 520, configured to send the encryption reference chip identifier to a target device, so that the target device decrypts the encryption reference chip identifier to obtain a decrypted reference chip identifier; and comparing whether the chip identification to be verified is consistent with the decrypted reference chip identification, and verifying the chip to be verified.
In the case where the identification of the reference chip is a reference chip identification sequence, the encryption unit includes:
The segmentation unit is used for segmenting the reference chip identification sequence according to a preset encryption rule to obtain a preset number of segmented chip identifications;
the segmented chip identification setting unit is used for setting the segmented chip identifications with the preset number in the random number sequence to obtain an encrypted chip identification sequence, and the encrypted chip identification sequence is used as an encrypted reference chip identification.
The segmented chip identification setting unit includes:
the segmented sequence determining unit is used for determining segmented sequences corresponding to each segmented chip identifier in the random number sequence, and each segmented sequence at least meets the size requirement of the segmented chip identifier corresponding to the segmented sequence;
the modification unit is used for modifying the original random number value in the segment sequence corresponding to the random number sequence according to each segment chip identifier, taking the random number sequence modified by the random number value as an encryption chip identifier sequence, and taking the encryption chip identifier sequence as an encryption reference chip identifier.
The device is also for:
setting the start zone bit of the segment sequence corresponding to each segment sequence in the random number sequence, and setting the offset distance between the start zone bit of the segment sequence and the segment sequence corresponding to the start zone bit of the segment sequence in the random number sequence.
The chip authentication system provided by the present invention is described below, and the structure of the chip authentication system may include a target device 10 and a server 20 as shown in fig. 1.
Wherein the target device is configured to: executing the chip verification method on the target device side described in the above embodiment;
the server is used for: the server-side chip authentication method described in the above embodiment is performed.
In the present specification, each embodiment is described in a progressive manner, and each embodiment is mainly described in a different point from other embodiments, and identical and similar parts between the embodiments are all enough to refer to each other. For the device disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and the relevant points refer to the description of the method section.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative elements and steps are described above generally in terms of functionality in order to clearly illustrate the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. The software modules may be disposed in Random Access Memory (RAM), memory, read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (5)
1. A chip authentication method, wherein the method is applied to a target device, the method comprising:
acquiring a chip identifier to be verified corresponding to the chip to be verified;
The method comprises the steps of obtaining a prestored encryption reference chip identifier, wherein the encryption reference chip identifier is obtained by encrypting an identifier of a reference chip corresponding to target equipment by a server through a random number sequence;
decrypting the encrypted reference chip identifier to obtain a decrypted reference chip identifier;
verifying the chip to be verified by comparing whether the chip identifier to be verified is consistent with the decrypted reference chip identifier;
and under the condition that the encrypted reference chip identifier is an encrypted chip identifier sequence, decrypting the encrypted reference chip identifier to obtain a decrypted reference chip identifier comprises:
sequentially retrieving a segmentation sequence of at least one section of memory chip identifier from the encryption chip identifier sequence according to a preset decryption rule;
extracting the segment chip identification stored in each segment of segment sequence;
splicing the segment chip identifiers corresponding to each segment of the segment sequence according to the index value of the segment sequence, and taking the chip identifiers obtained by splicing as the decrypted reference chip identifiers;
the step of sequentially retrieving the segment sequence of at least one segment of memory chip identifier from the encrypted chip identifier sequence according to a preset decryption rule comprises the following steps:
Sequentially determining offset distances between at least one segment sequence starting zone bit and a segment sequence corresponding to the segment sequence starting zone bit from the encryption chip identification sequence according to a preset decryption rule;
sequentially determining the index position of at least one segment sequence start zone bit from the encryption chip identification sequence according to a preset decryption rule;
determining the index position of a segment sequence corresponding to each segment sequence starting zone bit by utilizing the index position of at least one segment sequence starting zone bit and the offset distance between the at least one segment sequence starting zone bit and the corresponding segment sequence;
the indexing position of the at least one segment sequence is utilized to locate the at least one segment sequence.
2. The method of claim 1, wherein verifying the chip to be verified by comparing whether the chip identification to be verified is consistent with the decrypted reference chip identification comprises:
comparing whether the chip identifier to be verified is consistent with the decrypted reference chip identifier;
under the condition that the chip identification to be verified is consistent with the decrypted reference chip identification, determining that the chip to be verified is legal;
And under the condition that the chip identification to be verified is inconsistent with the decrypted reference chip identification, determining that the chip to be verified is illegal.
3. A chip authentication method, wherein the method is applied to a server, the method comprising:
receiving an identification of a reference chip from a target device;
encrypting the identification of the reference chip to obtain an encrypted reference chip identification;
transmitting the encrypted reference chip identifier to target equipment, so that the target equipment decrypts the encrypted reference chip identifier to obtain a decrypted reference chip identifier; comparing whether the chip identification to be verified is consistent with the decrypted reference chip identification or not, and verifying the chip to be verified;
in the case that the identifier of the reference chip is a reference chip identifier sequence, encrypting the identifier of the reference chip to obtain an encrypted reference chip identifier includes:
segmenting the reference chip identification sequence according to a preset encryption rule to obtain a preset number of segmented chip identifications;
setting the preset number of segmented chip identifiers in a random number sequence to obtain an encrypted chip identifier sequence, and taking the encrypted chip identifier sequence as an encrypted reference chip identifier;
Setting the preset number of segmented chip identifiers in a random number sequence to obtain an encrypted chip identifier sequence, wherein the step of using the encrypted chip identifier sequence as an encrypted reference chip identifier comprises the following steps:
determining a segment sequence corresponding to each segment chip identifier in the random number sequence, wherein each segment sequence at least meets the size requirement of the segment chip identifier corresponding to the segment sequence;
and modifying the original random number in the corresponding segmented sequence in the random number sequence according to each segmented chip identifier, taking the random number sequence modified by the random number as an encrypted chip identifier sequence, and taking the encrypted chip identifier sequence as an encrypted reference chip identifier.
4. A method according to claim 3, characterized in that the method further comprises:
setting the start zone bit of the segment sequence corresponding to each segment sequence in the random number sequence, and setting the offset distance between the start zone bit of the segment sequence and the segment sequence corresponding to the start zone bit of the segment sequence in the random number sequence.
5. A chip authentication system, the system comprising: target equipment and a server;
the target device being configured to perform the chip authentication method according to any one of the preceding claims 1-2;
The server is configured to perform the chip authentication method according to any of the preceding claims 3-4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010186942.9A CN111414611B (en) | 2020-03-17 | 2020-03-17 | Chip verification method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010186942.9A CN111414611B (en) | 2020-03-17 | 2020-03-17 | Chip verification method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111414611A CN111414611A (en) | 2020-07-14 |
| CN111414611B true CN111414611B (en) | 2024-03-08 |
Family
ID=71493116
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010186942.9A Active CN111414611B (en) | 2020-03-17 | 2020-03-17 | Chip verification method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111414611B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101479984A (en) * | 2006-04-25 | 2009-07-08 | 斯蒂芬·L.·博伦 | Dynamic distributed key system and method for identity management, authentication servers, data security and preventing man-in-the-middle attacks |
| CN103761660A (en) * | 2014-02-24 | 2014-04-30 | 陈建生 | Method and device for verifying authenticity of product |
| EP3340098A1 (en) * | 2016-12-23 | 2018-06-27 | IDEMIA France | Method for securing an electronic operation with a smart card |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105471575B (en) * | 2014-09-05 | 2020-11-03 | 创新先进技术有限公司 | Information encryption and decryption method and device |
-
2020
- 2020-03-17 CN CN202010186942.9A patent/CN111414611B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101479984A (en) * | 2006-04-25 | 2009-07-08 | 斯蒂芬·L.·博伦 | Dynamic distributed key system and method for identity management, authentication servers, data security and preventing man-in-the-middle attacks |
| CN103761660A (en) * | 2014-02-24 | 2014-04-30 | 陈建生 | Method and device for verifying authenticity of product |
| EP3340098A1 (en) * | 2016-12-23 | 2018-06-27 | IDEMIA France | Method for securing an electronic operation with a smart card |
Non-Patent Citations (2)
| Title |
|---|
| 张玉浩 ; 徐志鹏 ; 黄新锐 ; 胡航 ; 单伟伟 ; .基于AES加密电路的防复制电路及系统设计.电子器件.2015,(01),全文. * |
| 李莉 ; 史国振 ; 耿魁 ; 董秀则 ; 王璇 ; 李凤华 ; .密码芯片的多算法随机作业流调度方法.通信学报.2016,(12),全文. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111414611A (en) | 2020-07-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7506381B2 (en) | Method for securing an electronic device, a security system and an electronic device | |
| CN108023874B (en) | Single sign-on verification device and method and computer readable storage medium | |
| EP1415430B1 (en) | A method and a system for processing information in an electronic device | |
| CN106909421B (en) | Safe financial POS machine firmware upgrading method | |
| CN111666564B (en) | Application program safe starting method and device, computer equipment and storage medium | |
| KR20100121535A (en) | Secure software updates | |
| CN112257086B (en) | User privacy data protection method and electronic equipment | |
| KR101078546B1 (en) | Apparatus for coding and decoding of security data file based on data storage unit idedtification, system for electronic signature using the same | |
| CN112199644A (en) | Mobile terminal application program safety detection method, system, terminal and storage medium | |
| CN111404682A (en) | Android environment key segmentation processing method and device | |
| CN103248491A (en) | Method and system for backing up electronic signed token private key | |
| CN113872770A (en) | Security verification method, system, electronic device and storage medium | |
| CN111224826B (en) | Configuration updating method, device, system and medium based on distributed system | |
| CN111414611B (en) | Chip verification method and system | |
| CN108363912B (en) | Program code secret protection method and device | |
| CN113542187A (en) | File uploading and downloading method and device, computer device and medium | |
| JP2006268513A (en) | Log-on management device for terminal device | |
| CN103248490A (en) | Method and system for backing-up information in electronic signature token | |
| CN114244620A (en) | Board card network access verification method and device and board card control center | |
| CN113572717B (en) | Communication connection establishment method, washing and protecting equipment and server | |
| JP4169347B2 (en) | Information processing apparatus, information processing method, and information processing program | |
| CN108416209B (en) | Program security verification method and device and terminal equipment | |
| CN114650175B (en) | Verification method and device | |
| CN116566744B (en) | Data processing method and security verification system | |
| GB2391669A (en) | Portable device for verifying a document's authenticity |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |