CN112364393A - Method and device for integrating safety calculation function of FLASH memory - Google Patents
Method and device for integrating safety calculation function of FLASH memory Download PDFInfo
- Publication number
- CN112364393A CN112364393A CN202011280244.1A CN202011280244A CN112364393A CN 112364393 A CN112364393 A CN 112364393A CN 202011280244 A CN202011280244 A CN 202011280244A CN 112364393 A CN112364393 A CN 112364393A
- Authority
- CN
- China
- Prior art keywords
- component
- computing
- storage
- port
- calculation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000004364 calculation method Methods 0.000 title claims abstract description 64
- 230000006870 function Effects 0.000 title claims abstract description 58
- 230000015654 memory Effects 0.000 title claims abstract description 54
- 238000000034 method Methods 0.000 title claims abstract description 33
- 238000007789 sealing Methods 0.000 claims abstract description 24
- 239000000758 substrate Substances 0.000 claims abstract description 23
- 238000005516 engineering process Methods 0.000 claims abstract description 20
- 238000012544 monitoring process Methods 0.000 claims abstract description 11
- 238000013500 data storage Methods 0.000 claims description 15
- 230000005540 biological transmission Effects 0.000 claims description 10
- 238000007726 management method Methods 0.000 claims description 10
- 238000012795 verification Methods 0.000 claims description 9
- 230000003213 activating effect Effects 0.000 claims description 7
- 230000004044 response Effects 0.000 claims description 7
- 230000008569 process Effects 0.000 claims description 4
- RVCKCEDKBVEEHL-UHFFFAOYSA-N 2,3,4,5,6-pentachlorobenzyl alcohol Chemical compound OCC1=C(Cl)C(Cl)=C(Cl)C(Cl)=C1Cl RVCKCEDKBVEEHL-UHFFFAOYSA-N 0.000 abstract description 5
- 238000013461 design Methods 0.000 abstract description 5
- 238000010586 diagram Methods 0.000 description 5
- 238000004458 analytical method Methods 0.000 description 2
- 230000010354 integration Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000004806 packaging method and process Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/76—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in application-specific integrated circuits [ASIC] or field-programmable devices, e.g. field-programmable gate arrays [FPGA] or programmable logic devices [PLD]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
- G06F21/79—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Mathematical Physics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a method and a device for integrating a safety calculation function of a FLASH memory, wherein the method comprises the steps of integrating a calculation component and a storage component into the FLASH memory through a sealing technology, controlling the storage component to work by the calculation component inside, and selecting the storage component or the calculation component to work in a command soft switching mode; the device comprises a substrate, a calculation component and a storage component, wherein the calculation component and the storage component are respectively arranged on the substrate, the substrate comprises a chip selection port, a data port, a clock port, a power port and a ground port, the working state of the storage component comprises a silent mode and a working mode, and the working state of the calculation component comprises a monitoring mode and a working mode. The method and the device designed by the invention keep compatibility with the original FLASH memory, only the FLASH memory needs to be replaced for the application system needing to be added with the safety calculation function, the safe upgrade can be carried out without modifying the PCBA design, and the upgrade cost, the upgrade period and the upgrade risk are greatly reduced.
Description
Technical Field
The invention relates to the technical field of memories, in particular to a method and a device for integrating a safety calculation function of a FLASH memory.
Background
FLASH memories, including NOR FLASH, NAND FLASH, are widely used in applications such as cameras and network modules, for storing boot programs, system programs, file information, user data, and the like.
The safety calculation function comprises secret key storage management, authority authentication calculation, signature verification calculation, secret key negotiation calculation, encryption and decryption calculation, HASH calculation and the like, is used for the information safety fields of software trusted start, software copyright protection, data storage confidentiality, data transmission confidentiality, access authority management, system trusted online upgrade and the like, and is generally realized by adopting a special safety calculation chip.
With the development of informatization and the increase of information protection requirements of users, security computing functions are more and more emphasized, and the application systems which need to have the security computing functions are gradually becoming common knowledge. Generally, because there is no secure computing requirement initially, the conventional application system does not consider reserving the secure computing chip position when performing the PCBA design, and the ordinary device does not have the secure computing capability, therefore, if the application system needs to add the secure computing function subsequently, only the PCBA design can be modified to add the secure computing chip, which increases the system upgrade cost, cycle and risk.
Disclosure of Invention
The technical problems to be solved by the invention are as follows: aiming at the problems in the prior art, the invention provides a method and a device for integrating a safety computing function into a FLASH memory by a FLASH memory integration technology, wherein a computing component with a safety computing function and a storage component with a data storage function are integrated into the FLASH memory by a sealing technology, the access of the storage component is controlled by the computing component, the compatibility with the original FLASH memory is kept, only the FLASH memory needs to be replaced for an application system needing to be added with the safety computing function, the safety upgrading can be carried out without modifying the PCBA design, and the upgrading cost, the period and the risk are greatly reduced.
In order to solve the technical problems, the invention adopts the technical scheme that:
a method for integrating the safety calculation function with FLASH memory includes such steps as integrating the calculation unit with safety calculation function and the storage unit with data storage function into a FLASH memory by means of sealing technique, internally controlling the storage unit by the calculation unit via the command on analysis bus, and selectively activating the storage unit or the calculation unit by soft switching of command.
Optionally, the integration of the computing unit with the secure computing function and the storage unit with the data storage function into one FLASH memory by using a sealing technology specifically means that the computing unit and the storage unit are packaged into one chip by using a sealing technology, where the sealing technology is one of SiP, MCM, MCP, and PoP.
Optionally, when the computing unit with the secure computing function and the storage unit with the data storage function are integrated into one FLASH memory through a sealing technology, a parallel structure or a serial structure is formed between the computing unit and the storage unit, the parallel structure means that the computing unit and the storage unit share a data bus and a clock bus, and the computing unit controls the storage unit to be gated through a storage unit chip selection signal line; the serial structure means that a data line, a clock line and a chip selection signal line of the storage component are connected to the computing component, the data line and the clock line of the computing component are connected to the outside of the chip, and the computing component and the outside communicate to control the transparent transmission of instructions and responses to the storage component.
Optionally, the computing component is a chip having functions of key storage management, authority authentication calculation, signature verification calculation, key agreement calculation, encryption and decryption calculation, and HASH calculation, and the chip is an ASIC chip or a programmable logic chip, and the programmable logic chip is an FPGA or a CPLD.
Optionally, the storage component is a storage component supporting a FLASH controller and a FLASH storage array, the storage component is controlled by the computing component to operate, the FLASH storage array is NORFLASH or nandfash, and the FLASH controller supports a RAW, SPI, QSPI, QPI, SDIO, MMC, eMMC, or HyperBus interface.
In addition, the invention also provides a device with integrated safety computing function of the FLASH memory, which comprises a substrate, a computing component and a storage component, wherein the computing component and the storage component are respectively arranged on the substrate, the substrate comprises a chip selection port, a data port, a clock port, a power port and a ground port, the working state of the storage component comprises a silent mode and a working mode, the working state of the computing component comprises a monitoring mode and a working mode, the silent mode of the storage component is that the storage component does not receive or respond to the instruction, the monitoring mode of the computing component is that the computing component only receives but does not respond to the instruction, and the working modes of the computing component and the storage component receive and respond to the instruction.
Optionally, a parallel structure or a serial structure is between the computing unit and the storage unit, where the parallel structure refers to: the computing component and the storage component share a data port, a clock port, a power port and a ground port which are arranged on the substrate, the data lines, the clock lines, the power lines and the ground lines of the computing component and the storage component are connected with the shared substrate data port, the clock port, the power port and the ground port through a data bus, a clock bus, a power bus and a ground bus in a sealing way, and a chip selection control port of the storage component is connected with a control end of the computing component; the serial structure is as follows: the computing component and the storage component share a grounding port arranged on the substrate, a power line, a data line and a clock line of the computing component are respectively connected with a power port of the substrate, a data port and a clock port, a data line and a clock line of the storage component are connected with a data transmission port and a clock transmission port of the computing component, a power line of the storage component is connected with the power port of the substrate or a power control port of the computing component, and a chip selection control port of the storage component is connected with a control end of the computing component.
Optionally, in the parallel structure, the computing unit is connected to a chip selection control port of the storage unit through a GPIO interface or a PWM interface as a control terminal, and controls the storage unit to operate by controlling a chip selection signal of the storage unit; in the serial structure, the computing component controls the storage component to work in a transparent transmission control mode, specifically, if the computing component is selected to work, the computing component processes instructions and responses, and does not transmit the storage component in a transparent manner, and if the storage component is selected to work, the computing component transmits the instructions and responses in a transparent manner.
Optionally, the computing component is an ASIC chip or a programmable logic chip, the ASIC chip includes a CPU, an on-chip memory, a random number generator, and a computing component capable of running firmware software, and implementing functions of key storage management, authority authentication computation, signature verification computation, key agreement computation, encryption and decryption computation, and HASH computation; the programmable logic chip is an FPGA or a CPLD, and realizes the functions of key storage management, authority authentication calculation, signature verification calculation, key negotiation calculation, encryption and decryption calculation and HASH calculation; the storage component is a storage component supporting a FLASH controller and a FLASH storage array, the storage component is controlled by a computing component to work, the FLASH storage array is NORFLASH or NANDFLASH FLASH, and the FLASH controller supports RAW, SPI, QSPI, QPI, SDIO, MMC, eMMC or HyperBus interfaces; the computing component and the storage component are both sealed structures formed by one of the sealing technologies of SiP, MCM, MCP and PoP.
The invention also provides an application method of the device integrating the FLASH memory with the security computing function, which comprises the following steps:
1) after the starting, the computing component is in a working mode and controls the storage component to be in a silent mode, at the moment, all instructions sent from the outside are received and processed by the computing component, and the storage component is not responded when in the silent mode; after receiving an instruction which is issued from the outside and used for activating the computing component, the computing component skips to execute the next step;
2) the calculation component enters a monitoring mode and controls the storage component to enter a working mode, at the moment, all the instructions issued from the outside are received and processed by the storage component, the calculation component only monitors the instructions issued from the outside, and after the instructions of the abandoned option storage component issued from the outside are monitored, the next step is skipped to be executed;
3) the computing component enters a working mode and controls the storage component to be in a silent mode, at the moment, all instructions sent from the outside are received and processed by the computing component, and the storage component does not respond when being in the silent mode; and after the computing part receives an externally issued instruction for activating the computing part, skipping to execute the step 2).
Compared with the prior art, the invention has the following advantages: the invention integrates the computing component with the safe computing function and the storage component with the data storage function into a FLASH memory through a sealing technology, controls the access of the storage component through the computing component, keeps the compatibility with the original FLASH memory, only needs to replace the FLASH memory for an application system needing to increase the safe computing function, can carry out safe upgrade without modifying the PCBA design, and greatly reduces the upgrade cost, period and risk.
Drawings
FIG. 1 is a schematic diagram of an implementation principle of a method according to an embodiment of the present invention
Fig. 2 is a flow chart of an application method of the device in the embodiment of the present invention.
Fig. 3 is a schematic circuit diagram of a device in an embodiment of the invention.
Fig. 4 is a schematic diagram of a computing component structure of a device in an embodiment of the invention.
Fig. 5 is a schematic diagram of a memory cell structure of a device in an embodiment of the invention.
Fig. 6 is a schematic side view of a device according to an embodiment of the present invention.
Fig. 7 is a schematic front view of a device in an embodiment of the present invention.
Fig. 8 is a schematic diagram of bonding wires of the device in the embodiment of the invention.
Detailed Description
The present invention will be described in further detail with reference to examples, but the embodiments of the present invention are not limited thereto.
The embodiment provides a method for integrating a safety computing function into a FLASH memory, which comprises the steps of integrating a computing component with a safety computing function and a storage component with a data storage function into the FLASH memory through a sealing technology, internally controlling the storage component to work through an instruction on an analysis bus by the computing component, and selectively activating the storage component or the computing component to work through an instruction soft switching mode.
In this embodiment, integrating a computing unit with a secure computing function and a storage unit with a data storage function into a FLASH memory by a sealing technology specifically means packaging the computing unit and the storage unit into one chip by the sealing technology, where the sealing technology is one of SiP, MCM, MCP, and PoP. In this embodiment, SiP technology is adopted for sealing, and in addition, MCM, MCP, PoP and other technologies may be selected.
In this embodiment, when a computing unit with a secure computing function and a storage unit with a data storage function are integrated into a FLASH memory by a sealing technology, a parallel structure or a serial structure is formed between the computing unit and the storage unit, where the parallel structure refers to that the computing unit and the storage unit share a data bus and a clock bus, and the computing unit controls gating of the storage unit through a chip selection signal line of the storage unit; the serial structure means that a data line, a clock line and a chip selection signal line of the storage component are connected to the computing component, the data line and the clock line of the computing component are connected to the outside of the chip, and the computing component and the outside communicate to control the transparent transmission of instructions and responses to the storage component.
In this embodiment, the computing component is a chip having functions of key storage management, authority authentication calculation, signature verification calculation, key agreement calculation, encryption and decryption calculation, and HASH calculation, and the chip is an ASIC chip or a programmable logic chip, and the programmable logic chip is an FPGA or a CPLD.
In this embodiment, the storage component is a storage component that supports a FLASH controller and a FLASH memory array, the storage component is controlled by the computing component to operate, the FLASH memory array is NORFLASH or NANDFLASH, and the FLASH controller supports a RAW, SPI, QSPI, QPI, SDIO, MMC, eMMC, or superbus interface.
As shown in fig. 3, 4, 5, 6, 7 and 8, the present embodiment further provides a device with a FLASH memory integrated with a secure computing function, which includes a substrate 1, a computing unit 2 and a storage unit 3 respectively disposed on the substrate 1, the substrate 1 includes a chip select port 105, a data port 101, a clock port 102, a power port 103 and a ground port 104, the operating state of the storage unit 3 includes a silent mode and an operating mode, the operating state of the computing unit 2 includes a listening mode and an operating mode, the silent mode of the storage unit 3 is that the storage unit does not receive or respond to an instruction, the listening mode of the computing unit 2 is that the computing unit only receives but does not respond to an instruction, and the operating modes of the computing unit 2 and the storage unit 3 are that receives and responds to an instruction. Referring to fig. 3, the chip select control port 35 of the storage component 3 is connected to the control terminal 20 of the computing component 2, so that the computing component 2 can control the gating of the storage component 3 through the control terminal 20 and the chip select control port 35 of the storage component 3, and the control and controlled relationship between the computing component 2 and the storage component 3 is realized. The data port 101, clock port 102, power port 103 and ground port 104 are compatible with conventional SPI interface FLASH memory, including NOR FLASH and NAND FLASH.
In this embodiment, the computing unit 2 is a secure computing ASIC chip, and as shown in fig. 4, includes a CPU, an on-chip memory, a random number generator, an algorithm coprocessor, an SPI interface, and a GPIO interface, and is capable of running firmware software, and is configured to provide secure computing functions such as key storage management, authority authentication computation, signature verification computation, key agreement computation, encryption and decryption computation, HASH computation, and the like, and control the storage unit 3. In this embodiment, the computing component 2 is a secure computing ASIC chip, and the computing component 2 may also select a secure computing programmable logic chip, such as an FPGA or a CPLD.
In this embodiment, the storage unit 3 is a FLASH memory chip supporting a FLASH controller. As shown in fig. 5, the FLASH memory chip integrates an SPI interface FLASH controller and a FLASH memory array, which are used to provide data storage functions and are controlled by the security computing component. In this embodiment, the FLASH memory chip supports the SPI interface, but the interface supported by the FLASH memory chip is not limited to the SPI interface, and interfaces such as SDIO, QSPI, QPI, Hyperbus, RAW, MMC, and eMMC may be selected as necessary.
In this embodiment, the computing unit 2 is connected to the chip selection control port 35 of the storage unit 3 through a GPIO interface as the control terminal 20.
As shown in fig. 8, both the computing unit 2 and the storage unit 3 are packaged into a chip in this embodiment, see fig. 6, fig. 7 and fig. 8, where the component denoted by reference character a is a pin of the chip, the pin of the chip includes 4 pairs, but the effective pins include a data port 101, a clock port 102, a power port 103, a ground port 104, and the like.
In the present embodiment, the computing unit 2 and the storage unit 3 are packaged as a single chip in an SIP package structure formed by using an SIP package technology, and other package technologies such as MCM, MCP, PoP, and the like may be used.
As shown in fig. 3, in the present embodiment, the data line 21 of the computing unit 2 and the data line 31 of the memory unit 3 are connected to the common data port 101 through an in-package data bus 201, the clock line 22 of the computing unit 2 and the clock line 32 of the memory unit 3 are connected to the common clock port 102 through an in-package clock bus 202, the power supply line 23 of the computing unit 2 and the power supply line 33 of the memory unit 3 are connected to the common power supply port 103 through an in-package power supply bus 203, and the ground line 24 of the computing unit 2 and the ground line 34 of the memory unit 3 are connected to the common ground port 104 through an in-package ground bus 204.
As shown in fig. 3, in the present embodiment, a chip select port 105 is further disposed on the substrate 1, and the chip select port 105 is connected to the chip select control port 25 of the calculating part 2.
As shown in fig. 2, this embodiment further provides an application method of the device with the FLASH memory integrated with the secure computing function, including:
1) after starting (power-on or resetting), the computing part 2 is in a working mode and controls the storage part 3 to be in a silent mode, at the moment, all instructions sent from the outside are received and processed by the computing part 2, and the storage part 3 does not respond when being in the silent mode; after the computing component 2 receives an instruction which is issued from the outside and activates the computing component 2, skipping to execute the next step;
2) the calculation part 2 enters a monitoring mode and controls the storage part 3 to enter a working mode, at the moment, all the instructions issued from the outside are received and processed by the storage part 3, the calculation part 2 only monitors the instructions issued from the outside, and after monitoring the instructions of the option abandoning storage part 3 issued from the outside, the next step is executed by skipping;
3) the computing part 2 enters a working mode and controls the storage part 3 to be in a silent mode, at the moment, all instructions sent from the outside are received and processed by the computing part 2, and the storage part 3 does not respond when being in the silent mode; and after the computing part 2 receives an externally issued instruction for activating the computing part 2, skipping to execute the step 2).
As can be seen from the foregoing, the component operating modes of the device with FLASH memory integrated with secure computing function in this embodiment include: the working mode of the computing component 2 and the working mode of the storage component 3, wherein the computing component 2 has a working mode and a monitoring mode, and in the working mode, the computing component 2 controls the bus and receives and processes instructions; in the monitoring mode, the computing component 2 does not affect the bus and only receives instructions; the storage part 3 has a working mode and a silent mode, and in the working mode, the storage part 3 controls the bus and receives and processes instructions; in silent mode, the memory unit 3 does not affect the bus nor receive instructions. The application method of the device with the integrated FLASH memory security computing function includes the steps of adopting a soft switching method, including control relation among components, including component working mode switching, including component default state, and adopting a data instruction to distinguish access components without adding extra pins due to the adoption of the soft switching method, so as to ensure memory access compatibility.
In summary, the device integrating the secure computing function into the FLASH memory and the application method thereof of the embodiment integrate the computing component having the secure computing function and the storage component having the data storage function into one FLASH memory device by the SiP sealing technology and adopting a parallel structure, control the access of the storage component by the computing component, and keep the compatibility with the original FLASH memory.
The above description is only a preferred embodiment of the present invention, and the protection scope of the present invention is not limited to the above embodiments, and all technical solutions belonging to the idea of the present invention belong to the protection scope of the present invention. It should be noted that modifications and embellishments within the scope of the invention may occur to those skilled in the art without departing from the principle of the invention, and are considered to be within the scope of the invention.
Claims (10)
1. A method for integrating the safety calculation function with FLASH memory features that the calculation unit with safety calculation function and the storage unit with data storage function are integrated in a FLASH memory by sealing technique, the calculation unit is used to control the storage unit to work by analyzing the instruction on bus, and the storage unit or calculation unit is selectively activated by soft switching of instruction.
2. The method according to claim 1, wherein the integrating of the computing unit with the secure computing function and the storage unit with the data storage function into one FLASH memory by a sealing technique is to package the computing unit with the secure computing function and the storage unit with the data storage function into one chip by a sealing technique, and the sealing technique is one of SiP, MCM, MCP, and PoP.
3. The method of claim 1, wherein when the computing unit with security computing function and the storage unit with data storage function are integrated into a FLASH memory by a sealing technique, a parallel structure or a serial structure is formed between the computing unit and the storage unit, the parallel structure means that the computing unit and the storage unit share a data bus and a clock bus, and the computing unit controls the storage unit to gate through a storage unit chip selection signal line; the serial structure means that a data line, a clock line and a chip selection signal line of the storage component are connected to the computing component, the data line and the clock line of the computing component are connected to the outside of the chip, and the computing component and the outside communicate to control the transparent transmission of instructions and responses to the storage component.
4. The method of claim 1, wherein the computing unit is a chip with functions of key storage management, authority authentication calculation, signature verification calculation, key agreement calculation, encryption and decryption calculation, and HASH calculation, and the chip is an ASIC chip or a programmable logic chip, and the programmable logic chip is an FPGA or a CPLD.
5. The method of claim 1, wherein the storage component is a storage component supporting a FLASH controller and a FLASH memory array, the storage component is controlled by the computing component, the FLASH memory array is NORFLASH or NANDFLASH, and the FLASH controller supports RAW, SPI, QSPI, QPI, SDIO, MMC, eMMC, or HyperBus interfaces.
6. The device is characterized by comprising a substrate, a computing component and a storage component, wherein the computing component and the storage component are respectively arranged on the substrate, the substrate comprises a chip selection port, a data port, a clock port, a power port and a ground port, the working state of the storage component comprises a silent mode and a working mode, the working state of the computing component comprises a monitoring mode and a working mode, the silent mode of the storage component is that the storage component does not receive or respond to an instruction, the monitoring mode of the computing component is that the computing component only receives but does not respond to the instruction, and the working modes of the computing component and the storage component receive and respond to the instruction.
7. The device of claim 6, wherein the computing unit and the storage unit are in parallel or serial structure, and the parallel structure is: the computing component and the storage component share a data port, a clock port, a power port and a ground port which are arranged on the substrate, the data lines, the clock lines, the power lines and the ground lines of the computing component and the storage component are connected with the shared substrate data port, the clock port, the power port and the ground port through a data bus, a clock bus, a power bus and a ground bus in a sealing way, and a chip selection control port of the storage component is connected with a control end of the computing component; the serial structure is as follows: the computing component and the storage component share a grounding port arranged on the substrate, a power line, a data line and a clock line of the computing component are respectively connected with a power port of the substrate, a data port and a clock port, a data line and a clock line of the storage component are connected with a data transmission port and a clock transmission port of the computing component, a power line of the storage component is connected with the power port of the substrate or a power control port of the computing component, and a chip selection control port of the storage component is connected with a control end of the computing component.
8. The device of claim 7, wherein in the parallel structure, the computing unit is connected to a chip select control port of the storage unit through a GPIO interface or a PWM interface as a control terminal, and controls the storage unit to operate by controlling a chip select signal of the storage unit; in the serial structure, the computing component controls the storage component to work in a transparent transmission control mode, specifically, if the computing component is selected to work, the computing component processes instructions and responses, and does not transmit the storage component in a transparent manner, and if the storage component is selected to work, the computing component transmits the instructions and responses in a transparent manner.
9. The device of claim 6, wherein the computing component is an ASIC chip or a programmable logic chip, and the ASIC chip has a CPU, an on-chip memory, a random number generator, and a computing component capable of running firmware software, and implementing the functions of key storage management, authority authentication calculation, signature verification calculation, key agreement calculation, encryption/decryption calculation, and HASH calculation; the programmable logic chip is an FPGA or a CPLD, and realizes the functions of key storage management, authority authentication calculation, signature verification calculation, key negotiation calculation, encryption and decryption calculation and HASH calculation; the storage component is a storage component supporting a FLASH controller and a FLASH storage array, the storage component is controlled by a computing component to work, the FLASH storage array is NORFLASH or NANDFLASH FLASH, and the FLASH controller supports RAW, SPI, QSPI, QPI, SDIO, MMC, eMMC or HyperBus interfaces; the computing component and the storage component are both sealed structures formed by one of the sealing technologies of SiP, MCM, MCP and PoP.
10. An application method of the device with integrated secure computing function of FLASH memory according to any claim 6 to 9, comprising:
1) after the starting, the computing component is in a working mode and controls the storage component to be in a silent mode, at the moment, all instructions sent from the outside are received and processed by the computing component, and the storage component is not responded when in the silent mode; after receiving an instruction which is issued from the outside and used for activating the computing component, the computing component skips to execute the next step;
2) the calculation component enters a monitoring mode and controls the storage component to enter a working mode, at the moment, all the instructions issued from the outside are received and processed by the storage component, the calculation component only monitors the instructions issued from the outside, and after the instructions of the abandoned option storage component issued from the outside are monitored, the next step is skipped to be executed;
3) the computing component enters a working mode and controls the storage component to be in a silent mode, at the moment, all instructions sent from the outside are received and processed by the computing component, and the storage component does not respond when being in the silent mode; and after the computing part receives an externally issued instruction for activating the computing part, skipping to execute the step 2).
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011280244.1A CN112364393B (en) | 2020-11-16 | 2020-11-16 | Method and device for integrating security computing function of FLASH memory |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011280244.1A CN112364393B (en) | 2020-11-16 | 2020-11-16 | Method and device for integrating security computing function of FLASH memory |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112364393A true CN112364393A (en) | 2021-02-12 |
| CN112364393B CN112364393B (en) | 2024-02-02 |
Family
ID=74514998
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011280244.1A Active CN112364393B (en) | 2020-11-16 | 2020-11-16 | Method and device for integrating security computing function of FLASH memory |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112364393B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN201041677Y (en) * | 2007-02-05 | 2008-03-26 | 凤凰微电子(中国)有限公司 | Intelligent card supporting high-performance computing, large-capacity storage and high-speed transmission |
| US20110131403A1 (en) * | 2008-08-01 | 2011-06-02 | Hewlett-Packard Developement Company, Lp | Verifying firmware |
| CN108319465A (en) * | 2018-04-09 | 2018-07-24 | 中国科学院微电子研究所 | The circuit and method upgraded to FPGA configuration data |
| CN109558370A (en) * | 2017-09-23 | 2019-04-02 | 成都海存艾匹科技有限公司 | Three-dimensional computations encapsulation |
| CN209543219U (en) * | 2019-03-01 | 2019-10-25 | 珠海欧比特电子有限公司 | A kind of computer module based on 3 D stereo encapsulation |
-
2020
- 2020-11-16 CN CN202011280244.1A patent/CN112364393B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN201041677Y (en) * | 2007-02-05 | 2008-03-26 | 凤凰微电子(中国)有限公司 | Intelligent card supporting high-performance computing, large-capacity storage and high-speed transmission |
| US20110131403A1 (en) * | 2008-08-01 | 2011-06-02 | Hewlett-Packard Developement Company, Lp | Verifying firmware |
| CN109558370A (en) * | 2017-09-23 | 2019-04-02 | 成都海存艾匹科技有限公司 | Three-dimensional computations encapsulation |
| CN108319465A (en) * | 2018-04-09 | 2018-07-24 | 中国科学院微电子研究所 | The circuit and method upgraded to FPGA configuration data |
| CN209543219U (en) * | 2019-03-01 | 2019-10-25 | 珠海欧比特电子有限公司 | A kind of computer module based on 3 D stereo encapsulation |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112364393B (en) | 2024-02-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11314661B2 (en) | Hardware security for an electronic control unit | |
| US8959311B2 (en) | Methods and systems involving secure RAM | |
| JP4288209B2 (en) | Security architecture for system on chip | |
| CN106605233B (en) | Providing trusted execution environment using processor | |
| CN107667347B (en) | Techniques for virtualized access to security services provided by a converged manageability and security engine | |
| US10303880B2 (en) | Security device having indirect access to external non-volatile memory | |
| KR101029901B1 (en) | Security features in interconnect centric architectures | |
| CN102819706B (en) | Device and method for implementing credible embedded system on existing embedded equipment | |
| CN108628791B (en) | High-speed security chip based on PCIE interface | |
| CN112540951A (en) | Special main control chip suitable for electric power system control protection device | |
| US11205021B2 (en) | Securing accessory interface | |
| CN112965926B (en) | SPI interface safety chip and SPI interface electronic device | |
| CN112069506A (en) | Safe starting method and device | |
| RU2458389C2 (en) | Single-chip computer and tachograph | |
| CN102831081A (en) | Transparent encryption and decryption secure digital memory card (SD card) and implementation method thereof | |
| JP7402798B2 (en) | Security for programmable devices in data centers | |
| CN112364393B (en) | Method and device for integrating security computing function of FLASH memory | |
| CN103150523B (en) | A kind of easy embedded credible terminal system and method | |
| US10169616B1 (en) | Cryptographic processing of data and instructions stored off-chip | |
| Shao et al. | A new secure architecture of network computer based on single CPU and Dual Bus | |
| CN108875412B (en) | inSE safety module | |
| CN111736770B (en) | Embedded secure memory | |
| KR20160019780A (en) | System on chip, electronic apparatus including system on chip and operation method of system on chip | |
| TWI751962B (en) | Secured device, secured method, secured system, and secured apparatus | |
| US9218484B2 (en) | Control method and information processing apparatus |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |