CN117093969A - Debugging authorization method and system - Google Patents

Debugging authorization method and system Download PDF

Info

Publication number
CN117093969A
CN117093969A CN202311061535.5A CN202311061535A CN117093969A CN 117093969 A CN117093969 A CN 117093969A CN 202311061535 A CN202311061535 A CN 202311061535A CN 117093969 A CN117093969 A CN 117093969A
Authority
CN
China
Prior art keywords
authentication information
processor
debugging
authorization
ciphertext
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311061535.5A
Other languages
Chinese (zh)
Inventor
张明波
汤彩芸
刘宇
姜磊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hexin Technology Co ltd
Shanghai Hexin Digital Technology Co ltd
Original Assignee
Hexin Technology Co ltd
Shanghai Hexin Digital Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hexin Technology Co ltd, Shanghai Hexin Digital Technology Co ltd filed Critical Hexin Technology Co ltd
Priority to CN202311061535.5A priority Critical patent/CN117093969A/en
Publication of CN117093969A publication Critical patent/CN117093969A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/22Detection or location of defective computer hardware by testing during standby operation or during idle time, e.g. start-up testing
    • G06F11/26Functional testing
    • G06F11/273Tester hardware, i.e. output processing circuits
    • G06F11/2733Test interface between tester and unit under test
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/362Software debugging
    • G06F11/3648Software debugging using additional hardware
    • G06F11/3656Software debugging using additional hardware using a specific debug interface
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Quality & Reliability (AREA)
  • Software Systems (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Storage Device Security (AREA)

Abstract

The application discloses an authorization debugging method and a system, wherein the method comprises the following steps: and carrying out asymmetric encryption on the first authentication information by adopting a public key stored in the processor, wherein the first authentication information comprises the identification of the server. The authentication proxy device forwards ciphertext between the processor and the authentication server. After receiving the first authentication information ciphertext, the verification server decrypts the first authentication information ciphertext by adopting a private key to obtain second authentication information, and generates debugging authorization rights according to a verification result of the validity of the identifier of the processor; and encrypting the exchange authorization authority and the second authentication information by adopting a private key. And after receiving the second authentication information ciphertext, the processor decrypts the second authentication information ciphertext by adopting the public key to obtain the debugging authorization authority and the second authentication information, and in response to determining that the comparison result of the first authentication information and the second authentication information is consistent, the processor performs debugging operation on a debugging module and a pin of the processor according to the debugging authorization authority. After the server is delivered and used, the application can still perform configuration management on the debugging authority of the user on the premise of ensuring the safety.

Description

Debugging authorization method and system
Technical Field
The application relates to the technical field of debugging and authorizing, in particular to a debugging and authorizing method and a system.
Background
The processor usually has a JTAG interface, which can be used for detecting the processor itself, and can also be used for debugging the system software after delivering the user. The processor is controlled through the JTAG interface, namely, the highest authority of the system is possessed, and the existing technology protects the internal secret of the processor from being acquired by disabling the JTAG interface after leaving the factory. Or, the JTAG interface is privately opened by setting an unpublished mode, but the specific operation process of the mode cannot prevent an attacker from attacking the processor by utilizing the JTAG interface once the specific operation process is known from the outside.
Disclosure of Invention
The application provides a debugging authorization method to solve the technical problem that the safety of the existing JTAG interface and the debugging convenience of system software can not be considered, and realize that the configuration management of the debugging authority of a user can be carried out on the premise of ensuring the safety after the server is delivered and used.
To solve the above technical problem, in a first aspect, the present application provides a first debug authorization method, applied to a processor, where the method includes:
carrying out asymmetric encryption on first authentication information for debugging and authorizing authentication by adopting a public key of a debugging and authorizing key stored in a ROM module of the processor to obtain a first authentication information ciphertext, wherein the first authentication information comprises an identifier of the processor and a random number generated by true random number generating equipment of the processor;
Forwarding the first authentication information ciphertext to an authentication server through an authentication proxy device, enabling the authentication server to decrypt the first authentication information ciphertext by adopting a private key of a debugging and authorizing key to obtain second authentication information, generating debugging and authorizing permission according to an authentication result of the identification validity of a processor in the second authentication information, and carrying out asymmetric encryption on the second authentication information and the debugging and authorizing permission by adopting the private key to obtain second authentication information ciphertext; receiving a second authentication information ciphertext returned by the authentication server through the authentication proxy device;
and decrypting the second authentication information ciphertext by adopting the public key to obtain the debugging authorization authority and the second authentication information, and starting a debugging module of the processor and a pin of the processor to carry out debugging operation according to the debugging authorization authority in response to the fact that the comparison result of the first authentication information and the second authentication information is consistent.
Preferably, the forwarding the first authentication information ciphertext to the authentication server via an authentication proxy apparatus includes:
the first authentication information ciphertext is sent to a verification proxy device, third authentication information is added into the first authentication information ciphertext by the verification proxy device to obtain fourth authentication information, and the fourth authentication information is transmitted to the verification server; the third authentication information includes: a user name and a password of the processor.
Preferably, the generating the debug authorization right according to the verification result of the validity of the processor identifier in the second authentication information includes:
responding to the fact that the identification of the processor in the second authentication information is consistent with the identification of the processor stored in the verification server, and generating a debugging authority for enabling a debugging function if the identification of the processor in the second authentication information is valid;
and in response to determining that the identification of the processor in the second authentication information is inconsistent with the identification of the processor stored in the verification server, the identification of the processor in the second authentication information is invalid, and the debugging authority is not generated, and the ROM module is started.
Preferably, the method further comprises:
and in response to determining that the comparison result of the first authentication information and the second authentication information is inconsistent, keeping the debugging module and the pin in a disabled state.
Preferably, before the step of asymmetrically encrypting the first authentication information for the debug authorization authentication by using the public key of the debug authorization key stored in the ROM module of the processor, the method further includes:
and receiving whether to enter a debugging authorization instruction, if so, performing debugging authorization, and if not, directly starting the ROM module.
In a second aspect, the present application also provides a debug authorization system, applied to a processor, the system comprising: the system comprises a first encryption module, a first ciphertext transmission module and a decryption debugging module;
the first encryption module is used for asymmetrically encrypting first authentication information for debugging, authorizing and authenticating by adopting a public key of a debugging, authorizing and secret key stored in the ROM module of the processor to obtain a first authentication information ciphertext, wherein the first authentication information comprises an identifier of the processor and a random number generated by a true random number generating device of the processor;
the first ciphertext transmission module is used for forwarding the first authentication information ciphertext to an authentication server through an authentication proxy device, so that the authentication server adopts a private key of a debugging authorization key to decrypt the first authentication information ciphertext to obtain second authentication information, and generates debugging authorization rights according to an authentication result of the identification validity of a processor in the second authentication information, and then adopts the private key to asymmetrically encrypt the second authentication information and the debugging authorization rights to obtain second authentication information ciphertext; receiving a second authentication information ciphertext returned by the authentication server through the authentication proxy device;
The decryption debugging module: and the processor is used for decrypting the second authentication information ciphertext by adopting the public key to obtain the debugging authorization authority and the second authentication information, and starting a debugging module of the processor and a pin of the processor to carry out debugging operation according to the debugging authorization authority in response to the fact that the comparison result of the first authentication information and the second authentication information is consistent.
In a third aspect, the present application further provides a second debug authorization method, applied to a verification server, where the method includes:
the receiving processor verifies the first authentication information ciphertext forwarded by the proxy device; the first authentication information ciphertext is obtained by asymmetrically encrypting first authentication information by the processor by adopting a public key of a debugging authorization key stored in a ROM module of the processor, wherein the first authentication information comprises an identifier of the processor and a random number generated by true random number generating equipment of the processor;
decrypting the first authentication information ciphertext by adopting a private key of the debugging authorization key to obtain second authentication information, generating debugging authorization rights according to a verification result of the identification validity of a processor in the second authentication information, and asymmetrically encrypting the debugging authorization rights and the second authentication information by adopting the private key to obtain second authentication information ciphertext;
And forwarding the second authentication information ciphertext to the processor through the verification proxy device so that the processor adopts the public key to decrypt the second authentication information ciphertext to obtain the debugging authorization authority and the second authentication information, and enabling a debugging module of the processor and pins of the processor to perform debugging operation according to the debugging authorization authority in response to the fact that the comparison result of the first authentication information and the second authentication information is consistent.
In a fourth aspect, the present application also provides a second debug authorization system, applied to a verification server, the system comprising: the system comprises a ciphertext receiving module, a verification authorization module and a second ciphertext transmitting module;
the ciphertext receiving module is used for receiving a first authentication information ciphertext forwarded by the processor through the authentication proxy device; the first authentication information ciphertext is obtained by asymmetrically encrypting first authentication information by the processor by adopting a public key of a debugging authorization key stored in a ROM module of the processor, wherein the first authentication information comprises an identifier of the processor and a random number generated by true random number generating equipment of the processor;
The verification authorization module is used for decrypting the first authentication information ciphertext by adopting a private key of the debugging authorization key to obtain second authentication information, generating debugging authorization rights according to a verification result of the identification validity of the processor in the second authentication information, and asymmetrically encrypting the debugging authorization rights and the second authentication information by adopting the private key to obtain second authentication information ciphertext;
the second ciphertext transmission module is configured to forward the second authentication information ciphertext to the processor via the authentication proxy device, so that the processor decrypts the second authentication information ciphertext by using the public key, obtains the debug authorization right and the second authentication information, and starts the debug module of the processor and the pins of the processor to perform debug operation according to the debug authorization right in response to determining that the first authentication information is consistent with the second authentication information.
In a fifth aspect, the present application further provides a third debug authorization method, where the method includes:
the method comprises the steps that a processor carries out asymmetric encryption on first authentication information by adopting a public key of a debugging authorization key stored in a ROM module of the processor to obtain a first authentication information ciphertext, wherein the first authentication information comprises an identifier of the processor and a random number generated by true random number generating equipment of the processor;
Forwarding the first authentication information ciphertext to the authentication server via an authentication proxy device;
the verification server adopts a private key of the debugging authorization key to decrypt the first authentication information ciphertext to obtain second authentication information, and generates debugging authorization rights according to a verification result of the validity of the processor identifier in the second authentication information; carrying out asymmetric encryption on the debugging authorization authority and the second authentication information by adopting the private key to obtain a second authentication information ciphertext;
forwarding the second authentication information ciphertext to the processor via the authentication proxy device;
and the processor decrypts the second authentication information ciphertext by adopting the public key, obtains the debugging authorization authority and the second authentication information, and starts a debugging module of the processor and a pin of the processor to carry out debugging operation according to the debugging authorization authority in response to determining that the comparison result of the first authentication information and the second authentication information is consistent.
In a sixth aspect, the present application also provides a third debug authorization system, the system comprising: a processor, an authentication server, and an authentication proxy device;
The processor is used for asymmetrically encrypting the first authentication information by adopting a public key of a debugging authorization key stored in a ROM module of the processor to obtain a first authentication information ciphertext, wherein the first authentication information comprises an identifier of the processor and a random number generated by true random number generating equipment of the processor; sending the first authentication information ciphertext to the authentication proxy device; receiving a second authentication information ciphertext returned by the authentication proxy device; decrypting the second authentication information ciphertext by adopting the public key to obtain debugging authorization authority and second authentication information, and starting a debugging module of the processor and a pin of the processor to perform debugging operation according to the debugging authorization authority in response to determining that the comparison result of the first authentication information and the second authentication information is consistent;
the authentication proxy device is used for receiving and forwarding the first authentication information ciphertext to the authentication server; and is further configured to receive and forward the second authentication information ciphertext to the processor;
the verification server is used for decrypting the first authentication information ciphertext by adopting a private key of the debugging authorization key to obtain the second authentication information, and generating the debugging authorization right according to a verification result of the identification validity of the processor in the second authentication information; carrying out asymmetric encryption on the debugging authorization authority and the second authentication information by adopting the private key to obtain a second authentication information ciphertext; and sending the second authentication information ciphertext to the authentication proxy device.
The application provides a method and a system for debugging authorization. The method comprises the following steps: and carrying out asymmetric encryption on the first authentication information by adopting a public key of a debugging authorization key stored in a ROM module of the processor, wherein the first authentication information comprises an identifier of the processor. The authentication proxy device forwards ciphertext between the processor and the authentication server. After receiving the first authentication information ciphertext, the verification server decrypts the first authentication information ciphertext by adopting a private key of the debugging authorization key to obtain second authentication information, and generates debugging authorization rights according to a verification result of the identification validity of the processor; and encrypting the exchange authorization authority and the second authentication information by adopting a private key. And after receiving the second authentication information ciphertext, the processor decrypts the second authentication information ciphertext by adopting the public key to obtain the debugging authorization authority and the second authentication information, and performs debugging operation on a debugging module of the processor and pins of the processor according to the debugging authorization authority in response to determining that the comparison result of the first authentication information and the second authentication information is consistent. The technical scheme of the application can realize configuration management of the debugging authority of the user on the premise of ensuring the safety after the server is delivered and used.
Drawings
FIG. 1 is a schematic diagram showing steps of a first debug authorization method according to a preferred embodiment of the present application;
FIG. 2 is a schematic diagram of a first debug authorization system provided by a preferred embodiment of the present application;
FIG. 3 is a diagram illustrating steps of a second method for debug authorization according to a preferred embodiment of the present application;
FIG. 4 is a schematic diagram of a second debug authorization system provided by a preferred embodiment of the present application;
FIG. 5 is a diagram illustrating steps of a third debug authorization method according to a preferred embodiment of the present application;
fig. 6 is a schematic diagram of a third debug authorization system according to a preferred embodiment of the present application.
Detailed Description
The following examples are given for illustrative purposes only and are not to be construed as limiting the application, as embodiments of the application are specifically illustrated by the accompanying drawings, which are included by reference and description only, and do not limit the scope of the application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
In order to solve the technical problem that the security of the existing JTAG interface and the debugging convenience of system software cannot be considered, the embodiment of the application provides a corresponding debugging authorization method and system.
As shown in fig. 1, in an embodiment provided by the present application, a first debug authorization method is disclosed, applied to a processor, and the method includes the following steps:
s1, performing asymmetric encryption on first authentication information for debugging authorization authentication by adopting a public key of a debugging authorization key stored in a ROM module of the processor to obtain a first authentication information ciphertext, wherein the first authentication information comprises an identifier of the processor and a random number generated by a true random number generating device of the processor.
S2, forwarding the first authentication information ciphertext to an authentication server through an authentication proxy device, enabling the authentication server to decrypt the first authentication information ciphertext by adopting a private key of a debugging and authorizing key to obtain second authentication information, generating debugging and authorizing permission according to an authentication result of the identification validity of a processor in the second authentication information, and asymmetrically encrypting the second authentication information and the debugging and authorizing permission by adopting the private key to obtain second authentication information ciphertext; and receiving a second authentication information ciphertext returned by the authentication server through the authentication proxy device.
S3, decrypting the second authentication information ciphertext by adopting the public key, obtaining the debugging authorization authority and the second authentication information, and starting a debugging module of the processor and a pin of the processor to carry out debugging operation according to the debugging authorization authority in response to the fact that the first authentication information is identical to the second authentication information.
In the embodiment of the application, an asymmetric encryption method is adopted for remote authorization authentication, and the secure debugging authorization key comprises a public key and a private key, wherein the public key and the identification of the processor are stored in a ROM module of the processor, and the private key and the identification of the processor are stored in the verification server.
The initial state of the processor's debug module and the processor's pins are set to a disabled state prior to debug authorization. If the states of the debugging module of the default processor and the pins of the processor are enabled states, the processor can be in a debugging state through the JTAG interface without the safe debugging and authorizing process, and the safe debugging and authorizing mechanism does not play a role in corresponding debugging and authorizing, so that the protection of the secret inside the processor is not facilitated, and potential safety hazards exist.
After the processor is started, the ROM module is firstly entered, the ROM module is composed of ROM firmware programs, and the ROM module is generally used for reading the firmware programs of the next stage from the data memory into the static random access memory and jumping to the static random access memory to execute the instructions of the next stage. The processor composes the identification of the processor stored in the ROM module and the dynamic random number generated by the true random number generating device of the processor into first authentication information, and the public key stored in the ROM module is adopted to asymmetrically encrypt the first authentication information to obtain a first authentication information ciphertext.
In the embodiment of the present application, before the first authentication information for debug authorization authentication is asymmetrically encrypted by using the public key of the debug authorization key stored in the ROM module of the processor, the method further includes: and receiving whether to enter a debugging authorization instruction, if so, performing debugging authorization, and if not, directly starting the ROM module.
In the embodiment of the application, the user can select according to the requirement by sending the inquiry instruction whether to enter the debug authorization or not to the user, and the selection items at least comprise: if yes, entering a debugging and authorizing flow if the debugging and authorizing are agreed; if not, skipping the flow of the debugging authorization and directly starting the ROM module.
The state register can also be set, and a jumper wire or a physical switch on the main board corresponds to one bit of the state register in the processor, and if the jumper wire cap is installed or the switch is pressed down, the bit reading of the state register is 1, so that the security debugging authorization is required. If the jumper cap is detached or the switch is sprung, the bit reading of the status register is 0, the process of skipping debugging and authorizing is indicated, and the ROM module is directly started. If the flow of the debug authorization is skipped, the debug module of the processor and the pins of the processor are always in a disabled state.
Before the debugging and authorizing process is carried out, the execution of the debugging and authorizing process is confirmed, so that the client can conveniently and flexibly select according to own requirements.
In the embodiment of the application, if the process of entering the debugging authorization is determined, the first authentication information ciphertext is sent to the authentication proxy device, and the authentication proxy device is an independent embedded system capable of accessing a network or an authorization system and is connected with the processor through a low-speed transmission protocol. After receiving the first authentication information ciphertext, the authentication proxy apparatus may directly transmit the first authentication information ciphertext to the authentication server. The data transmission between the authentication proxy device and the authentication server is performed through HTTPS service, and since the processor is not connected to the network when entering the ROM module after being started, the first authentication information ciphertext can only be sent to the authentication proxy device through a low-speed transmission protocol, such as UART. The authentication proxy device can run a Linux system and has a network interface, the web server can be accessed, and a user can send a first authentication ciphertext to the authentication server through the authentication proxy device in real time to request for debugging authorization rights.
And sending the first authentication information ciphertext to the verification server so that the verification server decrypts the first authentication information ciphertext by adopting a private key stored in the verification server to obtain the second authentication information. And comparing the identifier of the processor in the second authentication information with the identifier of the server stored in the verification server, and generating debugging authorization rights according to the verification result, wherein the identifier is used for verifying the validity of the identifier of the server in the second authentication information. And then, carrying out asymmetric encryption on the exchange authorization authority and the second authentication information by adopting a private key to obtain a second authentication information ciphertext. The server receives a second authentication information ciphertext returned by the authentication server through the authentication proxy device.
In the embodiment of the present application, generating the debug authorization right according to the verification result of the identification validity of the processor in the second authentication information includes:
and generating debugging authority for enabling a debugging function in response to the fact that the identification of the processor in the second authentication information is identical to the identification of the processor stored in the verification server, and the identification of the processor in the second authentication information is valid.
And in response to determining that the identification of the processor in the second authentication information is inconsistent with the identification of the processor stored in the verification server, the identification of the processor in the second authentication information is invalid, and the debugging authority is not generated, and the ROM module is started.
In the embodiment of the application, only when the identifier of the processor in the second authentication information obtained by decryption of the verification server is consistent with the identifier of the processor stored in the verification server, the processor is indicated to have the authority to debug the system software of the processor, and then the debugging authority for starting the debugging function is generated. When the identifier of the processor in the second authentication information obtained by decryption of the verification server is inconsistent with the identifier of the processor stored in the verification server, the processor is indicated to have no authority for debugging the system software of the processor, at the moment, no debugging authority is generated, and meanwhile, the debugging authority request is ended, so that the security of JTAG interface starting is improved, and the information in the processor is protected from being stolen.
In the embodiment of the invention, the debugging authority not only comprises an instruction for starting the debugging module of the processor and the pin of the processor to carry out the debugging operation, but also comprises a node for starting the debugging operation, such as starting the debugging operation before the ROM module jumps into the entry point of the operating system.
In an embodiment of the present invention, the forwarding the first authentication information ciphertext to the authentication server via an authentication proxy apparatus includes:
sending the first authentication information ciphertext to a verification proxy device, adding third authentication information into the encrypted first authentication information by the verification proxy device to obtain fourth authentication information, and transmitting the fourth authentication information to the verification server; the third authentication information includes: the processor user name and password.
When the authentication proxy device requests connection to the authentication server, the authentication proxy device may request to provide a processor user name and a password, automatically acquire the time of inputting the processor user name and the password, add the processor user name and the password as third authentication information into the first authentication information ciphertext to form fourth authentication information, and send the fourth authentication information to the authentication server for confirmation of the authority of the processor.
In the embodiment of the application, the content of the third authentication information and the processor identifier can be associated, for example, the processor identifier is 001, the user name is three, the processor identifier 001 and the user name is three are associated, the user name is three has the use authority of the 001 processor, the user name is used as the additional authentication information for the first step of authentication, after the authentication is passed, the first authentication information ciphertext is decrypted, the second authentication information is obtained after the decryption, the security of obtaining the debugging authority is further improved, and the information in the processor is protected from being stolen maliciously.
After receiving the second authentication information ciphertext, the processor firstly adopts the public key to decrypt, obtains the debugging authority and the second authentication information, and compares the first authentication information sent by the processor with the second authentication information obtained by decrypting according to the second authentication information ciphertext at the moment so as to verify the validity of the encryption information. And the processor responds to the fact that the comparison result of the first authentication information and the second authentication information is consistent, and starts a debugging module of the processor and pins of the processor to carry out debugging operation according to the debugging authorization right obtained through decryption according to the ciphertext of the second authentication information.
In the embodiment of the application, the method for debugging the authorization further comprises the following steps: and in response to determining that the comparison result of the first authentication information and the second authentication information is inconsistent, keeping the debugging module and the pin in a disabled state.
In the embodiment of the application, if the comparison result of the first authentication information and the second authentication information is inconsistent, the debug authorization authority is invalid, the debug module of the processor and the pins of the processor are kept in a disabled state, and at the moment, the ROM module is directly started, so that the debug authorization process is not performed.
In summary, in order to solve the technical problem that the security of the existing JTAG interface and the debugging convenience of the system software cannot be considered, a debugging authorization method applied to a processor side is provided. The verification server adopts the private key of the debugging authorization key to decrypt the first authentication information ciphertext to obtain second authentication information, and generates the debugging authorization authority according to the verification result of the identification validity of the processor in the second authentication information. And then, carrying out asymmetric encryption on the second authentication information and the debugging authority by adopting a private key to obtain a second authentication information ciphertext, and receiving the second authentication information ciphertext returned by the verification server through the verification proxy device. And after receiving the second authentication information ciphertext, the processor decrypts the second authentication information ciphertext by adopting the public key to obtain the debugging authorization authority and the second authentication information, and performs debugging operation on a debugging module of the processor and pins of the processor according to the debugging authorization authority in response to determining that the comparison result of the first authentication information and the second authentication information is consistent. After the server is delivered and used, the method can still perform configuration management on the debugging authority of the user on the premise of ensuring the safety.
Accordingly, as shown in fig. 2, based on the first debug authorization method, the embodiment of the invention correspondingly provides a debug authorization system, which is applied to a processor, and the system comprises: the device comprises an encryption module 1, a first ciphertext transmission module 2 and a decryption debugging module 3;
the encryption module 1 is configured to asymmetrically encrypt first authentication information for debugging and authorizing authentication by using a public key of a debugging and authorizing key stored in a ROM module of the processor to obtain a first authentication information ciphertext, where the first authentication information includes an identifier of the processor and a random number generated by a true random number generating device of the processor;
the first ciphertext transmission module 2 is configured to forward the first authentication information ciphertext to a verification server through a verification proxy device, so that the verification server decrypts the first authentication information ciphertext by using a private key of a debug authorization key, obtains second authentication information, generates a debug authorization right according to a verification result of identification validity of a processor in the second authentication information, and asymmetrically encrypts the second authentication information and the debug authorization right by using the private key to obtain a second authentication information ciphertext; receiving a second authentication information ciphertext returned by the authentication server through the authentication proxy device;
The decryption debugging module 3: and the processor is used for decrypting the second authentication information ciphertext by adopting the public key to obtain the debugging authorization authority and the second authentication information, and starting a debugging module of the processor and a pin of the processor to carry out debugging operation according to the debugging authorization authority in response to the fact that the comparison result of the first authentication information and the second authentication information is consistent.
In the embodiment of the application, based on the first debug authorization method, the provided debug authorization system comprises an encryption module 1, a first ciphertext transmission module 2 and a decryption debug module 3, and is used for executing the first debug authorization method. For specific limitations of the debug authorization system corresponding to the first debug authorization method, reference may be made to the above limitation of the first debug authorization method, and details thereof will not be repeated here. Those of ordinary skill in the art will appreciate that the various modules and steps described in connection with the disclosed embodiments of the application may be implemented in hardware, software, or a combination of both. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
In the embodiment of the present application, as shown in fig. 3, a second debug authorization method is also provided, applied to a verification server, where the method includes the following steps:
s10, a receiving processor verifies a first authentication information ciphertext forwarded by the proxy device; the first authentication information ciphertext is obtained by asymmetrically encrypting first authentication information by the processor by adopting a public key of a debugging authorization key stored in a ROM module of the processor, wherein the first authentication information comprises an identifier of the processor and a random number generated by true random number generating equipment of the processor.
S20, decrypting the first authentication information ciphertext by adopting a private key of the debugging authorization key to obtain second authentication information, generating debugging authorization rights according to a verification result of the identification validity of the processor in the second authentication information, and asymmetrically encrypting the debugging authorization rights and the second authentication information by adopting the private key to obtain second authentication information ciphertext.
S30, forwarding the second authentication information ciphertext to the processor through the authentication proxy device, so that the processor adopts the public key to decrypt the second authentication information ciphertext to obtain the debugging authorization authority and the second authentication information, and enabling a debugging module of the processor and pins of the processor to carry out debugging operation according to the debugging authorization authority in response to the fact that the comparison result of the first authentication information and the second authentication information is consistent.
In the second debugging authorization method disclosed by the application, the remote authorization authentication is also carried out by adopting an asymmetric encryption method, and the secret key for safe debugging comprises a public key and a private key, wherein the public key and the identification of the processor are stored in a ROM module of the processor, and the private key and the identification of the processor are stored in the verification server.
The verification server receives a first authentication information ciphertext forwarded by the processor through the verification proxy device, wherein the first authentication information ciphertext is obtained by asymmetrically encrypting the first authentication information by the processor by adopting a public key of a debugging authorization key stored in a ROM module of the processor, and is transmitted to the verification server through the verification proxy device. The method comprises the following steps: and forming the identification of the processor stored in the ROM module and the random number generated by the true random number generating device of the processor into first authentication information, and encrypting the first authentication information by adopting a public key of the debugging authorization key stored in the ROM module to obtain a first authentication information ciphertext.
After the verification server acquires the first authentication information ciphertext, the first authentication information ciphertext is decrypted by adopting a private key stored in the verification server, and the decrypted first authentication information is acquired and is used as second authentication information. The second authentication information comprises the identification of the processor stored in the ROM module, the identification of the processor stored in the ROM module is compared with the identification of the processor stored in the verification server, whether the identification of the two processors is consistent is checked, and if the identification of the two processors is consistent, the processor has the debugging authority, and the debugging authority for starting the debugging function can be generated. If the information is inconsistent, the processor does not have the debugging authority, the debugging authority for starting the debugging function is not generated, and the debugging authority request is ended, so that the safety of starting the JTAG interface is improved, and the information in the processor is protected from being stolen maliciously.
After the debugging authority is generated, the private key is adopted to encrypt the debugging authority and the second authentication information, a second authentication information ciphertext is obtained, and the second authentication information ciphertext is forwarded to the processor through the authentication proxy device. The processor can decrypt the second authentication information ciphertext by adopting the public key to obtain the debugging authorization right and the second authentication information, and the processor compares the second authentication information with the first authentication information to determine the validity of the debugging authorization right. If the comparison results are consistent, the result shows that the debugging authority is effective, and the debugging module of the processor and the pins of the processor can be started to carry out debugging operation according to the debugging authority. If the comparison results are consistent, the fact that the debugging authority is invalid is indicated, the debugging authority request is ended, and the ROM module is directly started. The second debugging authorization method provided by the embodiment of the application can realize configuration management of the user's debugging authority on the premise of ensuring safety after the server is delivered for use.
In summary, aiming at the technical problem that the security of the existing JTAG interface and the debugging convenience of the system software cannot be considered, the method for debugging and authorizing applied to the verification server side is provided, and the method comprises the following steps: the receiving processor verifies the first authentication information ciphertext forwarded by the proxy device; the first authentication information ciphertext is obtained by asymmetrically encrypting first authentication information by a processor by adopting a public key of a debugging authorization key stored in a ROM module of the processor, wherein the first authentication information comprises an identifier of the processor and a random number generated by a true random number generating device of the processor. And decrypting the first authentication information ciphertext by adopting a private key of the debugging authorization key to obtain second authentication information, generating debugging authorization rights according to a verification result of the identification validity of the processor in the second authentication information, and asymmetrically encrypting the debugging authorization rights and the second authentication information by adopting the private key to obtain second authentication information ciphertext. And forwarding the second authentication information ciphertext to the processor through the authentication proxy device so that the processor adopts the public key to decrypt the second authentication information ciphertext to obtain debugging authorization authority and second authentication information, and enabling a debugging module of the processor and pins of the processor to perform debugging operation according to the debugging authorization authority in response to the fact that the comparison result of the first authentication information and the second authentication information is consistent. After the server is delivered and used, the method can still perform configuration management on the debugging authority of the user on the premise of ensuring the safety.
Accordingly, as shown in fig. 4, based on the second debug authorization method, the embodiment of the present invention further provides a second debug authorization system, which is applied to the verification server, and the system includes: the system comprises a ciphertext receiving module 4, a verification authorization module 5 and a second ciphertext transmitting module 6;
the ciphertext receiving module 4 is used for receiving a first authentication information ciphertext forwarded by the processor through the authentication proxy device; the first authentication information ciphertext is obtained by asymmetrically encrypting first authentication information by the processor by adopting a public key of a debugging authorization key stored in a ROM module of the processor, wherein the first authentication information comprises an identifier of the processor and a random number generated by true random number generating equipment of the processor;
the verification authorization module 5 is configured to decrypt the first authentication information ciphertext by using a private key of the debug authorization key to obtain second authentication information, generate debug authorization rights according to a verification result of the identification validity of the processor in the second authentication information, and asymmetrically encrypt the debug authorization rights and the second authentication information by using the private key to obtain second authentication information ciphertext;
The second ciphertext transmission module 6 is configured to forward the second authentication information ciphertext to the processor via the authentication proxy device, so that the processor decrypts the second authentication information ciphertext by using the public key, obtains the debug authorization right and the second authentication information, and starts the debug module of the processor and the pins of the processor to perform a debug operation according to the debug authorization right in response to determining that the comparison result of the first authentication information and the second authentication information is consistent.
In the embodiment of the disclosure, based on the second debug authorization method, the second debug authorization system provided by the present application includes a ciphertext receiving module 4, a verification authorization module 5, and a second ciphertext transmitting module 6, which are configured to execute the second debug authorization method. The specific limitation of the second debug authorization system corresponding to the second debug authorization method may be referred to as the limitation of the second debug authorization method and the limitation of the first debug authorization method, and will not be described herein. Those of ordinary skill in the art will appreciate that the various modules and steps described in connection with the disclosed embodiments of the application may be implemented in hardware, software, or a combination of both. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
In the embodiment of the present application, as shown in fig. 5, a third debug authorization method is also provided, where the method includes the following steps:
s100, the processor adopts a public key of a debugging authorization key stored in a ROM module of the processor to asymmetrically encrypt first authentication information to obtain first authentication information ciphertext, wherein the first authentication information comprises an identifier of the processor and a random number generated by true random number generating equipment of the processor.
And S200, forwarding the first authentication information ciphertext to the authentication server through an authentication proxy device.
S300, the verification server adopts a private key of a debugging authorization key to decrypt the first authentication information ciphertext to obtain second authentication information, and generates debugging authorization rights according to a verification result of the identification validity of a processor in the second authentication information; and then adopting the private key to asymmetrically encrypt the debugging authority and the second authentication information to obtain a second authentication information ciphertext.
And S400, forwarding the second authentication information ciphertext to the processor through the verification proxy device.
S500, decrypting the second authentication information ciphertext by the processor by adopting the public key, obtaining the debugging authorization authority and the second authentication information, and enabling a debugging module of the processor and pins of the processor to carry out debugging operation according to the debugging authorization authority in response to the fact that the comparison result of the first authentication information and the second authentication information is consistent.
In the third debugging authorization method disclosed by the application, the remote authorization authentication is also performed by adopting an asymmetric encryption method, and the secret key of the secure debugging authorization comprises a public key and a private key, wherein the public key and the identification of the processor are stored in a ROM module of the processor, and the private key and the identification of the processor are stored in the verification server.
And forming the identification of the processor stored in the ROM module and the random number generated by the true random number generating device of the processor into first authentication information, and encrypting the first authentication information by adopting a public key stored in the ROM module to obtain a first authentication information ciphertext. The first authentication information ciphertext is forwarded to the authentication server via the authentication proxy apparatus.
After the verification server acquires the first authentication information ciphertext, the first authentication information ciphertext is decrypted by adopting a private key stored in the verification server, and the decrypted first authentication information is acquired and is used as second authentication information. The second authentication information comprises the identification of the processor stored in the ROM module, the identification of the processor stored in the ROM module is compared with the identification of the processor stored in the verification server, whether the identification of the two processors is consistent is checked, and if the identification of the two processors is consistent, the processor is indicated to have the authority for debugging the system software of the processor, and the debugging authority for starting the debugging function can be generated. If the information is inconsistent, the processor is not provided with the authority for debugging the system software of the processor, the debugging authority for starting the debugging function is not generated, and the debugging authority request is ended, so that the safety of starting the JTAG interface is improved, and the information in the processor is protected from being stolen maliciously.
After the debugging authority is generated, encrypting the debugging authority and the second authentication information by adopting a private key to obtain a second authentication information ciphertext, and forwarding the second authentication information ciphertext to the processor through the authentication proxy device. The processor decrypts the second authentication information ciphertext by adopting the public key to obtain the debugging authorization right and the second authentication information, and compares the second authentication information with the first authentication information to determine the validity of the debugging authorization right. If the comparison results are consistent, the result shows that the debugging authority is effective, and the debugging module of the processor and the pins of the processor can be started to carry out debugging operation according to the debugging authority. If the comparison result is inconsistent, the debug authorization authority is invalid, the debug authorization request is ended, and the ROM module is directly started.
In summary, a debug authorization method is provided for the technical problem that the security of the existing JTAG interface and the debugging convenience of the system software cannot be considered, and the method comprises the following steps: and asymmetrically encrypting the first authentication information by adopting a public key of a debugging authorization key stored in a ROM module of the processor, wherein the first authentication information comprises the identification of the processor. The authentication proxy device forwards ciphertext between the processor and the authentication server. And after receiving the first authentication information ciphertext, the verification server decrypts the first authentication information ciphertext by adopting a private key of the debugging authorization key to obtain second authentication information, generates debugging authorization rights according to a verification result of the identification validity of the processor, and encrypts the debugging authorization rights and the second authentication information by adopting the private key. And after receiving the second authentication information ciphertext, the processor decrypts the second authentication information ciphertext by adopting the public key to obtain the debugging authorization authority and the second authentication information, and performs debugging operation on a debugging module of the processor and pins of the processor according to the debugging authorization authority in response to determining that the comparison result of the first authentication information and the second authentication information is consistent. After the server is delivered and used, the application can still perform configuration management on the debugging authority of the user on the premise of ensuring the safety.
Accordingly, as shown in fig. 6, based on the third debug authorization method, the embodiment of the present invention further provides a third debug authorization system, where the system includes: a processor 7, an authentication proxy device 8, and an authentication server 9;
the processor 7 is configured to asymmetrically encrypt first authentication information by using a public key of a debug authorization key stored in a ROM module of the processor to obtain a first authentication information ciphertext, where the first authentication information includes an identifier of the processor and a random number generated by a true random number generating device of the processor; sending the first authentication information ciphertext to the authentication proxy device; receiving a second authentication information ciphertext returned by the authentication proxy device; and decrypting the second authentication information ciphertext by adopting the public key to obtain debugging authorization authority and second authentication information, and starting a debugging module of the processor and a pin of the processor to perform debugging operation according to the debugging authorization authority in response to determining that the comparison result of the first authentication information and the second authentication information is consistent.
The authentication proxy device 8 is configured to receive and forward the first authentication information ciphertext to the authentication server; and is further configured to receive and forward the second authentication information ciphertext to the processor;
The verification server 9 is configured to decrypt the first authentication information ciphertext by using a private key of a debug authorization key, obtain the second authentication information, and generate the debug authorization right according to a verification result of the identification validity of the processor in the second authentication information; carrying out asymmetric encryption on the debugging authorization authority and the second authentication information by adopting the private key to obtain a second authentication information ciphertext; and sending the second authentication information ciphertext to the authentication proxy device.
In the embodiment of the present disclosure, based on the third debug authorization method, the third debug authorization system provided includes a processor 7, a verification proxy device 8, and a verification server 9 for executing the third debug authorization method. The specific limitation of the third debug authorization system corresponding to the third debug authorization method may be referred to as the limitation of the third debug authorization method and the limitation of the first debug authorization method, and will not be described herein. Those of ordinary skill in the art will appreciate that the various modules and steps described in connection with the disclosed embodiments of the application may be implemented in hardware, software, or a combination of both. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
In summary, the embodiments of the present application provide a method and a system for debug authorization, which aim at the technical problem that the security of the existing JTAG interface and the debugging convenience of the system software cannot be considered, wherein the method includes: and asymmetrically encrypting the first authentication information by adopting a public key of a debugging authorization key stored in a ROM module of the processor, wherein the first authentication information comprises the identification of the processor. The authentication proxy device forwards ciphertext between the processor and the authentication server. And after receiving the first authentication information ciphertext, the verification server decrypts the first authentication information ciphertext by adopting a private key of the debugging authorization key to obtain second authentication information, generates debugging authorization rights according to a verification result of the validity of the identification of the processor, and encrypts the debugging authorization rights and the second authentication information by adopting the private key. And after receiving the second authentication information ciphertext, the processor decrypts the second authentication information ciphertext by adopting the public key to obtain the debugging authorization authority and the second authentication information, and performs debugging operation on a debugging module of the processor and pins of the processor according to the debugging authorization authority in response to determining that the comparison result of the first authentication information and the second authentication information is consistent. The technical scheme of the application can realize configuration management of the debugging authority of the user on the premise of ensuring the safety after the server is delivered and used.
The above examples only represent a few preferred embodiments of the present application, which are described in more detail and are not to be construed as limiting the scope of the claims. It should be noted that modifications and substitutions can be made by those skilled in the art without departing from the technical principles of the present application, and such modifications and substitutions should also be considered to be within the scope of the present application. Therefore, the protection scope of the patent of the application is subject to the protection scope of the claims.

Claims (10)

1. A method of debug authorization, applied to a processor, the method comprising:
carrying out asymmetric encryption on first authentication information for debugging and authorizing authentication by adopting a public key of a debugging and authorizing key stored in a ROM module of the processor to obtain a first authentication information ciphertext, wherein the first authentication information comprises an identifier of the processor and a random number generated by true random number generating equipment of the processor;
forwarding the first authentication information ciphertext to an authentication server through an authentication proxy device, enabling the authentication server to decrypt the first authentication information ciphertext by adopting a private key of a debugging and authorizing key to obtain second authentication information, generating debugging and authorizing permission according to an authentication result of the identification validity of a processor in the second authentication information, and carrying out asymmetric encryption on the second authentication information and the debugging and authorizing permission by adopting the private key to obtain second authentication information ciphertext; receiving a second authentication information ciphertext returned by the authentication server through the authentication proxy device;
And decrypting the second authentication information ciphertext by adopting the public key to obtain the debugging authorization authority and the second authentication information, and starting a debugging module of the processor and a pin of the processor to carry out debugging operation according to the debugging authorization authority in response to the fact that the comparison result of the first authentication information and the second authentication information is consistent.
2. The debug authorization method of claim 1, wherein forwarding the first authentication information ciphertext to the verification server via a verification proxy device comprises:
the first authentication information ciphertext is sent to a verification proxy device, third authentication information is added into the first authentication information ciphertext by the verification proxy device to obtain fourth authentication information, and the fourth authentication information is transmitted to the verification server; the third authentication information includes: a user name and a password of the processor.
3. The method of claim 1, wherein generating the debug authorization right based on the verification result of the identification validity of the processor in the second authentication information comprises:
responding to the fact that the identification of the processor in the second authentication information is consistent with the identification of the processor stored in the verification server, and generating a debugging authority for enabling a debugging function if the identification of the processor in the second authentication information is valid;
And in response to determining that the identification of the processor in the second authentication information is inconsistent with the identification of the processor stored in the verification server, the identification of the processor in the second authentication information is invalid, and the debugging authority is not generated, and the ROM module is started.
4. The debug authorization method of claim 1, wherein the method further comprises:
and in response to determining that the comparison result of the first authentication information and the second authentication information is inconsistent, keeping the debugging module and the pin in a disabled state.
5. The method of claim 1, wherein the step of asymmetrically encrypting the first authentication information for the debug authorization authentication using a public key of the debug authorization key stored in the ROM module of the processor further comprises:
and receiving whether to enter a debugging authorization instruction, if so, performing debugging authorization, and if not, directly starting the ROM module.
6. A debug authorization system, for use with a processor, the system comprising: the system comprises an encryption module, a first ciphertext transmission module and a decryption debugging module;
the encryption module is used for asymmetrically encrypting first authentication information for debugging, authorizing and authenticating by adopting a public key of a debugging, authorizing and secret key stored in the ROM module of the processor to obtain first authentication information ciphertext, wherein the first authentication information comprises an identifier of the processor and a random number generated by a true random number generating device of the processor;
The first ciphertext transmission module is used for forwarding the first authentication information ciphertext to an authentication server through an authentication proxy device, so that the authentication server adopts a private key of a debugging authorization key to decrypt the first authentication information ciphertext to obtain second authentication information, and generates debugging authorization rights according to an authentication result of the identification validity of a processor in the second authentication information, and then adopts the private key to asymmetrically encrypt the second authentication information and the debugging authorization rights to obtain second authentication information ciphertext; receiving a second authentication information ciphertext returned by the authentication server through the authentication proxy device;
the decryption debugging module: and the processor is used for decrypting the second authentication information ciphertext by adopting the public key to obtain the debugging authorization authority and the second authentication information, and starting a debugging module of the processor and a pin of the processor to carry out debugging operation according to the debugging authorization authority in response to the fact that the comparison result of the first authentication information and the second authentication information is consistent.
7. A method of debug authorization, applied to a validation server, the method comprising:
The receiving processor verifies the first authentication information ciphertext forwarded by the proxy device; the first authentication information ciphertext is obtained by asymmetrically encrypting first authentication information by the processor by adopting a public key of a debugging authorization key stored in a ROM module of the processor, wherein the first authentication information comprises an identifier of the processor and a random number generated by true random number generating equipment of the processor;
decrypting the first authentication information ciphertext by adopting a private key of the debugging authorization key to obtain second authentication information, generating debugging authorization rights according to a verification result of the identification validity of a processor in the second authentication information, and asymmetrically encrypting the debugging authorization rights and the second authentication information by adopting the private key to obtain second authentication information ciphertext;
and forwarding the second authentication information ciphertext to the processor through the verification proxy device so that the processor adopts the public key to decrypt the second authentication information ciphertext to obtain the debugging authorization authority and the second authentication information, and enabling a debugging module of the processor and pins of the processor to perform debugging operation according to the debugging authorization authority in response to the fact that the comparison result of the first authentication information and the second authentication information is consistent.
8. A debug authorization system, the system being for use with a validation server, the system comprising: the system comprises a ciphertext receiving module, a verification authorization module and a second ciphertext transmitting module;
the ciphertext receiving module is used for receiving a first authentication information ciphertext forwarded by the processor through the authentication proxy device; the first authentication information ciphertext is obtained by asymmetrically encrypting first authentication information by the processor by adopting a public key of a debugging authorization key stored in a ROM module of the processor, wherein the first authentication information comprises an identifier of the processor and a random number generated by true random number generating equipment of the processor;
the verification authorization module is used for decrypting the first authentication information ciphertext by adopting a private key of the debugging authorization key to obtain second authentication information, generating debugging authorization rights according to a verification result of the identification validity of the processor in the second authentication information, and asymmetrically encrypting the debugging authorization rights and the second authentication information by adopting the private key to obtain second authentication information ciphertext;
the second ciphertext transmission module is configured to forward the second authentication information ciphertext to the processor via the authentication proxy device, so that the processor decrypts the second authentication information ciphertext by using the public key, obtains the debug authorization right and the second authentication information, and starts the debug module of the processor and the pins of the processor to perform debug operation according to the debug authorization right in response to determining that the first authentication information is consistent with the second authentication information.
9. A method of debug authorization, the method comprising:
the method comprises the steps that a processor carries out asymmetric encryption on first authentication information by adopting a public key of a debugging authorization key stored in a ROM module of the processor to obtain a first authentication information ciphertext, wherein the first authentication information comprises an identifier of the processor and a random number generated by true random number generating equipment of the processor;
forwarding the first authentication information ciphertext to the authentication server via an authentication proxy device;
the verification server adopts a private key of the debugging authorization key to decrypt the first authentication information ciphertext to obtain second authentication information, and generates debugging authorization rights according to a verification result of the identification validity of the processor in the second authentication information; carrying out asymmetric encryption on the debugging authorization authority and the second authentication information by adopting the private key to obtain a second authentication information ciphertext;
forwarding the second authentication information ciphertext to the processor via the authentication proxy device;
and the processor decrypts the second authentication information ciphertext by adopting the public key, obtains the debugging authorization authority and the second authentication information, and starts a debugging module of the processor and a pin of the processor to carry out debugging operation according to the debugging authorization authority in response to determining that the comparison result of the first authentication information and the second authentication information is consistent.
10. A debug authorization system, the system comprising: a processor, an authentication server, and an authentication proxy device;
the processor is used for asymmetrically encrypting the first authentication information by adopting a public key of a debugging authorization key stored in a ROM module of the processor to obtain a first authentication information ciphertext, wherein the first authentication information comprises an identifier of the processor and a random number generated by true random number generating equipment of the processor; sending the first authentication information ciphertext to the authentication proxy device; receiving a second authentication information ciphertext returned by the authentication proxy device; decrypting the second authentication information ciphertext by adopting the public key to obtain debugging authorization authority and second authentication information, and starting a debugging module of the processor and a pin of the processor to perform debugging operation according to the debugging authorization authority in response to determining that the comparison result of the first authentication information and the second authentication information is consistent;
the authentication proxy device is used for receiving and forwarding the first authentication information ciphertext to the authentication server; and is further configured to receive and forward the second authentication information ciphertext to the processor;
The verification server is used for decrypting the first authentication information ciphertext by adopting a private key of the debugging authorization key to obtain the second authentication information, and generating the debugging authorization right according to a verification result of the identification validity of the processor in the second authentication information; carrying out asymmetric encryption on the debugging authorization authority and the second authentication information by adopting the private key to obtain a second authentication information ciphertext; and sending the second authentication information ciphertext to the authentication proxy device.
CN202311061535.5A 2023-08-22 2023-08-22 Debugging authorization method and system Pending CN117093969A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311061535.5A CN117093969A (en) 2023-08-22 2023-08-22 Debugging authorization method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311061535.5A CN117093969A (en) 2023-08-22 2023-08-22 Debugging authorization method and system

Publications (1)

Publication Number Publication Date
CN117093969A true CN117093969A (en) 2023-11-21

Family

ID=88783011

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311061535.5A Pending CN117093969A (en) 2023-08-22 2023-08-22 Debugging authorization method and system

Country Status (1)

Country Link
CN (1) CN117093969A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107783874A (en) * 2016-08-26 2018-03-09 华为技术有限公司 JTAG debugging apparatus and JTAG adjustment methods
CN109891416A (en) * 2016-10-27 2019-06-14 株式会社电装 For authenticating and the system and method for authorization device
CN111901117A (en) * 2019-05-06 2020-11-06 深圳大普微电子科技有限公司 Safety authentication method and system based on JTAG interface
CN113641535A (en) * 2021-07-09 2021-11-12 荣耀终端有限公司 Data backup system, data backup method, electronic device, and storage medium
CN115348076A (en) * 2022-08-12 2022-11-15 天翼数字生活科技有限公司 Equipment security authentication method based on attribute encryption and related device thereof

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107783874A (en) * 2016-08-26 2018-03-09 华为技术有限公司 JTAG debugging apparatus and JTAG adjustment methods
CN109891416A (en) * 2016-10-27 2019-06-14 株式会社电装 For authenticating and the system and method for authorization device
CN111901117A (en) * 2019-05-06 2020-11-06 深圳大普微电子科技有限公司 Safety authentication method and system based on JTAG interface
CN113641535A (en) * 2021-07-09 2021-11-12 荣耀终端有限公司 Data backup system, data backup method, electronic device, and storage medium
CN115348076A (en) * 2022-08-12 2022-11-15 天翼数字生活科技有限公司 Equipment security authentication method based on attribute encryption and related device thereof

Similar Documents

Publication Publication Date Title
CN111327643B (en) Multi-party data sharing method and device
US7155616B1 (en) Computer network comprising network authentication facilities implemented in a disk drive
KR100980831B1 (en) Method and apparatus for deterrence of secure communication using One Time Password
CN101682505B (en) Method and system for secure communication
JP5860815B2 (en) System and method for enforcing computer policy
CN110990827A (en) Identity information verification method, server and storage medium
CN110708388B (en) Vehicle body safety anchor node device, method and network system for providing safety service
JP2005102163A (en) Equipment authentication system, server, method and program, terminal and storage medium
CN102217277A (en) Method and system for token-based authentication
JP2009526322A (en) Secure digital content management using change identifiers
KR101314751B1 (en) Apparatus for managing installation of DRM and method thereof
US8417937B2 (en) System and method for securely transfering content from set-top box to personal media player
US20150047001A1 (en) Application program execution device
JP4998314B2 (en) Communication control method and communication control program
US20050021469A1 (en) System and method for securing content copyright
US8522046B2 (en) Method, apparatus and system for acquiring service by portable device
CN109743283B (en) Information transmission method and equipment
CN110912857B (en) Method and storage medium for sharing login between mobile applications
CN117093969A (en) Debugging authorization method and system
KR20170111809A (en) Bidirectional authentication method using security token based on symmetric key
KR101349698B1 (en) System and method for certification using portable storage medium, and terminal and authentication server and portable storage medium thereof
CN114143777B (en) Certificate key downloading method and system of internet of things terminal based on SIM card
CN113672898B (en) Service authorization method, authorization device, system, electronic device and storage medium
CN112559979B (en) Method for protecting software library authorized use on POS machine through hardware security chip
JP2022107344A (en) Device, debugging instrument, secure component, debugging system, and debugging method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination