CN102750478B - A kind of safety chip possessing security certificate transfer and lock-in techniques - Google Patents

A kind of safety chip possessing security certificate transfer and lock-in techniques Download PDF

Info

Publication number
CN102750478B
CN102750478B CN201210192321.7A CN201210192321A CN102750478B CN 102750478 B CN102750478 B CN 102750478B CN 201210192321 A CN201210192321 A CN 201210192321A CN 102750478 B CN102750478 B CN 102750478B
Authority
CN
China
Prior art keywords
public key
chip
safety chip
storing unit
sheet
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201210192321.7A
Other languages
Chinese (zh)
Other versions
CN102750478A (en
Inventor
陈挺立
汪孝晃
叶明统
宋慰云
林峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fujian Fayi Technology Co ltd
Original Assignee
FUJIAN WITSI MICRO-ELECTRONICS Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by FUJIAN WITSI MICRO-ELECTRONICS Co Ltd filed Critical FUJIAN WITSI MICRO-ELECTRONICS Co Ltd
Priority to CN201210192321.7A priority Critical patent/CN102750478B/en
Publication of CN102750478A publication Critical patent/CN102750478A/en
Application granted granted Critical
Publication of CN102750478B publication Critical patent/CN102750478B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Storage Device Security (AREA)
  • Stored Programmes (AREA)

Abstract

The present invention relates to a kind of safety chip possessing security certificate transfer and lock-in techniques, described safety chip integrates a ROM memory block, solidifies safe Boot for user, a solidification chip public key in safe Boot; Safety chip also has public key storing unit in a sheet, for the factory public key of programming user; Also integrated at least one electrical fuse eFuse on safety chip, when eFuse does not blow, safe Boot uses chip public key to carry out data sign test, and in sheet, public key storing unit can be rewritten by download factory public key; After eFuse blows, safe Boot uses factory public key to carry out data sign test, and in sheet, public key storing unit can only read, and can not rewrite.The transfer that the present invention provides a kind of security control to weigh for safety chip and can not metastasis, its objective is that the safety ensureing this safety chip can be controlled completely by authorized main body, finally guarantees integrality and the authenticity of the information on safety chip.This technology has simple to operate, enforcement facility, degree of safety pole high.

Description

A kind of safety chip possessing security certificate transfer and lock-in techniques
Technical field
The present invention relates to E-Payment field, information security field, field of cryptography, computer science.
Background technology
To payment Terminal Type, PCI(PaymentCardIndustry) specification DTRB4 is to firmware more new work regulation: if firmware is renewable, then cryptographic algorithm must be used to carry out certification to firmware; As the authenticity of firmware to be updated can not be confirmed, then will not upgrade and delete.Wherein firmware refers in the equipment of residing in, and provides safeguard protection to meet any code or the data of PCI requirement.In this sense, security certificate is exactly show the power of giving firmware and upgrading, or refers to the entitlement and the control that have firmware.For payment terminal, firmware also generally divides two parts: a part plays initialization terminal and guidance system software startup, is called Boot; Another part refers to the software comprising particular terminal application, and sometimes also comprising system software, is in this collectively application firmware.Application firmware must be upgraded by Boot, and Boot is generally solidification, or must also factory's ability programming.
For cryptographic algorithm, generally being recognized now spendable scheme is adopt public-key cryptosystem, uses public and private key certificate signature authentication mechanism to realize.PKI is disclosed key, only matches with private key and uses, as long as PKI is not tampered or upgrades, that authorisation body only having private key could upgrade firmware.Because private key is by authorisation body oneself keeping, relative to product itself, always suppose that it is safe.Therefore, protection product firmware is not arbitrarily upgraded by third party, guarantees firmware safety, and most important is exactly ensure that PKI is not arbitrarily distorted or upgrade.
At present, AtmelSO25 chip, sheet is not activated code Boot, after what a Boot client will first compile, sends the help programming of chip producer on chip.The control that the chip of Boot is crossed in such programming is just transferred in client's hand.The shortcoming of this scheme is: producer is necessary for each client's programming Boot, this adds increased the complicacy of producer's chip production stock and delivery.
In addition, AtmelSO101 chip, sheet adds Boot, and this Boot can be upgraded by user.User is by upgrading this Boot safe transfer in oneself hand.But once user upgrades Boot extremely, this chip will become waste paper.Therefore, the shortcoming of this scheme is: although improve the dirigibility of producing and getting ready the goods concerning chip producer, add the risk of user, will directly affect the first-pass yield of consumer products.
Further, MaximZA9L0 and ZA9L1 chip, though sheet has Boot, user needs to send producer Maxim PKI and carrys out programming on sheet.The shortcoming of the program is as AtmelSO25.
Further, MaximMAXQ1850 chip, sheet has Boot, user can pass through the application firmware that this Boot download oneself.User locks the download function of Boot by software merit rating safety lock.But this safety lock can unlock in design, the sensitive data will automatically removed on sheet during unblock.Therefore, this scheme, can ensure the safety of sensitive data on sheet, but can not ensure the safety of equipment.Because after safety unlocks, assailant (or third party) can also upgrade application firmware, namely can download a false firmware to cheat user, steal user security information.
This patent adopts brand-new thinking, provides user to upgrade the scheme of PKI, and security control power is transferred to user on hand; Locking public-key mechanism (irrecoverable) by electrical fuse again makes assailant (or third party) cannot upgrade the object of application firmware by distorting PKI to reach.
Summary of the invention
The technical problem to be solved in the present invention, is transfer for safety chip provides a kind of security control to weigh and can not metastasis (namely locking).So-called transfer refers to that security control power is transferred to chip from chip producer uses client, reaches the object of mandate; The not transferable client of referring to of what is called is after obtaining mandate, and metastasis (namely locking) control can not be held in oneself on hand by this, other side any can not obtain mandate again.The object of the invention is to ensure that the safety of this safety chip can only be controlled completely by authorized main body, it has simple to operate, enforcement facility, degree of safety pole high.
Concrete technical scheme of the present invention is: a kind of safety chip possessing security certificate transfer and lock-in techniques, it is characterized in that: described safety chip integrates a ROM memory block, safe Boot is solidified, a solidification chip public key in safe Boot for user; Safety chip also has public key storing unit in a sheet, for the factory public key of programming user; Also integrated at least one electrical fuse eFuse on safety chip, when eFuse does not blow, safe Boot uses chip public key to carry out data sign test, and in sheet, public key storing unit can be rewritten by download factory public key; After eFuse blows, safe Boot uses factory public key to carry out data sign test, and in sheet, public key storing unit can only read, and can not rewrite.
The present invention can also be specially further:
Described safety chip is integrated with two electrical fuse eFuse0 and eFuse1;
Wherein, eFuse0 is used for the selection of sign test PKI, and safe Boot uses chip public key or factory public key to carry out data sign test according to eFuse0 condition selecting; When eFuse0 does not blow, safe Boot uses chip public key to carry out data sign test; After eFuse0 blows, safe Boot uses factory public key to carry out data sign test;
Wherein, eFuse1 is used for the rewritten characteristic of public key storing unit in control strip; When eFuse1 does not blow, in this sheet, public key storing unit can be rewritten by downloading factory public key; After eFuse1 blows, in this sheet, public key storing unit can only read, and can not rewrite.
Described electrical fuse technology can adopt fuse or antifuse technology.
The present invention has following characteristics:
On the one hand, the present invention, by PKI update mechanism, transfers to another authorisation body (client) security control power from an authorisation body (chip producer).PKI upgrades and adopts certificate signature mechanism, and the main body only having existing PKI corresponding private key just can upgrade PKI; Once upgrade PKI, then corresponding signature private key is also by synchronized update.
Another side, the present invention, by PKI lock-in techniques, makes again security control weigh and cannot continue transfer, ensures that safety is controlled completely by single authorisation body.According to PKI update mechanism above, PKI, once cannot upgrade after locking, therefore, only has the main body of final updating PKI just to have final security control and weighs, become final authorisation body.
Above-mentioned PKI update mechanism, be according to Public Key Infrastructure(PKI) standard, certificate of utility signature mechanism upgrades PKI.Utilize PKI system, ensure that and only have authorisation body just can upgrade PKI; Namely authorisation body refers to the main body having private key corresponding to existing PKI.Equally, other has and relates to security related operations, and main body all must be realized by certificate signature mechanism.
Above-mentioned PKI lock-in techniques, is blow PKI more new tunnel by electrical fuse principle (eFuse), PKI cannot be upgraded further, reach locking object.Wherein, so-called electrical fuse technology can be fuse, antifuse or other similar techniques.And above-mentioned PKI locking, refers to its function once locking, can not unlock, namely can not restore after function locking.
Accompanying drawing explanation
Fig. 1 is the functional block diagram that the present invention possesses the safety chip of security certificate transfer and lock-in techniques.
Fig. 2 is another simple implementation block diagram that the present invention possesses the safety chip of security certificate transfer and lock-in techniques.
Embodiment
Feature for the present invention and technology contents, please refer to following detailed description and accompanying drawing, and accompanying drawing only provides reference and explanation, is not used for being limited the present invention.
Please refer to shown in Fig. 1, a kind of function example block diagram possessing the safety chip of security certificate transfer and lock-in techniques of the present invention.Described safety chip integrates a ROM memory block, and user solidifies safe Boot, a solidification sign test PKI (title chip public key) in safe Boot; Safety chip also has public key storing unit in a sheet, for the sign test PKI (title factory public key) of programming user; Also integrated two electrical fuses (eFuse0, eFuse1) on safety chip.
Wherein, eFuse0 is used for the selection of sign test PKI; Safe Boot uses chip public key or factory public key to carry out data sign test according to eFuse0 condition selecting.When eFuse0 does not blow, safe Boot uses chip public key to carry out data sign test; After eFuse0 blows, safe Boot uses factory public key to carry out data sign test.
Wherein, eFuse1 is used for the rewritten characteristic of public key storing unit in control strip.When eFuse1 does not blow, this storage unit can be undertaken rewriting (namely renewable) by downloading factory public key; After eFuse1 blows, this storage unit can only read, and can not rewrite.
According to above-mentioned functional block diagram is illustrated known, in default situations, safety chip when dispatching from the factory be use chip public key carry out data sign test.Sign test private key corresponding to chip public key is provided by chip companies, open to all users (or main body); Have the main body of this private key, just can manipulate safety chip, it is more newly downloaded to carry out factory public key.
Once user have updated factory public key, and blow eFuse0, then this safety chip of follow-up manipulation just must use private key that factory public key is corresponding to carry out data sign test.Therefore, the security control power of whole chip just transfers to user on hand.The transfer of the security certificate so namely realized.
Meanwhile, illustrate also known to functional block diagram according to above-mentioned, safety chip is when dispatching from the factory, and before eFuse1 does not blow, factory public key can arbitrarily upgrade.When user has upgraded PKI, and after blowing eFuse1, other user just cannot upgrade factory public key.So just realize factory public key locking.If at this moment, user blows eFuse0, namely realizes security certificate transfer, then user blows the locking that eFuse1 also just realizes safety simultaneously.
In sum, safety chip is not before performing security certificate transfer, and acquiescence is openly authorized all main bodys; When user has upgraded factory public key, and when switching use factory public key, namely realize security certificate transfer; Before safe non-locking, security certificate transfer can be repeated.For increasing security of system, user can realize safety locking by locking PKI; Security certificate transfer just cannot be performed again after safety locking.
With reference to figure 2, be that a kind of another of safety chip possessing security certificate transfer and lock-in techniques of the present invention realizes block diagram.Which simplify the design proposal of electrical fuse, two functions are controlled together: namely when eFuse does not blow by an electrical fuse eFuse, safe Boot uses chip public key to carry out data sign test, and factory public key storage unit can be undertaken rewriting (namely renewable) by downloading factory public key; After eFuse blows, safe Boot uses factory public key to carry out data sign test, and factory public key storage unit can only read, and can not rewrite.Relative to the implementation of Fig. 1, carry out the simplification of function; And the advantage of Fig. 1 implementation is, one can be provided to allow multilevel security mandate metastasis for user.Namely user can not carry out safety locking, because after safe transfer is complete, carry out the safe transfer of next round, third party must have the private key that set by current grant user, PKI is corresponding, can think that the system before not performing safety locking has been a security system.

Claims (4)

1. possess a safety chip for security certificate transfer and lock-in techniques, it is characterized in that: described safety chip integrates a ROM memory block, solidifies safe Boot for user, a solidification chip public key in safe Boot; Safety chip also has public key storing unit in a sheet, for the factory public key of programming user; An also integrated electrical fuse eFuse on safety chip, when eFuse does not blow, safe Boot uses chip public key to carry out data sign test, and in sheet, public key storing unit can be rewritten by download factory public key; After eFuse blows, safe Boot uses factory public key to carry out data sign test, and in sheet, public key storing unit can only read, and can not rewrite.
2. the safety chip possessing security certificate transfer and lock-in techniques according to claim 1, is characterized in that: described electrical fuse technology can adopt fuse or antifuse technology.
3. possess a safety chip for security certificate transfer and lock-in techniques, it is characterized in that: described safety chip integrates a ROM memory block, solidifies safe Boot for user, a solidification chip public key in safe Boot; Safety chip also has public key storing unit in a sheet, for the factory public key of programming user; Described safety chip is integrated with two electrical fuse eFuse0 and eFuse1; Wherein, eFuse0 is used for the selection of sign test PKI, and safe Boot uses chip public key or factory public key to carry out data sign test according to eFuse0 condition selecting; When eFuse0 does not blow, safe Boot uses chip public key to carry out data sign test; After eFuse0 blows, safe Boot uses factory public key to carry out data sign test; Wherein, eFuse1 is used for the rewritten characteristic of public key storing unit in control strip; When eFuse1 does not blow, in this sheet, public key storing unit can be rewritten by downloading factory public key; After eFuse1 blows, in this sheet, public key storing unit can only read, and can not rewrite.
4. the safety chip possessing security certificate transfer and lock-in techniques according to claim 3, is characterized in that: described electrical fuse technology can adopt fuse or antifuse technology.
CN201210192321.7A 2012-06-12 2012-06-12 A kind of safety chip possessing security certificate transfer and lock-in techniques Active CN102750478B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201210192321.7A CN102750478B (en) 2012-06-12 2012-06-12 A kind of safety chip possessing security certificate transfer and lock-in techniques

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210192321.7A CN102750478B (en) 2012-06-12 2012-06-12 A kind of safety chip possessing security certificate transfer and lock-in techniques

Publications (2)

Publication Number Publication Date
CN102750478A CN102750478A (en) 2012-10-24
CN102750478B true CN102750478B (en) 2016-03-30

Family

ID=47030651

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210192321.7A Active CN102750478B (en) 2012-06-12 2012-06-12 A kind of safety chip possessing security certificate transfer and lock-in techniques

Country Status (1)

Country Link
CN (1) CN102750478B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103544413B (en) * 2013-10-31 2017-02-15 宇龙计算机通信科技(深圳)有限公司 Method and device for verifying software copyright in intelligent terminal
TWI678658B (en) * 2017-05-23 2019-12-01 慧榮科技股份有限公司 Method for updating firmware of data storage device
TWI700627B (en) 2017-05-23 2020-08-01 慧榮科技股份有限公司 Data storage device and data storage method for confirming firmware data

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101322349A (en) * 2005-12-12 2008-12-10 高通股份有限公司 Certify and split system and method for replacing cryptographic keys
CN101950332A (en) * 2010-07-12 2011-01-19 大唐微电子技术有限公司 Chip protecting method and system
CN102088348A (en) * 2010-12-22 2011-06-08 东南大学 Mobile phone security chip for embedded platform and protection system comprising same

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
NO321850B1 (en) * 2004-06-25 2006-07-10 Buypass As Procedure for generating and verifying an electronic signature

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101322349A (en) * 2005-12-12 2008-12-10 高通股份有限公司 Certify and split system and method for replacing cryptographic keys
CN101950332A (en) * 2010-07-12 2011-01-19 大唐微电子技术有限公司 Chip protecting method and system
CN102088348A (en) * 2010-12-22 2011-06-08 东南大学 Mobile phone security chip for embedded platform and protection system comprising same

Also Published As

Publication number Publication date
CN102750478A (en) 2012-10-24

Similar Documents

Publication Publication Date Title
US10682981B2 (en) Systems and methods for networked device security
CN101427259B (en) Method and equipment of authorisation of the installation of a software version
AU2019204723C1 (en) Cryptographic key management based on identity information
CA3027909C (en) Authentication in ubiquitous environment
CN101042736B (en) Smart card and method for accessing objects in smart card
CN101042738B (en) Method for implementing smart card multi-application and data processing apparatus
US20120311314A1 (en) Processor security
CN101073098A (en) System and method for application management on multi-application smart cards
CN101042737B (en) Smart card and method for creating application and insertion objects in smart card
CN107194237B (en) Method and device for application program security authentication, computer equipment and storage medium
CN102750478B (en) A kind of safety chip possessing security certificate transfer and lock-in techniques
CN105684483A (en) Registry apparatus, agent device, application providing apparatus and corresponding methods
KR102267979B1 (en) Protection devices and dongles, and methods for using them
CN101755291A (en) Method, system and trusted service manager for securely transmitting an application to a mobile phone
JP2009100394A (en) Information processing apparatus and method, recording medium, program, and information processing system
JP2010540802A (en) Lock management system
CN112150682A (en) Intelligent access control card, intelligent door lock terminal and intelligent access control card identification method
EP3188068A1 (en) Vehicular data conversion device and vehicular data output method
CN102663292A (en) Method and system for realizing smart card application and deployment
JP2010518499A (en) Method for authenticating access to at least one automated component of an industrial facility
KR20190105482A (en) Electronic device and method for performing digital key provision
CN101385305B (en) The method and apparatus of Public key is arranged between the first communication equipment and second communication equipment
CN101650700B (en) Method and device for supporting multi-logical channel communication
JP4723187B2 (en) Update management of coded data in memory
JP2013046119A (en) Authentication device, authentication system, and authentication method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20210326

Address after: 350001 20 / F, building 8, area F, Fuzhou Software Park, 89 software Avenue, Gulou District, Fuzhou City, Fujian Province

Patentee after: Fujian anfan Electronic Technology Co.,Ltd.

Address before: Room 307, building 20, area a, Fuzhou Software Park, 89 software Avenue, Gulou District, Fuzhou City, Fujian Province 350003

Patentee before: FUJIAN WITSI MICRO-ELECTRONICS Co.,Ltd.

TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20240726

Address after: Building 8, Block F, Fuzhou Software Park, No. 89 Software Avenue, Gulou District, Fuzhou City, Fujian Province, China 350000

Patentee after: Fujian Fayi Technology Co.,Ltd.

Country or region after: China

Address before: 350001 20 / F, building 8, area F, Fuzhou Software Park, 89 software Avenue, Gulou District, Fuzhou City, Fujian Province

Patentee before: Fujian anfan Electronic Technology Co.,Ltd.

Country or region before: China