A kind of method for improving embedded encryption chip communication transfer safety
Technical field
The present invention relates to communication data transmission field, more particularly to a kind of to improve embedded encryption chip communication transfer safety
The method of property.
Background technology
The safety of communication data transmission is always problem of the encryption application firstly the need of consideration, higher in security requirement
Encryption application in, to prevent from monitoring communication line data, in addition need frequently key agreement updating communication key.
Cipher key agreement algorithm general at present, such as ECDH(Elliptic Curves Diffie-Hellman) etc. (ECDH
It is based on ECC(Elliptic Curve Cryptosystems, the DH of elliptic curve cryptosystem( Diffie-Hellman)
Diffie-Hellman, exchanging both sides can negotiate a key in the case where any secret is not shared)Calculate complicated, especially
In embedded encryption chip application, because of resource-constraineds such as master controller CPU operational capabilities and RAM, key agreement is time-consuming longer,
If frequently carrying out key agreement, more master controller resource is consumed, it is impossible to meet the higher application of some real-times
Occasion.
The content of the invention
To improve the randomness of communication key and the safety of communication transfer between embedded encryption chip and master controller,
Communication every time is avoided to be required for carrying out problem of the communication key negotiation so as to affect communication transmission efficiency simultaneously, the invention provides
A kind of method for improving embedded encryption chip communication transfer safety.Methods described concrete steps include:
Encryption chip and master controller set up connection;
The master controller to the encryption chip issues session key agreement order;
The encryption chip receives the session key agreement order that the master controller is issued, and performs the session close
Key consults order;
The encryption chip to the master controller returns session key agreement response data;
The master controller is calculated according to the session key agreement order and the session key agreement response data
To session key;
The encryption chip is calculated according to the session key agreement order and the session key agreement response data
To the session key;
The encryption chip inside generates random number communication key list by randomizer;
Wherein, the random number communication key list is multiple communication key identifiers and communication key corresponding to identifier
Combination.
The encryption chip uses the session key, encrypts the random number communication key list, obtains random number and leads to
News cipher key list ciphertext;
The master controller to the encryption chip issues acquisition communication key list commands;
The encryption chip receives the acquisition communication key list commands that the master controller is issued, to the master controller
Return the random number communication key list ciphertext;
The master controller uses the session key, decrypts the random number communication key list ciphertext, obtains random
The list of number communication key is in plain text;
The master controller randomly chooses the first communication key from the random number communication key list, logical using first
Operational order and data that news key encryption is issued;
The operational order sum that the master controller encrypts the first communication key identifier and first communication key
According to being handed down to the encryption chip;
What the first communication key identifier and first communication key that the encryption chip reception is issued was encrypted
Operational order and data;The encryption chip is arranged according to the first communication key identifier in the random number communication key
First communication key is extracted in table, and using first communication key, the behaviour for decrypting the first communication key encryption
Order and data, obtain operational order and data clear text;
The encryption chip performs the operational order, obtains operational order response data;
The encryption chip randomly chooses the second communication key from the random number communication key list, logical using second
News key encrypts the operational order response data;
The encryption chip returns the second communication key identifier to the master controller and the operational order is rung
Answer data;
The master controller receives the second communication key identifier and the operational order response data;The master controller
According to the second communication key identifier, second communication key is extracted in the random number communication key list, and
The operational order response data of the second communication key encryption is decrypted using second communication key, meet with a response number
According in plain text;
Wherein, above-mentioned AES is symmetrical to add according to a specific embodiment using symmetrically or non-symmetrically AES
Close algorithm includes AES, DES, TDES;Rivest, shamir, adelman includes RSA, ECC.
The beneficial effect of technical method that the present invention is provided is:
Effectively raise the randomness of communication key and communication transfer between embedded encryption chip and master controller
Safety, turn avoid communication every time and is required for carrying out problem of the communication key negotiation so as to affect communication transmission efficiency.
Description of the drawings
Fig. 1 is that the method flow of the raising embedded encryption chip communication transfer safety that the embodiment of the present invention 1 is provided shows
It is intended to;
Fig. 2 is the method encryption core of the raising embedded encryption chip communication transfer safety that the embodiment of the present invention 2 is provided
Piece side schematic flow sheet;
Fig. 3 is the method main control of the raising embedded encryption chip communication transfer safety that the embodiment of the present invention 2 is provided
Device side schematic flow sheet.
Specific embodiment
To make the objects, technical solutions and advantages of the present invention become more apparent, develop simultaneously referring to the drawings embodiment, right
The present invention is further described.
Embodiment 1
In order to improve the peace of the randomness of communication key and communication transfer between embedded encryption chip and master controller
Quan Xing, it is to avoid communication every time is required for carrying out problem of the communication key negotiation so as to affect communication transmission efficiency, and the present invention is provided
A kind of method for improving embedded encryption chip communication transfer safety, referring to Fig. 1, methods described includes:
S1:Encryption chip and master controller set up connection;
S2:Master controller to encryption chip issues session key agreement order;
S3:Encryption chip receives the session key agreement order that master controller is issued, and performs session key agreement order;Its
In, encryption chip is by the cipher key agreement algorithm arranged with master controller(Such as ECDH), session key is calculated, and return session
Key negotiation response data are to master controller;
An embodiment of the invention, the concrete data transmission format of session key agreement command packet is:
usPLen + ucFlag + ucCls + ucIns + usP1 + usP2 + usDLen + Data +
usCrc;
usPLen:Two byte data packet lengths, data packet length (usLen) refers to the length of all data after usLen domains;
ucFlag:One byte communication key identifier;
Wherein, ucFlag highest orders (bit7) are that 1 expression Data numeric field datas are encrypted, are that 0 expression Data numeric field datas do not add
It is close.A ucFlag high position is to lowest order(Bit6~bit0)For communication key identifier.
ucCls:One byte command classification;
ucIns:Belong to the concrete operations order under ucCls order classifications, length is a byte;
usP1:Two byte parameters 1;
usP2:Two byte parameters 2;
usDLen:Two byte Data domain valid data length, because Data numeric field datas length is needed to adapt to some AESs
Mend 0 to align, usDLen is the valid data length before not mending 0;
Data:The data for interacting;
usCrc:Two byte data bag CRC16 are verified and referred to from after usPLen domains to all data before usCrc domains
Verification and;
S4:Encryption chip to master controller returns session key agreement response data;An embodiment party of the invention
Formula, the concrete transformat of the response data is:
usPLen + ucFlag + usDLen + Data + usCrc;
S5:The session key agreement response that master controller is returned according to the session key agreement order and encryption chip that issue
Data, are calculated session key;An embodiment of the invention, encryption chip is by the key arranged with master controller
Negotiation algorithm(Such as ECDH), it is calculated session key;
Encryption chip is calculated session key according to session key agreement order and session key agreement response data;
An embodiment of the invention, is calculated by ECDH algorithms;
S6:Encryption chip inside generates random number communication key list by randomizer;Of the invention one
Individual embodiment,
Wherein, the list of random number communication key is by several(Value 1~127)Sub- communication key is elementary composition.According to this
One specific embodiment of invention, sub- communication key element structure body variable description is as follows:
typedef struct
{
unsigned char ucFlag;// current sub- communication key identifier
unsigned char ucKeys[KEY_LENGTH];// current sub- communication key
} CommKeyStructure;
S7:Encryption chip uses session key, encrypted random number communication key list to obtain random number communication key list
Ciphertext;
S8:Master controller to encryption chip issues acquisition communication key list commands;
S9:Encryption chip receives the acquisition communication key list commands that master controller is issued, and returns to master controller random
Number communication key list ciphertext;
S10:Master controller uses session key, decrypted random number communication key list ciphertext to obtain random number communication close
Key list is in plain text;
S11:The master controller randomly chooses the first communication key from the random number communication key list(Wherein,
Contain multiple communication keys in the cipher key list), the operational order and data for issuing is encrypted using the first communication key(Including
The data used in chip implementation procedure);
S12:Under operational order and data that master controller encrypts the first communication key identifier and the first communication key
Issue the encryption chip;
S13:Encryption chip receives the operational order of the first communication key identifier and the first communication key encryption for issuing
And data;Encryption chip extracts the first communication key according to the first communication key identifier in random number communication key list,
And the operational order and data of the encryption of the first communication key are decrypted using the first communication key, obtain operational order and data are bright
Text;
S14:Encryption chip operation command, obtains operational order response data;
S15:Encryption chip randomly chooses the second communication key from random number communication key list, close using the second communication
Key cryptographic operation command response data;
S16:Master controller to encryption chip issues acquisition response data order;
S17:Encryption chip to master controller returns the second communication key identifier and operational order response data;
S18:Master controller receives the second communication key identifier and operational order response data;Master controller is according to second
Communication key identifier, extracts the second communication key in random number communication key list, and is decrypted using the second communication key
The operational order response data of the second communication key encryption, meet with a response data clear text;
S19:If master controller commands are not yet all issued, return to step S11 is continued executing with;If all issued,
Then master controller continues other operations.
By method provided in an embodiment of the present invention, communication key between embedded encryption chip and master controller is improve
Randomness and communication transfer safety, turn avoid every time communication and be required for carrying out communication key consulting so as to affect communication
The problem of efficiency of transmission.
In order to be described in detail to the method that the embodiments of the present invention are provided, following examples are referred to:
Embodiment 2
In order to improve the peace of the randomness of communication key and communication transfer between embedded encryption chip and master controller
Quan Xing, it is to avoid communication every time is required for carrying out problem of the communication key negotiation so as to affect communication transmission efficiency, and the present invention is provided
A kind of method for improving embedded encryption chip communication transfer safety, referring to Fig. 2.
Method provided in an embodiment of the present invention is with the performed master in interaction in encryption chip side and master controller side
Action is wanted to illustrate, content is as follows,
First, encryption chip side:
Step 101:Encryption chip is attached with master controller;
Step 102:Encryption chip receives the session key agreement command packet that master controller is issued;
Wherein, issuing the concrete data transmission format of packet is:
usPLen + ucFlag + ucCls + ucIns + usP1 + usP2 + usDLen + Data +
usCrc;
Correspondingly, reply data bag transformat is:
usPLen + ucFlag + usDLen + Data + usCrc;
usPLen:Two byte data packet lengths, data packet length (usLen) refers to the length of all data after usLen domains;
ucFlag:One byte communication key identifier;
Wherein, ucFlag highest orders (bit7) are that 1 expression Data numeric field datas are encrypted, are that 0 expression Data numeric field datas do not add
It is close.A ucFlag high position is to lowest order(Bit6~bit0)For communication key identifier.
ucCls:One byte command classification;
ucIns:Belong to the concrete operations order under ucCls order classifications, length is a byte;
usP1:Two byte parameters 1;
usP2:Two byte parameters 2;
usDLen:Two byte Data domain valid data length, because Data numeric field datas length is needed to adapt to some AESs
Mend 0 to align, usDLen is the valid data length before not mending 0;
Data:The data for interacting;
usCrc:Two byte data bag CRC16 are verified and referred to from after usPLen domains to all data before usCrc domains
Verification and;
Step 103:After encryption chip receiving data bag is finished, parsing is carried out to the packet for issuing according to agreement and is obtained
Session key agreement order;Encryption chip is by the cipher key agreement algorithm arranged with master controller(Such as ECDH), it is calculated session
Key, and session key agreement response data is returned to master controller;
Step 104:Encryption chip generates random number communication key list;
Wherein, the list of random number communication key is by several(Value 1~127)Sub- communication key is elementary composition.According to this
One specific embodiment of invention, sub- communication key element structure body variable description is as follows:
typedef struct
{
unsigned char ucFlag;// current sub- communication key identifier
unsigned char ucKeys[KEY_LENGTH];// current sub- communication key
} CommKeyStructure;
Step 105:After encryption chip receives acquisition random number communication key list commands packet, main control is returned
Device uses the random number communication key list after session key;
Step 106:After encryption chip has received the operational command data bag that master controller is issued, ucFlag domains are parsed,
Corresponding communication key is extracted from random number communication key list, decryption oprerations command packet, operation command is obtained
Reply data.
Step 107:Encryption chip randomly selects a communication key, encrypted response number in random number communication key list
According to, according to reply data bag transformat, by the identifier of this communication key and set of encrypted data bag, master controller is returned,
Go to execution step 106;
The present embodiment is not limited to the concrete form communicated between encryption chip and master controller.
2nd, master controller side, refers to Fig. 3:
Step 201:Master controller detects encryption chip access, execution step 202.
Step 202:Master controller issues session key agreement command packet;
Step 203:Master controller receives session key agreement response data packet, by cipher key agreement algorithm(Such as
ECDH), it is calculated session key;
Step 204:Master controller issues acquisition random number communication key list commands packet;
Step 205:Master controller receives random number communication key list commands response data packet, using session key solution
Close random number communication key list ciphertext;
Step 206:Master controller randomly selects a communication key, cryptographic operation order in random number communication key list
And data, according to packet transformat by the identifier of this communication key and set of encrypted data bag, it is handed down to encryption chip;
Step 207:Master controller has been received after operational order reply data bag, parsing ucFlag domains, from random number communication
Corresponding communication key is extracted in cipher key list, reply data bag is decrypted, reply data is obtained in plain text;
Step 208:Judge whether master controller commands all issue, if master controller does not distribute down order, continue to repeat
The operation of execution step 206 to step 207;
Step 209:Master controller continues executing with other operations.
In sum, method provided in an embodiment of the present invention, improves and lead between embedded encryption chip and master controller
The randomness of news key and the safety of communication transfer, turn avoid communication every time and are required for carrying out communication key negotiation so as to shadow
Ring the problem of communication transmission efficiency.
It will be appreciated by those skilled in the art that accompanying drawing is the schematic diagram of a preferred embodiment, the module or stream in accompanying drawing
Journey is not necessarily implemented necessary to the present invention.
Presently preferred embodiments of the present invention is the foregoing is only, protection scope of the present invention is not intended to limit.It is all
Within the spirit and principles in the present invention, any modification, equivalent and improvement for being made etc. should be included in the guarantor of the present invention
Within the scope of shield.