The content of the invention
In view of the foregoing deficiencies of prior art, it is an object of the invention to provide a kind of set-top-box chip and apply
Digital signature implementation method in set-top-box chip, for solving to bring because chip is embedded OTP areas increase in the prior art
Chip cost it is high the problem of.
In order to achieve the above objects and other related objects, the present invention provides a kind of numeral label applied in set-top-box chip
Name implementation method, the digital signature implementation method include:RSA public keys are encrypted using the key of the chip, are obtained
RSA public key cryptographies;The RSA public key cryptographies are stored to the pre-set space in the Flash;RSA public keys operation Hash is calculated
Method, obtains the cryptographic Hash of the RSA public keys;By the cryptographic Hash of the RSA public keys be implanted into the OTP registers of the chip for
The chip carries out signature verification when starting.
In digital signature implementation method of the present invention, the step of signing to loading procedure is further included:Order is pre-stored in institute
State loading procedure in Flash and run corresponding hash algorithm, obtain corresponding cryptographic Hash;Hash using RSA private keys to acquisition
Value is signed, to obtain loading procedure signature;Loading procedure signature is stored to the pre-set space in the Flash.
The step of signature verification is carried out in digital signature implementation method of the present invention, when the chip starts to be included:From described
The RSA public key cryptographies are loaded in Flash, and it is decrypted using the key of the chip, obtain RSA public keys in plain text;To institute
State RSA public keys and run corresponding hash algorithm in plain text to obtain cryptographic Hash;Verify that the cryptographic Hash obtained and the OTP of the chip are posted
Whether the cryptographic Hash for the RSA public keys being implanted into storage is consistent, if unanimously, the RSA public keys are effective in plain text;If differ
Cause, then the RSA public keys are invalid in plain text, then authentication failed, into CPU suspended states;It is right in plain text using the effective RSA public keys
The loading procedure signature operation signature verification algorithm;If signature verification is by running loading procedure;If signature verification is not led to
Cross, into CPU suspended states.Specifically, further include to prejudge in the step of carrying out signature verification when the chip starts and open
The step of whether dynamic model formula is safe mode, if so, the RSA public key cryptographies are then loaded from the Flash, and described in use
The key of chip decrypts it, obtains RSA public keys in plain text;If it is not, then directly loaded from the Flash and run the loading
Program.
The present invention also provides a kind of set-top-box chip, including:Flash storage, including it is stored with the program of loading procedure
Memory block, the signature memory block for being stored with loading procedure signature and the public key memory block for being stored with RSA public key cryptographies, wherein,
Generated when the RSA public key cryptographies are by being encrypted RSA public keys using chip keys;And OTP registers, including be stored with
The memory block of RSA public key cryptographic Hash and the key storage area for being stored with chip keys, wherein, the RSA public keys cryptographic Hash is by RSA
Public key operation hash algorithm generation.
In the set-top-box chip of the present invention, the loading procedure signature runs corresponding hash algorithm by loading procedure and obtains
Corresponding cryptographic Hash, and signature generation is carried out to it using RSA private keys.
As described above, the present invention set-top-box chip and apply the digital signature implementation method in set-top-box chip,
The cryptographic Hash of RSA public keys is implanted into chip internal OTP, while will be stored in using the encrypted RSA public key cryptographies of chip keys
In Flash.When restarting every time, Flash is verified first with the cryptographic Hash and chip keys for the RSA public keys being implanted into chip
The validity of middle RSA public key cryptographies, completes loader utility in Flash using the RSA public keys after decryption after being verified and signs
Verification.Due to the introducing of hash algorithm, new implementation method effectively reduces the use of chip internal OTP resources, and then drops
Low chip cost.Since chip keys have the characteristics that uniqueness, RSA public keys are encrypted using it and are effectively raised
Chip security.
Embodiment
Illustrate embodiments of the present invention below by way of specific instantiation, those skilled in the art can be by this specification
Disclosed content understands other advantages and effect of the present invention easily.The present invention can also pass through in addition different specific realities
The mode of applying is embodied or practiced, the various details in this specification can also be based on different viewpoints with application, without departing from
Various modifications or alterations are carried out under the spirit of the present invention.
It should be noted that the diagram provided in the present embodiment only illustrates the basic conception of the present invention in a schematic way,
Then in schema only display with it is of the invention in related component rather than component count, shape and size during according to actual implementation paint
System, kenel, quantity and the ratio of each component can be a kind of random change during its actual implementation, and its assembly layout kenel also may be used
Can be increasingly complex.
In order under the premise of chip security demand is met, reduce chip cost as far as possible, proposed in present embodiment
A kind of signature verification implementation method of new loader utility, for convenience of the principle of the present invention is illustrated, in present embodiment,
Sampling algorithm involved in technical solution will be illustrated, so with RSA-2048 exemplified by SHA-1, it is not limited to this, the calculation
Method also can be SHA-256 algorithms.
For the principle of the present invention and effect is described in detail, referring to Fig. 1, be shown as that the present invention carries applies in set-top-box chip
Digital signature implementation method flow chart, as shown in the figure, the digital signature implementation method comprises the following steps:
Step S11:Order is pre-stored in loading procedure in Flash and runs corresponding hash algorithm, obtains corresponding cryptographic Hash;
That is, the Boot loader utilities for participating in verification are run into corresponding hash algorithm, obtains corresponding cryptographic Hash.In the present embodiment
In, the hash algorithm is by taking SHA-1 as an example.It should be strongly noted that the Flash can be in the set-top-box chip
Flash storage, or the Flash memory chip being arranged on outside the set-top-box chip.
Step S12:Signed using RSA private keys to the cryptographic Hash of acquisition, to obtain loading procedure signature;Specifically,
Signed using RSA private keys to the cryptographic Hash of acquisition, obtain Boot Loader signatures, in this present embodiment, the use
The signature length that RSA private keys carry out the cryptographic Hash of acquisition is 2048 bits.
Step S13:Loading procedure signature is stored to the pre-set space in the Flash;In this present embodiment, institute
It can be the flash storage in the set-top-box chip to state Flash, or be arranged on outside the set-top-box chip
Flash memory chip.
Step S14:RSA public keys are encrypted using the key of the chip, obtain RSA public key cryptographies;In this implementation
In example, the RSA public key cryptographies length of acquisition is 2048 bits, and the key length of the chip is 128 bits, and decipherment algorithm makes
Use TDES(That is the data encryption key Encryption Algorithm identical with decruption key)Or AES(Advanced Encryption
Standard, abbreviation AES, also known as Rijndael enciphered methods).
Step S15:The RSA public key cryptographies are stored to the pre-set space in the Flash.
Step S16:Hash algorithm is run to RSA public keys, obtains the cryptographic Hash of the RSA public keys.In this present embodiment, institute
The cryptographic Hash length for stating RSA public keys is 160 bits.
Step S17:The cryptographic Hash of the RSA public keys is implanted into the OTP registers of the chip so that the chip opens
Signature verification is carried out when dynamic.
RSA public keys are encrypted using chip keys by the present invention, the ciphertext of RSA public keys are stored in Flash, therefore use
Design method provided by the invention will greatly reduce the use of OTP storage resources in piece, and then reduce chip cost.
Referring to Fig. 2, the set-top-box chip for being shown as the present invention carries out the method flow diagram of signature verification on startup, such as
Shown in figure, the method that the set-top-box chip carries out signature verification on startup comprises the following steps:
Step S21:First, prejudge whether start-up mode is safe mode, if so, then into halting rapid S22;If it is not,
Then into rapid S28 is halted, i.e., directly loaded from the Flash and run the loading procedure.
Step S22:The RSA public key cryptographies are loaded from the Flash, and it is solved using the key of the chip
It is close, obtain RSA public keys in plain text, the key length of the chip is 128 bits, and decipherment algorithm uses TDES or AES.
Step S23:Corresponding hash algorithm is run in plain text to the RSA public keys to obtain cryptographic Hash.In this present embodiment,
The cryptographic Hash length of the RSA public keys is 160 bits.
Step S24:Verify the Kazakhstan for the RSA public keys being implanted into the OTP registers of the cryptographic Hash and chip obtained
Whether uncommon value is consistent, if unanimously, into halting rapid S25;If inconsistent, into halting rapid S29.
Step S25:The RSA public keys are effective in plain text, i.e., verification result unanimously illustrates that this group of public key is effective.
Step S26:Signed in plain text to the loading procedure using the effective RSA public keys and run signature verification algorithm.
Whether step S27, judge signature verification by if so, then into halting rapid S28;If it is not, then into halting rapid S29.
:Step S28:Signature verification is by running loading procedure, i.e. normal operation Boot loader utilities.
Step S29:The RSA public keys are invalid in plain text, then authentication failed, into CPU suspended states.
RSA public keys are encrypted using chip keys by the present invention, and the ciphertext of RSA public keys is stored in Flash, is opened in chip
RSA public keys are decrypted first by chip keys during dynamic, since chip keys possess the characteristics of uniqueness, and can not to software
See, even if hacker has cracked RSA key pair, it is also difficult to the corresponding RSA public key cryptographies of every chips are obtained, so as to enhance chip
Security.
Referring to Fig. 3, the data frame memory figure of set-top-box chip of the present invention is shown as, as shown in the figure, the machine top of the present invention
Box chip 1 includes:Flash storage 11 and OTP registers 12.
The flash storage includes being stored with loading procedure(That is Boot loader utilities)Program storage area 113,
It is stored with the signature memory block 114 of loading procedure signature and is stored with the public key memory block 115 of RSA public key cryptographies, wherein,
Generated when the RSA public key cryptographies are by being encrypted RSA public keys using chip keys;The loading procedure signature is by loading journey
The corresponding hash algorithm of sort run obtains corresponding cryptographic Hash, and carries out signature generation to it using RSA private keys.In the present embodiment
In, the RSA public key cryptographies length that the public key memory block 115 stores is 2048 bits.What the signature memory block 114 stored adds
The length for carrying program signature is 2048 bits.In specific embodiment, APP storages are further included in the flash storage 11
Area 111 and APP signatures memory block 112.
The OTP registers 12 include being stored with the memory block 121 of RSA public key cryptographic Hash and are stored with the close of chip keys
Key memory block 122, wherein, the RSA public keys cryptographic Hash is generated by RSA public keys operation hash algorithm.In this present embodiment, it is described
RSA public key cryptographic Hash length is 160 bits, and the key length of the chip is 128 bits, decipherment algorithm using TDES or
AES.Therefore the use of OTP storage resources in piece will be greatly reduced using chip provided by the invention, and then reduces chip cost.
From the foregoing, it will be observed that implementation method provided by the invention is then that the cryptographic Hash of RSA public keys is being implanted into internal OTP, and
In the Flash that will be put into by the encrypted RSA public key cryptographies of chip keys.Common RSA Algorithm is generally using 2048 ratios at present
Special key strength, and the length of summarization of hash algorithm is significantly less than the length(There was only 160 bits by taking SHA-1 as an example), therefore adopt
The use of OTP storage resources in piece will be greatly reduced with design method provided by the invention, and then reduces chip cost.Refer to
Table 1, is expressed as Conventional implementations and is contrasted with new implementation resources of chip consumption, it is as shown in the table:
Since hash algorithm is there are certain risk of collision, and RSA Algorithm also deposit in itself it is certain crack risk, once
RSA key will cause continue to use using the set-top box of the RSA key pair by the gross to being cracked, and be brought to manufacturer huge
Big economic loss, to improve security, RSA public keys are encrypted using chip keys by the present invention, and RSA is stored in Flash
The ciphertext of public key, decrypts RSA public keys, since chip keys possess uniqueness in chip start-up course first by chip keys
The characteristics of, and it is invisible to software, even if hacker has cracked RSA key pair, it is also difficult to obtain the corresponding RSA public keys of every chips
Ciphertext, so as to enhance chip security.
In conclusion the present invention set-top-box chip and apply the digital signature implementation method in set-top-box chip,
The cryptographic Hash of RSA public keys is implanted into chip internal OTP, while will be stored in using the encrypted RSA public key cryptographies of chip keys
In Flash.When restarting every time, Flash is verified first with the cryptographic Hash and chip keys for the RSA public keys being implanted into chip
The validity of middle RSA public key cryptographies, completes loader utility in Flash using the RSA public keys after decryption after being verified and signs
Verification.Due to the introducing of hash algorithm, new implementation method effectively reduces the use of chip internal OTP resources, and then drops
Low chip cost.Since chip keys have the characteristics that uniqueness, RSA public keys are encrypted using it and are effectively raised
Chip security.So the present invention effectively overcomes various shortcoming of the prior art and has high industrial utilization.
The above-described embodiments merely illustrate the principles and effects of the present invention, not for the limitation present invention.It is any ripe
Know the personage of this technology all can carry out modifications and changes under the spirit and scope without prejudice to the present invention to above-described embodiment.Cause
This, those of ordinary skill in the art is complete without departing from disclosed spirit and institute under technological thought such as
Into all equivalent modifications or change, should by the present invention claim be covered.