CN104035890B - Static random access memory based programmable gate array chip encryption method and system - Google Patents
Static random access memory based programmable gate array chip encryption method and system Download PDFInfo
- Publication number
- CN104035890B CN104035890B CN201410258908.2A CN201410258908A CN104035890B CN 104035890 B CN104035890 B CN 104035890B CN 201410258908 A CN201410258908 A CN 201410258908A CN 104035890 B CN104035890 B CN 104035890B
- Authority
- CN
- China
- Prior art keywords
- circuit
- authorization
- business function
- function circuit
- microprocessor
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention discloses a static random access memory based programmable gate array chip encryption method and system. On the basis of an original encryption mode, corresponding authorization circuits are arranged for configured business function circuits, when one specific business function circuit is needed for working, the authorization circuit corresponding to the specific business function circuit sends a service request to a coprocessor according to functions of the business function circuit, the compressor generates a key seed, a microprocessor and the authorization circuit complete temporary enciphered data channel connection according to the key seed, the authorization circuit authorizes the corresponding business function circuit to work, and a processing result of the business function circuit is sent to the microprocessor via a data format, length and an encryption mode required by the microprocessor, thus dynamic encryption protection in the process of business processing is realized, and reliability of the system and difficulty in cracking are heightened.
Description
Technical field
The present invention relates to programmable gate array (FPGA) design field Ji Yu SRAM (SRAM), especially relate to
And a kind of programmable gate array chip encryption method based on SRAM and system.
Background technology
Field programmable gate array (Field-Programmable Gate Array, FPGA) is fast, close with its own speed
Degree is high, price is low and flexibly scalable advantage is just extensively used online.FPGA design program is sent into the mistake of fpga chip
The configuration commonly referred to as to fpga chip of journey or operation, through the FPGA of configuration, that is, has the function needed for user.Fpga chip
In normal operation, its configuration data is stored in programmed element SRAM (SRAM) of FPGA, due to
The volatibility of SRAM, the configuration information in fpga chip after power down will be lost, so during each system electrification, it is right to be required to
Fpga chip is reconfigured, and this allows for carry out clone's design by monitoring the configuration data stream of fpga chip.
The cloning approach generally adopting is using certain circuit, the data pin of configuration FPGA to be sampled, using note
The configuration data recorded can configure to another piece of fpga chip, which achieves to FPGA internal configuration circuitry gram
Grand.
In order to tackle above-mentioned clone's design, frequently with following two modes in prior art:
First, built-in encryption chip form:Deciphering module is set inside fpga chip, there is the FPGA of inside deciphering module
Chip, in upper electricity, receives the configuration data of encryption, after the configuration data of encryption being decrypted by deciphering module, to FPGA core
Circuit in piece carries out business function configuration;Although passing through certain circuit to configuration data stream when using aforementioned clone technology
After sampling, the configuration data stream encrypted can be obtained, but can not be completed to other fpga chips using the configuration data stream of encryption
Carry out business function configuration, thus fpga chip is served with good protective effect.But it is simple, real using this kind of mode
With, but encryption high cost is so that most of FPGA, particularly in, low-grade FPGA do not possess such encryption function.
2nd, external encryption chip form:Outside fpga chip, encryption chip is set, as shown in figure 1, first, after upper electricity,
Fpga chip receives configuration data, and using configuration data, circuit is carried out with configuration formation business function circuit, and makes business work(
Circuit can be waited for, do not work;It is provided with cipher key module in FPGA inside and peripheral hardware encryption chip, and insert phase
Same AES, the random-number-generating module in fpga chip generates after fpga chip receives configuration data stream at random
Number, and random number is sent the receiver module to encryption chip, the First ray encryption equipment in fpga chip is according to key mould
The key that block provides and random number enter row operation, generate the first check code and send to the comparator of fpga chip, encrypt core simultaneously
In piece with First ray encryption equipment identical the second sequential encryption device according in encryption chip cipher key module provide key and
The random number receiving enters row operation, generates the second check code, and is sent to FPGA core by the output circuit in encryption chip
The comparator of piece, compares first, second check code by comparator, if the two is consistent, enables the electricity being configured in fpga chip
Road, if inconsistent, does not enable the circuit being configured in fpga chip.Using this kind of mode, even if utilizing existing clone technology
Obtain configuration data, due to enabling signal can not be received, clone the fpga chip configuration circuit cisco unity malfunction obtaining, such as
This makes fpga chip be protected.
Although above two mode all can play the protective effect to fpga chip, above two to a certain extent
In mode, key only works once, is easily cracked, and therefore also needs to improve the protected effect of fpga chip further.
Content of the invention
In view of this, present invention is primarily targeted at providing a kind of programmable gate array based on SRAM
Chip encryption method and system, to improve the encryption reliability of fpga chip.
For achieving the above object, the invention provides a kind of added based on the programmable gate array chip of SRAM
Decryption method, including:
Initial configuration step:
External memory includes for configuration service functional circuit to fpga chip send configuration data, described configuration data
The first configuration information and for configure authorization circuit corresponding with business function circuit the second configuration information;
Described fpga chip configures to circuit according to configuration data, to form business function circuit and and business function
The corresponding authorization circuit of circuit, and so that described business function circuit is waited for, described authorization circuit is placed in work shape
State;
Business Processing step:
When needing business function circuit to be operated, with this corresponding authorization circuit of business function circuit to coprocessor
Initiate service request;
Described coprocessor generates key seed according to described service request, and key seed is sent to described microprocessor
Device and authorization circuit, service request is sent to described microprocessor;
Described microprocessor generates authorization message according to described service request, and authorizes letter using key seed encryption is described
Cease authorized information ciphertext, described authorization message ciphertext is sent to described authorization circuit;
Described authorization circuit is deciphered described authorization message ciphertext using key seed and is obtained after the plaintext of described authorization message,
Its corresponding business function circuit is authorized to enter working condition.
Further, described first configuration information includes the Performance Level information of the business function circuit of its configuration, and described the
Two configuration informations include the corresponding different authorization circuit of business function circuit of different stage, the business function circuit of same levels
The corresponding informance of corresponding identical authorization circuit.
Further, in Business Processing step, described service request includes the work(of authorization circuit corresponding business function circuit
Can class information;
Described coprocessor generates corresponding unique key seed according to the Performance Level information in described service request.
Further, described microprocessor generates authorization message according to described information on services, and encrypts institute using key seed
State authorization message authorized information ciphertext, described authorization message ciphertext is sent and includes to described authorization circuit:
Whether the key seed that micro-processor verification key seed was received with last time repeats, if repeating, does not process this
Service request, if not repeating, generates authorization message according to information on services, described authorization message is carried out add using key seed
Close, described authorization message ciphertext is sent to described authorization circuit;Described authorization message includes the process knot of authorization circuit offer
The data form of fruit, length, cipher mode.
Further, described authorization circuit obtains described authorization message using the described authorization message ciphertext of key seed deciphering
After in plain text, authorize its corresponding business function circuit to enter working condition and include:
Described authorization circuit is deciphered described authorization message ciphertext using key seed and is obtained after the plaintext of described authorization message,
Its corresponding business function circuit is authorized to enter working condition;
Described business function circuit is started working, and the result of business function circuit is required according to microprocessor
Data form, length, cipher mode send to microprocessor.
Further, result is required by described authorization circuit according to described microprocessor data form, length, encryption
Mode sends to microprocessor, and transmission business completes information to described microprocessor, and described microprocessor receives business and completes
After information, empty data cached.
Further, described fpga chip configures to circuit according to configuration data, with formed business function circuit and with
The corresponding authorization circuit of business function circuit, and so that described business function circuit is waited for, described authorization circuit is put
Include in working condition:
Described fpga chip configures to circuit according to configuration data, to form business function circuit and and business function
The corresponding authorization circuit of circuit, and so that described business function circuit and authorization circuit is waited for;
Described fpga chip generates random number, according to built-in first key and described generating random number first check code,
And send random number to peripheral hardware encryption chip;Described peripheral hardware encryption chip receives described random number, close according to built-in second
Key and described generating random number second check code, and the second check code is sent to described fpga chip;
Described fpga chip compares the first check code and the second check code, when the two is consistent, described authorization circuit is put
In working condition.
Further, described fpga chip configures to circuit according to configuration data, with formed business function circuit and with
The corresponding authorization circuit of business function circuit, and so that described business function circuit is waited for, described authorization circuit is put
Include in working condition:
Described configuration data is encrypted configuration data, and described fpga chip deciphers described encrypted configuration data, and to circuit
Configured, to form business function circuit and authorization circuit corresponding with business function circuit, and made described business function electricity
Road is waited for, and described authorization circuit is placed in working condition.
Present invention also offers a kind of programmable gate array chip encryption system based on SRAM, including outer
Put memorizer, fpga chip, coprocessor and microprocessor;
Described external memory is used for fpga chip send configuration data, and described configuration data is included for configuration service
First configuration information of functional circuit and the second configuration information for configuring authorization circuit corresponding with functional circuit;
Described fpga chip includes configuration module, and described configuration module is used for according to described configuration data, circuit being joined
Put, to form business function circuit and authorization circuit corresponding with business function circuit, and so that described business function circuit is in
Waiting state, described authorization circuit is placed in working condition;
When needing business function circuit to be operated, it is used for described with this corresponding authorization circuit of business function circuit
Service request initiated by coprocessor, and receives key seed and authorization message ciphertext, and authorizes being deciphered using key seed
After information acquisition authorization message plaintext, its corresponding business function circuit is authorized to enter working condition;
Described coprocessor is used for generating key seed according to service request, and key seed is sent to microprocessor and
Described authorization circuit, service request is sent to described microprocessor;
Described microprocessor is used for generating authorization message according to service request, and authorizes letter using key seed encryption is described
Cease authorized information ciphertext, authorization message ciphertext is sent to authorization circuit.
Further, described first configuration information includes the Performance Level information of the business function circuit of its configuration, and described the
Two configuration informations include the corresponding different authorization circuit of business function circuit of different stage, the business function circuit of same levels
The corresponding informance of corresponding identical authorization circuit.
Further, described service request includes the Performance Level information of authorization circuit corresponding business function circuit;
Described coprocessor is used for generating corresponding unique key kind according to the Performance Level information in described service request
Son.
Further, whether the key seed that described microprocessor was received with last time for authentication secret seed repeats, if weight
Multiple, then authorization message is generated according to information on services, using key seed, described authorization message is encrypted, authorize letter by described
Breath ciphertext sends to described authorization circuit;Described authorization message includes the data form of result of authorization circuit offer, length
Degree, cipher mode.
Further, described authorization circuit is obtaining authorization message in plain text using key seed deciphering authorization message, and authorizes
After its corresponding business function circuit is started working, it is additionally operable to require the result of business function circuit according to microprocessor
Data form, length, cipher mode send to microprocessor.
Further, described authorization circuit is used for requiring result according to described microprocessor data form, length,
Cipher mode sends to microprocessor, and transmission business completes information to described microprocessor;
Described microprocessor is used for receiving after business completes information, empties data cached.
Further, described based on the programmable gate array chip encryption system of SRAM also include peripheral hardware encryption
Chip, described peripheral hardware encryption chip includes the second cipher key unit and the second check code signal generating unit;The configuration of described FPGA module
Module includes:Dispensing unit, random number generation unit, first key unit, the first check code signal generating unit and comparison unit;
Wherein, described dispensing unit is used for according to described configuration data, circuit being configured, to form business function electricity
Road and authorization circuit corresponding with business function circuit, make described business function circuit and authorization circuit be waited for;
Described random number generation unit is used for generating random number, and random number is sent to peripheral hardware encryption chip and the first school
Test a yard signal generating unit;
Described first key unit is built-in with first key, and described first check code signal generating unit is used for according to built-in institute
State first key and described generating random number first check code;
Described comparison unit is used for accepting the second check code that described peripheral hardware encryption chip sends, compare the first check code and
Second check code, when the two is consistent, described authorization circuit is placed in working condition;
Described second cipher key unit is built-in with the second key, and described second check code signal generating unit is used for according to built-in institute
State the second key and described generating random number second check code, and the second check code is sent to described comparison unit.
Further, the configuration module of described FPGA module includes dispensing unit and decryption unit, and described configuration data is
Encrypted configuration data;Described decryption unit is used for encrypted configuration data is deciphered, and described dispensing unit is used for circuit is joined
Put, to form business function circuit and authorization circuit corresponding with business function circuit, and so that described business function circuit is in
Waiting state, described authorization circuit is placed in working condition.
The programmable gate array chip encryption method based on SRAM being provided using the present invention and system,
On the basis of original cipher mode, corresponding authorization circuit is arranged to the business function circuit of configuration, needing specific business
When functional circuit is operated, according to the function of this business function circuit, sent from its corresponding authorization circuit to coprocessor
Service request, coprocessor generates key seed, and microprocessor and authorization circuit complete ephemeral encryption data according to key seed
Passage connects, its corresponding business function circuit work of authorization circuit mandate, and with the data form of microprocessor requirement, length
Degree, cipher mode send the result of business function circuit to microprocessor, thus achieve in business procession
Dynamic encryption protection, the reliability that increased system and the difficulty being cracked.
Brief description
Fig. 1 is outside encryption chip encryption method schematic diagram in prior art;
Fig. 2 is the programmable gate array chip encryption method schematic flow sheet based on SRAM for the present invention;
Fig. 3 a, 3b are a kind of embodiment of programmable gate array chip encryption method based on SRAM for the present invention
Schematic flow sheet;
Fig. 4 is that embodiment of the method shown in 3a, 3b is corresponding to be added based on the programmable gate array chip of SRAM
Close system structure diagram;
Fig. 5 is the programmable gate array chip encryption method another kind embodiment based on SRAM for the present invention
Schematic flow sheet;
Fig. 6 is the programmable gate array chip encryption system based on SRAM of corresponding embodiment illustrated in fig. 5
Structural representation.
Specific embodiment
In order that the objects, technical solutions and advantages of the present invention become more apparent, develop simultaneously embodiment referring to the drawings,
The present invention is described in further detail.
The invention provides a kind of programmable gate array chip encryption method based on SRAM, as Fig. 2 institute
Show, including:
Initial configuration step:
External memory includes for configuration service functional circuit to fpga chip send configuration data, described configuration data
The first configuration information and for configure authorization circuit corresponding with business function circuit the second configuration information;
Described fpga chip configures to circuit according to configuration data, to form business function circuit and and business function
The corresponding authorization circuit of circuit, and so that described business function circuit is waited for, described authorization circuit is placed in work shape
State;
Business Processing step:
When needing business function circuit to be operated, with this corresponding authorization circuit of business function circuit to coprocessor
Initiate service request;
Described coprocessor generates key seed according to described service request, and key seed is sent to described microprocessor
Device and authorization circuit, service request is sent to microprocessor;
Described microprocessor generates authorization message according to described service request, and is obtained using key seed encryption authorization information
To authorization message ciphertext, authorization message ciphertext is sent to authorization circuit;
After authorization circuit utilizes key seed to decipher the plaintext of the authorized information of authorization message ciphertext, authorize it corresponding
Business function circuit enters working condition.
Below in conjunction with built-in encryption chip form and external encryption chip form two ways, the application is based on quiet
The programmable gate array chip encryption method of state random access memory is described in detail.
Embodiment one:
In the present embodiment, taking with reference to external encryption chip form as a example, describe the encryption method flow process of the application in detail,
Specific as follows:
In the present embodiment, encryption method includes:
Initial configuration step, as shown in Figure 3 a:
To fpga chip send configuration data, configuration data includes for configuration service functional circuit to external memory
One configuration information and the second configuration information for configuring authorization circuit corresponding with business function circuit;Wherein, the first configuration
Information includes the Performance Level information of the business function circuit of its configuration, and the second configuration information includes the business function of different stage
The different authorization circuit of circuit correspondence, the corresponding informance of the corresponding identical authorization circuit of business function circuit of same levels.Example
As being classified previously according to the function of business function circuit realiration, business function circuit be divided into basic business function electricity
Road, underlying services functional circuit, high-level business functional circuit and core business functional circuit, different grades of business function circuit
The different authorization circuit of correspondence, the business function circuit of same levels corresponds to identical authorization circuit;
Fpga chip configures to circuit according to configuration data, with formed business function circuit and with business function circuit
Corresponding authorization circuit, and so that business function circuit and authorization circuit is waited for;
Fpga chip generates random number, according to built-in first key and generating random number first check code, and will be random
Number sends to peripheral hardware encryption chip;Peripheral hardware encryption chip receives random number, according to the second built-in key and generating random number the
Two check codes, and the second check code is sent to fpga chip;
Fpga chip compares the first check code and the second check code, when the two is consistent, authorization circuit is placed in work shape
State;
Business Processing step, as shown in Figure 3 b:
When needing business function circuit to be operated, with this corresponding authorization circuit of business function circuit to coprocessor
Initiate service request;Service request includes the Performance Level information of authorization circuit corresponding business function circuit;
Coprocessor generates key seed according to the Performance Level information in service request, and key seed is sent to micro-
Processor and authorization circuit, service request is sent to microprocessor;For key seed, can be produced according to mode set in advance
Raw, according to the Performance Level of above-mentioned division, the Performance Level information of underlying services functional circuit can be directed to, coprocessor generates
128 key seed in AES encryption standard, for the Performance Level information of high-level business functional circuit, coprocessor generates
192 key seed in AES encryption standard, for the Performance Level information of core business functional circuit, coprocessor generates
256 key seed in AES encryption standard, above-mentioned key seed is uniquely unduplicated key seed;
After microprocessor receives key seed, first verify that whether the key seed that key seed was received with last time weighs
Multiple, if repeating, not processing this service request, if not repeating, authorization message being generated according to service request, using key kind
Son is encrypted to authorization message, and authorization message ciphertext is sent to authorization circuit;In the present embodiment, authorization message includes awarding
The data form of result of power circuit offer, length, cipher mode;
After authorization circuit utilizes key seed to decipher the plaintext of the authorized information of authorization message ciphertext, authorize it corresponding
Business function circuit enters working condition;Business function circuit is started working, and the process of business function circuit is tied by authorization circuit
Really send to microprocessor according to the data form of microprocessor requirement, length, cipher mode.
In the present embodiment it is preferred that the data form requiring result according to microprocessor in authorization circuit, length
Degree, cipher mode send to microprocessor, and transmission business completes information to microprocessor;Microprocessor receives business and completes letter
After breath, empty data cached, to realize more preferable protected effect.
According to the above-mentioned method flow of the present embodiment, the present embodiment is corresponding to constitute one based on SRAM
Programmable gate array chip encryption system, as shown in figure 4, include:External memory, fpga chip, peripheral hardware encryption chip, association
Processor and microprocessor;
Wherein, external memory is used for fpga chip send configuration data, and configuration data is included for configuration service work(
Can the first configuration information of circuit and the second configuration information for configuring authorization circuit corresponding with functional circuit;
Fpga chip includes configuration module, and configuration module is used for according to configuration data, circuit being configured, to form industry
Business functional circuit and authorization circuit corresponding with business function circuit, and so that business function circuit is waited for, will be described
Authorization circuit is placed in working condition;Wherein, configuration module include dispensing unit, random number generation unit, first key unit,
One check code signal generating unit and comparison unit;Peripheral hardware encryption chip includes the second cipher key unit and the second check code generates list
Unit;Dispensing unit be used for according to configuration data, circuit is configured, with formed business function circuit and with business function circuit
Corresponding authorization circuit, makes business function circuit and authorization circuit be waited for;Random number generation unit be used for generate with
Machine number, and random number is sent to peripheral hardware encryption chip and the first check code signal generating unit;First key unit is built-in with first
Key, the first check code signal generating unit is used for according to built-in first key and generating random number first check code;Comparison unit
For accepting the second check code of peripheral hardware encryption chip transmission, compare the first check code and the second check code, when the two is consistent,
Authorization circuit is placed in working condition;Second cipher key unit is built-in with the second key, and the second check code signal generating unit is used for basis
The second built-in key and generating random number second check code, and the second check code is sent to comparison unit;
When needing business function circuit to be operated, it is used at association with this corresponding authorization circuit of business function circuit
Service request initiated by reason device, and receives key seed and authorization message ciphertext, and deciphering authorization message using key seed
After obtaining authorization message plaintext, its corresponding business function circuit is authorized to enter working condition;It is additionally operable to business function circuit
The data form that requires according to microprocessor of result, length, cipher mode send to microprocessor, and it is complete to send business
One-tenth information is to microprocessor;
Coprocessor is used for generating key seed according to service request, and key seed is sent to microprocessor and mandate
Circuit, service request is sent to microprocessor;
Whether the key seed that microprocessor was received with last time for authentication secret seed repeats, if repeating, according to clothes
Business information generates authorization message, using key seed, authorization message is encrypted, and authorization message ciphertext is sent electric to authorizing
Road, authorization message include authorization circuit offer the data form of result, length, cipher mode;And be used for receiving industry
After business completes information, empty data cached.
With the present embodiment above-mentioned encryption method identical, the first configuration information include its configuration business function circuit work(
Energy class information, the second configuration information includes the corresponding different authorization circuit of business function circuit of different stage, same levels
The corresponding identical authorization circuit of business function circuit corresponding informance;Service request includes the corresponding business function of authorization circuit
The Performance Level information of circuit;The key seed that coprocessor generates is right according to the Performance Level information generation in service request
The unique key seed answered.
Embodiment two:
In the present embodiment, with the cipher mode with reference to the built-in deciphering module of FPGA, describe the encryption side of the application in detail
Method flow process.
As shown in figure 5, in the present embodiment, encryption method includes:
Initial configuration step:
External memory sends the configuration data of encryption to fpga chip, and configuration data is included for configuration service function electricity
First configuration information on road and the second configuration information for configuring authorization circuit corresponding with business function circuit;
Fpga chip, by the configuration data of built-in deciphering module deciphering encryption, is joined to circuit according to configuration data
Put, to form business function circuit and authorization circuit corresponding with business function circuit, and so that described business function circuit is in
Waiting state, authorization circuit is placed in working condition;
Business Processing step:
When needing business function circuit to be operated, with this corresponding authorization circuit of business function circuit to coprocessor
Initiate service request;With embodiment one identical, service request includes function of authorization circuit corresponding business function circuit etc.
Level information;
Coprocessor generates key seed according to service request, and key seed is sent to microprocessor and authorizes electricity
Road, service request is sent to microprocessor;In the present embodiment, can be with embodiment one identical, key seed is according to service
Performance Level information in request generates, and according to the Performance Level of above-mentioned division, can be directed to the function of underlying services functional circuit
Class information, coprocessor generates 128 key seed in AES encryption standard, for the function of high-level business functional circuit
Class information, coprocessor generates 192 key seed in AES encryption standard, for the function of core business functional circuit
Class information, coprocessor generates 256 key seed in AES encryption standard, and above-mentioned key seed is and does not uniquely repeat
Key seed;
Microprocessor generates authorization message according to service request, and utilizes the authorized letter of key seed encryption authorization information
Breath ciphertext, authorization message ciphertext is sent to authorization circuit;In the present embodiment, with embodiment one identical, microprocessor needs
First to verify the uniqueness of key seed, send, when being verified, the authorization message ciphertext encrypted by key seed, here is no longer
Repeat;
After authorization circuit utilizes key seed to decipher the plaintext of the authorized information of authorization message ciphertext, authorize it corresponding
Business function circuit enters working condition.
It should be noted that in the present embodiment, in addition to initialization step and embodiment one are distinct, Business Processing walks
Rapid details is consistent with embodiment one, will not be described here.
For the method flow of the present embodiment, corresponding additionally provide a kind of programmable gate based on SRAM
Array chip encryption system, as shown in fig. 6, include:External memory, fpga chip, coprocessor and microprocessor, wherein
Fpga chip is built-in with deciphering module;
Wherein, external memory is used for sending the configuration data of encryption to fpga chip, and configuration data is included for configuring
First configuration information of business function circuit and the second configuration information for configuring authorization circuit corresponding with functional circuit;
Fpga chip includes configuration module, and configuration module includes dispensing unit and decryption unit;It is right that decryption unit is used for
Encrypted configuration data decipher, dispensing unit be used for circuit is configured, with formed business function circuit and with business function electricity
The corresponding authorization circuit in road, and so that business function circuit is waited for, authorization circuit is placed in working condition;
When needing business function circuit to be operated, it is used at association with this corresponding authorization circuit of business function circuit
Service request initiated by reason device, and receives key seed and authorization message ciphertext, and deciphering authorization message using key seed
After obtaining authorization message plaintext, its corresponding business function circuit is authorized to enter working condition;It is additionally operable to business function circuit
The data form that requires according to microprocessor of result, length, cipher mode send to microprocessor, and it is complete to send business
One-tenth information is to microprocessor;
Coprocessor is used for generating key seed according to service request, and key seed is sent to microprocessor and mandate
Circuit, service request is sent to microprocessor;
Whether the key seed that microprocessor was received with last time for authentication secret seed repeats, if repeating, according to clothes
Business information generates authorization message, using key seed, authorization message is encrypted, and authorization message ciphertext is sent electric to authorizing
Road, authorization message include authorization circuit offer the data form of result, length, cipher mode;And be used for receiving industry
After business completes information, empty data cached.
It should be noted that the Business Processing step in the present embodiment encryption method is identical with embodiment one, therefore, this reality
Coprocessor in the encryption system of example offer, the authorization circuit in microprocessor and fpga chip and business function circuit are provided
The encryption system that can refer in the functional specification in Business Processing step in embodiment one, will not be described here.
The encryption method being provided using the present invention and system, the business work(on the basis of original cipher mode, to configuration
Corresponding authorization circuit can be set circuit, when needing specific business function circuit to be operated, according to this business function electricity
The function on road, sends service request from its corresponding authorization circuit to coprocessor, and coprocessor generates key seed, microprocessor
Device and authorization circuit complete ephemeral encryption data channel according to key seed and connect, its corresponding business function of authorization circuit mandate
Circuit works, and is sent the result of business function circuit with the data form of microprocessor requirement, length, cipher mode
To microprocessor, thus achieve the dynamic encryption protection in business procession, increased the reliability of system and broken
The difficulty of solution.
The foregoing is only presently preferred embodiments of the present invention, not in order to limit the present invention, all essences in the present invention
Within god and principle, any modification, equivalent substitution and improvement done etc., should be included within the scope of protection of the invention.
Claims (16)
1. a kind of programmable gate array chip encryption method based on SRAM is it is characterised in that include:
Initial configuration step:
To fpga chip send configuration data, described configuration data includes for configuration service functional circuit to external memory
One configuration information and the second configuration information for configuring authorization circuit corresponding with business function circuit;
Described fpga chip configures to circuit according to configuration data, with formed business function circuit and with business function circuit
Corresponding authorization circuit, and so that described business function circuit is waited for, described authorization circuit is placed in working condition;
Business Processing step:
When needing business function circuit to be operated, initiate to coprocessor with this corresponding authorization circuit of business function circuit
Service request;
Described coprocessor generates key seed according to described service request, and key seed is sent to microprocessor and mandate
Circuit, service request is sent to described microprocessor;
Described microprocessor generates authorization message according to described service request, and is obtained using the described authorization message of key seed encryption
To authorization message ciphertext, described authorization message ciphertext is sent to described authorization circuit;
Described authorization circuit is deciphered described authorization message ciphertext using key seed and is obtained after the plaintext of described authorization message, authorizes
Its corresponding business function circuit enters working condition.
2. method according to claim 1 is it is characterised in that described first configuration information includes the business function of its configuration
The Performance Level information of circuit, described second configuration information includes the corresponding different mandate electricity of business function circuit of different stage
Road, the corresponding informance of the corresponding identical authorization circuit of business function circuit of same levels.
3. method according to claim 2 is it is characterised in that in Business Processing step, described service request includes authorizing
The Performance Level information of circuit corresponding business function circuit;
Described coprocessor generates corresponding unique key seed according to the Performance Level information in described service request.
4. method according to claim 3 is it is characterised in that described microprocessor generates mandate according to described service request
Information, and using key seed encrypt described authorization message authorized information ciphertext, by described authorization message ciphertext send to
Described authorization circuit includes:
Whether the key seed that micro-processor verification key seed was received with last time repeats, if repeating, does not process this time service
Request, if not repeating, being generated authorization message according to information on services, using key seed, described authorization message being encrypted,
Described authorization message ciphertext is sent to described authorization circuit;Described authorization message includes the result of authorization circuit offer
Data form, length, cipher mode.
5. method according to claim 4 is it is characterised in that described authorization circuit utilizes key seed to decipher described mandate
After information ciphertext obtains the plaintext of described authorization message, authorize its corresponding business function circuit to enter working condition and include:
Described authorization circuit is deciphered described authorization message ciphertext using key seed and is obtained after the plaintext of described authorization message, authorizes
Its corresponding business function circuit enters working condition;
Described business function circuit is started working, and the data that the result of business function circuit is required according to microprocessor
Form, length, cipher mode send to microprocessor.
6. method according to claim 5 it is characterised in that described authorization circuit by result according to described microprocessor
The data form of device requirement, length, cipher mode send to microprocessor, and transmission business completes information to described microprocessor
Device, described microprocessor receives after business completes information, empties data cached.
7. the method according to any one of claim 1-6 it is characterised in that described fpga chip according to configuration data to electricity
Road is configured, and to form business function circuit and authorization circuit corresponding with business function circuit, and makes described business function
Circuit is waited for, and described authorization circuit is placed in working condition and includes:
Described fpga chip configures to circuit according to configuration data, with formed business function circuit and with business function circuit
Corresponding authorization circuit, and so that described business function circuit and authorization circuit is waited for;
Described fpga chip generates random number, according to built-in first key and described generating random number first check code, and will
Random number sends to peripheral hardware encryption chip;Described peripheral hardware encryption chip receives described random number, according to the second built-in key and
Described generating random number second check code, and the second check code is sent to described fpga chip;
Described fpga chip compares the first check code and the second check code, when the two is consistent, described authorization circuit is placed in work
Make state.
8. the method according to any one of claim 1-6 it is characterised in that described fpga chip according to configuration data to electricity
Road is configured, and to form business function circuit and authorization circuit corresponding with business function circuit, and makes described business function
Circuit is waited for, and described authorization circuit is placed in working condition and includes:
Described configuration data is encrypted configuration data, and described fpga chip deciphers described encrypted configuration data, and circuit is carried out
Configuration, to form business function circuit and authorization circuit corresponding with business function circuit, and makes at described business function circuit
In waiting state, described authorization circuit is placed in working condition.
9. a kind of programmable gate array chip encryption system based on SRAM is it is characterised in that include external depositing
Reservoir, fpga chip, coprocessor and microprocessor;
Described external memory is used for fpga chip send configuration data, and described configuration data is included for configuration service function
First configuration information of circuit and the second configuration information for configuring authorization circuit corresponding with functional circuit;
Described fpga chip includes configuration module, and described configuration module is used for according to described configuration data, circuit being configured,
To form business function circuit and authorization circuit corresponding with business function circuit, and described business function circuit is made to be in wait
State, described authorization circuit is placed in working condition;
When needing business function circuit to be operated, it is used at described association with this corresponding authorization circuit of business function circuit
Service request initiated by reason device, and receives key seed and authorization message ciphertext, and deciphering authorization message using key seed
After obtaining authorization message plaintext, its corresponding business function circuit is authorized to enter working condition;
Described coprocessor is used for generating key seed according to service request, and key seed is sent to microprocessor and described
Authorization circuit, service request is sent to described microprocessor;
Described microprocessor is used for generating authorization message according to service request, and is obtained using the described authorization message of key seed encryption
To authorization message ciphertext, authorization message ciphertext is sent to authorization circuit.
10. system according to claim 9 is it is characterised in that described first configuration information includes the business work(of its configuration
The Performance Level information of energy circuit, described second configuration information includes the corresponding different mandate of business function circuit of different stage
Circuit, the corresponding informance of the corresponding identical authorization circuit of business function circuit of same levels.
11. systems according to claim 10 are it is characterised in that described service request includes the corresponding business of authorization circuit
The Performance Level information of functional circuit;
Described coprocessor is used for generating corresponding unique key seed according to the Performance Level information in described service request.
12. systems according to claim 11 are it is characterised in that described microprocessor is used for authentication secret seed and last time
Whether the key seed receiving repeats, if repeating, generating authorization message according to information on services, being awarded to described using key seed
Power information is encrypted, and described authorization message ciphertext is sent to described authorization circuit;Described authorization message includes authorization circuit
The data form of result of offer, length, cipher mode.
13. systems according to claim 12 are it is characterised in that described authorization circuit is deciphering mandate using key seed
Information acquisition authorization message in plain text, and after authorizing its corresponding business function circuit to start working, is additionally operable to business function electricity
Data form that the result on road requires according to microprocessor, length, cipher mode send to microprocessor.
14. systems according to claim 13 are it is characterised in that described authorization circuit is used for result according to described
The data form of microprocessor requirement, length, cipher mode send to microprocessor, and it is extremely described micro- that transmission business completes information
Processor;
Described microprocessor is used for receiving after business completes information, empties data cached.
15. systems according to any one of claim 9-14 are it is characterised in that also including peripheral hardware encryption chip, described outer
If encryption chip includes the second cipher key unit and the second check code signal generating unit;The configuration module of described fpga chip includes:Join
Put unit, random number generation unit, first key unit, the first check code signal generating unit and comparison unit;
Wherein, described dispensing unit be used for according to described configuration data, circuit is configured, with formed business function circuit and
Authorization circuit corresponding with business function circuit, makes described business function circuit and authorization circuit be waited for;
Described random number generation unit is used for generating random number, and random number is sent to peripheral hardware encryption chip and the first check code
Signal generating unit;
Described first key unit is built-in with first key, and described first check code signal generating unit is used for according to built-in described the
One key and described generating random number first check code;
Described comparison unit is used for accepting the second check code that described peripheral hardware encryption chip sends, and compares the first check code and second
Check code, when the two is consistent, described authorization circuit is placed in working condition;
Described second cipher key unit is built-in with the second key, and described second check code signal generating unit is used for according to built-in described the
Two keys and described generating random number second check code, and the second check code is sent to described comparison unit.
16. systems according to any one of claim 9-14 are it is characterised in that the configuration module of described fpga chip includes
Dispensing unit and decryption unit, described configuration data is encrypted configuration data;Described decryption unit is used for encryption configuration number
According to deciphering, described dispensing unit is used for circuit is configured, to form business function circuit and corresponding with business function circuit
Authorization circuit, and so that described business function circuit is waited for, described authorization circuit be placed in working condition.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410258908.2A CN104035890B (en) | 2014-06-11 | 2014-06-11 | Static random access memory based programmable gate array chip encryption method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410258908.2A CN104035890B (en) | 2014-06-11 | 2014-06-11 | Static random access memory based programmable gate array chip encryption method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104035890A CN104035890A (en) | 2014-09-10 |
| CN104035890B true CN104035890B (en) | 2017-02-15 |
Family
ID=51466662
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410258908.2A Active CN104035890B (en) | 2014-06-11 | 2014-06-11 | Static random access memory based programmable gate array chip encryption method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104035890B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105897410A (en) * | 2014-12-08 | 2016-08-24 | 深圳市创成微电子有限公司 | Audio frequency chip spi communication encryption method |
| US10708073B2 (en) * | 2016-11-08 | 2020-07-07 | Honeywell International Inc. | Configuration based cryptographic key generation |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2010117968A (en) * | 2008-11-14 | 2010-05-27 | National Institute Of Advanced Industrial Science & Technology | System and method for protecting logic program data of reconfigurable logic device |
| CN101854243A (en) * | 2010-04-30 | 2010-10-06 | 株洲南车时代电气股份有限公司 | Circuit system design encryption circuit and encryption method thereof |
| CN103593622A (en) * | 2013-11-05 | 2014-02-19 | 浪潮集团有限公司 | FPGA-based design method of safe and trusted computer |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8516268B2 (en) * | 2010-08-23 | 2013-08-20 | Raytheon Company | Secure field-programmable gate array (FPGA) architecture |
| US9230091B2 (en) * | 2012-06-20 | 2016-01-05 | Microsoft Technology Licensing, Llc | Managing use of a field programmable gate array with isolated components |
-
2014
- 2014-06-11 CN CN201410258908.2A patent/CN104035890B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2010117968A (en) * | 2008-11-14 | 2010-05-27 | National Institute Of Advanced Industrial Science & Technology | System and method for protecting logic program data of reconfigurable logic device |
| CN101854243A (en) * | 2010-04-30 | 2010-10-06 | 株洲南车时代电气股份有限公司 | Circuit system design encryption circuit and encryption method thereof |
| CN103593622A (en) * | 2013-11-05 | 2014-02-19 | 浪潮集团有限公司 | FPGA-based design method of safe and trusted computer |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104035890A (en) | 2014-09-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108494740B (en) | Token generation and verification method, intelligent terminal and server | |
| Siddiqui et al. | Secure communication over CANBus | |
| CN102420821B (en) | Method and system for improving transmission security of file | |
| CN103647645B (en) | The dynamic password authentication method of many certificate servers, system and device | |
| CN102595213B (en) | Security certificate method and system of credible TV terminal | |
| CN104038340A (en) | Device for generating an encrypted key and method for providing an encrypted key to a receiver | |
| CN106161444B (en) | Secure storage method of data and user equipment | |
| KR20060051957A (en) | Encrypted data distributing method, encryption device, decryption device, encryption program and decryption program | |
| CN105447394B (en) | A kind of intelligent code key with local data encryption function | |
| JP2014204444A (en) | Method and device for detecting manipulation of sensor and/or sensor data of the sensor | |
| CN104902138B (en) | Encryption/deciphering system and its control method | |
| US20140016781A1 (en) | Motor vehicle control unit having a cryptographic device | |
| CN106850207B (en) | Identity identifying method and system without CA | |
| CN103281299B (en) | A kind of ciphering and deciphering device and information processing method and system | |
| CN109690543B (en) | Security authentication method, integrated circuit and system | |
| CN101621794A (en) | Method for realizing safe authentication of wireless application service system | |
| CN106973056A (en) | The safety chip and its encryption method of a kind of object-oriented | |
| CN102598575B (en) | Method and system for the accelerated decryption of cryptographically protected user data units | |
| CN105592071A (en) | Method and device for authorization between devices | |
| CN105323063B (en) | The auth method of mobile terminal and fixed intelligent terminal based on two dimensional code | |
| JP2017515385A (en) | Encryption method, communication method, communication apparatus, and POS terminal for communication between bank POS and mobile terminal | |
| CN106452752B (en) | Method, system and the client of Modify password, server and smart machine | |
| CN106330455A (en) | Security authentication method, master electronic device and slave electronic device | |
| CN104035890B (en) | Static random access memory based programmable gate array chip encryption method and system | |
| CN111327591A (en) | Data transmission method, system and storage medium based on block chain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: A Programmable Gate Array Chip Encryption Method and System Based on Static Random Access Memory Effective date of registration: 20230417 Granted publication date: 20170215 Pledgee: Lishui branch of Bank of Hangzhou Co.,Ltd. Pledgor: LISHUI BOYUAN TECHNOLOGY Co.,Ltd. Registration number: Y2023980038020 |