CN104298486A - Random number generator of chip SOC for embedded data security system - Google Patents
Random number generator of chip SOC for embedded data security system Download PDFInfo
- Publication number
- CN104298486A CN104298486A CN201410569051.6A CN201410569051A CN104298486A CN 104298486 A CN104298486 A CN 104298486A CN 201410569051 A CN201410569051 A CN 201410569051A CN 104298486 A CN104298486 A CN 104298486A
- Authority
- CN
- China
- Prior art keywords
- bus
- chip
- signal
- data
- random number
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The invention relates to a random number generator of a chip SOC for an embedded data security system. The random number generator has the advantages that the random number generator is arranged in the chip SOC, the generated random number length is controllable, the system scale can be reduced, the system consumption can be reduced, and system flexibility can be improved.
Description
Technical field
The present invention relates to a kind of SOC, specifically, relate to a kind of randomizer of embedded data security system SOC, belong to electronic technology field.
Background technology
The abbreviation of SOC and System On Chip, refers to on-chip system chip, also referred to as systems-on-a-chip.SOC belongs to special IC category, and its inside comprises several functions parts or module, has the function of holonomic system, and what have also can the function of embedded software.The application and development of SOC technology, contributes to electronic equipment and reduces volume weight, reduces power consumption, improves reliability, reduces system cost.
Along with improving constantly of modern society's level of informatization, all information all can be transformed to the data that computing machine can identify.The characteristic of the reproducible and easy transmission of data is that the live and work of people provides huge facility.But this reproducible and easy transport property of data, also for information leakage is opened the floodgates wide, brings unprecedented challenge to the security of information.In order to provide safety guarantee to information transmission, just need to use data security system.Data security system is generally made up of software and hardware two large divisions.Existing data security system hardware generally comprises processor chips (as single-chip microcomputer), data-carrier store chip, program storage chip, crypto key memory chip, interface circuit chips, power circuit chip, clock chip, multiple discrete part composition such as reset chip, as shown in Figure 1, wherein processor chips are responsible for the work such as the Portable Batch System of whole data security system, the space that data-carrier store chip provides program to run for processor chips, program storage chip is used for storing the program of data security system, crypto key memory chip is used for storage system key, interface circuit chips is used to provide the interface of data security system and host computer, power circuit chip provides power supply for whole data security system, clock chip provides driving clock signal for data security system, reset chip provides reset signal for data security system.
In traditional data security system, need an external independent randomizer chip, and this external randomizer chip is substantially all that solidification is uncontrollable, this way makes that the volume of system increases, power consumption increases, dirigibility reduction.
Summary of the invention
The problem to be solved in the present invention is for above deficiency, provides that a kind of volume is little, power consumption is little, the randomizer of embedded data security system SOC flexibly,
For solving the problem, the present invention by the following technical solutions:
A randomizer for embedded data security system SOC, is characterized in that: described randomizer inside comprise random number generating functon SJS_GEN, random number length register SJS_LEN_REG, random number buffer memory SJS_BUF, from device bus interface;
The random number that randomizer produces is for participating in security algorithm computing;
Random number generating functon SJS_GEN is used for producing random number;
Random number length register SJS_LEN_REG is used for setting the length of random number produced;
Random number buffer memory SJS_BUF is used for storing random number;
Be used for randomizer to be connected with bus on chip the exchange realizing data and order from device bus interface.
The length of the random number that described randomizer produces is between 1 ~ 1024 bit.
The length of described random number is arranged by the random number length register SJS_LEN_REG of 11 bits, and the random number of generation is stored in the random number buffer memory SJS_BUF of 1024 × 32 bits.
Described random number buffer memory SJS_BUF can store at most 32 groups of random numbers.
Described randomizer be one of bus on chip from equipment, it is by being connected from device bus interface with bus on chip.
The described interface signal from device bus interface comprises from device address input signal s_addr_in [31:0], from device data input signal s_dada_in [31:0], from device data output signal s_data_out [31:0], from equipment selected input signal s_sel_in, from equipment with imitating input signal s_wr_in, reading effective input signal s_rd_in from equipment, from device acknowledge output signal s_ack_out.
Described randomizer utilizes s_addr_in [31:0] signal to obtain address information from bus on chip, s_data_in [31:0] signal is utilized to obtain data from bus on chip, utilize s_data_out [31:0] signal that its data is delivered to bus on chip, s_sel_in signal is utilized to obtain gating command from bus on chip, s_wr_in signal is utilized to obtain write operation order from bus on chip, utilize s_rd_in signal to obtain read operation order from bus on chip, utilize s_ack_in signal that answer signal is passed to bus on chip
The randomizer of embedded data security system SOC of the present invention, its tool has the following advantages: in the present invention, randomizer is built in SOC inside, and the random number length produced is controlled, the dirigibility that this method for designing can contribute to reduction system volume, and reduce system power dissipation, increases system.
Below in conjunction with drawings and Examples, the present invention is described in detail.
Accompanying drawing explanation
Accompanying drawing 1 is the typical hardware configuration figure of available data security system;
Accompanying drawing 2 is the typical hardware configuration figure of the embedded data security system adopting Special SOC chip provided by the invention;
Accompanying drawing 3 is structured flowcharts of SOC in the embodiment of the present invention;
Accompanying drawing 4 is the bus on chip main equipment of SOC in the embodiment of the present invention and the connection signal of bus on chip and signal graph;
Accompanying drawing 5 is that the bus on chip of SOC in the embodiment of the present invention is from the connection signal of equipment and bus on chip and signal graph;
Accompanying drawing 6 is processor structure figure of SOC in the embodiment of the present invention;
Accompanying drawing 7 is SOC on-line debugging and Upper machine communication module structural drawing in the embodiment of the present invention;
Accompanying drawing 8 is program memory ROM structural drawing of SOC in the embodiment of the present invention;
Accompanying drawing 9 is data-carrier store RAM structural drawing of SOC in the embodiment of the present invention;
Accompanying drawing 10 is randomizer structural drawing of SOC in the embodiment of the present invention;
Accompanying drawing 11 is security algorithm function structure chart of SOC in the embodiment of the present invention;
Accompanying drawing 12 is crypto key memory structural drawing of SOC in the embodiment of the present invention;
Accompanying drawing 13 is interruptable controller structural drawing of SOC in the embodiment of the present invention;
Accompanying drawing 14 is power converter structure figure of SOC in the embodiment of the present invention.
Embodiment
Embodiment, as shown in Figures 2 and 3, clearly describes the inside structure of this chip, functional module kind quantity and each model calling relation.
A kind of embedded data security system SOC, the following submodule of this integrated chip: risc processor, on-line debugging and Upper machine communication module, bus arbiter, program memory ROM, data-carrier store RAM, crypto key memory, randomizer, security algorithm module, timer, interruptable controller, UART serial communication interface, spi bus controller, I2C bus controller, GPIO interface module, power supply changeover device, clock/reset generator.
As shown in Figure 3, in the embodiment of the present invention, embedded data security system SOC inside adopts bus-organization, utilizes interconnection in sheet to connect submodule in each sheet.
In the sheet that this patent is selected, interconnection follows WishBone standard, and in sheet, interconnection synchronization can only be accessed by a main equipment,
This patent devises the access that bus arbiter carrys out interconnection in control strip.Risc processor and on-line debugging and Upper machine communication module are two main equipments in sheet on interconnection.
Having from equipment in sheet on interconnection: program memory ROM, data-carrier store RAM, crypto key memory, randomizer, security algorithm module, timer, interruptable controller, UART serial communication interface, spi bus controller, I2C bus controller, GPIO interface module, power supply changeover device, clock/reset generator.Initiatively bus can not be accessed from equipment, can only the passive response bus access of being initiated by main equipment.
As shown in Figure 4, in the embodiment of the present invention, embedded data security system is identical with quantity with the connection signal type of bus on chip with all main equipments that the bus on chip of SOC connects, and specifically comprises:
(1) main equipment address output signal m_addr_out [31:0];
(2) main equipment data input signal m_dada_in [31:0];
(3) main equipment data output signal m_data_out [31:0];
(4) main equipment gating output signal m_sel_out;
(5) main equipment is with effect output signal m_wr_out;
(6) main equipment is read effectively to output signal m_rd_out;
(7) main equipment response input signal m_ack_in.
Main equipment utilizes m_addr_out [31:0] signal to pass to bus on chip from by address information, m_data_in [31:0] signal is utilized to obtain data from bus on chip, utilize m_data_out [31:0] signal that its data is delivered to bus on chip, m_sel_out signal is utilized to send gating command to bus on chip, m_wr_out signal is utilized to send write operation order to bus on chip, utilize m_rd_out signal to send read operation order to bus on chip, utilize m_ack_in signal to obtain answer signal from bus on chip.
As shown in Figure 5, in the embodiment of the present invention, embedded data security system is all identical with quantity with the connection signal type of bus on chip from equipment with what the bus on chip of SOC connected, specifically comprises:
(1) from device address input signal s_addr_in [31:0];
(2) from device data input signal s_dada_in [31:0];
(3) from device data output signal s_data_out [31:0];
(4) from equipment selected input signal s_sel_in;
(5) from equipment with effect input signal s_wr_in;
(6) effective input signal s_rd_in is read from equipment;
(7) from device acknowledge output signal s_ack_out.
Address information is obtained from bus on chip from equipment utilization s_addr_in [31:0] signal, s_data_in [31:0] signal is utilized to obtain data from bus on chip, utilize s_data_out [31:0] signal that its data is delivered to bus on chip, s_sel_in signal is utilized to obtain gating command from bus on chip, m_wr_in signal is utilized to obtain write operation order from bus on chip, utilize s_rd_in signal to obtain read operation order from bus on chip, utilize s_ack_in signal that answer signal is passed to bus on chip.
Main equipment will write number operation to some from equipment, and its process is as follows:
The first step, main equipment is exported gated information by m_sel_out signal to bus on chip, is exported with effective information by m_wr_out, exported target address information by m_addr_out [31:0] signal, exports data message to be written by m_data_out [31:0] to bus on chip to bus on chip to bus on chip.Allly on bus on chip can pass through s_addr_in [31:0] Signal reception to the address information of main equipment, by the data message of s_dada_in [31:0] Signal reception to main equipment from equipment.
Second step, the address information that bus arbiter is transported to bus on chip according to main equipment is carried out decoding and chooses access destination (decoding rule is see table 1), and only target being set to effective status from s_sel_in and the s_wr_in signal of equipment, other s_sel_in and s_wr_in signal from equipment keeps disarmed state.
3rd step, when target is effective to s_sel_in and the s_wr_in signal of self from equipment Inspection, destination address will be obtained from the s_addr_in of self [31:0] signal, and target data is sent to bus on chip by self s_dada_out [31:0] signal, and send operation acknowledge information by the s_ack_out of self to bus on chip.
4th step, target is delivered to the m_ack_in signal of the main equipment of initiating write operation by bus arbiter by bus on chip from the operation acknowledge information of equipment.Main equipment, after receiving this response message, namely confirms that whole number of writing operates end.
Main equipment will carry out reading operation to some from equipment, and its process is as follows:
The first step, main equipment is exported gated information by m_sel_out signal to bus on chip, is exported with effective information by m_rd_out, exports target address information by m_addr_out [31:0] signal to bus on chip to bus on chip.Allly on bus on chip can pass through the address information of s_addr_in [31:0] Signal reception to main equipment from equipment.
Second step, the address information that bus arbiter is transported to bus on chip according to main equipment is carried out decoding and chooses access destination (decoding rule is see table 1), and only target being set to effective status from s_sel_in and the s_rd_in signal of equipment, other s_sel_in and s_rd_in signal from equipment keeps disarmed state;
3rd step, when target is effective to s_sel_in and the s_rd_in signal of self from equipment Inspection, destination address will be obtained from the s_addr_in of self [31:0] signal, and by the target area of the data write on self s_dada_in [31:0] signal self, then, operation acknowledge information is sent by the s_ack_out of self to bus on chip;
4th step, target is delivered to the m_ack_in signal of the main equipment of initiating write operation by bus arbiter by bus on chip from the operation acknowledge information of equipment.Main equipment, after receiving this response message, just obtains the data that will read by m_dada_in [31:0] signal of self immediately from bus on chip, then confirm that the operation of whole reading terminates.
As shown in Figure 3, Integration Bus moderator in embedded data security system SOC in the embodiment of the present invention, bus arbiter carrys out interconnection in ruling subsequent time sheet according to the sequencing of main equipment request of access and to which main equipment uses.Bus arbiter carrys out decoding according to the highest 7 bit address signals (i.e. m_addr_out [31:25]) of main equipment and determines that accessed target is from equipment, and decoding rule is as shown in table 1.
Table 1 bus arbiter address decoding table
[1]: x represents it both can is 1, also can be 0.
As shown in Figure 6, the embedded data security system inner integrated processor of SOC in the embodiment of the present invention, processor is the core of whole SOC, and it comprises integer processing unit, data buffer storage, instruction buffer and main device bus interface four ingredients.Adopt Harvard architecture, be configured with data buffer storage independent of one another and instruction buffer.Integer processing unit is connected with data buffer storage by data channel, is connected with instruction buffer by instruction path.This structure can make the data channel and instruction passage of processor separated from one another, avoids bus contention, contributes to the access efficiency improving data and instruction, and then improves the calculation processing power of processor.
Integer processing unit adopts OpenRisc standard, and OpenRisc is a kind of compacting instruction set processor, is abbreviated as RISC, it is organized by OpenCores and provides, be a kind of open instruction set based on GPL agreement, the mandate expense of great number can be saved, and then reduce the cost of product.
As shown in Figure 4, in the embodiment of the present invention, the risc processor of embedded data security system SOC is a main equipment on bus on chip, it adopts main device bus interface to be connected with bus on chip, the type of main device bus interface signal and quantity identical with the main device bus interface signal of other main equipment
Specifically comprise main equipment address signal output m_addr_out [31:0], main equipment data input signal m_dada_in [31:0], main equipment data-signal exports m_data_out [31:0], main equipment gating output signal m_sel_out, main equipment outputs signal m_wr_out with effect, main equipment reads effectively to output signal m_rd_out, main equipment replys input signal m_ack_in.Processor utilizes m_addr_out [31:0] signal to pass to bus on chip from by address information, m_data_in [31:0] signal is utilized to obtain data from bus on chip, utilize m_data_out [31:0] signal that its data is delivered to bus on chip, m_sel_out signal is utilized to send gating command to bus on chip, m_wr_out signal is utilized to send write operation order to bus on chip, utilize m_rd_out signal to send read operation order to bus on chip, utilize m_ack_in signal to obtain answer signal from bus on chip.
As shown in Figure 7, the inner integrated on-line debugging of embedded data security system SOC and Upper machine communication module in the embodiment of the present invention.This inside modules embeds USB from equipment interface, and SOC utilizes this module to be connected with host computer from equipment interface by USB, realizes communication.On-line debugging and Upper machine communication module have two kinds of mode of operations: on-line debugging pattern, upper machine communication pattern.Under on-line debugging pattern, host computer can access SOC internal resource by USB from equipment interface, as register, program memory ROM, data-carrier store RAM etc., and also can debug user programs and programming sheet internal program storer ROM.Under upper machine communication pattern, under the cooperation of corresponding bottom software and upper layer software (applications), the data interaction of SOC and host computer can be realized, as transmitted encryption and decryption data, more new key etc.The embodiment of the present invention devises the external pin signal DEBUG_MODE of a chip, is arranged the selection that can realize on-line debugging and Upper machine communication module mode of operation by the level of this pin.As shown in Figure 7, when DEBUG_MODE is high level, on-line debugging and Upper machine communication module are in online debugging mode; When DEBUG_MODE is low level, on-line debugging and Upper machine communication module are in upper machine communication pattern.
The on-line debugging of the embodiment of the present invention and Upper machine communication module are main equipments on bus on chip, it adopts main device bus interface to be connected with bus on chip, the type of main device bus interface signal and quantity identical with the main device bus interface signal of other main equipment, specifically comprise main equipment address signal and export m_addr_out [31:0], main equipment data input signal m_dada_in [31:0], main equipment data-signal exports m_data_out [31:0], main equipment gating output signal m_sel_out, main equipment is with effect output signal m_wr_out, main equipment is read effectively to output signal m_rd_out, main equipment response input signal m_ack_in.On-line debugging and Upper machine communication module utilize m_addr_out [31:0] signal to pass to bus on chip from by address information, m_data_in [31:0] signal is utilized to obtain data from bus on chip, utilize m_data_out [31:0] signal that its data is delivered to bus on chip, m_sel_out signal is utilized to send gating command to bus on chip, m_wr_out signal is utilized to send write operation order to bus on chip, m_rd_out signal is utilized to send read operation order to bus on chip, m_ack_in signal is utilized to obtain answer signal from bus on chip.
Embedded data security system SOC inner integrated program storer ROM in the embodiment of the present invention.As shown in Figure 8, program memory ROM inside comprises NOR FLASH memory that one piece of capacity is 2048K byte and from device bus interface.Wherein NOR FLASH memory is for storing the bottom layer application program of User Exploitation, is used for program memory ROM to be connected with bus on chip the exchange realizing data and order from device bus interface.
Program memory ROM be one of bus on chip from equipment, it is by being connected from device bus interface with bus on chip.Comprise from device address input signal s_addr_in [31:0] from the interface signal of device bus interface, from device data input signal s_dada_in [31:0], from device data output signal s_data_out [31:0], from equipment selected input signal s_sel_in, from equipment with imitating input signal s_wr_in, reading effective input signal s_rd_in from equipment, from device acknowledge output signal s_ack_out.Program memory ROM utilizes s_addr_in [31:0] signal to obtain address information from bus on chip, s_data_in [31:0] signal is utilized to obtain data from bus on chip, utilize s_data_out [31:0] signal that its data is delivered to bus on chip, s_sel_in signal is utilized to obtain gating command from bus on chip, s_wr_in signal is utilized to obtain write operation order from bus on chip, utilize s_rd_in signal to obtain read operation order from bus on chip, utilize s_ack_in signal that answer signal is passed to bus on chip.
The embedded data security system inner integrated data-storage RAM of SOC in the embodiment of the present invention.As shown in Figure 9, data-carrier store RAM inside comprises synchronous random access memory storer that one piece of capacity is 4096K byte and from device bus interface.Wherein synchronous random access memory storer is used for the bottom layer application program of run user exploitation, is used for data-carrier store RAM to be connected with bus on chip the exchange realizing data and order from device bus interface.
Data-carrier store RAM be one of bus on chip from equipment, it is by being connected from device bus interface with bus on chip.Comprise from device address input signal s_addr_in [31:0] from the interface signal of device bus interface, from device data input signal s_dada_in [31:0], from device data output signal s_data_out [31:0], from equipment selected input signal s_sel_in, from equipment with imitating input signal s_wr_in, reading effective input signal s_rd_in from equipment, from device acknowledge output signal s_ack_out.Data-carrier store RAM utilizes s_addr_in [31:0] signal to obtain address information from bus on chip, s_data_in [31:0] signal is utilized to obtain data from bus on chip, utilize s_data_out [31:0] signal that its data is delivered to bus on chip, s_sel_in signal is utilized to obtain gating command from bus on chip, s_wr_in signal is utilized to obtain write operation order from bus on chip, utilize s_rd_in signal to obtain read operation order from bus on chip, utilize s_ack_in signal that answer signal is passed to bus on chip.
The inner integrated randomizer of embedded data security system SOC in the embodiment of the present invention, its random number produced is for participating in security algorithm computing.As shown in Figure 10, randomizer inside comprise random number generating functon SJS_GEN, random number length register SJS_LEN_REG, random number buffer memory SJS_BUF, from device bus interface.Wherein random number generating functon SJS_GEN is used for producing random number, random number length register SJS_LEN_REG is used for setting the length of random number produced, random number buffer memory SJS_BUF is used for storing random number, be used for randomizer to be connected with bus on chip the exchange realizing data and order from device bus interface, the length of the random number that randomizer produces between 1 ~ 1024 bit, and can be arranged by user software.The random number length register SJS_LEN_REG designing 11 bits in the embodiment of the present invention arranges the length of random number, the random number produced is stored in the random number buffer memory SJS_BUF of 1024 × 32 bits, random number buffer memory SJS_BUF can store at most 32 groups of random numbers, and risc processor can access random number length register SJS_LEN_REG and random number buffer memory SJS_BUF by bus on chip.
Randomizer be one of bus on chip from equipment, it is by being connected from device bus interface with bus on chip.Comprise from device address input signal s_addr_in [31:0] from the interface signal of device bus interface, from device data input signal s_dada_in [31:0], from device data output signal s_data_out [31:0], from equipment selected input signal s_sel_in, from equipment with imitating input signal s_wr_in, reading effective input signal s_rd_in from equipment, from device acknowledge output signal s_ack_out.Randomizer utilizes s_addr_in [31:0] signal to obtain address information from bus on chip, s_data_in [31:0] signal is utilized to obtain data from bus on chip, utilize s_data_out [31:0] signal that its data is delivered to bus on chip, s_sel_in signal is utilized to obtain gating command from bus on chip, s_wr_in signal is utilized to obtain write operation order from bus on chip, utilize s_rd_in signal to obtain read operation order from bus on chip, utilize s_ack_in signal that answer signal is passed to bus on chip.
In the present invention, randomizer is built in SOC inside, and the random number length produced is controlled, the dirigibility that this method for designing can contribute to reduction system volume, and reduce system power dissipation, increases system.
The embedded data security system inner integrated security algoritic module of SOC in the embodiment of the present invention, this module is mainly used in carrying out security algorithm computing, as encryption, deciphering etc.As shown in figure 11, security algorithm module comprises and treats operational data buffer memory BUF_IN, operation result data buffer storage BUF_OUT, data security the algorithm matrix, algorithms selection register SF_SEL, from device bus interface.Wherein treat that operational data buffer memory BUF_IN is for the data to be calculated such as depositing, operation result data buffer storage BUF_OUT is for depositing the result after calculating, data security the algorithm matrix houses 8 cover security algorithms, algorithms selection register SF_SEL is current by which cover algorithm participation computing for selecting, and is used for randomizer to be connected with bus on chip the exchange realizing data and order from device bus interface.Treat the data of computing by host computer by USB interface through on-line debugging and Upper machine communication module, operational data buffer memory BUF_IN is treated again through bus on chip write, security algorithm module is peeked after computing from until computing buffer memory, result is write operation result data buffer storage BUF_OUT.Treat that the capacity of operational data buffer memory BUF_IN and operation result data buffer storage BUF_OUT is 1024 × 32 bits, processor can read operation result by bus on chip from operation result data buffer storage BUF_OUT.Embedded 8 sets of data security algorithms in data security the algorithm matrix in security algorithm module, concrete which cover algorithm that uses carries out computing, then decided by the state of algorithms selection register SF_SEL, when SF_SEL=" 000 ", data security algorithm 0 is effective; When SF_SEL=" 001 ", data security algorithm 1 is effective; When SF_SEL=" 010 ", data security algorithm 2 is effective; When SF_SEL=" 011 ", data security algorithm 3 is effective; When SF_SEL=" 100 ", data security algorithm 4 is effective; When SF_SEL=" 101 ", data security algorithm 5 is effective; When SF_SEL=" 110 ", data security algorithm 6 is effective; When SF_SEL=" 111 ", data security algorithm 7 is effective.As shown in Figure 6, treat that operational data buffer memory BUF_IN, operation result data buffer storage BUF_OUT, algorithms selection register SF_SEL all can be accessed by bus on chip.
Security algorithm module be one of bus on chip from equipment, it is by being connected from device bus interface with bus on chip.Comprise from device address input signal s_addr_in [31:0] from the interface signal of device bus interface, from device data input signal s_dada_in [31:0], from device data output signal s_data_out [31:0], from equipment selected input signal s_sel_in, from equipment with imitating input signal s_wr_in, reading effective input signal s_rd_in from equipment, from device acknowledge output signal s_ack_out.Security algorithm module utilizes s_addr_in [31:0] signal to obtain address information from bus on chip, s_data_in [31:0] signal is utilized to obtain data from bus on chip, utilize s_data_out [31:0] signal that its data is delivered to bus on chip, s_sel_in signal is utilized to obtain gating command from bus on chip, s_wr_in signal is utilized to obtain write operation order from bus on chip, utilize s_rd_in signal to obtain read operation order from bus on chip, utilize s_ack_in signal that answer signal is passed to bus on chip.
The inner integrated crypto key memory of embedded data security system SOC in the embodiment of the present invention.As shown in figure 12, crypto key memory comprises NOR FLASH memory and from device Host interface.Wherein, NOR FLASH memory is used for depositing user key, is used for crypto key memory to be connected with bus on chip the exchange realizing data and order from device bus interface.User key by USB interface through on-line debugging and Upper machine communication module, then can be write crypto key memory through bus on chip by host computer, takes for security algorithm module.The crypto key memory physics realization form that the embodiment of the present invention relates to is NOR FLASH memory, and capacity is 64 × 32bit.In order to protect the security of user key and illegally do not stolen, in crypto key memory, be designed to one-way data interface from device Host interface, the data channel be namely only written into, and the data channel be not read out.So just only allow bus on chip to write user key toward crypto key memory, and data can not be read from crypto key memory.
Crypto key memory be one of bus on chip from equipment, it is by being connected from device bus interface with bus on chip.Comprise from device address input signal s_addr_in [31:0] from the interface signal of device bus interface, from device data input signal s_dada_in [31:0] from equipment selected input signal s_sel_in, from equipment with effect input signal s_wr_in, from device acknowledge output signal s_ack_out.Crypto key memory utilizes s_addr_in [31:0] signal to obtain address information from bus on chip, s_data_in [31:0] signal is utilized to obtain data from bus on chip, s_sel_in signal is utilized to obtain gating command from bus on chip, utilize m_wr_in signal to obtain write operation order from bus on chip, utilize s_ack_in signal that answer signal is passed to bus on chip.As previously mentioned, in order to protect the security of user key and illegally do not stolen, in crypto key memory, be designed to one-way data interface from device Host interface, the data channel be namely only written into, and the data channel be not read out.Therefore, not the comprising from device data output signal s_data_out [31:0] and read effective input signal s_rd_in two groups of signals from equipment from device Host interface of crypto key memory.
In the embodiment of the present invention, the embedded data security system inner integrated timer of SOC, is used for carrying out timing.The precision of this timer is a system clock cycle, and the timed length of this timer is for be decided by duration register TIMER_LEN.Duration register TIMER_LEN is the register of 32 bit widths, therefore the timed length of this timer is a 32 powers system clock cycle of 2.Timer be one of bus on chip from equipment, it is by being connected from device bus interface with bus on chip.Comprise from device address input signal s_addr_in [31:0] from the interface signal of device bus interface, from device data input signal s_dada_in [31:0], from device data output signal s_data_out [31:0], from equipment selected input signal s_sel_in, from equipment with imitating input signal s_wr_in, reading effective input signal s_rd_in from equipment, from device acknowledge output signal s_ack_out.Timer utilizes s_addr_in [31:0] signal to obtain address information from bus on chip, s_data_in [31:0] signal is utilized to obtain data from bus on chip, utilize s_data_out [31:0] signal that its data is delivered to bus on chip, s_sel_in signal is utilized to obtain gating command from bus on chip, s_wr_in signal is utilized to obtain write operation order from bus on chip, utilize s_rd_in signal to obtain read operation order from bus on chip, utilize s_ack_in signal that answer signal is passed to bus on chip.
The inner integrated interruptable controller of embedded data security system SOC in the embodiment of the present invention, is used for managing and the interruption of each submodule generation in processing blades.As shown in figure 13, in the embodiment of the present invention, SOC has 9 interrupt sources: the interruption of spi bus controller, the interruption of I2C bus controller, timer interruption, the interruption of UART serial communication interface, the abnormal interruption of bus on chip, the interruption of security algorithm modules interrupts, on-line debugging and Upper machine communication module, outside input interruption 0, outside input interruption 1.Interruptable controller, according to time order and function order and interrupt priority level, processes these interrupt sources, forms interrupt vector table INT_LIST, and exports a total look-at-me and give processor.When processor carries out interrupt response, first read interrupt vector table INT_LIST by bus on chip, to be clearly which interrupt source is effective, and then process accordingly.Interruptable controller be one of bus on chip from equipment, it is by being connected from device bus interface with bus on chip.Comprise from device address input signal s_addr_in [31:0] from the interface signal of device bus interface, from device data input signal s_dada_in [31:0], from device data output signal s_data_out [31:0], from equipment selected input signal s_sel_in, from equipment with imitating input signal s_wr_in, reading effective input signal s_rd_in from equipment, from device acknowledge output signal s_ack_out.Interruptable controller utilizes s_addr_in [31:0] signal to obtain address information from bus on chip, s_data_in [31:0] signal is utilized to obtain data from bus on chip, utilize s_data_out [31:0] signal that its data is delivered to bus on chip, s_sel_in signal is utilized to obtain gating command from bus on chip, s_wr_in signal is utilized to obtain write operation order from bus on chip, utilize s_rd_in signal to obtain read operation order from bus on chip, utilize s_ack_in signal that answer signal is passed to bus on chip.
Embedded data security system SOC inner integrated UART serial communication interface, spi bus controller, I2C bus controller, GPIO interface module in the embodiment of the present invention, these modules, for connecting external unit, facilitate SOC to carry out Function Extension.The modules such as UART serial communication interface, spi bus controller, I2C bus controller and GPIO interface be bus on chip from equipment, they are connected with bus on chip from device bus interface by respective.Comprise from device address input signal s_addr_in [31:0] from the interface signal of device bus interface, from device data input signal s_dada_in [31:0], from device data output signal s_data_out [31:0], from equipment selected input signal s_sel_in, from equipment with imitating input signal s_wr_in, reading effective input signal s_rd_in from equipment, from device acknowledge output signal s_ack_out.ART serial communication interface, spi bus controller, the modules such as I2C bus controller and GPIO interface all utilize respective s_addr_in [31:0] signal to obtain address information from bus on chip, respective s_data_in [31:0] signal is utilized to obtain data from bus on chip, utilize respective s_data_out [31:0] signal that its data is delivered to bus on chip, respective s_sel_in signal is utilized to obtain gating command from bus on chip, respective s_wr_in signal is utilized to obtain write operation order from bus on chip, respective s_rd_in signal is utilized to obtain read operation order from bus on chip, utilize s_ack_in signal that answer signal is passed to bus on chip.
The embedded data security system inner integrated clock of SOC and reseting generator in the embodiment of the present invention, this module is an independently module, neither the main equipment of bus on chip, neither from equipment.Clock and reseting generator are mainly used to produce sheet clock signal and reset signal.Clock signal is by sheet internal clock network delivery to submodules all in sheet, and reset signal passes to submodules all in sheet by reseting network in sheet.
In general, the deep submicron integrated circuit explained hereafter chip product out of current main flow all has two kinds of power supplys, and one common are 3.3V for IO power vd D_IO(), its pin being chip provides power supply; Another kind of common are 1.8V, 1.2V etc. for core power VDD_CORE(), it is that the internal logic resource (as trigger, gate circuit etc.) of chip provides power supply.In order to make chip normally work, system is necessary for chip and provides two kinds of power supplys, and this will add the complexity of system.As shown in Figure 3, the embedded data security system inner integrated power supply converter of SOC in the embodiment of the present invention, it is input as sheet external power VDD, and its output has two-way, and a road is IO power vd D_IO, for the pin of chip provides power supply; Another road is core power VDD_CORE, for chip internal logical resource provides power supply; The mentality of designing of this Embedded power supply changeover device, make embedded data security system SOC in the embodiment of the present invention only need sheet external power VDD single power supply normally to work, and provide IO power vd D_IO and core power VDD_CORE two kinds of power supplys without the need to the external world.This mentality of designing can reduce the complicacy of system.In the embodiment of the present invention embedded data security system with the structure of the inner integrated power supply converter of SOC as shown in figure 14.
The above is the citing of best mode for carrying out the invention, and the part wherein do not addressed in detail is the common practise of those of ordinary skill in the art.Protection scope of the present invention is as the criterion with the content of claim, and any equivalent transformation carried out based on technology enlightenment of the present invention, also within protection scope of the present invention.
Claims (7)
1. a randomizer for embedded data security system SOC, is characterized in that: described randomizer inside comprise random number generating functon SJS_GEN, random number length register SJS_LEN_REG, random number buffer memory SJS_BUF, from device bus interface;
The random number that randomizer produces is for participating in security algorithm computing;
Random number generating functon SJS_GEN is used for producing random number;
Random number length register SJS_LEN_REG is used for setting the length of random number produced;
Random number buffer memory SJS_BUF is used for storing random number;
Be used for randomizer to be connected with bus on chip the exchange realizing data and order from device bus interface.
2. the randomizer of embedded data security system SOC as claimed in claim 1, is characterized in that: the length of the random number that described randomizer produces is between 1 ~ 1024 bit.
3. the randomizer of embedded data security system SOC as claimed in claim 2, it is characterized in that: the length of described random number is arranged by the random number length register SJS_LEN_REG of 11 bits, and the random number of generation is stored in the random number buffer memory SJS_BUF of 1024 × 32 bits.
4. the randomizer of embedded data security system SOC as claimed in claim 3, is characterized in that: described random number buffer memory SJS_BUF can store at most 32 groups of random numbers.
5. the randomizer of embedded data security system SOC as claimed in claim 4, is characterized in that: described randomizer be one of bus on chip from equipment, it is by being connected from device bus interface with bus on chip.
6. the randomizer of embedded data security system SOC as claimed in claim 5, is characterized in that: the described interface signal from device bus interface comprises from device address input signal s_addr_in [31:0], from device data input signal s_dada_in [31:0], from device data output signal s_data_out [31:0], from equipment selected input signal s_sel_in, from equipment with imitating input signal s_wr_in, reading effective input signal s_rd_in from equipment, from device acknowledge output signal s_ack_out.
7. the randomizer of embedded data security system SOC as claimed in claim 6, it is characterized in that: described randomizer utilizes s_addr_in [31:0] signal to obtain address information from bus on chip, s_data_in [31:0] signal is utilized to obtain data from bus on chip, utilize s_data_out [31:0] signal that its data is delivered to bus on chip, s_sel_in signal is utilized to obtain gating command from bus on chip, s_wr_in signal is utilized to obtain write operation order from bus on chip, s_rd_in signal is utilized to obtain read operation order from bus on chip, utilize s_ack_in signal that answer signal is passed to bus on chip 2.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410569051.6A CN104298486B (en) | 2014-10-23 | 2014-10-23 | A kind of randomizer of embedded data security system SOC |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410569051.6A CN104298486B (en) | 2014-10-23 | 2014-10-23 | A kind of randomizer of embedded data security system SOC |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104298486A true CN104298486A (en) | 2015-01-21 |
| CN104298486B CN104298486B (en) | 2018-02-27 |
Family
ID=52318231
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410569051.6A Expired - Fee Related CN104298486B (en) | 2014-10-23 | 2014-10-23 | A kind of randomizer of embedded data security system SOC |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104298486B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106775448A (en) * | 2016-11-15 | 2017-05-31 | 航天信息股份有限公司 | The file memory method and safety deleting method of a kind of encrypted card |
| CN108805537A (en) * | 2018-05-21 | 2018-11-13 | 郑州云海信息技术有限公司 | It is a kind of using TPM as the method and system of bit coin client stochastic source |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JPH11184676A (en) * | 1997-12-18 | 1999-07-09 | Norihei Tsuyusaki | Natural random number generating card |
| CN1573681A (en) * | 2003-06-24 | 2005-02-02 | 株式会社瑞萨科技 | Random number generator with ring oscillation circuit |
| US8156168B2 (en) * | 2006-08-17 | 2012-04-10 | University Of Miami | Method and system for data security |
-
2014
- 2014-10-23 CN CN201410569051.6A patent/CN104298486B/en not_active Expired - Fee Related
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JPH11184676A (en) * | 1997-12-18 | 1999-07-09 | Norihei Tsuyusaki | Natural random number generating card |
| CN1573681A (en) * | 2003-06-24 | 2005-02-02 | 株式会社瑞萨科技 | Random number generator with ring oscillation circuit |
| TWI286289B (en) * | 2003-06-24 | 2007-09-01 | Renesas Tech Corp | Random number generator |
| CN100399261C (en) * | 2003-06-24 | 2008-07-02 | 株式会社瑞萨科技 | Random number generator with ring oscillation circuit |
| US8156168B2 (en) * | 2006-08-17 | 2012-04-10 | University Of Miami | Method and system for data security |
Non-Patent Citations (1)
| Title |
|---|
| 俞俊: "数模混合SoC/IP——基于混沌的真随机数发生器的设计和实现", 《中国优秀博硕士学位论文全文数据库(硕士)-信息科学辑》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106775448A (en) * | 2016-11-15 | 2017-05-31 | 航天信息股份有限公司 | The file memory method and safety deleting method of a kind of encrypted card |
| CN108805537A (en) * | 2018-05-21 | 2018-11-13 | 郑州云海信息技术有限公司 | It is a kind of using TPM as the method and system of bit coin client stochastic source |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104298486B (en) | 2018-02-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104391770A (en) | Online debugging and upper computer communication module of SOC (system-on-chip) chip for embedded data security system | |
| CN104391813A (en) | SOC (system-on-chip) chip for embedded data security system | |
| CN109447225B (en) | High-speed safe encryption Micro SD card | |
| CN102724035B (en) | Encryption and decryption method for encrypt card | |
| CN102129592B (en) | Contact smart card | |
| CN205263808U (en) | SPI slave unit and SPI communication system | |
| CN102136046B (en) | High-speed low-power consumption safe secure digital (SD) card communicating method | |
| US20210073145A1 (en) | Securing data direct i/o for a secure accelerator interface | |
| CN102184366B (en) | External program security access architecture based on system on chip (SoC) and control method | |
| CN109284250A (en) | A kind of calculating acceleration system and its accelerated method based on large-scale F PGA chip | |
| CN106446724A (en) | Encryption/decryption apparatus, controller and encryption key protection method | |
| CN108470129A (en) | A kind of data protection special chip | |
| CN109241357A (en) | Chain structure model and its construction method, system and terminal device | |
| CN104850516B (en) | A kind of DDR Frequency Conversion Designs method and apparatus | |
| CN102136082B (en) | High-speed and low-power-consumption SD (Secure Digital) card | |
| CN1968085B (en) | Method for high-speed safety communication of intelligent card | |
| CN104298486A (en) | Random number generator of chip SOC for embedded data security system | |
| CN106528217A (en) | FPGA (Field Programmable Gate Array) program loading system and method | |
| CN102968396A (en) | Special data transmission module from flash chip to static random access memory (SRAM) chip | |
| CN106599677A (en) | Password control system and control method used for baseboard management controller | |
| CN102752104A (en) | Method for achieving symmetric cipher service based on intelligent card chip operating system (COS) | |
| CN208861323U (en) | A kind of high-speed secure encryption Micro SD card | |
| CN204390237U (en) | A kind of encryption and decryption card of Based PC I-E bussing technique | |
| CN104317744A (en) | Key memory of chip SOC for embedding-type data security system | |
| CN100511196C (en) | Data processing chip and memory device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20180227 Termination date: 20201023 |