CN104463026A - System and method for hardware anti-copying board - Google Patents
System and method for hardware anti-copying board Download PDFInfo
- Publication number
- CN104463026A CN104463026A CN201410741935.5A CN201410741935A CN104463026A CN 104463026 A CN104463026 A CN 104463026A CN 201410741935 A CN201410741935 A CN 201410741935A CN 104463026 A CN104463026 A CN 104463026A
- Authority
- CN
- China
- Prior art keywords
- data
- master controller
- hardware product
- product master
- hardware
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/76—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in application-specific integrated circuits [ASIC] or field-programmable devices, e.g. field-programmable gate arrays [FPGA] or programmable logic devices [PLD]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/73—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by creating or determining hardware identification, e.g. serial numbers
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Mathematical Physics (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Storage Device Security (AREA)
Abstract
The invention belongs to the technical field of copyright protection of a hardware product and particularly relates to a system and a method for a hardware anti-copying board. The system for the hardware anti-copying board comprises a hardware product main controller and an integrated circuit chip, wherein the hardware product main controller is used for calculating MAC (Media Access Control) data according to random data and a stored secret key and transmitting the random data to the integrated circuit chip; the integrated circuit chip is used for calculating another MAC data according to the random data transmitted by the hardware product main controller and transmitting back the MAC data to the hardware product main controller; the hardware product main controller judges whether two pieces of MAC data are equal and if the two pieces of MAC data are equal, authentication is passed and the hardware product main controller continuously executes; if the two pieces of MAC data are not equal, authentication is failed and the hardware product main controller resets the system or enters the endless loop. According to the invention, cloning is prevented in a bidirectional authentication manner and the safety class of the hardware product is greatly improved.
Description
Technical field
The invention belongs to the copyright protection technology field of hardware product, particularly relate to a kind of system and method for the anti-flight of hardware.
Background technology
A set of hardware product is made up of hardware and the software code be solidificated in hardware memory.Adopt reverse engineering can be easy to clone corresponding hardware product, the interests of infringement original product manufacturer, supplier and design corporation, are unfavorable for the benign development of industry.In prior art, common flight, clonal fashion have following several:
1) nonvolatile memories such as plate level Flash are adopted to deposit operation code; This storer is solidification, also still can preserve when power down; Being removed by the storer of original product is put in specific card reader, can read and leave memory inside total data in, the data programming of reading is entered on the hardware single board storer of clone, complete the flight of whole hardware product, the interests of infringement original product manufacturer.
2) system product for complexity (forms by overlapping PCB single board more, be connected on master control veneer by interface protocols such as PCI/PCIE/SATA/PC104 between each PCB), some board integration is very high, flight cost is very high, and some veneer flight cost is very low, malice rival may take the mode of replacing wherein certain one or more PCB to damage the interests of product vendor.
3) a lot of company does not have the manufacturing factory of oneself, it generates manufacture and gives third party foundries, company finishes product design, foundries PCB schematic diagram and corresponding software code is transferred to generate and burning program, the actual generation quantity of design corporation to foundries cannot strictly control, may go out modern factories utilizes schematic diagram and software code many generations product release to market, the interests of infringement design corporation.
4) for fast consumer market; product function is relatively simple; size of code is very little; the product in main control chip can be left in; because software leaves in main control chip; do not have exposed port to appear at outside chip, the code in storer can not directly read, and there will not be 1) in describe phenomenon and usually there will be 3) described by phenomenon.
Summary of the invention
The invention provides a kind of system and method for the anti-flight of hardware, be intended to solve existing hardware product and adopt reverse engineering to be easy to be cloned and to copy, infringement original product interests and be unfavorable for the technical matters of industry development.
The present invention realizes like this, a kind of system for the anti-flight of hardware, comprise hardware product master controller and integrated circuit (IC) chip, described hardware product master controller is used for the cipher key calculation MAC data according to random data and storage, and sends described random data to integrated circuit (IC) chip; The random data that described integrated circuit (IC) chip is used for transmitting according to hardware product master controller calculates another MAC data, and this MAC data is returned to hardware product master controller; Described hardware product master controller judges that whether two MAC data are equal, if two MAC data are equal, then certification is passed through, and described hardware product master controller continues to perform; If two MAC data are unequal, then authentification failure, described hardware product master controller resetting system or enter endless loop.
The technical scheme that the embodiment of the present invention is taked also comprises: described hardware product master controller comprises memory module, AES/SHA algoritic module, data transmitting module, data read module and the first data judge module;
Described memory module is used for the primary key needed for authentication storage;
Described AES/SHA algoritic module is used for the key of random data and the storage produced by hardware product master controller, calls AES/SHA algorithm and calculates MAC data;
Described data transmitting module is used for calculating the random data of MAC data or/and MAC data sends integrated circuit (IC) chip to by being used for;
Described data read module is for reading MAC data or the supplemental characteristic of integrated circuit (IC) chip passback;
Whether described first data judge module is equal with the MAC data that integrated circuit (IC) chip returns for the MAC data judging AES/SHA algoritic module and calculate, if the MAC data that AES/SHA algoritic module calculates is equal with the MAC data that integrated circuit (IC) chip returns, then certification is passed through, and hardware product master controller continues to perform; If the MAC data that calculates of AES/SHA algoritic module and the MAC data that returns of integrated circuit (IC) chip unequal, then authentification failure, hardware product master controller resetting system or enter endless loop.
The technical scheme that the embodiment of the present invention is taked also comprises: described integrated circuit (IC) chip comprises storer, initialising subscriber ID micro-order module, initializer event data micro-order module, initialization key micro-order module, host machine authentication legitimacy micro-order module, the 3rd data judge module;
Described storer is used for the supplemental characteristic that the sequence number of storage hardware product, the primary key needed for certification and system boot normally work;
Described initialising subscriber ID micro-order module, initializer event data micro-order module and initialization key micro-order module: for the initialization of integrated circuit (IC) chip;
The random data that described host machine authentication legitimacy micro-order module is used for being transmitted by hardware product master controller, or/and MAC data starts AES/SHA hardware engine, calculates MAC data, and MAC data is returned to hardware product master controller;
Whether described 3rd data judge module mates with the MAC data that hardware product master controller transmits for the MAC data judging host machine authentication legitimacy micro-order module and calculate, if the MAC data that host machine authentication legitimacy micro-order module calculates is mated with the MAC data that hardware product master controller transmits, then the supplemental characteristic prestored in memory is returned to hardware product master controller; If the MAC data that host machine authentication legitimacy micro-order module calculates is not mated with the MAC data that hardware product master controller transmits, then return full FF or full 0 to hardware product master controller.
The technical scheme that the embodiment of the present invention is taked also comprises: described hardware product master controller also comprises the second data judge module, described second data judge module is used for being decrypted process by preset decipherment algorithm to the supplemental characteristic that integrated circuit (IC) chip returns, recover former data, and judge that whether the supplemental characteristic returned is correct, if the supplemental characteristic of passback is correct, configure corresponding power up function according to supplemental characteristic, hardware product normally works; If the supplemental characteristic of passback is incorrect, hardware product master controller can not normal boot-strap work.
The technical scheme that the embodiment of the present invention is taked also comprises: described hardware product master controller also comprises key updating module, and described integrated circuit (IC) chip also comprises more new key micro-order module;
Described key updating module is used at regular intervals, calculate a new key in hardware product master controller inside by AES/SHA algorithm according to primary key, random data and a part of device data, update process is carried out to the primary key in memory module;
Described more new key micro-order module is used at regular intervals, the random data brought according to the primary key stored in storer, hardware product master controller and a part of device data calculate a new key, carry out update process to the primary key in storer.
The technical scheme that the embodiment of the present invention is taked also comprises: described integrated circuit (IC) chip also comprises renovator event data micro-order module and reading device data micro-order module; Could read/write data therebetween after described renovator event data micro-order module and reading device data micro-order module require integrated circuit (IC) chip and the certification of hardware product master controller to pass through.
Another technical scheme that the embodiment of the present invention is taked is: a kind of method for the anti-flight of hardware, comprising:
Step a: produce random data by hardware product master controller, according to the cipher key calculation MAC1 data of this random data and storage, and sends the random data being used for calculating MAC1 to integrated circuit (IC) chip;
Step b: the random data transmitted by hardware product master controller starts the AES/SHA hardware engine in integrated circuit (IC) chip, calculates MAC2 data, and MAC2 data or supplemental characteristic are returned to hardware product master controller according to this random data;
Step c: read MAC2 data by hardware product master controller, and judge that whether MAC1 data are equal with MAC2 data, if MAC1 data are equal with MAC2 data, certification is passed through, hardware product master controller continues to perform; If MAC1 data and MAC2 data unequal, authentification failure, hardware product master controller resetting system or enter endless loop; Or, the supplemental characteristic of integrated circuit (IC) chip passback is read by hardware product master controller, and judge whether the supplemental characteristic returned is correct supplemental characteristic, if the supplemental characteristic of passback is not correct supplemental characteristic, hardware product master controller can not normal boot-strap work; If the supplemental characteristic of passback is correct supplemental characteristic, configure corresponding power up function according to this supplemental characteristic, hardware product master controller continues to perform.
The technical scheme that the embodiment of the present invention is taked also comprises: in described step b, if integrated circuit (IC) chip passback is supplemental characteristic, also comprise in described step c: if MAC1 data are equal with MAC2 data, hardware product master controller continues to produce random data, according to the key of this random data and storage, call AES/SHA algorithm and calculate MAC3 data, and the random data being used for calculating MAC3 data is sent to integrated circuit (IC) chip together with MAC3 data, integrated circuit (IC) chip calculates MAC4 data by this random data, and judge whether MAC4 data mate with MAC3 data, if MAC4 data and MAC3 Data Matching, the supplemental characteristic be pre-stored in integrated circuit (IC) chip storer is returned to hardware product master controller, if MAC4 data are not mated with MAC3 data, return full FF or full 0 to hardware product master controller.
The technical scheme that the embodiment of the present invention is taked also comprises: in described step c, the supplemental characteristic of described integrated circuit (IC) chip passback can be enciphered data or non-encrypted data, if the supplemental characteristic of passback is enciphered data, hardware product master controller is decrypted process according to preset decipherment algorithm to return data, and recovers former data.
The technical scheme that the embodiment of the present invention is taked also comprises: also comprise after described step c: at regular intervals, hardware product master controller and integrated circuit (IC) chip key updating mode according to a preconcerted arrangement carries out update process to primary key, and again carry out mutual certification according to the key of legal sequence number and renewal, if certification is passed through, hardware product normally works; If certification is not passed through, hardware product master controller does not work and cuts out immediately.
Primary key needed for the sequence number of hardware product, certification is registered to integrated circuit (IC) chip by the system and method for the anti-flight of hardware of the embodiment of the present invention, when system boot, hardware product master controller and integrated circuit (IC) chip carry out mutual certification, after certification is passed through, hardware product master controller continues to perform; Certification is not passed through, then hardware product master controller resetting system or enter endless loop; And according to legal sequence number with the key updating mode that integrated circuit (IC) chip is appointed, update process is carried out to key at regular intervals, and again carry out mutual certification according to the key upgraded, when certification is passed through, hardware product normally works, when certification is obstructed out-of-date, hardware product master controller does not work and cuts out immediately; The present invention prevents clone from copying by the mode of two-way authentication, greatly improves the safe class of hardware product.
Accompanying drawing explanation
Fig. 1 is the structural representation of the system for the anti-flight of hardware of the embodiment of the present invention;
Fig. 2 is the process flow diagram of the method for the anti-flight of hardware of first embodiment of the invention;
Fig. 3 is the process flow diagram of the method for the anti-flight of hardware of second embodiment of the invention.
Embodiment
In order to make object of the present invention, technical scheme and advantage clearly understand, below in conjunction with drawings and Examples, the present invention is further elaborated.Should be appreciated that specific embodiment described herein only in order to explain the present invention, be not intended to limit the present invention.
Referring to Fig. 1, is the structural representation of the system for the anti-flight of hardware of the embodiment of the present invention.The system for the anti-flight of hardware of the embodiment of the present invention comprises hardware product master controller and integrated circuit (IC) chip, hardware product master controller is used for calculating MAC (Media Access Control according to the key of random data and storage by identifying algorithm, address) data, and send this random data to integrated circuit (IC) chip; Integrated circuit (IC) chip is used for calculating another MAC data according to this random data by identifying algorithm, and this MAC data is returned to hardware product master controller; Judge that whether two MAC data are equal by hardware product master controller, if two MAC data are equal, then certification is passed through, and hardware product master controller continues to perform; If two MAC data are unequal, then authentification failure, hardware product master controller resetting system or enter endless loop; Wherein, identifying algorithm comprises AES (Advanced Encryption Standard, Advanced Encryption Standard) or SHA (Secure Hash Algorithm, Secure Hash Algorithm), hardware product master controller can be DSP, FPGA, 8051, ARM etc.
The authentication mode of hardware product master controller and integrated circuit (IC) chip certification mutually comprises two kinds, can according to concrete application scenarios selective authenticate mode:
Authentication mode 1: produce a random data by hardware product master controller, according to the key of this random data and storage, calls AES/SHA algorithm and calculates MAC1 data, and send the random data being used for calculating MAC1 to integrated circuit (IC) chip; The random data transmitted by hardware product master controller starts the AES/SHA hardware engine in integrated circuit (IC) chip, calls AES/SHA algorithm and calculates MAC2 data according to this random data, and by MAC2 data back to hardware product master controller; Read MAC2 data by hardware product master controller, and judge that whether MAC1 data are equal with MAC2 data, if MAC1 data are equal with MAC2 data, then certification is passed through, and hardware product master controller continues to perform; If MAC1 data and MAC2 data unequal, then authentification failure, hardware product master controller resetting system or enter endless loop.
Authentication mode 2: the important parameter data pre-storage normally working required by system boot is in integrated circuit (IC) chip storer; Produce a random data by hardware product master controller, according to the key of this random data and storage, call AES/SHA algorithm and calculate MAC1 data, and send the random data being used for calculating MAC1 to integrated circuit (IC) chip; The random data transmitted by hardware product master controller starts the AES/SHA hardware engine in integrated circuit (IC) chip, calls AES/SHA algorithm and calculates MAC2 data according to this random data, and by MAC2 data back to hardware product master controller; Read MAC2 data by hardware product master controller, and judge that whether MAC1 data equal with MAC2 data, if MAC1 data and MAC2 data unequal, then authentification failure, hardware product master controller resetting system or enter endless loop; If MAC1 data are equal with MAC2 data, then certification is passed through, hardware product master controller continues generation random data, according to the key of this random data and storage, call AES/SHA algorithm and calculate MAC3 data, and the random data being used for calculating MAC3 data is sent to integrated circuit (IC) chip together with MAC3 data; Integrated circuit (IC) chip calculates MAC4 data by this random data, and judge whether MAC4 data mate with MAC3 data, if MAC4 data and MAC3 Data Matching, then return to hardware product master controller by the supplemental characteristic be pre-stored in integrated circuit (IC) chip storer; If MAC4 data are not mated with MAC3 data, then return full FF or full 0 to hardware product master controller; After hardware product master controller reads the data of integrated circuit (IC) chip passback, with preset decipherment algorithm, process is decrypted to return data, recover former data, and judge whether the data returned are correct supplemental characteristics, if the data of passback are correct supplemental characteristics, then configure corresponding power up function according to this supplemental characteristic, hardware product normally works; If the data of passback are not correct supplemental characteristics, hardware product master controller can not normal boot-strap work; Wherein, the supplemental characteristic be pre-stored in integrated circuit (IC) chip storer can be enciphered data or non-encrypted data, specifically can be selected according to different safe classes by hardware product master controller.
Particularly, hardware product master controller comprises memory module, AES/SHA algoritic module, data transmitting module, data read module, the first data judge module, the second data judge module and key updating module, wherein, memory module, AES/SHA algoritic module and key updating module are software function;
Memory module is used for the primary key needed for authentication storage; In embodiments of the present invention, hardware product master controller is different according to different safe class implementations to the memory mechanism of key; Require high occasion to safe class, hardware product master controller is preserved after wanting first encryption to key again;
AES/SHA algoritic module is used for the cipher key calculation MAC data of random data and the storage produced by hardware product master controller; Wherein, hardware product master controller realizes the AES/SHA algorithm identical with integrated circuit (IC) chip by related software, and this software runs in the mode of APP, when starting shooting by running this software authentication function APP;
Data transmitting module is used for calculating the random data of MAC data or/and MAC data sends integrated circuit (IC) chip to by being used for;
Data read module is for reading MAC data or the supplemental characteristic of integrated circuit (IC) chip passback;
Whether the first data judge module is equal with the MAC data that integrated circuit (IC) chip returns for the MAC data judging AES/SHA algoritic module and calculate, if the MAC data that AES/SHA algoritic module calculates is equal with the MAC data that integrated circuit (IC) chip returns, then certification is passed through, and hardware product master controller continues to perform; If the MAC data that calculates of AES/SHA algoritic module and the MAC data that returns of integrated circuit (IC) chip unequal, then authentification failure, hardware product master controller resetting system or enter endless loop;
Second data judge module is used for being decrypted process by preset decipherment algorithm to the supplemental characteristic that integrated circuit (IC) chip returns, recover former data, and judge that whether the supplemental characteristic returned is correct, if the supplemental characteristic of passback is correct, configure corresponding power up function according to supplemental characteristic, hardware product normally works; If the supplemental characteristic of passback is incorrect, hardware product master controller can not normal boot-strap work;
Key updating module is used at regular intervals, and the key updating mode according to appointing with integrated circuit (IC) chip carries out update process to the primary key in memory module; Key updating mode is: calculate a new key in hardware product master controller inside by AES/SHA algorithm according to primary key, random data and a part of device data; Hardware product master controller carries out mutual certification again according to the key after legal sequence number and renewal and integrated circuit (IC) chip, and when certification is passed through, hardware product normally works; When certification is obstructed out-of-date, hardware product master controller does not work and cuts out immediately; And after certification completes, remove this new key, load from memory module again when next time uses and decipher rear use; Wherein, the present invention, by upgrading key at regular intervals and carrying out certification again, effectively increases safe class, and certification can set according to safe class interval time, and safe class is higher, and certification is shorter for interval time.
Integrated circuit (IC) chip comprises storer, initialising subscriber ID micro-order module, initializer event data micro-order module, initialization key micro-order module, host machine authentication legitimacy micro-order module, the 3rd data judge module, more new key micro-order module, renovator event data micro-order module and reading device data micro-order module;
The data such as the parameter that storer normally works for the sequence number of storage hardware product, the primary key needed for certification and system boot; Wherein, first the primary key needed for the sequence number of hardware product, certification is registered in integrated circuit (IC) chip storer, to obtain the legal right to use, hardware product operationally, at regular intervals, mutual certification is carried out according to legal sequence number with the key that the key updating mode that integrated circuit (IC) chip is appointed upgrades; Storer is nonvolatile memory, stores content do not lose when power down; The supplemental characteristic prestored in memory can be enciphered data or non-encrypted data, specifically can be selected according to different safe classes by hardware product master controller;
Initialising subscriber ID micro-order module, initializer event data micro-order module and initialization key micro-order module: for the initialization of integrated circuit (IC) chip, these three micro-order modules of integrated circuit (IC) chip automatic shield after initialization completes, after the conductively-closed of three micro-order modules, follow-up restart or re-power all can not re-use, to ensure the security of integrated circuit (IC) chip; Initialising subscriber ID micro-order module, initializer event data micro-order module and initialization key micro-order module are not operated by hardware product master controller, but completed by burn recording software before integrated circuit (IC) chip is welded to PCB, hardware product master controller can not be revised again, does not also need to retain corresponding software APP;
The random data that host machine authentication legitimacy micro-order module is used for being transmitted by hardware product master controller, or/and MAC data starts AES/SHA hardware engine, calculates MAC data and MAC data is returned to hardware product master controller;
Whether the 3rd data judge module mates with the MAC data that hardware product master controller transmits for the MAC data judging host machine authentication legitimacy micro-order module and calculate, if the MAC data that host machine authentication legitimacy micro-order module calculates is mated with the MAC data that hardware product master controller transmits, then the supplemental characteristic prestored in memory is returned to hardware product master controller; If the MAC data that host machine authentication legitimacy micro-order module calculates is not mated with the MAC data that hardware product master controller transmits, then return full FF or full 0 to hardware product master controller;
More new key micro-order module is used at regular intervals, and key updating mode good according to a preconcerted arrangement carries out update process to the primary key in storer; Key updating mode is: the random data brought according to the primary key stored in storer, hardware product master controller and a part of device data calculate a new key; Integrated circuit (IC) chip carries out mutual certification again according to the key after legal sequence number and renewal and hardware product master controller; Wherein, the security of AES/SHA algorithm all concentrates on key, and the primary key stored in integrated circuit (IC) chip storer is not readable, can only be upgraded by more new key micro-order module, and key after upgrading is not readable yet;
Renovator event data micro-order module and reading device data micro-order module: require that integrated circuit (IC) chip and the certification of hardware product master controller could read/write data therebetween by rear (integrated circuit (IC) chip is called the MAC data that AES/SHA engine calculates and mated with the MAC data that hardware product master controller transmits).
Referring to Fig. 2, is the process flow diagram of the method for the anti-flight of hardware of first embodiment of the invention.The method for the anti-flight of hardware of first embodiment of the invention comprises the following steps:
Step 100: the primary key needed for the sequence number of hardware product, certification and system boot are normally worked the data pre-storages such as required parameter in integrated circuit (IC) chip storer;
Step 110: produce a random data by hardware product master controller, according to the key of this random data and storage, calls AES/SHA algorithm and calculates MAC1 data, and send the random data being used for calculating MAC1 to integrated circuit (IC) chip;
Step 120: the random data transmitted by hardware product master controller starts the AES/SHA hardware engine in integrated circuit (IC) chip, call AES/SHA algorithm and calculate MAC2 data according to this random data, and by MAC2 data back to hardware product master controller;
Step 130: read MAC2 data by hardware product master controller, and judge that whether MAC1 data equal with MAC2 data, if MAC1 data and MAC2 data unequal, execution step 140; If MAC1 data are equal with MAC2 data, perform step 150;
Step 140: authentification failure, hardware product master controller resetting system or enter endless loop;
Step 150: certification is passed through, hardware product master controller continues to perform;
Step 160: at regular intervals, the key updating mode that hardware product master controller and integrated circuit (IC) chip are good according to a preconcerted arrangement carries out update process to primary key, and again carry out mutual certification according to the key of legal sequence number and renewal, if certification is passed through, perform step 170; If certification is not passed through, perform step 180;
In a step 160, key updating mode is: hardware product master controller calculates a new key in hardware product master controller inside by AES/SHA algorithm according to primary key, random data and a part of device data, and the random data that integrated circuit (IC) chip is brought according to the primary key stored in storer, hardware product master controller and a part of device data calculate a new key.
Step 170: hardware product normally works;
Step 180: hardware product master controller does not work and cuts out immediately.
Referring to Fig. 3, is the process flow diagram of the method for the anti-flight of hardware of second embodiment of the invention.The method for the anti-flight of hardware of second embodiment of the invention comprises the following steps:
Step 200: the primary key needed for the sequence number of hardware product, certification and system boot are normally worked the data pre-storages such as required parameter in integrated circuit (IC) chip storer;
In step 200, the supplemental characteristic be pre-stored in integrated circuit (IC) chip storer can be enciphered data or non-encrypted data, specifically can be selected according to different safe classes by hardware product master controller.
Step 210: produce a random data by hardware product master controller, according to the key of this random data and storage, calls AES/SHA algorithm and calculates MAC1 data, and send the random data being used for calculating MAC1 to integrated circuit (IC) chip;
Step 220: the random data transmitted by hardware product master controller starts the AES/SHA hardware engine in integrated circuit (IC) chip, call AES/SHA algorithm and calculate MAC2 data according to this random data, and by MAC2 data back to hardware product master controller;
Step 230: read MAC2 data by hardware product master controller, and judge that whether MAC1 data equal with MAC2 data, if MAC1 data and MAC2 data unequal, execution step 240; If if MAC1 data are equal with MAC2 data, perform step 250;
Step 240: hardware product master controller resetting system or enter endless loop;
Step 250: hardware product master controller continues generation random data, according to the key of this random data and storage, call AES/SHA algorithm and calculate MAC3 data, and the random data being used for calculating MAC3 data is sent to integrated circuit (IC) chip together with MAC3 data;
Step 260: integrated circuit (IC) chip calculates MAC4 data by this random data, and judge whether MAC4 data mate with MAC3 data, if MAC4 data are not mated with MAC3 data, perform step 270; If MAC4 data and MAC3 Data Matching, perform step 280;
Step 270: return full FF or full 0 to hardware product master controller, and perform step 290;
Step 280: the supplemental characteristic be pre-stored in integrated circuit (IC) chip storer is returned to hardware product master controller;
Step 290: the data being read integrated circuit (IC) chip passback by hardware product master controller, according to preset decipherment algorithm, process is decrypted to return data, recover former data, and judge whether the data returned are correct supplemental characteristics, if the data of passback are not correct supplemental characteristics, perform step 300; If the data of passback are correct supplemental characteristics, perform step 310;
Step 300: authentification failure, hardware product master controller can not normal boot-strap work;
Step 310: configure corresponding power up function according to this supplemental characteristic, hardware product master controller continues to perform;
Step 320: at regular intervals, the key updating mode that hardware product master controller and integrated circuit (IC) chip are good according to a preconcerted arrangement carries out update process to primary key, and again carry out mutual certification according to the key of legal sequence number and renewal, if certification is passed through, perform step 330; If certification is not passed through, perform step 340;
In step 320, key updating mode is: hardware product master controller calculates a new key in hardware product master controller inside by AES/SHA algorithm according to primary key, random data and a part of device data, and the random data that integrated circuit (IC) chip is brought according to the primary key stored in storer, hardware product master controller and a part of device data calculate a new key.
Step 330: hardware product normally works;
Step 340: hardware product master controller does not work and cuts out immediately.
Primary key needed for the sequence number of hardware product, certification is registered to integrated circuit (IC) chip by the system and method for the anti-flight of hardware of the embodiment of the present invention, when system boot, hardware product master controller and integrated circuit (IC) chip carry out mutual certification, after certification is passed through, hardware product master controller continues to perform; Certification is not passed through, then hardware product master controller resetting system or enter endless loop; And according to legal sequence number with the key updating mode that integrated circuit (IC) chip is appointed, update process is carried out to key at regular intervals, and again carry out mutual certification according to the key upgraded, when certification is passed through, hardware product normally works, when certification is obstructed out-of-date, hardware product master controller does not work and cuts out immediately; The present invention prevents clone from copying by the mode of two-way authentication, greatly improves the safe class of hardware product.
The foregoing is only preferred embodiment of the present invention, not in order to limit the present invention, all any amendments done within the spirit and principles in the present invention, equivalent replacement and improvement etc., all should be included within protection scope of the present invention.
Claims (10)
1. the system for the anti-flight of hardware, it is characterized in that: comprise hardware product master controller and integrated circuit (IC) chip, described hardware product master controller is used for the cipher key calculation MAC data according to random data and storage, and sends described random data to integrated circuit (IC) chip; The random data that described integrated circuit (IC) chip is used for transmitting according to hardware product master controller calculates another MAC data, and this MAC data is returned to hardware product master controller; Described hardware product master controller judges that whether two MAC data are equal, if two MAC data are equal, then certification is passed through, and described hardware product master controller continues to perform; If two MAC data are unequal, then authentification failure, described hardware product master controller resetting system or enter endless loop.
2. the system for the anti-flight of hardware according to claim 1, is characterized in that, described hardware product master controller comprises memory module, AES/SHA algoritic module, data transmitting module, data read module and the first data judge module;
Described memory module is used for the primary key needed for authentication storage;
Described AES/SHA algoritic module is used for the key of random data and the storage produced by hardware product master controller, calls AES/SHA algorithm and calculates MAC data;
Described data transmitting module is used for calculating the random data of MAC data or/and MAC data sends integrated circuit (IC) chip to by being used for;
Described data read module is for reading MAC data or the supplemental characteristic of integrated circuit (IC) chip passback;
Whether described first data judge module is equal with the MAC data that integrated circuit (IC) chip returns for the MAC data judging AES/SHA algoritic module and calculate, if the MAC data that AES/SHA algoritic module calculates is equal with the MAC data that integrated circuit (IC) chip returns, then certification is passed through, and hardware product master controller continues to perform; If the MAC data that calculates of AES/SHA algoritic module and the MAC data that returns of integrated circuit (IC) chip unequal, then authentification failure, hardware product master controller resetting system or enter endless loop.
3. the system for the anti-flight of hardware according to claim 2, it is characterized in that, described integrated circuit (IC) chip comprises storer, initialising subscriber ID micro-order module, initializer event data micro-order module, initialization key micro-order module, host machine authentication legitimacy micro-order module, the 3rd data judge module;
Described storer is used for the supplemental characteristic that the sequence number of storage hardware product, the primary key needed for certification and system boot normally work;
Described initialising subscriber ID micro-order module, initializer event data micro-order module and initialization key micro-order module: for the initialization of integrated circuit (IC) chip;
The random data that described host machine authentication legitimacy micro-order module is used for being transmitted by hardware product master controller, or/and MAC data starts AES/SHA hardware engine, calculates MAC data, and MAC data is returned to hardware product master controller;
Whether described 3rd data judge module mates with the MAC data that hardware product master controller transmits for the MAC data judging host machine authentication legitimacy micro-order module and calculate, if the MAC data that host machine authentication legitimacy micro-order module calculates is mated with the MAC data that hardware product master controller transmits, then the supplemental characteristic prestored in memory is returned to hardware product master controller; If the MAC data that host machine authentication legitimacy micro-order module calculates is not mated with the MAC data that hardware product master controller transmits, then return full FF or full 0 to hardware product master controller.
4. the system for the anti-flight of hardware according to claim 3, it is characterized in that, described hardware product master controller also comprises the second data judge module, described second data judge module is used for being decrypted process by preset decipherment algorithm to the supplemental characteristic that integrated circuit (IC) chip returns, recover former data, and judge that whether the supplemental characteristic returned is correct, if the supplemental characteristic of passback is correct, configure corresponding power up function according to supplemental characteristic, hardware product normally works; If the supplemental characteristic of passback is incorrect, hardware product master controller can not normal boot-strap work.
5. the system for the anti-flight of hardware according to Claims 2 or 3, is characterized in that, described hardware product master controller also comprises key updating module, and described integrated circuit (IC) chip also comprises more new key micro-order module;
Described key updating module is used at regular intervals, calculate a new key in hardware product master controller inside by AES/SHA algorithm according to primary key, random data and a part of device data, update process is carried out to the primary key in memory module;
Described more new key micro-order module is used at regular intervals, the random data brought according to the primary key stored in storer, hardware product master controller and a part of device data calculate a new key, carry out update process to the primary key in storer.
6. the system for the anti-flight of hardware according to claim 3, is characterized in that, described integrated circuit (IC) chip also comprises renovator event data micro-order module and reading device data micro-order module; Could read/write data therebetween after described renovator event data micro-order module and reading device data micro-order module require integrated circuit (IC) chip and the certification of hardware product master controller to pass through.
7., for a method for the anti-flight of hardware, comprising:
Step a: produce random data by hardware product master controller, according to the cipher key calculation MAC1 data of this random data and storage, and sends the random data being used for calculating MAC1 to integrated circuit (IC) chip;
Step b: the random data transmitted by hardware product master controller starts the AES/SHA hardware engine in integrated circuit (IC) chip
,calculate MAC2 data according to this random data, and MAC2 data or supplemental characteristic are returned to hardware product master controller;
Step c: read MAC2 data by hardware product master controller, and judge that whether MAC1 data are equal with MAC2 data, if MAC1 data are equal with MAC2 data, certification is passed through, hardware product master controller continues to perform; If MAC1 data and MAC2 data unequal, authentification failure, hardware product master controller resetting system or enter endless loop; Or, the supplemental characteristic of integrated circuit (IC) chip passback is read by hardware product master controller, and judge whether the supplemental characteristic returned is correct supplemental characteristic, if the supplemental characteristic of passback is not correct supplemental characteristic, hardware product master controller can not normal boot-strap work; If the supplemental characteristic of passback is correct supplemental characteristic, configure corresponding power up function according to this supplemental characteristic, hardware product master controller continues to perform.
8. the method for the anti-flight of hardware according to claim 7, it is characterized in that: in described step b, if integrated circuit (IC) chip passback is supplemental characteristic, also comprise in described step c: if MAC1 data are equal with MAC2 data, hardware product master controller continues to produce random data, according to the key of this random data and storage, call AES/SHA algorithm and calculate MAC3 data, and the random data being used for calculating MAC3 data is sent to integrated circuit (IC) chip together with MAC3 data, integrated circuit (IC) chip calculates MAC4 data by this random data, and judge whether MAC4 data mate with MAC3 data, if MAC4 data and MAC3 Data Matching, the supplemental characteristic be pre-stored in integrated circuit (IC) chip storer is returned to hardware product master controller, if MAC4 data are not mated with MAC3 data, return full FF or full 0 to hardware product master controller.
9. the method for the anti-flight of hardware according to claim 8, it is characterized in that: in described step c, the supplemental characteristic of described integrated circuit (IC) chip passback can be enciphered data or non-encrypted data, if the supplemental characteristic of passback is enciphered data, hardware product master controller is decrypted process according to preset decipherment algorithm to return data, and recovers former data.
10. the method for the anti-flight of hardware according to claim 7, it is characterized in that: also comprise after described step c: at regular intervals, hardware product master controller and integrated circuit (IC) chip key updating mode according to a preconcerted arrangement carries out update process to primary key, and again carry out mutual certification according to the key of legal sequence number and renewal, if certification is passed through, hardware product normally works; If certification is not passed through, hardware product master controller does not work and cuts out immediately.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410741935.5A CN104463026B (en) | 2014-12-08 | 2014-12-08 | A kind of system and method for the anti-flight of hardware |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410741935.5A CN104463026B (en) | 2014-12-08 | 2014-12-08 | A kind of system and method for the anti-flight of hardware |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104463026A true CN104463026A (en) | 2015-03-25 |
| CN104463026B CN104463026B (en) | 2017-11-07 |
Family
ID=52909045
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410741935.5A Active CN104463026B (en) | 2014-12-08 | 2014-12-08 | A kind of system and method for the anti-flight of hardware |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104463026B (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105512574A (en) * | 2015-12-08 | 2016-04-20 | 李灵超 | Anti-clone encryption method and device for electronic product |
| CN106203134A (en) * | 2016-06-30 | 2016-12-07 | 珠海智融科技有限公司 | Anti-brush machine system and method based on hardware encryption |
| CN106897640A (en) * | 2015-12-18 | 2017-06-27 | 深圳市振华微电子有限公司 | The computer encryption lock of effective separation |
| CN107967413A (en) * | 2017-11-28 | 2018-04-27 | 深圳进化动力数码科技有限公司 | Software enciphering method and device |
| CN110135199A (en) * | 2019-05-09 | 2019-08-16 | 中国电子科技集团公司第五十八研究所 | Safety general Digital Signal Processing dsp chip |
| CN111881488A (en) * | 2020-08-03 | 2020-11-03 | 浙江大学 | Hardware encryption system and method for unmanned aerial vehicle flight control system |
| CN112100692A (en) * | 2020-09-18 | 2020-12-18 | 北京国科环宇科技股份有限公司 | Encryption method and encryption device for hardware module |
| CN117743061A (en) * | 2024-02-19 | 2024-03-22 | 四川天邑康和通信股份有限公司 | FTTR-based FPGA key wireless static test method, device, equipment and medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6356637B1 (en) * | 1998-09-18 | 2002-03-12 | Sun Microsystems, Inc. | Field programmable gate arrays |
| CN102339369A (en) * | 2011-08-18 | 2012-02-01 | 珠海天威技术开发有限公司 | MCU (Micro-programmed Control Unit) information protection method |
| CN102567671A (en) * | 2011-12-30 | 2012-07-11 | 大连捷成实业发展有限公司 | Encryption system and encryption method for field-programmable gate array (FPGA) configuration data |
| CN103198242A (en) * | 2013-04-02 | 2013-07-10 | 厦门亿联网络技术股份有限公司 | Method for encrypting through chip |
-
2014
- 2014-12-08 CN CN201410741935.5A patent/CN104463026B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6356637B1 (en) * | 1998-09-18 | 2002-03-12 | Sun Microsystems, Inc. | Field programmable gate arrays |
| CN102339369A (en) * | 2011-08-18 | 2012-02-01 | 珠海天威技术开发有限公司 | MCU (Micro-programmed Control Unit) information protection method |
| CN102567671A (en) * | 2011-12-30 | 2012-07-11 | 大连捷成实业发展有限公司 | Encryption system and encryption method for field-programmable gate array (FPGA) configuration data |
| CN103198242A (en) * | 2013-04-02 | 2013-07-10 | 厦门亿联网络技术股份有限公司 | Method for encrypting through chip |
Non-Patent Citations (1)
| Title |
|---|
| 易威等: "基于 1 - Wire 安全器件的单片机加密认证系统", 《电子科技》 * |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105512574A (en) * | 2015-12-08 | 2016-04-20 | 李灵超 | Anti-clone encryption method and device for electronic product |
| CN106897640A (en) * | 2015-12-18 | 2017-06-27 | 深圳市振华微电子有限公司 | The computer encryption lock of effective separation |
| CN106203134A (en) * | 2016-06-30 | 2016-12-07 | 珠海智融科技有限公司 | Anti-brush machine system and method based on hardware encryption |
| CN107967413A (en) * | 2017-11-28 | 2018-04-27 | 深圳进化动力数码科技有限公司 | Software enciphering method and device |
| CN110135199A (en) * | 2019-05-09 | 2019-08-16 | 中国电子科技集团公司第五十八研究所 | Safety general Digital Signal Processing dsp chip |
| CN111881488A (en) * | 2020-08-03 | 2020-11-03 | 浙江大学 | Hardware encryption system and method for unmanned aerial vehicle flight control system |
| CN111881488B (en) * | 2020-08-03 | 2024-03-29 | 浙江大学 | Hardware encryption system and method for unmanned aerial vehicle flight control system |
| CN112100692A (en) * | 2020-09-18 | 2020-12-18 | 北京国科环宇科技股份有限公司 | Encryption method and encryption device for hardware module |
| CN117743061A (en) * | 2024-02-19 | 2024-03-22 | 四川天邑康和通信股份有限公司 | FTTR-based FPGA key wireless static test method, device, equipment and medium |
| CN117743061B (en) * | 2024-02-19 | 2024-05-10 | 四川天邑康和通信股份有限公司 | FTTR-based FPGA key wireless static test method, FTTR-based FPGA key wireless static test device, FTTR-based FPGA key wireless static test equipment and medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104463026B (en) | 2017-11-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104463026A (en) | System and method for hardware anti-copying board | |
| US20130086385A1 (en) | System and Method for Providing Hardware-Based Security | |
| US20190253417A1 (en) | Hardware device and authenticating method thereof | |
| US8677144B2 (en) | Secure software and hardware association technique | |
| CN101183413B (en) | Architecture of trusted platform module and method for providing service thereof | |
| CN102063591B (en) | Methods for updating PCR (Platform Configuration Register) reference values based on trusted platform | |
| JP6585072B2 (en) | Safe reading of data into non-volatile memory or secure elements | |
| US10430593B2 (en) | Boot images for units under test | |
| CN103778374A (en) | Trusted terminal, double-channel card, anti-cloning chip, chip fingerprint and channel attack resistance method | |
| CN103988185A (en) | Secure replay protected storage | |
| CN205540702U (en) | Electronic equipment | |
| CN101983375A (en) | Binding a cryptographic module to a platform | |
| CN101968834A (en) | Encryption method and device for anti-copy plate of electronic product | |
| CN107408191A (en) | Automated manufacturing system and its manufacture method with safety adapter mechanism | |
| CN102111753A (en) | Mobile phone software encryption method | |
| CN111160879A (en) | Hardware wallet and security improving method and device thereof | |
| CN114785503B (en) | Cipher card, root key protection method thereof and computer readable storage medium | |
| US10764734B2 (en) | Service operation management using near-field communications | |
| CN104778383A (en) | Hardware encrypting method for blade server management daughter card based on homemade processor | |
| CN104281415A (en) | Data processing method and device for air conditioner | |
| CN111093190B (en) | Method, device, system, electronic equipment and storage medium for writing key data | |
| CN104537283A (en) | Software licensing control device based on network | |
| CN101950345B (en) | Hardware decryption-based high-reliability terminal equipment and working method thereof | |
| EP3460705B1 (en) | Distributed deployment of unique firmware | |
| EP2575068A1 (en) | System and method for providing hardware-based security |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address |
Address after: 518055 1407 floor, 14 floor, Fuguang business building, 1 Nanshan District Road, Taoyuan, Shenzhen, Guangdong Patentee after: Shenzhen Bureau of Polytron Technologies Inc Address before: 518067 Room 301, B building, No.1 business building, six industrial road, Nanshan District, Shenzhen, Guangdong. Patentee before: Shenzhen Zhongke Xunlian Technology Co., Ltd |
|
| CP03 | Change of name, title or address | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20210413 Address after: 430000 building 01, building 15, optical valley wisdom Park, No.7, financial port 1st Road, Donghu New Technology Development Zone, Wuhan City, Hubei Province Patentee after: Wuhan ruinajie Semiconductor Co.,Ltd. Address before: 518055 1407 floor, 14 floor, Fuguang business building, 1 Nanshan District Road, Taoyuan, Shenzhen, Guangdong Patentee before: SHENZHEN ZHONGKE XUNLIAN TECHNOLOGY Co.,Ltd. |
|
| TR01 | Transfer of patent right |