CN105159611B - A kind of microcontroller chip with data pick-up encryption function - Google Patents
A kind of microcontroller chip with data pick-up encryption function Download PDFInfo
- Publication number
- CN105159611B CN105159611B CN201510551775.2A CN201510551775A CN105159611B CN 105159611 B CN105159611 B CN 105159611B CN 201510551775 A CN201510551775 A CN 201510551775A CN 105159611 B CN105159611 B CN 105159611B
- Authority
- CN
- China
- Prior art keywords
- data
- piece
- conversion unit
- microcontroller chip
- memory cell
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The present invention relates to a kind of microcontroller chip with data pick-up encryption function, the random access nonvolatile storage of one low capacity of the built-in chip type, while there is the outer nonvolatile storage access interface of piece.In use, the data conversion unit that the microcontroller chip embeds can will be divided into two parts after code and critical data full text correlative transformation, it is respectively stored in piece and the outer non-volatile memory of piece.Wherein, again two parts data aggregate is recovered to use by data conversion unit during reading.Due to the code that stores outside piece and data by conversion and data it is imperfect, therefore can not be stolen or unauthorized access.Present invention effectively prevents when existing Embedded System Code and external critical data; data are by the risk of unauthorized access; risk introduced when high operand cost and the key transmission of conventional encryption algorithm is reduced simultaneously, and a kind of data protection solution of high efficiency low cost is provided for embedded system.
Description
Technical field
The present invention relates to semiconductor chip field, more particularly to a kind of microcontroller with data pick-up encryption function
Chip.
Background technology
Embedded system is application-centered, based on computer technology, hardware and software can cut, adapt to using system
The dedicated computer system that system is strict with to function, reliability, cost, volume, power consumption.With the hair at full speed of embedded technology
Exhibition, embedded product are widely used to Industry Control, traffic administration, information household appliances, furniture intelligent management system, POS
(Point of Sale, point-of-sale terminal) every field such as network and ecommerce.However as the fast development of information technology,
Safety management of the consumer to embedded system proposes higher requirement.Therefore, embedded system storage information how is realized
Non-proliferation, Anti-theft, anti-crack so as to realize that the safety management of embedded system tool is of great significance.
Traditional embedded device typically adds the framework of nonvolatile storage using microcontroller, and system code is with plaintext shape
Formula is stored in nonvolatile storage, and is conducted interviews with unified interface sequence.When third party obtains the non-of embedded system
It is very easy to obtain during volatile memory and cracks the relevant information of the embedded system, on the one hand can not protects independent development
Software Intellectual Property Rights, it is replicated with extremely low cost can;On the other hand, easy quilt after the critical data stored is cracked
It is illegal to use.Start built-in non-volatile memory technology in spite of substantial amounts of microcontroller products to protect code and critical data,
But the cost of embedded storage is high, and population size is smaller, particularly smart machine needs complicated software and operating system
Environment, therefore in many application scenarios, still have to code being stored in the nonvolatile storage outside piece.With plaintext version
There is great information security hidden danger in the embedded system of storage system code, complicated if with ciphertext form storage system code
AES greatly reduce the runnability of system, once and key and AES it is compromised, criminal is still
The access content of data can be obtained by intercepting and capturing the interface sequence outside microcontroller and piece between nonvolatile storage.
Therefore, in embedded technology and information security technology rapid development instantly, how to realize that embedded system stores
The non-proliferation of information, Anti-theft, it is anti-crack so as to realize the safety management of embedded system, turn into embedded system practitioner urgently
The problem of to be solved.
The content of the invention
In view of the above the shortcomings that prior art, it is an object of the invention to provide one kind to have data pick-up encryption work(
The microcontroller chip of energy, for solving the safety problem of embedded system storage information management in the prior art.
In order to achieve the above objects and other related objects, the present invention provides a kind of micro-control with data pick-up encryption function
Device chip processed, including at least volatile memory cells in nonvolatile memory cell in computing unit, data conversion unit, piece and piece,
Computing unit in non-volatile memory and piece outside non-volatile memory, can also be accessed in addition to it directly can access piece by data conversion unit
The outer nonvolatile storage of piece, data conversion unit can will be divided into two parts after code and critical data full text correlative transformation, point
It is not stored in piece and the outer non-volatile memory of piece, recovers to make by two parts data aggregate by data conversion unit again during reading
With.
Preferably, data conversion unit, volatile memory cells and computing unit totally one high speed parallel bus in piece, and piece
Interior nonvolatile memory cell is connected with data conversion unit by single bus, to avoid long access from reducing the property of system
Energy.
The data conversion unit has the conversion of full text associated data and data inverse transformation function, can be by specified block size
Data be associated conversion, data volume is constant before and after conversion, though full text correlative transformation algorithm ensure data before conversion only
The difference for having a byte also leads to the change of total data after conversion.
Preferably, high-speed SRAM data block buffer built in data conversion unit, data transformation procedure is in SRAM (Static
Random Access Memory, static RAM) in carry out parallel, convert the data finished and pass through a DMA
Volatile storage is single in the piece that (Direct Memory Access, direct memory access) operation transmission can access to computing unit
For use in member.
Described interior nonvolatile memory cell supports byte level random access, or supports the data less than 512 bytes
Block access, and renewal in situ is supported in data write-in, it is not necessary to erasing in advance.
Preferably, described interior nonvolatile memory cell is using phase change memory (PCRAM), resistance-change memory (ReRAM), ferroelectricity
Store the novel embedded non-volatile random storage technology such as (FeRAM), magnetic storage (MRAM or STT-MRAM) to realize, these storages
Technology is respectively provided with higher random access performance and non-volatile characteristic, has to the runnability of the microcontroller and greatly carries
Rise.
When chip is in data unbundling model, computing unit must access non-volatile memory in piece by data conversion unit
Unit and the outer nonvolatile memory cell of piece, the read-write of data are carried out with fixed block size.
Wherein writing data procedures is:
A) data block to be written is subjected to full text correlative transformation;
B) data of quantification are decoupled from transformation results data;
C) by correspondence position in nonvolatile memory cell in the data write-in piece of partition;
D) Data Position being split in transformation results data is backfilled to using random number or fixed data, and is stored in outside piece
In nonvolatile storage.
Reading data course is:
E) nonvolatile storage correspondence position reads data block outside piece, in being buffered in piece;
F) out of piece in nonvolatile memory cell correspondence position read quantification partition data, according to write-in when one
The principle of cause inserts correct position in data block by data are decoupled;
G) by data block inverse transformation, data clear text is recovered;
H) address will be specified in nonvolatile memory cell in clear data DMA transfer to piece, completes read operation.
As described above, the application method of the embedded system with data fractionation function of the present invention, has beneficial below
Effect:
A kind of microcontroller chip with data pick-up encryption function proposed by the present invention, by being associated in full to data
Conversion, after mode that data are fixed decouples, obtains small one and large one two datasets, wherein the data composition small data decoupled
Collection, and remaining data form large data sets after backfill.Only large data sets are stored in the memory outside piece, therefore even if
The data due to information and imperfect, therefore can not be reverted in plain text by unauthorized access.Associated in full because data convert, because
Access behavior when this also is difficult to run by microcontroller speculates the data content being split.This change scaling method avoids biography
The complicated encryption and decryption of system calculates, and not only reduces chip cost, while also significantly increases data conversion efficiency, due to not relating to
And the key of encryption, therefore, the stolen caused risk of key is avoided from principle.The present invention effectively overcomes existing insertion
Various shortcoming in the information security management of formula system, carried for embedded system non-proliferation, Anti-theft, the anti-information security cracked
For a kind of safe and easy-to-use new method, so as to the intellectual property protection for embedded system, critical data protection and safety
Operation provides height safeguard function.
Brief description of the drawings
Fig. 1 is shown as the structural representation of the embedded system that there are data to split function of the present invention;
Fig. 2 is shown as the schematic flow sheet of the embedded system write-in data that there are data to split function of the present invention;
Fig. 3 is shown as the schematic flow sheet of the embedded system reading data that there are data to split function of the present invention;
Wherein, 1- has the embedded system of data partition function, 11- microcontrollers, 111- computing units, 112- numbers
According to nonvolatile storage, 21 outside nonvolatile memory cell in volatile memory cells in converter unit, 113- pieces, 114- pieces, 12- pieces
The step of~25- writes the step of data, 31~34- reads data.
Embodiment
Illustrate embodiments of the present invention below by way of specific instantiation, those skilled in the art can be by this specification
Disclosed content understands other advantages and effect of the present invention easily.The present invention can also pass through specific realities different in addition
The mode of applying is embodied or practiced, the various details in this specification can also be based on different viewpoints with application, without departing from
Various modifications or alterations are carried out under the spirit of the present invention.
Refer to accompanying drawing 1~3.It should be noted that the diagram provided in the present embodiment only illustrates this in a schematic way
The basic conception of invention, the component relevant with the present invention is only shown in schema then rather than according to package count during actual implement
Mesh, shape and size are drawn, and kenel, quantity and the ratio of each component can be a kind of random change during its actual implementation, and its
Assembly layout kenel may also be increasingly complex.
Embodiment 1:
As shown in Figure 1, a kind of microcontroller with data partition function of present invention offer is applied to embedded system
1, the embedded system 1 comprises at least:
Microcontroller 11 and the outer nonvolatile storage 12 of piece, the microcontroller 11 includes computing unit 111, data become
Change unit 112, volatile memory cells 113 and piece inner nonvolatile memory 114 in piece.
The computing unit 111 connect described interior volatile memory cells 113, described inner nonvolatile memory 113 with
And described outer nonvolatile storage 12, detach Information Number for the data in described interior volatile memory 112 to be split into
According to and main information data after storage arrive described inner nonvolatile memory 113 and described outer nonvolatile storage 12, or
Information data and main information number will be detached in described inner nonvolatile memory 113 and described outer nonvolatile storage 12
Described interior volatile memory 112 is arrived according to storage after merging decryption.
Described interior volatile memory 113 be connected to the computing unit 111, described inner nonvolatile memory 114 and
Described outer nonvolatile storage 12, for storage running code and critical data, is realized in described by described 111 control
Data transfer between volatile memory 112 and described inner nonvolatile memory 113 and described outer nonvolatile storage 12.
Described inner nonvolatile memory 113 is connected to the control module 111 and described interior volatile memory 112,
Realized by the control of the control module 111 between described inner nonvolatile memory 113 and described interior volatile memory 112
Data transfer.
Described outer nonvolatile storage 12 is connected to the data conversion unit 112 and described interior volatile memory
113, realized described outer nonvolatile storage 12 and described interior volatile memory by the control of the data conversion unit 112
Data transfer between 113.
Specifically, the information data that detaches is that the data for being written into described outer nonvolatile storage 12 are based on into data
Information, the respective point that block is split for the data obtained after unit progress full text correlative transformation when detaching information data described in acquisition
Position, length and transformation parameter are the data of key parameter.
Specifically, data full text correlative transformation operation is all in can using by the way of iteration XOR to block of plaintext data
Deblocking order is carried out, to ensure that the change of any one byte influences whether total data.A kind of enhanced CBC (encryptions
Data block is fed back) chain type encryption mode, the relevance between data is enhanced, XOR is participated in because the 1st, 2 data block lacks
Data clear text and ciphertext, in program realization, initial vector IV 1, IV2 and IV3 are set, is added with starting the chain type of positive-going transition
Close pattern, wherein IV1, IV2 and IV3 are generated at random by program.The algorithmic transformation and contravariant scaling method are symmetrical, and when minimum
Clock is completed parallel in the cycle.Wherein deblocking scheme can be set according to real resource situation.
Specifically, the main information data are that the data for being written into described outer nonvolatile storage 12 are based on into data
The random-length word that block is split for the data obtained after unit progress full text correlative transformation when detaching information data described in acquisition
The data opposite position of joint number carries out the corresponding data that random scrambler backfill is obtained.
Specifically, the data in described interior volatile memory 112 are split into units of data block and detaches Information Number
According to and main information data, and separate and write in different storage medium, i.e., described in detach information data write it is non-in described
In volatile memory 114, the main information data are write in described outer nonvolatile storage 12.
Embodiment 2:
As shown in accompanying drawing 1~3, the present invention provides a kind of application method for the embedded system that function is split with data,
Including procedure below:
As shown in Figure 1, will be volatile in piece in units of data block based on data conversion unit 112 when writing data
The data of operation, which are split into, in memory 113 detaches information data and main information data, and is stored in non-volatile in piece deposit respectively
In reservoir 114 and the outer nonvolatile storage 12 of piece.
Specifically, the information data that detaches is that the data for being written into described outer nonvolatile storage 12 are based on into data
Information, the respective point that block is split for the data obtained after unit progress full text correlative transformation when detaching information data described in acquisition
Position, length and transformation parameter are the data of key parameter.
Specifically, the main information data are that the data for being written into described outer nonvolatile storage 12 are based on into data
The random-length word that block is split for the data obtained after unit progress full text correlative transformation when detaching information data described in acquisition
The data opposite position of joint number carries out the corresponding data that random scrambler backfill is obtained.
As shown in Figure 2, specifically, the process for writing data comprises the following steps:
21) data for being written into described outer nonvolatile storage 12 are carried out into association in full in units of data block to become
Change.
22) data obtained based on the correlative transformation decouple the data of random-length byte in units of data block, obtain
Obtain and accordingly detach information data.
23) information data will be detached described in partition gained and is sequentially written in described inner nonvolatile memory by logical block number (LBN)
114。
24) the random-length byte number for being split the correlative transformation the data obtained data opposite position carry out with
Machine scrambler backfills, and obtains corresponding main information data.
25) the main information data are sequentially written in described outer nonvolatile storage 12 by logical block number (LBN).
As shown in Figure 1, when reading data, based on the data conversion unit 112 by described interior non-volatile memory
Device 114 and described outer memory storage of nonvolatile storage 12 detach information data and main information data merge decryption, and deposit
Enter described interior volatile memory 113.
As shown in Figure 3, specifically, the process for reading data comprises the following steps:
31) data conversion unit 112 reads the corresponding main information data in described outer nonvolatile storage 12
Enter described interior volatile memory 112.
32) information data is detached described in the auto-associating of data conversion unit 112.
33) data conversion unit 112 will be stored in described inner nonvolatile memory 114 and accordingly detach information
Data read in described interior volatile memory 113.
34) data conversion unit 112 in the described interior volatile memory 113 based on corresponding main information data and
Detach information data and carry out restoring transformation, so as to corresponding data before being split.
In summary, the present invention provides a kind of application method for the embedded system that function is split with data, passes through number
Storage is efficiently separated according to what embedded system institute data storage was realized in partition;Embedded system nonvolatile storage to outside piece writes number
According to when will be written into units of data block and split into main information data after data are based on full text correlative transformation and detach information
Data, and by main information data and detach information data and be respectively written into different storage mediums, realize the safety of file data
Efficiently separate storage;Embedded system must be based on main information data and detach the operations such as information data association, inverse transformation
The read operation to institute's data storage in chip external memory can be achieved.The present invention effectively overcomes the information of existing embedded system
Various shortcoming in safety management, for embedded system non-proliferation, Anti-theft, the anti-information security cracked provides it is a kind of safely and
Easy-to-use new method, so as to provide height safeguard function for embedded system.So the present invention effectively overcomes prior art
In various shortcoming and have high industrial utilization.
The above-described embodiments merely illustrate the principles and effects of the present invention, not for the limitation present invention.It is any ripe
Know the personage of this technology all can carry out modifications and changes under the spirit and scope without prejudice to the present invention to above-described embodiment.Cause
This, those of ordinary skill in the art is complete without departing from disclosed spirit and institute under technological thought such as
Into all equivalent modifications or change, should by the present invention claim be covered.
Claims (7)
- A kind of 1. microcontroller chip with data pick-up encryption function, including at least computing unit, data conversion unit, piece Volatile memory cells in interior nonvolatile memory cell and piece, it is characterised in that computing unit is non-volatile in addition to it directly can access piece In storage and piece outside non-volatile memory, also nonvolatile storage outside piece, data conversion unit can be accessed by data conversion unit Two parts can will be divided into after code and critical data full text correlative transformation, be respectively stored in piece and the outer non-volatile memory of piece, Again two parts data aggregate is recovered to use by data conversion unit during reading;The data conversion unit has the conversion of full text associated data and data inverse transformation function, can be by the number of specified block size According to conversion is associated, data volume is constant before and after conversion, even if full text correlative transformation algorithm ensures data only one before conversion The difference of individual byte also leads to the change of total data after conversion.
- A kind of 2. microcontroller chip with data pick-up encryption function according to claim 1, it is characterised in that:Institute State nonvolatile memory cell in piece and support byte level random access, or support the data block access less than 512 bytes, and data are write Enter and support renewal in situ, it is not necessary to erasing in advance.
- A kind of 3. microcontroller chip with data pick-up encryption function according to claim 1, it is characterised in that:When Chip is in data unbundling model, and computing unit must be accessed in piece by data conversion unit outside nonvolatile memory cell and piece Nonvolatile memory cell, the read-write of data are carried out with fixed block size.
- A kind of 4. microcontroller chip with data pick-up encryption function according to claim 1, it is characterised in that:Institute State nonvolatile memory cell in piece and use phase change memory, resistance-change memory, ferroelectricity storage or magnetic storage.
- A kind of 5. microcontroller chip with data pick-up encryption function according to claim 3, it is characterised in that:Place Under the pattern, after computing unit writes data command to data conversion unit to transmission, data conversion unit performs following behaviour Make,A) data block to be written is subjected to full text correlative transformation;B) data of quantification are decoupled from transformation results data;C) by correspondence position in nonvolatile memory cell in the data write-in piece of partition;D) Data Position being split in transformation results data is backfilled to using random number or fixed data, and is stored in non-easy outside piece Lose in memory.
- A kind of 6. microcontroller chip with data pick-up encryption function according to claim 3, it is characterised in that:Place Under the pattern, after computing unit reads data command to data conversion unit to sending, data conversion unit performs following behaviour Make,E) nonvolatile storage correspondence position reads data block outside piece, in being buffered in piece;F) out of piece in nonvolatile memory cell correspondence position read quantification partition data, according to write-in when it is consistent Principle inserts correct position in data block by data are decoupled;G) by data block inverse transformation, data clear text is recovered;H) clear data DMA is transmitted into nonvolatile memory cell in piece and specifies address, complete read operation.
- A kind of 7. microcontroller chip with data pick-up encryption function according to claim 3, it is characterised in that:Point Tear data volume open and account for data block ratio within 10%.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510551775.2A CN105159611B (en) | 2015-09-01 | 2015-09-01 | A kind of microcontroller chip with data pick-up encryption function |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510551775.2A CN105159611B (en) | 2015-09-01 | 2015-09-01 | A kind of microcontroller chip with data pick-up encryption function |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105159611A CN105159611A (en) | 2015-12-16 |
| CN105159611B true CN105159611B (en) | 2018-04-06 |
Family
ID=54800485
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510551775.2A Active CN105159611B (en) | 2015-09-01 | 2015-09-01 | A kind of microcontroller chip with data pick-up encryption function |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105159611B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111488114B (en) * | 2019-01-28 | 2021-12-21 | 北京灵汐科技有限公司 | Reconfigurable processor architecture and computing device |
| CN110968544B (en) * | 2019-11-22 | 2021-10-08 | 华中科技大学 | SoC storage system based on embedded spin transfer torque magnetic random access memory |
| CN112464499B (en) * | 2020-12-24 | 2023-05-26 | 芯天下技术股份有限公司 | Nonvolatile chip erasing data checking method and device, storage medium and terminal |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101799789A (en) * | 2009-02-05 | 2010-08-11 | 新唐科技股份有限公司 | Chip, memory data protecting device thereof and memory data protecting method thereof |
| CN104376275A (en) * | 2014-12-05 | 2015-02-25 | 中国科学院上海微系统与信息技术研究所 | Application method of handheld device with data splitting and encrypting functions |
| CN104392178A (en) * | 2014-12-05 | 2015-03-04 | 中国科学院上海微系统与信息技术研究所 | Using method of embedded system with data splitting and encrypting function |
-
2015
- 2015-09-01 CN CN201510551775.2A patent/CN105159611B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101799789A (en) * | 2009-02-05 | 2010-08-11 | 新唐科技股份有限公司 | Chip, memory data protecting device thereof and memory data protecting method thereof |
| CN104376275A (en) * | 2014-12-05 | 2015-02-25 | 中国科学院上海微系统与信息技术研究所 | Application method of handheld device with data splitting and encrypting functions |
| CN104392178A (en) * | 2014-12-05 | 2015-03-04 | 中国科学院上海微系统与信息技术研究所 | Using method of embedded system with data splitting and encrypting function |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105159611A (en) | 2015-12-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP7225220B2 (en) | Storage data encryption/decryption device and method | |
| CN104160407B (en) | Using storage control EBI guaranteeing the data transmission security between storage device and main frame | |
| CN102073808B (en) | Method for encrypting and storing information through SATA interface and encryption card | |
| TWI609289B (en) | A low-overhead cryptographic method,system,and processor for providing memory confidentiality,integrity and replay protection | |
| CN102419807A (en) | Secure erase system for a solid state non-volatile memory device | |
| CN102737270B (en) | A kind of bank intelligent card chip secure coprocessor based on domestic algorithm | |
| CN102436423B (en) | Controller and method for protecting NorFlash core data outside universal sheet | |
| CN105159611B (en) | A kind of microcontroller chip with data pick-up encryption function | |
| CN103389963A (en) | Embedded system controller | |
| CN108139984A (en) | Secure subsystem | |
| CN104391770B (en) | The on-line debugging of a kind of embedded data security system SOC and Upper machine communication module | |
| CN101086718A (en) | Memory system | |
| CN106991061A (en) | A kind of SATA hard disc crypto module and its method of work | |
| CN104463020A (en) | Method for protecting data integrity of memory | |
| CN102750982A (en) | Burning method and system of encrypted memory chip | |
| CN105574442B (en) | PUF circuits and on piece store encrypting and decrypting circuit | |
| CN103020551B (en) | A kind of memory architecture | |
| CN104268483A (en) | Data protecting system, device and method | |
| CN102307090B (en) | Elliptic curve password coprocessor based on optimal normal basis of II-type | |
| CN204669402U (en) | A kind of cloud data message encrypting and decrypting system based on USB flash disk | |
| CN104392178B (en) | A kind of application method for the embedded system that encryption function is split with data | |
| CN104539417A (en) | Encryption device based on stream ciphers | |
| CN103020535B (en) | A kind of data encrypting and deciphering system with comparing function | |
| CN103413164B (en) | A kind of method for realizing data encrypting and deciphering function with embedded programmable logic gate array in intelligent card chip | |
| CN205302294U (en) | Embedded system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20230505 Address after: Floor 11-567, Building 15, International Car City, No. 309 Green Valley Avenue, Nanmingshan Street, Liandu District, Lishui City, Zhejiang Province, 323000 Patentee after: Lishui Zhixing Technology Co.,Ltd. Address before: Room 506, Building 6, No. 6 Suyuan Road, Nanjing City, Jiangsu Province, 210023 Patentee before: NANJING WUAN INFORMATION TECHNOLOGY Co.,Ltd. |