CN108388817A - The method of read write chip identifier through encrypting - Google Patents
The method of read write chip identifier through encrypting Download PDFInfo
- Publication number
- CN108388817A CN108388817A CN201810093997.8A CN201810093997A CN108388817A CN 108388817 A CN108388817 A CN 108388817A CN 201810093997 A CN201810093997 A CN 201810093997A CN 108388817 A CN108388817 A CN 108388817A
- Authority
- CN
- China
- Prior art keywords
- identifier
- chip
- encrypted
- data
- written
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/73—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by creating or determining hardware identification, e.g. serial numbers
Abstract
The present invention provides a kind of method of read write chip identifier through encrypting, including:Chip identifier is obtained, chip identifier includes at least the first identifier symbol arranged in a predetermined order and second identifier symbol;Operation is encrypted by SM4 in chip identifier, is obtained through the encrypted chip identifiers of SM4;It will be written in the setting address in the OTP register of chip through the encrypted chip identifiers of SM4;When will the middle reading data out of OTP register setting address when, data are obtained from OTP register;Operation is encrypted by SM4 in the data of acquisition, is obtained through the encrypted reading data of SM4;It provides through the encrypted reading data of SM4.By making, chip identifier includes at least first identifier symbol to the method for read write chip identifier through encrypting provided by the invention and second identifier accords with, and first identifier symbol is obtained according to the logical value of chip particular mask layer pattern, unique chip identifier can be obtained by being achieved in OTP register, and be difficult to inversely to be cracked and bootlegging.
Description
Technical field
The present invention relates to technical field of semiconductors more particularly to a kind of methods of read write chip identifier through encrypting.
Background technology
More and more extensive with Embedded Application, the safety of chip product also becomes more and more important.On the one hand be for
Protection hardware design, still further aspect are prevented also for the safety of product itself by hacker attack (HACKED).In order to protect
The data in chip are protected, portion provides a kind of special register in the chip for more and more manufacturers:OTP register (One
Time Programmable, one time programming register).OTP register is that every information is all one-time write, can not be weighed
It writes, data are not lost in power down, can read data repeatedly.
Chip identifier Chip ID, also known as equipment unique identifier Device Unique Keys, are chip securities
Core technology inversely can not be decrypted or be reused.
In order to realize " core one is different " --- all different per chips, the core of chip identifier is to identify unique
Property.Chip identifier has uniqueness and unmodifiable requirement, so OTP register is generally used to realize at present.It is real
Existing mechanism includes eFuse/AntiFuse devices, and the write-in of current Chip ID and reading method are as shown in Figure 1:
It is step S101 first, setting Chip ID;
Followed by step S102, the Chip ID of setting are written to OTP register;
Then step S103 reads the Chip ID of setting from OTP register when needing to read Chip ID;
Final step S104, user obtain the Chip ID of the setting read from OTP register.
The Chip ID of setting, which are written to OTP register, in usual step S102 is realized using electrical fuse e-Fuse
, when produced from silicon chip, all chips are all similarly to be worth, such as 16 0x0, as the Chip setting
After when ID is written to OTP register, the value of chip can make the Chip ID of setting into, for example 16 0x1, last
Position changes, and the value that final system is read is exactly the Chip ID set in step 101.Although the outside of this process chips
Do not change, but since e-Fuse is bigger to the physical influence of chip, if this chips dissection and analysis, is just easy to
It was found that the position rewritten, can be easy to conversed analysis with light microscope and crack these Chip ID.It can certainly be not being written
The chip (corresponding ID is 0x0) of the Chip ID set is rewritten as 0x1, realizes duplicate copy.Thus to the safety of product itself
Property causes prodigious threat.
Invention content
The present invention provides a kind of side of read write chip identifier through encrypting to overcome the problems of the above-mentioned prior art
Method, by making chip identifier include at least first identifier symbol and second identifier symbol, and first identifier symbol is covered according to chip is specific
The logical value of mold layer figure obtains, and unique chip identifier can be obtained by being achieved in OTP register, and is difficult to reverse
It cracks and bootlegging.SM4 algorithms generate identifier and meet national safety standard, support password password management.In generating process
It is conducive to parallel iteration after grouping to calculate, using hardware circuit advantage, improves operational performance.
According to an aspect of the present invention, a kind of method of read write chip identifier through encrypting is provided, including:Obtain chip mark
Know symbol, the chip identifier includes at least the first identifier symbol arranged in a predetermined order and second identifier symbol, first mark
Know symbol and is obtained by reading the logical value of the particular mask layer pattern of chip;Fortune is encrypted by SM4 in the chip identifier
It calculates, obtains through the encrypted chip identifiers of the SM4;It will be written to chip through the encrypted chip identifiers of the SM4
In setting address in OTP register, the setting address includes at least the first address field and correspondence of corresponding first identifier symbol
Second indicates the second address field of symbol, the clooating sequence and the first identifier of first address field and second address field
Symbol is identical with the clooating sequence that second identifier accords with;When will the middle reading data out of the OTP register setting address when, by institute
The sequence for stating the first address field and second address field obtains data from the OTP register;By the data of the acquisition
Operation is encrypted by SM4, obtains through the encrypted reading data of the SM4;It provides through the encrypted reading numbers of the SM4
According to.
Optionally, the chip identifier being written into OTP register, operation is encrypted by SM4, obtain through
The step of SM4 encrypted chip identifier further includes:The chip identifier is extended to and waits for operation field groups, it is described
Wait for that the number of bits summation of operation field groups is 16 integral multiple;It waits for that operation is encrypted by SM4 in operation field groups to described, obtains
To through the encrypted chip identifiers of the SM4.
Optionally, described to wait for that operation field groups include:First field, first field are written to OTP for described in and post
Chip identifier in storage;Second field is next to first field, and the bit length of second field is 1, and should
Filling 1 is used as stop position in bit;Third field, is next to second field, and the third field is filling field, institute
It is 0 to state each bit in filling field and fill out.
Optionally, operation is encrypted by SM4 in the data by the acquisition, obtains through the encrypted reading numbers of the SM4
According to further including:By mode identical with the chip identifier being written in OTP register, the data of the acquisition are expanded
Exhibition is to wait for operation field groups;It waits for that operation is encrypted by SM4 in operation field groups to described, obtains through the encrypted readings of the SM4
Access evidence.
Optionally, it is described by the setting being written to through the encrypted chip identifiers of the SM4 in the OTP register
Step in location further includes:If the bit length of the data obtained after SM4 encryptions is accorded with more than or equal to the first identifier
Bit length take low N bits to be accorded with as corresponding first identifier then in the obtained data after SM4 encryptions
First data are written in the OTP register in the first address field, wherein the N is the bit long of first identifier symbol
Degree;In first data, low N is taken1A bit is written to the OTP as the second data of corresponding second identifier symbol and posts
In the second address field in storage, wherein the N1For the bit length of second identifier symbol.
Optionally, it is described by the setting being written to through the encrypted chip identifiers of the SM4 in the OTP register
Step in location further includes:If the bit length of the data obtained after SM4 encryptions is less than the ratio of first identifier symbol
Bit length, then by the one or more intermediate data generated during the cryptographic calculation of SM4 with obtain after SM4 encryptions
Data splicing is until the bit length of spliced data is more than or equal to the bit length of first identifier symbol;After splicing
Data in, take low N bits to be written to the first ground in the OTP register as the first data of corresponding first identifier symbol
In the section of location, wherein the N is the bit length of first identifier symbol;In first data, low N is taken1A bit is made
The second data for corresponding second identifier symbol are written in the second address field in the OTP register, wherein the N1For institute
State the bit length of second identifier symbol.
Optionally, the first identifier symbol is identifier set by manufacturer, and the second identifier symbol is mark set by user
Know symbol.
Optionally, described that operation is encrypted by SM4 in the chip identifier, it obtains through the encrypted cores of the SM4
It is described to be written in the OTP register of chip through the encrypted chip identifiers of the SM4 after the step of piece identifier
Before step in setting address, further include:Detect whether the setting address in the OTP register is programmed to be written;
If detecting, the setting address was not yet programmed into, continue to execute it is described will be through the encrypted chip marks of the SM4
Know the step that symbol is written in the setting address in the OTP register;If detecting the programmed write-in of the setting address
It crosses, then not executing described will be written to through the encrypted chip identifiers of the SM4 in the setting address in the OTP register
The step of, and report an error.
Optionally, the OTP register is the OTP register of any one following type:Blow type, fusing type, electronics
Fuse-type, anti-fuse type OTP register.
Optionally, the electrical fuse type OTP register includes coupled capacitor type, series crystal type and dielectric breakdown
The electrical fuse type register of type.
The method of read write chip identifier through encrypting provided by the invention has following advantage:
1) by making chip identifier include at least first identifier symbol and second identifier symbol, and first identifier symbol is according to chip
The logical value of particular mask layer pattern obtains, and unique chip identifier can be obtained by being achieved in OTP register, and is difficult to
It is inversely cracked and bootlegging;
2) SM4 algorithms generation identifier meets national safety standard, supports password password management.After being grouped in generating process
It is calculated conducive to parallel iteration, using hardware circuit advantage, improves operational performance;
3) in addition, by the intermediate data taken turns in Encryption Algorithm, in cascaded fashion, intermediate data and final number are realized more
According to splicing, with handle first identifier accord with the longer situation of bit length.Meanwhile the splicing of such embodiment is either final
Data or intermediate data, value are all unique and irreversible, therefore, can also be further increased by way of splicing final
Uniqueness and the safety of the first identifier symbol and second identifier symbol of acquisition.
Description of the drawings
Its example embodiment is described in detail by referring to accompanying drawing, above and other feature of the invention and advantage will become
It is more obvious.
Fig. 1 shows the flow chart of read-write chip identifier approach according to prior art.
Fig. 2 shows the flow charts of the method for read write chip identifier through encrypting according to the ... of the embodiment of the present invention.
Fig. 3 shows the flow chart of the method for the read write chip identifier through encrypting according to a specific embodiment of the invention.
Fig. 4 shows the schematic diagram of the method for the read write chip identifier through encrypting according to a specific embodiment of the invention.
Fig. 5 shows the schematic diagram of the encryption chip identifier of a specific embodiment of the invention.
Specific implementation mode
Example embodiment is described more fully with reference to the drawings.However, example embodiment can be with a variety of shapes
Formula is implemented, and is not understood as limited to example set forth herein;On the contrary, thesing embodiments are provided so that the disclosure will more
Fully and completely, and by the design of example embodiment comprehensively it is communicated to those skilled in the art.Described feature, knot
Structure or characteristic can be in any suitable manner incorporated in one or more embodiments.
In addition, attached drawing is only the schematic illustrations of the disclosure, it is not necessarily drawn to scale.Identical attached drawing mark in figure
Note indicates same or similar part, thus will omit repetition thereof.Some block diagrams shown in attached drawing are work(
Energy entity, not necessarily must be corresponding with physically or logically independent entity.Software form may be used to realize these work(
Energy entity, or these functional entitys are realized in one or more hardware modules or integrated circuit, or at heterogeneous networks and/or place
These functional entitys are realized in reason device device and/or microcontroller device.
The Encryption Algorithm of the read-write chip identifier of the present invention is realized based on SM4.Specifically, SM4 block ciphers
Algorithm is the algorithm that national Password Management office issued in 2012, is a kind of point of the non-equilibrium Feistel structures of iteration of 32 wheel
Group encryption algorithm, key length and block length are 128.The algorithm used in the encryption process of SM4 algorithms is complete
Identical, unique difference is that the decruption key of the algorithm is obtained after carrying out backward transformation by its encryption key.
The principle of SM4 Encryption Algorithm is described below:
Assuming that field m length is n-bit position, then following steps need to be executed by carrying out SM4 block ciphers to the field.
1) it fills:11 and multiple 0 are filled into the ends m first, the integral multiple that the message m after filling ' length is 16.
2) iteration:M' is grouped according to word for unit:X0, X1, X2, X3, round key is word rki(i=0,1 ..., 31),
Then round function F is:
F(X0,X1,X2,X3, rk) and=X0^T(X1^X2^X3^rk)
Wherein, T is an inverible transform, is combined by nonlinear transformation τ and linear transformation L.
τ is made of 4 parallel S boxes.If input is A=(a0,a1,a2,a3), it exports as B=(b0,b1,b2,b3), then
(b0,b1,b2,b3)=τ (A)=(Sbox (a0),Sbox(a1),Sbox(a2),Sbox(a3))
The output of nonlinear transformation τ is the input of linear transformation L.If input is B, export as C, then
C=L (B)=B^ (B<<<2)^(B<<<10)^(B<<<18)^(B<<<24)
Antitone mapping R is R (A0,A1,A2,A3)=(A3,A2,A1,A0) enciphering transformation is:
Xi+4=F (Xi,Xi+1,Xi+2,Xi+3,rki)=Xi^T(Xi+1^Xi+2^Xi+3^rki), i=0,1 ..., 31
(Y0,Y1,Y2,Y3)=R (X32,X33,X34,X35)=(X35,X34,X33,X32)
Round key is using sequence when encryption:(rk0,rk1,…,rk31)。
3) result:According to formula, 128 bit values of encrypted result are found out.
The purpose of the present invention is to provide a kind of methods of the read write chip identifier through encrypting based on SM4 so that Yong Huhe
Manufacturer can obtain unique chip identifier Chip ID using OTP register, and be difficult to inversely be cracked and illegally answer
System.
The present invention is by developing a kind of circuit layer design method, it is ensured that can be the configurable company of realization secure unique chip
It connects and is placed in specific via layer.The logical value of the through-hole layer pattern can correspond to initialization vector Initial Vector and make
It is accorded with for first identifier, which can be understood as " Quick Response Code ", can be by direct electronic beam writing technology specific one
Layer mask is realized, all different per chips.Similar to " Quick Response Code ", the figure of the corresponding reading via layer, throughhole portions and non-
It is 1 and 0 that throughhole portions, which distinguish value, can obtain corresponding Configuration Values with this, and obtain and lead to according to Configuration Values (binary number)
First identifier symbol of the logical value of the figure of aperture layer as the following each embodiments of the present invention.Electron-beam direct writing (Direct
Electron Writing) as chip identifier establishment and storage it is quite simple, convenient for produce in enormous quantities, and its identify
Indicate process safety..Electron-beam direct writing (Direct Electron Writing, DEWs) technology can meet such requirement.
So that chip identifier has uniqueness and can not change.
Referring to Fig. 2, Fig. 2 shows the flow charts of the method for read write chip identifier through encrypting according to the ... of the embodiment of the present invention.
Fig. 2 shows 6 steps altogether:
Step S210:Chip identifier is obtained, the chip identifier includes at least the first mark arranged in a predetermined order
Know symbol and second identifier symbol, the first identifier symbol is obtained by reading the logical value of the particular mask layer pattern of chip.
First identifier symbol for example can be identifier set by manufacturer, and second identifier symbol for example can be user's setting
Identifier.The case where present invention is not limited with the embodiment of two identifiers, three identifiers and more identifiers
Within protection scope of the present invention.
Step S220:The chip identifier being written into one time programming OTP register carries out secure hash algorithm
The operation of SM4 is obtained through the encrypted chip identifiers of the SM4.
It, optionally can also be by software to being carried out through the encrypted chip identifiers of the SM4 after step S210
Test, judge whether the encryption succeeds, if encrypted successfully, enter back into it is described will be through the encrypted chip marks of the SM4
Know the step that symbol is written in the setting address in the OTP register.
The chip identifier of mistake can be written to OTP register by above-mentioned software test to avoid due to SM4 operation mistakes
In, moreover, if software test encryption failed, can also provide the prompt of SM4 operation mistakes, believe convenient for user's time update correlation
Breath increases the operability of the present invention.
Step S230:The setting address that will be written to through the encrypted chip identifiers of the SM4 in the OTP register
It is interior.
The first address field and corresponding second that the setting address includes at least corresponding first identifier symbol indicates the second of symbol
The clooating sequence of address field, first address field and second address field is accorded with first identifier symbol and second identifier
Clooating sequence is identical.
In a preference, it can will be written to the OTP register through the encrypted chip identifiers of the SM4
In setting address in before, first detect whether the setting address programmed to be written;If detecting the setting ground
Location was not yet programmed into, then will be written to setting in the OTP register through the encrypted chip identifiers of the SM3 again
Determine in address.It does so and is just avoided that chip identifier is repeatedly written identical setting address, avoid malfunctioning.
In a specific implementation of above-mentioned preference, OTP deposits are written to through the encrypted chip identifier of SM4 operations
Before device setting address in detection operation, if the setting address detected has been programmed into, this will be ignored and write
Operation, can also report an error to upper layer software systems, thus be avoided that because damage OTP register is written in overprogram.
Step S240:When will the middle reading data out of the OTP register setting address when, by first address field
With the sequence of second address field data are obtained from the OTP register.
Step S250:The operation that the data of the acquisition are carried out to SM4, obtains through the encrypted reading data of the SM4.
Step S260:It will be shown to user through the encrypted reading data of the SM4.
Compared with prior art, being written to the chip identifier of OTP register in the present invention is obtained after SM4 operations
Encrypted chip identifier, the encrypted chip identifier and the above-mentioned chip identifier being written in OTP register are not
Together, therefore protection can be encrypted to the chip identifier being written in OTP register, prevents from being cracked.In addition, from
The operation that a SM4 can also be passed through when reading this encrypted chip identifier in OTP register, makes to be eventually displayed to user's
Chip identifier passes through encryption twice, and the above-mentioned chip identifier for being shown to user is with being written in OTP register
Encrypted chip identifier also differs, and has thus made further to the chip identifier being written in OTP register
Encipherment protection.
Since the calculating process of SM4 is unilateral and nonreversible, even so hacker also is difficult to basis and is eventually displayed to use
The chip identifier at family inversely to be inferred to true chip identifier inside OTP register.In addition, SM4 is indefinite length
A string of message, be subject to specific algorithm process, obtain the data of regular length, this data crack in theory it is highly difficult,
Project Realization is also impossible, so the chip identifier in the present invention is also unique, it is not reproducible.Finally, SM4
Peace is all based on key management, and algorithm and realization can be with full disclosures, as long as protection password safeguards that chip system is pacified
Entirely.
SM4 is the algorithm of national Password Management office establishment, therefore is more in line with country by the encrypted chip identifiers of SM4
Safety standard.Message after filling is grouped by SM4 algorithms, and iterative process EBC patterns can utilize parallel computation to realize, to
Hardware circuit advantage is made full use of, operational performance is improved.
Preferably, the operation that SM4 is carried out in step S220 and step S250 also comprises the steps of:
By the pending data (chip identifier being written in OTP register and from being set described in OTP register
Determine the data in address) it is used as the first field, the second field after first field is used as stop position for storing 11,
Third field after second field is filling field, and it is 0 that each bit in the filling field, which is filled out,.First word
Section, the second field, third field collectively constitute and wait for operation field groups, wait for that the number of bits summation of operation field groups is 16 integer
Times.The operation that arithmetic field group carries out the SM4 is treated, and exports the data of 128 bits.In SM4 calculating processes, due to
The data of input must be 16 integral multiple position bit, can be by the ratio of message by the preparation process before above-mentioned SM4 operations
The integrated treatment of bit length summation at 16 suitable for SM4 operations integral multiple position bit, ensure that SM4 operations operability and
Accuracy.The case where being more than 128 for input data can realize that data reduction is 128 by chain on-link mode (OLM)s
Integral multiple (i.e. when input data be more than 128 the case where, can be reduced to length be less than the input data maximum 128
The integral multiple of position).
Preferably, the chip identifier in the present invention includes identifier set by user and identifier set by manufacturer, is made
In this way, it as long as protecting vendor code or personal code work, even knowing the research staff of whole design details, lacks
Any one code cannot all crack said chip identifier, blank chip can not be rewritten as specific Chip ID's
Chip, than list, there are one vendor code or personal code work safety coefficient highers.
In addition, the present invention can obtain the identifier set by user and mark set by manufacturer by system interface
Symbol.The system interface is used for identifier set by user and identifier merging treatment set by manufacturer at certain sequence, just
Calculation process is carried out to it in next step SM4 algorithms.
In addition, in the present invention, marked if the bit length of the data obtained after SM4 encryptions is more than or equal to described first
The bit length for knowing symbol takes low N bits as the then in the encrypted chip identifier obtained after SM4 operations
One data are written in the first address field in the OTP register, wherein the N is the identifier set by manufacturer
Bit length;In first data, low N is taken1A bit is written in the OTP register as the second data
In double-address section, wherein the N1For the bit length of the identifier set by user.
If the bit length of the data obtained after SM4 encryptions is less than the bit length of first identifier symbol,
The one or more intermediate data generated during the cryptographic calculation of SM4 are spliced with the data obtained after SM4 encryptions
Until the bit length of spliced data is more than or equal to the bit length of first identifier symbol;Through spliced data
In, take low N bits to be written to the first address field in the OTP register as the first data of corresponding first identifier symbol
In, wherein the N is the bit length of first identifier symbol;In first data, low N1 bit conduct pair is taken
It answers in the second address field for being written in the OTP register of the second data that second identifier accords with, wherein the N1 is described the
The bit length of two identifiers.Specifically, due to through excessive wheel operation, often taking turns operation and generating during the cryptographic calculation of SM4
One intermediate data is (for example, the 1st wheel encryption intermediate data a;2nd wheel encryption intermediate data b;3rd wheel encryption intermediate data
C...... the 3rd wheel encryption intermediate data x of inverse;The 2nd wheel encryption intermediate data y of inverse;Last 1 wheel encryption data result z, from
Splicing merges until the bit length of spliced data is more than or equal to the bit length of first identifier symbol last 1 wheel forward
N).The splicing of intermediate data and final data is realized by the intermediate data taken turns in Encryption Algorithm in cascaded fashion more, with
It handles first identifier and accords with the longer situation of bit length.Meanwhile such embodiment splicing either final data or in
Between data, value is all unique and irreversible, therefore, first finally obtained can also be further increased by way of splicing
The uniqueness and safety of identifier and second identifier symbol.
It can be written to OTP register in a certain order due to the use of the chip identifier information after SM4 algorithm operations
In, and also will be by the operation of SM4 algorithms when reading chip identifier from OTP register, and OTP is deposited in the present invention
The field of identifier set by user and the field of identifier set by manufacturer are that have one-to-one position storage relationship in device
, this just provides guarantee for the accuracy of SM4 algorithms, keeps entire calculating process in perfect order, it is not easy to occur due to position
Operation mistake caused by relationship is incorrect.
In addition, the OTP register in the present invention can be to blow laser types OTP register, the OTP deposits of fusing fuse types
Device or electrical fuse e-Fuse type OTP registers.The e-Fuse types OTP register can include coupled capacitor type, series connection crystalline substance
The e-Fuse registers of body cast and dielectric breakdown type.The characteristics of OTP register of these types is exactly one-time write, no
It is rewritable, if it is desirable, specific sequence number can also be written according to the needs of client in chip manufacturer, in this way, each chip
It will avoid being replicated there are one different identifier, meet chip identifier Chip ID with uniqueness and can not be more
The requirement changed.
Specific embodiment provided by the invention is described below in conjunction with Fig. 3 to Fig. 5:
It is step S201 first, first identifier symbol is obtained according to chip particular mask layer, second identifier symbol is obtained, forms core
Piece identifier.
The Chip ID include identifier set by user (second identifier symbol), identifier (first identifier set by manufacturer
Symbol), other customized identifiers or its identifier arbitrarily combined.Identifier set by user is used in the present embodiment
With the combination of identifier set by manufacturer, as shown in Fig. 4 labels 301 and 302.In this way, it is set as long as protecting user
Fixed identifier and identifier set by manufacturer have lacked any one value even knowing the research staff of whole design details,
Said chip identifier cannot be all cracked, blank chip can not be rewritten as the chip of specific Chip ID, than singly having one
A vendor code or personal code work safety coefficient higher.
Followed by step S202, hashing algorithm SM4 algorithms safe to use carry out operation encryption to the Chip ID of setting.
In step S202, the Chip ID being written in OTP register are obtained by system interface (Fig. 4 labels 304)
Afterwards, the process (such as Fig. 4 labels 305) by a merging treatment is needed, for identifier set by user and manufacturer to be set
Identifier merging treatment at certain sequence, for use in SM4 operations.
It is specific as shown in Figure 5:
System interface is written into the identifier being set by the user in OTP register and mark set by manufacturer first
The Chip ID310 of composition are accorded with as the first field 321, then the second field 322 after above-mentioned first field 321 is for depositing
It puts 11 and is used as stop position, for third field 323 as filling field, it is 0 that each bit filled in field, which is filled out,..It is above-mentioned
First field 321, the second field 322, the composition of third field 323 wait for operation field groups, wait for that the number of bits of operation field groups is total
With the integral multiple for 16.
In SM4 calculating processes, since the data of input must be the integral multiple of 16 bits, pass through above-mentioned SM4 operations
Preparation process before can be protected by the integrated treatment of message-length summation at the integral multiple of 16 bits suitable for SM4 operations
The operability and accuracy of SM4 operations are demonstrate,proved.
Operation encryption is carried out to the Chip ID of setting using SM4 hash algorithms.SM4 algorithms are a string indefinite length
Setting value is subject to specific algorithm process, obtains the data of regular length, i.e., encrypted Chip ID330.
For inputting message " 01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 10 ", encryption
Key is " 01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 10 ", and iteration result is:
X [28]=536e4246 X [29]=86b3e94f
X [30]=d206965e X [31]=681edf34
Then ciphertext is " 68 1e df, 34 d2,06 96 5e, 86 b3 e9 4f, 53 6e 42 46 ".
Since the process of SM4 operations is unilateral and nonreversible, after carrying out operation to the Chip ID of setting using SM4 algorithms
Obtained Chip ID are encrypted to be different with the original Chip ID being written in step S101 in OTP register
ChipID, therefore the case where not knowing identifier initial data set by user and identifier initial data set by manufacturer
Under, even the identifier in known specific OTP register, and cannot be replicated.
The SM4 cryptographic algorithm frameworks of national Password Management office certification determine, even if theory of algorithm and Project Realization flow
Full disclosure, as long as can guarantee cryptosecurity, verification process of the electron-beam direct writing DEW as PUC chip identifiers, such
It is safely controllable in system.
SM4 theoretically cracks that highly difficult (i.e. current mathematical analysis theory has been proven that current mathematical tool cannot lead to
The analysis to encrypted data is crossed, counter push away cracks out initial data before encrypting), Project Realization is impossible (can not make
Exhaustive mode by force, initial data before encrypting is cracked out according to encrypted data).Its feature is as follows:
1) former input data is pushed away by data summarization is counter, is highly difficult from computational theory;
2) want to find two groups of different data and correspond to identical data summarization, be also very tired from computational theory
Difficult;
3) any variation to input data has the data summarization that very high probability leads to its generation totally different.
Optionally, after step S202, system can also add a detection device, this detection device to be used for detecting SM4
Whether operation is correct, if testing result is correct, is just directly entered step S203, will not be into if testing result is incorrect
Enter step S203, but prompt user's operation mistake, while there is also miscue, user is prompted to change relevant parameter, increases
The operability of the present embodiment is added.
S203 is subsequently entered, the setting address in detection OTP register is whether had been programmed into.
It, will will be after SM4 be encrypted if detecting that the setting address in above-mentioned OTP register was not yet programmed into
Chip identifier be written in the setting address in OTP register, be thus avoided that and chip identifier be repeatedly written phase
Same setting address, avoids malfunctioning;If detecting that the setting address in above-mentioned OTP register is programmed to be written, neglect
The operation in the setting address in the OTP register, and upward series of strata slightly will be written to through the encrypted chip identifiers of SM4
System reports an error, and is thus avoided that because damage OTP register is written in overprogram, facilitates user's time update relevant information.
Step S204 is subsequently entered, will be written in the setting address of OTP register through the encrypted Chip ID of SM4.System
When OTP register is written, identifier set by manufacturer (such as its bit length is [127:0]) and identifier set by user
(such as its bit length is [31:0] it must) be written at twice, write-in data after SM4 encryptions by could really be written OTP
Register.Specifically:
In the encrypted chip identifier obtained after SM4 operations, low N bits is taken (to correspond to the present embodiment
In identifier set by manufacturer bit length, such as 128 bits) as the first data be written to OTP deposit
In the field for storing identifier set by manufacturer in device, wherein;In first data, low N is taken1(correspond to this
The bit length of identifier set by user in embodiment, such as 32 bits) a bit is written as the second data
Into the field for storing identifier set by user in the OTP register.
So far, ablation process terminates.
In the present embodiment, the field for storing identifier set by user in OTP register, for example, OTP
The 72nd bit in register from low to high is to the 103rd bit, the field for storing identifier set by manufacturer,
The 104th bit for example, in the OTP register from low to high is to the 232nd bit.
It can be written to OTP register in a certain order due to the use of the chip identifier information after SM4 algorithm operations
In, and the field of identifier set by user and the field of identifier set by manufacturer are that have one in OTP register in the present invention
As soon as corresponding position storage relationship, this provides guarantee for the accuracy of SM4 algorithms, and entire calculating process Jing Jing is made to have
Item, it is not easy to occur due to the incorrect caused operation mistake of position relationship.
The write-in of OTP register is by electrical fuse e-Fuse, blows laser or fusing fuse is realized in this step
, wherein e-Fuse types OTP register includes the e-Fuse deposits of the efuse registers of coupled capacitor type, series crystal type
The e-Fuse registers of device and dielectric breakdown type.The OTP register feature that these modes are realized be can only one-time write, no
It is rewritable, but can repeat to read data, if it is desirable, chip manufacturer can also be written specifically according to the needs of client
Sequence number, in this way, each chip can avoid being replicated there are one different identifier, meeting Chip ID has uniquely
Property and not modifiable requirement.Label 305,306 and 307 in above-mentioned steps S204 corresponding diagrams 4.
Step S205 is subsequently entered, system can automatically judge whether it needs reads chip identifier.
If you do not need to reading chip identifier, then judgement action will be returned to, so circulation is gone down;
If necessary to read chip identifier, next step S206 will be entered.
Step S206 reads in OTP register setting address and passes through encrypted chip identifier.
Step S207 carries out second of operation encryption using SM4 algorithms to the encrypted chip identifier of reading.
Also to pass through the merging treatment in step S202 before carrying out second of operation encryption to encrypted Chip ID
Process, the merging treatment process in this step is identical with the merging treatment process in step 202, is not repeated herein.
The operation of SM4 is carried out to merging treated Chip ID, and to cross into be also SM4 calculating process phases with step S202
Together, it is not repeated herein.
Second of SM4 operation by this step, has obtained encrypting Chip ID twice.
Step S208 is finally entered, user obtains by encrypted chip identifier twice.
The Chip ID that user obtains in this step are different from the Chip ID being written in step 204 in OTP register
Chip ID, be also different Chip ID with the Chip ID being written in OTP register in step S201, user obtains
Chip ID be the equal of that have passed through encrypted Chip ID twice, greatly increase the safety coefficient of Chip ID.
Specifically, system interface can be utilized to read identifier set by user and mark set by manufacturer as follows
Know symbol.System can (Digital Right Manage digital rights managements be a kind of including encryption and decryption and close by DRM
The hardware of function of keeping secret (Security) is realized in key management) when reading the identifier in OTP register, encrypted by SM4, it can be with
It is divided into two kinds of situations of identifier set by user and identifier set by manufacturer, utilizes hardware control signal hardware_sel
[1:0] realize that (this two can be 00/01/10/11, and corresponding 4 kinds of functions selection corresponds to identifier set by user respectively
The functions such as CustomID/ DevelopID set by manufacturer and self-test).Offset of the specific address in DRM (Security)
0x0100[4:3] at (system software can configure this address, change hardware_sel, realize different function), for example,
Hardware_sel is that 10 (binary systems) are to read identifier set by user, and hardware_sel is that 11 (binary systems) are to read
Identifier set by manufacturer.By SM4 processing, achieve the purpose that hash hash.
For system, identifier either set by manufacturer or identifier set by user are not OTP registers
The data of preservation, the result that software is read all is that have passed through the encrypted results of SM4.
So far, the read-write process of entire chip identifier terminates.
Compared with prior art, being written to the chip identifier of OTP register in the present invention is obtained after SM4 operations
Encrypted chip identifier, the encrypted chip identifier and the above-mentioned chip identifier being written in OTP register are not
Together, therefore protection can be encrypted to the chip identifier being written in OTP register, prevents from being cracked;Also, from
The operation that a SM4 can also be passed through when reading this encrypted chip identifier in OTP register, makes to be eventually displayed to user's
Chip identifier passes through encryption twice, and the above-mentioned chip identifier for being shown to user is with being written in OTP register
Encrypted chip identifier also differs, and has thus made further to the chip identifier being written in OTP register
Encipherment protection.Since the calculating process of SM4 is unilateral and nonreversible, even so hacker also is difficult to basis and is eventually displayed to
The chip identifier of user inversely to be inferred to true chip identifier inside OTP register.In addition, SM4 is random length
A string of message of degree, are subject to specific algorithm process, obtain the data of regular length, this data cracks very tired in theory
Difficulty, Project Realization are also impossible, so the chip identifier in the present invention is also unique, it is not reproducible.Finally,
SM4 algorithms generate identifier and meet national safety standard, support password password management.It is conducive to parallel change after being grouped in generating process
In generation, calculates, and using hardware circuit advantage, improves operational performance.
The step of various methods divide above, be intended merely to describe it is clear, when realization can be merged into a step or
Certain steps are split, multiple steps are decomposed into, as long as including identical logical relation, all in the protection domain of this patent
It is interior;To either adding inessential modification in algorithm in flow or introducing inessential design, but its algorithm is not changed
Core design with flow is all in the protection domain of the patent.
It will be understood by those skilled in the art that the respective embodiments described above are to realize specific embodiments of the present invention,
And in practical applications, can to it, various changes can be made in the form and details, without departing from the spirit and scope of the present invention.
The method of read write chip identifier through encrypting provided by the invention has following advantage:
1) by making chip identifier include at least first identifier symbol and second identifier symbol, and first identifier symbol is according to chip
The logical value of particular mask layer pattern obtains, and unique chip identifier can be obtained by being achieved in OTP register, and is difficult to
It is inversely cracked and bootlegging;
2) SM4 algorithms generation identifier meets national safety standard, supports password password management.After being grouped in generating process
It is calculated conducive to parallel iteration, using hardware circuit advantage, improves operational performance;
3) in addition, by the intermediate data taken turns in Encryption Algorithm, in cascaded fashion, intermediate data and final number are realized more
According to splicing, with handle first identifier accord with the longer situation of bit length.Meanwhile the splicing of such embodiment is either final
Data or intermediate data, value are all unique and irreversible, therefore, can also be further increased by way of splicing final
Uniqueness and the safety of the first identifier symbol and second identifier symbol of acquisition.
Those skilled in the art after considering the specification and implementing the invention disclosed here, will readily occur to its of the disclosure
Its embodiment.This application is intended to cover any variations, uses, or adaptations of the disclosure, these modifications, purposes or
Person's adaptive change follows the general principles of this disclosure and includes the undocumented common knowledge in the art of the disclosure
Or conventional techniques.The description and examples are only to be considered as illustrative, and the true scope and spirit of the disclosure are by appended
Claim is pointed out.
Claims (10)
1. a kind of method of read write chip identifier through encrypting, which is characterized in that including:
Chip identifier is obtained, the chip identifier includes at least the first identifier symbol arranged in a predetermined order and second identifier
Symbol, the first identifier symbol are obtained by reading the logical value of the particular mask layer pattern of chip;
Operation is encrypted by SM4 in the chip identifier, is obtained through the encrypted chip identifiers of the SM4;
It will be written in the setting address in the OTP register of chip through the encrypted chip identifiers of the SM4, the setting
Address includes at least the first address field of corresponding first identifier symbol and corresponds to the second the second address field for indicating symbol, first ground
The clooating sequence of location section and second address field is accorded with the first identifier and the clooating sequence of second identifier symbol is identical;
When will the middle reading data out of the OTP register setting address when, by first address field and second ground
The sequence of location section obtains data from the OTP register;
Operation is encrypted by SM4 in the data of the acquisition, is obtained through the encrypted reading data of the SM4;
It provides through the encrypted reading data of the SM4.
2. the method for read write chip identifier through encrypting according to claim 1, which is characterized in that described to be written into
Operation is encrypted by SM4 in chip identifier in OTP register, obtains the step through the encrypted chip identifiers of the SM4
Suddenly further include:
The chip identifier is extended to and waits for operation field groups, the number of bits summation for waiting for operation field groups be 16 it is whole
Several times;
It waits for that operation is encrypted by SM4 in operation field groups to described, obtains through the encrypted chip identifiers of the SM4.
In addition a variety of extended modes such as link CBC.
3. the method for read write chip identifier through encrypting according to claim 2, which is characterized in that described to wait for operation field groups
Including:
First field, first field are the chip identifier being written in OTP register;
Second field is next to first field, and the bit length of second field is 1, and filling 1 is made in the bit
For stop position;
Third field is next to second field, and the third field is filling field, each bit in the filling field
It is 0 that position, which is filled out,.
4. the method for read write chip identifier through encrypting according to claim 2, which is characterized in that by the data of the acquisition
Operation is encrypted by SM4, obtain further include through the encrypted reading data of the SM4:
By mode identical with the chip identifier being written in OTP register, the Data expansion by the acquisition is
Wait for operation field groups;
It waits for that operation is encrypted by SM4 in operation field groups to described, obtains through the encrypted reading data of the SM4.
5. the method for read write chip identifier through encrypting according to claim 1, which is characterized in that it is described will be through the SM4
The step in setting address that encrypted chip identifier is written in the OTP register further includes:
If the bit length of the data obtained after SM4 encryptions is more than or equal to the bit length of first identifier symbol,
In the data obtained after SM4 encryptions, low N bits is taken to be written to as the first data of corresponding first identifier symbol
In the OTP register in the first address field, wherein the N is the bit length of first identifier symbol;
In first data, low N is taken1A bit is written to the OTP as the second data of corresponding second identifier symbol and posts
In the second address field in storage, wherein the N1For the bit length of second identifier symbol.
6. the method for read write chip identifier through encrypting according to claim 5, which is characterized in that it is described will be through the SM4
The step in setting address that encrypted chip identifier is written in the OTP register further includes:
If the bit length of the data obtained after SM4 encryptions is less than the bit length of first identifier symbol, by SM4
Cryptographic calculation during generate one or more intermediate data with through the SM4 encryption after obtain data splicing until spell
The bit length of data after connecing is more than or equal to the bit length of first identifier symbol;
In through spliced data, low N bits is taken to be written to the OTP as the first data of corresponding first identifier symbol
In register in the first address field, wherein the N is the bit length of first identifier symbol;
In first data, low N is taken1A bit is written to the OTP as the second data of corresponding second identifier symbol and posts
In the second address field in storage, wherein the N1For the bit length of second identifier symbol.
7. the method for read write chip identifier through encrypting according to any one of claims 1 to 6, which is characterized in that described
One identifier is identifier set by manufacturer, and the second identifier symbol is identifier set by user.
8. the method for read write chip identifier through encrypting according to any one of claims 1 to 6, which is characterized in that described to incite somebody to action
Operation is encrypted by SM4 in the chip identifier, after the step of obtaining chip identifier encrypted through the SM4, institute
Before stating the step in the setting address that will be written in the OTP register of chip through the encrypted chip identifiers of the SM4,
Further include:
Detect whether the setting address in the OTP register is programmed to be written;
If detecting, the setting address was not yet programmed into, continue to execute it is described will be through the encrypted cores of the SM4
Piece identifier is written to the step in the setting address in the OTP register;
If detecting that the setting address is programmed to be written, do not execute it is described will be through the encrypted chip marks of the SM4
Know the step that symbol is written in the setting address in the OTP register, and reports an error.
9. the method for read write chip identifier through encrypting according to any one of claim 1 to 6, which is characterized in that described
OTP register is the OTP register of any one following type:
Blow type, fusing type, electrical fuse type, anti-fuse type OTP register.
10. the method for read write chip identifier through encrypting according to claim 9, which is characterized in that the electrical fuse type
OTP register includes the electrical fuse type register of coupled capacitor type, series crystal type and dielectric breakdown type.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810093997.8A CN108388817A (en) | 2018-01-31 | 2018-01-31 | The method of read write chip identifier through encrypting |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810093997.8A CN108388817A (en) | 2018-01-31 | 2018-01-31 | The method of read write chip identifier through encrypting |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN108388817A true CN108388817A (en) | 2018-08-10 |
Family
ID=63074631
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810093997.8A Pending CN108388817A (en) | 2018-01-31 | 2018-01-31 | The method of read write chip identifier through encrypting |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108388817A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109714163A (en) * | 2019-01-30 | 2019-05-03 | 江永林 | A kind of chip serial number coding method and system, storage medium and terminal |
| CN110602140A (en) * | 2019-09-29 | 2019-12-20 | 苏州思必驰信息科技有限公司 | Encryption and decryption method and system for chip authorization |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090019275A1 (en) * | 2007-07-13 | 2009-01-15 | Park Dong-Jin | Secure Boot Method and Semiconductor Memory System Using the Method |
| CN201397546Y (en) * | 2009-03-19 | 2010-02-03 | 东方通信股份有限公司 | Communication encrypting device for ATM cash dispenser |
| CN101840476A (en) * | 2010-05-07 | 2010-09-22 | 江苏新广联科技股份有限公司 | OTP-SD electronic publication encryption method |
| CN103780608A (en) * | 2014-01-14 | 2014-05-07 | 浪潮电子信息产业股份有限公司 | SM4-algorithm control method based on programmable gate array chip |
| CN203773549U (en) * | 2013-10-25 | 2014-08-13 | 上海华力创通半导体有限公司 | Chip identifier-based software security application device |
| CN104573572A (en) * | 2013-10-25 | 2015-04-29 | 上海华力创通半导体有限公司 | Method for encrypting read-write chip identifier |
| CN106228088A (en) * | 2016-08-11 | 2016-12-14 | 浪潮电子信息产业股份有限公司 | A kind of method for designing of SM4 Algorithm IP based on domestic BMC chip |
-
2018
- 2018-01-31 CN CN201810093997.8A patent/CN108388817A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090019275A1 (en) * | 2007-07-13 | 2009-01-15 | Park Dong-Jin | Secure Boot Method and Semiconductor Memory System Using the Method |
| CN201397546Y (en) * | 2009-03-19 | 2010-02-03 | 东方通信股份有限公司 | Communication encrypting device for ATM cash dispenser |
| CN101840476A (en) * | 2010-05-07 | 2010-09-22 | 江苏新广联科技股份有限公司 | OTP-SD electronic publication encryption method |
| CN203773549U (en) * | 2013-10-25 | 2014-08-13 | 上海华力创通半导体有限公司 | Chip identifier-based software security application device |
| CN104573572A (en) * | 2013-10-25 | 2015-04-29 | 上海华力创通半导体有限公司 | Method for encrypting read-write chip identifier |
| CN103780608A (en) * | 2014-01-14 | 2014-05-07 | 浪潮电子信息产业股份有限公司 | SM4-algorithm control method based on programmable gate array chip |
| CN106228088A (en) * | 2016-08-11 | 2016-12-14 | 浪潮电子信息产业股份有限公司 | A kind of method for designing of SM4 Algorithm IP based on domestic BMC chip |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109714163A (en) * | 2019-01-30 | 2019-05-03 | 江永林 | A kind of chip serial number coding method and system, storage medium and terminal |
| CN110602140A (en) * | 2019-09-29 | 2019-12-20 | 苏州思必驰信息科技有限公司 | Encryption and decryption method and system for chip authorization |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP2359520B1 (en) | Distributed puf | |
| US9934400B2 (en) | System and methods for encrypting data | |
| WO2018046008A1 (en) | Storage design method of blockchain encrypted radio frequency chip | |
| KR101360696B1 (en) | Non-networked rfid-puf authentication | |
| US8782396B2 (en) | Authentication with physical unclonable functions | |
| JP7116050B2 (en) | Computer program product, computer system, and computer-implemented method for implementing cryptographic messages containing authentication instructions | |
| CN108055120B (en) | Method for detecting AES-OTR algorithm to resist differential fault attack | |
| WO2013088939A1 (en) | Identification information generation device and identification information generation method | |
| CN104573572B (en) | The method of read write chip identifier through encrypting | |
| CN103559454B (en) | Data protection system and method | |
| CN110289946A (en) | A kind of generation method and block chain node device of block chain wallet localization file | |
| CN108280373A (en) | The method of read write chip identifier through encrypting | |
| CN109241789A (en) | A kind of chip identification method | |
| CN108388817A (en) | The method of read write chip identifier through encrypting | |
| CN104579630A (en) | System random number generation method | |
| EP3214567B1 (en) | Secure external update of memory content for a certain system on chip | |
| CN113434876A (en) | Data encryption method and device, memory controller, chip and electronic equipment | |
| Ziener et al. | Configuration tampering of BRAM-based AES implementations on FPGAs | |
| CN108279864A (en) | System random number generation method | |
| CN108388816A (en) | A kind of method of read write chip identifier through encrypting | |
| CN104573754B (en) | Chip identifier reading/writing method | |
| CN104575609B (en) | Chip identifier reading/writing method in OTP register | |
| Kumar et al. | An Effective Logic Obfuscation Technique with AES Encryption Module for Design Protection | |
| CN107292172A (en) | For relative to the method for verifying object-computer file automatically with reference to computer documents | |
| CN203773956U (en) | OTP (one time programmable) register reading-writing device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20180810 |