CN109583155B - IOT module with embedded security chip and control method thereof - Google Patents

IOT module with embedded security chip and control method thereof Download PDF

Info

Publication number
CN109583155B
CN109583155B CN201811500928.0A CN201811500928A CN109583155B CN 109583155 B CN109583155 B CN 109583155B CN 201811500928 A CN201811500928 A CN 201811500928A CN 109583155 B CN109583155 B CN 109583155B
Authority
CN
China
Prior art keywords
key
share
key2
key3
key1
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811500928.0A
Other languages
Chinese (zh)
Other versions
CN109583155A (en
Inventor
隋榕华
林伟
陈将
邱加钦
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Flaircomm Microelectronics Inc
Original Assignee
Flaircomm Microelectronics Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Flaircomm Microelectronics Inc filed Critical Flaircomm Microelectronics Inc
Priority to CN201811500928.0A priority Critical patent/CN109583155B/en
Publication of CN109583155A publication Critical patent/CN109583155A/en
Application granted granted Critical
Publication of CN109583155B publication Critical patent/CN109583155B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • G06F21/123Restricting unauthorised execution of programs by using dedicated hardware, e.g. dongles, smart cards, cryptographic processors, global positioning systems [GPS] devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Radar, Positioning & Navigation (AREA)
  • Remote Sensing (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to an IOT module embedded with a security chip, which is characterized in that: the system comprises an IOT module, a security chip and a Bluetooth/WIFI chip with a built-in MCU; the security chip: the internal part mainly stores the information of the module MAC and SN, and the like, and runs a security encryption algorithm; the Bluetooth/WIFI chip of the built-in MCU: when the system is started, the MAC address and SN information stored in the internal software and the security chip are respectively called, and the internal software is decrypted and can run; and the safety chip is in data connection with the Bluetooth/WIFI chip of the built-in MCU. The invention can effectively protect information such as protocol stack software, MAC address, SN and the like from being stolen.

Description

IOT module embedded with security chip and control method thereof
Technical Field
The invention relates to the technical field of Internet of things, in particular to an IOT module with an embedded security chip and a control method thereof.
Background
At present, IOT (Internet of things) equipment is more and more on the market, a module is used as a core component of the IOT equipment, and a software program of the IOT equipment is generally small. In order to meet more functional requirements of innovative companies, resources are required to be invested to develop IOT equipment for the second time, but IOT module software programs and other information are often stolen by lawbreakers, so that great loss is caused to the innovative companies, and the initiative of innovative development of the companies is hit.
Disclosure of Invention
In view of this, an object of the present invention is to provide an IOT module with an embedded security chip and a control method thereof, which can effectively protect information such as protocol stack software, MAC addresses and SNs from being stolen.
In order to achieve the purpose, the invention adopts the following technical scheme:
an IOT module with an embedded security chip comprises an IOT module, a security chip and a Bluetooth/WIFI chip with a built-in MCU;
the security chip is: the internal part mainly stores the information of the module MAC and SN, and the like, and runs a security encryption algorithm;
the Bluetooth/WIFI chip of the built-in MCU: when the system is started, the MAC address and SN information stored in the internal software and the security chip are respectively called, and the internal software is decrypted and can run; and the safety chip is in data connection with the Bluetooth/WIFI chip of the built-in MCU.
Further, the MCU stores a key share key1, a ciphertext Enc (share key2+ data1) by FW key1, a ciphertext Enc (share key3+ data2) by FW key2, and a ciphertext Enc (data3) by FW key 3.
Further, a key share key1, a key FW key1, a key share key2, a key FW key2, a key share key3, and a key FW key3 are stored in the security chip.
A control method of an IOT module with an embedded security chip comprises the following steps:
step S1, starting the system, carrying out SHA256 and XOR operation on the key share 1 and the key FW key1 in the security chip, and encrypting the key share 1 and the key FW key1 into a ciphertext Enc (share key1+ FW key 1);
step S2, the security chip sends the ciphertext Enc (share key1+ FW key1) to the MCU, the MCU uses the stored key share 1 to perform SHA256 and XOR operation on the ciphertext Enc (share key1+ FW key1), and the key FW key1 is obtained by decryption;
step S3, the MCU uses the Key FW Key1 to carry out XOR operation on the stored ciphertext Enc (share Key2+ data1) by FW Key1, thereby obtaining a Key share Key2 and data 1;
step S4, the security chip carries out SHA256 and XOR operation on the secret key2 and the secret key FW key2 to obtain a ciphertext Enc (share key2+ FW key 2);
step S5, the security chip sends the ciphertext Enc (share key2+ FW key2) to the MCU, the MCU uses the key share 2 obtained in step S3 to perform SHA256 and XOR operation on the ciphertext Enc (share key2+ FW key2), and then the ciphertext Enc is decrypted to obtain a key FW key2;
step S6, the MCU uses the key FW key2 to perform SHA256 and XOR operation on the stored ciphertext Enc (share key3+ data2) by FW key2, so as to obtain a key share key3 and data2;
step S7, the security chip carries out SHA256 and XOR operation through a key share key3 and a key FW key3, and encrypts the security chip into a ciphertext Enc (share key3+ FW key 3);
step S8, the security chip sends the ciphertext Enc (share key3+ FW key3) to the micro control unit MCU, the micro control unit MCU uses the key share key3 obtained in the step (6) to perform SHA256 and XOR operation on the ciphertext Enc (share key3+ FW key3), and the ciphertext Enc (share key3+ FW key3) is decrypted to obtain a key FW key3;
and step S9, the MCU carries out XOR operation on the stored Enc (data3) by FW key3 by using the key FW key3, and the data3 is obtained by decryption.
Further, the data1, data2 and data3 may be MAC addresses or SN information of the internet of things module, or data used in codes.
Compared with the prior art, the invention has the following beneficial effects:
the invention reinforces the safety of the IOT module through the matching of the safety chip and the MCU, and can effectively protect information such as protocol stack software, MAC address, SN and the like from being stolen.
Drawings
FIG. 1 is a schematic view of the structure of the present invention;
FIG. 2 is a schematic diagram of the MCU and security chip control of the present invention;
FIG. 3 is a block diagram of an IOT module employed in the present invention.
Detailed Description
The invention is further explained below with reference to the drawings and the embodiments.
Referring to fig. 1, the present invention provides an IOT module with an embedded security chip, which includes an IOT module, a security chip, and a bluetooth/WIFI chip with an MCU built therein; the model number of the IOT module used in the present embodiment shown in FIG. 3 is CBM 270.
The security chip: the internal part mainly stores the information of the module MAC and SN, and the like, and runs a security encryption algorithm;
the Bluetooth/WIFI chip of the built-in MCU: when the system is started, the software stored in the system and the MAC address and SN information in the security chip are respectively called, and the software stored in the system is decrypted and can run; and the safety chip is in data connection with the Bluetooth/WIFI chip of the built-in MCU.
In this embodiment, the MCU stores a key share key1, a ciphertext Enc (share key2+ data1) by FW key1, a ciphertext Enc (share key3+ data2) by FW key2, and a ciphertext Enc (data3) by FW key3; the secure chip stores a key share key1, a key FW key1, a key share key2, a key FW key2, a key share key3 and a key FW key 3.
Referring to fig. 2, the present embodiment provides a method for controlling an IOT module with an embedded security chip, including the following steps:
step S1, starting the system, carrying out SHA256 and XOR operation (addition, subtraction and XOR operation, which is an encryption algorithm) on the key share key1 and the key FW key1 in the security chip, and encrypting the key share 1 and the key FW key1 into a ciphertext Enc (share key1+ FW key 1);
step S2, the security chip sends the ciphertext Enc (share key1+ FW key1) to the MCU, the MCU uses the stored key share 1 to perform SHA256 and XOR operation on the ciphertext Enc (share key1+ FW key1), and the key FW key1 is obtained by decryption;
step S3, the MCU uses the Key FW Key1 to carry out XOR operation on the stored ciphertext Enc (share Key2+ data1) by FW Key1, thereby obtaining a Key share Key2 and data 1;
step S4, the security chip carries out SHA256 and XOR operation on the key share key2 and the key FW key2 to obtain a ciphertext Enc (share key2+ FW key 2);
step S5, the security chip sends the ciphertext Enc (share key2+ FW key2) to the MCU, the MCU uses the key share 2 obtained in step S3 to perform SHA256 and XOR operation on the ciphertext Enc (share key2+ FW key2), and then the ciphertext Enc is decrypted to obtain a key FW key2;
step S6, the MCU uses the key FW key2 to perform SHA256 and XOR operation on the stored ciphertext Enc (share key3+ data2) by FW key2, so as to obtain a key share key3 and data2;
step S7, the security chip carries out SHA256 and XOR operation through a key share key3 and a key FW key3, and encrypts the security chip into a ciphertext Enc (share key3+ FW key 3);
step S8, the security chip sends the ciphertext Enc (share key3+ FW key3) to the micro control unit MCU, the micro control unit MCU uses the key share key3 obtained in the step (6) to perform SHA256 and XOR operation on the ciphertext Enc (share key3+ FW key3), and the ciphertext Enc (share key3+ FW key3) is decrypted to obtain a key FW key3;
and step S9, the MCU carries out XOR operation on the stored Enc (data3) by FW key3 by using the key FW key3, and the data3 is obtained by decryption.
In this embodiment, the data1, data2 and data3 may be MAC addresses or SN information of the internet of things module, or data used in codes. The data1, data2 and data3 are stored in the form of ciphertext in the software and in the form of array data.
In the embodiment, in the production process, the micro control unit MCU needs to burn a key share key1, a ciphertext Enc (share key2+ data1) by FW key1, a ciphertext Enc (share key3+ data2) by FW key2, and a ciphertext Enc (data3) by FW key3; the secure chip needs to burn key share keys 1, key FW keys 1, key share keys 2, key FW keys 2, key share keys 3 and key FW keys 3. Even if the keys share key1, ciphertext Enc (share key2+ data1), by FW key1, ciphertext Enc (share key3+ data2) by FW key2, ciphertext Enc (data3) by FW key3 in the MCU are cloned during production (the security stored in the ROM of the MCU is low), the keys FW key1, share key2, FW key2, share key3, FW key3 (the security stored in the encryption chip is high) in the security chip and the corresponding decryption algorithm are lacked, the data1, data2 and data3 are still impossible to be decrypted. The security reinforcement mode can protect the information and the protocol stack software inside the Internet of things module in application, and the information and the protocol stack software inside the Internet of things module are safely upgraded in the production process.
The above description is only a preferred embodiment of the present invention, and all equivalent changes and modifications made in accordance with the claims of the present invention should be covered by the present invention.

Claims (5)

1. A control method of an IOT module embedded with a security chip is characterized by comprising the following steps:
step S1, starting the system, carrying out SHA256 and XOR operation on the key share 1 and the key FW key1 in the security chip, and encrypting the key share 1 and the key FW key1 into a ciphertext Enc (share key1+ FW key 1);
step S2, the security chip sends the ciphertext Enc (share key1+ FW key1) to the MCU, the MCU uses the stored secret key1 to perform SHA256 and XOR operation on the ciphertext Enc (share key1+ FW key1), and the secret key FW key1 is obtained through decryption;
step S3, the MCU uses a Key FW Key1 to perform XOR operation on the stored ciphertext Enc (share Key2+ data1) by FW Key1, so as to obtain a Key share Key2 and data 1;
step S4, the security chip carries out SHA256 and XOR operation on the key share key2 and the key FW key2 to obtain a ciphertext Enc (share key2+ FW key 2);
step S5, the security chip sends the ciphertext Enc (share key2+ FW key2) to the MCU, the MCU uses the key share 2 obtained in step S3 to perform SHA256 and XOR operation on the ciphertext Enc (share key2+ FW key2), and then the ciphertext Enc is decrypted to obtain a key FW key2;
step S6, the MCU uses the key FW key2 to perform SHA256 and XOR operation on the stored ciphertext Enc (share key3+ data2) by FW key2, so as to obtain a key share key3 and data2;
step S7, the security chip carries out SHA256 and XOR operation through a key share key3 and a key FW key3, and encrypts the security chip into a ciphertext Enc (share key3+ FW key 3);
step S8, the security chip sends the ciphertext Enc (share key3+ FW key3) to the MCU, the MCU uses the key share key3 obtained in step S6 to perform SHA256 and XOR operation on the ciphertext Enc (share key3+ FW key3), and the ciphertext Enc is decrypted to obtain a key FW key3;
and step S9, the MCU carries out XOR operation on the stored Enc (data3) by FW key3 by using the key FW key3, and the data3 is obtained by decryption.
2. The method for controlling the IOT module with the embedded security chip of claim 1, wherein: the data1, data2 and data3 are MAC address or SN information of the IOT module, or data used in the code.
3. An IOT module with an embedded security chip for implementing the control method of claim 1 or 2, wherein: the system comprises an IOT module, a security chip and a Bluetooth/WIFI chip with a built-in MCU; the security chip: the internal part mainly stores the MAC and SN information of the module and runs a security encryption algorithm; the Bluetooth/WIFI chip of the built-in MCU: when the system is started, the MAC address and SN information stored in the internal software and the security chip are respectively called, and the internal software is decrypted and can run; and the safety chip is in data connection with the Bluetooth/WIFI chip of the built-in MCU.
4. The IOT module of claim 3, wherein the IOT module further comprises: the MCU stores a key share key1, a ciphertext Enc (share key2+ data1) byFW key1, a ciphertext Enc (share key3+ data2) by FW key2 and a ciphertext Enc (data3) by FW key 3.
5. The IOT module of claim 3, wherein the IOT module further comprises: the secure chip stores a key share key1, a key FW key1, a key share key2, a key FW key2, a key share key3 and a key FW key 3.
CN201811500928.0A 2018-12-10 2018-12-10 IOT module with embedded security chip and control method thereof Active CN109583155B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811500928.0A CN109583155B (en) 2018-12-10 2018-12-10 IOT module with embedded security chip and control method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811500928.0A CN109583155B (en) 2018-12-10 2018-12-10 IOT module with embedded security chip and control method thereof

Publications (2)

Publication Number Publication Date
CN109583155A CN109583155A (en) 2019-04-05
CN109583155B true CN109583155B (en) 2022-06-21

Family

ID=65927873

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811500928.0A Active CN109583155B (en) 2018-12-10 2018-12-10 IOT module with embedded security chip and control method thereof

Country Status (1)

Country Link
CN (1) CN109583155B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2010056848A (en) * 2008-08-28 2010-03-11 Kddi Corp Encryption apparatus, encryption method, program, and program storage medium
CN102111265A (en) * 2011-01-13 2011-06-29 中国电力科学研究院 Method for encrypting embedded secure access module (ESAM) of power system acquisition terminal
CN104573528A (en) * 2014-12-31 2015-04-29 湖南国科微电子有限公司 Copy-prevented Soc starting method and chip thereof
CN105376061A (en) * 2015-10-10 2016-03-02 广州慧睿思通信息科技有限公司 Decryption hardware platform based on FPGA
CN105610568A (en) * 2014-11-21 2016-05-25 南方电网科学研究院有限责任公司 Fault detection method and device for block cipher algorithm

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2010056848A (en) * 2008-08-28 2010-03-11 Kddi Corp Encryption apparatus, encryption method, program, and program storage medium
CN102111265A (en) * 2011-01-13 2011-06-29 中国电力科学研究院 Method for encrypting embedded secure access module (ESAM) of power system acquisition terminal
CN105610568A (en) * 2014-11-21 2016-05-25 南方电网科学研究院有限责任公司 Fault detection method and device for block cipher algorithm
CN104573528A (en) * 2014-12-31 2015-04-29 湖南国科微电子有限公司 Copy-prevented Soc starting method and chip thereof
CN105376061A (en) * 2015-10-10 2016-03-02 广州慧睿思通信息科技有限公司 Decryption hardware platform based on FPGA

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
"一种分层分组式组播密钥管理方案";徐彦彦,徐正全,陈曦;《计算机工程》;20070630;全文 *
S. Sridhar ; S. Smys."Intelligent security framework for iot devices cryptography based end-to-end security architecture".《 2017 International Conference on Inventive Systems and Control (ICISC)》.2017, *

Also Published As

Publication number Publication date
CN109583155A (en) 2019-04-05

Similar Documents

Publication Publication Date Title
US11669465B1 (en) Secure storage of data through a multifaceted security scheme
EP3723399A1 (en) Identity verification method and apparatus
JP5080449B2 (en) Providing a new session key
CN106504391B (en) Control method, device and system of intelligent access control
CN100581102C (en) Data safety transmission method for wireless sensor network
CN103701829B (en) A kind of off-line resolves the method for DPAPI encryption data
US20150113280A1 (en) Computer product, recording medium, communications apparatus, and communications method
CN109560931B (en) Equipment remote upgrading method based on certificate-free system
CN111404682B (en) Android environment key segmentation processing method and device
CN114218592A (en) Sensitive data encryption and decryption method and device, computer equipment and storage medium
CN107914665B (en) Vehicle remote safety remote control system and remote control method
CN108762791A (en) Firmware upgrade method and device
CN102685739B (en) Authentication method and system for Android enterprise applications
US10949537B2 (en) Secure firmware provisioning and device binding mechanism
CN103984904A (en) Method and device for preventing screen locking code of mobile terminal from being cracked
CN108768628B (en) Equipment end encryption method, device, system and gateway
CN107733936B (en) Encryption method for mobile data
CN107872315B (en) Data processing method and intelligent terminal
CN104767766A (en) Web Service interface verification method, Web Service server and client
CN107437996B (en) Identity authentication method, device and terminal
KR101848300B1 (en) METHOD FOR OPERATING COMMUNICATION CLIENT INSTALLED IN IoT DEVICE AND IoT DEVICE INCLUDING THE CLIENT
CN112348997A (en) Intelligent door lock control method, device and system
CN101895538A (en) Method and system for establishing data exchange channels, smart card and server
CN102158856B (en) Mobile terminal identification code authentication system and method, server and terminal
CN109583155B (en) IOT module with embedded security chip and control method thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP03 Change of name, title or address
CP03 Change of name, title or address

Address after: 350015 5th Floor, Building 1, No. 116 Jiangbin East Avenue, Mawei District, Fuzhou City, Fujian Province

Patentee after: FLAIRCOMM MICROELECTRONICS, Inc.

Country or region after: China

Address before: Room 6G, Floor 14, Kuai'an Extension Area, Mawei District, Fuzhou City, Fujian Province, China 350015

Patentee before: FLAIRCOMM MICROELECTRONICS, Inc.

Country or region before: China