CN109583155B - IOT module with embedded security chip and control method thereof - Google Patents
IOT module with embedded security chip and control method thereof Download PDFInfo
- Publication number
- CN109583155B CN109583155B CN201811500928.0A CN201811500928A CN109583155B CN 109583155 B CN109583155 B CN 109583155B CN 201811500928 A CN201811500928 A CN 201811500928A CN 109583155 B CN109583155 B CN 109583155B
- Authority
- CN
- China
- Prior art keywords
- key
- share
- key2
- key3
- key1
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims description 9
- 238000004519 manufacturing process Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 239000008358 core component Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000002787 reinforcement Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/123—Restricting unauthorised execution of programs by using dedicated hardware, e.g. dongles, smart cards, cryptographic processors, global positioning systems [GPS] devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Radar, Positioning & Navigation (AREA)
- Remote Sensing (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Mobile Radio Communication Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to an IOT module embedded with a security chip, which is characterized in that: the system comprises an IOT module, a security chip and a Bluetooth/WIFI chip with a built-in MCU; the security chip: the internal part mainly stores the information of the module MAC and SN, and the like, and runs a security encryption algorithm; the Bluetooth/WIFI chip of the built-in MCU: when the system is started, the MAC address and SN information stored in the internal software and the security chip are respectively called, and the internal software is decrypted and can run; and the safety chip is in data connection with the Bluetooth/WIFI chip of the built-in MCU. The invention can effectively protect information such as protocol stack software, MAC address, SN and the like from being stolen.
Description
Technical Field
The invention relates to the technical field of Internet of things, in particular to an IOT module with an embedded security chip and a control method thereof.
Background
At present, IOT (Internet of things) equipment is more and more on the market, a module is used as a core component of the IOT equipment, and a software program of the IOT equipment is generally small. In order to meet more functional requirements of innovative companies, resources are required to be invested to develop IOT equipment for the second time, but IOT module software programs and other information are often stolen by lawbreakers, so that great loss is caused to the innovative companies, and the initiative of innovative development of the companies is hit.
Disclosure of Invention
In view of this, an object of the present invention is to provide an IOT module with an embedded security chip and a control method thereof, which can effectively protect information such as protocol stack software, MAC addresses and SNs from being stolen.
In order to achieve the purpose, the invention adopts the following technical scheme:
an IOT module with an embedded security chip comprises an IOT module, a security chip and a Bluetooth/WIFI chip with a built-in MCU;
the security chip is: the internal part mainly stores the information of the module MAC and SN, and the like, and runs a security encryption algorithm;
the Bluetooth/WIFI chip of the built-in MCU: when the system is started, the MAC address and SN information stored in the internal software and the security chip are respectively called, and the internal software is decrypted and can run; and the safety chip is in data connection with the Bluetooth/WIFI chip of the built-in MCU.
Further, the MCU stores a key share key1, a ciphertext Enc (share key2+ data1) by FW key1, a ciphertext Enc (share key3+ data2) by FW key2, and a ciphertext Enc (data3) by FW key 3.
Further, a key share key1, a key FW key1, a key share key2, a key FW key2, a key share key3, and a key FW key3 are stored in the security chip.
A control method of an IOT module with an embedded security chip comprises the following steps:
step S1, starting the system, carrying out SHA256 and XOR operation on the key share 1 and the key FW key1 in the security chip, and encrypting the key share 1 and the key FW key1 into a ciphertext Enc (share key1+ FW key 1);
step S2, the security chip sends the ciphertext Enc (share key1+ FW key1) to the MCU, the MCU uses the stored key share 1 to perform SHA256 and XOR operation on the ciphertext Enc (share key1+ FW key1), and the key FW key1 is obtained by decryption;
step S3, the MCU uses the Key FW Key1 to carry out XOR operation on the stored ciphertext Enc (share Key2+ data1) by FW Key1, thereby obtaining a Key share Key2 and data 1;
step S4, the security chip carries out SHA256 and XOR operation on the secret key2 and the secret key FW key2 to obtain a ciphertext Enc (share key2+ FW key 2);
step S5, the security chip sends the ciphertext Enc (share key2+ FW key2) to the MCU, the MCU uses the key share 2 obtained in step S3 to perform SHA256 and XOR operation on the ciphertext Enc (share key2+ FW key2), and then the ciphertext Enc is decrypted to obtain a key FW key2;
step S6, the MCU uses the key FW key2 to perform SHA256 and XOR operation on the stored ciphertext Enc (share key3+ data2) by FW key2, so as to obtain a key share key3 and data2;
step S7, the security chip carries out SHA256 and XOR operation through a key share key3 and a key FW key3, and encrypts the security chip into a ciphertext Enc (share key3+ FW key 3);
step S8, the security chip sends the ciphertext Enc (share key3+ FW key3) to the micro control unit MCU, the micro control unit MCU uses the key share key3 obtained in the step (6) to perform SHA256 and XOR operation on the ciphertext Enc (share key3+ FW key3), and the ciphertext Enc (share key3+ FW key3) is decrypted to obtain a key FW key3;
and step S9, the MCU carries out XOR operation on the stored Enc (data3) by FW key3 by using the key FW key3, and the data3 is obtained by decryption.
Further, the data1, data2 and data3 may be MAC addresses or SN information of the internet of things module, or data used in codes.
Compared with the prior art, the invention has the following beneficial effects:
the invention reinforces the safety of the IOT module through the matching of the safety chip and the MCU, and can effectively protect information such as protocol stack software, MAC address, SN and the like from being stolen.
Drawings
FIG. 1 is a schematic view of the structure of the present invention;
FIG. 2 is a schematic diagram of the MCU and security chip control of the present invention;
FIG. 3 is a block diagram of an IOT module employed in the present invention.
Detailed Description
The invention is further explained below with reference to the drawings and the embodiments.
Referring to fig. 1, the present invention provides an IOT module with an embedded security chip, which includes an IOT module, a security chip, and a bluetooth/WIFI chip with an MCU built therein; the model number of the IOT module used in the present embodiment shown in FIG. 3 is CBM 270.
The security chip: the internal part mainly stores the information of the module MAC and SN, and the like, and runs a security encryption algorithm;
the Bluetooth/WIFI chip of the built-in MCU: when the system is started, the software stored in the system and the MAC address and SN information in the security chip are respectively called, and the software stored in the system is decrypted and can run; and the safety chip is in data connection with the Bluetooth/WIFI chip of the built-in MCU.
In this embodiment, the MCU stores a key share key1, a ciphertext Enc (share key2+ data1) by FW key1, a ciphertext Enc (share key3+ data2) by FW key2, and a ciphertext Enc (data3) by FW key3; the secure chip stores a key share key1, a key FW key1, a key share key2, a key FW key2, a key share key3 and a key FW key 3.
Referring to fig. 2, the present embodiment provides a method for controlling an IOT module with an embedded security chip, including the following steps:
step S1, starting the system, carrying out SHA256 and XOR operation (addition, subtraction and XOR operation, which is an encryption algorithm) on the key share key1 and the key FW key1 in the security chip, and encrypting the key share 1 and the key FW key1 into a ciphertext Enc (share key1+ FW key 1);
step S2, the security chip sends the ciphertext Enc (share key1+ FW key1) to the MCU, the MCU uses the stored key share 1 to perform SHA256 and XOR operation on the ciphertext Enc (share key1+ FW key1), and the key FW key1 is obtained by decryption;
step S3, the MCU uses the Key FW Key1 to carry out XOR operation on the stored ciphertext Enc (share Key2+ data1) by FW Key1, thereby obtaining a Key share Key2 and data 1;
step S4, the security chip carries out SHA256 and XOR operation on the key share key2 and the key FW key2 to obtain a ciphertext Enc (share key2+ FW key 2);
step S5, the security chip sends the ciphertext Enc (share key2+ FW key2) to the MCU, the MCU uses the key share 2 obtained in step S3 to perform SHA256 and XOR operation on the ciphertext Enc (share key2+ FW key2), and then the ciphertext Enc is decrypted to obtain a key FW key2;
step S6, the MCU uses the key FW key2 to perform SHA256 and XOR operation on the stored ciphertext Enc (share key3+ data2) by FW key2, so as to obtain a key share key3 and data2;
step S7, the security chip carries out SHA256 and XOR operation through a key share key3 and a key FW key3, and encrypts the security chip into a ciphertext Enc (share key3+ FW key 3);
step S8, the security chip sends the ciphertext Enc (share key3+ FW key3) to the micro control unit MCU, the micro control unit MCU uses the key share key3 obtained in the step (6) to perform SHA256 and XOR operation on the ciphertext Enc (share key3+ FW key3), and the ciphertext Enc (share key3+ FW key3) is decrypted to obtain a key FW key3;
and step S9, the MCU carries out XOR operation on the stored Enc (data3) by FW key3 by using the key FW key3, and the data3 is obtained by decryption.
In this embodiment, the data1, data2 and data3 may be MAC addresses or SN information of the internet of things module, or data used in codes. The data1, data2 and data3 are stored in the form of ciphertext in the software and in the form of array data.
In the embodiment, in the production process, the micro control unit MCU needs to burn a key share key1, a ciphertext Enc (share key2+ data1) by FW key1, a ciphertext Enc (share key3+ data2) by FW key2, and a ciphertext Enc (data3) by FW key3; the secure chip needs to burn key share keys 1, key FW keys 1, key share keys 2, key FW keys 2, key share keys 3 and key FW keys 3. Even if the keys share key1, ciphertext Enc (share key2+ data1), by FW key1, ciphertext Enc (share key3+ data2) by FW key2, ciphertext Enc (data3) by FW key3 in the MCU are cloned during production (the security stored in the ROM of the MCU is low), the keys FW key1, share key2, FW key2, share key3, FW key3 (the security stored in the encryption chip is high) in the security chip and the corresponding decryption algorithm are lacked, the data1, data2 and data3 are still impossible to be decrypted. The security reinforcement mode can protect the information and the protocol stack software inside the Internet of things module in application, and the information and the protocol stack software inside the Internet of things module are safely upgraded in the production process.
The above description is only a preferred embodiment of the present invention, and all equivalent changes and modifications made in accordance with the claims of the present invention should be covered by the present invention.
Claims (5)
1. A control method of an IOT module embedded with a security chip is characterized by comprising the following steps:
step S1, starting the system, carrying out SHA256 and XOR operation on the key share 1 and the key FW key1 in the security chip, and encrypting the key share 1 and the key FW key1 into a ciphertext Enc (share key1+ FW key 1);
step S2, the security chip sends the ciphertext Enc (share key1+ FW key1) to the MCU, the MCU uses the stored secret key1 to perform SHA256 and XOR operation on the ciphertext Enc (share key1+ FW key1), and the secret key FW key1 is obtained through decryption;
step S3, the MCU uses a Key FW Key1 to perform XOR operation on the stored ciphertext Enc (share Key2+ data1) by FW Key1, so as to obtain a Key share Key2 and data 1;
step S4, the security chip carries out SHA256 and XOR operation on the key share key2 and the key FW key2 to obtain a ciphertext Enc (share key2+ FW key 2);
step S5, the security chip sends the ciphertext Enc (share key2+ FW key2) to the MCU, the MCU uses the key share 2 obtained in step S3 to perform SHA256 and XOR operation on the ciphertext Enc (share key2+ FW key2), and then the ciphertext Enc is decrypted to obtain a key FW key2;
step S6, the MCU uses the key FW key2 to perform SHA256 and XOR operation on the stored ciphertext Enc (share key3+ data2) by FW key2, so as to obtain a key share key3 and data2;
step S7, the security chip carries out SHA256 and XOR operation through a key share key3 and a key FW key3, and encrypts the security chip into a ciphertext Enc (share key3+ FW key 3);
step S8, the security chip sends the ciphertext Enc (share key3+ FW key3) to the MCU, the MCU uses the key share key3 obtained in step S6 to perform SHA256 and XOR operation on the ciphertext Enc (share key3+ FW key3), and the ciphertext Enc is decrypted to obtain a key FW key3;
and step S9, the MCU carries out XOR operation on the stored Enc (data3) by FW key3 by using the key FW key3, and the data3 is obtained by decryption.
2. The method for controlling the IOT module with the embedded security chip of claim 1, wherein: the data1, data2 and data3 are MAC address or SN information of the IOT module, or data used in the code.
3. An IOT module with an embedded security chip for implementing the control method of claim 1 or 2, wherein: the system comprises an IOT module, a security chip and a Bluetooth/WIFI chip with a built-in MCU; the security chip: the internal part mainly stores the MAC and SN information of the module and runs a security encryption algorithm; the Bluetooth/WIFI chip of the built-in MCU: when the system is started, the MAC address and SN information stored in the internal software and the security chip are respectively called, and the internal software is decrypted and can run; and the safety chip is in data connection with the Bluetooth/WIFI chip of the built-in MCU.
4. The IOT module of claim 3, wherein the IOT module further comprises: the MCU stores a key share key1, a ciphertext Enc (share key2+ data1) byFW key1, a ciphertext Enc (share key3+ data2) by FW key2 and a ciphertext Enc (data3) by FW key 3.
5. The IOT module of claim 3, wherein the IOT module further comprises: the secure chip stores a key share key1, a key FW key1, a key share key2, a key FW key2, a key share key3 and a key FW key 3.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811500928.0A CN109583155B (en) | 2018-12-10 | 2018-12-10 | IOT module with embedded security chip and control method thereof |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811500928.0A CN109583155B (en) | 2018-12-10 | 2018-12-10 | IOT module with embedded security chip and control method thereof |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109583155A CN109583155A (en) | 2019-04-05 |
CN109583155B true CN109583155B (en) | 2022-06-21 |
Family
ID=65927873
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811500928.0A Active CN109583155B (en) | 2018-12-10 | 2018-12-10 | IOT module with embedded security chip and control method thereof |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109583155B (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2010056848A (en) * | 2008-08-28 | 2010-03-11 | Kddi Corp | Encryption apparatus, encryption method, program, and program storage medium |
CN102111265A (en) * | 2011-01-13 | 2011-06-29 | 中国电力科学研究院 | Method for encrypting embedded secure access module (ESAM) of power system acquisition terminal |
CN104573528A (en) * | 2014-12-31 | 2015-04-29 | 湖南国科微电子有限公司 | Copy-prevented Soc starting method and chip thereof |
CN105376061A (en) * | 2015-10-10 | 2016-03-02 | 广州慧睿思通信息科技有限公司 | Decryption hardware platform based on FPGA |
CN105610568A (en) * | 2014-11-21 | 2016-05-25 | 南方电网科学研究院有限责任公司 | Fault detection method and device for block cipher algorithm |
-
2018
- 2018-12-10 CN CN201811500928.0A patent/CN109583155B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2010056848A (en) * | 2008-08-28 | 2010-03-11 | Kddi Corp | Encryption apparatus, encryption method, program, and program storage medium |
CN102111265A (en) * | 2011-01-13 | 2011-06-29 | 中国电力科学研究院 | Method for encrypting embedded secure access module (ESAM) of power system acquisition terminal |
CN105610568A (en) * | 2014-11-21 | 2016-05-25 | 南方电网科学研究院有限责任公司 | Fault detection method and device for block cipher algorithm |
CN104573528A (en) * | 2014-12-31 | 2015-04-29 | 湖南国科微电子有限公司 | Copy-prevented Soc starting method and chip thereof |
CN105376061A (en) * | 2015-10-10 | 2016-03-02 | 广州慧睿思通信息科技有限公司 | Decryption hardware platform based on FPGA |
Non-Patent Citations (2)
Title |
---|
"一种分层分组式组播密钥管理方案";徐彦彦,徐正全,陈曦;《计算机工程》;20070630;全文 * |
S. Sridhar ; S. Smys."Intelligent security framework for iot devices cryptography based end-to-end security architecture".《 2017 International Conference on Inventive Systems and Control (ICISC)》.2017, * |
Also Published As
Publication number | Publication date |
---|---|
CN109583155A (en) | 2019-04-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11669465B1 (en) | Secure storage of data through a multifaceted security scheme | |
EP3723399A1 (en) | Identity verification method and apparatus | |
JP5080449B2 (en) | Providing a new session key | |
CN106504391B (en) | Control method, device and system of intelligent access control | |
CN100581102C (en) | Data safety transmission method for wireless sensor network | |
CN103701829B (en) | A kind of off-line resolves the method for DPAPI encryption data | |
US20150113280A1 (en) | Computer product, recording medium, communications apparatus, and communications method | |
CN109560931B (en) | Equipment remote upgrading method based on certificate-free system | |
CN111404682B (en) | Android environment key segmentation processing method and device | |
CN114218592A (en) | Sensitive data encryption and decryption method and device, computer equipment and storage medium | |
CN107914665B (en) | Vehicle remote safety remote control system and remote control method | |
CN108762791A (en) | Firmware upgrade method and device | |
CN102685739B (en) | Authentication method and system for Android enterprise applications | |
US10949537B2 (en) | Secure firmware provisioning and device binding mechanism | |
CN103984904A (en) | Method and device for preventing screen locking code of mobile terminal from being cracked | |
CN108768628B (en) | Equipment end encryption method, device, system and gateway | |
CN107733936B (en) | Encryption method for mobile data | |
CN107872315B (en) | Data processing method and intelligent terminal | |
CN104767766A (en) | Web Service interface verification method, Web Service server and client | |
CN107437996B (en) | Identity authentication method, device and terminal | |
KR101848300B1 (en) | METHOD FOR OPERATING COMMUNICATION CLIENT INSTALLED IN IoT DEVICE AND IoT DEVICE INCLUDING THE CLIENT | |
CN112348997A (en) | Intelligent door lock control method, device and system | |
CN101895538A (en) | Method and system for establishing data exchange channels, smart card and server | |
CN102158856B (en) | Mobile terminal identification code authentication system and method, server and terminal | |
CN109583155B (en) | IOT module with embedded security chip and control method thereof |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CP03 | Change of name, title or address | ||
CP03 | Change of name, title or address |
Address after: 350015 5th Floor, Building 1, No. 116 Jiangbin East Avenue, Mawei District, Fuzhou City, Fujian Province Patentee after: FLAIRCOMM MICROELECTRONICS, Inc. Country or region after: China Address before: Room 6G, Floor 14, Kuai'an Extension Area, Mawei District, Fuzhou City, Fujian Province, China 350015 Patentee before: FLAIRCOMM MICROELECTRONICS, Inc. Country or region before: China |