CN109842488A - For the key generation component in phy chip - Google Patents
For the key generation component in phy chip Download PDFInfo
- Publication number
- CN109842488A CN109842488A CN201711216759.3A CN201711216759A CN109842488A CN 109842488 A CN109842488 A CN 109842488A CN 201711216759 A CN201711216759 A CN 201711216759A CN 109842488 A CN109842488 A CN 109842488A
- Authority
- CN
- China
- Prior art keywords
- memory cell
- private key
- key generation
- generation component
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
The invention proposes a kind of key generation components in phy chip, comprising: randomizer, for responding the first signal to generate unpredictable encoded radio;Burning unit, for executing the operation of the burned OTP memory cell of the encoded radio;OTP memory cell, for solidifying the encoded radio using as private key.Portion is generated the private key in key generation component in the present invention by unpredictable random number in the chip, in OTP module of reburning, private key value and chip exterior are without any relationship and interaction, guarantee private key exclusive property and can not the property found out, component external, which either develops designer or attack personnel, can not know private key, to ensure the safety and reliability of private key.
Description
Technical field
The invention belongs to data encryption/decryption technical field more particularly to a kind of key generations in phy chip
Component.
Background technique
Data have proven to one of enterprise-essential assets, and the rapid growth of data makes enterprise face unprecedented choose
War.For the demand of current data safety, the technology of mainstream is the encryption/decryption process and conduct by cryptographic algorithm
The key management on the basis of encryption/decryption process.
Key refers to that the public key and private key being mutually paired, public key are parts disclosed in cipher key pair, commonly used in encryption meeting
Talk about key, verify data signature, or the data flow that encryption can be decrypted with corresponding private key;Private key is that cipher key pair is private
Part, can commonly used in decrypted session key, progress data signature, the data flow for decrypting corresponding public key encryption or encryption
With with the data flow of corresponding public key decryptions.Therefore, the safety of private key is particularly important.
Private key preservation in the prior art is either not provided with security mechanism or is carried out at encryption by other keys again
Reason, or private key is stored by opening up one piece of safety zone in main memory, these key safe practices are to a certain extent
The safety of key is improved, but private key is actually stored in main memory or chip (such as encryption chip) inside of computer system
Register in, when attacker has got the permission of the power user of computer system, then above-mentioned security mechanism then shape
With illusory, attacker then can easily get private key;In addition, private key in the prior art in generation, interaction, use
It is under the transmitting state, including private key circulation in a secure domain, private key between in security domain and chip in the process
Circulation etc. not can guarantee private key the problem of whether circulation leaks in the process.
Summary of the invention
In view of this, it is an object of the invention to propose a kind of key generation component in phy chip, with solution
Certainly the leading to the problem of of prior art private key, preservation, the processes such as use without certain effective safety measure.
In some illustrative embodiments, described interior key generation component, comprising: randomizer, for responding
First signal is to generate unpredictable encoded radio;Burning unit, for executing the burned OTP memory cell of the encoded radio
Operation;OTP memory cell, for solidifying the encoded radio using as private key.
In some preferred embodiments, described interior key generation component, further includes: cryptologic unit, for ringing
Second signal is answered to read cured private key in the OTP memory cell, generates corresponding public key.
In some preferred embodiments, the cryptologic unit is also used to export the public key of generation.
In some preferred embodiments, the cryptologic unit is also used to respond third signal to described in reading
Cured private key in OTP memory cell carries out encryption/decryption process to the data flow of input, and the data flow that exports that treated.
In some preferred embodiments, the cryptologic unit is also used to respond fourth signal to described in reading
Cured private key in OTP memory cell carries out signature/sign test processing to the data flow of input, and the data flow that exports that treated.
In some preferred embodiments, described interior key generation component, further includes: converting unit, being used for will be described
Cured key carries out particular conversion in OTP memory cell, then the key after conversion is supplied to the cryptologic list
Member.
In some preferred embodiments, described interior key generation component, further includes: volatile memory cell is used for
Cache the encoded radio that the randomizer generates;The burning unit, will be in the volatile memory cell for executing
The burned OTP memory cell of the encoded radio operation.
In some preferred embodiments, the OTP memory cell is also used to record and solidify the shape of OTP memory cell
State value;The state value is used to indicate the OTP memory cell and can be performed burning operation or can not be performed burning operation.
In some preferred embodiments, the OTP memory cell uses the OTP fuse storage being made of several fuses
Device unit.
In some preferred embodiments, several fuses use 0.18um fuse below.
It include key in above-mentioned piece in the phy chip it is another object of the present invention to provide a kind of phy chip
Formation component.
Compared with prior art, the invention has the following advantages that
1. portion is generated the private key in key generation component in the present invention by unpredictable random number in the chip,
In OTP module of reburning, private key value and chip exterior guarantee the exclusive property of private key and can not find out without any relationship and interaction
Property, component external, which either develops designer or attack personnel, can not know private key, thus ensure the safety of private key with
Reliability.
2. the OTP module in the present invention is only exported to cryptologic unit, and cryptologic unit is only to component external
Public key, plaintext, ciphertext, signature and sign test data are exported, private key is during use from start to finish without normal direction component external
Output further ensures the safety and reliability of private key.
Detailed description of the invention
The drawings described herein are used to provide a further understanding of the present invention, constitutes part of this application, this hair
Bright illustrative embodiments and their description are used to explain the present invention, and are not constituted improper limitations of the present invention.In the accompanying drawings:
Fig. 1 is the first exemplary structural schematic diagram of key generation component in the present invention;
Fig. 2 is the second exemplary structural schematic diagram of key generation component in the present invention;
Fig. 3 is the exemplary structural schematic diagram of third of key generation component in the present invention.
Specific embodiment
The following description and drawings fully show specific embodiments of the present invention, to enable those skilled in the art to
Practice them.Other embodiments may include structure, logic, it is electrical, process and other change.Embodiment
Only represent possible variation.Unless explicitly requested, otherwise individual components and functionality is that optionally, and the sequence operated can be with
Variation.The part of some embodiments and feature can be included in or replace part and the feature of other embodiments.This hair
The range of bright embodiment includes equivalent obtained by the entire scope of claims and all of claims
Object.Herein, these embodiments of the invention can individually or generally be indicated that this is only with term " invention "
For convenience, and if in fact disclosing the invention more than one, the range for being not meant to automatically limit the application is to appoint
What single invention or inventive concept.
And in the following detailed description, a large amount of specific details can be proposed, in order to provide a thorough understanding of the present invention.
It will be understood by those skilled in the art, however, that implementable present invention without these specific details.In addition, in order to avoid
Unnecessarily obscure main thought of the invention, be not described in well-known method, process, component, structure, circuit and
Other feature.
As used in claims, unless otherwise noted, for describing elements/structures/signal/data
The uses of ordinal adjectives " first ", " second ", " third " etc. to be only used for indicator elment/structure/signal/data specific
Example or similar elements/structure/signal/data different instances, and it is not intended to imply that these element/knots so described
Structure/signal/data must in a specific sequence (either temporally, spatially sequence or in any other manner)
The present invention can be understood faster for the ease of those skilled in the art, and main thought of the invention is carried out at this
It is simple to illustrate.As mentioned in background parts, the generation and preservation of traditional key be by least two pieces of logical/physicals every
From module/hardware execute, such as the private key generation module built-up by software code, and opened up in main memory one piece
Specific storage region, private key generation module are generated by random number, then private key is stored in the specific region of configuration, at this time without
By being that not can guarantee private key during the circulation of private key generation module and particular memory region and private key between the two to have not
It is compromised;In another example executing the generation and preservation of key by two hardware/system, such as encryption chip of current mainstream is private
Key is generated by Key Management server or exploitation test equipment, then will generation private key storage in encryption chip, compared to the
A kind of its safety of mode is improved, but since private key still has the movement of circulation, also just not can guarantee private key still and exist
Either with or without leaking during this circulation;For this purpose, the present invention is by designing the generation of private key and preservation operation at one
Externally in completely enclosed component (phy chip), and private key and component external do not have any direct interface, that is to say, that
Even key exploitation designer can not also know private key, and private key directly participates in the encryption of chip, decryption, generation public key,
The operation such as signature, sign test, component be output to the outside also only these data flows after treatment, outside pass through these data
Also private key can not be analyzed, and then guarantees the safety and reliability of private key, herein on basis, the safety of data also must
Sound assurance is arrived.
Referring now to fig. 1, Fig. 1 is shown in the present invention for the first exemplary of the key generation component in phy chip
Structural schematic diagram discloses a kind of key generation component 100 in phy chip as shown in the drawing, which can wrap
Include randomizer 110, burning unit 120, OTP (One Time Programmable, One Time Programmable) storage unit
130 and cryptologic unit 140.Key generation component 100 may also include any other circuit not shown in FIG. 1, knot
Structure or logic.The other embodiments of component 100 may include whole, certain in the unit for being shown in FIG. 1 or describing or not have.
Randomizer 110 can be indicated for receiving enable signal (the first signal) and generating one or more groups of random
Several any circuit, structure or other hardware, for example, generator 110 enable port receive high level signal after start, produce
Raw one group 128 or 256 binary system random numbers, i.e., such as 010101011001 ....Preferably, generator 100 generates
The digit of random number is chosen between 32-256.
Burning unit 120 can be indicated for executing the operation of the burned OTP module of random number caused by generator 110
Any circuit, structure or other hardware;Preferably, the dedicated core of X-FAB manufacturer burning produced can be used in burning unit 120
Piece.
OTP memory cell 130 may include several fuses or other one time programmings storage equipment, it may include any quantity
Position, these positions can by special fuse OTP technique carry out assignment solidification, can be used for solidifying produced by randomizer 110
Encoded radio and/or other values for indicating data or state.Preferably, the fuse of 0.18um or less unit can be used in fuse.
Cryptologic unit 140 is represented by by any circuit, the knot of rivest, shamir, adelman (such as ECC algorithm) hypostazation
Structure or other hardware, the interface for having access OTP memory cell 130, receiving control signal, transmitting-receiving data flow, externally export
Data flow may include data flow after decryption, encrypted data flow, the data flow after signature, after sign test data flow and
The public key used is matched with private key.Further, the executable following operation of cryptologic unit 140:
Control signal (second signal) is received, access OTP module obtains private key, generates and match the public affairs used with the private key
Key, and export the public key;
Control signal (third signal) is received, access OTP module obtains private key and selects corresponding encryption/decryption algorithm, right
The data flow received carries out encryption/decryption process;
Wherein, it may include Encryption Control Signal and decryption control signal in the control signal, believe when receiving control extension
After number, access OTP module obtains private key and constitutes corresponding encryption logic, carries out at encryption to the data flow of input
Reason, and export encrypted data flow;After receiving decryption control signal, access OTP module obtains private key and constitutes phase
The data flow of input is decrypted in the decryption logic answered, and exports the data flow after decryption.
Control signal (fourth signal) is received, access OTP module obtains private key and carries out signature/sign test processing;
Wherein, it may include signature control signal and sign test control signal in the control signal, control letter when receiving signature
After number, access OTP module obtains private key and carries out signature processing to the data flow of input, and exports the data flow after signature.
After receiving sign test control signal, access OTP module obtains private key and carries out sign test processing to the data flow of input, and defeated
Data flow after sign test out.
Portion is generated the private key in key generation component in the present invention by unpredictable random number in the chip, then
In burned OTP module, private key value and chip exterior without any relationship and interaction, guarantee private key exclusive property and can not the property found out,
Component external, which either develops designer or attack personnel, can not know private key, to ensure the safety of private key and reliable
Property.Furthermore OTP module is only exported to cryptologic unit, and cryptologic unit only to component external output public key, plaintext,
Ciphertext, signature and sign test data, private key are from start to finish exported without normal direction component external during use, are further ensured
The safety and reliability of private key.It is more again exactly that can prevent attacker from passing through by choosing 0.18um unit fuse below
Reverse engineering cracks, and further increases safety.
Fig. 2 shows the second examples in the present invention for the key generation component in phy chip, and the example is Fig. 1's
On the basis of increase converting unit 150, converting unit 150 can be indicated for carrying out again to private key cured in OTP module 130
Any circuit, structure or other hardware of variation, can be by the original of private key cured in OTP module 130 by the converting unit 150
Initial value is converted into the actual value of private key used in cryptologic unit 140, and the variation logic of converting unit 150 is certain
, therefore the actual value of private key used in cryptologic unit 140 is also unique and constant.The present invention passes through increase
Converting unit 150 changes private key again, can improve the cost that private key is cracked again.
Fig. 3 shows the third example in the present invention for the key generation component in phy chip, and the example is Fig. 1's
On the basis of increase volatile memory cell 160, volatile memory cell 160 can be indicated for storing randomizer for the first time
110 generate encoded radios any kind of storage equipment, may include any amount of data register, command register,
Status register, configuration register, control register, other programmable or hard coded register or register group or it is any its
His storage organization.Volatile memory cell 160 can temporarily store the encoded radio of the generation of randomizer 110, such as random number
Generator 110 sequentially generates multiple groups random coded value, and volatile memory cell 160 then can gradually cache randomizer
The 110 every group of random coded values generated include the final complete coding of acquisition to calculating and shifting processing in the process
Value.The present invention can reduce the requirements of type selecting of randomizer by the way that volatile memory cell 160 is added, to reduce seniority top digit
Randomizer space size, reduce the actual physics area of entire component and phy chip on the whole.
It should also be appreciated by one skilled in the art that various illustrative logical boxs, mould in conjunction with the embodiments herein description
Electronic hardware, computer software or combinations thereof may be implemented into block, circuit and algorithm steps.In order to clearly demonstrate hardware and
Interchangeability between software surrounds its function to various illustrative components, frame, module, circuit and step above and carries out
It is generally described.Hardware is implemented as this function and is also implemented as software, depends on specific application and to entire
The design constraint that system is applied.Those skilled in the art can be directed to each specific application, be realized in a manner of flexible
Described function, still, this realization decision should not be construed as a departure from the scope of protection of this disclosure.
The above description of the embodiment is only used to help understand the method for the present invention and its core ideas;Meanwhile for this
The those skilled in the art in field, according to the thought of the present invention, there will be changes in the specific implementation manner and application range,
In conclusion the contents of this specification are not to be construed as limiting the invention.
Claims (11)
1. a kind of interior key generation component characterized by comprising
Randomizer, for responding the first signal to generate unpredictable encoded radio;
Burning unit, for executing the operation of the burned OTP memory cell of the encoded radio;
OTP memory cell, for solidifying the encoded radio using as private key.
2. according to claim 1 interior key generation component, which is characterized in that further include:
Cryptologic unit reads cured private key in the OTP memory cell for responding second signal, generate and its
Corresponding public key.
3. according to claim 2 interior key generation component, which is characterized in that the cryptologic unit is also used to
Export the public key generated.
4. according to claim 2 interior key generation component, which is characterized in that the cryptologic unit is also used to
Response third signal to reading cured private key in the OTP memory cell, to the data flow of input encrypt/decryption at
Reason, and export treated data flow.
5. according to claim 2 interior key generation component, which is characterized in that the cryptologic unit is also used to
Response fourth signal carries out at signature/sign test the data flow of input to read cured private key in the OTP memory cell
Reason, and export treated data flow.
6. according to claim 2 interior key generation component, which is characterized in that further include:
Converting unit is used to carry out key cured in the OTP memory cell particular conversion, then will be by close after conversion
Key is supplied to the cryptologic unit.
7. according to claim 1 interior key generation component, which is characterized in that further include:
Volatile memory cell, the encoded radio generated for caching the randomizer;
The burning unit, it is for executing that the burned OTP storage of the encoded radio in the volatile memory cell is single
The operation of member.
8. according to claim 1 interior key generation component, which is characterized in that the OTP memory cell is also used to remember
Record and solidify the state value of OTP memory cell;
The state value is used to indicate the OTP memory cell and can be performed burning operation or can not be performed burning operation.
9. according to claim 1 interior key generation component, which is characterized in that if the OTP memory cell use by
The OTP fuse memory element that dry fuse is constituted.
10. according to claim 6 interior key generation component, which is characterized in that several fuses use
0.18um fuse below.
11. a kind of phy chip, which is characterized in that including described in any item interior key generation components of claim 1-10.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711216759.3A CN109842488A (en) | 2017-11-28 | 2017-11-28 | For the key generation component in phy chip |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711216759.3A CN109842488A (en) | 2017-11-28 | 2017-11-28 | For the key generation component in phy chip |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109842488A true CN109842488A (en) | 2019-06-04 |
Family
ID=66881160
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711216759.3A Pending CN109842488A (en) | 2017-11-28 | 2017-11-28 | For the key generation component in phy chip |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109842488A (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110765447A (en) * | 2019-10-25 | 2020-02-07 | 华中师范大学 | Password enhancement method and bracelet |
CN110866267A (en) * | 2019-11-20 | 2020-03-06 | 武汉好维来科技有限公司 | Control method of password card time management system of beauty equipment |
CN111404686A (en) * | 2020-04-21 | 2020-07-10 | 珠海创飞芯科技有限公司 | PUF (physical unclonable function) key generation system and method based on OTP (one time programmable) storage array |
CN113434853A (en) * | 2021-07-01 | 2021-09-24 | 北京忆芯科技有限公司 | Method for burning firmware to storage device and controller |
US11722298B2 (en) * | 2020-09-15 | 2023-08-08 | Globalfoundries U.S. Inc. | Public-private encryption key generation using Pcell parameter values and on-chip physically unclonable function values |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102664739A (en) * | 2012-04-26 | 2012-09-12 | 杜丽萍 | PKI (Public Key Infrastructure) implementation method based on safety certificate |
CN103354496A (en) * | 2013-06-24 | 2013-10-16 | 华为技术有限公司 | Method, device and system for processing public key encryption |
US20140068246A1 (en) * | 2012-08-31 | 2014-03-06 | David H. Hartley | Circuit for secure provisioning in an untrusted environment |
CN106779636A (en) * | 2016-11-29 | 2017-05-31 | 北京乐酷达网络科技有限公司 | A kind of block chain digital cash wallet based on earphone interface of mobile phone |
CN107302436A (en) * | 2017-07-28 | 2017-10-27 | 北京迪曼森科技有限公司 | A kind of USB interface id password key |
-
2017
- 2017-11-28 CN CN201711216759.3A patent/CN109842488A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102664739A (en) * | 2012-04-26 | 2012-09-12 | 杜丽萍 | PKI (Public Key Infrastructure) implementation method based on safety certificate |
US20140068246A1 (en) * | 2012-08-31 | 2014-03-06 | David H. Hartley | Circuit for secure provisioning in an untrusted environment |
CN103354496A (en) * | 2013-06-24 | 2013-10-16 | 华为技术有限公司 | Method, device and system for processing public key encryption |
CN106779636A (en) * | 2016-11-29 | 2017-05-31 | 北京乐酷达网络科技有限公司 | A kind of block chain digital cash wallet based on earphone interface of mobile phone |
CN107302436A (en) * | 2017-07-28 | 2017-10-27 | 北京迪曼森科技有限公司 | A kind of USB interface id password key |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110765447A (en) * | 2019-10-25 | 2020-02-07 | 华中师范大学 | Password enhancement method and bracelet |
CN110765447B (en) * | 2019-10-25 | 2024-01-23 | 华中师范大学 | Password enhancement method and bracelet |
CN110866267A (en) * | 2019-11-20 | 2020-03-06 | 武汉好维来科技有限公司 | Control method of password card time management system of beauty equipment |
CN110866267B (en) * | 2019-11-20 | 2023-04-18 | 武汉好维来科技有限公司 | Control method of password card time management system of beauty equipment |
CN111404686A (en) * | 2020-04-21 | 2020-07-10 | 珠海创飞芯科技有限公司 | PUF (physical unclonable function) key generation system and method based on OTP (one time programmable) storage array |
CN111404686B (en) * | 2020-04-21 | 2023-10-10 | 珠海创飞芯科技有限公司 | PUF key generation system and method based on OTP memory array |
US11722298B2 (en) * | 2020-09-15 | 2023-08-08 | Globalfoundries U.S. Inc. | Public-private encryption key generation using Pcell parameter values and on-chip physically unclonable function values |
CN113434853A (en) * | 2021-07-01 | 2021-09-24 | 北京忆芯科技有限公司 | Method for burning firmware to storage device and controller |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109842488A (en) | For the key generation component in phy chip | |
TWI750223B (en) | Blockchain encrypted radio frequency chip storage design method | |
CN108616348B (en) | The method and system of security algorithm, decipherment algorithm are realized using reconfigurable processor | |
CN104734854B (en) | The safety of key provides | |
Turan et al. | Recommendation for password-based key derivation | |
CN107070660B (en) | Storage design method of block chain encryption radio frequency chip | |
CN105024803B (en) | Behavior fingerprint in white box realization | |
CN106778205A (en) | Verified with the no data storehouse of physics unclonable function | |
JP5273294B2 (en) | Random number generator, encryption device, and authentication device | |
US20140037089A1 (en) | Encryption processing device and method | |
KR101653121B1 (en) | Integrated security device and signal processing method used by integrated security device | |
US20120093308A1 (en) | Apparatus and method for generating random data | |
CN103914662A (en) | Access control method and device of file encrypting system on the basis of partitions | |
CN105022937B (en) | For white box to be realized to the interface compatibility method for being tightly attached to program around | |
CN107832635A (en) | Access right control method, device, equipment and computer-readable recording medium | |
CN105184115A (en) | Method For Including An Implicit Integrity Or Authenticity Check Into A White-box Implementation | |
CN105095695A (en) | Realizing authorization via incorrect functional behavior of a white-box implementation | |
Zhang et al. | FPGA IP protection by binding finite state machine to physical unclonable function | |
CN105024992A (en) | Implementing use-dependent security settings in a single white-box implementation | |
CN109995712A (en) | Data encryption/decryption method, device, equipment and medium | |
CN106067871A (en) | For guaranteeing the safe method and system of the data transmitted in a network | |
JP2014075082A (en) | Random number generator and random number generation method | |
CN106358184A (en) | Point-to-point identity authentication method | |
Turan et al. | Sp 800-132. recommendation for password-based key derivation: Part 1: Storage applications | |
CN105978680A (en) | Implementing padding in a white-box implementation |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20190604 |