CN110610079A - Safe starting method, device and system - Google Patents
Safe starting method, device and system Download PDFInfo
- Publication number
- CN110610079A CN110610079A CN201910551844.8A CN201910551844A CN110610079A CN 110610079 A CN110610079 A CN 110610079A CN 201910551844 A CN201910551844 A CN 201910551844A CN 110610079 A CN110610079 A CN 110610079A
- Authority
- CN
- China
- Prior art keywords
- data
- hash value
- memory
- code
- read
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Abstract
The invention discloses a safe starting method, a safe starting device and a safe starting system, and relates to the technical field of safety certification. The safe starting method comprises symmetrically encrypting code data to be executed by AES, asymmetrically encrypting the code data by RSA to generate signature data, and storing the signature data in a medium, wherein the signature data comprises a file header, a code to be executed and signature information; reading the signature data to an execution position, and carrying out authentication by RSA asymmetric decryption on the signature data; and after the authentication is passed, carrying out AES decryption, and executing the code after the decryption. The invention can effectively prevent the data from being modified and stolen, and improve the starting safety of the system.
Description
Technical Field
The invention relates to the technical field of security authentication.
Background
The storage device usually includes an EMMC (embedded multimedia card embedded memory card), wherein the UFS (universal flash storage) has a secure storage region rpmb (secure protected memory block) partition, which is an area for storing encrypted data, when data is written into the region, the validity of the data is checked first, the data can be written into the storage region only after the check is passed, and when the data is read out, a signature check mechanism is provided to prevent reading of counterfeit data.
Secure boot is to prevent the code to be executed from being modified, and the code to be executed needs to be authenticated first, and then executed after the authentication is passed. The code in the Read Only Memory (ROM) of the chip is considered to be safe, after secure boot is enabled, the ROM can authenticate the code to be executed, and after authentication is passed (safe), the ROM can give control right to the code of the next stage.
At present, a low-cost storage device mainly based on a FLASH memory is not provided with security protection, and even if security guarantee of execution and storage is set, data can be stolen in the transmission process when the data is transmitted from a storage medium to an execution space, and confidential information can be leaked in the transmission process, so that the data stored in the FLASH memory is modified before execution. In the prior art, the technical problem is usually solved by setting public key comparison, for example, a public key comparison method using RSA in L-Loader and a public key in a certificate is proposed in chinese patent CN201810146731 to confirm that the public key is authentic, and the above scheme has the following defects: the storage of the public key usually takes up a large amount of memory space, and usually takes up 1024 bits or 2048 bits. Another chinese patent CN201610649368 also proposes that RSA public key hashing in a user card is used in a trusted execution environment to verify that the public key is trusted, but the security is reduced because the user card is managed by the user himself.
Disclosure of Invention
The invention aims to: the defects of the prior art are overcome, and a safe starting method, a device and a system are provided. The invention carries out AES symmetric encryption and RSA asymmetric encryption on the code data to be executed, carries out authentication first after the encrypted data reaches the execution space, and executes the code after the authentication is passed, thereby effectively preventing the data from being modified and stolen and improving the starting safety of the system.
In order to achieve the above object, the present invention provides the following technical solutions:
a secure boot method, comprising the steps of:
code data to be executed are symmetrically encrypted through AES, the code data are asymmetrically encrypted through RSA to generate signature data, and the signature data are stored in a medium and comprise a file header, a code to be executed and signature information;
reading the signature data to an execution position, and carrying out authentication by RSA asymmetric decryption on the signature data;
and after the authentication is passed, carrying out AES decryption, and executing the code after the decryption.
Further, the file header stores the length of the data and the offset of the data to the file header, and the signature information includes an RSA2048 public key and a ciphertext of a data hash value.
Further, the ciphertext of the signature data is stored in a flash memory, and the data in the flash memory is read into a random access memory through a read-only memory;
the hash values of the AES private key and the RSA public key are stored in an EFUSE memory, the hash value of the RSA public key can be read by a processor, and the AES private key can only be read by an encryption engine.
Further, the step of authenticating comprises,
according to the offset and the length of the data in the file header, positioning to the signature information;
calculating the hash value of the public key by using SHA256 of the encryption engine to obtain a second hash value, comparing the second hash value with the hash value of the public key stored in the EFUSE memory, and judging whether the two hash values are the same;
under the condition of judging the data to be the same, using RSA2048 of the encryption engine to sign off the data hash value to obtain a third hash value, and comparing the third hash value with the second hash value to judge whether the third hash value and the second hash value are the same;
and under the same condition, judging that the data is credible and passing the right of signing.
Further, after the authentication is passed, the encryption engine is used for AES decryption, and after decryption, the code is skipped to the code position in the random access device to execute the code.
The invention also provides a safe starting device, which comprises the following structure:
the storage module is used for storing code data to be executed and encrypted ciphertext data, and the signature data comprises a file header, a code to be executed and signature information;
the authentication module is used for reading the signature data to an execution position and carrying out authentication by asymmetrically decrypting the signature data through RSA;
and the starting module is used for carrying out AES decryption after the authentication is passed and executing the code after the decryption.
Further, the storage module comprises a flash memory, a read-only memory, a random access memory and an EFUSE memory;
the cipher text of the signature data is stored in the flash memory, and the data in the flash memory is read into a random access memory through the read-only memory;
the EFUSE memory is used for storing the hash values of the AES private key and the RSA public key, the hash value of the RSA public key can be read by the processor, and the AES private key can only be read by the encryption engine.
Further, the authentication module comprises an encryption engine, and the encryption engine is used for realizing an AES symmetric encryption and decryption algorithm, a Hash algorithm and an RSA asymmetric encryption and decryption algorithm.
Further, the authentication module further comprises a structure,
the positioning unit is used for positioning the signature information according to the data in the file header;
the first comparison unit is used for calculating the hash value of the public key by utilizing the SHA256 of the encryption engine to obtain a second hash value, comparing the second hash value with the hash value of the public key stored in the EFUSE memory and judging whether the two hash values are the same;
and the second comparison unit is used for obtaining a third hash value by using the RSA2048 of the encryption engine to sign off the data hash value under the condition of judging the data hash value to be the same, comparing the third hash value with the second hash value, judging whether the third hash value and the second hash value are the same or not, judging the data to be credible under the condition of the same, and passing the signing right.
The invention also provides a safe starting system, which comprises an EFUSE memory, a flash memory, an encryption engine, a read-only memory and a random access device;
the EFUSE memory is used for storing the hash values of the AES private key and the RSA public key, the hash value of the RSA public key can be read by the processor, and the AES private key can only be read by the encryption engine;
the flash memory is used for storing code data and ciphertext data encrypted by AES;
the read-only memory is used for reading the code data in the flash memory into the random access memory and jumping to the random access memory to execute the code after checking the data;
the encryption engine is used for realizing an AES symmetric encryption and decryption algorithm, a Hash algorithm and an RSA asymmetric encryption and decryption algorithm;
and the random access device is used for storing the code data read by the flash memory.
Due to the adoption of the technical scheme, compared with the prior art, the invention has the following advantages and positive effects as examples: the invention carries out AES symmetric encryption and RSA asymmetric encryption on the code data to be executed, carries out authentication first after the encrypted data reaches the execution space, and executes the code after the authentication is passed, thereby effectively preventing the data from being modified and stolen and improving the starting safety of the system. On the other hand, the EFUSE memory (also called electronic fuse memory) is used for storing the hash values of the AES private key and the RSA public key, and different chips can use different signatures as required, so that user operation is facilitated.
Drawings
Fig. 1 is a block diagram of a secure boot apparatus according to an embodiment of the present invention.
Fig. 2 is a schematic diagram of a format of signature data according to an embodiment of the present invention.
Fig. 3 is a flowchart of authentication according to an embodiment of the present invention.
Fig. 4 is a schematic diagram of an AES encryption and decryption process provided in the embodiment of the present invention.
Fig. 5 is a schematic diagram of an RSA encryption/decryption process according to an embodiment of the present invention.
Detailed Description
The following describes the secure boot method, apparatus, and system of the present disclosure in further detail with reference to the accompanying drawings and specific embodiments. It should be noted that technical features or combinations of technical features described in the following embodiments should not be considered as being isolated, and they may be combined with each other to achieve better technical effects. In the drawings of the embodiments described below, the same reference numerals appearing in the respective drawings denote the same features or components, and may be applied to different embodiments. Thus, once an item is defined in one drawing, it need not be further discussed in subsequent drawings.
It should be noted that the structures, proportions, sizes, and other dimensions shown in the drawings and described in the specification are only for the purpose of understanding and reading the present disclosure, and are not intended to limit the scope of the invention, which is defined by the claims, and any modifications of the structures, changes in the proportions and adjustments of the sizes and other dimensions, should be construed as falling within the scope of the invention unless the function and objectives of the invention are affected. The scope of the preferred embodiments of the present invention includes additional implementations in which functions may be executed out of order from that described or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of the embodiments of the present invention.
Techniques, methods, and apparatus known to those of ordinary skill in the relevant art may not be discussed in detail but are intended to be part of the specification where appropriate. In all examples shown and discussed herein, any particular value should be construed as merely illustrative, and not limiting. Thus, other examples of the exemplary embodiments may have different values.
Examples
Referring to fig. 1, a secure boot system is provided. The system comprises an EFUSE (electronic fuse) memory (EFUSE memory), a FLASH memory (FLASH), an encryption engine (CryptoEngine, CE for short), a read only memory (ROM for short) and a random access memory (RAM for short).
And the EFUSE memory is used for storing the hash value of the AES private key and the RSA public key. The hash value of the RSA public key can be read by the processor and the AES private key can only be read by the encryption engine.
EFUSE (electronic fuse) is essentially a block of embedded OTP (one time programmable) that can be written only once, but read many times. The EFUSE memory is burnt according to bits, each bit in an initial state is 0, the bits can be changed from 0 to 1 through burning, and the bits cannot be modified after being burnt to 1. The EFUSE memory is in block (block) units, each block has 32 bits, each EFUSE memory block can be locked by a lock position bit, and all bits of the corresponding EFUSE memory block can not be modified by the lock position bit.
In this embodiment, the EFUSE memory stores a 128-bit encryption/decryption key of the AES algorithm and a 256-bit hash value of the public key of the RSA algorithm.
The 256-bit hash value in the EFUSE memory can be read by the processor; while the 128-bit AES key can only be read by the CE and not by the processor or software.
The FLASH memory (FLASH) is used for storing code data and ciphertext data encrypted by AES.
The flash memory stores code data. Because the flash memory does not have a protection function, the ciphertext data encrypted by the AES can be stored in the partition table of the flash memory.
And the read-only memory (ROM) is used for reading the code data in the flash memory into the random access memory and jumping to the random access memory to execute the code after checking the data.
The first-level code executed after power-on is solidified in the read-only memory, the code in the flash memory is read into a Random Access Memory (RAM), and after data in the RAM is verified, the code is skipped to the Random Access Memory (RAM) to be executed.
The encryption engine (CE) is used for realizing an AES symmetric encryption and decryption algorithm, a hash algorithm and an RSA asymmetric encryption and decryption algorithm.
The encryption engine is used to implement a hash (SHA256) algorithm, an RSA algorithm, an AES algorithm.
The hash algorithm changes an input with any length into an output with a fixed length through the hash algorithm.
The RSA algorithm is an asymmetric encryption algorithm. The security of RSA is based on the difficulty of big number decomposition, a public key and a private key are a pair of big prime functions, the difficulty of recovering a plaintext from a public key and a ciphertext is equivalent to decomposing the product of two big prime numbers; the longer the key length is, the more difficult the RSA encryption information is to be broken, and the higher the security is.
The AES is a symmetric encryption algorithm, and the same key is used for encryption and decryption.
And the Random Access Memory (RAM) is used for storing the code data read by the flash memory.
The random access memory is used for storing code data read from the flash memory. The data of the random access device can be lost after power failure, and the data in the flash memory can be stored under the condition of power failure.
The method for safely starting the system comprises the following steps:
s100, symmetrically encrypting code data to be executed through AES, asymmetrically encrypting the code data through RSA to generate signature data, and storing the signature data in a medium, wherein the signature data comprises a file header, a code to be executed and signature information.
The signature data is a signed file, which includes a file header, a code to be executed (i.e., protected data) and signature information, as shown in fig. 2.
The file header stores the length of the data and the offset of the data to the file header. By using a header, the length of the data can be flexibly changed as needed.
The signature includes the RSA2048 public key and the ciphertext of the data hash value.
The file header and the signature are plaintext, and the protected data is encrypted ciphertext. The signature information can be found from the offset and length of the data in the header.
S200, reading the signature data to an execution position, and carrying out authentication by asymmetrically decrypting the signature data through RSA.
Referring to fig. 3, in this embodiment, the authentication in step s200 specifically includes the following steps:
and positioning to the signature information according to the offset and the length of the data in the file header.
And calculating the hash value of the public key by using the SHA256 of the encryption engine to obtain a second hash value, and comparing the second hash value with the hash value of the public key stored in the EFUSE memory to judge whether the two hash values are the same.
And under the condition of judging the data to be the same, using RSA2048 of the encryption engine to sign off the data hash value to obtain a third hash value, and comparing the third hash value with the second hash value to judge whether the third hash value and the second hash value are the same.
And under the same condition, judging that the data is credible and passing the right of signing. In the case of different determinations, the description data may have been modified and the authentication failed.
S300, after the authentication is passed, AES decryption is carried out, and the codes are executed after the decryption.
After the authentication is passed, the encryption engine is used for AES decryption, and after decryption, the code is jumped to a code position in a Random Access Memory (RAM) to execute the code.
In this embodiment, referring to fig. 4, the encryption and decryption processes of the AES algorithm use the same key for encryption and decryption. The encryption and decryption process of the RSA algorithm is shown in fig. 5.
In the scheme provided by the invention, the hash value is compared twice during authentication, firstly, the hash value of the public key is calculated by utilizing SHA256 of an encryption engine to be used as a second hash value, and the second hash value is compared with the hash value of the public key stored in an EFUSE memory; and the two are the same, the second comparison is carried out, namely the hash value of the public key of RSA2048 in the signature and the hash value of the ciphertext signed-out data are used as a third hash value, the third hash value is compared with the second hash value, and if the two are the same, the data are judged to be credible, otherwise, the data are judged to be modified. The scheme can effectively prevent the data from being modified and stolen during transmission, and improves the data security.
The invention further provides a safe starting device in another embodiment.
The safety starting device comprises the following structure:
the storage module is used for storing code data to be executed and encrypted ciphertext data, and the signature data comprises a file header, a code to be executed and signature information.
And the authentication module is used for reading the signature data to an execution position and carrying out authentication by asymmetrically decrypting the signature data through RSA.
And the starting module is used for carrying out AES decryption after the authentication is passed and executing the code after the decryption.
Specifically, the memory module comprises a flash memory, a read-only memory, a random access memory and an EFUSE memory.
The cipher text of the signature data is stored in the flash memory, and the data in the flash memory is read into the random access memory through the read-only memory.
The EFUSE memory is used for storing the hash values of the AES private key and the RSA public key, the hash value of the RSA public key can be read by the processor, and the AES private key can only be read by the encryption engine.
The authentication module may specifically include the following structure:
the encryption engine is used for realizing an AES symmetric encryption and decryption algorithm, a hash algorithm and an RSA asymmetric encryption and decryption algorithm.
And the positioning unit is used for positioning the signature information according to the data in the file header.
And the first comparison unit is used for calculating the hash value of the public key by utilizing the SHA256 of the encryption engine to obtain a second hash value, comparing the second hash value with the hash value of the public key stored in the EFUSE memory and judging whether the second hash value and the public key are the same.
And the second comparison unit is used for obtaining a third hash value by using the RSA2048 of the encryption engine to sign off the data hash value under the condition of judging the data hash value to be the same, comparing the third hash value with the second hash value, judging whether the third hash value and the second hash value are the same or not, judging the data to be credible under the condition of the same, and passing the signing right.
Other technical features are described in the previous embodiment and are not described in detail herein.
It should be noted that in the present invention, a device or apparatus may also include other components typically found in a computing system, such as an operating system, a queue manager, a device driver, a database driver, or one or more network protocols, etc., stored in memory and executed by a processor.
In the foregoing description, the disclosure of the present invention is not intended to limit itself to these aspects. Rather, the various components may be selectively and operatively combined in any number within the intended scope of the present disclosure. In addition, terms like "comprising," "including," and "having" should be interpreted as inclusive or open-ended, rather than exclusive or closed-ended, by default, unless explicitly defined to the contrary. All technical, scientific, or other terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs unless defined otherwise. Common terms found in dictionaries should not be interpreted too ideally or too realistically in the context of related art documents unless the present disclosure expressly limits them to that. Any changes and modifications of the present invention based on the above disclosure will be within the scope of the appended claims.
Claims (10)
1. A secure boot method, comprising the steps of:
code data to be executed are symmetrically encrypted through AES, the code data are asymmetrically encrypted through RSA to generate signature data, and the signature data are stored in a medium and comprise a file header, a code to be executed and signature information;
reading the signature data to an execution position, and carrying out authentication by RSA asymmetric decryption on the signature data;
and after the authentication is passed, carrying out AES decryption, and executing the code after the decryption.
2. The secure boot method of claim 1, wherein: the file header stores the length of data and the offset of the data to the file header, and the signature information comprises an RSA2048 public key and a ciphertext of a data hash value.
3. The secure boot method according to claim 2, wherein: the ciphertext of the signature data is stored in a flash memory, and the data in the flash memory is read into a random access memory through a read-only memory;
the hash values of the AES private key and the RSA public key are stored in an EFUSE memory, the hash value of the RSA public key can be read by a processor, and the AES private key can only be read by an encryption engine.
4. A secure boot method according to claim 3, wherein: the step of authenticating comprises the steps of,
according to the offset and the length of the data in the file header, positioning to the signature information;
calculating the hash value of the public key by using SHA256 of the encryption engine to obtain a second hash value, comparing the second hash value with the hash value of the public key stored in the EFUSE memory, and judging whether the two hash values are the same;
under the condition of judging the data to be the same, using RSA2048 of the encryption engine to sign off the data hash value to obtain a third hash value, and comparing the third hash value with the second hash value to judge whether the third hash value and the second hash value are the same;
and under the same condition, judging that the data is credible and passing the right of signing.
5. The secure boot method of claim 4, wherein: after the authentication is passed, the encryption engine is used for AES decryption, and after decryption, the code is skipped to the code position in the random access device to execute the code.
6. A safety starting device, comprising:
the storage module is used for storing code data to be executed and encrypted ciphertext data, and the signature data comprises a file header, a code to be executed and signature information;
the authentication module is used for reading the signature data to an execution position and carrying out authentication by asymmetrically decrypting the signature data through RSA;
and the starting module is used for carrying out AES decryption after the authentication is passed and executing the code after the decryption.
7. The secure boot device of claim 6, wherein: the storage module comprises a flash memory, a read-only memory, a random access memory and an EFUSE memory;
the cipher text of the signature data is stored in the flash memory, and the data in the flash memory is read into a random access memory through the read-only memory;
the EFUSE memory is used for storing the hash values of the AES private key and the RSA public key, the hash value of the RSA public key can be read by the processor, and the AES private key can only be read by the encryption engine.
8. The secure boot device of claim 6, wherein: the authentication module comprises an encryption engine, and the encryption engine is used for realizing an AES symmetric encryption and decryption algorithm, a Hash algorithm and an RSA asymmetric encryption and decryption algorithm.
9. The secure boot device of claim 8, wherein: the authentication module further comprises a structure in which,
the positioning unit is used for positioning the signature information according to the data in the file header;
the first comparison unit is used for calculating the hash value of the public key by utilizing the SHA256 of the encryption engine to obtain a second hash value, comparing the second hash value with the hash value of the public key stored in the EFUSE memory and judging whether the two hash values are the same;
and the second comparison unit is used for obtaining a third hash value by using the RSA2048 of the encryption engine to sign off the data hash value under the condition of judging the data hash value to be the same, comparing the third hash value with the second hash value, judging whether the third hash value and the second hash value are the same or not, judging the data to be credible under the condition of the same, and passing the signing right.
10. A secure boot system for implementing the method of any one of claims 1 to 5, characterized by: the system comprises an EFUSE memory, a flash memory, an encryption engine, a read-only memory and a random access device;
the EFUSE memory is used for storing the hash values of the AES private key and the RSA public key, the hash value of the RSA public key can be read by the processor, and the AES private key can only be read by the encryption engine;
the flash memory is used for storing code data and ciphertext data encrypted by AES;
the read-only memory is used for reading the code data in the flash memory into the random access memory and jumping to the random access memory to execute the code after checking the data;
the encryption engine is used for realizing an AES symmetric encryption and decryption algorithm, a Hash algorithm and an RSA asymmetric encryption and decryption algorithm;
and the random access device is used for storing the code data read by the flash memory.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910551844.8A CN110610079A (en) | 2019-06-25 | 2019-06-25 | Safe starting method, device and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910551844.8A CN110610079A (en) | 2019-06-25 | 2019-06-25 | Safe starting method, device and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110610079A true CN110610079A (en) | 2019-12-24 |
Family
ID=68890915
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910551844.8A Pending CN110610079A (en) | 2019-06-25 | 2019-06-25 | Safe starting method, device and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110610079A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111143854A (en) * | 2019-12-25 | 2020-05-12 | 眸芯科技(上海)有限公司 | Device, system and method for starting chip secure download |
| CN111274555A (en) * | 2020-01-15 | 2020-06-12 | 莆田杰木科技有限公司 | Code protection method and protection device in Flash memory |
-
2019
- 2019-06-25 CN CN201910551844.8A patent/CN110610079A/en active Pending
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111143854A (en) * | 2019-12-25 | 2020-05-12 | 眸芯科技(上海)有限公司 | Device, system and method for starting chip secure download |
| CN111143854B (en) * | 2019-12-25 | 2021-11-30 | 眸芯科技(上海)有限公司 | Safe starting device, system and method of chip |
| CN111274555A (en) * | 2020-01-15 | 2020-06-12 | 莆田杰木科技有限公司 | Code protection method and protection device in Flash memory |
| CN111274555B (en) * | 2020-01-15 | 2022-11-18 | 福建杰木科技有限公司 | Code protection method and protection device in Flash memory |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US6948065B2 (en) | Platform and method for securely transmitting an authorization secret | |
| CN105144626B (en) | The method and apparatus of safety is provided | |
| US8041957B2 (en) | Associating software with hardware using cryptography | |
| EP1695169B1 (en) | Method and apparatus for incremental code signing | |
| US10680816B2 (en) | Method and system for improving the data security during a communication process | |
| US8995653B2 (en) | Generating a secret key from an asymmetric private key | |
| US10984107B2 (en) | Secure boot | |
| US20180204004A1 (en) | Authentication method and apparatus for reinforced software | |
| CN109657479B (en) | Data leakage prevention method and computer readable storage medium | |
| JP6387908B2 (en) | Authentication system | |
| CN110610079A (en) | Safe starting method, device and system | |
| EP3214567B1 (en) | Secure external update of memory content for a certain system on chip | |
| CN104899524A (en) | Central processing unit and method for verifying data of main board | |
| CN111327429B (en) | Terminal starting processing method and device | |
| US10404719B2 (en) | Data verification method | |
| CN108242997B (en) | Method and apparatus for secure communication | |
| CN114329522A (en) | Private key protection method, device, system and storage medium | |
| KR100734600B1 (en) | Method of system authentication and security enforcement using self-integrity checking based on the tamper-proof H/W | |
| CN114024702A (en) | Information security protection method and computing device | |
| CN117556430B (en) | Safe starting method, device, equipment and storage medium | |
| CN113508380A (en) | Method for terminal entity authentication | |
| CN116738507B (en) | Chip authentication method | |
| CN113553125B (en) | Method, device and equipment for calling trusted application program and computer storage medium | |
| US20230113906A1 (en) | An apparatus and method of controlling access to data stored in a non-trusted memory | |
| JP2022124424A (en) | Efficient data item authentication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 201210 floor 8, building 1, No. 298, Xiangke Road, Pudong New Area, Shanghai Applicant after: MOUXIN TECHNOLOGY (SHANGHAI) Co.,Ltd. Address before: 201210 room 507, building 1, No. 800, Naxian Road, pilot Free Trade Zone, Pudong New Area, Shanghai Applicant before: MOUXIN TECHNOLOGY (SHANGHAI) Co.,Ltd. |
|
| CB02 | Change of applicant information | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20191224 |
|
| RJ01 | Rejection of invention patent application after publication |