CN110909338A - Security authentication method and system based on security chip and security chip - Google Patents
Security authentication method and system based on security chip and security chip Download PDFInfo
- Publication number
- CN110909338A CN110909338A CN201911061696.8A CN201911061696A CN110909338A CN 110909338 A CN110909338 A CN 110909338A CN 201911061696 A CN201911061696 A CN 201911061696A CN 110909338 A CN110909338 A CN 110909338A
- Authority
- CN
- China
- Prior art keywords
- chip
- security
- key
- ciphertext data
- random number
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 59
- 238000004422 calculation algorithm Methods 0.000 claims description 52
- 230000010365 information processing Effects 0.000 claims description 45
- 238000012545 processing Methods 0.000 claims description 34
- 230000004044 response Effects 0.000 claims description 26
- 238000003672 processing method Methods 0.000 claims description 12
- 230000002618 waking effect Effects 0.000 claims description 6
- 238000004590 computer program Methods 0.000 claims description 4
- 238000012790 confirmation Methods 0.000 claims description 3
- 238000004891 communication Methods 0.000 abstract description 27
- 238000005336 cracking Methods 0.000 abstract description 5
- 230000008569 process Effects 0.000 description 24
- 230000007958 sleep Effects 0.000 description 15
- 238000013478 data encryption standard Methods 0.000 description 6
- 230000005540 biological transmission Effects 0.000 description 5
- 238000004364 calculation method Methods 0.000 description 5
- 230000009471 action Effects 0.000 description 4
- 238000013461 design Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 238000012795 verification Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 2
- 230000006872 improvement Effects 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 238000012937 correction Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000005059 dormancy Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
Abstract
The invention relates to a security authentication method and system based on a security chip and the security chip, belonging to the technical field of security communication. The security authentication method comprises the following steps: (1) the security chip responds to a security authentication request sent by the upper computer and sends a key acquisition request to the auxiliary chip; (2) the auxiliary chip responds to the key acquisition request and sends first ciphertext data encrypted by the security key to the security chip; (3) the security chip decrypts the first ciphertext data to obtain a security key, and performs security authentication with the upper computer by combining the code table data stored on the security key. The security key and the code table data required by the security authentication are stored in the security chip and the auxiliary chip separately, so that the difficulty of cracking the chip is increased, the information security is improved, and the method can be widely applied to the field of communication and authentication equipment.
Description
Technical Field
The invention relates to the technical field of secure communication, in particular to a secure authentication method and system based on a secure chip and the secure chip.
Background
In the field of secure communication technology, in order to provide reliable secure communication protection for internet of things (IOT) markets such as home automation, industrial networking, accessory and consumable verification, medical treatment, mobile, and the like, many manufacturers have adopted a security chip with encryption countermeasures and security authentication functions to effectively provide excellent confidentiality, data integrity, and identity verification functions for systems in which an encryption/decryption algorithm such as ECC is run in software by an MCU or MPU.
Fig. 1 shows a basic structure of the secure chip 2, which mainly includes basic units such as an MCU core unit 20, a volatile storage unit 21, a non-volatile storage unit 22, a high-speed hardware algorithm unit 231, a high-speed hardware algorithm unit 232, a high-speed hardware algorithm unit 233, and an I/O interface 24. The MCU core unit 20 is mainly used for internal control and operation of the chip, and is usually a general MCU core such as MSP430, CORTEX-M0, etc.; the volatile storage unit 21 is mainly used for storing temporary data, such as input data of a hardware algorithm module or data generated in chip program operation, specifically, an SRAM; the nonvolatile storage unit 22 comprises a ROM for storing a BOOT program and a FLASH for storing internal software data of the chip; the high-speed hardware algorithm unit is used for realizing the hardware of a complex security authentication algorithm, such as an encryption and decryption module of AEA, AES, DES and the like; the I/O interface is used for communication connection between the security chip and the upper computer.
In the working process, a communication authentication process usually exists in the communication between the security chip and the upper computer, which relates to a large amount of operations of security authentication algorithms, the common security algorithms include an ECC (error correction code) encryption/decryption algorithm, a DES (data encryption standard) encryption/decryption algorithm, a DSA (digital signature system) signature algorithm, an ECDSA (electronic signature system) signature algorithm and the like, and the operations of the security authentication algorithms are realized by special hardware modules embedded in the chip.
In order to enable secure communication, a physical/software encryption design is adopted inside the secure chip to protect the on-chip program, so that the programmer cannot directly read the program inside the chip to protect the program. However, an external attacker can choose to observe the communication authentication process, and break through the encryption protection of the chip by adopting energy analysis attack or by means of special equipment and self-made equipment and by using loopholes or software defects in the design of the security chip through various technical means such as FIB and the like, so as to extract key information from the inside of the chip, obtain a software program and a security authentication key, and seriously affect the information security.
Based at least on the foregoing, there is a need for improvements in the structure and/or data processing procedures of security chips and/or security authentication devices based on security chips and the like to improve information security.
In addition, in improving the structure and/or information processing process of the security chip and/or the information processing apparatus based on the security chip, the related cost is considered, especially for the initial type of enterprises.
Disclosure of Invention
The invention mainly aims to provide a security chip, an information processing method thereof, a security authentication method and a security authentication system, so as to improve information security.
In order to achieve the above main object, the present invention provides a security authentication method based on a security chip, comprising the following steps:
the security chip responds to a security authentication request sent by the upper computer and sends a key acquisition request to the auxiliary chip;
the auxiliary chip responds to the key acquisition request and sends first ciphertext data encrypted by the security key to the security chip;
the security chip decrypts the first ciphertext data to obtain a security key, and performs security authentication with the upper computer by combining the code table data stored on the security key.
The method comprises the steps that a security key in key data required by security authentication is stored separately from code table data, and correspondingly stored in storage units of two chips, and communication and data transmission are carried out on the basis of the security chip and an upper computer; when the security identity authentication action with an upper computer is required, the security chip acquires ciphertext data encrypted by the security key from the auxiliary chip in an encryption mode and decrypts the security key, so that the security identity authentication is performed together with code table data stored in the security chip.
The auxiliary chip encrypts the security key stored in the auxiliary chip into first ciphertext data, and then sends the first ciphertext data to the security chip. The encryption key required by the first ciphertext data can be determined at the security chip side, and the transmission security of the first ciphertext data is effectively improved.
The preferred scheme is that the step of sending the key acquisition request to the auxiliary chip comprises that the safety chip sends a wake-up instruction to the auxiliary chip for waking up the auxiliary chip in a dormant state; the auxiliary chip responds to the awakening instruction and sends response information to the security chip. Because the work such as communication with the host computer is handled by the security chip and is accomplished, can carry out dormancy setting to the auxiliary chip and reduce whole consumption.
The security chip generates a first random number after receiving the response information, encrypts the first random number into second ciphertext data by using a pre-stored symmetric key, and sends the second ciphertext data to the auxiliary chip; the auxiliary chip decrypts the second ciphertext data by using the prestored symmetric key to obtain a first random number, and encrypts the secure key into first ciphertext data by using the first random number as the symmetric key; the step of decrypting the first ciphertext data may include decrypting the first ciphertext data using the first random number as a symmetric key. Each encryption key of the security key is constructed by adopting a random number, so that the information security of the security key can be improved, and meanwhile, the encryption is carried out by using a symmetric encryption method so as to reduce the calculation amount.
The preferred scheme is that the step of sending the key acquisition request to the auxiliary chip comprises sending second ciphertext data to the auxiliary chip, wherein the second ciphertext data is generated by encrypting a first random number by using a pre-stored symmetric key by the security chip, and the first random number is generated by the security chip after receiving the security authentication request; the auxiliary chip decrypts the second ciphertext data by using the prestored symmetric key to obtain a first random number, and encrypts the secure key into first ciphertext data by using the first random number as the symmetric key; the step of decrypting the first ciphertext data may include decrypting the first ciphertext data using the first random number as a symmetric key. Each encryption key of the security key is constructed by adopting a random number, so that the information security of the security key can be improved, and meanwhile, the encryption is carried out by using a symmetric encryption method so as to reduce the calculation amount.
The preferred scheme is that the auxiliary chip is a universal chip. The auxiliary chip is constructed by adopting the universal chip, so that the equipment cost can be effectively reduced, the existing safety chip product can be used for reconstruction, and the cost is effectively reduced.
The preferred scheme is that the auxiliary chip automatically enters a dormant state after sending the first ciphertext data; or the auxiliary chip enters a dormant state after receiving the safety certification completion confirmation information or the dormant instruction sent by the safety chip. Further optimizing the overall power consumption.
In order to achieve the above main object, the security authentication device provided by the present invention comprises a security chip and an auxiliary chip coupled to the security chip; the auxiliary chip comprises a control unit and a ciphertext supply unit used for providing first ciphertext data encrypted by a security key; the security chip comprises a control unit, a nonvolatile storage unit used for storing code table data, a hardware algorithm unit used for decrypting the first ciphertext data sent by the auxiliary chip, and a volatile storage unit used for temporarily storing the security key obtained by decryption.
The method comprises the steps that a security key in key data required by security authentication is stored separately from code table data and correspondingly stored in storage units of two chips; in the working process, the safety chip can be used for communicating with an upper computer and transmitting data; when the security identity authentication action with the upper computer is required, the security chip acquires ciphertext data encrypted by the security key from the auxiliary chip in an encryption mode and decrypts the security key, so that the security identity authentication is performed together with the code table data stored in the security chip.
The specific scheme is that the ciphertext supply unit comprises a nonvolatile storage unit used for storing the security key and a hardware algorithm unit used for encrypting the security key into first ciphertext data. The encryption key required by the first ciphertext data can be determined at the security chip side, and the transmission security of the first ciphertext data is effectively improved.
The more specific scheme is that the hardware algorithm unit comprises a symmetrical hardware algorithm unit; the secure chip includes a random number generation unit for generating a first random number; the symmetric hardware algorithm unit of the security chip is used for symmetrically encrypting the first random number into second ciphertext data; the symmetric hardware algorithm unit of the auxiliary chip is used for decrypting the second ciphertext data into first random data; the hardware algorithm unit of the auxiliary chip uses the first random number as a symmetric key to encrypt the security key into first ciphertext data; and the hardware algorithm unit of the security chip decrypts the first ciphertext data by using the first random number as a symmetric key. Each encryption key of the security key is constructed by adopting random numbers, so that the information security of the security key can be improved, and meanwhile, the encryption is carried out by using a symmetric encryption method, so that the calculation amount required by encryption and decryption can be effectively reduced.
The preferred scheme is that the auxiliary chip is a universal chip. The auxiliary chip is constructed by adopting the universal chip, so that the equipment cost can be effectively reduced, the existing safety chip product can be used for reconstruction, and the cost is effectively reduced.
In order to achieve the above main object, the security authentication system provided by the present invention includes an upper computer and a security authentication device coupled to the upper computer, where the security authentication device is the security authentication device described in any of the above technical solutions, and the security chip is coupled to the upper computer.
In order to achieve the above main objective, the security authentication apparatus provided by the present invention includes a security chip and an auxiliary chip, wherein the security chip includes a processor and a memory, and the memory stores a computer program; when executed by the processor, the computer program can implement the steps of the security authentication method described in any of the above technical solutions.
In order to achieve the above main object, the information processing method of the security chip provided by the present invention comprises the following steps:
a request step of sending a key acquisition request to the auxiliary chip based on the reception of an information processing request sent by the upper computer;
a receiving step, namely receiving first ciphertext data sent by the auxiliary chip in response to the key acquisition request, wherein the first ciphertext data is generated by encrypting a security key;
and a processing step of decrypting the first ciphertext data and performing information processing based on the security key obtained by decryption.
The security key required by the security chip when processing information is stored in the additional auxiliary chip, and the data required by other information processing can be stored in the security chip, for example, the key required by decrypting the first encrypted data, and the auxiliary chip and the security chip are communicated in an encryption mode and can independently utilize the security chip to communicate with the upper computer, so that in the process of information processing, the security key is obtained from the auxiliary chip in an encryption mode, and the information security in the process of information processing by utilizing the security chip is effectively improved.
The specific scheme is that the first ciphertext data is formed by encrypting a security key stored in an auxiliary chip.
The preferred scheme is that the step of sending the key acquisition request to the auxiliary chip includes sending a wake-up instruction to the auxiliary chip for waking up the auxiliary chip in a sleep state. And the power consumption of the auxiliary chip in the working process is reduced.
The method comprises the following steps that a request step comprises the steps of generating a first random number after response information sent by an auxiliary chip aiming at a wake-up instruction is received, encrypting the first random number by using a pre-stored symmetric key, and sending the encrypted first random number to the auxiliary chip; the first ciphertext data is ciphertext data encrypted by taking the first random number as a symmetric key; the step of decrypting the first ciphertext data may include decrypting the first ciphertext data using the first random number.
The preferred scheme is that the step of sending the key acquisition request to the auxiliary chip comprises sending second ciphertext data to the auxiliary chip, wherein the second ciphertext data is generated by encrypting a first random number by using a pre-stored symmetric key by the security chip, and the first random number is generated by the security chip after receiving the information processing request; the auxiliary chip decrypts the second ciphertext data by using the prestored symmetric key to obtain a first random number, and encrypts the secure key into first ciphertext data by using the first random number as the symmetric key; the step of decrypting the first ciphertext data may include decrypting the first ciphertext data using the first random number as a symmetric key.
The preferred scheme is that the auxiliary chip is a universal chip. The cost is reduced.
The preferable scheme is that the information processing request is a security authentication request; the step of performing information processing based on the security key obtained by decryption includes performing security authentication processing based on the security key and code table data stored in the security chip. The security key and the code table data in the key data required by the security authentication are stored separately, so that the cracking difficulty of the whole chip is improved, and the information security in the security identity authentication process is effectively improved.
In order to achieve the above main object, the security chip provided by the present invention comprises a request unit, a receiving unit and a processing unit; the request unit is used for sending a key acquisition request to the auxiliary chip after receiving an information processing request sent by the upper computer; the receiving unit is used for receiving first ciphertext data sent by the auxiliary chip in response to the key acquisition request, wherein the first ciphertext data is generated by encrypting a security key; the processing unit is used for carrying out decryption processing on the first ciphertext data and carrying out information processing on the basis of the security key obtained by decryption.
The specific scheme is that the first ciphertext data is formed by encrypting a security key stored in an auxiliary chip.
The preferred scheme is that the request unit is used for sending a wake-up instruction to the auxiliary chip, and the wake-up instruction is used for waking up the auxiliary chip in a dormant state.
The request unit is used for generating a first random number after receiving response information sent by the auxiliary chip aiming at the awakening instruction, encrypting the first random number by using a pre-stored symmetric key and sending the encrypted first random number to the auxiliary chip; the first ciphertext data is ciphertext data encrypted by taking the first random number as a symmetric key; the processing unit is used for carrying out decryption processing on the first ciphertext data based on the first random number as a symmetric key.
The preferred scheme is that the security chip comprises a random number generating unit for generating a first random number and an encryption algorithm unit for symmetrically encrypting the first random number into second ciphertext data; the request unit is used for sending second ciphertext data to the auxiliary chip; the first ciphertext data is generated by the auxiliary chip by decrypting the second ciphertext data based on a symmetric key stored in the auxiliary chip in advance to obtain a first random number and encrypting the security key stored in the auxiliary chip based on the first random number; the processing unit is used for decrypting the first ciphertext data by using the first random number as a symmetric key.
The preferred scheme is that the auxiliary chip is a universal chip.
The preferable scheme is that the information processing request is a security authentication request; the processing unit is used for carrying out security authentication processing based on the security key and the code table data stored in the security chip.
Drawings
FIG. 1 is a block diagram of a schematic circuit configuration of a security authentication system according to an embodiment of the present invention;
FIG. 2 is a block diagram of a schematic circuit structure of a security chip according to an embodiment of the present invention;
FIG. 3 is a block diagram of a schematic circuit structure of an auxiliary chip according to an embodiment of the present invention;
fig. 4 is a flowchart of a security chip in a security authentication process in embodiment 1 of the present invention;
fig. 5 is a flowchart of the working process of the auxiliary chip in the security authentication process in embodiment 1 of the present invention.
Detailed Description
The invention is further illustrated by the following examples and figures.
Example 1
Referring to fig. 1, the security authentication system 1 of the present invention includes an upper computer 10 and a security authentication device 11 coupled to the upper computer 10; the security authentication device 11 includes a security chip 2 coupled to the host computer 10 and an auxiliary chip 3 coupled to the security chip 2.
Referring to fig. 2, the secure chip 2 includes an MCU core unit 20, a volatile storage unit 21, a non-volatile storage unit 22, an I/O interface 24, and a high-speed hardware algorithm unit; the high-speed hardware algorithm unit includes a plurality of high-speed hardware algorithm units, such as a high-speed hardware algorithm unit 231, a high-speed hardware algorithm unit 232, and a high-speed hardware algorithm unit 233. The MCU core unit 20 is mainly used for internal control and operation of the chip, and is generally a general MCU core such as MSP430, CORTEX-M0, etc.; the volatile storage unit 21 is mainly used for storing temporary data, such as input data of a hardware algorithm module or data generated in chip program operation, and specifically selects an SRAM; the nonvolatile storage unit 22 comprises a ROM and a FLASH, wherein the ROM is used for storing a BOOT program, and the FLASH is used for storing chip internal software data; the high-speed hardware algorithm unit is used for realizing the hardware of a complex security authentication algorithm, such as an encryption and decryption module of AEA, AES, DES and the like; the I/O interface 24 is used for communication connection between the security chip 2 and the upper computer 10 and communication connection between the security chip and the auxiliary chip 3.
Referring to fig. 3, the accessory chip 3 includes an MCU core unit 30, a volatile storage unit 31, a non-volatile storage unit 32, an I/O interface 34, and one or more hardware algorithm units 331. The MCU core unit 30 is mainly used for internal control and operation of the chip, and is generally a general MCU core such as MSP430, CORTEX-M0, etc.; the volatile storage unit 31 is mainly used for storing temporary data, such as input data of a hardware algorithm module or data generated in chip program operation, and specifically selects an SRAM; the nonvolatile storage unit 32 comprises a ROM and a FLASH, wherein the ROM is used for storing a BOOT program, and the FLASH is used for storing chip internal software data; the hardware algorithm unit 331 is used for hardware implementation of a security authentication algorithm, for example, encryption and decryption modules such as AEA, AES, DES, and the like; the I/O interface 34 is used for communication connection between the auxiliary chip 3 and the secure chip 2. The auxiliary chip 3 may be constructed by a secure chip or a general chip, and in this embodiment, is specifically constructed by a general chip, so as to reduce the cost.
In the present embodiment, the hardware algorithm units in the security chip 2 and the auxiliary chip 3 each include a symmetric hardware algorithm unit.
In the working process, the nonvolatile storage unit 32 of the auxiliary chip 3 is at least used for storing a security key, the security chip is used for storing software data and code table data, a communication link 12 for communication is constructed between the security chip 2 and the upper computer 10 so as to carry out communication by using an I/O interface, and a communication link 13 for communication is constructed between the security chip 2 and the auxiliary chip 3 so as to carry out communication by using the I/O interface; that is, in the present embodiment, the accessory chip 3 is coupled with the security chip 2 only for communication, and the working state of the auxiliary chip 3 is controlled by the security chip 2, i.e. a master-slave working relationship is formed between the two, thereby forming a dual-chip working mode.
In the following description, the operation of the security authentication system of the present invention will be described by taking an information processing procedure, i.e., a security authentication procedure, as an example.
Fig. 4 is a flowchart of the operation of the security chip 2 in the process of the security identity authentication, that is, the operation of the information processing method of the security chip 2, specifically including a first receiving step S11, a requesting step S12, a second receiving step S13, and a processing step S14, and specifically as follows:
the first receiving step S11 is to receive a security authentication request sent by the upper computer 10 through the I/O interface 24.
After the security chip 2 is powered on, each unit module is initialized to enter a normal working state, and communicates with the upper computer 10 through the I/O interface 24. Meanwhile, the auxiliary chip 3 is also powered on to initialize each unit, and the auxiliary chip 3 enters a sleep mode after being powered on and is in a standby state until the safety chip sends a wake-up instruction to the auxiliary chip. That is, in the normal state, the security chip 2 is in the working state and can independently communicate with the upper computer 10, and the auxiliary chip 3 is in the standby state of the sleep mode to save power consumption.
When the security identity authentication is required, the upper computer 10 sends a security identity authentication request to the security chip 2 through the I/O interface 24, specifically in the form of an instruction.
In the request step S12, the secure chip 2 transmits a key acquisition request to the companion chip 3 upon receiving the security authentication request transmitted from the host computer 10.
When receiving a security identity authentication request sent by the upper computer 10, the security chip 2 firstly wakes up the auxiliary chip 3 in a dormant state, initiates a session request to the auxiliary chip 3, and constructs an encrypted communication mode between the two, so as to obtain a security key in key data required by security identity authentication from the auxiliary chip 3 in an encrypted communication mode.
Specifically, a wake-up instruction is sent to the auxiliary chip 3, the wake-up instruction is used for waking up the auxiliary chip in a dormant state, the auxiliary chip 3 enters a working state from the dormant state after receiving the wake-up instruction and completing initialization, a ready signal is sent to the security chip 2, and encryption communication is formally started, and specifically, an encryption channel for transmitting encrypted data is constructed between the two chips by using a symmetric key stored in a nonvolatile storage unit of the two chips in advance.
After receiving the response information sent by the auxiliary chip 3 for the wake-up command, the security chip 2 generates a first random number in this embodiment after receiving the ready signal, encrypts the first random number by using a predetermined symmetric key stored in the security chip 2 in advance, obtains second ciphertext data, and sends the second ciphertext data to the auxiliary chip 3.
The auxiliary chip 3 decrypts the second ciphertext data by using the predetermined symmetric key stored in the auxiliary chip in advance to obtain the first random number, so that an encryption channel using the first random number as the temporary symmetric key can be constructed between the two chips by using the first random number temporarily stored in the auxiliary chip and the first random number, that is, the temporarily generated first random number is used as a plaintext for encryption.
In the present embodiment, the first random number is a set of random numbers, and after being generated, is stored in the volatile storage unit 21. In this step, the symmetric encryption algorithm uses AES, and the secret key of the AES is defined by the two parties in advance.
A second receiving step S13 is to receive the first ciphertext data sent by the auxiliary chip 3 in response to the key obtaining request, where the first ciphertext data is generated by encrypting the security key.
The auxiliary chip 3 encrypts the security key stored in the nonvolatile storage unit 32 thereof into first ciphertext data by using the first random number obtained by decryption as a symmetric key, that is, using the security key data as a plaintext, and using the decrypted random number plaintext as an encryption key, and sends the first ciphertext data to the security chip 2. That is, in the present embodiment, the first ciphertext data is encrypted by the security key stored in the nonvolatile storage unit 32 of the secondary chip 3. In the present embodiment, the nonvolatile memory unit 32 is FLASH; in this step, the symmetric encryption algorithm uses AES, and the secret key of the AES is defined by the two parties in advance.
The processing step S14 is to perform decryption processing on the received first ciphertext data, and perform security authentication based on the security key obtained by decryption and the code table data stored therein. Namely, the processing step S14 includes a decryption step S141 and a security authentication step S142.
The decryption step S141 includes the security chip 2, after receiving the first ciphertext data sent by the secondary chip 3, performing decryption processing by using the first random number, which is generated in advance and stored in the volatile storage unit 21 of the security chip, as a symmetric key, and obtaining the security key data originally stored in the nonvolatile storage unit 32 of the secondary chip 3 by an encryption method. In this step, decryption is performed using the symmetric encryption algorithm AES, and the security key data obtained by the decryption is stored in the volatile storage unit 22. That is, in the present embodiment, the step of performing decryption processing on the first ciphertext data includes performing decryption processing on the first ciphertext data using the first random number generated by the requesting step.
The security authentication step S142 includes performing security authentication processing based on the security key acquired in the decryption step S141 and the code table data stored in the nonvolatile storage unit 22 of the security chip. Specifically, the secure chip 2 uses the secure key data and the code table data, and performs calculation by means of the high-speed hardware algorithm module, and completes the identity verification with the upper computer 10 in the subsequent steps, and the specific process of the secure identity authentication may refer to the prior art, which is not an improvement point of the present application and is not described herein again.
The auxiliary chip 3 performs a sleep state after completing transmission of the first ciphertext data to reduce power consumption.
Fig. 5 is a flowchart of the auxiliary chip 3 during the process of the secure identity authentication, that is, a flowchart of an information processing method of the auxiliary chip 3, that is, after the auxiliary chip 3 responds to the received key obtaining request sent by the secure chip 2, the first ciphertext data encrypted by the secure key is sent to the secure chip. In this embodiment, the auxiliary chip 3 enters the sleep mode after completing the transmission of the first ciphertext data, and is in the standby state to save power consumption. The information processing method of the auxiliary chip 3 specifically includes a wake-up step S21, an encryption/decryption processing step S22, and a sleep step S23, and specifically includes the following steps:
in the wakeup step S21, after receiving the wakeup command sent by the secure chip 2, the auxiliary chip 3 in the standby state operates, and sends a response message to the secure chip 2.
After the auxiliary chip 3 is powered on, each unit is initialized, and after the auxiliary chip is powered on, the auxiliary chip enters a sleep mode and is in a standby state so as to save power consumption until the safety chip sends a wake-up instruction to the auxiliary chip.
After receiving the wake-up instruction sent by the security chip 2, the security authentication device represents that the whole security authentication device is going to perform security identity authentication, enters a normal working state from a standby state, and sends a ready signal to the security chip. The "ready" signal may be a signal with multiple forms such as a high level or a low level agreed between the two signals, or a byte data agreed in advance, such as 0XA0, that is, the secondary chip 3 sends a specified byte data "0 XA 0" to the secure chip 2 in response to the received wake-up command to indicate that the operation is ready, and this constitutes the response information in this embodiment.
The encryption/decryption process step S22 is to encrypt the security key stored therein into first ciphertext data, and send the first ciphertext data to the security chip 2.
After receiving the second ciphertext data sent by the security chip 2, the second ciphertext data is decrypted by using a pre-stored symmetric key, so as to obtain a first random number temporarily generated by the security chip 2 in the current round of security identity authentication, the first random number is used as the symmetric key to encrypt the security key data originally stored in the nonvolatile storage unit 32 of the auxiliary chip 3, that is, the security key data is used as a plaintext, and the decrypted random number plaintext is used as an encryption key, and the first ciphertext data is sent to the security chip 2. In the present embodiment, the nonvolatile memory unit 32 is FLASH; in this step, the symmetric encryption algorithm uses AES, and its symmetric key is a first random number that is temporarily generated and transmitted through the encryption channel. That is, in this embodiment, the auxiliary chip first encrypts the security key stored therein into first ciphertext data, and then sends the first ciphertext data to the security chip.
The sleep step S23 is a step of entering a sleep mode and entering a standby state after the first ciphertext data is transmitted.
When the auxiliary chip 3 enters the sleep mode, the auxiliary chip can immediately and automatically enter the sleep mode after sending the first ciphertext data and receiving the response message of the security chip 2 for receiving the first ciphertext; or, the auxiliary chip 3 enters the sleep state after receiving the security authentication completion confirmation information or the sleep instruction sent by the security chip 2. The sleep instruction may be sent at any time within a time period from the time when the first ciphertext data is received to the time when the security identity authentication is completed, or may be sent at a time after the security identity authentication is completed.
In this embodiment, the encryption/decryption algorithm may be selected from, but not limited to, AES, DES, 3DES, ECC, RSA, and the like.
The functional unit structure of the safety chip embodiment of the invention at least comprises a request unit, a receiving unit and a processing unit according to the sequence of the steps in the information processing process, and the request unit, the receiving unit and the processing unit can be realized by hardware or software.
The request unit is configured to send a key acquisition request to the companion chip 3 after receiving the information processing request sent by the host computer 10. Specifically, the request unit is configured to send a wake-up instruction to the companion chip 3, where the wake-up instruction is used to wake up the companion chip 3 in a sleep state; and after receiving the response information sent by the auxiliary chip for the wake-up command, generating a first random number, encrypting the first random number by using a pre-stored symmetric key, and sending the encrypted first random number to the auxiliary chip 3.
The receiving unit is used for receiving first ciphertext data sent by the auxiliary chip in response to the key acquisition request, wherein the first ciphertext data is generated by encrypting the security key. The first ciphertext data is obtained by encrypting the auxiliary chip by using the first random number as a symmetric key.
The processing unit is used for carrying out decryption processing on the first ciphertext data and carrying out information processing on the basis of the security key obtained by decryption. In the present embodiment, the specific content of the information processing is the security identity authentication with the upper computer 10, specifically, the security identity authentication is performed by using the high-speed hardware algorithm unit, using the security key at the decryption position where the first random number generated by the request unit is used as the symmetric key, and using the code table data originally stored in the nonvolatile storage unit 22.
For the specific information processing process of the requesting unit, the receiving unit and the processing unit, the corresponding steps of the information processing method of the secure chip 2 may be referred to, and are not described herein again.
The specific process of the embodiment of the security authentication method of the present invention is completed by the upper computer 10, the security chip 2 and the auxiliary chip 3 together, and as shown in fig. 4 and fig. 5, the work flow of the two chips specifically includes the following steps:
in step S31, the secure chip 2 sends a key acquisition request to the auxiliary chip 3 in response to the security authentication request sent by the upper computer 10.
The step of sending the key acquisition request to the companion chip 3 specifically includes:
(1) the security chip 2 sends a wake-up request to the auxiliary chip 3, and the wake-up request is used for waking up the auxiliary chip 3 in a dormant state; the auxiliary chip responds to the awakening request and sends response information to the security chip; in the present embodiment, the "response information" is specifically a "ready" signal.
(2) After receiving the response information sent by the auxiliary chip 3, the security chip 2 generates a first random number, encrypts the first random number into second ciphertext data by using a pre-stored symmetric key, and sends the second ciphertext data to the auxiliary chip 3. Thereby constructing an encryption channel between the first random number and the second random number, wherein the first random number is used as a temporary symmetric key.
In step S32, the companion chip 3 sends the first ciphertext data encrypted by the secure key to the secure chip 2 in response to the received key acquisition request.
In this embodiment, the secondary chip 3 encrypts the security key stored in the non-volatile storage unit 32 thereof into first ciphertext data, and then sends the first ciphertext data to the security chip 2. The method specifically comprises the following steps:
(1) the auxiliary chip 3 decrypts the received second ciphertext data by using the pre-stored symmetric key to obtain the first random number, and then encrypts the secure key into the first ciphertext data by using the first random number as the symmetric key.
(2) And sending the first ciphertext data generated by encryption to the security chip 2.
In step S33, the security chip 2 decrypts the received first ciphertext data to obtain a security key, and performs security authentication with the upper computer 10 in combination with the code table data stored thereon.
The specific processes of the information processing method by the security chip 2 and the auxiliary chip 3 in the embodiment of the security authentication method of the present invention are described in detail in the above information processing processes of the security chip and the auxiliary chip, and are not described herein again.
In the above detailed description, it can be seen that the security chip 2 and the auxiliary chip 3 in the security authentication apparatus 11 of the present invention form a master-slave working relationship in which the auxiliary chip 3 is controlled by the security chip 2.
In order to improve information security, the embodiment stores a security key and code table data in key data required by security authentication separately; the code table data is stored in the nonvolatile storage unit 22 of the secure chip 2, the secure key is stored in the nonvolatile storage unit 32 of the auxiliary chip 3, and when the secure identity authentication action with the upper computer 10 occurs, the secure chip 2 obtains secure key information from the auxiliary chip 3 in an encryption manner, calculates a session key, and completes the identity authentication.
That is, in the present embodiment, the auxiliary chip 3 includes the MCU core unit 30 and a ciphertext supply unit for providing the first ciphertext data encrypted by the security key; the ciphertext supply unit includes a nonvolatile storage unit 32 for storing the security key, and a hardware algorithm unit for encrypting the security key into first ciphertext data.
The secure chip 2 includes an MCU core unit 20, a non-volatile storage unit 22 for storing code table data, a hardware algorithm unit for decrypting the first ciphertext data sent by the auxiliary chip 3, and a volatile storage unit 21 for temporarily storing the secure key obtained by decryption. Specifically, the secure chip 2 further includes a random number generation unit for generating a first random number, so as to construct a temporary encryption channel for symmetric encryption between the two chips by using the generated first random number.
Example 2
In the description of the present embodiment, only the difference between the information processing procedures of the two chips is exemplarily described, that is, only the difference from the above-described embodiment 1 is explained, and the reference numerals of the respective units are extended to those in embodiment 1.
The nonvolatile storage unit 32 of the companion chip 3 stores therein the security key information that has been originally encrypted, that is, the first ciphertext data of embodiment 1, and the first decryption key for decrypting the first ciphertext data is stored in advance in the nonvolatile storage unit 22 of the companion chip 2.
That is, in this embodiment, the first ciphertext data is generated by encrypting the security key data required for the security authentication, and the key required for decryption is the first decryption key, without the need for the security chip 2 to generate the first random number and perform the symmetric encryption/decryption calculation. For the encryption and decryption of the first ciphertext data, a symmetric encryption algorithm can be adopted for encryption and decryption, and an asymmetric encryption and decryption algorithm can be adopted for encryption and decryption.
In addition, in order to further reduce the communication steps, the first ciphertext data stored in advance may be directly transmitted to the secure chip 2 as the response information to the wake-up instruction.
Example 3
In the description of the present embodiment, only the difference between the information processing procedures of the two chips is exemplarily described, that is, only the difference from the above-described embodiment 1 is explained, and the reference numerals of the respective units are extended to those in embodiment 1.
After the auxiliary chip 3 receives the wake-up instruction, it generates a pair of public key and private key based on the asymmetric encryption and decryption algorithm, the private key is stored in the volatile storage unit 31 and sends the public key to the secure chip 2, specifically, the public key can be used as the response information for the wake-up instruction, the secure chip 2 encrypts the first random number by using the asymmetric encryption and decryption algorithm using the public key to obtain the second ciphertext data and sends the second ciphertext data to the auxiliary chip 3, the auxiliary chip decrypts by using the private key stored in the volatile storage unit 31 and encrypts the secure key by using the first random number obtained by decryption as the symmetric key to obtain the first ciphertext data.
Example 4
In the description of the present embodiment, only the difference between the information processing procedures of the two chips is exemplarily described, that is, only the difference from the above-described embodiment 1 is explained, and the reference numerals of the respective units are extended to those in embodiment 1.
After receiving the response information of the auxiliary chip 3 to the wake-up instruction, the security chip 2 directly generates a pair of a public key and a private key, and sends the public key to the auxiliary chip 3 to encrypt the security key, so as to generate first ciphertext data, i.e. without the process of generating second ciphertext data.
In the invention, on the basis of the existing security chip, an auxiliary chip usually constructed by a general chip is additionally arranged, the auxiliary chip is controlled by the security chip to form a master-slave working relation with the security chip, the security key of the identity authentication and the code table data are separately stored, the security key is stored in the auxiliary chip, and the code table data is stored in the security chip. The safety chip can independently complete conventional communication with the upper computer to exchange data; when the security identity authentication action with the upper computer occurs, the security chip acquires the security key information from the auxiliary chip in an encryption mode, calculates the session key and completes the identity authentication. With the double-chip design, even if the security chip or the auxiliary chip is cracked separately, an attacker cannot obtain all the key data. The cracking difficulty of the chip is increased, and the cracking cost is increased.
In addition, the use of the dual-chip protection structure of the master-slave working relationship is not limited to the security authentication process in the above embodiment, and specifically, the dual-chip protection structure can be used for other information processing processes besides security authentication, that is, the security key can be stored in the auxiliary chip, and other authentication information matched with the security key or information decrypted by the security key is stored in the security chip, so that a chip cracker is difficult to obtain all data required by information processing by cracking one of the chips, and the information security is effectively improved.
Claims (17)
1. A security authentication method based on a security chip is characterized by comprising the following steps:
the security chip responds to a security authentication request sent by the upper computer and sends a key acquisition request to the auxiliary chip;
the auxiliary chip responds to the key acquisition request and sends first ciphertext data encrypted by a security key to the security chip;
and the security chip decrypts the first ciphertext data to obtain the security key, and performs security authentication with the upper computer by combining the code table data stored on the security key.
2. The security authentication method according to claim 1, wherein:
the auxiliary chip firstly encrypts the security key stored in the auxiliary chip into the first ciphertext data, and then sends the first ciphertext data to the security chip.
3. The security authentication method according to claim 1 or 2, characterized in that:
the step of sending a key acquisition request to the auxiliary chip comprises the step of sending a wake-up instruction to the auxiliary chip by the security chip for waking up the auxiliary chip in a dormant state;
and the auxiliary chip responds to the awakening instruction and sends response information to the safety chip.
4. The security authentication method according to claim 3, wherein:
after receiving the response message, the security chip generates a first random number, encrypts the first random number into second ciphertext data by using a pre-stored symmetric key, and sends the second ciphertext data to the auxiliary chip;
the auxiliary chip decrypts the second ciphertext data by using a pre-stored symmetric key to obtain the first random number, and encrypts the secure key into the first ciphertext data by using the first random number as the symmetric key;
the step of decrypting the first ciphertext data may include decrypting the first ciphertext data using the first random number as a symmetric key.
5. A security authentication method according to any one of claims 1 to 3, characterized by:
the step of sending a key acquisition request to the auxiliary chip includes sending second ciphertext data to the auxiliary chip, where the second ciphertext data is generated by encrypting a first random number by the security chip using a pre-stored symmetric key, and the first random number is generated by the security chip after receiving the security authentication request;
the auxiliary chip decrypts the second ciphertext data by using a pre-stored symmetric key to obtain the first random number, and encrypts the secure key into the first ciphertext data by using the first random number as the symmetric key;
the step of decrypting the first ciphertext data may include decrypting the first ciphertext data using the first random number as a symmetric key.
6. A security authentication method according to any one of claims 1 to 5, characterized by:
the auxiliary chip is a general chip.
7. The secure authentication method according to any one of claims 1 to 6, wherein:
the auxiliary chip automatically enters a dormant state after sending the first ciphertext data; or the like, or, alternatively,
and the auxiliary chip enters a dormant state after receiving the safety certification completion confirmation information or the dormant instruction sent by the safety chip.
8. A security authentication device is characterized by comprising a security chip and an auxiliary chip, wherein the security chip comprises a processor and a memory, and the memory stores a computer program; the method is characterized in that:
the computer program, when executed by the processor, is operable to implement the security authentication method of any one of claims 1 to 7.
9. An information processing method of a security chip is characterized by comprising the following steps:
a request step of sending a key acquisition request to the auxiliary chip based on the reception of an information processing request sent by the upper computer;
a receiving step of receiving first ciphertext data sent by the auxiliary chip in response to the key acquisition request, wherein the first ciphertext data is generated by encrypting a secure key;
and a processing step of decrypting the first ciphertext data and performing information processing based on the security key obtained by decryption.
10. The information processing method according to claim 9, characterized in that:
the first ciphertext data is encrypted by the security key stored in the auxiliary chip.
11. The information processing method according to claim 9 or 10, characterized in that:
the step of sending a key acquisition request to the auxiliary chip includes sending second ciphertext data to the auxiliary chip, where the second ciphertext data is generated by encrypting a first random number by the security chip using a pre-stored symmetric key, and the first random number is generated by the security chip after receiving the information processing request;
the auxiliary chip decrypts the second ciphertext data by using a pre-stored symmetric key to obtain the first random number, and encrypts the secure key into the first ciphertext data by using the first random number as the symmetric key;
the step of decrypting the first ciphertext data may include decrypting the first ciphertext data using the first random number as a symmetric key.
12. The information processing method according to any one of claims 9 to 11, characterized in that:
the auxiliary chip is a general chip.
13. The information processing method according to any one of claims 9 to 12, characterized in that:
the information processing request is a security authentication request;
the step of performing information processing based on the secure key obtained by decryption includes performing security authentication processing based on the secure key and code table data stored in the secure chip.
14. A security chip, comprising:
the request unit is used for sending a key acquisition request to the auxiliary chip after receiving the information processing request sent by the upper computer;
a receiving unit, configured to receive first ciphertext data sent by the auxiliary chip in response to the key obtaining request, where the first ciphertext data is generated by encrypting a secure key;
and the processing unit is used for carrying out decryption processing on the first ciphertext data and carrying out information processing on the basis of the security key obtained by decryption.
15. The security chip of claim 14, wherein:
the security chip comprises a random number generation unit for generating a first random number and an encryption algorithm unit for symmetrically encrypting the first random number into second ciphertext data;
the request unit is used for sending the second ciphertext data to the auxiliary chip;
the first ciphertext data is generated by the auxiliary chip decrypting the second ciphertext data based on a symmetric key stored in the auxiliary chip in advance to obtain the first random number and encrypting the security key stored in the auxiliary chip based on the first random number;
the processing unit is configured to perform decryption processing on the first ciphertext data by using the first random number as a symmetric key.
16. The security chip according to claim 14 or 15, characterized in that:
the auxiliary chip is a general chip.
17. The security chip according to any one of claims 14 to 16, wherein:
the information processing request is a security authentication request;
and the processing unit is used for carrying out security authentication processing based on the security key and the code table data stored in the security chip.
Priority Applications (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911061696.8A CN110909338B (en) | 2019-11-01 | 2019-11-01 | Security authentication method and system based on security chip and security chip |
| PCT/CN2020/125387 WO2021083349A1 (en) | 2019-11-01 | 2020-10-30 | Security chip-based security authentication method and system, security chip, and readable storage medium |
| US17/773,482 US20230289424A1 (en) | 2019-11-01 | 2020-10-30 | Security Chip-Based Security Authentication Method and System, Security Chip, and Readable Storage Medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911061696.8A CN110909338B (en) | 2019-11-01 | 2019-11-01 | Security authentication method and system based on security chip and security chip |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110909338A true CN110909338A (en) | 2020-03-24 |
| CN110909338B CN110909338B (en) | 2022-09-06 |
Family
ID=69816214
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911061696.8A Active CN110909338B (en) | 2019-11-01 | 2019-11-01 | Security authentication method and system based on security chip and security chip |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110909338B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111966969A (en) * | 2020-07-17 | 2020-11-20 | 航天信息股份有限公司 | Authentication chip control method, authentication method and system for upper computer application |
| WO2021083349A1 (en) * | 2019-11-01 | 2021-05-06 | 浙江地芯引力科技有限公司 | Security chip-based security authentication method and system, security chip, and readable storage medium |
| CN112906416A (en) * | 2021-03-25 | 2021-06-04 | 紫光国芯微电子股份有限公司 | Safe communication module and safe communication method |
| CN116707772A (en) * | 2023-08-04 | 2023-09-05 | 山东天河科技股份有限公司 | Identity information management method of controller chip |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105516180A (en) * | 2015-12-30 | 2016-04-20 | 北京金科联信数据科技有限公司 | Cloud secret key authentication system based on public key algorithm |
| CN107493281A (en) * | 2017-08-16 | 2017-12-19 | 海信集团有限公司 | encryption communication method and device |
| CN108234132A (en) * | 2017-12-07 | 2018-06-29 | 深圳市中易通安全芯科技有限公司 | The safe communication system and method for a kind of main control chip and encryption chip |
| CN108540486A (en) * | 2018-04-23 | 2018-09-14 | 湖南东方华龙信息科技有限公司 | The generation of cloud key and application method |
| CN108667608A (en) * | 2017-03-28 | 2018-10-16 | 阿里巴巴集团控股有限公司 | The guard method of data key, device and system |
| CN109768862A (en) * | 2019-03-12 | 2019-05-17 | 北京深思数盾科技股份有限公司 | A kind of key management method, key call method and cipher machine |
-
2019
- 2019-11-01 CN CN201911061696.8A patent/CN110909338B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105516180A (en) * | 2015-12-30 | 2016-04-20 | 北京金科联信数据科技有限公司 | Cloud secret key authentication system based on public key algorithm |
| CN108667608A (en) * | 2017-03-28 | 2018-10-16 | 阿里巴巴集团控股有限公司 | The guard method of data key, device and system |
| CN107493281A (en) * | 2017-08-16 | 2017-12-19 | 海信集团有限公司 | encryption communication method and device |
| CN108234132A (en) * | 2017-12-07 | 2018-06-29 | 深圳市中易通安全芯科技有限公司 | The safe communication system and method for a kind of main control chip and encryption chip |
| CN108540486A (en) * | 2018-04-23 | 2018-09-14 | 湖南东方华龙信息科技有限公司 | The generation of cloud key and application method |
| CN109768862A (en) * | 2019-03-12 | 2019-05-17 | 北京深思数盾科技股份有限公司 | A kind of key management method, key call method and cipher machine |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2021083349A1 (en) * | 2019-11-01 | 2021-05-06 | 浙江地芯引力科技有限公司 | Security chip-based security authentication method and system, security chip, and readable storage medium |
| CN111966969A (en) * | 2020-07-17 | 2020-11-20 | 航天信息股份有限公司 | Authentication chip control method, authentication method and system for upper computer application |
| CN111966969B (en) * | 2020-07-17 | 2024-04-30 | 航天信息股份有限公司 | Authentication chip control method, authentication method for upper computer application and system thereof |
| CN112906416A (en) * | 2021-03-25 | 2021-06-04 | 紫光国芯微电子股份有限公司 | Safe communication module and safe communication method |
| CN116707772A (en) * | 2023-08-04 | 2023-09-05 | 山东天河科技股份有限公司 | Identity information management method of controller chip |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110909338B (en) | 2022-09-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110909338B (en) | Security authentication method and system based on security chip and security chip | |
| US10482291B2 (en) | Secure field-programmable gate array (FPGA) architecture | |
| CN110995642B (en) | Providing secure connections using pre-shared keys | |
| CN110889123B (en) | Authentication method, key pair processing method, device and readable storage medium | |
| CN109510708B (en) | Public key password calculation method and system based on Intel SGX mechanism | |
| US8761397B1 (en) | Secure wireless transmission | |
| Ngo et al. | Dynamic Key Cryptography and Applications. | |
| WO2018120883A1 (en) | Low power consumption bluetooth device communication encryption method and system | |
| EP2684332A1 (en) | Improving security for remote access vpn | |
| CN104253694A (en) | Encrypting method for network data transmission | |
| JP2005073053A (en) | Id confirmation unit, id generation unit and authentication system | |
| CN104270242A (en) | Encryption and decryption device used for network data encryption transmission | |
| JPH11289324A (en) | Transmitter-receiver and transmission-reception method therefor | |
| CN204180095U (en) | A kind of ciphering and deciphering device for network data encryption transmission | |
| CN210515295U (en) | Security authentication system and information processing device based on security chip | |
| US11647390B2 (en) | Information exchange method and apparatus | |
| CN107155184B (en) | WIFI module with secure encryption chip and communication method thereof | |
| CN101540675B (en) | Smart key equipment and communication method and system of application software | |
| WO2020030132A1 (en) | Control method and device for smart door lock, and storage medium | |
| EP3614293A1 (en) | Securing data stored in a memory of an iot device during a low power mode | |
| CN110191136A (en) | A kind of convenient and fast file secure transmission method and equipment | |
| CN105825135A (en) | Encryption chip, encryption system, encryption method and decryption method | |
| WO2021083349A1 (en) | Security chip-based security authentication method and system, security chip, and readable storage medium | |
| CA2539658C (en) | Securing a link between devices | |
| CN109413644B (en) | LoRa encryption authentication communication method, storage medium and electronic terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| EE01 | Entry into force of recordation of patent licensing contract | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20200324 Assignee: SHENZHEN YUANAI ELECTRONIC TECHNOLOGY CO.,LTD. Assignor: Zhejiang core Gravity Technology Co.,Ltd. Contract record no.: X2023980053655 Denomination of invention: A security authentication method and system based on security chips and security chips Granted publication date: 20220906 License type: Common License Record date: 20231222 |