CN111030808A - Vehicle machine system and encryption method thereof - Google Patents

Vehicle machine system and encryption method thereof Download PDF

Info

Publication number
CN111030808A
CN111030808A CN201911161685.7A CN201911161685A CN111030808A CN 111030808 A CN111030808 A CN 111030808A CN 201911161685 A CN201911161685 A CN 201911161685A CN 111030808 A CN111030808 A CN 111030808A
Authority
CN
China
Prior art keywords
key
machine system
chip
keys
derived
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201911161685.7A
Other languages
Chinese (zh)
Inventor
周欣
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zebra Network Technology Co Ltd
Original Assignee
Zebra Network Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zebra Network Technology Co Ltd filed Critical Zebra Network Technology Co Ltd
Priority to CN201911161685.7A priority Critical patent/CN111030808A/en
Publication of CN111030808A publication Critical patent/CN111030808A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/12Transmitting and receiving encryption devices synchronised or initially set up in a particular manner
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions

Abstract

The invention provides a vehicle machine system and an encryption method thereof, wherein the encryption method of the vehicle machine system is to embed a logic key in a Register Transfer Language (RTL) logic code of a chip. According to the encryption method of the vehicle machine system, the key goes deep into the chip logic layer, keys of different levels can be formed, the difficulty and the cost for cracking are extremely high, the safety is high, and the cost balance is good in software and hardware cost and safety level.

Description

Vehicle machine system and encryption method thereof
Technical Field
The invention relates to the field of secret keys, in particular to a vehicle machine system and an encryption method thereof.
Background
Most keys of existing in-vehicle systems are software-based. The prior art has the following disadvantages: the method is software-based, and has no chip-level security protection, and in view of the existing computing conditions, the cracking threshold is low, the attack cost is low, and the attack surfaces are more (brute force cracking, time analysis, dynamic debugging, memory analysis and the like).
Disclosure of Invention
In view of this, the present invention provides an in-vehicle system and an encryption method thereof, so as to solve the problem of low security that key management of the existing in-vehicle system mainly depends on software.
In order to solve the above technical problem, in one aspect, the present invention provides a car machine system encryption method, where a logic key is embedded in a Register Transfer Language (RTL) logic code of the chip.
Further, an OTP key is embedded in a One Time Programming (OTP) storage medium of the chip.
Further, the OTP key includes one or more of:
the chip hardware key is generated when the chip leaves a factory;
the encrypted user key is formed by a true random number generator and is used as the user key after being decrypted;
the chip batch secret key is formed by a true random number generator and is used for encrypting the chips of each batch;
the secure boot public key has value secret key is formed based on the HASH value and used for verifying the validity of the secure boot public key.
Further, a plurality of layers of derived keys are derived in a Trusted Execution Environment (TEE) for hierarchical management based on the logical key and the OTP key.
Further, the multi-layer derived layer keys are independent of each other. Therefore, when the keys of one layer are cracked, the keys of other layers keep the independence, and do not need to be changed and are not influenced by the cracked keys.
Further, the derived layer keys include front-end layer level keys that include one or more of:
the file encryption key is formed by derivation of the chip hardware key and the vehicle machine system identification number and is used for encrypting the safely stored file;
the master key is derived by the logic key exclusive or the chip batch key and is used for deriving a subsequent key;
a platform key derived from the master key and the public key HASH value key, for decrypting the encrypted user key;
and the original equipment manufacturing key (OEM key) is derived from the platform key and the public key HASH value key and is used for performing function expansion.
Further, the front-end tier keys may also include a user-Customized (CST) key.
Further, the user-customized key is generated by any one of the following methods:
decrypting the encrypted user key and the platform key in a trusted execution environment to obtain the user Customized (CST) key; or the public key is uploaded to a security cloud end or a security server end after being encrypted, and after a security mirror image is generated, the security cloud end or the security server obtains the user customized secret key in a public key system and digital envelope mode.
Further, the derived layer keys further include an end-level key formed based on the user-customized key derivation, the end-level key including one or more of:
the log key is formed by derivation of the user customized key and a vehicle equipment system identification number (VIN number) and is used for encrypting the log;
a mirror image encryption key which is derived and formed based on the user customized key and is used for encrypting the safe mirror image;
an upgrade package (OTA) encryption key formed based on the user-customized key for encrypting an upgrade package.
Further, the logical key is changed by replacing the new logical key. That is, when the logical key is leaked, the RTL layer key needs to be replaced.
Further, the method for changing the OTP key includes: and updating the chip batch key or updating the key of the leaked part.
Further, the front-end level key modification method includes any one of modifying a derivation method function, updating a key, or updating a corresponding field in the OTP key.
Further, the method for changing the end-level key includes: updating a derivative method function, updating a secret key, updating a corresponding field in the OTP secret key, or updating a front-end level secret key from which the tail-end level secret key is derived, and synchronously updating the changed tail-end level secret key to a security cloud or a security server.
On the other hand, the invention provides the in-vehicle system, and the in-vehicle system is encrypted according to any one of the encryption methods of the in-vehicle system.
The technical scheme of the invention at least has one of the following beneficial effects:
according to the encryption method of the vehicle-mounted computer system, the root key extends deep into the chip logic layer, and because the RTL layer key of the chip is generally inaccessible and the number of people who can contact the RTL layer key of the chip is very limited, the safety can be greatly improved;
furthermore, an OTP key is embedded in the OTP, and a key encryption and decryption algorithm is completed by hardware, so that the security management of the key is realized, and as the access of software is limited by common chip logic and the threshold of physical decryption is higher, the security can be further improved by combining the OTP key and the logic key;
the keys with different purposes are generated in a derivation mode, so that the characteristic of one key for one secret is guaranteed, and a redundancy scheme for updating the keys is provided;
furthermore, keys of different levels can be formed for different purposes, the keys are independent among the different purposes, the cracking difficulty and the cost are extremely high, the safety is high, and good cost balance is achieved on software and hardware cost and safety level.
Drawings
Fig. 1 is a hierarchical key diagram of an in-vehicle system encryption method according to an embodiment of the present invention;
fig. 2 is a key map generated by the in-vehicle system encryption method according to an embodiment of the present invention.
Detailed Description
The following detailed description of embodiments of the present invention will be made with reference to the accompanying drawings and examples. The following examples are intended to illustrate the invention but are not intended to limit the scope of the invention.
First, a car machine system encryption method according to an embodiment of the present invention is described.
According to the vehicle machine system encryption method provided by the embodiment of the invention, the logic key is embedded in the Register Transfer Language (RTL) logic code of the chip.
The logic key is a root key, when the chip is designed, the logic key is pre-embedded into the RTL, hardware cannot be accessed, and people who can contact the logic key are very limited, so that the leakage possibility is very low, the safety coefficient of the formed logic key is extremely high, and the cracking difficulty is extremely high.
Alternatively, the logic key may be embedded in Register Transfer Language (RTL) logic code of the chip based on a Trusted Execution Environment (TEE) technology such as an ARM Trustzone technology, an Intel SGX technology, or an AMD/MIPS technology. The method for embedding the logical key in the RTL logical code may be, for example, embedded in the logical code by using a conventional key generation method or tool, and a detailed generation process thereof is not described herein again.
Further, an OTP key is also embedded in a One Time Programming (OTP) storage medium of the chip. The OTP can be EFUSE or EEPROM, and preferably EFUSE is adopted. The OTP can only be accessed in a Trusted Execution Environment (TEE), and the general chip logic will limit the access of software, and the threshold for physical decryption is high, so the possibility of leaking the OTP key is low.
The OTP keys may include one or more of the following:
the chip hardware key is generated when the chip leaves a factory;
the encrypted user key is formed by a true random number generator and is used as the user key after being decrypted;
the chip batch secret key is formed by a true random number generator and is used for encrypting the chips of each batch;
the secure boot public key has value secret key is formed based on the HASH value and used for verifying the validity of the secure boot public key.
Therefore, various independent OTP keys can be formed, different functions can be realized conveniently, and meanwhile, various OTP keys and logic keys can be combined mutually to derive keys.
According to some embodiments of the invention, multiple layers of derived keys are derived in a Trusted Execution Environment (TEE) for hierarchical management based on a logical key and an OTP key.
Further, the multiple derived layer keys are independent of each other. Therefore, when the keys of one layer are cracked, the keys of other layers keep the independence, and do not need to be changed and are not influenced by the cracked keys. Meanwhile, the keys of different levels are used for different purposes, and the keys are independent among the different purposes, so that the decryption difficulty and cost are extremely high, the security is high, and the cost balance between the software and hardware cost and the security level is good.
Further, the derived layer key includes a front-end layer key, and the front-end layer key is derived by directly participating in the derivation of the logical key and the OTP key. The front-end tier keys may include one or more of the following:
the file encryption key is formed by derivation of a chip hardware key and a vehicle machine system identification number and is used for encrypting the safely stored file;
the master key is derived by the logic key exclusive or the chip batch key and is used for deriving a subsequent key;
the platform secret key is formed by derivation of a master secret key and a public key HASH value secret key and is used for decrypting the encrypted user secret key;
and the original equipment manufacturing key (OEM key) is derived from the platform key and the public key HASH value key and is used for performing function expansion.
Therefore, various front-end level keys which are independent mutually can be formed, and different functions can be realized conveniently.
In addition, the front-end tier keys may also include user-Customized (CST) keys. The user-customized key is generated by any one of the following methods:
1) decrypting the encrypted user key and platform key in the trusted execution environment to obtain a user Customized (CST) key.
2) And after the public key is encrypted, uploading the encrypted public key to a security cloud end or a security server end, and after a security mirror image is generated, obtaining a user customized secret key by the security cloud end or the security server in a public key system and digital envelope mode.
Therefore, the user customized key with high security can be formed, and the subsequent derivation is facilitated.
Further, the derivative layer keys include end-level keys formed based on the user-customized key derivatives. The end-level keys may include one or more of the following:
the log key is formed by derivation of a user customized key and a vehicle equipment system identification number (VIN number) and is used for encrypting the log;
the mirror image encryption key is formed by derivation based on a user customized key and is used for encrypting the safe mirror image;
an upgrade package (OTA) encryption key is derived based on a user-customized key and is used for encrypting the upgrade package.
Therefore, various independent end-level keys can be formed, different functions can be realized conveniently, and meanwhile, the keys are generally directly used in a use scene, so that the influence surface can be controlled.
In the above, the hierarchical keys shown in fig. 1 may be formed, and the OTP key and the logical key are derived as a front-end hierarchical key, and the front-end hierarchical key is derived as an end-level key.
According to some embodiments of the present invention, the car machine system encryption method further includes a key updating method after the key is leaked or cracked.
According to the leakage conditions of keys of different levels, the corresponding measures for updating the keys are slightly different, the updating force and the updating cost are different, and a security cloud or a security server may be required to perform synchronous updating.
The following specific method for modifying the secret key in a hierarchical manner comprises the following steps:
1) the logical key is changed by replacing the new logical key.
This is a very small possibility because the logical key (chip RTL key) is inaccessible to hardware, plus the person who has access to the chip logical key is very limited. Once a logical key leak occurs, it is common practice to replace the new logical key, which is the most thorough method and, optionally, requires re-streaming, and is therefore costly.
2) The method for changing the OTP key comprises the following steps: updating the chip batch key or revealing part of the key.
The OTP may be an EFUSE or EEPROM, preferably EFUSE is employed. The OTP can only be accessed in a Trusted Execution Environment (TEE), and the general chip logic will limit the access of software, and the threshold for physical decryption is high, so the possibility of leaking the OTP key is low. Because of the irreversible nature of OTP, once OTP key leakage occurs, the chip batch Key (KSCP) can be updated on the next batch of chips, or the key of the leaked portion can be updated.
3) The front-end hierarchical key modification method includes any one of modifying a derivation method function, updating a key, or updating a corresponding field in an OTP key.
Although these keys may be derived from the end-level keys, these keys themselves are derived, so that the update may modify any of the derivation method functions, update the keys, or update corresponding fields in the OTP keys.
4) The method for changing the end-level key comprises the following steps: updating a derivative method function, updating a secret key, updating a corresponding field in the OTP secret key, or updating a front-end level secret key from which the tail-end level secret key is derived, and synchronously updating the changed tail-end level secret key to a security cloud or a security server.
These keys are generally used directly in the usage scenario, so the influence surface is controllable, so the update may update the derivation method function, update the key, update the corresponding field in the OTP key, or update the front-end level key from which the end-level key is derived, and update the modified end-level key synchronously to the secure cloud or the secure server.
Therefore, corresponding change can be carried out according to the secret keys of different levels, and the method is more convenient and effective and has controllable cost.
The following describes a process of the car machine system encryption method and a generated key according to an embodiment of the present invention with reference to fig. 2.
As shown in fig. 2, the root generates a total of 4 hierarchical keys.
The first level is a logical key, namely an RTL key, denoted as KRTLEmbedded in the RTL logic code of the chip.
The second level is an OTP key which is embedded in the OTP/EFUSE of the chip, and the OTP key comprises:
chip hardware Key, i.e. HUK Key, denoted KHUKThe chip is generated when the chip leaves a factory, and uniqueness among the chips can be ensured;
the encrypted user key, ECST key, is denoted KECSTTrue random numbers, which are formed by a true random number generator and which, after being decrypted, can be used as a user-customized key;
chip batch Key, i.e. SCP Key, denoted KSCPIs a true random number, formed by a true random number generator, each batch of chips having the same KSCPBut varied from batch to batch;
the secure boot public key HASH value key, namely HASH key, is denoted as KHASHFormed based on the HASH value, for verifying the validity of the public key of the secure boot.
In this way, by embedding keys having different properties into the OTP keys of the second hierarchy, it is possible to use different file management and hierarchy management. Of course, only a part of the 4 OTP keys may be embedded, or all of them may be embedded, according to the application requirements, and keys with other functions and roles may be embedded.
For example, KECSTMay or may not be embedded with KECSTIn the case of (1), the key may be decrypted and used as a user-customized key (described later) after decryption, when no K is embeddedECSTIn the case of (2), the public key may be addedAnd after the secret is uploaded to a safety cloud end or a safety server end, and after a safety mirror image is generated, the safety cloud end or the safety server obtains a user customized secret key in a public key system and digital envelope mode.
The third layer key is a front-end layer key composed of a logical key (K)RTL) And the OTP secret key directly participates in the derivation, including:
file encryption Key, i.e. RPMB Key, denoted KRPMBWhich is composed of KHUKDeriving a VIN number, and encrypting the file for safe storage;
the master key, i.e. CP Key, denoted KCPWhich is composed of KRTLXOR KSCPDerivation for deriving a subsequent key;
platform Key, i.e. PLT Key, denoted KPLTWhich is composed of KCPAnd KHBKDerived from the above KECSTDecrypting to generate a user-customized key;
original equipment manufacturing key, OEM key, denoted as KOEMWhich is composed of KPLTAnd KHBKDerivation for functional expansion of original equipment fabrication;
the user-customized key, namely CST key, denoted as KCSTWhich is composed of KECSTAnd KPLTDerivation to obtain KCSTFor deriving subsequent end-level keys.
Of course, the keys may include one or more of them, and further front-end level keys may be generated according to usage requirements.
For example, K mentioned abovePLTMay or may not be derived, when not derived, the KPLTThen, K after encrypting the public key can be encrypted by means of PKI and digital envelope, for exampleCSTWhen the images are uploaded to a security cloud end or a security server end and a security mirror image is generated, the security cloud end or the security server obtains K in a PKI and digital envelope modeCST
The fourth level key is an end level key based on KCSTDeriving, the end-level key comprising:
log encryption key, LOG key, denoted as KLOGWhich is composed of KCSTDeriving from VIN number;
mirror image encryption key, i.e. IMG key, denoted KIMGBased on KCSTAnd string (which may be a string generated according to agreement conventions);
upgrade Package encryption Key, namely OTA Key, denoted KOTAWhich is composed of KCSTAnd a string (which may be a string generated according to protocol conventions).
The definition, generation method, and action of each key are shown in table 1 below.
Table 1 definition, generation method, and role list of keys
Figure BDA0002284414800000091
According to the vehicle machine system of the embodiment of the invention, after the safe start, namely the safe start, K is firstly generated in the TEECPAnd further derive KPLTThen to KECSTDecrypting to obtain KCSTAnd further derived to generate KIMGBy KIMGThe image can be decrypted correctly and the subsequent process can be performed. Other scenarios may be analogized and will not be described herein.
According to some embodiments of the present invention, the chip of the in-vehicle system is preferably:
1) the chip supports TEE technology, such as ARM Trustzone technology, Intel SGX technology or AMD/MIPS technology;
2) the chip preferably has an OTP device (EFUSE, EEPROM, etc.);
3) flash (EMMC, UFS, etc.) having RPMB (Replay Protected Memory Block) partitions;
if there is no RPMB partition, the anti-rollback mechanism can also be implemented in a normal file system, optionally, the anti-rollback mechanism for secure storage needs to be implemented in an additional way.
4) The chip is provided with a hardware encryption and decryption module (such as supporting TRNG, HASH, a symmetric encryption and decryption algorithm, asymmetric encryption and decryption and the like).
If the chip does not have part (or all) of the hardware encryption and decryption module, the missing algorithm can be replaced by a software method, but the software and hardware resources running in the software replacement method must have a protection mechanism (such as being executed in the TEE).
In addition, the invention provides the vehicle-mounted machine system, and the vehicle-mounted machine system is encrypted according to any one of the vehicle-mounted machine system encryption methods.
While the foregoing is directed to the preferred embodiment of the present invention, it will be understood by those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the invention as defined in the appended claims.

Claims (13)

1. The car machine system comprises a chip and is characterized in that a logic key is embedded in a register transfer language logic code of the chip.
2. The in-vehicle machine system encryption method according to claim 1, wherein an OTP key is further embedded in a one-time programmable storage medium of the chip.
3. The in-vehicle system encryption method according to claim 2, wherein the OTP key includes one or more of the following:
the chip hardware key is generated when the chip leaves a factory;
the encrypted user key is formed by a true random number generator and is used as the user key after being decrypted;
the chip batch secret key is formed by a true random number generator and is used for encrypting the chips of each batch;
the secure boot public key has value secret key is formed based on the HASH value and used for verifying the validity of the secure boot public key.
4. The in-vehicle system encryption method according to claim 3, wherein a plurality of layers of derived keys are derived for hierarchical management in a trusted execution environment based on the logical key and the OTP key.
5. The in-vehicle machine system encryption method according to claim 4, wherein the derived layer keys are independent of each other.
6. The in-vehicle machine system encryption method according to claim 4, wherein the derived layer key comprises a front-end layer-level key, and the front-end layer-level key comprises one or more of the following:
the file encryption key is formed by derivation of the chip hardware key and the vehicle machine system identification number and is used for encrypting the safely stored file;
the master key is derived by the logic key exclusive or the chip batch key and is used for deriving a subsequent key;
a platform key derived from the master key and the public key HASH value key, for decrypting the encrypted user key;
and the original equipment manufacturing secret key is formed by deriving the platform secret key and the public key HASH value secret key and is used for performing function expansion.
7. The in-vehicle machine system encryption method according to claim 6, wherein the front-end layer-level keys further comprise user customized keys, and the user customized keys are generated by any one of the following methods:
decrypting the encrypted user key and the platform key in a trusted execution environment to obtain the user customized key; or the public key is uploaded to a security cloud end or a security server end after being encrypted, and after a security mirror image is generated, the security cloud end or the security server obtains the user customized secret key in a public key system and digital envelope mode.
8. The in-vehicle system encryption method according to claim 7, wherein the derived layer keys further include an end-level key derived based on the user-customized key, the end-level key including one or more of:
the log encryption key is formed by derivation of the user customized key and the vehicle machine system identification number and is used for encrypting the log;
a mirror image encryption key which is derived and formed based on the user customized key and is used for encrypting the safe mirror image;
and the upgrading package encryption key is formed by derivation based on the user customized key and is used for encrypting the upgrading package.
9. The in-vehicle machine system encryption method according to any one of claims 1 to 8, wherein the logical key is changed by replacing a new logical key.
10. The in-vehicle machine system encryption method according to any one of claims 2 to 8, wherein the method for changing the OTP key comprises the following steps: and updating the chip batch key or updating the key of the leaked part.
11. The in-vehicle machine system encryption method according to any one of claims 6 to 8, wherein the front-end level key modification method includes any one of modifying a derivation method function, updating a key, or updating a corresponding field in the OTP key.
12. The in-vehicle machine system encryption method according to claim 8, wherein the method for changing the end-level key comprises: updating a derivative method function, updating a secret key, updating a corresponding field in the OTP secret key, or updating a front-end level secret key from which the tail-end level secret key is derived, and synchronously updating the changed tail-end level secret key to a security cloud or a security server.
13. A vehicle-mounted machine system, wherein the vehicle-mounted machine system is encrypted according to the encryption method of the vehicle-mounted machine system as claimed in any one of claims 1 to 13.
CN201911161685.7A 2019-11-22 2019-11-22 Vehicle machine system and encryption method thereof Pending CN111030808A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911161685.7A CN111030808A (en) 2019-11-22 2019-11-22 Vehicle machine system and encryption method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911161685.7A CN111030808A (en) 2019-11-22 2019-11-22 Vehicle machine system and encryption method thereof

Publications (1)

Publication Number Publication Date
CN111030808A true CN111030808A (en) 2020-04-17

Family

ID=70203318

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911161685.7A Pending CN111030808A (en) 2019-11-22 2019-11-22 Vehicle machine system and encryption method thereof

Country Status (1)

Country Link
CN (1) CN111030808A (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106537407A (en) * 2014-04-15 2017-03-22 领特贝特林共有限责任两合公司 Root of trust

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106537407A (en) * 2014-04-15 2017-03-22 领特贝特林共有限责任两合公司 Root of trust

Similar Documents

Publication Publication Date Title
EP2965254B1 (en) Systems and methods for maintaining integrity and secrecy in untrusted computing platforms
CN109313690B (en) Self-contained encrypted boot policy verification
RU2295834C2 (en) Initialization, maintenance, renewal and restoration of protected mode of operation of integrated system, using device for controlling access to data
US8560845B2 (en) System and method for tamper-resistant booting
US10567362B2 (en) Method and system for an efficient shared-derived secret provisioning mechanism
WO2020192406A1 (en) Method and apparatus for data storage and verification
US11171774B2 (en) System for synchronizing a cryptographic key state through a blockchain
US11329814B2 (en) Self-encryption drive (SED)
US20160006570A1 (en) Generating a key derived from a cryptographic key using a physically unclonable function
EP2759955A1 (en) Secure backup and restore of protected storage
US20180323967A1 (en) Cryptographically securing entropy for later use
US11042652B2 (en) Techniques for multi-domain memory encryption
CN106384042B (en) A kind of electronic equipment and security system
JP2017504267A (en) Key extraction during secure boot
US10686612B2 (en) Cryptographic data
CN110855430A (en) Providing a secure object store using a hierarchical key system
CN112653553B (en) Internet of things equipment identity management system
CN109586898B (en) Dual-system communication key generation method and computer-readable storage medium
EP3214567B1 (en) Secure external update of memory content for a certain system on chip
CN104023009B (en) A kind of Web system license validation method
CN110659506A (en) Replay protection of memory based on key refresh
US8499357B1 (en) Signing a library file to verify a callback function
CN111030808A (en) Vehicle machine system and encryption method thereof
JP2024507531A (en) Trusted computing for digital devices
CN108345803B (en) Data access method and device of trusted storage equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20200417