CN111386513B

CN111386513B - Data processing method, device and system chip

Info

Publication number: CN111386513B
Application number: CN201880076079.2A
Authority: CN
Inventors: 潘时林
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2018-05-03
Filing date: 2018-05-03
Publication date: 2021-09-07
Anticipated expiration: 2038-05-03
Also published as: CN111386513A; WO2019210490A1

Abstract

The application provides a system chip, a data writing method and a data reading device, wherein the system chip comprises a secure element and a central processing unit, the secure element is coupled with the central processing unit, the central processing unit is used for controlling the secure element, and the secure element is used for: determining verification information, wherein the verification information is used for verifying the validity of the data to be stored; carrying out security processing on the data to be stored according to the verification information to obtain first data; the first data is stored in a first memory, and the verification information is stored in a second memory, wherein the first memory and the second memory are different memories outside the system chip.

Description

Data processing method, device and system chip

Technical Field

The present application relates to the field of data processing, and more particularly, to a method, apparatus, and system chip for data writing and data reading.

Background

As a terminal device with the most extensive applications, a mobile phone plays an increasingly important role in mobile electronic commerce with the wide applications of the internet and the continuous improvement of the performance of the mobile phone. In the future, the mobile phone needs to realize various functions such as a bank card, a bus card, a key, an identity card and the like, and needs a mobile phone chip to provide a hardware-level security solution.

In the existing mobile phone security storage, an external Secure Element (SE) can be adopted, which is usually provided in a chip form, and the SE chip is integrated on a mobile phone product board to prevent external malicious analysis attack and protect data security, thereby safely completing application services such as finance and the like. In the scheme, to meet the requirements of all security application scenarios of the universal mobile phone, the external dedicated memory chip needs to have a large capacity, and the cost is high. The cost of external dedicated storage space, e.g., 4MB, is high and continues to rise as the demand for secure space subsequently increases.

In addition, an SE module is integrated into a System On Chip (SOC) to implement a mobile payment and multi-service common platform. However, the current process flow of the SOC causes no Non-Volatile Memory (NVM) inside the security module of the SOC, and the capacity of the SOC integrated into the main chip inSE is limited. Examples include One Time Programmable (OTP) Memory, Read Only Memory (ROM), and Random Access Memory (RAM) that can Only be programmed once, where the number of writes of an OTP is limited and cannot meet the growing business demands. Other memory sizes are also limited and do not allow efficient data storage as an NVM. Therefore, a secure storage implementation process is needed to meet the requirements of all security service scenarios while ensuring the cost.

Disclosure of Invention

The application provides a method, a device and a system chip for data writing and data reading, which can reduce the cost and improve the security level.

In a first aspect, a system-on-chip is provided, the system-on-chip comprising a secure element and a central processor, the secure element and the central processor being coupled, the central processor being configured to control the secure element, the secure element being configured to: determining verification information, wherein the verification information is used for verifying the validity of the data to be stored; performing security processing on the data to be stored according to the verification information to obtain first data; storing the first data to a first memory and storing the verification information to a second memory, wherein the first memory and the second memory are different memories outside the system chip.

Optionally, the first memory is a shared memory of the SE and the central processor CPU and the second memory is a dedicated Secure memory (Secure Flash) of the Secure element SE.

The first memory and the second memory are arranged in the embodiment of the application, and the first memory is a general memory, has no safety requirement and is large in capacity. In particular, the first memory may be an inherent memory of the handset itself. For example, the size of the current mobile phone memory is generally 64GB, 132GB, etc., and there is a relatively large storage space, and the first memory 202 according to the embodiment of the present application is 4MB or 16MB in 64GB or 132 GB. The capacity of the first memory has no cost influence on the intrinsic storage of the current relatively large mobile phone, and the cost of the mobile phone is not influenced even if the capacity of the first memory is increased along with the increase of the user demand in the future.

The second memory is a dedicated Secure memory, which does not require a large storage capacity, specifically, an externally authenticated dedicated Secure storage Secure Flash. One possible scenario is that the Secure Flash is placed inside the SE, belonging to the Secure authentication domain, or that the Secure Flash belongs to a device outside the Secure element. The present embodiment will be described in detail with reference to SE as an example. It is to be understood that this application includes, but is not limited to.

As a shared memory for the SE and the central processing unit CPU, the first memory may comprise different memory areas isolated from each other, storing information such as data or programs of the SE and the CPU, respectively.

Optionally, a third memory is further provided in this embodiment of the present application, and the third memory may be a one-time programmable OTP memory inside the SE. The third memory is used to store the ID of SE, HUK1 and HUK 2. It is explained here that HUK1 and HUK2, HUK1 being a key for storing data or reading data between SE and an external first memory, and HUK2 being a key for storing authentication information or reading authentication information between SE and an external second memory. It should be appreciated that in a security application scenario, both data and programs stored outside the SE need to be stored encrypted to ensure the security of the data and programs.

Where the HUK1 is a key that is unique for each SE independently, the first stored data store stores the root key (root key) for encryption and decryption. HUK1 is mainly used for encrypting the first memory, all programs and application data are placed in the first memory, the first memory is an external memory, therefore, encryption storage is needed, keys can be derived by adopting HUK1 as root keys, and each stored small unit is used as an encryption block unit, and encryption keys of the small units are different. Specifically, the key used for encrypting the data to be stored may be derived from the root key HUK1, for example, the key derived from the root key HUK1, the storage address of the data to be stored in the first storage, and other sequences may be used to encrypt the data to be stored, so as to store the data in the first storage. The key used to encrypt the data to be stored that is stored to the first memory is referred to herein as the first key.

HUK2 is also a key that is unique independently for each SE, and is a shared key (Share key) used to pair with the second memory. When bound with SE, the binding process depends on different products, and HUK2 can be written into the Secure Flash in a whole machine production line or a chip packaging production line; therefore, the Secure channel can be established by the same shared key HUK2 for the two devices of the Secure Flash and the SE, so that the Secure communication is carried out, and the content encryption of the Secure Flash and the read or write of the verification are ensured. I.e. the same shared key is used for secure communication between the second memory 201 and the SE, the key used for encrypting the authentication information stored in the second memory is referred to as the second key in this application. Accordingly, the second memory 201 also stores HUK2 therein, and HUK2 can be written during the production of the whole machine.

Further, the third memory may store keys required by other systems in addition to the ID of the SE, HUK1, and HUK 2. These keys are all written to OTP at the time of chip production, for example, for HUK1 and HUK2, the inside of SOC can be written to the third storage OTP by generating random numbers through a random number generator at the time of production, and cannot be changed any more after writing. It is to be understood that this application includes, but is not limited to.

It should be understood that the embodiment of the application is provided with a first memory for storing data or programs, and a second memory for storing the verification information corresponding to the data to be stored. Assuming that the size of the data to be stored is 4KB and the size of the authentication information is smaller than the size of the data to be stored, e.g. the check segment of the authentication information is only 32 bytes, the second memory size can support the security of the first memory of 16MB if it is 128 KB. Namely, the system architecture and the method provided by the embodiment of the application can reduce the cost and ensure the safety of data application. Meanwhile, the large-capacity inherent storage space of the terminal equipment can be fully utilized as the first storage, so that the capacity is increased, and the cost is reduced.

Through the data writing method provided by the application, on one hand, compared with the existing inSE scheme adopting Secure Flash, the cost can be reduced, and the large-capacity space of the first storage can be fully utilized to support more applications. On the other hand, compared with the inSE scheme without the Secure Flash, the method and the system have no limitation on the number of times of safely writing data, and can meet the requirements of all security service scenes. Through the scheme, the chip architecture of the inSE can meet the CC EAL5+ authentication requirement, is not limited by storage capacity, writing times and the like, reduces the cost, and improves the security level and the user experience.

With reference to the first aspect, in certain implementations of the first aspect, the verification information includes at least one of the following information: a check sequence generated by checking the data to be stored; a count value recorded by the counter; or a random sequence generated from a random number.

Specifically, the verification information may be that the SE processes the data to be stored according to a preset verification algorithm to generate a verification sequence, and the verification algorithm may be a secure Hash algorithm such as Hash algorithm SHA-256 or a Message Authentication Code (MAC) (for example, advanced encryption standard AES-CMAC algorithm) or the like. In this case, the verification information may include the generated check sequence.

In another possible case, the verification information includes a count value recorded by a counter. For example, the one-way counter records a count value, starts counting from 0, and increments by 1 each time data is written to the first memory (or Page x of the first memory).

In yet another possible scenario, the authentication information includes a Random sequence generated by a Random number Random-x-valid. For example, it may be a random sequence generated according to a preset random function.

With reference to the first aspect and the foregoing implementation manners, in some implementation manners of the first aspect, the performing security processing on the data to be stored according to the verification information includes at least one of: verifying the data to be stored by using the verification information; or determining a first key according to the verification information, and encrypting the first data by using the first key.

Three different types of authentication information are introduced and different processing methods are used, and the following description is also specifically provided.

And when the SE processes the data to be stored according to a preset verification algorithm to generate a verification sequence, and the verification information is the verification sequence, the verification information and the data to be stored form a verification relation in the verification processing process. In this case, the authentication information and the data to be stored may together constitute the first data. For example, when the check algorithm message authentication code is a secure MAC algorithm, the 240-byte data to be stored is processed by the MAC algorithm to generate a 16-byte check sequence, and after the 240-byte data to be stored and the 16-byte check sequence form first data, a ciphertext of 256 bytes is generated by encrypting the first key and stored in the first memory.

When the authentication information includes the Count value Count recorded by the counter. For example, the one-way counter records a count value, starts counting from 0, and increments by 1 each time data is written to the first memory (or Page x of the first memory). Then, at this time, it is to be ensured that a check relationship is formed between the verification information and the data to be stored, that is, the Count value Count is to participate in the processing process of the data to be stored, otherwise, the two are unrelated, and a check relationship cannot be formed.

Optionally, in the process of performing message authentication code security MAC processing, the SE brings the Count value Count into the data plaintext for MAC processing, and stores the Count value as verification information in the second memory after encryption processing of the second key; and generating first data after the data to be stored and the count value are processed by the MAC, and storing the first data into a first memory after the first data are encrypted by a first key.

In another possible implementation manner, a Count value Count is not added in the process of processing the message authentication code security MAC of the data to be stored, after the MAC processing is completed, the Count value Count may participate in the process of determining the first key during encryption, and the SE encrypts the first data by using the first key.

Specifically, when the data to be stored needs to be stored in the first memory, the SE derives the first key according to the HUK1 and the count value, and then stores the first data in the first memory after the first key is encrypted.

Or, when the data to be stored needs to be stored in the Page 2 in the first memory, the SE derives the first key according to the HUK1, the ID address of the Page 2 and the count value, and then stores the first data in the storage area of the Page 2 in the first memory after the encryption processing of the first key.

It should be understood that the above two methods of processing the data to be stored by using the count value may be implemented by any one application, and the two methods may be implemented together. And if the participation is ensured in any mode, the corresponding method is adopted for verification. It is to be understood that this application includes, but is not limited to.

Through the related processing of the data writing process, the relevance between the verification information and the data to be stored can be realized. Due to the existence of the association, when data is read in the next step, the data validity can be verified after the corresponding verification information of the data and the second memory of the first memory is read into the internal RAM.

When the authentication information includes a Random sequence generated by a Random number Random-x-valid. For example, it may be a random sequence generated according to a preset random function. Then, at this time, it is to be ensured that a check relationship is formed between the verification information and the data to be stored, that is, the random sequence participates in the processing process of the data to be stored, otherwise, the two are unrelated, and the check relationship cannot be formed.

Optionally, the SE carries the random sequence into the data plaintext to perform MAC processing during the process of performing secure MAC processing on the message authentication code. The random sequence is used as verification information and is stored in a second memory after being encrypted by a second secret key; and generating first data after the data to be stored and the random sequence are subjected to MAC processing, and storing the first data into a first memory after the first data are subjected to encryption processing of a first secret key.

In another possible implementation manner, the SE does not add a random sequence in the process of processing the message authentication code security MAC of the data to be stored, after the MAC processing is completed, the random sequence may participate in the process of determining the first key during encryption, and the SE encrypts the first data by using the first key.

Specifically, when the data to be stored needs to be stored in the first memory, the SE derives a first key according to the HUK1 and the random sequence, and then stores the first data in the first memory after the first key is encrypted.

Or, when the data to be stored needs to be stored in the Page 2 in the first memory, the SE derives a first key according to the HUK1, the ID address of the Page 2 and the random sequence, and then stores the first data in the storage area of the Page 2 in the first memory after the encryption processing of the first key.

Alternatively, the random sequence may be used directly as the first key of the first data in Page 2 in the first storage without derivation.

It should be understood that, the above three processing methods of participating the random sequence in the data to be stored can be implemented by any one application, and the three methods can also be implemented together. And if the participation is ensured in any mode, the corresponding method is adopted for verification. It is to be understood that this application includes, but is not limited to.

With reference to the first aspect and the foregoing implementations, in certain implementations of the first aspect, the secure element is further configured to: encrypting the authentication information according to a second key, the second key being different from the first key, before storing the authentication information in a second memory.

With reference to the first aspect and the foregoing implementation manners, in some implementation manners of the first aspect, the determining a first key according to the verification information includes: determining the first secret key according to the verification information and a first preset sequence; and the secure element is further to: and determining the second key according to a second preset sequence, wherein the second preset sequence is different from the first preset sequence.

It is understood that the first predetermined sequence may be the HUK1 described above, and the second predetermined sequence may be the HUK2 described above.

With reference to the first aspect, in certain implementations of the first aspect, the first memory includes N regions, the second memory includes N regions, the N regions of the first memory correspond to the N regions of the second memory one-to-one, where N is a positive integer, and the storing the first data in the first memory and the storing the verification information in the second memory includes: storing the first data to a first area of N areas of the first memory and storing the verification information to a second area of N areas of the second memory, wherein the first area corresponds to the second area.

With reference to the first aspect and the foregoing implementation manners, in some implementation manners of the first aspect, each of the N regions of the second memory includes at least two sub-regions, a size of each sub-region is greater than or equal to a size of the verification information, and the secure element is further configured to perform the operations of storing the first data into the first memory and storing the verification information into the second memory in the following order: storing the verification information to an unoccupied sub-region of the second region; storing the first data to the first area; deleting the historical verification information stored in the occupied sub-area in the second area.

Specifically, the verification block 2 of the second memory is divided into two sub-areas, namely an active area and a blank area, each of which can store the verification information of the data to be stored. After the first data encrypted by the first key and the verification information encrypted by the second key are obtained by the method, if the first data is written into the storage block Page 2 of the first memory, the verification information is written into the valid area of the verification block 2 in the process of writing the verification information into the verification block 2 of the second memory, and the blank area is free of any data. When new data needs to be stored in the storage block Page 2, assuming that the second data is new data to be stored, the following write-in procedure is required: (1) determining second verification information corresponding to second data to be stored according to the second data, wherein the process refers to the method of the first data, and details are not repeated here; (2) reserving first verification information corresponding to original first data in a verification block 2 effective area of a second memory, and writing second verification information encrypted by a second key into a blank area of the verification block 2; (3) after security processing, second data to be stored are encrypted according to a first secret key and then written into a storage block Page 2 of a first memory; (4) and deleting the first verification information corresponding to the original first data in the effective area of the verification block 2 of the second memory, wherein the original effective area is changed into a blank area, and the newly written second verification information is used as the effective verification information.

The reason why each verification block is divided into two areas is that power failure during data writing can be prevented, and power failure protection is performed. When the data is written, any link can possibly cause system power failure. After the write-in process, power is turned off at any time, the verification block of the second memory is found to be valid in 1 area or blank in 1 area during starting, and at the moment, the field contained in the valid area is taken as verification information.

Or, if the 2 areas all have the verification information, the stored data of page 2 in the first memory is read again, and the verification information of the two areas is tried to be verified.

Alternatively, if the verification information of one area is correct, another incorrect verification information is erased. If the two verification information are both incorrect, the security attack is considered to be received, the storage is invalid, and the error is reported.

Through the execution flow, power failure protection can be performed on the data, power failure in any link does not affect the correspondence between the verification information and the stored data, the security of the data can be kept constantly, and user experience is improved.

With reference to the first aspect and the foregoing implementations, in certain implementations of the first aspect, the first memory is a shared memory of the secure element and the central processor, and the second memory is a dedicated memory of the secure element.

In a second aspect, a system-on-chip is provided, wherein the system-on-chip includes a secure element and a central processor, the secure element and the central processor being coupled, the central processor being configured to control the secure element, the secure element being configured to: retrieving first data from a first memory; obtaining verification information from a second storage space, wherein the verification information is used for verifying the validity of the first data, and the first storage and the second storage are different storages outside the system chip; and performing security solving processing on the first data according to the verification information to obtain processed data.

Through the data reading method provided by the application, on one hand, compared with the existing inSE scheme adopting Secure Flash, the cost can be reduced, and the large-capacity space of the first storage can be fully utilized to support more applications. On the other hand, compared with the inSE scheme without the Secure Flash, the method and the system have no limitation on the number of times of safely writing data, and can meet the requirements of all security service scenes. Through the scheme, the chip architecture of the inSE can meet the CC EAL5+ authentication requirement, is not limited by storage capacity, writing times and the like, reduces the cost, and improves the security level and the user experience.

With reference to the second aspect, in certain implementations of the second aspect, the verification information includes at least one of the following information: a check sequence generated by checking the data to be stored; a count value recorded by the counter; or a random sequence generated from a random number.

With reference to the second aspect, in some implementations of the second aspect, the performing, according to the verification information, a unsecure processing on the first data includes at least one of: performing a de-checking process on the first data by using the verification information; or determining a first key according to the verification information, and decrypting the first data by using the first key.

With reference to the second aspect and the foregoing implementations, in some implementations of the second aspect, the secure element is configured to decrypt the authentication information according to a second key, the second key being different from the first key, before retrieving the authentication information from the second memory.

With reference to the second aspect and the foregoing implementation manners, in some implementation manners of the second aspect, the determining a first key according to the verification information includes: determining the first secret key according to the verification information and a first preset sequence; and the secure element is further to: and determining the second key according to a second preset sequence, wherein the second preset sequence is different from the first preset sequence.

With reference to the second aspect and the foregoing implementation manners, in some implementation manners of the second aspect, the obtaining first data from the first memory includes: obtaining the first data from a first region of the N regions of the first memory; and said obtaining authentication information from the second memory comprises: obtaining verification information from a second area of the N areas of the second memory, wherein the first area corresponds to the second area.

With reference to the second aspect and the foregoing implementation manners, in some implementation manners of the second aspect, each of the N regions of the second memory includes at least two sub-regions, a size of each sub-region is greater than or equal to a size of the verification information, and performing a security relief process on the first data according to the verification information includes: taking the information stored in the first sub-area of the second area as the verification information, and performing security solving processing on the first data; and taking the information stored in the second sub-area of the second area as the verification information, and performing security solving processing on the first data.

With reference to the second aspect and the foregoing implementation manners, in some implementation manners of the second aspect, the first memory is a shared memory of the secure element and the central processing unit, and the second memory is a dedicated memory corresponding to the secure element.

In a third aspect, a method for processing data is provided, which is applied to a system chip including a secure element and a central processor, the secure element being coupled to the central processor, the central processor being configured to control the secure element, the secure element performing the method, the method including: determining verification information, wherein the verification information is used for verifying the validity of the data to be stored; performing security processing on the data to be stored according to the verification information to obtain first data; storing the first data to a first memory and storing the verification information to a second memory, wherein the first memory and the second memory are different memories outside the system chip.

With reference to the third aspect, in certain implementations of the third aspect, the verification information includes at least one of the following information: a check sequence generated by checking the data to be stored; a count value recorded by the counter; or a random sequence generated from a random number.

With reference to the third aspect and the foregoing implementation manners, in some implementation manners of the third aspect, the performing security processing on the data to be stored according to the verification information includes at least one of: verifying the data to be stored by using the verification information; or determining a first key according to the verification information, and encrypting the first data by using the first key.

With reference to the third aspect and the foregoing implementations, in some implementations of the third aspect, the method further includes: encrypting the authentication information according to a second key, the second key being different from the first key, before storing the authentication information in a second memory.

With reference to the third aspect and the foregoing implementation manners, in some implementation manners of the third aspect, the determining a first key according to the verification information includes: determining the first secret key according to the verification information and a first preset sequence; and the method further comprises: and determining the second key according to a second preset sequence, wherein the second preset sequence is different from the first preset sequence.

With reference to the third aspect and the foregoing implementation manners, in some implementation manners of the third aspect, the first memory includes N regions, the second memory includes N regions, the N regions of the first memory correspond to the N regions of the second memory one-to-one, where N is a positive integer, and the storing the first data in the first memory and the storing the verification information in the second memory includes: storing the first data to a first area of N areas of the first memory and storing the verification information to a second area of N areas of the second memory, wherein the first area corresponds to the second area.

With reference to the third aspect and the foregoing implementation manners, in some implementation manners of the third aspect, each of the N regions of the second memory includes at least two sub-regions, and a size of each of the sub-regions is greater than or equal to a size of the verification information, and the method further includes performing the operations of storing the first data to the first memory and storing the verification information to the second memory in the following order: storing the verification information to an unoccupied sub-region of the second region; storing the first data to the first area; deleting the historical verification information stored in the occupied sub-area in the second area.

With reference to the third aspect and the foregoing implementation manners, in some implementation manners of the third aspect, the first memory is a shared memory of the secure element and the central processor, and the second memory is a dedicated memory of the secure element.

In a fourth aspect, there is provided a method for processing data, which is applied to a system chip including a secure element and a central processor, the secure element being coupled to the central processor, the central processor being configured to control the secure element, the secure element performing the method, the method including: retrieving first data from a first memory; obtaining verification information from a second memory, the verification information being used to verify the validity of the first data, the first memory and the second memory being different memories outside the system chip; and performing security solving processing on the first data according to the verification information to obtain processed data.

With reference to the fourth aspect, in certain implementations of the fourth aspect, the verification information includes at least one of the following information: a check sequence generated by checking the data to be stored; a count value recorded by the counter; or a random sequence generated from a random number.

With reference to the fourth aspect and the foregoing implementation manners, in some implementation manners of the fourth aspect, the performing, according to the verification information, a unsecure processing on the first data includes at least one of: performing a de-checking process on the first data by using the verification information; or determining a first key according to the verification information, and decrypting the first data by using the first key.

With reference to the fourth aspect and the foregoing implementation manners, in some implementation manners of the fourth aspect, before the obtaining the verification information from the second storage, the method further includes: decrypting the authentication information according to a second key, the second key being different from the first key.

With reference to the fourth aspect and the foregoing implementation manners, in some implementation manners of the fourth aspect, the determining a first key according to the verification information includes: determining the first secret key according to the verification information and a first preset sequence; and the method further comprises: and determining the second key according to a second preset sequence, wherein the second preset sequence is different from the first preset sequence.

With reference to the fourth aspect and the foregoing implementation manners, in some implementations of the fourth aspect, the obtaining the first data from the first memory includes: obtaining the first data from a first region of the N regions of the first memory; and said obtaining authentication information from the second memory comprises: obtaining verification information from a second area of the N areas of the second memory, wherein the first area corresponds to the second area.

With reference to the fourth aspect and the foregoing implementation manners, in some implementation manners of the fourth aspect, each of the N regions of the second memory includes at least two sub-regions, a size of each sub-region is greater than or equal to a size of the verification information, and performing a security relief process on the first data according to the verification information includes: taking the information stored in the first sub-area of the second area as the verification information, and performing security solving processing on the first data; and taking the information stored in the second sub-area of the second area as the verification information, and performing security solving processing on the first data.

With reference to the fourth aspect and the foregoing implementation manners, in some implementation manners of the fourth aspect, the first memory is a shared memory of the secure element and the central processing unit, and the second memory is a dedicated memory corresponding to the secure element.

In a fifth aspect, a communication apparatus is provided, which includes: the system chip, the first memory, and the second memory described in any one of the first aspect, any one of the possible implementations of the first aspect, and the second aspect, and any one of the possible implementations of the first aspect.

In a sixth aspect, a communication apparatus is provided, which may be a terminal device or a chip disposed in the terminal device. The communication device includes: a processor, coupled to the memory, may be configured to execute the instructions in the memory to implement the steps performed in any one of the possible implementations of the third aspect and any one of the possible implementations of the fourth aspect and the fourth aspect. Optionally, the communication device further comprises a memory. Optionally, the communication device further comprises a communication interface, the processor being coupled to the communication interface.

In a seventh aspect, a computer program product is provided, the computer program product comprising: computer program code which, when run on a computing device or a secure element, causes the computing device or the secure element to perform the method of any one of the possible implementations of the third and third aspects and any one of the possible implementations of the fourth and fourth aspects described above.

In an eighth aspect, a computer-readable medium is provided, which stores program code, which, when run on a computing device or a secure element, causes the computing device or the secure element to perform the method of any one of the above-mentioned third and third possible implementations and any one of the fourth and fourth possible implementations.

In a ninth aspect, a system-on-chip is provided, the system-on-chip comprising a processor for enabling a terminal device to perform the functions referred to in the above aspects, such as writing data, encrypting, decrypting, reading data, or otherwise processing data and/or information referred to in the above methods. In one possible design, the system-on-chip further includes a memory for storing program instructions and data necessary for the terminal device. The system chip may be formed by a chip, and may also include a chip and other discrete devices.

Drawings

Fig. 1 is a schematic diagram of a possible chip design architecture.

Fig. 2 is a schematic diagram of an example system chip architecture according to an embodiment of the present disclosure.

Fig. 3 is a schematic diagram of a memory stored content according to another embodiment of the present application.

Fig. 4 is a schematic diagram illustrating an example of a method for processing data according to an embodiment of the present application.

Fig. 5 is a schematic diagram of another example of data processing provided in the embodiment of the present application.

Fig. 6 is a schematic diagram of another example of data processing provided in the embodiment of the present application.

Fig. 7 is a schematic diagram of another example of data processing provided in the embodiment of the present application.

Fig. 8 is a schematic diagram of another example of data processing provided in the embodiment of the present application.

Fig. 9 is a schematic diagram of another example of data processing provided in the embodiment of the present application.

Fig. 10 is a schematic diagram of another example of data processing provided in the embodiment of the present application.

Fig. 11 is a schematic diagram of a memory sub-region of a memory according to another embodiment of the present application.

Fig. 12 is a schematic diagram of another example of a method for processing data according to an embodiment of the present application.

Detailed Description

The technical solution in the present application will be described below with reference to the accompanying drawings.

As used in this specification, the terms "component," "module," "system," and the like are intended to refer to an entity, either hardware, firmware, a combination of hardware and software, or software in execution associated with a terminal device. It should be understood that the manner, the case, the category, and the division of the embodiments are only for convenience of description and should not be construed as a particular limitation, and features in various manners, the category, the case, and the embodiments may be combined without contradiction.

It should also be understood that "first", "second", and "third" in the embodiments of the application are merely for distinction and should not constitute any limitation to the application.

It should also be understood that, in the various embodiments of the present application, the sequence numbers of the processes do not mean the execution sequence, and the execution sequence of the processes should be determined by the functions and the inherent logic of the processes, and should not constitute any limitation to the implementation process of the embodiments of the present application.

It should be further noted that, in the embodiment of the present application, the "predefined" may be implemented by saving a corresponding code, table, or other means that can be used to indicate related information in advance in a device (for example, including a terminal device), and the present application is not limited to a specific implementation manner thereof. For example, the predefined may refer to a definition in a protocol.

It should be noted that in the embodiments of the present application, "of", "corresponding", and "corresponding" may be sometimes used in combination, and it should be noted that the intended meaning is consistent when the difference is not emphasized.

It should be further noted that "and/or" describes an association relationship of the associated object, indicating that there may be three relationships, for example, a and/or B, which may indicate: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. "at least one" means one or more than one; "at least one of a and B", similar to "a and/or B", describes an association relationship of associated objects, meaning that three relationships may exist, for example, at least one of a and B may mean: a exists alone, A and B exist simultaneously, and B exists alone. The technical solution provided by the present application will be described in detail below with reference to the accompanying drawings.

The method and the device for storing data provided by the embodiment of the application can be applied to terminal equipment. A terminal device may also be referred to as a User Equipment (UE), an access terminal, a subscriber unit, a subscriber station, a mobile station, a remote terminal, a mobile device, a user terminal, a wireless communication device, a user agent, or a user equipment. The terminal device in the embodiment of the present application may be a mobile phone (mobile phone), a tablet computer (Pad), a computer with a wireless transceiving function, a Virtual Reality (VR) terminal device, an Augmented Reality (AR) terminal device, a wireless terminal in industrial control (industrial control), a wireless terminal in self driving (self driving), a wireless terminal in remote medical treatment (remote medical), a wireless terminal in smart grid (smart grid), a wireless terminal in transportation safety (transportation safety), a wireless terminal in smart city (smart city), a wireless terminal in smart home (smart home), and the like. The embodiments of the present application do not limit the application scenarios. The terminal device and the chip that can be installed in the terminal device are collectively referred to as a terminal device in this application.

In addition, in the embodiment of the present application, the terminal device may also be a terminal device in an Internet of Things (IoT) system, the IoT is an important component of future information technology development, and the main technical feature of the IoT is to connect an object with a network through a communication technology, so as to implement an intelligent network with interconnected human-computer and interconnected objects.

The embodiment of the present application will be described in detail by taking a smartphone, which is most widely used in life, as an example.

In addition to the demand for the continuous improvement of the performance of cameras, audio, video and smart phones, the demand for security of mobile phones, such as mobile payment and mobile finance, related to smart phones is also increasing. In addition, smart phones are increasingly in demand for secure applications as car keys, bank cards, and the like that carry property. In the future, the mobile phone may receive and compile all bank cards, bus cards, keys, identity cards and the like, and to realize the functions, besides the support of various corresponding software development, a mobile phone chip is required to provide hardware level security.

Fig. 1 is a schematic diagram of a possible chip design architecture. As shown in fig. 1 of a chip architecture 100, the chip architecture 100 has a secure element SE104 built into a system on chip SOC 103, and the chip architecture 100 may include the following components.

A. Power Management Unit (PMU) 101

The power management unit 101 in the chip architecture 100 integrates all power management functions of the chip architecture 100, and mainly has functions of system reset, phase-locked loop and frequency divider, pin signal identification and decoding, sleep mode, module power management, and the like. The power management system may be logically connected to the processor to manage charging, discharging, and power consumption functions via the power management system.

B. RF circuit 102

RF circuit 102 may be used for receiving and transmitting signals during a message or call. Typically, the RF circuit includes, but is not limited to, an antenna, at least one Amplifier, a transceiver, a coupler, an LNA (Low Noise Amplifier), a duplexer, and the like. In addition, RF circuit 102 may also communicate with other devices, such as network devices, via wireless communication. The Wireless communication may use any communication standard or protocol, including but not limited to Wireless Local Area Network (WLAN), Global System for Mobile communication (GSM) System, Code Division Multiple Access (CDMA) System, Wideband Code Division Multiple Access (WCDMA) System, General Packet Radio Service (GPRS), Long Term Evolution (LTE) System, LTE Frequency Division Duplex (FDD) System, LTE Time Division Duplex (TDD), Universal Mobile telecommunications System (Universal Mobile telecommunications System, UMTS), Universal internet Access (world wide Access, WiMAX), or future Radio System (NR 5, WiMAX), etc.

C. AP Main chip 103

The main chip 103, i.e., the system chip SOC, is a chip of an integrated circuit, and the logic core includes a Central Processing Unit (CPU) 105, a clock circuit, a timer, an interrupt controller, a serial-parallel interface, other peripheral devices, an input/output subsystem (I/O) port, and an adhesion logic for various IP cores, and the like; the Memory core comprises various Volatile memories, nonvolatile memories (NVM), caches and the like; the Analog core includes an Analog to Digital Converter (ADC), a Digital to Analog Converter (DAC), a Phase Locked Loop (PLL), and some Analog circuits used in high speed circuits.

D. Central processing unit 105

The CPU 105 is a control center of the SOC 103, that is, a control center of the terminal device, connects various parts of the entire terminal device with various interfaces and lines, and executes various functions of the terminal device and processes data by running or executing software programs and/or modules stored in the memory and calling data stored in the memory, thereby monitoring the terminal device as a whole. Alternatively, the processor may include one or more processing units; preferably, the processor may integrate an application processor, which mainly handles operating systems, user interfaces, application programs, etc., and a modem processor, which mainly handles wireless communications. It will be appreciated that the modem processor described above may not be integrated into the processor.

The CPU 105, which may optionally include an operator and a controller, is a core component of the system chip for fetching instructions and processing data. And specifically, it can be used for performing control of instruction execution sequence, operation control, time control, arithmetic operation and logical operation on data, or processing of other information, and the like.

E. Memory device 107

The Flash memory specifically includes embedded multimedia Media Card (eMMC), Universal Flash Storage (UFS), Double Data Rate (DDR) synchronous dynamic random access memory, and the like. Specifically, for example, the Memory Array, a chip-level independent Memory Block (RPMB), where RPMB is a more specific partition of the eMMC, and the main function is to store some core sensitive data.

The storage device further comprises a module for storing software programs, and the processor executes various functional applications and data processing of the terminal device by running the software programs and the module stored in the storage device. The Memory device further includes a program storage area and a data storage area, such as a Read-Only Memory (ROM), a Random Access Memory (RAM), and the like in the chip architecture 100. Wherein, the storage program area can store an operating system, application programs (such as a sound playing function, an image playing function, etc.) required by at least one function, and the like; the storage data area may store data (such as audio data, a phonebook, etc.) created according to the use of the terminal device, and the like. In addition, the Memory device may further include a high-speed random access Memory (high-speed random access Memory), and may further include a Non-Volatile Memory (NVM), such as at least one magnetic disk Memory device, a flash Memory device, or other Volatile solid-state Memory device.

F. Short-range wireless communication controller 108

Near Field Communication (NFC) controller 108 may be a chip, and combines functions of an inductive card reader, an inductive card and a point-to-point on a single chip basis, so as to perform identification and data exchange with a compatible device in a short distance. The NFC chip has the mutual communication capability and the calculation capability, and can further comprise an encryption logic circuit, an encryption/decryption module and the like.

G. Other input devices

Other input devices may be used to receive entered numeric or character information and to generate key signal inputs relating to user settings and function controls of the terminal device.

In addition to the above-mentioned modules, the system chip further includes other units or modules not shown, such as a Multi Media Card (MMC) controller, a Double Data Rate Controller (DDRC), and so on, which are implemented together with the controller on the system chip, and are not described herein again.

The following description will focus on the SE104 inside the SOC 103. In the system chip of the SOC 103 with the SE104 built in the terminal device, we can refer to the inSE system, which can enhance the security level of the mobile phone. It should be understood that in the inSE system architecture, the central processing unit CPU 105 of the SOC 103 controls the SE104, specifically including controlling on and off of the SE104, controlling power consumption or operating state, and the like. In addition, the CPU 105, as a core of the system chip, may control other parts of the system chip, and this embodiment is not limited.

The secure element SE104 is usually provided in an embedded form in the SOC 103, and may run a smart card application, which may prevent external malicious analysis attacks and protect data security. Additionally there is encryption/decryption logic in the system chip. While the conventional secure element SE can be used in an IC chip in a Smart Card (Smart Card), the same functions are now implemented in a SIM Card, SD or the like chip in a cellular phone.

As shown in a black bold solid portion in fig. 1, the SE104 has a complete CPU, ROM, RAM, and the like. The internal structure of the SE is briefly described below. As shown at 104 in FIG. 1, SE, as an element, also includes most of the elements or structures described above similar to SOC 103, including the following components by way of specific list.

A. Central processing unit CPU 106

Various interfaces and circuitry are used to interface various portions of the system on-chip or off-chip, to perform various functions and to manipulate data by executing or otherwise executing software programs and/or modules stored in memory, and by invoking data stored in memory. Alternatively, the processor may include one or more processing units.

CPU 106, which may optionally include an operator and a controller, is a core component of SE104 for fetching instructions and processing data. Specifically, the present invention can be used for controlling the execution sequence of instructions, controlling operations, controlling timing, performing arithmetic operations and logical operations on data, processing other information, and the like.

In the chip architecture 100, the CPU 106 of the secure element SE may be communicatively connected to the CPU 105 of the system chip SOC, and the central processor CPU 105 of the system chip SOC controls the secure element SE, including controlling the SE to be turned on or off, controlling the power consumption or operating state, and the like.

B. Memory device

The storage device may be used to store data, software programs and modules, and the processor may be used to perform various functional applications and data processing by operating the software programs and modules stored in the storage device. The memory device also includes a program storage area and a data storage area, such as ROM, RAM, etc., shown in chip architecture 100. In addition, the SE further includes a One Time Programmable (OTP) memory.

C. Asynchronous transceiver Transmitter (Universal Asynchronous Receiver/Transmitter, UART)

The UART is a hardware component, a universal serial data bus, used for asynchronous communications. The bus is in bidirectional communication, and full duplex transmission and reception can be realized. It converts data or programs to be transmitted between serial communication and parallel communication, and as a chip for converting parallel input signals into serial output signals, UARTs are usually integrated into the connections of other communication interfaces. The UART may be implemented as a stand-alone modular chip or as a peripheral device integrated into the microprocessor as an interface to external devices.

D. Single wire connection protocol interface (SWP)

The single-wire connection protocol is a mobile payment solution mainly based on the NFC technology, and is applied to communication between a mobile phone SIM card or an SD card and a Contactless front end (CLF).

The inSE system can be connected with the NFC controller through NFC and SWP interfaces, and has three operation modes: close, wire, and virtual. Typically, communication with the SE may be through an external reader/writer, or access through an hardwired interface.

E. Encryption IP Encapsulation (Crypto IP Encapsulation, CIPE)

The CIPE uses encrypted IP packets, which are given target header information and encrypted using a default CIPE encryption mechanism.

F. Random Number Generator (True Random Number Generator, TRNG)

A random number generator is a device that generates random numbers through a physical process rather than a computer program.

The composition of the inSE system and the communication among all parts are briefly introduced, and the safety solution of the inSE system can integrate a safety element into a processor, can be more resistant to attacks from a physical layer and has higher safety. In the scheme, the SE module integrated into the main chip SOC has no non-volatile memory NVM, because the process of the SOC main chip is very advanced at present, the mainstream is 7nm, and the medium Flash of the NVM can not be integrated into the bare chip Die of the main chip under the process.

The security level of SE is very high, non-volatile storage NVM stores data, and can meet the following requirements:

(1) protection against leakage of data from non-volatile storage (consistency);

(2) protection against interference (integrity) against non-volatile storage;

(3) has the capability of anti-modification and anti-rollback (integration & anti-rollback) for resisting nonvolatile storage.

The NVM storage can ensure confidentiality, integrity and anti-rollback capability of data, in the inSE system, there is no NVM, the prior art has already implemented the requirement of ensuring confidentiality and integrity of data, and for the anti-rollback (anti-rollback) capability of data, the on-chip One-Time Programmable (OTP) is mainly used for implementation. Specifically, the bit counter inside the OTP is used for data rollback prevention, and the security can meet the authentication requirement of CC EAL4 +.

However, bit counters within current OTPs currently can reach tens of Kbits. Several tens of Kbits means that the maximum safe number of writes is also several tens of thousands, so there is a limit to the number of writes. Although the writing limitation of tens of thousands of times can meet the requirements of current businesses such as card swiping, car keys, identity cards and the like of consumers, the times are still insufficient in some security scenes. For example, in a scenario where a mobile phone is used as a Pos machine, a system security anti-brute force cracking count is performed, and when the security application scenario of the security element SE needs to be recorded frequently, tens of thousands of write restrictions cannot meet user requirements.

In order to meet the needs of users in various security scenarios, one possible solution is to set an external dedicated Secure storage Secure Flash. Through verification, the scheme can realize that the safety authentication standard reaches CC EAL5+, and can ensure the confidentiality and the integrity of data, thereby ensuring the use safety of users.

Besides the system chip SOC 103 and the Secure element SE104, a special Secure storage chip Secure Flash 201 is arranged outside the SOC, so that data, programs and the like required to be stored are stored in the Secure Flash 201, and the security meets the requirement. Meanwhile, the program can be even executed in a chip, all the program is not required to be carried into an internal RAM, the data writing requirement can meet the requirement that the special Secure Flash is adopted for storing various security application scenes, and the security requirement of the mobile phone can be generally met only by about 4MB, such as mobile payment of a smart phone, a bus card, a security shield and the like. However, 4MB Flash is very costly and is not generally used. Moreover, the cost will continue to rise as more and more space is subsequently required for mobile phone security.

Therefore, a secure storage implementation process is needed to meet the requirements of all security service scenarios while ensuring the cost. The embodiment of the application provides a flow for realizing safe storage based on the current inSE chip architecture, supports safe application data space by fully reusing the own inherent storage space of the terminal equipment, and only performs data anti-rollback and key storage management by using an external safe Flash storage chip without performing actual data storage, so that the requirement on the storage capacity of the safe Flash is low.

Fig. 2 is a schematic diagram of an example system chip architecture according to an embodiment of the present disclosure. As shown in fig. 2, the system architecture 200 includes a secure element SE104 embedded in the system on chip SOC 103, the secure element being coupled to a central processing unit CPU 105 of the SOC 103, the CPU 105 being configured to control the secure element SE 104. In addition, the system architecture 200 also includes a first memory 202 and a second memory 201, the first memory 202 and the second memory 201 being different memories outside the system on chip SOC 103. The first memory 202 is used for storing data and programs, and the second memory 201 is used for storing verification information used for verifying the validity of the data to be stored.

Further, communication between second memory 201 and SE104 via a high speed serial Interface (SFI) is shown in FIG. 2. It should be understood that the communication between Secure Flash and SE104 requires the establishment of a Secure channel for data transfer, here through the connection between the SFI interface and the security logic. Therefore, encrypted data can be transmitted between the Secure Flash and the SE, and the Secure channel can prevent the data from being tampered or rolled back and the like. The establishment of the secure channel belongs to the prior art, and this embodiment is not described in detail.

Optionally, the first memory 202 is a shared memory of the SE104 and the central processing unit CPU, and the second memory 201 is a dedicated Secure memory (Secure Flash) of the Secure element SE 104.

The first memory 202 and the second memory 201 are provided in the embodiment of the application, and it should be understood that the first memory 202 is a general memory, has no safety requirement, and has a large capacity; the second memory 201 is a dedicated secure memory. Specifically, the first memory may be a memory that the handset itself has. For example, the size of the current mobile phone memory is generally 64GB, 132GB, etc., and there is a relatively large storage space, and the first memory 202 according to the embodiment of the present application is 4MB or 16MB in 64GB or 132 GB. The capacity of the first memory has no cost influence on the intrinsic storage of the current relatively large mobile phone, and the cost of the mobile phone is not influenced even if the capacity of the first memory is increased along with the increase of the user demand in the future.

The second memory 201 is a dedicated Secure memory, and specifically, may be an externally authenticated dedicated Secure storage Secure Flash. One possible scenario is that the Secure Flash is placed inside SE104, belongs to the Secure authentication scope, or that the Secure Flash belongs to a device outside the Secure element. The embodiment of the present application will be described in detail with SE104 as an example. It is to be understood that this application includes, but is not limited to.

As a shared memory for the SE104 and the central processing unit CPU 105, the first memory 202 may include different memory areas isolated from each other, storing information such as data or programs of the SE104 and the CPU 105, respectively.

It should be understood that the embodiment of the application is provided with a first memory for storing data or programs, and a second memory for storing the verification information corresponding to the data to be stored. Assuming that the size of the data to be stored is 4KB and the size of the authentication information is much smaller than the size of the data to be stored, e.g. the check segment of the authentication information is only 32 bytes, the second memory size can support the security of the first memory of 16MB if it is 128 KB. Namely, the system architecture and the method provided by the embodiment of the application can reduce the cost and ensure the safety of data application. Meanwhile, the large-capacity inherent storage space of the terminal equipment can be fully utilized as the first storage, so that the capacity is increased, and the cost is reduced.

Optionally, a third memory is further provided in the embodiment of the present application, and the third memory may be a one-time programmable OTP memory inside the SE, such as OTP 203 shown in fig. 2. The OTP 203 is integrated in a digital logic portion of an SOC chip, and can realize Non-volatile storage (NVS) of one-time programming. The third memory is used to store the ID of the SE104, HUK1, and HUK 2. Explaining HUK1 and HUK2, HUK1 is a key for storing data or reading data between SE and an external first memory, and HUK2 is a key for storing authentication information or reading authentication information between SE and an external second memory. It should be appreciated that in a security application scenario, both data and programs stored outside the SE need to be stored encrypted to ensure the security of the data and programs.

Where the HUK1 is a key that is unique for each SE independently, the first stored data store stores the root key (root key) for encryption and decryption. The HUK1 is mainly used for encrypting the first memory, all programs and application data are placed in the first memory, and since the first memory is an external memory, the first memory needs to be stored in an encrypted manner, and keys can be derived by using the HUK1 as root keys, so that each small unit of storage is used as an encryption block unit, and the encryption keys are different from each other. Specifically, the key used for encrypting the data to be stored may be derived from the root key HUK1, for example, by encrypting the data to be stored according to the root key HUK1, the address of the data to be stored in the first memory, and keys derived from other sequences, and the like, so as to store the data to the first memory 202. The key used to encrypt the data to be stored that is stored to the first memory is referred to herein as the first key.

The HUK2 is also a key that is unique independently for each SE, and is a shared key (Share key) for pairing with the second memory. When bound with SE, the binding process depends on different products, and HUK2 can be written into the Secure Flash in a whole machine production line or a chip packaging production line; therefore, the Secure channel can be established by the same shared key HUK2 for the two devices of the Secure Flash and the SE, so that the Secure communication is carried out, and the content encryption of the Secure Flash and the read or write of the verification are ensured. I.e. the same shared key is used for secure communication between the second memory 201 and the SE, the key used for encrypting the authentication information stored in the second memory is referred to as the second key in this application. Accordingly, the second memory 201 also stores therein the HUK2, which can be written to the HUK2 during the production of the whole machine.

Further, the third memory may store keys required by other systems in addition to the ID of the SE104, the HUK1, and the HUK 2. These keys are all written to the OTP at the time of chip production, for example, for HUK1 and HUK2, the SOC internal can be written to the third memory OTP at the time of production by generating a random number by a random number generator, and cannot be changed any more after writing. It is to be understood that this application includes, but is not limited to.

Optionally, the first memory includes N regions, the second memory includes N regions, the N regions of the first memory correspond to the N regions of the second memory one to one, and N is a positive integer.

Fig. 3 is a schematic diagram illustrating an example of memory storage content provided in the embodiment of the present application, that is, the first memory or the second memory may be divided according to a certain size. Specifically, the first memory is divided into N memory blocks, such as Page 1, Page 2.. Page N shown in fig. 3, by a size of 4 KB; the second memory is divided into N verification blocks, such as verification block 1, verification block 2, shown in fig. 3, by a size of 32 bytes. Each Page has a corresponding verification block for storing Secure Flash (second memory) with security authentication, that is, the second memory retains verification information of the corresponding Page, so as to ensure that data stored in the first memory cannot be tampered or backed up.

In addition, in this implementation, the first key may be Kenc _ Page 1, Kenc _ Page 2.. Kenc _ Page N derived from HUK1 and IDs of different pages, and then encrypt data to be stored that are to be stored in the different pages, respectively, and then write the encrypted data into the corresponding pages. It is to be understood that the present application includes, but is not limited to, this.

While the system architecture and the storage contents of the functions of the first memory and the second memory are described above with reference to fig. 2 and fig. 3, it should be understood that the method provided by the embodiment of the present application is applied to all communication devices including the system architecture, such as the listed terminal devices such as smart phones, that is, all devices including the system architecture fall within the scope of protection of the present application. The method for processing data provided by the embodiment of the present application is described in detail below with reference to fig. 4 to 11.

Fig. 4 is a schematic diagram illustrating an example of a method for processing data according to an embodiment of the present application. The method 400 shows a specific process of data writing, which is applied to the architecture 200 described above, and includes a secure element SE and a system chip of a central processing unit, where the secure element SE is coupled to the central processing unit, and the central processing unit is used for controlling the secure element SE, including controlling the secure element SE to be turned on, turned off, and controlling power consumption or operating state. The method 400 includes the following.

S410, the secure element SE determines verification information, which is used to verify the validity of the data to be stored.

In the process of writing the data to be stored, the data to be stored needs to be encrypted and stored in the first memory. However, in a series of processes for processing data, the data may be tampered or attacked at any stage of processing outside the secure element SE, and therefore, in order to ensure the validity of the data, certain verification information is required to verify the validity of the data. And then writing the data to be stored into the first memory, and storing corresponding verification information of the data to be stored into the second memory.

Optionally, the verification information includes at least one of the following information: a check sequence generated by checking the data to be stored; or a count value recorded by a counter; or a random sequence generated from a random number.

It should be understood that the verification process is performed to verify whether the data is tampered, and the integrity check is performed, for example, to obtain a verification message through the verification process. Correspondingly, in the process of reading the data, the data is subjected to the de-verification processing, namely whether the data is falsified or maliciously attacked in the processing process is verified according to the verification information obtained in the verification processing process, so that the safety is ensured.

And S420, the secure element SE performs secure processing on the data to be stored according to the verification information to obtain first data.

In the step S410, the verification information is obtained, and the data to be stored may be subjected to security processing according to the verification information to obtain the first data. Wherein the security process comprises at least one of: carrying out MAC processing on the data to be stored by utilizing the verification information; or determining a first key according to the verification information, and encrypting the first data by using the first key.

S430, the secure element SE stores the first data in a first memory and stores the authentication information in a second memory, wherein the first memory and the second memory are different memories outside the system chip.

After step S410 is executed, the secure element SE obtains the verification information, but if the verification information and the data to be stored form a check relationship, the read data can be verified for validity by the verification information in the process of reading the data, otherwise, it has no meaning. Namely, the verification information is required to participate in the data processing process to be stored, otherwise, the verification information and the data processing process are unrelated and do not form a verification relation.

It is introduced in S410 that the authentication information may be at least one of three kinds of enumerated information. Specifically, the detailed description is divided into the following three cases.

The first condition is as follows:

and when the SE processes the data to be stored according to a preset verification algorithm to generate a verification sequence, and the verification information is the verification sequence, the verification information and the data to be stored form a verification relation in the verification processing process. In this case, as a data processing diagram shown in fig. 5, the authentication information and the data to be stored may together constitute the first data. For example, when the check algorithm message authentication code is a secure MAC algorithm, the 240-byte data to be stored is processed by the MAC algorithm to generate a 16-byte check sequence, after the 240-byte data to be stored and the 16-byte check sequence form first data, a ciphertext of 256 bytes is generated by encrypting the first key and stored in the first memory, and the 16-byte check sequence is used as verification information of the first data and stored in the second memory by encrypting the second key. Various possibilities regarding the first key and the first memory or the second key and the second memory have been described in detail in the foregoing, and are not described here again for the sake of brevity.

Or, as shown in the data processing diagram shown in fig. 6, after the data to be stored is processed by the verification algorithm, a verification sequence is generated, and the verification sequence is encrypted by the second key and stored in the second memory. At this time, the check sequence is generated according to the data to be stored, so that the check sequence can uniquely verify the validity of the data to be stored. And taking the data to be stored as first data, encrypting the first data according to a first secret key, and storing the first data in a first memory. For example, in connection with the memory type shown in FIG. 3, the first memory is divided into N memory blocks by a size of 4KB, and the second memory is divided into N verification blocks by a size of 32 bytes. As shown in fig. 6, 4KB of data to be stored is stored in the first memory through the first key encryption process; and storing the check sequence of the 32Byte in a second memory through the encryption processing of the second key. It is to be understood that this application includes, but is not limited to.

Case two:

the authentication information includes a Count value Count recorded by the counter. For example, the one-way counter records a count value, starts counting from 0, and increments by 1 each time data is written to the first memory (or Page x of the first memory). Then, at this time, it is to be ensured that a check relationship is formed between the verification information and the data to be stored, that is, the Count value Count is to participate in the processing process of the data to be stored, otherwise, the two are unrelated, and a check relationship cannot be formed.

Fig. 7 and 8 are schematic diagrams illustrating a processing method of the count value participating in the data to be stored. Fig. 7 shows a process of verifying data to be stored, for example, performing message authentication code security MAC processing, bringing a Count value Count into a plaintext of the data to be stored for MAC processing, and storing the Count value as verification information in a second memory after encryption processing of a second key; and generating first data after the data to be stored and the count value are processed by the MAC, and storing the first data into a first memory after the first data are encrypted by a first key.

Another method for processing data to be stored with count values is shown in fig. 8. In the process of processing the message authentication code security MAC of the data to be stored, the Count value Count is not added, after the MAC processing is completed, the Count value Count can participate in the process of determining the first key when encryption is carried out, and the SE utilizes the first key to encrypt the first data.

Specifically, when the data to be stored needs to be stored in the first memory, the SE derives the first key according to the HUK1 and the count value, and then stores the first data in the first memory after the first key is encrypted. How to derive the first key belongs to the prior art, and the embodiment will not be described.

Case three:

the authentication information includes a Random sequence generated by a Random number Random-x-valid. For example, it may be a random sequence generated according to a preset random function. Then, at this time, it is to be ensured that a check relationship is formed between the verification information and the data to be stored, that is, the random sequence participates in the processing process of the data to be stored, otherwise, the two are unrelated, and the check relationship cannot be formed.

Fig. 9 and fig. 10 are schematic diagrams illustrating a processing method of participation of a random sequence in data to be stored. In fig. 9, it is shown that the data to be stored is brought into the data plaintext together with the random sequence for MAC processing during the process of performing the message authentication code secure MAC processing. The random sequence is used as verification information and is stored in a second memory after being encrypted by a second secret key; and the data to be stored and the random sequence are processed by MAC together to generate first data, so that the first data are stored in a first memory after being encrypted by a first key.

Another method for processing data to be stored by using a random sequence is shown in fig. 10. In the process of processing the message authentication code security MAC of the data to be stored, a random sequence is not added, after the MAC processing is finished, when encryption is carried out, the random sequence can participate in the process of determining a first secret key, and the SE utilizes the first secret key to encrypt the first data.

Through the related processing of the data writing process, the relevance between the verification information and the data to be stored can be realized. Due to the existence of the association, when data is read in the next step, the data validity can be verified after the corresponding verification information of the data in the first memory and the corresponding verification information of the second memory are read into the internal RAM.

In the above examples of the data size, for example, 240 bytes, 32 bytes, or 4KB are all examples, the actual situation may be modified, and even the size of the storage block Page in the first storage or the size of the verification block in the second storage may be different according to the type of the stored data. It is to be understood that the present application includes, but is not limited to, this.

Further, when the first memory and the second memory are described above, the first memory and the second memory may be divided. For example, the first memory includes N regions, the second memory includes N regions, the N regions of the first memory correspond to the N regions of the second memory one to one, and N is a positive integer.

In another possible implementation case, each of the N regions of the second memory includes at least two sub-regions, and the size of each sub-region is greater than or equal to the size of the verification information, and the secure element is further configured to perform the operations of storing the first data into the first memory and storing the verification information into the second memory in the following order: the secure element stores the authentication information to an unoccupied sub-region in the second region; storing the first data in the first area; and finally deleting the historical verification information stored in the occupied subarea in the second area.

Specifically, as shown in fig. 11, the verification block 2 of the second memory is divided into two sub-areas, namely an effective area and a blank area, each of which can store the verification information of the data to be stored. After the first data encrypted by the first key and the verification information encrypted by the second key are obtained by the method, if the first data is written into the storage block Page 2 of the first memory, the verification information is written into the valid area of the verification block 2 in the process of writing the verification information into the verification block 2 of the second memory, and the blank area is free of any data. When new data needs to be stored in the storage block Page 2, assuming that the second data is new data to be stored, the following sequence is required to be written:

(1) determining second verification information corresponding to the second data to be stored, wherein the process refers to the method of the first data, and details are not repeated here;

(2) reserving first verification information corresponding to original first data in a verification block 2 effective area of a second memory, and writing second verification information encrypted by a second key into a blank area of the verification block 2;

(3) after security processing, second data to be stored are encrypted according to a first secret key and then written into a storage block Page 2 of a first memory;

(4) and deleting the first verification information corresponding to the original first data in the effective area of the verification block 2 of the second memory, wherein the original effective area is changed into a blank area, and the newly written second verification information is used as the effective verification information.

It should be understood that, when the verification information may be a check sequence generated by the data to be stored being processed by the message authentication code MAC; or a count value recorded by a counter; or a random sequence generated from a random number. When the verification information is the count value recorded by the counter, it is not necessary to perform the method of dividing the memory block of the second memory into two areas and the data writing flow as described above, because the count value of the counter is incremented by 1 every time it is written. Therefore, when the second data is written, only 1 is added on the basis of the first verification information, and the correctness of the verification information can be ensured without re-determining the second verification information. That is, if there is a correlation between the verification information of different storage blocks of the second memory, the flow of data writing can be simplified, and the validity of data can be correctly determined according to the verification information. This application includes, but is not limited to, this.

The process of data writing is completed above, and the process of data reading is described in detail below with reference to fig. 12. Fig. 12 is a schematic diagram of another example of a method for processing data according to an embodiment of the present application. The method 1200 shows a specific process of data reading, which is applied to the architecture 200 described above, and includes a secure element SE and a system chip of a central processing unit, where the secure element SE is coupled to the central processing unit, and the central processing unit is used for controlling the secure element SE, including controlling the secure element SE to be turned on, turned off, and controlling power consumption or operating state. The method 1200 includes the following.

S1210, the secure element SE acquires first data from the first memory.

S1220, the secure element SE obtains authentication information from a second memory, where the authentication information is used to authenticate the validity of the first data, and the first memory and the second memory are different memories outside the system chip.

S1230, the secure element SE performs a security relief process on the first data according to the verification information to obtain processed data.

In the method provided by the embodiment of the application, the first memory is used for storing data and programs, and the second memory is used for storing the verification information of the data and the programs of the first memory. During the data reading process, the secure element SE first retrieves the authentication information corresponding to the first data encrypted by the second key from the second memory, and retrieves the first data encrypted by the first key from the first memory. Thereafter, the secure element performs a decryption process on the encrypted first data to obtain the first data. Similarly, the secure element performs a security decryption process on the encrypted authentication information to obtain the authentication information. And finally, judging the validity of the first data according to the verification information.

Wherein the verification information comprises at least one of the following information: carrying out message authentication code MAC processing on the data to be stored to generate a check sequence; a count value recorded by the counter; or a random sequence generated from a random number.

Optionally, the secure element SE performing a unsecure processing on the first data according to the verification information includes at least one of: performing MAC decoding processing on the first data by using the verification information; or determining a first key according to the verification information, and decrypting the first data by using the first key.

In the process of the unsecure processing, first the secure element SE needs to obtain a first key. Alternatively, corresponding to the encryption during the data writing process, the secure element SE may store a first key for encrypting the data to be stored inside the SE during the writing process, and may directly extract the stored first key for decryption during the reading process of the data.

Alternatively, the secure element SE first decrypts the acquired authentication information according to the second key. The acquired authentication information is decrypted, for example, according to the HUK2 to obtain the authentication information.

Having obtained the authentication information, the first data may be MAC-decoded using the authentication information. Specifically, the following three cases are described in detail, and it is understood that the SE may select a corresponding process when reading data according to a corresponding process when writing data.

The first condition is as follows:

and when the verification information is that the SE generates a check sequence after processing the data to be stored according to a preset check algorithm, correspondingly, the SE selects a corresponding safety processing process to perform safety solving processing.

Alternatively, the check algorithm may be a secure Hash algorithm such as the Hash algorithm SHA-256 or the message authentication code security algorithm MAC, etc. The SE obtains the processed data according to the inverse of the checking algorithm.

The foregoing lists possible cases of the verification processing procedure, when the verification processing is the processing procedure shown in fig. 5, that is, the data to be stored and the verification sequence are included in the first data, the first data is encrypted by the first key and then stored in the first memory; the check sequence is encrypted by a second key and then stored in a second memory. In this case, in the process of the security decryption processing, the SE decrypts and acquires the data stored in the first memory, acquires the first check sequence in the stored data, and at the same time, decrypts the corresponding verification information in the second memory according to the second key, and acquires the second check sequence. And verifying the legality of the data through the first check sequence and the second check sequence. And when the first check sequence is the same as the second check sequence, the data is judged to be legal. It is to be understood that the present application includes, but is not limited to, this.

Correspondingly, when the verification processing is the processing procedure as shown in fig. 6, that is, the data to be stored is encrypted by the first key and then stored in the first memory; the check sequence is encrypted by a second key and then stored in a second memory. In this case, in the process of security decryption processing, the SE decrypts to obtain the stored data, obtains a first check sequence in the stored data according to a check algorithm, and decrypts corresponding verification information in the second memory according to the second key to obtain a second check sequence. And verifying the legality of the data through the first check sequence and the second check sequence. And when the first check sequence is the same as the second check sequence, the data is judged to be legal. It is to be understood that the present application includes, but is not limited to, this. Case two:

when the authentication information includes the Count value Count recorded by the counter. For example, the one-way counter records a count value, starts counting from 0, and increments by 1 each time data is written to the first memory (or Page x of the first memory). And the SE participates in the processing process of the data to be stored according to the count value, and selects a corresponding security solving processing method.

Optionally, if before performing the MAC processing, the SE brings the Count value Count into the data plaintext, and then participates in the MAC processing, accordingly, in the process of performing the security resolution processing, the Count value Count in the data may be obtained through the reverse process of the MAC processing. Comparing the Count value Count obtained from the first memory with the verification information Count obtained from the second memory, and if the two values are consistent, judging that the obtained data is legal data; if the two values are not consistent, the obtained data is judged to be illegal, the data is judged to be attacked safely, the data is invalid to obtain, and an error is reported.

Optionally, if the Count value Count is not added in the MAC processing process, after the MAC processing is completed, the Count value Count may participate in a process of determining the first key during encryption, and the SE encrypts the first data by using the first key. At this time, the SE derives a first key from the HUK1 and the count value, and then stores the first data in the first memory after the first key is encrypted. Or, when the data to be stored needs to be stored in the Page 2 in the first memory, the SE derives the first key according to the HUK1, the ID address of the Page 2 and the count value, and then stores the first data in the storage area of the Page 2 in the first memory after the encryption processing of the first key.

Correspondingly, in the process of security decryption processing, the SE decrypts the acquired data according to the first key to obtain the Count value Count, and then compares the Count value Count acquired in the first memory with the verification information Count acquired in the second memory. If the two values are consistent, judging that the acquired data is legal data; if the two values are not consistent, the obtained data is judged to be illegal, the data is judged to be attacked safely, the data is invalid to obtain, and an error is reported.

It should be understood that any one of the above two methods of solving the safety process can be implemented, and the two methods can be implemented together. As long as what kind of mode is adopted to perform security processing in the process of writing data is ensured, the corresponding method is adopted to perform security processing in the process of reading data. It is to be understood that this application includes, but is not limited to.

Case three:

when the authentication information includes a Random sequence generated by a Random number Random-x-valid. For example, it may be a random sequence generated according to a preset random function.

Optionally, if before performing the MAC processing, the SE brings the random sequence into the plaintext of the data, and then participates in the MAC processing, accordingly, in the process of performing the security processing, the random sequence in the data may be obtained through the reverse process of the MAC processing. Comparing the random sequence obtained from the first memory with the random sequence of the verification information obtained from the second memory, and if the two values are consistent, judging that the obtained data is legal data; if the two values are not consistent, the obtained data is judged to be illegal, the data is judged to be attacked safely, the data is invalid to obtain, and an error is reported.

Optionally, if a random sequence is not added during the MAC processing, after the MAC processing is completed, the random sequence may participate in a process of determining a first key during encryption, and the SE encrypts the first data using the first key. At this time, the SE derives a first key from the HUK1 and the count value, and then stores the first data in the first memory after the first key is encrypted. Or, when the data to be stored needs to be stored in the Page 2 in the first memory, the SE derives the first key according to the HUK1, the ID address of the Page 2 and the count value, and then stores the first data in the storage area of the Page 2 in the first memory after the encryption processing of the first key.

Correspondingly, in the process of security solving, the SE decrypts the acquired data according to the first key to acquire a random sequence, and then compares the random sequence acquired in the first memory with the random sequence of the verification information acquired in the second memory. If the two values are consistent, judging that the acquired data is legal data; if the two values are not consistent, the obtained data is judged to be illegal, the data is judged to be attacked safely, the data is invalid to obtain, and an error is reported.

Alternatively, the random sequence may be used directly as the first key of the first data in Page 2 in the first storage without derivation. Then, accordingly, the SE may decrypt the acquired data using the random sequence as a first key.

It should be understood that any one of the above three methods of the safety processing procedure can be implemented, and the three methods can also be implemented together. As long as what kind of mode is adopted to perform security processing in the process of writing data is ensured, the corresponding method is adopted to perform security processing in the process of reading data. It is to be understood that this application includes, but is not limited to.

As a possible case, the first memory includes N regions, the second memory includes N regions, the N regions of the first memory are in one-to-one correspondence with the N regions of the second memory, and N is a positive integer. The SE may acquire the first data from a first region of the N regions of the first memory; and the SE acquires the verification information from a second area of the N areas of the second memory, wherein the first area corresponds to the second area.

Optionally, each of the N regions of the second memory includes at least two sub-regions, and the size of each sub-region is greater than or equal to the size of the verification information, then the SE may use the information stored in the first sub-region of the second region as the verification information, and perform security relief processing on the first data; and further using the information stored in the second sub-area of the second area as the verification information, and performing security solving processing on the first data. The authentication information in either sub-area can be authenticated through the security processing.

Specifically, as shown in fig. 11, the verification block 2 of the second memory is divided into two sub-areas, namely an effective area and a blank area, each of which can store the verification information of the data to be stored. Corresponding to the data writing process, each process has the possibility of powering down, so the two sub-areas of the verification block 2 of the second memory may have the following three cases:

(1) the valid area has authentication information, and the blank area has no authentication information;

(2) the valid area and the blank area are provided with verification information which is different;

(3) the valid area has no authentication information, and the blank area has authentication information;

in any of the above possible cases, the verification information may be acquired, and as long as one piece of data acquired by verifying the verification information is legal, the data is determined to be legal data; if the two verification information are both incorrect, the security attack is considered to be received, the storage is invalid, and the error is reported.

The reason why each verification block is divided into two areas is that power failure during data writing can be prevented, and power failure protection is performed. The specific process has been described in detail when writing data, and for simplicity, the detailed description is omitted here.

The method provided by the embodiment of the present application is specifically described above in conjunction with fig. 2 to 11 from the aspect of writing data and reading data, respectively. Through the data writing and reading method provided by the application, on one hand, compared with the current existing inSE scheme adopting Secure Flash, the cost can be reduced, and the large-capacity space of the first storage can be fully utilized to support more applications. On the other hand, compared with the inSE scheme without the Secure Flash, the method and the system have no limitation on the number of times of safely writing data, and can meet the requirements of all security service scenes. Through the scheme, the chip architecture of the inSE can meet the CC EAL5+ authentication requirement, is not limited by storage capacity, writing times and the like, reduces the cost, and improves the security level and the user experience.

Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.

It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.

The functions described in the above embodiments, if implemented in the form of software functional units and sold or used as independent products, may be stored in a computer-readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device or a computing processor, such as the secure element described above, to execute all or part of the steps of the method described in the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.

The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims

1. A system-on-chip comprising a secure element and a central processor, the secure element and the central processor being coupled, the central processor being configured to control the secure element, the secure element being configured to:

determining verification information, wherein the verification information is used for verifying the validity of the data to be stored;

performing security processing on the data to be stored according to the verification information to obtain first data;

storing the first data to a first memory and storing the authentication information to a second memory, wherein the first memory and the second memory are different memories outside the system chip, the first memory is a shared memory of the secure element and the central processor, and the second memory is a dedicated memory of the secure element.

2. The system-on-chip of claim 1, wherein the verification information comprises at least one of:

a check sequence generated by checking the data to be stored;

a count value recorded by the counter; or

A random sequence generated from a random number.

3. The system chip of claim 1, wherein the performing the secure processing on the data to be stored according to the verification information comprises at least one of:

verifying the data to be stored by using the verification information; or

And determining a first key according to the verification information, and encrypting the first data by using the first key.

4. The system-on-chip of claim 3, wherein the secure element is further configured to:

encrypting the authentication information according to a second key, the second key being different from the first key, before storing the authentication information in a second memory.

5. The system-on-chip of claim 4, wherein the determining the first key based on the verification information comprises:

determining the first secret key according to the verification information and a first preset sequence; and

the secure element is further to:

and determining the second key according to a second preset sequence, wherein the second preset sequence is different from the first preset sequence.

6. The system-on-chip of any one of claims 1 to 5, wherein the first memory comprises N regions, the second memory comprises N regions, the N regions of the first memory are in one-to-one correspondence with the N regions of the second memory, N is a positive integer, and

the storing the first data to a first memory and the verifying information to a second memory includes:

storing the first data to a first area of N areas of the first memory and storing the verification information to a second area of N areas of the second memory, wherein the first area corresponds to the second area.

7. The system chip of claim 6, wherein each of the N regions of the second memory comprises at least two sub-regions, each sub-region having a size greater than or equal to a size of the verification information, and the secure element is further configured to perform the operations of storing the first data into the first memory and storing the verification information into the second memory in the following order:

storing the verification information to an unoccupied sub-region of the second region;

storing the first data to the first area;

deleting the historical verification information stored in the occupied sub-area in the second area.

8. A system-on-chip comprising a secure element and a central processor, the secure element and the central processor being coupled, the central processor being configured to control the secure element, the secure element being configured to:

retrieving first data from a first memory;

obtaining verification information from a second memory, wherein the verification information is used for verifying the validity of the first data, the first memory and the second memory are different memories outside the system chip, the first memory is a shared memory of the secure element and the central processing unit, and the second memory is a private memory corresponding to the secure element;

and performing security solving processing on the first data according to the verification information to obtain processed data.

9. The system-on-chip of claim 8, wherein the verification information comprises at least one of:

a check sequence generated by checking the data to be stored;

a count value recorded by the counter; or

A random sequence generated from a random number.

10. The system-on-chip of claim 8, wherein the unsecure processing of the first data according to the verification information comprises at least one of:

performing a de-checking process on the first data by using the verification information; or

And determining a first key according to the verification information, and decrypting the first data by using the first key.

11. The system-on-chip of claim 10, wherein the secure element is configured to decrypt the authentication information based on a second key, the second key being different from the first key, prior to retrieving the authentication information from the second memory.

12. The system on a chip of claim 11, wherein the determining the first key based on the verification information comprises:

the secure element is further to:

13. The system-on-chip of any one of claims 8 to 12, wherein the first memory comprises N regions, the second memory comprises N regions, the N regions of the first memory are in one-to-one correspondence with the N regions of the second memory, N is a positive integer, and

the retrieving the first data from the first memory includes:

obtaining the first data from a first region of the N regions of the first memory; and

the obtaining the verification information from the second memory includes:

obtaining verification information from a second area of the N areas of the second memory, wherein the first area corresponds to the second area.

14. The system-on-chip of claim 13, wherein each of the N regions of the second memory comprises at least two sub-regions, each sub-region having a size greater than or equal to a size of the verification information, and the performing the unsecure processing on the first data according to the verification information comprises:

taking the information stored in the first sub-area of the second area as the verification information, and performing security solving processing on the first data;

and taking the information stored in the second sub-area of the second area as the verification information, and performing security solving processing on the first data.

15. A method of processing data for use in a system chip comprising a secure element and a central processor, the secure element and the central processor being coupled, the central processor being configured to control the secure element, the secure element performing the method, the method comprising:

16. The method of claim 15, wherein the authentication information comprises at least one of:

a check sequence generated by checking the data to be stored;

a count value recorded by the counter; or

A random sequence generated from a random number.

17. The method according to claim 15, wherein the performing the security processing on the data to be stored according to the verification information comprises at least one of the following processes:

verifying the data to be stored by using the verification information; or

18. The method of claim 17, further comprising:

19. The method of claim 18, wherein determining the first key based on the authentication information comprises:

the method further comprises the following steps:

20. The method of any of claims 15 to 19, wherein the first memory comprises N regions, the second memory comprises N regions, the N regions of the first memory are in one-to-one correspondence with the N regions of the second memory, N is a positive integer, and

21. The method of claim 20, wherein each of the N regions of the second memory comprises at least two sub-regions, each sub-region having a size greater than or equal to a size of the verification information, the method further comprising performing the operations of storing the first data to the first memory and storing the verification information to the second memory in the following order:

storing the first data to the first area;

22. A method of processing data for use in a system chip comprising a secure element and a central processor, the secure element and the central processor being coupled, the central processor being configured to control the secure element, the secure element performing the method, the method comprising:

retrieving first data from a first memory;

23. The method of claim 22, wherein the authentication information comprises at least one of:

a check sequence generated by checking the data to be stored;

a count value recorded by the counter; or

A random sequence generated from a random number.

24. The method of claim 22, wherein the unsecured processing of the first data based on the authentication information comprises at least one of:

25. The method of claim 24, wherein prior to obtaining the authentication information from the second memory, the method further comprises:

decrypting the authentication information according to a second key, the second key being different from the first key.

26. The method of claim 25, wherein determining the first key based on the authentication information comprises:

the method further comprises the following steps:

27. The method of any of claims 22 to 26, wherein the first memory comprises N regions, wherein the second memory comprises N regions, wherein the N regions of the first memory are in one-to-one correspondence with the N regions of the second memory, wherein N is a positive integer, and wherein

The retrieving the first data from the first memory includes:

the obtaining the verification information from the second memory includes:

28. The method of claim 27, wherein each of the N regions of the second memory comprises at least two sub-regions, each sub-region having a size greater than or equal to a size of the verification information, and wherein performing the unsecure processing on the first data according to the verification information comprises:

29. A communications apparatus, comprising: the system on a chip of any of claims 1 to 14, the first memory, and the second memory.

30. A computer-readable storage medium storing computer instructions that, when executed, cause the computing device or secure element to perform the method of any of claims 15 to 28.