CN111475815A - Code protection method for chip - Google Patents

Code protection method for chip Download PDF

Info

Publication number
CN111475815A
CN111475815A CN202010270867.4A CN202010270867A CN111475815A CN 111475815 A CN111475815 A CN 111475815A CN 202010270867 A CN202010270867 A CN 202010270867A CN 111475815 A CN111475815 A CN 111475815A
Authority
CN
China
Prior art keywords
chip
ciphertext
code
identification code
protection method
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010270867.4A
Other languages
Chinese (zh)
Inventor
刘波
董刚辉
邱海一
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai High Flying Electronics Technology Co ltd
Original Assignee
Shanghai High Flying Electronics Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai High Flying Electronics Technology Co ltd filed Critical Shanghai High Flying Electronics Technology Co ltd
Priority to CN202010270867.4A priority Critical patent/CN111475815A/en
Publication of CN111475815A publication Critical patent/CN111475815A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/572Secure firmware programming, e.g. of basic input output system [BIOS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • H04L9/0897Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a code protection method for a chip, which comprises the following steps: encrypting the identification code of the unique identification chip by adopting an asymmetric encryption method to generate a ciphertext and writing the ciphertext and the identification code into the chip; when the chip is started, the ciphertext is decrypted and then is matched and verified with the identification code; if the verification is passed, the chip is successfully started, otherwise, the chip is failed to start; the chip is encrypted by utilizing the uniqueness of the identification code which uniquely identifies the chip in the chip, so that the function of protecting the code is achieved. Even under the condition that an encryption algorithm and a decryption key (public key) are disclosed, the protection effect is still effective, and the cost of a chip module is not increased.

Description

Code protection method for chip
Technical Field
The invention relates to the technical field of embedded systems, in particular to a code protection method for a chip.
Background
The method provides services such as SDK of a scheme and customized development for a customer, and after the customized development is delivered, the customer needs to purchase a certain hardware module and write customized firmware for batch production. Since the cost of firmware is going with the hardware module in mass production, it is necessary to limit the customer to have to use a certain hardware module.
At present, the product is mainly a WiFi module, firmware in the module can be read from Flash by a client, and the client can inevitably know an encryption method or even a secret key in communication with the client due to the SDK and the customized development service. It is therefore desirable to define a key that cannot be generated in bulk to be valid, even if the customer knows the above information; it is now common practice to add cryptographic chips, which increases the cost of the module.
Disclosure of Invention
In view of the above existing disadvantages, the present invention provides a code protection method for a chip, which encrypts an identification code uniquely identifying the chip, so that a customized firmware cannot be simply copied to other chips in batch, thereby achieving a code protection effect without increasing the cost.
In order to achieve the above purpose, the embodiment of the invention adopts the following technical scheme:
a code protection method for a chip, the code protection method for a chip comprising the steps of:
encrypting the identification code of the unique identification chip by adopting an asymmetric encryption method to generate a ciphertext and writing the ciphertext and the identification code into the chip;
when the chip is started, the ciphertext is decrypted and then is matched and verified with the identification code;
if the verification is passed, the chip is successfully started, otherwise, the chip is failed to start.
According to one aspect of the present invention, the encrypting the identification code of the unique identification chip by using the asymmetric encryption method to generate the ciphertext and writing the ciphertext and the identification code into the chip comprises the following steps:
defining that the chip has an identification code for uniquely identifying the chip;
generating a corresponding public key and a private key by adopting an RSA encryption and decryption algorithm;
encrypting the identification code of the unique identification chip by using a private key to generate a ciphertext;
and storing the ciphertext into a chip Flash.
According to an aspect of the invention, the public key is stored in the chip Flash.
According to one aspect of the invention, the code protection method for the chip comprises the following steps: the chip at least comprises an OTP part and a Flash part, the ciphertext is written into the Flash, and the identification code is stored in the OTP.
In accordance with one aspect of the invention, the identification code uniquely identifying the chip is a MAC address.
According to one aspect of the invention, the starting chip is a program in the running chip, and when the program in the running chip is run, a decryption algorithm is run to decrypt the ciphertext to obtain the identification code in the ciphertext.
According to one aspect of the invention, the code protection method for the chip comprises the step of placing a decryption algorithm in an L ib library of a program for firmware development when chip firmware development is carried out, and ensuring that the part of code is run when the firmware is started.
According to one aspect of the invention, the code protection method for the chip comprises the following steps: the program developed by the firmware also comprises a check code, wherein the check code is stored together with the use function of the important parameters of the chip in a 2-system form and is placed in a chip driver code area, the parameters are inevitably called to configure the performance of the chip when the chip driver is started, and meanwhile, a ciphertext check function is also operated.
According to one aspect of the invention, when the chip is started, the verification of matching between the decrypted ciphertext and the identification code comprises the following steps:
reading the identification code and the ciphertext from the chip when the chip is powered on and started;
after reading the identification code and the ciphertext, decrypting the ciphertext through a decryption algorithm to obtain a plaintext;
judging whether the plaintext is consistent with the identification code;
if the plaintext is consistent with the identification code, the chip enters a normal working state, otherwise, the chip enters an error state.
According to one aspect of the invention, the code protection method for the chip comprises the following steps: after the identification code and the ciphertext are read from the chip and executed when the chip is powered on and started, if the identification code and the ciphertext cannot be read, the chip enters an error state.
In accordance with one aspect of the invention, the chip comprises: the system comprises a system configuration area, a program operation area, a program backup area, a user configuration area and other data areas, wherein the system configuration area is a protection area, the identification code and the ciphertext are written into the system configuration area, and the program operation area is written into the decryption algorithm and the program.
The implementation of the invention has the advantages that: the invention relates to a code protection method for a chip, which comprises the following steps: encrypting the identification code of the unique identification chip by adopting an asymmetric encryption method to generate a ciphertext and writing the ciphertext and the identification code into the chip; when the chip is started, the ciphertext is decrypted and then is matched and verified with the identification code; if the verification is passed, the chip is successfully started, otherwise, the chip is failed to start; the uniqueness of an identification code (MAC address) which uniquely identifies the chip in the chip is utilized to encrypt the chip, so that the function of protecting the code is achieved; by utilizing the characteristics of an asymmetric encryption method, namely the characteristics of private key encryption and public key decryption, as long as the private key is well protected, the protection effect can be achieved even if the public key and a decryption algorithm are disclosed; the method comprises the steps of encrypting an identification code (MAC address) of a unique identification chip by a server in a production process to generate a ciphertext, and storing the identification code (MAC address) and the ciphertext of the unique identification chip into a chip module through a production tool, wherein the identification code (MAC address) of the unique identification chip is written into the chip, so that the possibility that the identification code (MAC address) of the unique identification chip is stored by other addresses due to the fact that the storage position of the identification code (MAC address) of the unique identification chip is exposed is avoided. By compiling the check code and the chip parameters into a 2-ary file using function mixture, it can be ensured that the check code can be run. Even in the case of the encryption algorithm and the decryption key (public key) being public, the protection effect is still effective, and the module cost is not increased.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without creative efforts.
FIG. 1 is a schematic diagram of a code protection method for a chip according to the present invention;
FIG. 2 is a schematic diagram of a module structure of an application chip according to the present invention;
FIG. 3 is a schematic diagram of Flash address division of the chip according to the present invention;
FIG. 4 is a schematic structural diagram of a WiFi module of the present invention;
FIG. 5 is a flow chart of a server generating a key pair and encrypting a MAC address according to the present invention;
FIG. 6 is a flowchart of the decryption and verification of the WiFi module of the present invention;
FIG. 7 is a schematic diagram of Flash address division of a WiFi module according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
As shown in fig. 1, a code protection method for a chip includes the following steps:
step S1: encrypting the identification code of the unique identification chip by adopting an asymmetric encryption method to generate a ciphertext and writing the ciphertext and the identification code into the chip;
in the production process of the module of the application chip, the identification code of the unique identification chip is encrypted by adopting an asymmetric encryption method to generate a ciphertext, and the ciphertext and the identification code are written into the chip. The identification code of the unique identification chip can be a MAC address, and can also be other identification codes in other application cases, such as two-dimensional codes, bar codes, digital IDs and the like. The application of the present invention is explained by taking the MAC address as an example. The encryption method used in the embodiment of the present invention is the RSA encryption algorithm, and other asymmetric encryption methods can be used in other applications, for example, Elgamal, the knapsack algorithm, Rabin, D-H, ECC (elliptic curve encryption algorithm), etc. Those skilled in the art familiar with various algorithms should be able to apply the present invention in the alternative.
A pair of secret, public and private keys is generated with RSA. The private key is only stored in the server of the company for encryption, and the public key is stored in the Flash of the chip for decryption.
In the module production process, submitting the MAC address of the module to a server to apply for a ciphertext, the server encrypts the MAC by using a private key and then produces the ciphertext and returns the ciphertext to the module, the module stores the MAC address into the OTP of the chip and stores the ciphertext into Flash; the basic structure of the module is shown in fig. 2, and generally comprises 2 chips, one is a chip integrated with the MCU function, and the other is a Flash chip for storing codes and data.
If the MAC address is also stored in the Flash chip, the storage address of the MAC address in the false chip is easy to be exposed, so that the address can be passed through in a client program and other addresses can be used for storing the real MAC address. Thus, the stored MAC address has no uniqueness, and the encryption effect of the MAC address is lost. Therefore, the MAC address needs to be stored in the chip (the position of the chip storing the MAC address has uniqueness), so that the validity of the encryption can be ensured.
The chip includes: the system comprises a system configuration area, a program operation area, a program backup area, a user configuration area and other data areas, wherein the system configuration area is a protection area, the identification code and the ciphertext are written into the system configuration area, and the program operation area is written into a decryption algorithm and a program; as shown in fig. 3, the address of the chip module Flash is divided. The MAC address and the ciphertext of the MAC address are written into a system configuration area, and the area is a write protection area, so that the situation that the whole module cannot operate due to misoperation of the area is prevented. Second, the decryption public key is compiled into the program's lib library, which appears in binary in the SDK to the client, thus ensuring that the code can be run on startup.
Step S2: when the chip is started, the ciphertext is decrypted and then is matched and verified with the identification code;
when the chip module is started, whether an MAC address in the chip is matched with a ciphertext in Flash needs to be checked, the module decrypts the ciphertext through a public key, if the decrypted data is matched with the MAC address, the verification is passed, and if not, the verification fails; in order to ensure that the checked code can run, the checking code in the SDK is stored together with the use function of the important parameters of the module in a 2-system form and is placed in a drive code area, the parameters are necessarily called to configure the performance of the module when the drive is started, and meanwhile, the function of checking the ciphertext is run.
Because the private key is needed to be used during encryption and the public key is used during decryption, the security of the encryption process can be ensured as long as the private key is protected from being leaked. And only the public key is needed during decryption, so that the public key only needs to be stored in the Flash of the module, and the risk of accidentally revealing the private key to a client is avoided.
Since the MAC address of the chip module must be unique for each module, otherwise the module will not work properly, we can use this feature to encrypt the MAC address.
Step S3: if the verification is passed, the chip is successfully started, otherwise, the chip is failed to start.
And decrypting the ciphertext through a public key in the SDK to obtain a plaintext, comparing the plaintext with the MAC address to determine whether the plaintext is matched with the MAC address, if so, entering a normal working state, and otherwise, entering an error state.
As shown in fig. 4, 5, 6, and 7, the WIFI module applying the technical solution of the present invention is taken as an example for implementation and description:
because the client may know the decryption algorithm and even the decryption key, an asymmetric encryption mode must be adopted, namely the encryption process and the decryption process are inconsistent, and finally the RSA encryption and decryption algorithm is adopted;
a pair of secret, public and private keys is generated with RSA. The private key is only stored in a server of a company and used for encryption, and the public key is stored in Flash of the WiFi module and used for decryption;
in the production process of the WiFi module, submitting an MAC address of the module to a server to apply for a ciphertext, the server encrypts the MAC by using a private key and then produces the ciphertext and returns the ciphertext to the WiFi module, the module stores the MAC address into the OTP of the WiFi chip and stores the ciphertexts into Flash; the basic structure of the WiFi module is shown in fig. 4, and generally includes 2 chips, one is a WiFi chip integrated with the MCU function, and the other is a Flash chip for storing codes and data.
If the MAC address is also stored in the Flash chip, the storage address of the MAC address in the false chip is easy to be exposed, so that the address can be passed through in a client program and other addresses can be used for storing the real MAC address. Thus, the stored MAC address has no uniqueness, and the encryption effect of the MAC address is lost. Therefore, the MAC address needs to be stored in the WiFi chip (the location of the WiFi chip storing the MAC address has uniqueness), so that the validity of the encryption can be ensured.
When the WiFi module is started, whether an MAC address in a WiFi chip is matched with a ciphertext in Flash needs to be checked, the WiFi module decrypts the ciphertext through a public key, if the decrypted data is matched with the MAC address, the module is checked to be passed, otherwise, the module cannot be started normally after the check fails; in order to ensure that the checked code can run, the check code in the SDK is stored together with the use function of the WiFi important parameter in a 2-system form and is placed in a WiFi drive code area, the WiFi drive inevitably calls the parameters to configure the performance of the WiFi, and meanwhile, the cipher text check function is run.
Referring to fig. 5, it describes the process of generating a key pair and encrypting a MAC address at the server side provided by the present invention:
step 1: after the server is started, the existing key pair is firstly read from the configuration file, if the key pair can be correctly read, the initialization is finished, and a terminal tool is waited to initiate application. If the key pair can not be read, automatically generating a key pair and storing the key pair;
step 2: the server receives a login application initiated by a terminal tool (such as a production tool), and after legality authentication such as a user name, a password and the like, the server is allowed to login;
and step 3: after the server receives an MAC address encryption application initiated by the terminal tool, the server uses a private key to carry out RSA encryption on the MAC address;
and 4, step 4: the server replies the encrypted ciphertext to the terminal tool
And 5: and after receiving the ciphertext, the terminal tool sends the MAC address and the ciphertext to the WiFi module together.
Step 6: and the WiFi module sends the MAC address to be written into the WiFi chip, and simultaneously writes the ciphertext into Flash.
Referring to fig. 6, it describes the flow of decryption and verification of the WiFi module provided by the present invention:
step 1, when a WiFi module is developed, a public key and a decryption algorithm are firstly placed in an L ib library of an SDK developed by firmware, and the part of codes are ensured to be run when the firmware is started;
as shown in fig. 7, address division for the WiFi module 2MByte Flash is shown. The MAC address and the cipher text of the MAC address are written into a system configuration area, and the area is a write protection area, so that the situation that the whole WiFi module cannot operate due to misoperation of the area is prevented. Second, the decryption public key is compiled into the program's lib library, which appears in binary in the SDK to the client, thus ensuring that the code can be run on startup.
Step 2: when the WiFi module is powered on and started, the MAC address and the ciphertext are respectively read from the WiFi chip and the Flash;
and step 3: if the MAC address and the ciphertext are not read, the program enters an error state, otherwise, the next step of verifying the MAC address and the ciphertext is carried out;
and 4, step 4: and decrypting the ciphertext through a public key in the SDK to obtain a plaintext, comparing the plaintext with the MAC address to determine whether the plaintext is matched with the MAC address, if so, entering a normal working state, and otherwise, entering an error state.
The WiFi module has the MAC address as a unique mark of each WiFi module, so each WiFi module has to write different MAC addresses in the production process. And the MAC address of the WiFi module is encrypted, so that the customized firmware cannot be simply copied to the WiFi module produced by non-Hanfeng in batches. Even if both the encryption/decryption algorithm and the decryption key are already disclosed, the ciphertext cannot be generated in batch.
The implementation of the invention has the advantages that: the invention relates to a code protection method for a chip, which comprises the following steps: encrypting the identification code of the unique identification chip by adopting an asymmetric encryption method to generate a ciphertext and writing the ciphertext and the identification code into the chip; when the chip is started, the ciphertext is decrypted and then is matched and verified with the identification code; if the verification is passed, the chip is successfully started, otherwise, the chip is failed to start; the uniqueness of an identification code (MAC address) which uniquely identifies the chip in the chip is utilized to encrypt the chip, so that the function of protecting the code is achieved; by utilizing the characteristics of an asymmetric encryption method, namely the characteristics of private key encryption and public key decryption, as long as the private key is well protected, the protection effect can be achieved even if the public key and a decryption algorithm are disclosed; the method comprises the steps of encrypting an identification code (MAC address) of a unique identification chip by a server in a production process to generate a ciphertext, and storing the identification code (MAC address) and the ciphertext of the unique identification chip into a chip module through a production tool, wherein the identification code (MAC address) of the unique identification chip is written into the chip, so that the possibility that the identification code (MAC address) of the unique identification chip is stored by other addresses due to the fact that the storage position of the identification code (MAC address) of the unique identification chip is exposed is avoided. By compiling the check code and the chip parameters into a 2-ary file using function mixture, it can be ensured that the check code can be run. Even in the case of the encryption algorithm and the decryption key (public key) being public, the protection effect is still effective, and the module cost is not increased.
The above description is only an embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention disclosed herein are intended to be covered by the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the appended claims.

Claims (10)

1. A code protection method for a chip, characterized in that the code protection method for a chip comprises the steps of:
encrypting the identification code of the unique identification chip by adopting an asymmetric encryption method to generate a ciphertext and writing the ciphertext and the identification code into the chip;
when the chip is started, the ciphertext is decrypted and then is matched and verified with the identification code;
if the verification is passed, the chip is successfully started, otherwise, the chip is failed to start.
2. The method of claim 1, wherein encrypting the identification code uniquely identifying the chip by an asymmetric encryption method to generate a ciphertext and writing the ciphertext and the identification code into the chip comprises:
defining that the chip has an identification code for uniquely identifying the chip;
generating a corresponding public key and a private key by adopting an RSA encryption and decryption algorithm;
encrypting the identification code of the unique identification chip by using a private key to generate a ciphertext;
and storing the ciphertext into a chip Flash.
3. The code protection method for chips according to claim 2, characterized in that said public key is stored in chip Flash.
4. The code protection method for chips of claim 1, wherein the identification code uniquely identifying a chip is a MAC address.
5. The code protection method for the chip according to claim 1, wherein the starting chip runs a program in the chip, and when the program in the chip is run, a decryption algorithm is run first to decrypt the ciphertext to obtain the identification code in the ciphertext.
6. The code protection method for the chip as claimed in claim 1, wherein the code protection method for the chip comprises placing a decryption algorithm in L ib library of a firmware development program when chip firmware development is performed, and ensuring that the part of code will be run when the firmware is started.
7. The code protection method for a chip according to claim 6, wherein the code protection method for a chip comprises: the program developed by the firmware also comprises a check code, wherein the check code is stored together with the use function of the important parameters of the chip in a 2-system form and is placed in a chip driver code area, the parameters are inevitably called to configure the performance of the chip when the chip driver is started, and meanwhile, a ciphertext check function is also operated.
8. The code protection method for the chip according to claim 6, wherein the step of decrypting the ciphertext and then verifying the ciphertext matched with the identification code when the chip is started comprises the following steps:
reading the identification code and the ciphertext from the chip when the chip is powered on and started;
after reading the identification code and the ciphertext, decrypting the ciphertext through a decryption algorithm to obtain a plaintext;
judging whether the plaintext is consistent with the identification code;
if the plaintext is consistent with the identification code, the chip enters a normal working state, otherwise, the chip enters an error state.
9. The code protection method for a chip according to claim 8, wherein the code protection method for a chip comprises: after the identification code and the ciphertext are read from the chip and executed when the chip is powered on and started, if the identification code and the ciphertext cannot be read, the chip enters an error state.
10. Code protection method for chips according to one of claims 1 to 9, characterized in that said chip comprises: the system comprises a system configuration area, a program operation area, a program backup area, a user configuration area and other data areas, wherein the system configuration area is a protection area, the identification code and the ciphertext are written into the system configuration area, and the program operation area is written into the decryption algorithm and the program.
CN202010270867.4A 2020-04-08 2020-04-08 Code protection method for chip Pending CN111475815A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010270867.4A CN111475815A (en) 2020-04-08 2020-04-08 Code protection method for chip

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010270867.4A CN111475815A (en) 2020-04-08 2020-04-08 Code protection method for chip

Publications (1)

Publication Number Publication Date
CN111475815A true CN111475815A (en) 2020-07-31

Family

ID=71750693

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010270867.4A Pending CN111475815A (en) 2020-04-08 2020-04-08 Code protection method for chip

Country Status (1)

Country Link
CN (1) CN111475815A (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112398647A (en) * 2020-11-03 2021-02-23 武汉先同科技有限公司 Consumable dynamic encryption method for channel distribution management
CN112948838A (en) * 2021-02-24 2021-06-11 长沙海格北斗信息技术有限公司 Chip encryption starting method, navigation chip and receiver thereof
CN113660659A (en) * 2021-10-19 2021-11-16 华智生物技术有限公司 Internet of things equipment identity identification method, system, equipment and computer readable medium
CN113656845A (en) * 2021-08-18 2021-11-16 福州锐迪优通讯科技有限公司 FPGA program volume production batch encryption method
CN116070293A (en) * 2023-03-09 2023-05-05 深圳市好盈科技股份有限公司 Processing method and device for firmware protection through chip encryption
CN116090031A (en) * 2023-03-08 2023-05-09 上海泰矽微电子有限公司 Firmware encryption method based on UUID of chip
WO2024066533A1 (en) * 2022-09-30 2024-04-04 深圳市中兴微电子技术有限公司 Chip assembly and information processing method thereof, and computer readable medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101345947A (en) * 2008-08-29 2009-01-14 中兴通讯股份有限公司 Mobile phone locking method, unlocking method, locking device and mobile phone
CN103974122A (en) * 2013-02-04 2014-08-06 澜起科技(上海)有限公司 Set top box chip and digital signature implementation method applied to same
WO2018076648A1 (en) * 2016-10-28 2018-05-03 深圳市中兴微电子技术有限公司 Secure enabling method and device for chip, and computer storage medium
CN110602140A (en) * 2019-09-29 2019-12-20 苏州思必驰信息科技有限公司 Encryption and decryption method and system for chip authorization

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101345947A (en) * 2008-08-29 2009-01-14 中兴通讯股份有限公司 Mobile phone locking method, unlocking method, locking device and mobile phone
CN103974122A (en) * 2013-02-04 2014-08-06 澜起科技(上海)有限公司 Set top box chip and digital signature implementation method applied to same
WO2018076648A1 (en) * 2016-10-28 2018-05-03 深圳市中兴微电子技术有限公司 Secure enabling method and device for chip, and computer storage medium
CN110602140A (en) * 2019-09-29 2019-12-20 苏州思必驰信息科技有限公司 Encryption and decryption method and system for chip authorization

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112398647A (en) * 2020-11-03 2021-02-23 武汉先同科技有限公司 Consumable dynamic encryption method for channel distribution management
CN112948838A (en) * 2021-02-24 2021-06-11 长沙海格北斗信息技术有限公司 Chip encryption starting method, navigation chip and receiver thereof
CN113656845A (en) * 2021-08-18 2021-11-16 福州锐迪优通讯科技有限公司 FPGA program volume production batch encryption method
CN113656845B (en) * 2021-08-18 2024-04-12 福州锐迪优通讯科技有限公司 FPGA program mass production batch encryption method
CN113660659A (en) * 2021-10-19 2021-11-16 华智生物技术有限公司 Internet of things equipment identity identification method, system, equipment and computer readable medium
CN113660659B (en) * 2021-10-19 2022-03-04 华智生物技术有限公司 Internet of things equipment identity identification method, system, equipment and computer readable medium
WO2024066533A1 (en) * 2022-09-30 2024-04-04 深圳市中兴微电子技术有限公司 Chip assembly and information processing method thereof, and computer readable medium
CN116090031A (en) * 2023-03-08 2023-05-09 上海泰矽微电子有限公司 Firmware encryption method based on UUID of chip
CN116070293A (en) * 2023-03-09 2023-05-05 深圳市好盈科技股份有限公司 Processing method and device for firmware protection through chip encryption

Similar Documents

Publication Publication Date Title
CN111475815A (en) Code protection method for chip
US10708062B2 (en) In-vehicle information communication system and authentication method
CN110519260B (en) Information processing method and information processing device
US20050283601A1 (en) Systems and methods for securing a computer boot
CN110688660B (en) Method and device for safely starting terminal and storage medium
CN107846396B (en) Memory system and binding method between memory system and host
CN109981562B (en) Software development kit authorization method and device
JP2004538584A (en) Information processing method and system in electronic device, electronic device, and processing block
CN111639348B (en) Management method and device of database keys
CN111401901B (en) Authentication method and device of biological payment device, computer device and storage medium
CN112862481B (en) Block chain digital asset key management method and system based on SIM card
CN111628863B (en) Data signature method and device, electronic equipment and storage medium
CN114915504B (en) Security chip initial authentication method and system
CN112468294A (en) Access method and authentication equipment for vehicle-mounted TBOX
CN112966254B (en) Secure communication method and system for host and trusted cryptographic module
US11930117B2 (en) Method and apparatus for reversible tokenization with support for embeddable role-based access control
CN110659522B (en) Storage medium security authentication method and device, computer equipment and storage medium
CN105873043B (en) Method and system for generating and applying network private key for mobile terminal
CN110858246B (en) Authentication method and system of security code space, and registration method thereof
CN103378966A (en) Secret key programming on safety dynamic piece
CN107343276B (en) Method and system for protecting SIM card locking data of terminal
CN110502360B (en) Self-checking method for advanced encryption standard coprocessor
CN113343215A (en) Embedded software authorization and authentication method and electronic equipment
JP2006524450A (en) Protecting mobile phone type telecommunication terminals
CN107682147B (en) Security management method and system for smart card chip operating system file

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination