CN112100692A - Encryption method and encryption device for hardware module - Google Patents
Encryption method and encryption device for hardware module Download PDFInfo
- Publication number
- CN112100692A CN112100692A CN202010988974.0A CN202010988974A CN112100692A CN 112100692 A CN112100692 A CN 112100692A CN 202010988974 A CN202010988974 A CN 202010988974A CN 112100692 A CN112100692 A CN 112100692A
- Authority
- CN
- China
- Prior art keywords
- hardware module
- authentication code
- random number
- code
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 28
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 66
- 230000008054 signal transmission Effects 0.000 claims description 5
- 238000005336 cracking Methods 0.000 abstract description 16
- 230000008569 process Effects 0.000 description 8
- 238000013475 authorization Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 238000004519 manufacturing process Methods 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 230000002427 irreversible effect Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 238000004088 simulation Methods 0.000 description 1
- 238000003860 storage Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/72—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
Landscapes
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Mathematical Physics (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The encryption method of the hardware module comprises the steps that a secure memory obtains a random number generated by the hardware module and sets an encryption algorithm according to the random number, a secret key and a security code to obtain a first authentication code; the hardware module sets an encryption algorithm according to the random number, the secret key and the security code to obtain a second authentication code; the hardware module acquires the first authentication code, compares the first authentication code with the second authentication code and judges whether to enter a set user program according to a comparison result. Through the technical scheme, the possibility of cracking the hardware module is greatly reduced by using the random number, the difficulty of cracking the hardware module is increased, and the hardware module is effectively prevented from being imitated by a third party.
Description
Technical Field
The present disclosure relates to the field of encryption technologies, and in particular, to an encryption method and an encryption apparatus for a hardware module.
Background
In the development process of hardware devices or boards, a large number of general-purpose processor hardware modules are used to reduce development cost, and the appearance, device type selection, layout, and the like of hardware modules that are sold in the market are subject to simulation. Currently, most hardware modules are protected easily by cracking due to cost consideration, or no protection mechanism is provided, or only simple protection is performed, so that for experienced plagiarisms, configuration and program data inside the hardware modules can be acquired by slightly adding some detection equipment outside the hardware modules, and the design of the hardware modules is very easy to pirate.
In order to solve the above problem, calibration data of the corresponding hardware module may be stored in an external memory, and whether the corresponding hardware module is a genuine module or a non-genuine module may be determined through calibration of the data. However, because the data to be calibrated is stored in the external memory, in the configuration stage, the data is completely exposed to the outside and is easily detected by a third party through an instrument to obtain an illegal copy, and the processor cannot distinguish whether the bit stream is real data or copied data, and the illegal data can obtain the authority of further running the program, therefore, the cost of cracking the mode is not high, and the safety degree is limited.
Disclosure of Invention
In order to solve the above technical problems or at least partially solve the above technical problems, the present disclosure provides an encryption method and an encryption apparatus for a hardware module, which greatly reduce the possibility of cracking the hardware module by using random numbers, increase the difficulty of cracking the hardware module, and effectively prevent the hardware module from being imitated by a third party.
In a first aspect, the present disclosure provides an encryption method for a hardware module, including:
the secure memory acquires a random number generated by the hardware module and sets an encryption algorithm according to the random number, the secret key and the secure code to acquire a first authentication code;
the hardware module carries out the set encryption algorithm according to the random number, the secret key and the security code to obtain a second authentication code;
and the hardware module acquires the first authentication code, compares the first authentication code with the second authentication code and judges whether to enter a set user program according to a comparison result.
Optionally, the comparing, by the hardware module, the first authentication code and the second authentication code, and determining whether to enter a set user program according to a comparison result includes:
and if the first authentication code is consistent with the second authentication code, the hardware module enters a user program.
Optionally, the comparing, by the hardware module, the first authentication code and the second authentication code, and determining whether to enter a set user program according to a comparison result includes:
and if the first authentication code is not consistent with the second authentication code, the hardware module exits the program.
Optionally, before the hardware module performs the encryption algorithm according to the random number, the secret key, and the security code to obtain a second authentication code, the method further includes:
the hardware module obtains the secret key and the security code stored in the security memory.
Optionally, the set encryption algorithm includes a message digest algorithm or a secure hash algorithm.
In a second aspect, the present disclosure provides an encryption apparatus for a hardware module, including:
the safety memory is connected with the hardware module through a bus;
the secure memory is used for acquiring a random number generated by the hardware module through the bus and setting an encryption algorithm according to the random number, the secret key and the secure code to acquire a first authentication code;
the hardware module is used for setting an encryption algorithm according to the random number, the secret key and the security code to obtain a second authentication code, obtaining the first authentication code through the bus, comparing the first authentication code with the second authentication code and judging whether to enter a set user program according to a comparison result.
Optionally, the bus is a single bus.
Optionally, the signal transmission node on the bus is connected to the set power supply signal through an impedance element.
Optionally, the hardware module includes a field programmable gate array or a power supply hardware module.
Optionally, the secure memory comprises a DS28E01 model chip.
Compared with the prior art, the technical scheme provided by the embodiment of the disclosure has the following advantages:
the encryption method and the encryption device for the hardware module provided by the embodiment of the disclosure are characterized in that a secure memory is arranged to acquire a random number generated by the hardware module and set an encryption algorithm according to the random number, a secret key and a security code to acquire a first authentication code, the hardware module sets the encryption algorithm according to the random number, the secret key and the security code to acquire a second authentication code, the hardware module acquires the first authentication code, compares the first authentication code with the second authentication code and judges whether a key of a set user program is entered on the random number according to a comparison result. Therefore, the random number is dynamically transmitted between the safety memory and the hardware module, the possibility of cracking the hardware module is greatly reduced by using the random number, the simulated hardware module can effectively ensure that the simulated hardware module can not normally work under the condition of not being authorized by a manufacturer, and the hardware module can normally work only by the authentication of a software algorithm between the hardware module and the carrier plate after the authorization of the manufacturer, so that the difficulty of cracking the hardware module is increased, and the hardware module is effectively prevented from being simulated by a third party.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and together with the description, serve to explain the principles of the disclosure.
In order to more clearly illustrate the embodiments or technical solutions in the prior art of the present disclosure, the drawings used in the description of the embodiments or prior art will be briefly described below, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without inventive exercise.
Fig. 1 is a schematic flowchart of an encryption method for a hardware module according to an embodiment of the present disclosure;
FIG. 2 is a schematic diagram illustrating data transmission between a secure memory and a hardware module according to an embodiment of the disclosure;
fig. 3 is a schematic structural diagram of an encryption apparatus for a hardware module according to an embodiment of the present disclosure.
Detailed Description
In order that the above objects, features and advantages of the present disclosure may be more clearly understood, aspects of the present disclosure will be further described below. It should be noted that the embodiments and features of the embodiments of the present disclosure may be combined with each other without conflict.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present disclosure, but the present disclosure may be practiced in other ways than those described herein; it is to be understood that the embodiments disclosed in the specification are only a few embodiments of the present disclosure, and not all embodiments.
Fig. 1 is a schematic flowchart of an encryption method for a hardware module according to an embodiment of the present disclosure. The encryption method of the hardware module can be applied to an application scene that the hardware module needs to be encrypted, and can be executed by the encryption device of the hardware module provided by the embodiment of the disclosure. As shown in fig. 1, the encryption method of the hardware module includes:
s110, the secure memory acquires the random number generated by the hardware module and sets an encryption algorithm according to the random number, the secret key and the secure code to acquire a first authentication code.
Fig. 2 is a schematic diagram of data transmission between a secure memory and a hardware module according to an embodiment of the disclosure. As shown in fig. 2, the hardware module 1 generates a random number, the hardware module 1 may include a random number generator for generating the random number, the hardware module 1 and the secure memory 2 have an electrical connection relationship, and the hardware module 1 transmits the generated random number to the secure memory 2.
The security code is a Read Only Memory (ROM) ID of the secure memory, also called an identification code, and is set when the secure memory is shipped from a factory, and the length of the ROMID of each piece of secure memory is 64 bits and is unique. The key is a parameter input in an algorithm for converting a plaintext into a ciphertext or converting a ciphertext into a plaintext, that is, secret information used for completing cryptography applications such as encryption, decryption or integrity verification. The secure memory 2 stores a unique security code, and the key can be obtained by using the master key and the unique security code stored in the secure memory 2, that is, by using a non-specific algorithm, the 8-byte key can also be generated by combining the ROM ID of the secure memory.
After acquiring the random number generated by the hardware module 1, the secure memory 2 sets an encryption algorithm according to the random number, the secret key, and the security code to acquire a first authentication code C1. For example, the encryption Algorithm may be a Message Digest Algorithm, that is, an MD5(Message Digest Algorithm 5) Algorithm, which is one of hash algorithms widely used by computers, and it is a basic principle of the hash Algorithm to operate data into another fixed length value, which is commonly used for file verification. The message digest algorithm is to compress the large volume of information into a secure format before signing the private key with the digital signature software, i.e., to convert a byte string of arbitrary length into a fixed-length hexadecimal digital string. The information abstract algorithm has the characteristics of fixed length of the information abstract value, easiness in calculation, strong modification resistance and the like.
For example, the set encryption Algorithm may also be a Secure Hash Algorithm, that is, a SHA (Secure Hash Algorithm), also called a Secure Hash Algorithm, which is mainly suitable for a Digital Signature Algorithm (DSA) defined in a Digital Signature Standard (DSS). A secure hash algorithm receives a plaintext and converts it into a ciphertext in an irreversible manner, which may be understood as the process of taking a string of input codes, i.e., pre-maps or messages, and converting them into a short, fixed-bit output sequence, i.e., a hash value, i.e., a message digest or a message authentication code.
The secure memory 2 may obtain the unique first authentication code C1 by performing a message digest algorithm according to the random number, the secret key and the security code, and the secure memory 2 may also obtain the unique first authentication code C1 by performing a secure hash algorithm according to the random number, the secret key and the security code, and the process of obtaining the first authentication code C1 by the random number, the secret key and the security code through the message digest algorithm or the secure hash algorithm is well known to those skilled in the art and will not be discussed herein.
S120, the hardware module sets an encryption algorithm according to the random number, the secret key and the security code to obtain a second authentication code.
Alternatively, as shown in fig. 2, before the hardware module 1 sets the encryption algorithm according to the random number, the key and the security code to obtain the second authentication code C2, the hardware module 1 may be configured to obtain the key and the security code stored inside the secure memory 2.
Specifically, a secret key and a security code are stored in the secure memory 2, an electrical connection relationship is formed between the secure memory 2 and the hardware module 1, the secret key and the security code which are stored in the secure memory 2 are sent to the hardware module 1 by the secure memory 2, and after the hardware module 1 obtains the secret key and the security code which are stored in the secure memory 2, an encryption algorithm is set according to the random number, the secret key and the security code by using a random number generated by the hardware module 1 to obtain the second authentication code C2.
For example, the encryption algorithm may be a message digest algorithm or a secure hash algorithm, and similarly, the hardware module 1 may obtain the unique second authentication code C2 by performing the message digest algorithm according to the random number, the secret key and the security code, and the hardware module 1 may obtain the unique second authentication code C2 by performing the secure hash algorithm according to the random number, the secret key and the security code, and the process of obtaining the second authentication code C2 by the random number, the secret key and the security code through the message digest algorithm or the secure hash algorithm is well known to those skilled in the art, and will not be further discussed herein.
It should be noted that the set encryption algorithm used by the secure memory 2 is the same as the set encryption algorithm used by the hardware module 1, and both of them may use an information digest algorithm or a secure hash algorithm.
S130, the hardware module obtains the first authentication code, compares the first authentication code with the second authentication code and judges whether to enter a set user program according to a comparison result.
Specifically, as shown in fig. 2, there is an electrical connection relationship between the hardware module 1 and the secure memory 2, and the hardware module 1 may obtain the first authentication code C1 generated by the secure memory 2, compare the first authentication code C1 generated by the secure memory 2 with the second authentication code C2 generated by the hardware module 1 itself, and determine whether to enter the set user program according to the comparison result.
Optionally, the hardware module 1 compares the first authentication code C1 with the second authentication code C2 and determines whether to enter the set user program according to the comparison result, and if the first authentication code C1 is consistent with the second authentication code C2, the hardware module 1 may enter the user program. If the first authentication code C1 does not match the second authentication code C2, the hardware module 1 exits the process.
Specifically, since the hardware module 1 can transmit the generated random number to the secure memory 2, if the hardware module 1 is in a normal state, since the first authentication code C1 acquired by the secure memory 2 is acquired by the random number, the key and the security code through the set encryption algorithm, and the second authentication code C2 acquired by the hardware module 1 is acquired by the same random number, the same key and the same security code through the same set encryption algorithm, the first authentication code C1 is consistent with the second authentication code C2, therefore, if the first authentication code C1 is consistent with the second authentication code C2, it is indicated that the hardware module 1 is in a normal state, and at this time, the hardware module 1 enters the user program, that is, the hardware module 1 passes the authentication.
If the third party maliciously detects the hardware module 1 and the random number generated by the hardware module 1 cannot be acquired by the third party, the authentication code acquired according to different random numbers is inconsistent with the first authentication code C1 in a large probability, so that if the first authentication code C1 is inconsistent with the second authentication code C2, the third party maliciously detects the hardware module 1, at this moment, the hardware module 1 exits from the user program, the hardware module 1 can also execute other operations instead of normally working, and at this moment, the authentication of the hardware module 1 is not passed.
At present, a hardware module has no protection mechanism or is simply checked in a mode of calculating and comparing preset values, a unique serial number, namely a device ID, is generally arranged in the hardware module, and the device ID is built in the hardware module when the hardware module leaves a factory. According to the unique ID serial number, the encryption protection of the hardware module can be realized by combining a related encryption algorithm and an external storage chip. After the hardware module is powered on, the hardware module enters an encryption program through a bootstrap program, the encryption program reads a unique ID preset in the hardware module by a manufacturer, a comparison value is calculated through a specific algorithm, then the preset comparison value stored in a specific position in an external memory, such as an external FLASH (FLASH memory), is read, and whether the two are consistent or not is judged. If the hardware modules are consistent, the hardware modules are certified modules which are delivered from factories; if the hardware module is not consistent with the hardware module, the hardware module is damaged or is not produced in the original factory, and the module can perform system power-off treatment.
However, because the data to be calibrated is stored in the external memory, in the configuration stage, the data is exposed to the outside and is easily detected by a third party through an instrument to obtain an illegal copy, and the processor cannot distinguish whether the bit stream is real data or copied data, the illegal data can obtain the authority of further running the program, so that the cost for cracking the mode is not high, and the safety degree is limited. That is, one obvious disadvantage of the prior art is that once the ID of the hardware module is read externally, the external device can disguise that the processor communicates with the FLASH to obtain the trust of the system.
In the embodiment of the disclosure, after the hardware module 1 is powered on, the hardware module 1 starts from a default external configuration and enters into an authentication program, the authentication program of the hardware module 1 generates a random number and sends the random number to the secure memory 2, the secure memory 2 obtains a first authentication code C1 according to the random number, a built-in secret key and a unique security code and by setting an encryption algorithm, the authentication program of the hardware module 1 obtains a second authentication code C2 through the same input and the same set encryption algorithm, and the authentication program of the hardware module 1 compares the first authentication code C1 with the second authentication code C2.
If the first authentication code C1 is identical to the second authentication code C2, it indicates that the hardware module 1 is in a normal state, and at this time, the hardware module 1 enters the user program, i.e., the hardware module 1 passes the authentication. If the third party maliciously detects the hardware module 1 and the random number generated by the hardware module 1 cannot be acquired by the third party, the authentication code acquired according to different random numbers is inconsistent with the first authentication code C1 in a large probability, so that if the first authentication code C1 is inconsistent with the second authentication code C2, the third party maliciously detects the hardware module 1, at this moment, the hardware module 1 exits from the user program, the hardware module 1 can also execute other operations instead of normally working, and at this moment, the authentication of the hardware module 1 is not passed. Therefore, the random number is dynamically transmitted between the secure memory 2 and the hardware module 1, the possibility of cracking the hardware module 1 is greatly reduced by using the random number, the simulated hardware module 1 can not normally work under the condition of unauthorized manufacture, and the hardware module 1 can normally work only by the authentication of a software algorithm between the hardware module 1 and the carrier plate after the authorization of the manufacture, so that the difficulty of cracking the hardware module 1 is increased, and the hardware module 1 is effectively prevented from being imitated by a third party.
The embodiment of the present disclosure further provides an encryption apparatus for a hardware module, and fig. 3 is a schematic structural diagram of the encryption apparatus for a hardware module provided in the embodiment of the present disclosure. With reference to fig. 2 and 3, the encryption device of the hardware module comprises a secure memory 2, the secure memory 2 being connected to the hardware module 1 via a bus 3. Illustratively, the bus 3 may be a single bus, the single bus is a peripheral serial expansion bus technology, a single signal line is adopted to transmit both a clock and data, and data is transmitted bidirectionally, the connection between the secure memory 2 and the hardware module 1 is realized by using the single bus, and on the basis of realizing the data transmission between the secure memory 2 and the hardware module 1, the hardware connection relationship between the hardware module 1 and the secure memory 2 is effectively simplified.
The secure memory 2 is used for acquiring a random number generated by the hardware module 1 through the bus 3 and setting an encryption algorithm according to the random number, the key and the security code to acquire a first authentication code C1, the hardware module 1 is used for setting the encryption algorithm according to the random number, the key and the security code to acquire a second authentication code C2, and is used for acquiring a first authentication code C1 through the bus 3, comparing the first authentication code C1 with the second authentication code C2 and judging whether to enter a set user program according to a comparison result.
Specifically, after the hardware module 1 is powered on, the hardware module 1 starts from the default external configuration and enters into an authentication program, the authentication program of the hardware module 1 generates a random number and sends the random number to the secure memory 2 through a bus, the secure memory 2 sets an encryption algorithm according to the random number, a built-in secret key and a unique security code to obtain a first authentication code C1, the hardware module 1 also obtains the secret key and the security code stored in the secure memory 2 and the first authentication code C1 generated by the secure memory 2 through the bus, the authentication program of the hardware module 1 obtains a second authentication code C2 through the same input and the same set encryption algorithm, and the authentication program of the hardware module 1 compares the first authentication code C1 with the second authentication code C2.
If the first authentication code C1 is identical to the second authentication code C2, it indicates that the hardware module 1 is in a normal state, and at this time, the hardware module 1 enters the user program, i.e., the hardware module 1 passes the authentication. If the third party maliciously detects the hardware module 1 and the random number generated by the hardware module 1 cannot be acquired by the third party, the authentication code acquired according to different random numbers is inconsistent with the first authentication code C1 in a high probability, so that if the first authentication code C1 is inconsistent with the second authentication code C2, the third party maliciously detects the hardware module 1, at this moment, the hardware module 1 exits from the user program, the hardware module 1 can also execute other operations instead of normally working, and at this moment, the authentication of the hardware module 1 is not passed.
Therefore, the random number is dynamically transmitted between the secure memory 2 and the hardware module 1 by using the single bus with a simpler connection relationship, the possibility of cracking the hardware module 1 is greatly reduced by using the random number, the simulated hardware module 1 can not normally work under the condition of unauthorized factory can be effectively ensured, and the hardware module 1 can normally work only by the authentication of a software algorithm between the hardware module 1 and the carrier plate after the authorization of the factory, so that the difficulty of cracking the hardware module 1 is increased, and the hardware module 1 is effectively prevented from being imitated by a third party.
Alternatively, as shown in fig. 3, the signal transmission node N on the bus 3 may be accessed to set the power supply signal through the impedance element R1. Specifically, the signal transmission node N on the bus 3 is a node at any position on the bus 3 connecting the secure memory 2 and the hardware module 1, the set power signal may be, for example, a positive power signal VDD, the signal transmission node N on the bus 3 is connected to the set power signal VDD through an impedance element R1 to form an open-drain configuration mode, and the impedance element R1 forms a pull-up element, so that the operating voltages of the secure memory 2 and the hardware module 1 are consistent, and the operating voltages of the secure memory 2 and the hardware module 1 are balanced, so as to ensure normal communication between the secure memory 2 and the hardware module 1.
Illustratively, the hardware module 1 may comprise a Field Programmable Gate Array, i.e. the hardware module 1 may comprise an FPGA (Field Programmable Gate Array), such as an FPGA produced by saint. Illustratively, the hardware module 1 may also include a power supply hardware module, and the power supply hardware module is encrypted by using a random number, so that the possibility of cracking the power supply hardware module is reduced, and the power supply hardware module is effectively prevented from being imitated by a third party.
Illustratively, the secure memory 2 may include a DS28E01 model chip. The DS28E01 model chip is a 128-byte user memory, a key which can be used for internal operation of the chip but cannot be read from the outside and a unique and unchangeable security code, and the adoption of the DS28E01 model chip as the security memory 2 can further reduce the possibility that the hardware module 1 is cracked on the basis of reducing the encryption cost of the hardware module 1, thereby effectively preventing the hardware module 1 from being imitated by a third party.
The random number is dynamically transmitted between the secure memory 2 and the hardware module 1 by using the single bus with a simpler connection relation, the possibility of cracking the hardware module 1 is greatly reduced by using the random number, the simulated hardware module 1 can not normally work under the condition of unauthorized manufacture can be effectively ensured, and the hardware module 1 can normally work only by the authentication of a software algorithm between the hardware module 1 and the carrier plate after the authorization of the manufacture, so that the difficulty of cracking the hardware module 1 is increased, and the hardware module 1 is effectively prevented from being imitated by a third party.
It is noted that, in this document, relational terms such as "first" and "second," and the like, may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The foregoing are merely exemplary embodiments of the present disclosure, which enable those skilled in the art to understand or practice the present disclosure. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the disclosure. Thus, the present disclosure is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (10)
1. A method for encrypting a hardware module, comprising:
the secure memory acquires a random number generated by the hardware module and sets an encryption algorithm according to the random number, the secret key and the secure code to acquire a first authentication code;
the hardware module carries out the set encryption algorithm according to the random number, the secret key and the security code to obtain a second authentication code;
and the hardware module acquires the first authentication code, compares the first authentication code with the second authentication code and judges whether to enter a set user program according to a comparison result.
2. The method for encrypting the hardware module according to claim 1, wherein the hardware module compares the first authentication code with the second authentication code and determines whether to enter a set user program according to the comparison result, comprising:
and if the first authentication code is consistent with the second authentication code, the hardware module enters a user program.
3. The method for encrypting the hardware module according to claim 1, wherein the hardware module compares the first authentication code with the second authentication code and determines whether to enter a set user program according to the comparison result, comprising:
and if the first authentication code is not consistent with the second authentication code, the hardware module exits the program.
4. The method for encrypting the hardware module according to claim 1, before the hardware module performs the encryption algorithm according to the random number, the secret key and the security code to obtain a second authentication code, further comprising:
the hardware module obtains the secret key and the security code stored in the security memory.
5. The hardware module encryption method of claim 1, wherein the configured encryption algorithm comprises a message digest algorithm or a secure hash algorithm.
6. An encryption apparatus for a hardware module, comprising:
the safety memory is connected with the hardware module through a bus;
the secure memory is used for acquiring a random number generated by the hardware module through the bus and setting an encryption algorithm according to the random number, the secret key and the secure code to acquire a first authentication code;
the hardware module is used for setting an encryption algorithm according to the random number, the secret key and the security code to obtain a second authentication code, obtaining the first authentication code through the bus, comparing the first authentication code with the second authentication code and judging whether to enter a set user program according to a comparison result.
7. The hardware module encryption device of claim 6, wherein the bus is a single bus.
8. The hardware module encryption device of claim 7, wherein the signal transmission node on the bus is connected to the set power signal through an impedance element.
9. The hardware module encryption apparatus of claim 6, wherein the hardware module comprises a field programmable gate array or a power supply hardware module.
10. The hardware module encryption apparatus of claim 6, wherein said secure memory comprises a DS28E01 model chip.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010988974.0A CN112100692A (en) | 2020-09-18 | 2020-09-18 | Encryption method and encryption device for hardware module |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010988974.0A CN112100692A (en) | 2020-09-18 | 2020-09-18 | Encryption method and encryption device for hardware module |
Publications (1)
Publication Number | Publication Date |
---|---|
CN112100692A true CN112100692A (en) | 2020-12-18 |
Family
ID=73758975
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010988974.0A Pending CN112100692A (en) | 2020-09-18 | 2020-09-18 | Encryption method and encryption device for hardware module |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112100692A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113011870A (en) * | 2021-02-02 | 2021-06-22 | 北京易路行技术有限公司 | Method and device for carrying out user card loading through ETC antenna |
CN113111323A (en) * | 2021-04-14 | 2021-07-13 | 中国电子科技集团公司第五十八研究所 | FT2232H program programming equipment and method based on SHA-1 identity authentication |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103562922A (en) * | 2011-03-30 | 2014-02-05 | 耶德托公司 | Establishing unique key during chip manufacturing |
CN104463026A (en) * | 2014-12-08 | 2015-03-25 | 深圳中科讯联科技有限公司 | System and method for hardware anti-copying board |
CN107967413A (en) * | 2017-11-28 | 2018-04-27 | 深圳进化动力数码科技有限公司 | Software enciphering method and device |
US20190050347A1 (en) * | 2018-07-25 | 2019-02-14 | Intel Corporation | Memory data protection based on authenticated encryption |
CN110879875A (en) * | 2019-10-28 | 2020-03-13 | 华晟现代电子科技(香港)有限公司 | Hardware encryption device, embedded system copyright protection system and method |
-
2020
- 2020-09-18 CN CN202010988974.0A patent/CN112100692A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103562922A (en) * | 2011-03-30 | 2014-02-05 | 耶德托公司 | Establishing unique key during chip manufacturing |
CN104463026A (en) * | 2014-12-08 | 2015-03-25 | 深圳中科讯联科技有限公司 | System and method for hardware anti-copying board |
CN107967413A (en) * | 2017-11-28 | 2018-04-27 | 深圳进化动力数码科技有限公司 | Software enciphering method and device |
US20190050347A1 (en) * | 2018-07-25 | 2019-02-14 | Intel Corporation | Memory data protection based on authenticated encryption |
CN110879875A (en) * | 2019-10-28 | 2020-03-13 | 华晟现代电子科技(香港)有限公司 | Hardware encryption device, embedded system copyright protection system and method |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113011870A (en) * | 2021-02-02 | 2021-06-22 | 北京易路行技术有限公司 | Method and device for carrying out user card loading through ETC antenna |
CN113011870B (en) * | 2021-02-02 | 2024-05-07 | 北京易路行技术有限公司 | Method and device for carrying out user card loading through ETC antenna |
CN113111323A (en) * | 2021-04-14 | 2021-07-13 | 中国电子科技集团公司第五十八研究所 | FT2232H program programming equipment and method based on SHA-1 identity authentication |
CN113111323B (en) * | 2021-04-14 | 2022-08-16 | 中国电子科技集团公司第五十八研究所 | FT2232H program programming equipment and method based on SHA-1 identity authentication |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110493197B (en) | Login processing method and related equipment | |
WO2021013245A1 (en) | Data key protection method and system, electronic device and storage medium | |
RU2356169C2 (en) | Affixment of software to hardware with application of cryptography | |
KR101548041B1 (en) | Validation and/or authentication of a device for communication with a network | |
JP4912879B2 (en) | Security protection method for access to protected resources of processor | |
US6571335B1 (en) | System and method for authentication of off-chip processor firmware code | |
CN102426640B (en) | For the fail-safe software product identifiers of Product Validation and activation | |
US6633981B1 (en) | Electronic system and method for controlling access through user authentication | |
US9430658B2 (en) | Systems and methods for secure provisioning of production electronic circuits | |
KR101795457B1 (en) | Method of initializing device and method of updating firmware of device having enhanced security function | |
JP6509197B2 (en) | Generating working security key based on security parameters | |
JP4638912B2 (en) | Method for transmitting a direct proof private key in a signed group to a device using a distribution CD | |
CN107094108B (en) | Device connected to a data bus and method for implementing an encryption function in said device | |
JPH11225142A (en) | Authentication system and method | |
EP2965254A1 (en) | Systems and methods for maintaining integrity and secrecy in untrusted computing platforms | |
JP2010527219A (en) | Method and system for electronically securing electronic device security using functions that cannot be physically copied | |
US9042553B2 (en) | Communicating device and communicating method | |
EP3612968B1 (en) | Method and apparatus to quickly authenticate program using a security element | |
JPH05216411A (en) | Method and apparatus for observing network-safety ensuring policy in public key cryptograph system | |
CN110730159B (en) | TrustZone-based secure and trusted hybrid system starting method | |
CN112448941A (en) | Authentication system and method for authenticating a microcontroller | |
WO2023240866A1 (en) | Cipher card and root key protection method therefor, and computer readable storage medium | |
WO2018166163A1 (en) | Pos terminal control method, pos terminal, server and storage medium | |
US20220209946A1 (en) | Key revocation for edge devices | |
CN112100692A (en) | Encryption method and encryption device for hardware module |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |