CN112100692A - Encryption method and encryption device for hardware module - Google Patents

Encryption method and encryption device for hardware module Download PDF

Info

Publication number
CN112100692A
CN112100692A CN202010988974.0A CN202010988974A CN112100692A CN 112100692 A CN112100692 A CN 112100692A CN 202010988974 A CN202010988974 A CN 202010988974A CN 112100692 A CN112100692 A CN 112100692A
Authority
CN
China
Prior art keywords
hardware module
authentication code
random number
code
encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010988974.0A
Other languages
Chinese (zh)
Other versions
CN112100692B (en
Inventor
李钢
李郜伟
张巧宁
包冲
张�浩
徐小文
苏香
刘飞刚
董华强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Ucas Technology Co ltd
Original Assignee
Beijing Ucas Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Ucas Technology Co ltd filed Critical Beijing Ucas Technology Co ltd
Priority to CN202010988974.0A priority Critical patent/CN112100692B/en
Publication of CN112100692A publication Critical patent/CN112100692A/en
Application granted granted Critical
Publication of CN112100692B publication Critical patent/CN112100692B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/72Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Mathematical Physics (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

本公开涉及一种硬件模块的加密方法及加密装置,硬件模块的加密方法包括安全存储器获取硬件模块产生的随机数并根据随机数、密钥和安全码进行设定加密算法以获取第一认证码;硬件模块根据随机数、密钥和安全码进行设定加密算法以获取第二认证码;硬件模块获取第一认证码,比较第一认证码和第二认证码并根据比较结果判断是否进入设定用户程序。通过本公开的技术方案,利用随机数大大降低了硬件模块被破解的可能性,增加了硬件模块被破解的难度,有效防止硬件模块被第三方仿制。

Figure 202010988974

The present disclosure relates to an encryption method and an encryption device for a hardware module. The encryption method for a hardware module includes a secure memory acquiring a random number generated by the hardware module, and setting an encryption algorithm according to the random number, a key and a security code to obtain a first authentication code. The hardware module sets the encryption algorithm to obtain the second authentication code according to the random number, the key and the security code; the hardware module obtains the first authentication code, compares the first authentication code and the second authentication code, and judges whether to enter the device according to the comparison result. User program. Through the technical solution of the present disclosure, the random number is used to greatly reduce the possibility of the hardware module being cracked, increase the difficulty of the hardware module being cracked, and effectively prevent the hardware module from being imitated by a third party.

Figure 202010988974

Description

一种硬件模块的加密方法及加密装置A hardware module encryption method and encryption device

技术领域technical field

本公开涉及加密技术领域,尤其涉及一种硬件模块的加密方法及加密装置。The present disclosure relates to the field of encryption technology, and in particular, to an encryption method and an encryption device for a hardware module.

背景技术Background technique

在硬件设备或者板卡的研发过程中,为了降低开发成本,大量通用的处理器硬件模块被采用,导致有市场销量的硬件模块的外观、器件选型及布局等成为被模仿的对象。当前大多数硬件模块出于成本考虑,或者没有任何的保护机制,或者只做了简单的,易被破解的保护,这对于有经验的抄袭者,外部稍加一些侦测设备就可以获取到硬件模块内部的配置和程序数据,导致硬件模块的设计极易被盗版。In the development process of hardware equipment or boards, in order to reduce development costs, a large number of general-purpose processor hardware modules are used, resulting in the appearance, device selection and layout of hardware modules that are sold in the market. At present, most of the hardware modules do not have any protection mechanism due to cost considerations, or they only have simple protection that is easy to be cracked. For experienced plagiarists, they can obtain the hardware by adding a little external detection equipment. The configuration and program data inside the module make the design of the hardware module very easy to be pirated.

为了解决上述问题,目前可以在外部存储器中存储对应硬件模块的校准数据,通过数据的校准判断对应的硬件模块为正品模块还是非原厂正品模块。但是,因为需要校准的数据存储在外部存储器中,在配置阶段,数据全部暴露在外部,容易被第三方通过仪器探测到以获得非法的副本,而处理器并不能区别比特流是真实数据还是复制数据,非法数据可以获取程序进一步运行的权限,因此,这种模式被破解的成本并不高,安全度有限。In order to solve the above problem, currently, the calibration data of the corresponding hardware module can be stored in the external memory, and whether the corresponding hardware module is a genuine module or a non-original genuine module can be judged through the calibration of the data. However, because the data to be calibrated is stored in the external memory, in the configuration stage, the data is all exposed to the outside, which is easily detected by a third party through the instrument to obtain an illegal copy, and the processor cannot distinguish whether the bit stream is real data or a copy Data, illegal data can obtain the permission of the program to run further, therefore, the cost of cracking this mode is not high, and the security is limited.

发明内容SUMMARY OF THE INVENTION

为了解决上述技术问题或者至少部分地解决上述技术问题,本公开提供了一种硬件模块的加密方法及加密装置,利用随机数大大降低了硬件模块被破解的可能性,增加了硬件模块被破解的难度,有效防止硬件模块被第三方仿制。In order to solve the above technical problems or at least partially solve the above technical problems, the present disclosure provides an encryption method and an encryption device for a hardware module, which greatly reduces the possibility of the hardware module being cracked by using random numbers, and increases the probability of the hardware module being cracked. It is difficult to effectively prevent hardware modules from being copied by third parties.

第一方面,本公开提供了一种硬件模块的加密方法,包括:In a first aspect, the present disclosure provides an encryption method for a hardware module, including:

安全存储器获取所述硬件模块产生的随机数并根据所述随机数、密钥和安全码进行设定加密算法以获取第一认证码;The secure memory acquires the random number generated by the hardware module and sets an encryption algorithm according to the random number, the key and the security code to acquire the first authentication code;

所述硬件模块根据所述随机数、所述密钥和所述安全码进行所述设定加密算法以获取第二认证码;The hardware module performs the set encryption algorithm according to the random number, the key and the security code to obtain the second authentication code;

所述硬件模块获取所述第一认证码,比较所述第一认证码和所述第二认证码并根据比较结果判断是否进入设定用户程序。The hardware module obtains the first authentication code, compares the first authentication code and the second authentication code, and judges whether to enter the setting user program according to the comparison result.

可选地,所述硬件模块比较所述第一认证码和所述第二认证码并根据比较结果判断是否进入设定用户程序,包括:Optionally, the hardware module compares the first authentication code and the second authentication code and judges whether to enter a user setting program according to the comparison result, including:

若所述第一认证码与所述第二认证码一致,则所述硬件模块进入用户程序。If the first authentication code is consistent with the second authentication code, the hardware module enters a user program.

可选地,所述硬件模块比较所述第一认证码和所述第二认证码并根据比较结果判断是否进入设定用户程序,包括:Optionally, the hardware module compares the first authentication code and the second authentication code and judges whether to enter a user setting program according to the comparison result, including:

若所述第一认证码与所述第二认证码不一致,则所述硬件模块退出程序。If the first authentication code is inconsistent with the second authentication code, the hardware module exits the program.

可选地,在所述硬件模块根据所述随机数、所述密钥和所述安全码进行所述设定加密算法以获取第二认证码之前,还包括:Optionally, before the hardware module performs the set encryption algorithm according to the random number, the key and the security code to obtain the second authentication code, the method further includes:

所述硬件模块获取所述安全存储器内部存储的所述密钥和所述安全码。The hardware module acquires the key and the security code stored inside the secure memory.

可选地,所述设定加密算法包括信息摘要算法或者安全散列算法。Optionally, the set encryption algorithm includes a message digest algorithm or a secure hash algorithm.

第二方面,本公开提供了一种硬件模块的加密装置,包括:In a second aspect, the present disclosure provides a hardware module encryption device, including:

安全存储器,所述安全存储器与所述硬件模块通过总线连接;a secure memory, the secure memory is connected to the hardware module through a bus;

所述安全存储器用于通过所述总线获取硬件模块产生的随机数并根据所述随机数、密钥和安全码进行设定加密算法以获取第一认证码;The secure memory is used to obtain the random number generated by the hardware module through the bus and set an encryption algorithm according to the random number, the key and the security code to obtain the first authentication code;

所述硬件模块用于根据所述随机数、所述密钥和所述安全码进行所述设定加密算法以获取第二认证码,以及用于通过所述总线获取所述第一认证码,比较所述第一认证码和所述第二认证码并根据比较结果判断是否进入设定用户程序。The hardware module is configured to perform the set encryption algorithm according to the random number, the key and the security code to obtain the second authentication code, and to obtain the first authentication code through the bus, Compare the first authentication code and the second authentication code and judge whether to enter the setting user program according to the comparison result.

可选地,所述总线为单总线。Optionally, the bus is a single bus.

可选地,所述总线上的信号传输节点通过阻抗元件接入设定电源信号。Optionally, a signal transmission node on the bus is connected to a set power signal through an impedance element.

可选地,所述硬件模块包括现场可编程逻辑门阵列或者电源硬件模块。Optionally, the hardware module includes a field programmable logic gate array or a power supply hardware module.

可选地,所述安全存储器包括DS28E01型号芯片。Optionally, the secure memory includes a DS28E01 type chip.

本公开实施例提供的技术方案与现有技术相比具有如下优点:Compared with the prior art, the technical solutions provided by the embodiments of the present disclosure have the following advantages:

本公开实施例提供的硬件模块的加密方法及加密装置,设置安全存储器获取硬件模块产生的随机数并根据随机数、密钥和安全码进行设定加密算法以获取第一认证码,硬件模块根据随机数、密钥和安全码进行设定加密算法以获取第二认证码,硬件模块获取第一认证码,比较第一认证码和第二认证码并根据比较结果判断是否进入设定用户程序关键在随机数上。这样,本公开实施例在安全存储器与硬件模块之间动态地传输随机数,利用随机数大大降低了硬件模块被破解的可能性,能够有效确保在未经厂家授权的情况下,模仿出的硬件模块无法正常工作,只有经过厂家授权,硬件模块和载板之间通过软件算法的认证,硬件模块才可以正常工作,从而增加了硬件模块被破解的难度,有效防止硬件模块被第三方仿制。In the encryption method and encryption device for a hardware module provided by the embodiments of the present disclosure, a secure memory is set to obtain a random number generated by the hardware module, and an encryption algorithm is set according to the random number, key and security code to obtain the first authentication code, and the hardware module is based on the random number, key and security code. The random number, the key and the security code are used to set the encryption algorithm to obtain the second authentication code. The hardware module obtains the first authentication code, compares the first authentication code and the second authentication code, and judges whether to enter the set user program key according to the comparison result. on random numbers. In this way, the embodiment of the present disclosure dynamically transmits random numbers between the secure memory and the hardware module, and the use of random numbers greatly reduces the possibility of the hardware module being cracked, and can effectively ensure that the imitated hardware can be simulated without the authorization of the manufacturer. If the module cannot work normally, the hardware module can work normally only after the authorization of the manufacturer and the authentication of the software algorithm between the hardware module and the carrier board, which increases the difficulty of cracking the hardware module and effectively prevents the hardware module from being copied by third parties.

附图说明Description of drawings

此处的附图被并入说明书中并构成本说明书的一部分,示出了符合本公开的实施例,并与说明书一起用于解释本公开的原理。The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the disclosure and together with the description serve to explain the principles of the disclosure.

为了更清楚地说明本公开实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,对于本领域普通技术人员而言,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the embodiments of the present disclosure or the technical solutions in the prior art, the accompanying drawings that are required to be used in the description of the embodiments or the prior art will be briefly introduced below. In other words, on the premise of no creative labor, other drawings can also be obtained from these drawings.

图1为本公开实施例提供的一种硬件模块的加密方法的流程示意图;1 is a schematic flowchart of a method for encrypting a hardware module according to an embodiment of the present disclosure;

图2为本公开实施例提供的一种安全存储器与硬件模块之间数据传输的示意图;2 is a schematic diagram of data transmission between a secure memory and a hardware module according to an embodiment of the present disclosure;

图3为本公开实施例提供的一种硬件模块的加密装置的结构示意图。FIG. 3 is a schematic structural diagram of a hardware module encryption device according to an embodiment of the present disclosure.

具体实施方式Detailed ways

为了能够更清楚地理解本公开的上述目的、特征和优点,下面将对本公开的方案进行进一步描述。需要说明的是,在不冲突的情况下,本公开的实施例及实施例中的特征可以相互组合。In order to more clearly understand the above objects, features and advantages of the present disclosure, the solutions of the present disclosure will be further described below. It should be noted that the embodiments of the present disclosure and the features in the embodiments may be combined with each other under the condition of no conflict.

在下面的描述中阐述了很多具体细节以便于充分理解本公开,但本公开还可以采用其他不同于在此描述的方式来实施;显然,说明书中的实施例只是本公开的一部分实施例,而不是全部的实施例。Many specific details are set forth in the following description to facilitate a full understanding of the present disclosure, but the present disclosure can also be implemented in other ways different from those described herein; obviously, the embodiments in the specification are only a part of the embodiments of the present disclosure, and Not all examples.

图1为本公开实施例提供的一种硬件模块的加密方法的流程示意图。硬件模块的加密方法可以应用在需要对硬件模块进行加密的应用场景,可以由本公开实施例提供的硬件模块的加密装置执行。如图1所示,硬件模块的加密方法包括:FIG. 1 is a schematic flowchart of a method for encrypting a hardware module according to an embodiment of the present disclosure. The encryption method for a hardware module can be applied to an application scenario where the hardware module needs to be encrypted, and can be executed by the encryption device for a hardware module provided by the embodiment of the present disclosure. As shown in Figure 1, the encryption method of the hardware module includes:

S110、安全存储器获取硬件模块产生的随机数并根据随机数、密钥和安全码进行设定加密算法以获取第一认证码。S110, the secure memory acquires the random number generated by the hardware module and sets an encryption algorithm according to the random number, the key and the security code to acquire the first authentication code.

图2为本公开实施例提供的一种安全存储器与硬件模块之间数据传输的示意图。如图2所示,硬件模块1产生随机数,硬件模块1内部可以包含有用于生成随机数的随机数产生器,硬件模块1与安全存储器2之间具有电连接关系,硬件模块1将产生的随机数传输至安全存储器2。FIG. 2 is a schematic diagram of data transmission between a secure memory and a hardware module according to an embodiment of the present disclosure. As shown in Figure 2, the hardware module 1 generates random numbers. The hardware module 1 may contain a random number generator for generating random numbers. The hardware module 1 and the secure memory 2 are electrically connected. The random number is transferred to secure memory 2.

安全码是指安全存储器的ROM(Read OnlyMemery,只读存储器)ID,也称为识别码,出厂的时候安全存储器的安全码即被设定好,每片安全存储器的ROMID的长度为64bit且唯一。密钥是指在明文转换为密文或将密文转换为明文的算法中输入的参数,即用来完成加密、解密或者完整性验证等密码学应用的秘密信息。安全存储器2内部存储有唯一的安全码,密钥可以利用主密钥以及安全存储器2内部存储的唯一的安全码获得,即采用某种非特定算法,也可以结合安全存储器的ROM ID生成8个字节的密钥。Security code refers to the ROM (Read Only Memory) ID of the security memory, also known as the identification code. The security code of the security memory is set when it leaves the factory. The length of the ROMID of each security memory is 64 bits and is unique. . The key refers to the parameters input in the algorithm of converting plaintext to ciphertext or converting ciphertext to plaintext, that is, the secret information used to complete cryptographic applications such as encryption, decryption or integrity verification. A unique security code is stored in the secure memory 2, and the key can be obtained by using the master key and the unique security code stored in the secure memory 2, that is, using a certain non-specific algorithm, or combining the ROM ID of the secure memory to generate 8 Byte key.

安全存储器2在获取到硬件模块1产生的随机数后,根据随机数、密钥以及安全码进行设定加密算法获取第一认证码C1。示例性地,设定加密算法可以是信息摘要算法,即MD5(Message Digest Algorithm 5)算法,信息摘要算法是计算机广泛使用的杂凑算法之一,将数据运算为另一固定长度值是杂凑算法的基础原理,常用于文件校验,不管文件多大,经过信息摘要算法后都能生成唯一的信息摘要值。信息摘要算法是让大容量信息在用数字签名软件签署私人密钥前被压缩成一种保密的格式,也即把一个任意长度的字节串变换成一定长的十六进制数字串。信息摘要算法具有信息摘要值长度固定、容易计算以及抗修改性强等特点。After acquiring the random number generated by the hardware module 1, the secure memory 2 sets the encryption algorithm according to the random number, the key and the security code to obtain the first authentication code C1. Exemplarily, the set encryption algorithm may be a message digest algorithm, namely the MD5 (Message Digest Algorithm 5) algorithm, the message digest algorithm is one of the hash algorithms widely used by computers, and it is a hash algorithm to operate the data into another fixed-length value. The basic principle is often used for file verification. No matter how large the file is, a unique message digest value can be generated after the message digest algorithm. The message digest algorithm is to allow a large amount of information to be compressed into a confidential format before signing the private key with digital signature software, that is, to convert a string of bytes of arbitrary length into a string of hexadecimal digits of a certain length. The information digest algorithm has the characteristics of fixed length of the message digest value, easy calculation and strong resistance to modification.

示例性地,设定加密算法也可以是安全散列算法,即SHA(Secure HashAlgorithm)算法,也称为安全哈希算法,主要适用于数字签名标准(DSS,DigitalSignatureStandard)里面定义的数字签名算法(DSA,DigitalSignature Algorithm)。安全散列算法即接收一段明文,然后以一种不可逆的方式将它转换成一段密文,可以理解为取一串输入码,即预映射或信息,并把它们转化为长度较短、位数固定的输出序列即散列值,即信息摘要或信息认证代码的过程。Exemplarily, the set encryption algorithm may also be a secure hash algorithm, namely the SHA (Secure HashAlgorithm) algorithm, also known as a secure hash algorithm, which is mainly applicable to the digital signature algorithm ( DSA, Digital Signature Algorithm). The secure hash algorithm is to receive a piece of plaintext, and then convert it into a piece of ciphertext in an irreversible way. The fixed output sequence is the hash value, the process of message digest or message authentication code.

安全存储器2根据随机数、密钥和安全码进行信息摘要算法可以获取唯一的第一认证码C1,安全存储器2根据随机数、密钥和安全码进行安全散列算法同样可以获取唯一的第一认证码C1,由随机数、密钥和安全码经由信息摘要算法或者安全散列算法获取第一认证码C1的过程为本领域技术人员所熟知,这里不再展开论述。The secure memory 2 can obtain the unique first authentication code C1 by performing the information digest algorithm according to the random number, the key and the security code, and the secure memory 2 can also obtain the unique first authentication code C1 by performing the secure hash algorithm according to the random number, the key and the security code. For the authentication code C1, the process of obtaining the first authentication code C1 from a random number, a key and a security code through an information digest algorithm or a secure hash algorithm is well known to those skilled in the art, and will not be discussed here.

S120、硬件模块根据随机数、密钥和安全码进行设定加密算法以获取第二认证码。S120, the hardware module sets the encryption algorithm according to the random number, the key and the security code to obtain the second authentication code.

可选地,如图2所示,在硬件模块1根据随机数、密钥和安全码进行设定加密算法以获取第二认证码C2之前,可以设置硬件模块1获取安全存储器2内部存储的密钥和安全码。Optionally, as shown in FIG. 2, before the hardware module 1 sets the encryption algorithm according to the random number, the key and the security code to obtain the second authentication code C2, the hardware module 1 can be set to obtain the password stored in the secure memory 2. key and security code.

具体地,安全存储器2内部存储有密钥和安全码,安全存储器2与硬件模块1之间具有电连接关系,安全存储器2将内部存储的密钥和安全码发送至硬件模块1,硬件模块1获取到安全存储器2内部存储的密钥和安全码后,利用其自身产生的随机数,根据随机数、密钥和安全码进行设定加密算法以获取第二认证码C2。Specifically, the secure memory 2 internally stores a key and a security code, and the secure memory 2 has an electrical connection with the hardware module 1. The secure memory 2 sends the internally stored key and security code to the hardware module 1, and the hardware module 1 After acquiring the key and the security code stored in the secure memory 2, use the random number generated by itself to set the encryption algorithm according to the random number, the key and the security code to obtain the second authentication code C2.

示例性地,设定加密算法同样可以是信息摘要算法或者安全散列算法,同样地,硬件模块1根据随机数、密钥和安全码进行信息摘要算法可以获取唯一的第二认证码C2,硬件模块1根据随机数、密钥和安全码进行安全散列算法同样可以获取唯一的第二认证码C2,由随机数、密钥和安全码经由信息摘要算法或者安全散列算法获取第二认证码C2的过程为本领域技术人员所熟知,这里不再展开论述。Exemplarily, the set encryption algorithm can also be an information digest algorithm or a secure hash algorithm. Similarly, the hardware module 1 can obtain a unique second authentication code C2 by performing the message digest algorithm according to the random number, the key and the security code. Module 1 can also obtain a unique second authentication code C2 by performing a secure hash algorithm according to the random number, key and security code, and obtains the second authentication code from the random number, key and security code through the message digest algorithm or the secure hash algorithm The process of C2 is well known to those skilled in the art and will not be discussed here.

需要说明的是,安全存储器2采用的设定加密算法与硬件模块1采用的设定加密算法相同,二者可以均采用信息摘要算法,也可以均采用安全散列算法。It should be noted that the set encryption algorithm used by the secure memory 2 is the same as the set encryption algorithm used by the hardware module 1, and both may use an information digest algorithm, or both may use a secure hash algorithm.

S130、硬件模块获取第一认证码,比较第一认证码和第二认证码并根据比较结果判断是否进入设定用户程序。S130, the hardware module obtains the first authentication code, compares the first authentication code and the second authentication code, and judges whether to enter the setting user program according to the comparison result.

具体地,如图2所示,硬件模块1与安全存储器2之间存在电连接关系,硬件模块1可以获取安全存储器2生成的第一认证码C1,并将安全存储器2生成的第一认证码C1与硬件模块1自身生成的第二认证码C2进行比较,并根据比较结果判断是否进入设定用户程序。Specifically, as shown in FIG. 2 , there is an electrical connection between the hardware module 1 and the secure memory 2 , and the hardware module 1 can obtain the first authentication code C1 generated by the secure memory 2 and use the first authentication code generated by the secure memory 2 C1 is compared with the second authentication code C2 generated by the hardware module 1 itself, and according to the comparison result, it is judged whether to enter the setting user program.

可选地,硬件模块1比较第一认证码C1和第二认证码C2并根据比较结果判断是否进入设定用户程序,可以设置若第一认证码C1与第二认证码C2一致,则硬件模块1进入用户程序。若第一认证码C1与第二认证码C2不一致,则硬件模块1退出程序。Optionally, the hardware module 1 compares the first authentication code C1 and the second authentication code C2 and judges whether to enter the setting user program according to the comparison result. It can be set that if the first authentication code C1 and the second authentication code C2 are consistent, the hardware module 1 Enter the user program. If the first authentication code C1 is inconsistent with the second authentication code C2, the hardware module 1 exits the program.

具体地,由于硬件模块1可以将产生的随机数传输至安全存储器2,若硬件模块1处于正常状态,由于安全存储器2获取的第一认证码C1是由随机数、密钥和安全码经过设定加密算法获取的,硬件模块1获取的第二认证码C2是由同样的随机数、同样的密钥和同样的安全码经过同样的设定加密算法获取的,所以第一认证码C1和第二认证码C2一致,因此,若第一认证码C1与第二认证码C2一致,则说明硬件模块1处于正常状态,此时硬件模块1进入用户程序,即硬件模块1认证通过。Specifically, since the hardware module 1 can transmit the generated random number to the secure memory 2, if the hardware module 1 is in a normal state, since the first authentication code C1 obtained by the secure memory 2 is a random number, a key and a security code that have been set The second authentication code C2 obtained by the hardware module 1 is obtained by the same random number, the same key and the same security code through the same set encryption algorithm, so the first authentication code C1 and the The two authentication codes C2 are the same. Therefore, if the first authentication code C1 is consistent with the second authentication code C2, it means that the hardware module 1 is in a normal state. At this time, the hardware module 1 enters the user program, that is, the hardware module 1 passes the authentication.

若存在第三方恶意侦测硬件模块1,第三方获取不到硬件模块1产生的随机数,则其根据不同的随机数获取到的认证码大概率上与第一认证码C1不一致,因此,若第一认证码C1与第二认证码C2不一致,则说明存在第三方恶意侦测硬件模块1,此时硬件模块1退出用户程序,硬件模块1也可以执行其它操作而非正常工作,此时硬件模块1认证未通过。If there is a third-party malicious detection hardware module 1, and the third party cannot obtain the random number generated by the hardware module 1, the authentication code obtained by the third party based on different random numbers is likely to be inconsistent with the first authentication code C1. Therefore, if If the first authentication code C1 is inconsistent with the second authentication code C2, it means that there is a third-party malicious detection hardware module 1. At this time, the hardware module 1 exits the user program, and the hardware module 1 can also perform other operations instead of normal work. Module 1 certification failed.

目前硬件模块或者没有保护机制,或者只是简单地通过计算并比较预设值的方式进行校验,硬件模块内部一般有一个唯一的序列号,即器件ID,器件ID是硬件模块出厂的时候内置在硬件模块里面的。根据唯一的ID序列号,结合相关的加密算法,以及外部的存储芯片,就可以实现对硬件模块的加密保护。硬件模块上电后,先通过引导程序进入到加密程序中,加密程序读取厂家预置在硬件模块中的唯一ID,通过特定算法计算出一个比较值,再读取外部存储器,例如外部FLASH(闪存)中特定位置存储的预设比较值,两者比较是否一致。如果一致,说明硬件模块是厂家出厂的正品模块;如果不一致,说明硬件模块损坏或者非原厂出品,模块会给做系统断电处理。At present, the hardware module either has no protection mechanism, or is simply verified by calculating and comparing the preset value. Generally, there is a unique serial number inside the hardware module, that is, the device ID. The device ID is built-in when the hardware module leaves the factory. inside the hardware module. According to the unique ID serial number, combined with the relevant encryption algorithm and the external memory chip, the encryption protection of the hardware module can be realized. After the hardware module is powered on, first enter the encryption program through the boot program, the encryption program reads the unique ID preset in the hardware module by the manufacturer, calculates a comparison value through a specific algorithm, and then reads the external memory, such as external FLASH ( The preset comparison value stored in a specific location in the flash memory), whether the comparison between the two is consistent. If they are consistent, it means that the hardware module is a genuine module from the manufacturer; if they are inconsistent, it means that the hardware module is damaged or not produced by the original factory, and the module will power off the system.

但是因为需要校准的数据存储在外部存储器中,在配置阶段,数据暴露在外部,容易被第三方通过仪器探测获得非法的副本,而处理器并不能区别比特流是真实数据还是复制数据,所以非法数据可以获取程序进一步运行的权限,因此这种模式被破解的成本并不高,安全度有限。也就是说,现有技术的一个明显缺点就是硬件模块的ID一旦外部读取后,外部设备可以伪装成处理器和FLASH通信,获取系统的信任。However, because the data to be calibrated is stored in the external memory, in the configuration stage, the data is exposed to the outside, and it is easy for a third party to obtain an illegal copy through the instrument detection, and the processor cannot distinguish whether the bit stream is real data or copied data, so illegal The data can obtain the permission of the program to run further, so the cost of cracking this mode is not high, and the security is limited. That is to say, an obvious shortcoming of the prior art is that once the ID of the hardware module is read externally, the external device can disguise as the processor and communicate with the FLASH to obtain the trust of the system.

本公开实施例中,硬件模块1上电后,硬件模块1从默认的外部配置开始,进入到认证程序,硬件模块1认证程序产生一个随机数并发送到安全存储器2,安全存储器2根据随机数、内置的密钥以及唯一的安全码加以设定加密算法获得第一认证码C1,硬件模块1认证程序通过相同的输入和相同的设定加密算法获得第二认证码C2,硬件模块1认证程序对第一认证码C1和第二认证码C2进行比较。In the embodiment of the present disclosure, after the hardware module 1 is powered on, the hardware module 1 starts from the default external configuration and enters the authentication procedure. The authentication procedure of the hardware module 1 generates a random number and sends it to the secure memory 2, and the secure memory 2 according to the random number , the built-in key and the unique security code are set to the encryption algorithm to obtain the first authentication code C1, the hardware module 1 authentication program obtains the second authentication code C2 through the same input and the same set encryption algorithm, the hardware module 1 authentication program The first authentication code C1 and the second authentication code C2 are compared.

若第一认证码C1与第二认证码C2一致,则说明硬件模块1处于正常状态,此时硬件模块1进入用户程序,即硬件模块1认证通过。若存在第三方恶意侦测硬件模块1,第三方获取不到硬件模块1产生的随机数,则其根据不同的随机数获取到的认证码大概率上与第一认证码C1不一致,因此,若第一认证码C1与第二认证码C2不一致,则说明存在第三方恶意侦测硬件模块1,此时硬件模块1退出用户程序,硬件模块1也可以执行其它操作而非正常工作,此时硬件模块1认证未通过。这样,本公开实施例在安全存储器2与硬件模块1之间动态地传输随机数,利用随机数大大降低了硬件模块1被破解的可能性,能够有效确保在未经厂家授权的情况下,模仿出的硬件模块1无法正常工作,只有经过厂家授权,硬件模块1和载板之间通过软件算法的认证,硬件模块1才可以正常工作,从而增加了硬件模块1被破解的难度,有效防止硬件模块1被第三方仿制。If the first authentication code C1 is consistent with the second authentication code C2, it means that the hardware module 1 is in a normal state, and the hardware module 1 enters the user program at this time, that is, the hardware module 1 passes the authentication. If there is a third-party malicious detection hardware module 1, and the third party cannot obtain the random number generated by the hardware module 1, the authentication code obtained by the third-party random number is likely to be inconsistent with the first authentication code C1. Therefore, if If the first authentication code C1 is inconsistent with the second authentication code C2, it means that there is a third-party malicious detection hardware module 1. At this time, the hardware module 1 exits the user program, and the hardware module 1 can also perform other operations instead of normal work. Module 1 certification failed. In this way, the embodiment of the present disclosure dynamically transmits random numbers between the secure memory 2 and the hardware module 1, and the use of random numbers greatly reduces the possibility of the hardware module 1 being cracked, and can effectively ensure that imitation without the authorization of the manufacturer can be achieved. The output hardware module 1 cannot work normally. Only after the authorization of the manufacturer and the authentication of the software algorithm between the hardware module 1 and the carrier board, the hardware module 1 can work normally, which increases the difficulty of cracking the hardware module 1 and effectively prevents the hardware Module 1 is copied by a third party.

本公开实施例还提供了一种硬件模块的加密装置,图3为本公开实施例提供的一种硬件模块的加密装置的结构示意图。结合图2和图3,硬件模块的加密装置包括安全存储器2,安全存储器2与硬件模块1通过总线3连接。示例性地,总线3可以为单总线,单总线是外围串行扩展总线技术,采用单根信号线,既传输时钟又传输数据,且数据双向传输,利用单总线实现安全存储器2与硬件模块1之间的连接,在实现了安全存储器2与硬件模块1之间数据传输的基础上,有效简化了硬件模块1与安全存储器2的硬件连接关系。An embodiment of the present disclosure further provides an encryption device of a hardware module. FIG. 3 is a schematic structural diagram of an encryption device of a hardware module provided by an embodiment of the present disclosure. With reference to FIG. 2 and FIG. 3 , the encryption device of the hardware module includes a secure memory 2 , and the secure memory 2 is connected to the hardware module 1 through a bus 3 . Exemplarily, the bus 3 can be a single bus. The single bus is a peripheral serial expansion bus technology. A single signal line is used to transmit both the clock and the data, and the data is transmitted in both directions. The single bus is used to realize the secure memory 2 and the hardware module 1. On the basis of realizing the data transmission between the security memory 2 and the hardware module 1, the connection between the hardware modules 1 and the security memory 2 is effectively simplified.

安全存储器2用于通过总线3获取硬件模块1产生的随机数并根据随机数、密钥和安全码进行设定加密算法以获取第一认证码C1,硬件模块1用于根据随机数、密钥和安全码进行设定加密算法以获取第二认证码C2,以及用于通过总线3获取第一认证码C1,比较第一认证码C1和第二认证码C2并根据比较结果判断是否进入设定用户程序。The secure memory 2 is used to obtain the random number generated by the hardware module 1 through the bus 3 and set an encryption algorithm according to the random number, the key and the security code to obtain the first authentication code C1, and the hardware module 1 is used to obtain the first authentication code C1 according to the random number, the key and the security code. Set the encryption algorithm with the security code to obtain the second authentication code C2, and use the bus 3 to obtain the first authentication code C1, compare the first authentication code C1 and the second authentication code C2, and judge whether to enter the setting according to the comparison result. user program.

具体地,硬件模块1上电后,硬件模块1从默认的外部配置开始,进入到认证程序,硬件模块1认证程序产生一个随机数并通过总线将随机数发送到安全存储器2,安全存储器2根据随机数、内置的密钥以及唯一的安全码加以设定加密算法获得第一认证码C1,硬件模块1也通过总线获取存储在安全存储器2内部的密钥和安全码以及安全存储器2生成的第一认证码C1,硬件模块1认证程序通过相同的输入和相同的设定加密算法获得第二认证码C2,硬件模块1认证程序对第一认证码C1和第二认证码C2进行比较。Specifically, after the hardware module 1 is powered on, the hardware module 1 starts from the default external configuration and enters the authentication procedure. The authentication procedure of the hardware module 1 generates a random number and sends the random number to the secure memory 2 through the bus. The secure memory 2 according to the The random number, the built-in key and the unique security code are set with an encryption algorithm to obtain the first authentication code C1, and the hardware module 1 also obtains the key and security code stored in the secure memory 2 through the bus and the first authentication code generated by the secure memory 2. An authentication code C1, the hardware module 1 authentication program obtains the second authentication code C2 through the same input and the same set encryption algorithm, and the hardware module 1 authentication program compares the first authentication code C1 and the second authentication code C2.

若第一认证码C1与第二认证码C2一致,则说明硬件模块1处于正常状态,此时硬件模块1进入用户程序,即硬件模块1认证通过。若存在第三方恶意侦测硬件模块1,第三方是获取不到硬件模块1产生的随机数的,则其根据不同的随机数获取到的认证码大概率上与第一认证码C1不一致,因此,若第一认证码C1与第二认证码C2不一致,则说明存在第三方恶意侦测硬件模块1,此时硬件模块1退出用户程序,硬件模块1也可以执行其它操作而非正常工作,此时硬件模块1认证未通过。If the first authentication code C1 is consistent with the second authentication code C2, it means that the hardware module 1 is in a normal state, and the hardware module 1 enters the user program at this time, that is, the hardware module 1 passes the authentication. If there is a third-party malicious detection hardware module 1, and the third party cannot obtain the random number generated by the hardware module 1, the authentication code obtained by the third-party random number is likely to be inconsistent with the first authentication code C1. , if the first authentication code C1 is inconsistent with the second authentication code C2, it means that there is a third-party malicious detection hardware module 1. At this time, the hardware module 1 exits the user program, and the hardware module 1 can also perform other operations instead of normal work. At this time, the hardware module 1 certification failed.

这样,本公开实施例利用连接关系较为简单的单总线在安全存储器2与硬件模块1之间动态地传输随机数,利用随机数大大降低了硬件模块1被破解的可能性,能够有效确保在未经厂家授权的情况下,模仿出的硬件模块1无法正常工作,只有经过厂家授权,硬件模块1和载板之间通过软件算法的认证,硬件模块1才可以正常工作,从而增加了硬件模块1被破解的难度,有效防止硬件模块1被第三方仿制。In this way, the embodiment of the present disclosure utilizes a single bus with a relatively simple connection relationship to dynamically transmit random numbers between the secure memory 2 and the hardware module 1, and the use of random numbers greatly reduces the possibility of the hardware module 1 being cracked, and can effectively ensure that in the future With the authorization of the manufacturer, the imitated hardware module 1 cannot work normally. Only after the authorization of the manufacturer and the authentication of the software algorithm between the hardware module 1 and the carrier board, the hardware module 1 can work normally, thus adding the hardware module 1. The difficulty of being cracked can effectively prevent the hardware module 1 from being copied by a third party.

可选地,如图3所示,总线3上的信号传输节点N可以通过阻抗元件R1接入设定电源信号。具体地,总线3上的信号传输节点N即为连接安全存储器2与硬件模块1的总线3上任意位置的节点,设定电源信号例如可以为正电源信号VDD,总线3上的信号传输节点N通过阻抗元件R1接入设定电源信号VDD,形成开漏配置方式,阻抗元件R1形成上拉元件,使得安全存储器2与硬件模块1的工作电压一致,平衡安全存储器2与硬件模块1的工作电压,以确保安全存储器2与硬件模块1之间能够正常通信。Optionally, as shown in FIG. 3 , the signal transmission node N on the bus 3 can access the set power signal through the impedance element R1 . Specifically, the signal transmission node N on the bus 3 is a node at any position on the bus 3 connecting the secure memory 2 and the hardware module 1. The set power supply signal can be, for example, the positive power supply signal VDD, and the signal transmission node N on the bus 3 The impedance element R1 is connected to the set power supply signal VDD to form an open-drain configuration, and the impedance element R1 forms a pull-up element, so that the working voltages of the safety memory 2 and the hardware module 1 are consistent, and the working voltages of the safety memory 2 and the hardware module 1 are balanced. , to ensure normal communication between the secure memory 2 and the hardware module 1.

示例性地,硬件模块1可以包括现场可编程逻辑门阵列,即硬件模块1可以包括FPGA(Field Programmable Gate Array),例如可以为赛灵思生产的FPGA。示例性地,硬件模块1也可以包括电源硬件模块,利用随机数实现对电源硬件模块的加密,降低电源硬件模块被破解的可能性,有效防止电源硬件模块被第三方仿制。Exemplarily, the hardware module 1 may include a field programmable logic gate array, that is, the hardware module 1 may include an FPGA (Field Programmable Gate Array), such as an FPGA that can be produced by Xilinx. Exemplarily, the hardware module 1 may also include a power supply hardware module, which uses random numbers to encrypt the power supply hardware module, reduces the possibility of the power supply hardware module being cracked, and effectively prevents the power supply hardware module from being imitated by a third party.

示例性地,安全存储器2可以包括DS28E01型号芯片。DS28E01型号芯片为128字节的用户存储器,可用于芯片内部操作但不能从外部读取的密钥以及唯一的且不可更改的安全码,采用DS28E01型号芯片充当安全存储器2能够在降低硬件模块1加密成本的基础上,进一步降低硬件模块1被破解的可能性,有效防止硬件模块1被第三方仿制。Illustratively, the secure memory 2 may comprise a DS28E01 type chip. The DS28E01 type chip is a 128-byte user memory, which can be used for keys that are operated inside the chip but cannot be read from the outside, and a unique and unchangeable security code. Using the DS28E01 type chip as a security memory 2 can be used for encryption at lower hardware modules 1 On the basis of the cost, the possibility of the hardware module 1 being cracked is further reduced, and the hardware module 1 is effectively prevented from being copied by a third party.

本公开实施例利用连接关系较为简单的单总线在安全存储器2与硬件模块1之间动态地传输随机数,利用随机数大大降低了硬件模块1被破解的可能性,能够有效确保在未经厂家授权的情况下,模仿出的硬件模块1无法正常工作,只有经过厂家授权,硬件模块1和载板之间通过软件算法的认证,硬件模块1才可以正常工作,从而增加了硬件模块1被破解的难度,有效防止硬件模块1被第三方仿制。In the embodiment of the present disclosure, a single bus with a relatively simple connection relationship is used to dynamically transmit random numbers between the secure memory 2 and the hardware module 1, and the use of random numbers greatly reduces the possibility of the hardware module 1 being cracked, and can effectively ensure that the In the case of authorization, the imitated hardware module 1 cannot work normally. Only after the authorization of the manufacturer and the authentication of the software algorithm between the hardware module 1 and the carrier board, the hardware module 1 can work normally, thus increasing the hardware module 1 is cracked. It can effectively prevent the hardware module 1 from being copied by a third party.

需要说明的是,在本文中,诸如“第一”和“第二”等之类的关系术语仅仅用来将一个实体或者操作与另一个实体或操作区分开来,而不一定要求或者暗示这些实体或操作之间存在任何这种实际的关系或者顺序。而且,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者设备所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括要素的过程、方法、物品或者设备中还存在另外的相同要素。It should be noted that, in this document, relational terms such as "first" and "second" etc. are only used to distinguish one entity or operation from another entity or operation, and do not necessarily require or imply these Any such actual relationship or sequence exists between entities or operations. Moreover, the terms "comprising", "comprising" or any other variation thereof are intended to encompass a non-exclusive inclusion such that a process, method, article or device that includes a list of elements includes not only those elements, but also includes not explicitly listed or other elements inherent to such a process, method, article or apparatus. Without further limitation, an element qualified by the phrase "comprising a..." does not preclude the presence of additional identical elements in the process, method, article, or device that includes the element.

以上仅是本公开的具体实施方式,使本领域技术人员能够理解或实现本公开。对这些实施例的多种修改对本领域的技术人员来说将是显而易见的,本文中所定义的一般原理可以在不脱离本公开的精神或范围的情况下,在其它实施例中实现。因此,本公开将不会被限制于本文的这些实施例,而是要符合与本文所公开的原理和新颖特点相一致的最宽的范围。The above are only specific embodiments of the present disclosure, so that those skilled in the art can understand or implement the present disclosure. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be implemented in other embodiments without departing from the spirit or scope of the present disclosure. Therefore, the present disclosure is not to be limited to the embodiments herein, but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (10)

1. A method for encrypting a hardware module, comprising:
the secure memory acquires a random number generated by the hardware module and sets an encryption algorithm according to the random number, the secret key and the secure code to acquire a first authentication code;
the hardware module carries out the set encryption algorithm according to the random number, the secret key and the security code to obtain a second authentication code;
and the hardware module acquires the first authentication code, compares the first authentication code with the second authentication code and judges whether to enter a set user program according to a comparison result.
2. The method for encrypting the hardware module according to claim 1, wherein the hardware module compares the first authentication code with the second authentication code and determines whether to enter a set user program according to the comparison result, comprising:
and if the first authentication code is consistent with the second authentication code, the hardware module enters a user program.
3. The method for encrypting the hardware module according to claim 1, wherein the hardware module compares the first authentication code with the second authentication code and determines whether to enter a set user program according to the comparison result, comprising:
and if the first authentication code is not consistent with the second authentication code, the hardware module exits the program.
4. The method for encrypting the hardware module according to claim 1, before the hardware module performs the encryption algorithm according to the random number, the secret key and the security code to obtain a second authentication code, further comprising:
the hardware module obtains the secret key and the security code stored in the security memory.
5. The hardware module encryption method of claim 1, wherein the configured encryption algorithm comprises a message digest algorithm or a secure hash algorithm.
6. An encryption apparatus for a hardware module, comprising:
the safety memory is connected with the hardware module through a bus;
the secure memory is used for acquiring a random number generated by the hardware module through the bus and setting an encryption algorithm according to the random number, the secret key and the secure code to acquire a first authentication code;
the hardware module is used for setting an encryption algorithm according to the random number, the secret key and the security code to obtain a second authentication code, obtaining the first authentication code through the bus, comparing the first authentication code with the second authentication code and judging whether to enter a set user program according to a comparison result.
7. The hardware module encryption device of claim 6, wherein the bus is a single bus.
8. The hardware module encryption device of claim 7, wherein the signal transmission node on the bus is connected to the set power signal through an impedance element.
9. The hardware module encryption apparatus of claim 6, wherein the hardware module comprises a field programmable gate array or a power supply hardware module.
10. The hardware module encryption apparatus of claim 6, wherein said secure memory comprises a DS28E01 model chip.
CN202010988974.0A 2020-09-18 2020-09-18 Encryption method and encryption device for hardware module Active CN112100692B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010988974.0A CN112100692B (en) 2020-09-18 2020-09-18 Encryption method and encryption device for hardware module

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010988974.0A CN112100692B (en) 2020-09-18 2020-09-18 Encryption method and encryption device for hardware module

Publications (2)

Publication Number Publication Date
CN112100692A true CN112100692A (en) 2020-12-18
CN112100692B CN112100692B (en) 2024-11-29

Family

ID=73758975

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010988974.0A Active CN112100692B (en) 2020-09-18 2020-09-18 Encryption method and encryption device for hardware module

Country Status (1)

Country Link
CN (1) CN112100692B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113011870A (en) * 2021-02-02 2021-06-22 北京易路行技术有限公司 Method and device for carrying out user card loading through ETC antenna
CN113111323A (en) * 2021-04-14 2021-07-13 中国电子科技集团公司第五十八研究所 FT2232H program programming equipment and method based on SHA-1 identity authentication

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103562922A (en) * 2011-03-30 2014-02-05 耶德托公司 Establishing unique key during chip manufacturing
CN104463026A (en) * 2014-12-08 2015-03-25 深圳中科讯联科技有限公司 System and method for hardware anti-copying board
CN107967413A (en) * 2017-11-28 2018-04-27 深圳进化动力数码科技有限公司 Software enciphering method and device
US20190050347A1 (en) * 2018-07-25 2019-02-14 Intel Corporation Memory data protection based on authenticated encryption
CN110879875A (en) * 2019-10-28 2020-03-13 华晟现代电子科技(香港)有限公司 Hardware encryption device, embedded system copyright protection system and method

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103562922A (en) * 2011-03-30 2014-02-05 耶德托公司 Establishing unique key during chip manufacturing
CN104463026A (en) * 2014-12-08 2015-03-25 深圳中科讯联科技有限公司 System and method for hardware anti-copying board
CN107967413A (en) * 2017-11-28 2018-04-27 深圳进化动力数码科技有限公司 Software enciphering method and device
US20190050347A1 (en) * 2018-07-25 2019-02-14 Intel Corporation Memory data protection based on authenticated encryption
CN110879875A (en) * 2019-10-28 2020-03-13 华晟现代电子科技(香港)有限公司 Hardware encryption device, embedded system copyright protection system and method

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113011870A (en) * 2021-02-02 2021-06-22 北京易路行技术有限公司 Method and device for carrying out user card loading through ETC antenna
CN113011870B (en) * 2021-02-02 2024-05-07 北京易路行技术有限公司 Method and device for carrying out user card loading through ETC antenna
CN113111323A (en) * 2021-04-14 2021-07-13 中国电子科技集团公司第五十八研究所 FT2232H program programming equipment and method based on SHA-1 identity authentication
CN113111323B (en) * 2021-04-14 2022-08-16 中国电子科技集团公司第五十八研究所 FT2232H program programming equipment and method based on SHA-1 identity authentication

Also Published As

Publication number Publication date
CN112100692B (en) 2024-11-29

Similar Documents

Publication Publication Date Title
US12294661B2 (en) Personal device security using cryptocurrency wallets
WO2021013245A1 (en) Data key protection method and system, electronic device and storage medium
US9430658B2 (en) Systems and methods for secure provisioning of production electronic circuits
US9838870B2 (en) Apparatus and method for authenticating network devices
US8528104B2 (en) Security and ticketing system control and management
EP1618451B1 (en) Associating software with hardware using cryptography
JP6509197B2 (en) Generating working security key based on security parameters
CN107566407B (en) Bidirectional authentication data secure transmission and storage method based on USBKey
CN107094108B (en) A component connected to a data bus and a method for implementing an encryption function in the component
CN100559751C (en) Pseudo public key encryption method and system
KR20070112432A (en) How to secure mobile communications and high transaction execution using trusted, hardware-based identity verification in runtime package signatures
US20180241560A1 (en) Device attestation
CN103095460A (en) Intelligent card safety communication method
CN108696518B (en) Block chain user communication encryption method and device, terminal equipment and storage medium
CN109951276B (en) Embedded equipment remote identity authentication method based on TPM
KR20200020627A (en) SECURE BOOT METHOD OF IoT DEVICE USING AN INTEGRATED SECURITY SoC
WO2023240866A1 (en) Cipher card and root key protection method therefor, and computer readable storage medium
CN112100692B (en) Encryption method and encryption device for hardware module
CN116506134A (en) Digital certificate management method, device, equipment, system and readable storage medium
CN114268447B (en) File transmission method and device, electronic equipment and computer readable medium
US12056370B2 (en) Data storage device, system, and method for digital signature
CN113169883B (en) Method and device for verifying digital certificate
CN114329522A (en) A kind of private key protection method, device, system and storage medium
TWI880555B (en) Control device, data transmission system and operation method thereof
CN114861231B (en) Digitally signable data storage device, digital signature system and signature method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant