CN112994893A - Secret key burning method in chip production test stage - Google Patents
Secret key burning method in chip production test stage Download PDFInfo
- Publication number
- CN112994893A CN112994893A CN202110178022.7A CN202110178022A CN112994893A CN 112994893 A CN112994893 A CN 112994893A CN 202110178022 A CN202110178022 A CN 202110178022A CN 112994893 A CN112994893 A CN 112994893A
- Authority
- CN
- China
- Prior art keywords
- key
- chip
- burned
- burning
- random number
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/65—Updates
- G06F8/654—Updates using techniques specially adapted for alterable solid state memories, e.g. for EEPROM or flash memories
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a secret key burning method in a chip production test stage, which carries out identity authentication on test equipment through a chip to be burned; when the test equipment passes the identity authentication, allowing the test equipment to carry out key burning on the chip to be burned so as to burn the key to be burned into the chip; when the test equipment fails to pass the identity authentication, the burning of the secret key is forbidden; and the key to be burned is encrypted in advance through a session key generated in the chip to be burned and then transmitted to the chip. The identity validity authentication of the test equipment is realized before the chip key is burnt, the key to be burnt and the identity verification random number are encrypted through the dynamic session key and then are transmitted to the chip to be burnt together in a ciphertext mode, the risk of key leakage and cracking is prevented, and therefore safe key burning is realized.
Description
Technical Field
The invention belongs to the field of chip design, and particularly relates to a secret key burning method in a chip production test stage.
Background
In some application scenarios, for the secret key stored in the OTP or EFuse of the chip, the secret key needs to be burned into the chip in the chip testing stage to protect the chip data information. For example, when the chip designer or application does not have large-scale chip key burning test equipment and capability, or the key needs to be burned in at the production test stage so as to control the subsequent chip test mode, debug mode and the entry of the related limited function mode, the key burning must be performed.
In the conventional key burning security control aspect, a chip designer or an application party generally provides a key generation and burning program to a production tester, the production tester loads the key generation and burning program into a test device, and the test device is used to burn the key into a specified OTP or Fuse in the chip. The design side embeds a door knocking code in the chip in advance, and the key burning mode can be entered for key burning only through the inspection of the door knocking code. However, the security control of entering the key burning mode by using the door knocking code has the problems that the door knocking code is fixed and is easy to leak; secondly, the knock code is easy to crack, for example, the knock code can be cracked through a test interface between the probe and the chip, and also can be cracked through inputting the knock code by a plurality of attempts, so that the real safety can not be said.
In the conventional data transmission aspect, a designer generally presets a symmetric key (such as a DES key, an AES key, and the like) for encrypting data transmission between a test device and a chip by using a metal layer of the chip in a chip design stage, including transmission of a key to be burned. However, there is a problem that the symmetric key is preset in the design stage, and for all chips of the same design, the symmetric key is the same, and is easy to leak, and easy to crack by a reverse engineering method, and there is no real security.
Disclosure of Invention
The invention aims to provide a key burning method in a chip production test stage, which aims to solve the safety problems of chip key burning mode entering and key transmission to be burnt in the background technology. The key burning method in the chip production test stage comprises the following steps:
performing identity authentication on the test equipment through the chip to be burned;
when the test equipment passes the identity authentication, allowing the test equipment to carry out key burning on the chip to be burned so as to burn the key to be burned into the chip;
when the test equipment fails the identity authentication, prohibiting the burning of the secret key;
and the key to be burned is encrypted in advance through a session key generated in the chip to be burned and then transmitted to the chip.
Preferably, the test device is connected to a server, and the server stores a first private key corresponding to a first public key pre-stored in the chip to be burned.
Preferably, the key to be burned is stored in the server.
Preferably, the identity authentication of the test device is performed through the chip to be burned, further comprising:
the chip to be burned obtains an original random number and a session key generated in the chip, encrypts the original random number and the session key by using the first public key to obtain a first ciphertext,
sending the first ciphertext to the server via the testing device,
the server retrieves a corresponding first private key according to the chip identification, decrypts the original random number and a first ciphertext of the session key sent by the test equipment by using the first private key,
encrypting the decrypted original random number and the key to be burned by using the decrypted session key to obtain a second ciphertext,
sending the encrypted original random number and the key to be burned to the test equipment,
the test equipment writes the encrypted random number and the key to be burned into the chip to be burned,
and the chip to be burned decrypts the second ciphertext by using the session key to obtain a verification random number, and compares the verification random number with the original random number to judge the identity of the test equipment.
Preferably, the encrypting the original random number and the session key using the first public key further comprises: encrypting the original random number and a session key based on an asymmetric encryption algorithm using the first public key.
Preferably, the chip identifier and the first public key are stored in a register set of the chip to be burned.
Preferably, if the verification random number is equal to the original random number, determining that the test device passes the identity authentication;
and if the verification random number is not equal to the original random number, determining that the test equipment is illegal and the test equipment does not pass the identity authentication.
Preferably, after the key burning of the chip to be burned is performed, the method further includes:
and informing the test equipment that the burning of the key is finished.
Preferably, the server is used for remotely controlling chip burning by a designer or a user of the chip to be burned.
Preferably, the test device is connected to the server through a network, or the test device and the server are integrated in the same device.
Compared with the prior art, the invention has the following advantages:
the method has the advantages that the burning of the key of the chip can be started only through the test equipment for identity validity authentication, the identity authentication process is based on random numbers, asymmetric and symmetric cryptography technologies, only a public key is stored on the chip, the key to be burned is encrypted by a session key generated in the chip and then transmitted to the chip to be burned in a ciphertext mode, and the session key is a dynamically generated random key, so that the risks of key leakage and multiple attempts or detection and cracking are prevented, and the safe burning of the key is realized.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by the practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 shows an implementation architecture diagram of a key burning method according to the present invention.
Fig. 2 shows a flow chart of a chip key burning method in a production test stage according to the invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The invention provides a safe secret key burning method which utilizes random number, asymmetric cryptography technology and symmetric cryptography technology to authenticate and authenticate the identity legality of test equipment for executing a secret key burning task, encrypts a secret key to be burnt by using a dynamic random session secret key generated in a chip, transmits the secret key to the chip in a ciphertext form for burning, only after the burning identity legality of the test equipment is authenticated, the chip can enter a secret key burning mode, and burns the secret key to be burnt decrypted by using the dynamic session secret key to a specified secret key storage unit, thereby ensuring the safety of secret key burning.
Because the authentication process of the identity is based on the random number, only the public key is stored on the chip, and the session key is dynamically generated, the risks of the leakage of the knock code and the multiple attempts or detection and cracking in the security test control of the knock code do not exist, and the safe key burning mode can be controlled. Meanwhile, the transmission of the key to be burned is encrypted by a dynamic session key generated in the chip and then transmitted to the chip in a ciphertext mode, and the dynamic session key is random, so that the key to be burned cannot be leaked, and the whole key burning process is safe. After the key burning is completed, the chip updates the internal state storage unit to inform the test equipment that the key burning is completed.
The implementation architecture of the chip key burning method of the present invention is shown in fig. 1, and now, the components in fig. 1 are described as follows:
the chip C1 to be burned with the key is connected with the test equipment C2. The test equipment C2 is used as a test burning tool for the chip C1 and is responsible for coordinating the identity validity authentication process of the whole burner. The test equipment C2 is connected to the chip C1 through a test burning interface i1, connected to the network C3 through an interface i13, and connected to the server C4 through a network C3 and an interface i 14.
The chip C1 to be key burned includes an interface unit C1.1, a secure key burning system C1.2, and other logic C1.3 of the chip. The interface unit C1.1 is used for protocol conversion and control between the chip external test burning interface i1 and the chip internal interfaces i2 and i 3.
The secure key burning system C1.2 includes a register set C1.2.1, an asymmetric encryption/decryption coprocessor C1.2.2, a temporary data storage C1.2.3, a random number and session key generator C1.2.4, secure key burning identity authentication and control logic C1.2.5, and a symmetric encryption/decryption coprocessor C1.2.6.
The register bank C1.2.1 stores read-only data Chip _ ID C1.2.1.1 and Pub _ Key C1.2.1.2, wherein the Chip _ ID is the identification of the Chip, and the identification of each Chip is unique; pub _ Key C1.2.1.2 is a public Key of an asymmetric encryption and decryption algorithm.
The asymmetric encryption and decryption coprocessor C1.2.2 uses Pub _ Key C1.2.1.2 to encrypt the relevant data under the control of the security Key burning identity authentication and control logic C1.2.5. The data temporary storage area C1.2.3 provides and stores necessary data, control and state information in the authentication process, and the interface unit C1.1 communicates with the secure key burning system C1.2 through the data temporary storage area C1.2.3, including issuing instructions, exchanging ciphertexts, inquiring states, providing execution states, and the like. The data temporary storage area C1.2.3 reads Chip _ ID through the interface i 4.
The random number and session key generator C1.2.4 generates random numbers and session keys under the control of the security key burning identity authentication and control logic C1.2.5.
The security key burning identity authentication and control logic C1.2.5 is a control and scheduling core of the entire security key burning system C1.2, and the security key burning identity authentication and control logic C1.2.5 receives control information and ciphertext data from the testing device C2 by querying a related storage unit in the data temporary storage area C1.2.3, executes a corresponding operation according to the control information, and updates a working state storage unit in the data temporary storage area C1.2.3 after the operation is completed to notify the testing device C2 of an execution state and a result.
The safety key burning identity authentication and control logic is responsible for the control coordination and scheduling of the following three aspects of work:
a) control and coordination to generate random number and session key and encrypt
By inquiring the relevant storage units in the data temporary storage area C1.2.3, the operation instruction transmitted from the external test interface i1 is obtained, further, identity validity authentication of a writer is started, the random number and session Key generator C1.2.4 is controlled to generate a random number and a session Key, then the asymmetric encryption and decryption coprocessor C1.2.2 is called to read the public Key Pub _ Key C1.2.1.2 through the interface i9, the random number and the session Key generated by the random number and session Key generator C1.2.4 are read through the interface i7, then the generated random number and session Key are encrypted by using the public Key Pub _ Key, the encrypted ciphertext is stored in the ciphertext storage unit of the data temporary storage area C1.2.3, and the working state storage unit in the data temporary storage area C1.2.3 is arranged to inform the test equipment C2 that the encryption of the random number and the session Key is completed.
b) Random number generated by decryption server and cipher text of key to be burned
The state information transmitted from the external test interface i1, the random number generated by the server C4 and the ciphertext of the key to be burned are obtained through the data temporary storage area C1.2.3, and the symmetric encryption and decryption coprocessor C1.2.6 is controlled to decrypt the random number generated by the server C4 and the ciphertext of the key to be burned by using the random number and the session key generated by the session key generator C1.2.4. Wherein, the process of generating the random number and the cipher key cryptograph to be burned further comprises: after the generated random number and the session Key are encrypted by using the public Key Pub _ Key C1.2.1.2 to obtain a first ciphertext, the first ciphertext is decrypted by using a corresponding private Key in the server C4, and then the decrypted session Key is used to encrypt the random number and the Key to be burned provided by the server C4 to obtain a second ciphertext of the random number and the Key to be burned.
c) Performing key burning after passing key burning identity authentication
Comparing the generated original random number with the random number decrypted by the random number and the second ciphertext of the key to be burned to finish identity validity authentication of the burner, and updating the working state storage unit in the data temporary storage area C1.2.3 to inform the test equipment of the result of the authentication C2. If the identity authentication is passed, burning the decrypted key to be burned to a specified storage unit, and after the burning of the key is completed, updating the working state storage unit in the data temporary storage area C1.2.3 to inform the testing equipment that the burning of the C2 key is completed; otherwise, the key burning is not started, the working state storage unit in the data temporary storage area C1.2.3 is updated, and the test equipment C2 is notified that the key burning fails.
The server C4 is used for providing identity authentication service for a burner and providing a key to be burned, a database of a Chip _ ID and a corresponding relationship between private keys is stored in the server, an asymmetric decryption service is provided by using the private keys, when the test equipment C2 sends the Chip _ ID C1.2.1.1, the encrypted random number and the session key to the server C4, the server C4 retrieves the corresponding private key and the key to be burned through the Chip _ ID, decrypts the encrypted random number and the session key by using the private key, encrypts the decrypted random number and the key to be burned by using the session key obtained by decryption, and sends the encrypted ciphertext to the test equipment C2. In a specific implementation, the server may be located at a designer or a user of the chip, so that the designer or the user of the chip remotely controls the secure burning of the management key. And the test equipment may be located at a test facility, separate from the physical entities of the server, both connected via a network.
As shown in fig. 1, the interface unit C1.1 and the data temporary storage area C1.2.3 communicate through the interface i 2. The interface unit C1.1 and the other logic C1.3 communicate via an interface i 3. The secure key burning system C1.2 and the other logical part C1.3 communicate via an interface i 12. The security key burning identity authentication and control logic C1.2.5 communicates with the data temporary storage area C1.2.3, the random number and session key generator C1.2.4, the asymmetric encryption and decryption coprocessor C1.2.2, the symmetric encryption and decryption coprocessor C1.2.6 and the key storage unit C1.2.7 through interfaces i5, i6, i8, i10 and i11, respectively. Alternatively, in an application scenario where key burning does not require remote control, the testing device C2 and the server C4 may be integrated in the same device.
Fig. 2 shows a schematic flow diagram of the secure key burning method of the present invention. Steps S0-S10 describe the relevant steps of the key burning process, and are specifically described as follows:
step S0: and starting.
Step S1: the test equipment C2 runs the burning software to establish connection with the chip C1 to be burned and the management server C4.
Step S2: the test equipment C2 reads the C1.2.1.1chip _ ID in the register set and programs the corresponding storage unit in the data temporary storage C1.2.3, and sends an operation instruction for starting key burning identity authentication.
After the security Key burning identity authentication and control logic C1.2.5 obtains an operation instruction to start Key burning identity authentication by querying the relevant storage unit in the data temporary storage area C1.2.3, the control logic controls the random number and session Key generator C1.2.4 to generate a random number P _0 and a session Key S _0, then invokes the asymmetric encryption/decryption coprocessor C1.2.2, encrypts the generated original random number P _0 and the session Key S _0 by using the public Key Pub _ Key C1.2.1.2, stores the encrypted ciphertext C _0 in the corresponding storage unit in the data temporary storage area C1.2.3, and sets the state bit of the corresponding state storage unit in the data temporary storage area C1.2.3 to notify the testing device C2 that the encryption of the random number and the session Key is completed.
Step S3: the test apparatus C2 judges whether encryption of the random number and the session key is completed by detecting the status bit of the corresponding status storage unit in the data temporary storage area C1.2.3, waits if not, and proceeds to step S4 if completed.
Step S4: the test apparatus C2 reads the ciphertext storage unit in the data temporary storage area C1.2.3, and transmits the Chip _ ID and the ciphertext to the server C4.
After receiving the Chip _ ID and the ciphertext C _0, the server C4 retrieves a private Key and a Key to be burned corresponding to the public Key Pub _ Key C1.2.1.2 according to the Chip _ ID, decrypts the ciphertext C _0 by using the private Key, obtains a random number and a session Key plaintext after decryption, and records the random number and the session Key plaintext as P _1 and S _1 respectively, encrypts the random number P _1 and the Key to be burned by using the session Key S _1 obtained after decryption, obtains a ciphertext C _1, and sends the ciphertext C _1 to the test equipment C2.
Step S5: the test apparatus C2 determines whether the ciphertext C _1 encrypted with the session key S _1 sent by the server C4 has been received, waits if not, and proceeds to step S6 if received.
Step S6: the test apparatus C2 writes the ciphertext C _1 into the ciphertext storage unit of the data temporary storage C1.2.3, and sets the corresponding flag bit to indicate that the ciphertext C _1 has been written.
Step S7: the secure key burning system C1.2 decrypts the received ciphertext C _1 using the session key S _0 to obtain the verification random number P _00 and the key to be burned.
Specifically, the security key burning identity authentication and control logic C1.2.5 determines, by querying the flag bit in the data temporary storage area C1.2.3, that the random number P _1 generated by the server C4 and the cipher text C _1 to be burned have been written in the cipher text storage unit in the data temporary storage area C1.2.3, and then controls the symmetric encryption and decryption coprocessor C1.2.6 to decrypt the cipher text C _1 using the session key S _0, so as to obtain the decrypted verification random number P _00 and the key to be burned.
Step S8: the security key burning identity authentication and control logic C1.2.5 determines whether the burning identity is legal by comparing the original random number P _0 generated inside with the verification random number P _00 decrypted in step S7.
If P _00 is equal to P _0, the identity authentication of the writer is passed, and the chip enters a secret key burning mode;
if P _00 is not equal to P _0, the identity authentication of the writer is not passed, and the chip prohibits entering the key burning mode.
Whether the random numbers P _00 and P _0 are equal or not, the working status storage units in the data temporary storage area C1.2.3 are updated to notify the testing device C2 that the identity authentication is completed, including whether the authentication result is passed or failed.
Step S9: the key burning identity authentication and control logic C1.2.5 burns the key to be burned obtained from the decryption in step S7 into the key storage unit C1.2.7, and updates the working state storage unit in the data temporary storage area C1.2.3 to notify the testing equipment C2 that the key burning is completed.
Step S10: the method ends.
The method only allows the test equipment for identity validity authentication to start the key burning work of the chip by limiting the identity of the test equipment, the identity authentication process is based on random numbers and uses an asymmetric cryptography technology and a symmetric cryptography technology, only a public key is stored on the chip, and a session key is dynamically generated, so that the risk of key leakage and multiple attempts or detection and cracking is prevented, and the real key safe burning can be realized.
It will be appreciated by persons skilled in the art that the method steps and components of the apparatus described in the above embodiments are only examples. The skilled person can merge, add or delete or adjust the sequence of the steps of the debug enable control method flow, or make conceivable adjustments to the structure of the safety debug control system, as required. And the inventive concept should not be limited to the specific structures and flows of the above examples.
Similarly, although the above example uses a random number generator to generate the authentication ciphertext, the implementation method of the present invention is not limited thereto, and may also be generated by some specific information, such as chip id. The method for safely burning the secret key is not limited to the production test stage, but is widely applied to a general secret key burning scene. Furthermore, the method of the present invention is not limited to the field of chip design. The above method is also applicable in other fields such as network authorization, identity authentication, etc.
The safe key burning method provided by the invention can meet the requirement of burning the key in the production test stage of the chip and can also meet the requirement of real safety; meanwhile, the transmission of the key to be burned is encrypted by using a session key generated in the chip and then transmitted to the chip in a ciphertext mode, and the session key is dynamic and random, so that the key to be burned cannot be leaked and cracked, the safety of the burning key is effectively protected, and the benefits of chip manufacturers and users are effectively protected finally.
Moreover, the verification random number used for identity validity authentication and the key to be burned are sent to the chip to be burned in the same ciphertext packet, so that the identity identification and the key burning are ensured to be in the same time window, the potential safety risk of the identity authentication and the key burning in different time windows is effectively avoided, and the safety is further enhanced.
Finally, a designer or owner of the chip can remotely control and manage the safe burning of the key through the key burning method provided by the invention, thereby realizing the safe and effective separation of the generation of the key and the burning test, fully benefiting the high quality and high efficiency of a professional test factory and improving the economic benefit.
Although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (10)
1. A secret key burning method in a chip production test stage is characterized by comprising the following steps:
performing identity authentication on the test equipment through the chip to be burned;
when the test equipment passes the identity authentication, allowing the test equipment to carry out key burning on the chip to be burned so as to burn the key to be burned into the chip;
when the test equipment fails the identity authentication, prohibiting the burning of the secret key;
and the key to be burned is encrypted in advance through a session key generated in the chip to be burned and then transmitted to the chip.
2. The method of burning secret key in chip production test stage according to claim 1, wherein the test device is connected to a server, the server stores a first private key, and the first private key corresponds to a first public key pre-stored in the chip to be burned.
3. The method of burning keys during the chip production test stage according to claim 1, wherein the keys to be burned are stored in the server.
4. The method of burning the secret key during the chip production test stage according to claim 3, wherein the identity authentication of the test device is performed by the chip to be burned, further comprising:
the chip to be burned obtains an original random number and a session key generated in the chip, encrypts the original random number and the session key by using the first public key to obtain a first ciphertext,
sending the first ciphertext to the server via the testing device,
the server retrieves a corresponding first private key according to the chip identification, decrypts the original random number and a first ciphertext of the session key sent by the test equipment by using the first private key,
encrypting the decrypted original random number and the key to be burned by using the session key obtained after decryption to obtain a second ciphertext,
sending the encrypted original random number and the key to be burned to the test equipment,
the test equipment writes the encrypted random number and the key to be burned into the chip to be burned,
and the chip to be burned decrypts the second ciphertext by using the session key to obtain a verification random number, and compares the verification random number with the original random number to judge the identity of the test equipment.
5. The method of burning secret key in chip production test stage according to claim 4, wherein said encrypting said original random number and session key using said first public key further comprises: encrypting the original random number and a session key based on an asymmetric encryption algorithm using the first public key.
6. The method of burning secret key in chip production test stage according to claim 5, wherein the chip identifier and the first public key are stored in the register set of the chip to be burned.
7. The key burning method in chip production test stage according to claim 6, wherein:
if the verification random number is equal to the original random number, determining that the test equipment passes the identity authentication;
and if the verification random number is not equal to the original random number, determining that the test equipment is illegal and the test equipment does not pass the identity authentication.
8. The method for burning the secret key in the chip production test stage according to claim 1, further comprising, after burning the secret key on the chip to be burned:
and informing the test equipment that the burning of the key is finished.
9. The key burning method for chip production test stage according to claim 1, wherein the server is remotely controlled by the designer or user of the chip to be burned.
10. The key burning method in chip production test stage according to claim 2, wherein said test device is connected to said server through a network; alternatively, the test device and the server are integrated in the same device.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110178022.7A CN112994893B (en) | 2021-02-08 | 2021-02-08 | Secret key burning method in chip production test stage |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110178022.7A CN112994893B (en) | 2021-02-08 | 2021-02-08 | Secret key burning method in chip production test stage |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112994893A true CN112994893A (en) | 2021-06-18 |
| CN112994893B CN112994893B (en) | 2021-12-14 |
Family
ID=76392765
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110178022.7A Active CN112994893B (en) | 2021-02-08 | 2021-02-08 | Secret key burning method in chip production test stage |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112994893B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113780495A (en) * | 2021-09-01 | 2021-12-10 | 芯电智联(北京)科技有限公司 | NFC tag data writing method and terminal |
| CN113992324A (en) * | 2021-09-16 | 2022-01-28 | 深圳市有方科技股份有限公司 | Configuration method for hardware encryption module of IoT (Internet of things) equipment and related equipment |
| CN114499847A (en) * | 2022-01-20 | 2022-05-13 | 无锡众星微系统技术有限公司 | Sensitive information writing method in chip production test stage |
| CN117743061A (en) * | 2024-02-19 | 2024-03-22 | 四川天邑康和通信股份有限公司 | FTTR-based FPGA key wireless static test method, device, equipment and medium |
| CN117743061B (en) * | 2024-02-19 | 2024-05-10 | 四川天邑康和通信股份有限公司 | FTTR-based FPGA key wireless static test method, FTTR-based FPGA key wireless static test device, FTTR-based FPGA key wireless static test equipment and medium |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140298031A1 (en) * | 2013-03-29 | 2014-10-02 | Mstar Semiconductor, Inc. | Method for Determining Debug Authorization for Motherboard Control Module and Associated Motherboard Control Module |
| US20170187699A1 (en) * | 2015-12-29 | 2017-06-29 | Itron, Inc. | Hardware Cryptographic Authentication |
| CN107835078A (en) * | 2017-10-12 | 2018-03-23 | 深圳市中易通安全芯科技有限公司 | A kind of mobile intelligent terminal biometric security unlocking system and method |
| CN107871068A (en) * | 2017-10-27 | 2018-04-03 | 深圳怡化电脑股份有限公司 | Firmware burning method, cd-rom recorder and computer-readable recording medium |
| CN108156126A (en) * | 2016-12-02 | 2018-06-12 | 阿里巴巴集团控股有限公司 | The burning method of calibration and device of internet of things equipment, identity identifying method and device |
| CN109274488A (en) * | 2018-09-04 | 2019-01-25 | 广州众诺电子技术有限公司 | Integrated circuit burning program method, storage medium and system |
| CN110474767A (en) * | 2019-08-21 | 2019-11-19 | 杭州涂鸦信息技术有限公司 | Chip keys method for burn-recording and system under a kind of off-line state |
| CN110719166A (en) * | 2019-10-15 | 2020-01-21 | 深圳市元征科技股份有限公司 | Chip burning method, chip burning device, chip burning system and storage medium |
| CN111246396A (en) * | 2020-01-06 | 2020-06-05 | 杭州涂鸦信息技术有限公司 | Complete machine burning method and system based on UDP local area network |
| CN112069515A (en) * | 2020-08-20 | 2020-12-11 | 博流智能科技(南京)有限公司 | Safe EFUSE burning method and system |
-
2021
- 2021-02-08 CN CN202110178022.7A patent/CN112994893B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140298031A1 (en) * | 2013-03-29 | 2014-10-02 | Mstar Semiconductor, Inc. | Method for Determining Debug Authorization for Motherboard Control Module and Associated Motherboard Control Module |
| US20170187699A1 (en) * | 2015-12-29 | 2017-06-29 | Itron, Inc. | Hardware Cryptographic Authentication |
| CN108156126A (en) * | 2016-12-02 | 2018-06-12 | 阿里巴巴集团控股有限公司 | The burning method of calibration and device of internet of things equipment, identity identifying method and device |
| CN107835078A (en) * | 2017-10-12 | 2018-03-23 | 深圳市中易通安全芯科技有限公司 | A kind of mobile intelligent terminal biometric security unlocking system and method |
| CN107871068A (en) * | 2017-10-27 | 2018-04-03 | 深圳怡化电脑股份有限公司 | Firmware burning method, cd-rom recorder and computer-readable recording medium |
| CN109274488A (en) * | 2018-09-04 | 2019-01-25 | 广州众诺电子技术有限公司 | Integrated circuit burning program method, storage medium and system |
| CN110474767A (en) * | 2019-08-21 | 2019-11-19 | 杭州涂鸦信息技术有限公司 | Chip keys method for burn-recording and system under a kind of off-line state |
| CN110719166A (en) * | 2019-10-15 | 2020-01-21 | 深圳市元征科技股份有限公司 | Chip burning method, chip burning device, chip burning system and storage medium |
| CN111246396A (en) * | 2020-01-06 | 2020-06-05 | 杭州涂鸦信息技术有限公司 | Complete machine burning method and system based on UDP local area network |
| CN112069515A (en) * | 2020-08-20 | 2020-12-11 | 博流智能科技(南京)有限公司 | Safe EFUSE burning method and system |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113780495A (en) * | 2021-09-01 | 2021-12-10 | 芯电智联(北京)科技有限公司 | NFC tag data writing method and terminal |
| CN113780495B (en) * | 2021-09-01 | 2023-07-21 | 芯电智联(北京)科技有限公司 | NFC tag data writing method and terminal |
| CN113992324A (en) * | 2021-09-16 | 2022-01-28 | 深圳市有方科技股份有限公司 | Configuration method for hardware encryption module of IoT (Internet of things) equipment and related equipment |
| CN114499847A (en) * | 2022-01-20 | 2022-05-13 | 无锡众星微系统技术有限公司 | Sensitive information writing method in chip production test stage |
| CN117743061A (en) * | 2024-02-19 | 2024-03-22 | 四川天邑康和通信股份有限公司 | FTTR-based FPGA key wireless static test method, device, equipment and medium |
| CN117743061B (en) * | 2024-02-19 | 2024-05-10 | 四川天邑康和通信股份有限公司 | FTTR-based FPGA key wireless static test method, FTTR-based FPGA key wireless static test device, FTTR-based FPGA key wireless static test equipment and medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112994893B (en) | 2021-12-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112994893B (en) | Secret key burning method in chip production test stage | |
| CN101043326B (en) | Dynamic information encrypting system and method | |
| CN101291224A (en) | Method and system for processing data in communication system | |
| CN109218295A (en) | Document protection method, device, computer equipment and storage medium | |
| CN109474419A (en) | A kind of living body portrait photo encryption and decryption method and encrypting and deciphering system | |
| CN103560892A (en) | Secret key generation method and secret key generation device | |
| JP6751545B1 (en) | Electronic signature system and anti-tamper device | |
| US20230388121A1 (en) | Method for encrypting and decrypting data across domains based on privacy computing | |
| CN106850232B (en) | The authorization management method and system that state is kept | |
| CN106953731A (en) | The authentication method and system of a kind of terminal management person | |
| CN112904182B (en) | Test mode entry control method | |
| JP4998314B2 (en) | Communication control method and communication control program | |
| CN111224784B (en) | Role separation distributed authentication and authorization method based on hardware trusted root | |
| WO2006026925A1 (en) | A method for setting the authentication key | |
| CN117082501A (en) | Mobile terminal data encryption method | |
| CN112860497B (en) | Chip debugging enabling control method | |
| CN100561913C (en) | A kind of method of access code equipment | |
| CN113297563B (en) | Method and device for accessing privileged resources of system on chip and system on chip | |
| CN115801232A (en) | Private key protection method, device, equipment and storage medium | |
| JP2021111925A (en) | Electronic signature system | |
| CN114499847A (en) | Sensitive information writing method in chip production test stage | |
| CN111385282A (en) | Method and device for checking the integrity of modules of a wind power plant | |
| JP3078666B2 (en) | Mutual authentication / encryption key distribution method | |
| CN1232067C (en) | Data encryption transmission and exchange method in self-cycle balance state and soft-closed management system | |
| JP6165044B2 (en) | User authentication apparatus, system, method and program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |