CN114201183A - Writer and method for safely writing secret key - Google Patents

Writer and method for safely writing secret key Download PDF

Info

Publication number
CN114201183A
CN114201183A CN202111352766.2A CN202111352766A CN114201183A CN 114201183 A CN114201183 A CN 114201183A CN 202111352766 A CN202111352766 A CN 202111352766A CN 114201183 A CN114201183 A CN 114201183A
Authority
CN
China
Prior art keywords
encryption chip
key
built
programmed
programming
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111352766.2A
Other languages
Chinese (zh)
Inventor
陈富
薛晓鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan Jiyiwei Electronics Co ltd
Original Assignee
Wuhan Jiyiwei Electronics Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan Jiyiwei Electronics Co ltd filed Critical Wuhan Jiyiwei Electronics Co ltd
Priority to CN202111352766.2A priority Critical patent/CN114201183A/en
Publication of CN114201183A publication Critical patent/CN114201183A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/61Installation
    • G06F8/63Image based installation; Cloning; Build to order
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to a writer and a key safety writing method, wherein the writer comprises a main controller and a built-in encryption chip, the main controller is used for sending a writing starting instruction to the built-in encryption chip, and the built-in encryption chip is used for storing a key, performing digital logic conversion on the key and then sending the key to the encryption chip to be written. The built-in encryption chip is additionally arranged in the writer, the key is stored in hardware, the main controller is only responsible for sending a writing instruction, the key is sent to the encryption chip to be written after digital logic conversion, the key stored in the built-in encryption chip is inconsistent with the actually transmitted key, and even if the writer chip is obtained by a third party, the key information cannot be recovered through decompilation or physical means; the communication between the built-in encryption chip and the encryption chip to be programmed is scrambled and descrambled, so that the key information can be prevented from being analyzed by grabbing intermediate signals; the secret key can be safely written into the encryption chip and cannot be acquired by a third party, and the safety is high.

Description

Writer and method for safely writing secret key
Technical Field
The invention relates to the technical field of key programming, in particular to a programming device and a key safety programming method.
Background
The encryption chip is a general name of a type of security chip which has a very high security level and can ensure that keys and information data stored inside cannot be illegally read and tampered. The method is specially used for encryption transmission and key safety storage of line data, and has wide application.
At present, a key of an encryption chip is written into an EEPROM or an EEPROM through a writer during an initialization stage, the key is stored in the writer, a chip manufacturer provides a class of writers to different users, the writer is currently manufactured based on an MCU or an ARM processor, and the key is directly stored in the FUSE or the EEPROM of the writer chip, as shown in fig. 1. If the programming device chip is taken, the programming device program is easy to be decompiled and acquired, and the key stored in the FUSE or the EEPROM is easy to be acquired by a third party through a physical means, so that the key information of the encryption chip is obtained, and the safety of the chip is threatened. Therefore, the security of the key programming mode is low.
Disclosure of Invention
The invention mainly aims to overcome the defects of the prior art and provides a writer and a key safe writing method, so that a key can be safely written into an encryption chip, a third party cannot acquire key information through a physical means, and the safety is high.
The invention adopts the following technical scheme:
a programming device comprises a main controller and a built-in encryption chip, wherein the main controller is in communication connection with the built-in encryption chip and is used for sending a command for starting programming to the built-in encryption chip, and the built-in encryption chip is used for storing a secret key, performing digital logic conversion on the secret key and then sending the secret key to the encryption chip to be programmed.
Furthermore, the built-in encryption chip comprises a key storage function module, a logic conversion function module and a communication interface for connecting with the encryption chip to be programmed, wherein the key storage function module is used for storing keys, and the logic conversion function module is used for performing digital logic conversion on the keys.
Further, the key storage function module is FUSE or EEPROM with built-in encryption chip.
Further, the main controller adopts an MCU or ARM processor.
A safe key programming method based on the programmer comprises the following steps:
step 1, before the programming device leaves a factory, a secret key is programmed in a built-in encryption chip;
step 2, connecting the programming device with an encryption chip to be programmed;
and 3, starting the writer, sending a writing starting instruction to the built-in encryption chip by the main controller, reading the stored key information by the built-in encryption chip, carrying out digital logic conversion on the key information, sending the key information to the encryption chip to be written, and writing the encryption chip to be written.
Further, the built-in encryption chip acquires a random number through a noise source, increases random crosstalk to the data after digital logic conversion, and then sends the data to the encryption chip to be programmed, the encryption chip to be programmed receives the data, then descrambles the data, and then stores the descrambled data as a secret key.
Furthermore, the built-in encryption chip is configured to be unchangeable and unreadable after one-time programming is completed.
Furthermore, the encryption chip to be programmed can only be programmed once, and cannot be programmed again after programming is completed.
Further, the key is burnt into the FUSE or the EEPROM of the encryption chip to be burnt.
Furthermore, the built-in encryption chip realizes digital logic conversion of the key information through a hardware logic operation circuit or a software logic operation function.
As can be seen from the above description of the present invention, compared with the prior art, the beneficial effects of the present invention are:
the invention provides a writer and a safe key writing method, wherein a built-in encryption chip is additionally arranged in the writer, a key is stored in hardware, a main controller is only responsible for sending a writing instruction, and the key is sent to an encryption chip to be written after digital logic conversion, the key stored in the built-in encryption chip is not directly used in the writing process, the key stored in the built-in encryption chip is inconsistent with the actually transmitted key, and even if the writer chip is obtained by a third party, key information cannot be recovered by other physical means such as cracking a program of the main controller and the like, so that the key can be safely written into the encryption chip and cannot be obtained by the third party, and the safety is high. Meanwhile, the built-in encryption chip increases random crosstalk to the data after digital logic conversion and then sends the data to the encryption chip to be programmed, and after the encryption chip to be programmed descrambles the data, the descrambled data is stored as a secret key, so that the secret key information can be prevented from being analyzed by grabbing intermediate signals, and the safety of the secret key is further improved.
Drawings
FIG. 1 is a block diagram of a key programming performed by a programmer in the prior art;
FIG. 2 is a block diagram of a schematic structure of a key programming performed by a programmer in embodiment 1 of the present invention;
fig. 3 is a schematic block diagram of a key programming performed by the writer according to embodiment 2 of the present invention.
Detailed Description
The invention is further described below by means of specific embodiments.
Example 1
Referring to fig. 2, the writer of the present invention includes a main controller and a built-in encryption chip, the main controller is in communication connection with the built-in encryption chip, the main controller is configured to send a command to start writing to the built-in encryption chip, and the built-in encryption chip is configured to store a secret key and perform digital logic conversion on the secret key, and then send the secret key to the encryption chip to be written. The main controller adopts an MCU. The built-in encryption chip comprises a key storage function module, a logic conversion function module and a communication interface used for being connected with the encryption chip to be programmed. The key storage function module is an EEPROM with a built-in encryption chip and is used for storing a key; the logic conversion function module adopts a hardware logic operation circuit and is used for realizing digital logic conversion of the key information.
Referring to fig. 2, a method for safely programming a key based on the above writer includes the following steps:
step 1, before a writer leaves a factory, a manufacturer writes a secret key into an EEPROM of a built-in encryption chip and configures the secret key not to be changed and read after one-time writing is finished;
step 2, connecting the programming device with an encryption chip to be programmed;
and 3, starting the writer, sending a writing starting instruction to the built-in encryption chip by the main controller, reading the key information stored in the EEPROM by the built-in encryption chip, carrying out digital logic conversion on the key information by the logic conversion function module, sending the key information to the encryption chip to be written, writing the encryption chip to be written, and writing the key into the EEPROM of the encryption chip to be written. The key stored in the EEPROM of the built-in encryption chip is inconsistent with the actually transmitted key, so that the security is improved. Meanwhile, the built-in encryption chip acquires a random number through a noise source, increases random crosstalk to the data after digital logic conversion, and then sends the data to the encryption chip to be programmed, the data is descrambled after the encryption chip to be programmed receives the data, and then the descrambled data is stored into the EEPROM as a secret key, so that the secret key information can be prevented from being analyzed by grabbing intermediate signals. The encryption chip to be programmed can only be programmed once, and cannot be programmed again after programming is completed.
Example 2
Referring to fig. 3, the present embodiment is different from embodiment 1 in that: the main controller adopts an ARM processor. The key storage function module is a FUSE of the built-in encryption chip, and the key is programmed into the FUSE of the encryption chip to be programmed. The built-in encryption chip realizes digital logic transformation on the key information through a logic operation function of software.
The above description is only two specific embodiments of the present invention, but the design concept of the present invention is not limited thereto, and any insubstantial modifications made by the design concept should fall within the scope of infringing the present invention.

Claims (10)

1. The programming device is characterized by comprising a main controller and a built-in encryption chip, wherein the main controller is in communication connection with the built-in encryption chip and is used for sending a command for starting programming to the built-in encryption chip, and the built-in encryption chip is used for storing a secret key, performing digital logic conversion on the secret key and then sending the secret key to the encryption chip to be programmed.
2. The writer according to claim 1, wherein said built-in encryption chip comprises a key storage function module, a logic conversion function module and a communication interface for connecting with the encryption chip to be written, wherein the key storage function module is used for storing keys, and the logic conversion function module is used for performing digital logic conversion on the keys.
3. The writer according to claim 2, wherein said key storage function is FUSE or EEPROM with built-in cryptographic chip.
4. The writer of claim 1 wherein said master controller is an MCU or ARM processor.
5. A key security programming method based on the writer of any one of claims 1 to 4, characterized by comprising the following steps:
step 1, before the programming device leaves a factory, a secret key is programmed in a built-in encryption chip;
step 2, connecting the programming device with an encryption chip to be programmed;
and 3, starting the writer, sending a writing starting instruction to the built-in encryption chip by the main controller, reading the stored key information by the built-in encryption chip, carrying out digital logic conversion on the key information, sending the key information to the encryption chip to be written, and writing the encryption chip to be written.
6. The method for safely programming the secret key according to claim 5, wherein the built-in encryption chip acquires the random number through a noise source, increases random crosstalk to the data after digital logic transformation, and then sends the data to the encryption chip to be programmed, the encryption chip to be programmed receives the data, then descrambles the data, and then stores the descrambled data as the secret key.
7. The method for safely programming the key according to claim 5, wherein the built-in encryption chip is configured to be unchangeable and unreadable after the one-time programming is completed.
8. The method for safely programming the key according to claim 5, wherein the encryption chip to be programmed can only be programmed once, and cannot be programmed again after the programming is completed.
9. The method for safely programming the key of claim 5, wherein the key is programmed into the FUSE or EEPROM of the encryption chip to be programmed.
10. The method for safely programming the key according to claim 5, wherein the built-in encryption chip performs digital logic transformation on the key information through a hardware logic operation circuit or a software logic operation function.
CN202111352766.2A 2021-11-16 2021-11-16 Writer and method for safely writing secret key Pending CN114201183A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111352766.2A CN114201183A (en) 2021-11-16 2021-11-16 Writer and method for safely writing secret key

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111352766.2A CN114201183A (en) 2021-11-16 2021-11-16 Writer and method for safely writing secret key

Publications (1)

Publication Number Publication Date
CN114201183A true CN114201183A (en) 2022-03-18

Family

ID=80647622

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111352766.2A Pending CN114201183A (en) 2021-11-16 2021-11-16 Writer and method for safely writing secret key

Country Status (1)

Country Link
CN (1) CN114201183A (en)

Similar Documents

Publication Publication Date Title
CN107508679B (en) Binding and authentication method for intelligent terminal main control chip and encryption chip
CN103718185B (en) Authenticate device, certified device and authentication method
CN102799803A (en) Secure removable media and method for managing the same
CN101072104B (en) Method and system for command authentication to achieve a secure interface
CN101339597B (en) Method, system and equipment for upgrading read-write machine firmware
CN103782538A (en) Authenticator
CN111404682B (en) Android environment key segmentation processing method and device
CN101349997A (en) Method for writing data into storage on chip and system thereof
US20200019324A1 (en) Card activation device and methods for authenticating and activating a data storage device by using a card activation device
CN101027659A (en) Programmable logic controller peripheral device
CN109977702A (en) A kind of FPGA device encrypted authentication system and method based on DS2432 chip
CN106657551A (en) Method and system for preventing mobile terminal from being unlocked
CN102750982A (en) Burning method and system of encrypted memory chip
CN102346862B (en) Authentication method and device of contactless card
US8423797B2 (en) Initialization of a chip card
CN101615160A (en) The security system and the safety method that are used for code dump protection
CN218068848U (en) Embedded software encryption protection system based on CPLD
CN114201183A (en) Writer and method for safely writing secret key
JP4993114B2 (en) Shared management method for portable storage device and portable storage device
CN108171018A (en) A kind of software cryptography of vehicle-mounted decoder and decryption method
CN110610077B (en) Encryption and decryption method based on chip
KR20080044502A (en) Memory card system and method transmitting password thereof
CN115688120A (en) Secure chip firmware importing method, secure chip and computer readable storage medium
CN109753821B (en) Data access device and method
JP4936834B2 (en) Data protection method for semiconductor memory card and semiconductor memory card

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination