CN114201183A - Writer and method for safely writing secret key - Google Patents
Writer and method for safely writing secret key Download PDFInfo
- Publication number
- CN114201183A CN114201183A CN202111352766.2A CN202111352766A CN114201183A CN 114201183 A CN114201183 A CN 114201183A CN 202111352766 A CN202111352766 A CN 202111352766A CN 114201183 A CN114201183 A CN 114201183A
- Authority
- CN
- China
- Prior art keywords
- encryption chip
- key
- built
- programmed
- programming
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/61—Installation
- G06F8/63—Image based installation; Cloning; Build to order
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to a writer and a key safety writing method, wherein the writer comprises a main controller and a built-in encryption chip, the main controller is used for sending a writing starting instruction to the built-in encryption chip, and the built-in encryption chip is used for storing a key, performing digital logic conversion on the key and then sending the key to the encryption chip to be written. The built-in encryption chip is additionally arranged in the writer, the key is stored in hardware, the main controller is only responsible for sending a writing instruction, the key is sent to the encryption chip to be written after digital logic conversion, the key stored in the built-in encryption chip is inconsistent with the actually transmitted key, and even if the writer chip is obtained by a third party, the key information cannot be recovered through decompilation or physical means; the communication between the built-in encryption chip and the encryption chip to be programmed is scrambled and descrambled, so that the key information can be prevented from being analyzed by grabbing intermediate signals; the secret key can be safely written into the encryption chip and cannot be acquired by a third party, and the safety is high.
Description
Technical Field
The invention relates to the technical field of key programming, in particular to a programming device and a key safety programming method.
Background
The encryption chip is a general name of a type of security chip which has a very high security level and can ensure that keys and information data stored inside cannot be illegally read and tampered. The method is specially used for encryption transmission and key safety storage of line data, and has wide application.
At present, a key of an encryption chip is written into an EEPROM or an EEPROM through a writer during an initialization stage, the key is stored in the writer, a chip manufacturer provides a class of writers to different users, the writer is currently manufactured based on an MCU or an ARM processor, and the key is directly stored in the FUSE or the EEPROM of the writer chip, as shown in fig. 1. If the programming device chip is taken, the programming device program is easy to be decompiled and acquired, and the key stored in the FUSE or the EEPROM is easy to be acquired by a third party through a physical means, so that the key information of the encryption chip is obtained, and the safety of the chip is threatened. Therefore, the security of the key programming mode is low.
Disclosure of Invention
The invention mainly aims to overcome the defects of the prior art and provides a writer and a key safe writing method, so that a key can be safely written into an encryption chip, a third party cannot acquire key information through a physical means, and the safety is high.
The invention adopts the following technical scheme:
a programming device comprises a main controller and a built-in encryption chip, wherein the main controller is in communication connection with the built-in encryption chip and is used for sending a command for starting programming to the built-in encryption chip, and the built-in encryption chip is used for storing a secret key, performing digital logic conversion on the secret key and then sending the secret key to the encryption chip to be programmed.
Furthermore, the built-in encryption chip comprises a key storage function module, a logic conversion function module and a communication interface for connecting with the encryption chip to be programmed, wherein the key storage function module is used for storing keys, and the logic conversion function module is used for performing digital logic conversion on the keys.
Further, the key storage function module is FUSE or EEPROM with built-in encryption chip.
Further, the main controller adopts an MCU or ARM processor.
A safe key programming method based on the programmer comprises the following steps:
step 1, before the programming device leaves a factory, a secret key is programmed in a built-in encryption chip;
step 2, connecting the programming device with an encryption chip to be programmed;
and 3, starting the writer, sending a writing starting instruction to the built-in encryption chip by the main controller, reading the stored key information by the built-in encryption chip, carrying out digital logic conversion on the key information, sending the key information to the encryption chip to be written, and writing the encryption chip to be written.
Further, the built-in encryption chip acquires a random number through a noise source, increases random crosstalk to the data after digital logic conversion, and then sends the data to the encryption chip to be programmed, the encryption chip to be programmed receives the data, then descrambles the data, and then stores the descrambled data as a secret key.
Furthermore, the built-in encryption chip is configured to be unchangeable and unreadable after one-time programming is completed.
Furthermore, the encryption chip to be programmed can only be programmed once, and cannot be programmed again after programming is completed.
Further, the key is burnt into the FUSE or the EEPROM of the encryption chip to be burnt.
Furthermore, the built-in encryption chip realizes digital logic conversion of the key information through a hardware logic operation circuit or a software logic operation function.
As can be seen from the above description of the present invention, compared with the prior art, the beneficial effects of the present invention are:
the invention provides a writer and a safe key writing method, wherein a built-in encryption chip is additionally arranged in the writer, a key is stored in hardware, a main controller is only responsible for sending a writing instruction, and the key is sent to an encryption chip to be written after digital logic conversion, the key stored in the built-in encryption chip is not directly used in the writing process, the key stored in the built-in encryption chip is inconsistent with the actually transmitted key, and even if the writer chip is obtained by a third party, key information cannot be recovered by other physical means such as cracking a program of the main controller and the like, so that the key can be safely written into the encryption chip and cannot be obtained by the third party, and the safety is high. Meanwhile, the built-in encryption chip increases random crosstalk to the data after digital logic conversion and then sends the data to the encryption chip to be programmed, and after the encryption chip to be programmed descrambles the data, the descrambled data is stored as a secret key, so that the secret key information can be prevented from being analyzed by grabbing intermediate signals, and the safety of the secret key is further improved.
Drawings
FIG. 1 is a block diagram of a key programming performed by a programmer in the prior art;
FIG. 2 is a block diagram of a schematic structure of a key programming performed by a programmer in embodiment 1 of the present invention;
fig. 3 is a schematic block diagram of a key programming performed by the writer according to embodiment 2 of the present invention.
Detailed Description
The invention is further described below by means of specific embodiments.
Example 1
Referring to fig. 2, the writer of the present invention includes a main controller and a built-in encryption chip, the main controller is in communication connection with the built-in encryption chip, the main controller is configured to send a command to start writing to the built-in encryption chip, and the built-in encryption chip is configured to store a secret key and perform digital logic conversion on the secret key, and then send the secret key to the encryption chip to be written. The main controller adopts an MCU. The built-in encryption chip comprises a key storage function module, a logic conversion function module and a communication interface used for being connected with the encryption chip to be programmed. The key storage function module is an EEPROM with a built-in encryption chip and is used for storing a key; the logic conversion function module adopts a hardware logic operation circuit and is used for realizing digital logic conversion of the key information.
Referring to fig. 2, a method for safely programming a key based on the above writer includes the following steps:
step 1, before a writer leaves a factory, a manufacturer writes a secret key into an EEPROM of a built-in encryption chip and configures the secret key not to be changed and read after one-time writing is finished;
step 2, connecting the programming device with an encryption chip to be programmed;
and 3, starting the writer, sending a writing starting instruction to the built-in encryption chip by the main controller, reading the key information stored in the EEPROM by the built-in encryption chip, carrying out digital logic conversion on the key information by the logic conversion function module, sending the key information to the encryption chip to be written, writing the encryption chip to be written, and writing the key into the EEPROM of the encryption chip to be written. The key stored in the EEPROM of the built-in encryption chip is inconsistent with the actually transmitted key, so that the security is improved. Meanwhile, the built-in encryption chip acquires a random number through a noise source, increases random crosstalk to the data after digital logic conversion, and then sends the data to the encryption chip to be programmed, the data is descrambled after the encryption chip to be programmed receives the data, and then the descrambled data is stored into the EEPROM as a secret key, so that the secret key information can be prevented from being analyzed by grabbing intermediate signals. The encryption chip to be programmed can only be programmed once, and cannot be programmed again after programming is completed.
Example 2
Referring to fig. 3, the present embodiment is different from embodiment 1 in that: the main controller adopts an ARM processor. The key storage function module is a FUSE of the built-in encryption chip, and the key is programmed into the FUSE of the encryption chip to be programmed. The built-in encryption chip realizes digital logic transformation on the key information through a logic operation function of software.
The above description is only two specific embodiments of the present invention, but the design concept of the present invention is not limited thereto, and any insubstantial modifications made by the design concept should fall within the scope of infringing the present invention.
Claims (10)
1. The programming device is characterized by comprising a main controller and a built-in encryption chip, wherein the main controller is in communication connection with the built-in encryption chip and is used for sending a command for starting programming to the built-in encryption chip, and the built-in encryption chip is used for storing a secret key, performing digital logic conversion on the secret key and then sending the secret key to the encryption chip to be programmed.
2. The writer according to claim 1, wherein said built-in encryption chip comprises a key storage function module, a logic conversion function module and a communication interface for connecting with the encryption chip to be written, wherein the key storage function module is used for storing keys, and the logic conversion function module is used for performing digital logic conversion on the keys.
3. The writer according to claim 2, wherein said key storage function is FUSE or EEPROM with built-in cryptographic chip.
4. The writer of claim 1 wherein said master controller is an MCU or ARM processor.
5. A key security programming method based on the writer of any one of claims 1 to 4, characterized by comprising the following steps:
step 1, before the programming device leaves a factory, a secret key is programmed in a built-in encryption chip;
step 2, connecting the programming device with an encryption chip to be programmed;
and 3, starting the writer, sending a writing starting instruction to the built-in encryption chip by the main controller, reading the stored key information by the built-in encryption chip, carrying out digital logic conversion on the key information, sending the key information to the encryption chip to be written, and writing the encryption chip to be written.
6. The method for safely programming the secret key according to claim 5, wherein the built-in encryption chip acquires the random number through a noise source, increases random crosstalk to the data after digital logic transformation, and then sends the data to the encryption chip to be programmed, the encryption chip to be programmed receives the data, then descrambles the data, and then stores the descrambled data as the secret key.
7. The method for safely programming the key according to claim 5, wherein the built-in encryption chip is configured to be unchangeable and unreadable after the one-time programming is completed.
8. The method for safely programming the key according to claim 5, wherein the encryption chip to be programmed can only be programmed once, and cannot be programmed again after the programming is completed.
9. The method for safely programming the key of claim 5, wherein the key is programmed into the FUSE or EEPROM of the encryption chip to be programmed.
10. The method for safely programming the key according to claim 5, wherein the built-in encryption chip performs digital logic transformation on the key information through a hardware logic operation circuit or a software logic operation function.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111352766.2A CN114201183A (en) | 2021-11-16 | 2021-11-16 | Writer and method for safely writing secret key |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111352766.2A CN114201183A (en) | 2021-11-16 | 2021-11-16 | Writer and method for safely writing secret key |
Publications (1)
Publication Number | Publication Date |
---|---|
CN114201183A true CN114201183A (en) | 2022-03-18 |
Family
ID=80647622
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202111352766.2A Pending CN114201183A (en) | 2021-11-16 | 2021-11-16 | Writer and method for safely writing secret key |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114201183A (en) |
-
2021
- 2021-11-16 CN CN202111352766.2A patent/CN114201183A/en active Pending
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107508679B (en) | Binding and authentication method for intelligent terminal main control chip and encryption chip | |
CN103718185B (en) | Authenticate device, certified device and authentication method | |
CN102799803A (en) | Secure removable media and method for managing the same | |
CN101072104B (en) | Method and system for command authentication to achieve a secure interface | |
CN101339597B (en) | Method, system and equipment for upgrading read-write machine firmware | |
CN103782538A (en) | Authenticator | |
CN111404682B (en) | Android environment key segmentation processing method and device | |
CN101349997A (en) | Method for writing data into storage on chip and system thereof | |
US20200019324A1 (en) | Card activation device and methods for authenticating and activating a data storage device by using a card activation device | |
CN101027659A (en) | Programmable logic controller peripheral device | |
CN109977702A (en) | A kind of FPGA device encrypted authentication system and method based on DS2432 chip | |
CN106657551A (en) | Method and system for preventing mobile terminal from being unlocked | |
CN102750982A (en) | Burning method and system of encrypted memory chip | |
CN102346862B (en) | Authentication method and device of contactless card | |
US8423797B2 (en) | Initialization of a chip card | |
CN101615160A (en) | The security system and the safety method that are used for code dump protection | |
CN218068848U (en) | Embedded software encryption protection system based on CPLD | |
CN114201183A (en) | Writer and method for safely writing secret key | |
JP4993114B2 (en) | Shared management method for portable storage device and portable storage device | |
CN108171018A (en) | A kind of software cryptography of vehicle-mounted decoder and decryption method | |
CN110610077B (en) | Encryption and decryption method based on chip | |
KR20080044502A (en) | Memory card system and method transmitting password thereof | |
CN115688120A (en) | Secure chip firmware importing method, secure chip and computer readable storage medium | |
CN109753821B (en) | Data access device and method | |
JP4936834B2 (en) | Data protection method for semiconductor memory card and semiconductor memory card |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |