CN115361140A - Method and device for verifying security chip key - Google Patents
Method and device for verifying security chip key Download PDFInfo
- Publication number
- CN115361140A CN115361140A CN202210998344.0A CN202210998344A CN115361140A CN 115361140 A CN115361140 A CN 115361140A CN 202210998344 A CN202210998344 A CN 202210998344A CN 115361140 A CN115361140 A CN 115361140A
- Authority
- CN
- China
- Prior art keywords
- key
- verification
- information
- encrypted
- decryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 46
- 238000012795 verification Methods 0.000 claims abstract description 221
- 238000012545 processing Methods 0.000 claims abstract description 77
- 230000005540 biological transmission Effects 0.000 claims description 5
- 238000004891 communication Methods 0.000 claims description 5
- 238000005516 engineering process Methods 0.000 description 6
- 238000004590 computer program Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 238000003672 processing method Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000002427 irreversible effect Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008707 rearrangement Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
Abstract
The embodiment of the invention discloses a method and a device for verifying a security chip key, wherein the method comprises the following steps: when the data processing terminal starts to run, encrypting verification information based on a stored encryption key to be verified to obtain encrypted verification information, and sending the encrypted verification information to the random verification equipment; the random verification equipment receives the encrypted verification information, decrypts the encrypted verification information based on a stored first decryption key, encrypts the encrypted verification information through the stored first encryption key to obtain encrypted feedback information if the decryption is successful to obtain plaintext information, and sends the encrypted feedback information to the data processing end; and the data processing end receives the encrypted feedback information, decrypts the encrypted feedback information through a decryption key to be verified, and determines a key verification result according to the decryption condition. According to the scheme, the accuracy and the feasibility of key verification are improved.
Description
Technical Field
The embodiment of the application relates to the technical field of security chips, in particular to a method and a device for verifying a key of a security chip.
Background
The security chip is a trusted platform module, is a device capable of independently generating a secret key and encrypting and decrypting, is internally provided with an independent processor and a storage unit, can store the secret key and characteristic data, and provides encryption and security authentication services for a computer. The encryption is carried out by a security chip, the key is stored in hardware, and stolen data cannot be decrypted, so that the business privacy and the data security are protected.
In the related art, for example, patent document CN114266083A proposes a secure storage method for a key in a chip, which utilizes a characteristic that a bootrom is booted again after the chip is powered on, to obtain a configuration of a chip user in a flash memory flash in a bootrom boot flow, where the user sets the key of the chip according to a requirement, and configures a read-write permission of the key in an encryption module; the configuration in the flash memory can be divided into a key configuration area and a key storage area according to an address space; the key configuration area can be configured with read protection and write protection of the encryption module key, and the key storage area stores the key of the chip; after the chip is powered on, the encryption module downloads a secret key from the flash memory for an encryption algorithm in the module to use; the key storage area in the flash memory flash is always read protected, the key cannot be read at any time, after the used chip key is determined, the key storage area in the whole flash memory flash is configured to be write protected, meanwhile, the write protection is irreversible, and the key is solidified in the flash memory flash, so that the key cannot be changed by any user in subsequent use. However, most of the existing schemes reasonably protect the key and lack a reasonable and efficient mechanism for verifying whether the key is tampered.
Disclosure of Invention
The embodiment of the invention provides a method and a device for verifying a secret key of a security chip, which solve the problem that a reasonable and efficient mechanism for verifying whether the secret key is tampered in the related technology is lacked, and improve the accuracy and feasibility of secret key verification.
In a first aspect, an embodiment of the present invention provides a method for verifying a key of a security chip, where the method includes:
when a data processing terminal starts to run, encrypting verification information based on a stored encryption key to be verified to obtain encrypted verification information, determining associated random verification equipment through a server, and sending the encrypted verification information to the random verification equipment;
the random verification equipment receives the encrypted verification information, decrypts the encrypted verification information based on a stored first decryption key, encrypts the encrypted verification information through the stored first encryption key to obtain encrypted feedback information if the plaintext information is obtained through decryption, and sends the encrypted feedback information to the data processing end;
and the data processing end receives the encrypted feedback information, decrypts the encrypted feedback information through a decryption key to be verified, and determines a key verification result according to the decryption condition.
Optionally, the determining, by the server, the associated random verification device includes:
the server acquires the current position information of the data processing terminal;
and determining optional equipment within a preset range based on the position information, and determining random verification equipment according to attack information recorded by the optional equipment.
Optionally, after the determining, by the server, the associated random authentication device, the method further includes:
and the server sends a first decryption key and a first encryption key which are originally stored and correspond to the encryption key to be verified to the random verification equipment.
Optionally, the decrypting the encrypted feedback information with the decryption key to be verified, and determining a key verification result according to a decryption condition includes:
and decrypting the encrypted feedback information through the decryption key to be verified, and if the decryption is successful to obtain plaintext information, determining that the decryption key to be verified is not tampered.
Optionally, before the encrypting by the stored first encryption key to obtain the encrypted feedback information, the method further includes:
the random verification equipment sends decryption success information to the data processing end;
and after receiving the decryption success information, the data processing terminal judges that the encryption key to be verified is not tampered.
Optionally, after determining the key verification result according to the decryption condition, the method further includes:
if the verification result of the decryption key to be verified is tampered, discarding the received data sent by other equipment;
and if the verification result of the encryption key to be verified is tampered, stopping sending data to other equipment.
Optionally, after determining the key verification result according to the decryption condition, the method further includes:
and if the verification results of the encryption key to be verified and the decryption key to be verified are not tampered, performing normal data transmission communication with other equipment.
In a second aspect, an embodiment of the present invention further provides a security chip key verification apparatus, including:
the information sending module is configured to encrypt verification information based on a stored encryption key to be verified to obtain encrypted verification information when a data processing end starts to operate, determine associated random verification equipment through a server, and send the encrypted verification information to the random verification equipment;
the receiving processing module is configured to receive the encrypted verification information by the random verification device, decrypt the encrypted verification information based on a stored first decryption key, encrypt the encrypted verification information by the stored first encryption key to obtain encrypted feedback information if the decryption succeeds to obtain plaintext information, and send the encrypted feedback information to the data processing end;
and the result determining module is configured to receive the encrypted feedback information by the data processing terminal, decrypt the encrypted feedback information by a decryption key to be verified, and determine a key verification result according to a decryption condition.
In a third aspect, an embodiment of the present invention further provides a security chip key verification device, where the security chip key verification device includes:
one or more processors;
a storage secure chip device for storing one or more programs,
when the one or more programs are executed by the one or more processors, the one or more processors implement the method for verifying the key of the security chip according to the embodiment of the present invention.
In a fourth aspect, the embodiment of the present invention further provides a storage medium containing computer-executable instructions, which are used to execute the security chip key verification method according to the embodiment of the present invention when executed by a computer processor.
In a fifth aspect, the present application further provides a computer program product, where the computer program product includes a computer program, where the computer program is stored in a computer-readable storage medium, and at least one processor of the device reads and executes the computer program from the computer-readable storage medium, so that the device executes the secure chip key verification method described in the present application.
In the embodiment of the invention, when a data processing terminal starts to operate, verification information is encrypted based on a stored encryption key to be verified to obtain encryption verification information, a server determines associated random verification equipment, and the encryption verification information is sent to the random verification equipment; the random verification equipment receives the encrypted verification information, decrypts the encrypted verification information based on a stored first decryption key, encrypts the encrypted verification information through the stored first encryption key to obtain encrypted feedback information if the decryption is successful to obtain plaintext information, and sends the encrypted feedback information to the data processing end; and the data processing end receives the encrypted feedback information, decrypts the encrypted feedback information through a decryption key to be verified, and determines a key verification result according to a decryption condition. The scheme solves the problem that a reasonable and efficient mechanism for verifying whether the secret key is tampered or not is lacked in the related technology, and improves the accuracy and feasibility of secret key verification.
Drawings
Fig. 1 is a flowchart of a method for verifying a key of a security chip according to an embodiment of the present invention;
fig. 2 is a flowchart of a processing method after determining that a key is tampered according to an embodiment of the present invention;
fig. 3 is a flowchart of another processing method after determining that a key is tampered according to an embodiment of the present invention;
fig. 4 is a block diagram of a security chip key verification apparatus according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a security chip key verification device according to an embodiment of the present invention.
Detailed Description
The embodiments of the present invention will be described in further detail with reference to the drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of and not restrictive on the broad invention. It should be further noted that, for convenience of description, only some structures, not all structures, relating to the embodiments of the present invention are shown in the drawings.
Fig. 1 is a flowchart of a method for verifying a key of a security chip according to an embodiment of the present invention, where a scheme in an embodiment of the present invention specifically includes the following steps:
step S101, when a data processing end starts operation, verification information is encrypted based on a stored encryption key to be verified to obtain encryption verification information, a server determines associated random verification equipment, and the encryption verification information is sent to the random verification equipment.
In one embodiment, the data processing terminal is a terminal device integrated with a security chip, such as a car networking terminal or a video monitoring terminal. When the operation is restarted, the verification information is encrypted based on the stored encryption key to be verified to obtain the encryption verification information, wherein the encryption key to be verified is to be verified whether the key is tampered, if the correct and safe encryption key is stored in the initialization or departure stage, the encryption key is not determined whether the key is tampered when the operation is started, and the key is the encryption key to be verified. And encrypting the verification information by using the encryption key to be verified to obtain encrypted verification information.
The verification information may be stored plaintext information, which is information specially used for performing key verification.
And after the encrypted verification information is obtained, determining the associated random verification equipment through the server, and sending the encrypted verification information to the random verification equipment. The random authentication device is a device which is associated with the current data processing end and used for carrying out key authentication. Optionally, the determining manner may be: the server acquires the current position information of the data processing terminal; and determining optional equipment within a preset range based on the position information, and determining random verification equipment according to attack information recorded by the optional equipment. The preset range may be 1 km or 5 km, for example, and if there are multiple devices in the preset range, the attacked times recorded by the multiple devices are sorted, and the device with the least attacked time is selected as the random verification device.
Step S102, the random verification device receives the encrypted verification information, decrypts the encrypted verification information based on the stored first decryption key, encrypts the encrypted verification information through the stored first encryption key to obtain encrypted feedback information if the decryption succeeds to obtain plaintext information, and sends the encrypted feedback information to the data processing end.
And after receiving the encrypted verification information, the random verification equipment decrypts the encrypted verification information based on a first decryption key stored by the random verification equipment, wherein the first decryption key is a decryption key matched with the encryption key originally stored by the data processing end. And if the decryption is successful to obtain the plaintext information, encrypting through the stored first encryption key to obtain encrypted feedback information, and sending the encrypted feedback information to the data processing end. The first encryption key is a key consistent with an encryption key originally stored by the data processing end.
In one embodiment, after step S101, the method further includes: and the server sends a first decryption key and a first encryption key which are originally stored and correspond to the encryption key to be verified to the random verification equipment. Namely, the server stores a first decryption key and a first encryption key corresponding to the original encryption key to be verified. For example, assuming that the correct first encryption key is a, the corresponding paired first decryption key is b, and the server records that the data processing end is assigned with the first encryption key a and the first decryption key b, the identifier of the data processing end may be recorded. And after receiving a request of the data processing end, determining that the first encryption key is a and the first decryption key is b according to the identifier, and sending the first encryption key and the first decryption key to the determined random verification equipment.
Step S103, the data processing end receives the encrypted feedback information, decrypts the encrypted feedback information through a decryption key to be verified, and determines a key verification result according to the decryption condition.
In one embodiment, after receiving the encrypted feedback information, the data processing end decrypts the encrypted feedback information by using the decryption key to be verified, and determines a key verification result according to the decryption condition. Specifically, if the decryption is successful, it is determined that the decryption key to be verified has not been tampered with and can be used, that is, the decryption key to be verified and the first decryption key are consistent.
In one embodiment, before the obtaining of the encrypted feedback information by encrypting with the stored first encryption key, the method further includes: the random verification equipment sends decryption success information to the data processing end; and after receiving the decryption success information, the data processing end judges that the encryption key to be verified is not tampered. And the encryption key to be verified is consistent with the initial first encryption key.
According to the method, when the data processing terminal starts to operate, the verification information is encrypted based on the stored encryption key to be verified to obtain the encrypted verification information, the server determines the associated random verification equipment, and the encrypted verification information is sent to the random verification equipment; the random verification equipment receives the encrypted verification information, decrypts the encrypted verification information based on a stored first decryption key, encrypts the encrypted verification information through the stored first encryption key to obtain encrypted feedback information if the decryption is successful to obtain plaintext information, and sends the encrypted feedback information to the data processing end; and the data processing end receives the encrypted feedback information, decrypts the encrypted feedback information through a decryption key to be verified, and determines a key verification result according to the decryption condition. According to the scheme, the problem that a reasonable and efficient mechanism for verifying whether the secret key is tampered or not is lacked in the related technology is solved, and the accuracy and the feasibility of secret key verification are improved.
Fig. 2 is a flowchart of a processing method after determining that a key is tampered according to an embodiment of the present invention. As shown in fig. 2, the method specifically includes:
step S201, when the data processing end starts running, the verification information is encrypted based on the stored encryption key to be verified to obtain encryption verification information, the server determines the associated random verification equipment, and the encryption verification information is sent to the random verification equipment.
Step S202, the random verification device receives the encrypted verification information, decrypts the encrypted verification information based on the stored first decryption key, encrypts the encrypted verification information through the stored first encryption key to obtain encrypted feedback information if the decryption succeeds to obtain plaintext information, and sends the encrypted feedback information to the data processing end.
Step S203, the random verification device sends decryption success information to the data processing end, and the data processing end determines that the encryption key to be verified is not tampered after receiving the decryption success information.
And step S204, the data processing terminal receives the encrypted feedback information, decrypts the encrypted feedback information through a decryption key to be verified, and determines a key verification result according to the decryption condition.
Step S205, if the verification result of the decryption key to be verified is tampered, discarding the received data sent by other equipment; and if the verification result of the encryption key to be verified is tampered, stopping sending data to other equipment.
In one embodiment, further processing of the received data and the transmitted data is controlled in accordance with the determined test result. Specifically, if the verification result of the decryption key to be verified is tampered, discarding the received data sent by other devices; and if the verification result of the encryption key to be verified is tampered, stopping sending data to other equipment.
In this way, when the data processing terminal starts to operate, the authentication information is encrypted based on the stored encryption key to be authenticated to obtain encrypted authentication information, the server determines the associated random authentication equipment, and the encrypted authentication information is sent to the random authentication equipment; the random verification equipment receives the encrypted verification information, decrypts the encrypted verification information based on a stored first decryption key, encrypts the encrypted verification information through the stored first encryption key to obtain encrypted feedback information if the plaintext information is obtained through decryption, and sends the encrypted feedback information to the data processing end; and the data processing end receives the encrypted feedback information, decrypts the encrypted feedback information through a decryption key to be verified, and determines a key verification result according to the decryption condition. According to the scheme, the problem that a reasonable and efficient mechanism for verifying whether the secret key is tampered or not is lacked in the related technology is solved, the accuracy and the feasibility of secret key verification are improved, meanwhile, data safety is further guaranteed through control processing based on results, illegal instructions cannot be executed, and the illegal instructions cannot be sent to other equipment.
Fig. 3 is a flowchart of another processing method after it is determined that a key is tampered, according to an embodiment of the present invention, as shown in fig. 3, specifically including:
step S301, when the data processing terminal starts operation, the verification information is encrypted based on the stored encryption key to be verified to obtain encryption verification information, the server determines the associated random verification equipment, and the encryption verification information is sent to the random verification equipment.
Step S302, the random verification device receives the encrypted verification information, decrypts the encrypted verification information based on the stored first decryption key, and encrypts the encrypted verification information through the stored first decryption key to obtain encrypted feedback information if the decryption succeeds to obtain plaintext information, and sends the encrypted feedback information to the data processing end.
Step S303, the random verification device sends decryption success information to the data processing end, and the data processing end determines that the encryption key to be verified is not tampered after receiving the decryption success information.
And step S304, the data processing terminal receives the encrypted feedback information, decrypts the encrypted feedback information through a decryption key to be verified, and determines a key verification result according to a decryption condition.
And S305, if the verification results of the encryption key to be verified and the decryption key to be verified are not tampered, executing normal data transmission communication with other equipment.
In one embodiment, if it is verified that the key information is safe, data communication is performed normally.
In this way, when the data processing terminal starts to operate, the authentication information is encrypted based on the stored encryption key to be authenticated to obtain encrypted authentication information, the server determines the associated random authentication equipment, and the encrypted authentication information is sent to the random authentication equipment; the random verification equipment receives the encrypted verification information, decrypts the encrypted verification information based on a stored first decryption key, encrypts the encrypted verification information through the stored first encryption key to obtain encrypted feedback information if the decryption is successful to obtain plaintext information, and sends the encrypted feedback information to the data processing end; and the data processing end receives the encrypted feedback information, decrypts the encrypted feedback information through a decryption key to be verified, and determines a key verification result according to a decryption condition. The scheme solves the problem that a reasonable and efficient mechanism for verifying whether the secret key is tampered or not is lacked in the related technology, and improves the accuracy and feasibility of secret key verification.
Fig. 4 is a block diagram of a security chip key verification apparatus according to an embodiment of the present invention, where the security chip apparatus is configured to execute the security chip key verification method provided in the data receiving end embodiment, and has corresponding functional modules and beneficial effects of the execution method. As shown in fig. 4, the security chip device specifically includes: an information transmission module 101, a reception processing module 102, and a result determination module 103, wherein,
the information sending module 101 is configured to encrypt verification information based on a stored encryption key to be verified to obtain encrypted verification information when a data processing end starts running, determine associated random verification equipment through a server, and send the encrypted verification information to the random verification equipment;
the receiving processing module 102 is configured to receive the encrypted verification information by the random verification device, decrypt the encrypted verification information based on a stored first decryption key, encrypt the encrypted verification information by using the stored first encryption key to obtain encrypted feedback information if the decryption succeeds to obtain plaintext information, and send the encrypted feedback information to the data processing end;
and the result determining module 103 is configured to receive the encrypted feedback information by the data processing terminal, decrypt the encrypted feedback information by using a decryption key to be verified, and determine a key verification result according to a decryption condition.
According to the scheme, when the data processing terminal starts to run, the verification information is encrypted based on the stored encryption key to be verified to obtain encrypted verification information, the server determines the associated random verification equipment, and the encrypted verification information is sent to the random verification equipment; the random verification equipment receives the encrypted verification information, decrypts the encrypted verification information based on a stored first decryption key, encrypts the encrypted verification information through the stored first encryption key to obtain encrypted feedback information if the decryption is successful to obtain plaintext information, and sends the encrypted feedback information to the data processing end; and the data processing end receives the encrypted feedback information, decrypts the encrypted feedback information through a decryption key to be verified, and determines a key verification result according to a decryption condition. The scheme solves the problem that a reasonable and efficient mechanism for verifying whether the secret key is tampered or not is lacked in the related technology, and improves the accuracy and feasibility of secret key verification. Correspondingly, the functions executed by the modules are respectively as follows:
in one possible embodiment, the determining, by the server, the associated random authentication device includes:
the server acquires the current position information of the data processing terminal;
and determining optional equipment within a preset range based on the position information, and determining random verification equipment according to attack information recorded by the optional equipment.
In a possible embodiment, after determining, by the server, the associated random authentication device, the method further includes:
and the server sends a first decryption key and a first encryption key which are originally stored and correspond to the encryption key to be verified to the random verification equipment.
In a possible embodiment, the decrypting the encrypted feedback information by using the decryption key to be verified, and determining the key verification result according to the decryption condition includes:
and decrypting the encrypted feedback information through the decryption key to be verified, and if the decryption is successful to obtain plaintext information, determining that the decryption key to be verified is not tampered.
In a possible embodiment, before the obtaining the encrypted feedback information by encrypting with the stored first encryption key, the method further includes:
the random verification equipment sends decryption success information to the data processing end;
and after receiving the decryption success information, the data processing terminal judges that the encryption key to be verified is not tampered.
In a possible embodiment, after determining the key verification result according to the decryption condition, the method further includes:
if the verification result of the decryption key to be verified is tampered, discarding the received data sent by other equipment;
and if the verification result of the encryption key to be verified is tampered, stopping sending data to other equipment.
In a possible embodiment, after determining the key verification result according to the decryption condition, the method further includes:
and if the verification results of the encryption key to be verified and the decryption key to be verified are not tampered, performing normal data transmission communication with other equipment.
Fig. 5 is a schematic structural diagram of a secure chip key verification apparatus according to an embodiment of the present invention, as shown in fig. 5, the apparatus includes a processor 201, a memory 202, an input secure chip device 203, and an output secure chip device 204; the number of the processors 201 in the device may be one or more, and one processor 201 is taken as an example in fig. 5; the processor 201, the memory 202, the input secure chip means 203 and the output secure chip means 204 in the device may be connected by a bus or other means, for example, in fig. 5. The memory 202 is a computer-readable storage medium, and can be used for storing software programs, computer-executable programs, and modules, such as program instructions/modules corresponding to the security chip key verification method in the embodiment of the present invention. The processor 201 executes various functional applications and data processing of the device by running software programs, instructions and modules stored in the memory 202, that is, implements the secure chip key verification method described above. The input security chip means 203 may be used to receive input numeric or character information and generate key signal inputs relating to user settings and function control of the device. The output secure chip apparatus 204 may include a display device such as a display screen.
Embodiments of the present invention also provide a storage medium containing computer-executable instructions, which when executed by a computer processor are configured to perform a method for secure chip key verification, the method including:
when a data processing terminal starts to run, encrypting verification information based on a stored encryption key to be verified to obtain encrypted verification information, determining associated random verification equipment through a server, and sending the encrypted verification information to the random verification equipment;
the random verification equipment receives the encrypted verification information, decrypts the encrypted verification information based on a stored first decryption key, encrypts the encrypted verification information through the stored first encryption key to obtain encrypted feedback information if the decryption is successful to obtain plaintext information, and sends the encrypted feedback information to the data processing end;
and the data processing end receives the encrypted feedback information, decrypts the encrypted feedback information through a decryption key to be verified, and determines a key verification result according to the decryption condition.
From the above description of the embodiments, it is obvious for those skilled in the art that the embodiments of the present invention can be implemented by software and necessary general hardware, and certainly can be implemented by hardware, but the former is a better implementation in many cases. Based on such understanding, the technical solutions of the embodiments of the present invention may be embodied in the form of a software product, which may be stored in a computer-readable storage medium, such as a floppy disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a FLASH Memory (FLASH), a hard disk or an optical disk of a computer, and includes several instructions to make a computer device (which may be a personal computer, a service, or a network device) perform the methods described in the embodiments of the present invention.
It should be noted that, in the embodiment of the secure chip key verification apparatus, each unit and each module included in the embodiment are only divided according to functional logic, but are not limited to the above division as long as the corresponding function can be implemented; in addition, specific names of the functional units are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the embodiment of the present invention.
In some possible embodiments, various aspects of the methods provided by the present application may also be implemented in the form of a program product including program code for causing a computer device to perform the steps in the methods according to various exemplary embodiments of the present application described above in this specification when the program product is run on the computer device, for example, the computer device may perform the security chip key verification method described in the embodiments of the present application. The program product may be implemented using any combination of one or more readable media.
It should be noted that the foregoing is only a preferred embodiment of the present invention and the technical principles applied. Those skilled in the art will appreciate that the embodiments of the present invention are not limited to the specific embodiments described herein, and that various obvious changes, rearrangements and substitutions can be made by those skilled in the art without departing from the scope of the embodiments of the invention. Therefore, although the embodiments of the present invention have been described in more detail through the above embodiments, the embodiments of the present invention are not limited to the above embodiments, and many other equivalent embodiments can be included without departing from the concept of the embodiments of the present invention, and the scope of the embodiments of the present invention is determined by the scope of the appended claims.
Claims (10)
1. The method for verifying the key of the security chip is characterized by comprising the following steps:
when a data processing end starts to run, encrypting verification information based on a stored encryption key to be verified to obtain encrypted verification information, determining associated random verification equipment through a server, and sending the encrypted verification information to the random verification equipment;
the random verification equipment receives the encrypted verification information, decrypts the encrypted verification information based on a stored first decryption key, encrypts the encrypted verification information through the stored first encryption key to obtain encrypted feedback information if the plaintext information is obtained through decryption, and sends the encrypted feedback information to the data processing end;
and the data processing end receives the encrypted feedback information, decrypts the encrypted feedback information through a decryption key to be verified, and determines a key verification result according to the decryption condition.
2. The method for verifying the key of the security chip of claim 1, wherein the determining, by the server, the associated random verification device comprises:
the server acquires the current position information of the data processing terminal;
and determining optional equipment within a preset range based on the position information, and determining random verification equipment according to attack information recorded by the optional equipment.
3. The method for verifying the key of the secure chip according to claim 1, further comprising, after the determining, by the server, the associated random authentication device:
and the server sends a first decryption key and a first encryption key which are originally stored and correspond to the encryption key to be verified to the random verification equipment.
4. The method for verifying the key of the security chip according to claim 1, wherein the decrypting the encrypted feedback information by the decryption key to be verified, and determining the key verification result according to the decryption condition comprises:
and decrypting the encrypted feedback information through the decryption key to be verified, and if the decryption is successful to obtain plaintext information, determining that the decryption key to be verified is not tampered.
5. The method for verifying the key of the security chip according to claim 4, wherein before the encrypting the encrypted feedback information by the stored first encryption key, the method further comprises:
the random verification equipment sends decryption success information to the data processing end;
and after receiving the decryption success information, the data processing end judges that the encryption key to be verified is not tampered.
6. The method for verifying the key of the security chip according to claim 5, further comprising, after determining the key verification result according to the decryption condition:
if the verification result of the decryption key to be verified is tampered, discarding the received data sent by other equipment;
and if the verification result of the encryption key to be verified is tampered, stopping sending data to other equipment.
7. The method for verifying the key of the security chip according to claim 5, further comprising, after determining the key verification result according to the decryption condition:
and if the verification results of the encryption key to be verified and the decryption key to be verified are not tampered, performing normal data transmission communication with other equipment.
8. The secure chip key verification apparatus, characterized by comprising:
the information sending module is configured to encrypt verification information based on a stored encryption key to be verified to obtain encrypted verification information when a data processing end starts to operate, determine associated random verification equipment through a server, and send the encrypted verification information to the random verification equipment;
the receiving processing module is configured to receive the encrypted verification information by the random verification equipment, decrypt the encrypted verification information based on a stored first decryption key, encrypt the encrypted verification information by the stored first encryption key to obtain encrypted feedback information if the decryption succeeds to obtain plaintext information, and send the encrypted feedback information to the data processing end;
and the result determining module is configured to receive the encrypted feedback information by the data processing terminal, decrypt the encrypted feedback information by a decryption key to be verified, and determine a key verification result according to a decryption condition.
9. A secure chip key verification apparatus, the apparatus comprising: one or more processors; storing a secure chip apparatus for storing one or more programs that, when executed by the one or more processors, cause the one or more processors to implement the secure chip key verification method of any one of claims 1-7.
10. A storage medium containing computer-executable instructions for performing the secure chip key verification method of any one of claims 1-7 when executed by a computer processor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210998344.0A CN115361140B (en) | 2022-08-19 | 2022-08-19 | Method and device for verifying security chip key |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210998344.0A CN115361140B (en) | 2022-08-19 | 2022-08-19 | Method and device for verifying security chip key |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115361140A true CN115361140A (en) | 2022-11-18 |
| CN115361140B CN115361140B (en) | 2023-11-24 |
Family
ID=84001906
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210998344.0A Active CN115361140B (en) | 2022-08-19 | 2022-08-19 | Method and device for verifying security chip key |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115361140B (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2010135950A (en) * | 2008-12-03 | 2010-06-17 | Nec Corp | Device and method for encryption processing |
| US8307098B1 (en) * | 2000-08-29 | 2012-11-06 | Lenovo (Singapore) Pte. Ltd. | System, method, and program for managing a user key used to sign a message for a data processing system |
| CN107395560A (en) * | 2017-06-05 | 2017-11-24 | 努比亚技术有限公司 | Safety check and its initiation, management method, equipment, server and storage medium |
| US20200092097A1 (en) * | 2018-09-14 | 2020-03-19 | Htc Corporation | Method of Social Key Recovery and Related Device |
| US20220083665A1 (en) * | 2009-12-04 | 2022-03-17 | Cryptography Research, Inc. | Security chip with resistance to external monitoring attacks |
| CN114637987A (en) * | 2022-05-18 | 2022-06-17 | 广州万协通信息技术有限公司 | Security chip firmware downloading method and system based on platform verification |
| US20220261485A1 (en) * | 2019-07-30 | 2022-08-18 | Sony Group Corporation | Data processing device, data processing method, and program |
-
2022
- 2022-08-19 CN CN202210998344.0A patent/CN115361140B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8307098B1 (en) * | 2000-08-29 | 2012-11-06 | Lenovo (Singapore) Pte. Ltd. | System, method, and program for managing a user key used to sign a message for a data processing system |
| JP2010135950A (en) * | 2008-12-03 | 2010-06-17 | Nec Corp | Device and method for encryption processing |
| US20220083665A1 (en) * | 2009-12-04 | 2022-03-17 | Cryptography Research, Inc. | Security chip with resistance to external monitoring attacks |
| CN107395560A (en) * | 2017-06-05 | 2017-11-24 | 努比亚技术有限公司 | Safety check and its initiation, management method, equipment, server and storage medium |
| US20200092097A1 (en) * | 2018-09-14 | 2020-03-19 | Htc Corporation | Method of Social Key Recovery and Related Device |
| US20220261485A1 (en) * | 2019-07-30 | 2022-08-18 | Sony Group Corporation | Data processing device, data processing method, and program |
| CN114637987A (en) * | 2022-05-18 | 2022-06-17 | 广州万协通信息技术有限公司 | Security chip firmware downloading method and system based on platform verification |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115361140B (en) | 2023-11-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR100611628B1 (en) | A method for processing information in an electronic device, a system, an electronic device and a processing block | |
| JP4668619B2 (en) | Device key | |
| US6948065B2 (en) | Platform and method for securely transmitting an authorization secret | |
| CN102271037B (en) | Based on the key protectors of online key | |
| CN108768963B (en) | Communication method and system of trusted application and secure element | |
| CN110621014B (en) | Vehicle-mounted equipment, program upgrading method thereof and server | |
| CN110868291B (en) | Data encryption transmission method, device, system and storage medium | |
| US8953805B2 (en) | Authentication information generating system, authentication information generating method, client apparatus, and authentication information generating program for implementing the method | |
| JP2002229861A (en) | Recording device with copyright protecting function | |
| US20230368194A1 (en) | Encryption method and decryption method for payment key, payment authentication method, and terminal device | |
| CN114637987B (en) | Security chip firmware downloading method and system based on platform verification | |
| CN111310213A (en) | Service data protection method, device, equipment and readable storage medium | |
| CN107124279B (en) | Method and device for erasing terminal data | |
| CN115065472B (en) | Security chip encryption and decryption method and device based on multi-key encryption and decryption | |
| JP2013545195A (en) | Bound data card and mobile host authentication method, apparatus and system | |
| CN114793184B (en) | Security chip communication method and device based on third-party key management node | |
| CN111401901A (en) | Authentication method and device of biological payment device, computer device and storage medium | |
| CN114244508A (en) | Data encryption method, device, equipment and storage medium | |
| CN109088729B (en) | Key storage method and device | |
| KR20070059891A (en) | Application authentication security system and method thereof | |
| CN109960935B (en) | Method, device and storage medium for determining trusted state of TPM (trusted platform Module) | |
| CN114189862A (en) | Wireless terminal and interface access authentication method of wireless terminal in Uboot mode | |
| JP2009199147A (en) | Communication control method and communication control program | |
| CN115361140B (en) | Method and device for verifying security chip key | |
| CN114885326A (en) | Bank mobile operation safety protection method, device and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |