CN115408675A - Method, device, equipment and storage medium for generating eFuse Key - Google Patents
Method, device, equipment and storage medium for generating eFuse Key Download PDFInfo
- Publication number
- CN115408675A CN115408675A CN202211353081.4A CN202211353081A CN115408675A CN 115408675 A CN115408675 A CN 115408675A CN 202211353081 A CN202211353081 A CN 202211353081A CN 115408675 A CN115408675 A CN 115408675A
- Authority
- CN
- China
- Prior art keywords
- character string
- key
- encryption
- efuse
- encrypted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
Abstract
The embodiment of the invention discloses a method, a device, equipment and a storage medium for generating an eFuse Key. The method comprises the following steps: performing logic operation on the product identification code, the chip identification number of the product and the key information to obtain a first encryption character string; encrypting the first encryption character string according to a preset encryption algorithm to obtain a second encryption character string; and performing logical operation on the second encrypted character string to obtain the eFuse Key. The invention carries out logical operation on the product identification code, the chip identification number and the Key information of the chip to carry out data conversion, and carries out logical operation again after the encryption algorithm carries out encryption processing, thereby not only facilitating the verification of the correctness of the eFuse Key in the process of burning a plurality of keys in the eFuse, but also increasing the cracking difficulty.
Description
Technical Field
The present invention relates to the field of chip technologies, and in particular, to a method, an apparatus, a device, and a storage medium for generating an eFuse Key.
Background
efuses, similar to EEPROMs, are one-time programmable memories into which information is written before the chip is shipped, and efuses are typically small in capacity, 128Bit for some chips, in a chip. Unlike SRAM arrays used by most FPGAs, efuses have only one fuse at a time that can be programmed, while efuses' electromigration characteristics can be used to create much smaller fuse structures than older laser blowing techniques. Key information such as HUK (Hardware Unique Key), CEK (Code Encrypted Key), and the like, i.e., a root Key eFuse Key of a chip, is generally burned on an ATE (Automatic Test Equipment) board before the chip leaves a factory. However, the existing mode for generating the eFuse Key is relatively single, for example, chinese patent CN105468935A only depends on the chip ID, and the purpose of generating the Key is also relatively single, which cannot be applied to the requirement of the complex chip eFuse Key.
Disclosure of Invention
Aiming at the defects of the prior art, the embodiment of the invention provides a method, a device, equipment and a storage medium for generating an eFuse Key, aiming at solving the technical problems that the eFuse Key is generated in a single mode and cannot be applied to the eFuse Key requirement of a complex chip.
In a first aspect, an embodiment of the present invention provides a method for generating an eFuse Key, where the method includes:
performing logic operation on the product identification code, the chip identification number of the product and the key information to obtain a first encryption character string;
encrypting the first encryption character string according to a preset encryption algorithm to obtain a second encryption character string;
and performing logical operation on the second encrypted character string to obtain the eFuse Key.
In a second aspect, an embodiment of the present invention provides an apparatus for generating an eFuse Key, including:
the first operation unit is used for carrying out logic operation on the product identification code, the chip identification number of the product and the key information to obtain a first encryption character string;
the first encryption unit is used for encrypting the first encryption character string according to a preset encryption algorithm to obtain a second encryption character string;
and the second arithmetic unit is used for carrying out logical operation on the second encryption character string to obtain the eFuse Key.
In a third aspect, an embodiment of the present invention further provides an electronic device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor implements the method for generating an eFuse Key according to the first aspect when executing the computer program.
In a fourth aspect, an embodiment of the present invention further provides a computer-readable storage medium, wherein the computer-readable storage medium stores a computer program, and the computer program, when executed by a processor, causes the processor to execute the method for generating an eFuse Key according to the first aspect.
The embodiment of the invention provides a method, a device, equipment and a storage medium for generating an eFuse Key. The method comprises the steps of carrying out logical operation on a product identification code, a chip identification number and Key information of a chip in advance to obtain a first encryption character string, then carrying out encryption processing on the first encryption character string by adopting an encryption algorithm to obtain a second encryption character string, and finally carrying out logical operation on the second encryption character string again to obtain an eFuse Key. The invention carries out logical operation on the product identification code, the chip identification number and the Key information of the chip to carry out data conversion, and carries out logical operation again after the encryption algorithm carries out encryption processing, thereby not only facilitating the verification of the correctness of the eFuse Key in the process of burning a plurality of keys in the eFuse, but also increasing the cracking difficulty.
Drawings
FIG. 1 is a schematic flowchart of a method for generating an eFuse Key according to an embodiment of the present invention;
FIG. 2 is a schematic flowchart of a method for generating an eFuse Key according to an embodiment of the present invention;
FIG. 3 is another schematic flow chart illustrating a method for generating an eFuse Key according to an embodiment of the present invention;
FIG. 4 is another schematic flow diagram illustrating a method for generating an eFuse Key according to an embodiment of the present invention;
FIG. 5 is another schematic flow diagram illustrating a method for generating an eFuse Key according to an embodiment of the present invention;
FIG. 6 is another schematic flow chart diagram illustrating a method for generating an eFuse Key according to an embodiment of the present invention;
FIG. 7 is a flowchart illustrating a specific application of a method for generating an eFuse Key according to an embodiment of the present invention;
FIG. 8 is a schematic block diagram of an apparatus for generating an eFuse Key provided by an embodiment of the present invention;
fig. 9 is a schematic block diagram of an electronic device provided in an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be obtained by a person skilled in the art without making any creative effort based on the embodiments in the present invention, belong to the protection scope of the present invention.
It will be understood that the terms "comprises" and/or "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It is also to be understood that the terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting. As used in the specification of the present invention and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
It should be further understood that the term "and/or" as used in this specification and the appended claims refers to and includes any and all possible combinations of one or more of the associated listed items.
The method for generating the eFuse Key is applied to the electronic equipment, and the method is executed by application software installed in the electronic equipment to generate the eFuse Key. The electronic device may be a desktop computer, a notebook computer, a tablet computer, or a mobile phone.
It should be noted that the application scenario of the foregoing embodiment is only an example, and the service and scenario described in the embodiment of the present invention are for more clearly illustrating the technical solution of the embodiment of the present application, and do not constitute a limitation to the technical solution provided in the embodiment of the present application, and it is known by a person of ordinary skill in the art that the technical solution provided in the embodiment of the present application is also applicable to similar technical problems with the evolution of a system and the occurrence of a new service scenario. The following are detailed below.
It should be noted that the following description of the embodiments is not intended to limit the preferred order of the embodiments. The method of generating eFuse Key will be described in detail below.
Referring to fig. 1, fig. 1 is a schematic flowchart of a method for generating an eFuse Key according to an embodiment of the present invention.
As shown in FIG. 1, the method includes the following steps S110 to S130.
S110, performing logic operation on the product identification code, the chip identification number of the product and the key information to obtain a first encryption character string.
Specifically, the Product identification code (Product ID) is a number capable of identifying a Product, the chip identification number is a number capable of identifying a chip in the Product, the key information is parameter information for encrypting hardware and codes of the Product, the key information may include parameter information such as a key type and a key index, the logic operation is a logic deduction method of digital symbolization, and the first encryption string is a binary string generated after a string of the Product identification code, the chip identification number and the key information is logically processed. The logic operation comprises an exclusive-or operation, a connection operation and cyclic shift, and the cyclic shift comprises cyclic right shift and cyclic left shift.
It can be understood that, in the process of performing the logic operation on the product identification code, the chip identification number and the key information, the product identification code, the chip identification number and the key information may be subjected to the connection operation and the circular shift together, or part of or all of the character strings of the product identification code may be subjected to the exclusive or operation connection operation and the circular shift with the chip identification number and the key information, and a specific manner of performing the logic operation on the product identification code, the chip identification number and the key information may be selected according to an actual situation, which is not specifically limited in this embodiment.
In another embodiment, as shown in fig. 2, step S110 includes steps S111, S112, and S113.
S111, carrying out XOR operation on the chip identification number and the key information to obtain a third encryption character string;
s112, carrying out XOR operation on the chip identification number and the product identification code to obtain a fourth encryption character string;
s113, performing connection operation on the third encryption character string and the fourth encryption character string to obtain the first encryption character string.
In this embodiment, the first encrypted character string is obtained by performing connection operation between a third encrypted character string and a fourth encrypted character string, the third encrypted character string is a binary character string obtained by performing exclusive or operation between a chip identification number and key information, the fourth encrypted character string is a binary character string obtained by performing exclusive or operation between a chip identification number and a product identification code, and in the exclusive or operation between the chip identification number and the key information and between the chip identification number and the product identification code, the number of bits of the character strings between the chip identification number and the key information is the same and the number of bits of the character strings between the chip identification number and the product identification code is the same.
It can be understood that, when performing the xor operation between the chip identification number and the key information, the xor operation may be performed between a partial character string of the chip identification number and a partial character string of the key information, or the xor operation may be performed between the entire character string of the chip identification number and the entire character string of the key information. Similarly, when the chip identification number and the product identification code are subjected to exclusive-or operation, the partial character string of the chip identification number and the partial character string of the product identification code may be subjected to exclusive-or operation, or the entire character string of the chip identification number and the entire character string of the product identification code may be subjected to exclusive-or operation. The specific way of performing the xor operation between the chip identification number and the key information and between the chip identification number and the product identification code may be selected according to practical applications, and this embodiment is not particularly limited.
In another embodiment, as shown in FIG. 3, step S111 includes steps S1111, S1112, and S1113.
S1111, acquiring a first character string of the chip identification number;
s1112, processing the key information to obtain a second character string; the byte number of the first character string is the same as the byte number of the second character string;
s1113, carrying out XOR operation on the first character string and the second character string to obtain the third encrypted character string.
In this embodiment, the first character string may be a character string of a chip identification number, and may also be a partial character string of the chip identification number; the second character string may be a character string of the key information, or may be a partial character string of the key information, and the number of bytes of the first character string is the same as the number of bytes of the second character string. In order to facilitate subsequent verification of the correctness of the eFuse Key, the first character string of the chip identification number and the second character string of the Key information are subjected to exclusive or operation to generate a third encrypted character string, for example, the first 64 bytes of the chip identification number can be used as the first character string, and the 64 bytes of the Key information can be used as the second character string, so that the third encrypted character string can be obtained.
It can be understood that when the byte number of the first character string is greater than the byte number of the character string of the chip identification number, the zero padding operation needs to be performed on the character string of the chip identification number. Similarly, when the number of bytes of the second string is greater than the number of bytes of the string of the key information, zero padding operation needs to be performed on the string of the key information.
In another embodiment, the key information includes a key type and a key index, as shown in fig. 4, step S1112 includes steps S11121 and S11122.
S11121, performing connection operation on the key type and the key index to obtain a third character string;
and S11122, carrying out byte zero padding or byte segmentation processing on the third character string to obtain the second character string.
In this embodiment, since the key information may include parameter information such as a key type and a key index, when the second character string is selected, it is necessary to identify whether the key type and the key index exist in the key information at the same time, and if the key type and the key index exist at the same time, the key type and the key index need to be subjected to join operation to generate a new character string, and then the second character string is segmented from the new character string; if only the key type or only the key index exists in the key information, the second character string can be directly segmented from the corresponding character string without performing connection operation.
In another embodiment, as shown in fig. 5, step S112 includes S1121, S1122, and S1123.
S1121, acquiring a fourth character string of the chip identification number;
s1122, processing the product identification code to obtain a fifth character string; the byte number of the fourth character string is the same as the byte number of the fifth character string;
s1123, carrying out XOR operation on the fourth character string and the fifth character string to obtain the fourth encrypted character string.
Specifically, the fourth character string may also be a character string of a chip identification number, and may also be a partial character string of the chip identification number; the fifth character string may be a character string of the product identification code, or may be a partial character string of the product identification code, and the number of bytes of the fourth character string is the same as the number of bytes of the fifth character string. In order to further facilitate the subsequent verification of the correctness of the eFuse Key and reduce the subsequent step of verifying the correctness of the eFuse Key, in this embodiment, the fourth character string is preferably a partial character string of the chip identification number, and meanwhile, the fourth character string does not overlap with the first character string, and the fourth encrypted character string is generated by performing an exclusive or operation on the fourth character string and the fifth character string. For example, the last 64 bytes of the chip identification number may be used as a fourth character string, and the 64 bytes of the product identification code may be used as a fifth character string, so as to obtain a fourth encrypted character string.
It can be understood that, when the byte number of the fourth character string is greater than the byte number of the character string of the chip identification number, the zero padding operation needs to be performed on the character string of the chip identification number. Similarly, when the number of bytes of the fifth string is greater than the number of bytes of the string of the key information, zero padding operation needs to be performed on the string of the key information.
And S120, encrypting the first encryption character string according to a preset encryption algorithm to obtain a second encryption character string.
Specifically, the encryption algorithm is mainly used for processing a file or data which is originally a plaintext according to a certain algorithm so as to make the file or data become an unreadable segment of code, and the encryption algorithm generally includes a symmetric encryption algorithm, an asymmetric encryption algorithm, a one-way encryption algorithm, and the like, wherein the symmetric encryption algorithm includes a DES symmetric encryption algorithm, a 3DES symmetric encryption algorithm, an AES symmetric encryption algorithm, and the like, and in this embodiment, an SM3 cryptographic hash algorithm in the asymmetric encryption algorithm and an SHA256 algorithm in the symmetric key algorithm are preferred. And encrypting the first encryption character string again by adopting a preset encryption algorithm to obtain a second encryption character string so as to increase the cracking difficulty of the eFuse Key.
In another embodiment, as shown in fig. 6, step S120 includes S121 and S122.
S121, circularly shifting the first encryption character string to obtain a fifth encryption character string;
s122, encrypting the fifth encryption character string according to the encryption algorithm to obtain the second encryption character string.
In this embodiment, in order to further increase the difficulty of cracking the eFuse Key, before the encryption algorithm is used to encrypt the first encryption string, the first encryption string needs to be circularly shifted, and then the encryption algorithm is used to encrypt the fifth encryption string generated after the circular shift, so as to generate the second encryption string. The first encryption string may be circularly shifted left or circularly shifted right, and the number of bytes of the circularly shifted first encryption string may be 4 bytes or 8 bytes. It can be understood that the number of bytes of the cyclic shift performed on the first encrypted character and the shifting manner may be selected according to practical applications, and this embodiment is not limited in particular.
S130, performing logical operation on the second encryption character string to obtain the eFuse Key.
In this embodiment, the eFuse Key is generated by circularly shifting the second encrypted string, where the second encrypted string may be circularly shifted left or circularly shifted right, and the number of bytes of the circularly shifted second encrypted string may be 4 bytes or 8 bytes. It can be understood that the number of bytes for performing the cyclic shift on the second encrypted character and the shift mode may be selected according to the practical application, and the embodiment is not particularly limited.
Referring to fig. 7, fig. 7 is a schematic flowchart of a specific application of the method for generating an eFuse Key according to an embodiment of the present invention.
As shown in fig. 7, the specific steps of generating the eFuse Key may be:
1. performing exclusive or operation on the first 64-Bit DATA of CHIP _ ID (CHIP identification number) and 64-Bit of KEY _ INFO (KEY information) to obtain INPUT _ DATA1 (third encryption string);
2. performing exclusive or operation on the last 64-Bit DATA of the CHIP _ ID (CHIP identification number) and the 64-Bit of the PRODUCT _ ID (PRODUCT identification number) to obtain INPUT _ DATA2 (fourth encrypted character string);
3. performing a connection operation on INPUT _ DATA1 (third encrypted string) and INPUT _ DATA2 (fourth encrypted string) to form 128Bit DATA INPUT _ DATA3 (first encrypted string);
4. circularly left-shifting INPUT _ DATA3 (first encryption string) by 8 bits to obtain INPUT _ DATA4 (fifth encryption string);
5. calculating INPUT _ DATA4 (the fifth encrypted string) by using an encryption algorithm SM3 or SHA256 to obtain 256-Bit OUTPUT _ DATA1 (the second encrypted string);
6. OUTPUT _ DATA1 is shifted to the right by 4 bits using a loop, resulting in OUTPUT _ DATA2 (eFuse Key).
In the method for generating an eFuse Key provided in the embodiment of the present invention, a first encrypted string is obtained by performing logical operation on a product identification code, a chip identification number of the product, and Key information; encrypting the first encryption character string according to a preset encryption algorithm to obtain a second encryption character string; and performing logical operation on the second encryption character string to obtain the eFuse Key. The invention carries out logical operation on the product identification code, the chip identification number and the Key information of the chip to carry out data conversion, and carries out logical operation again after the encryption algorithm carries out encryption processing, thereby not only facilitating the verification of the correctness of the eFuse Key in the process of burning a plurality of keys in the eFuse, but also increasing the cracking difficulty.
The embodiment of the invention also provides a device 100 for generating an eFuse Key, which is used for executing any embodiment of the method for generating the eFuse Key.
In particular, referring to FIG. 8, FIG. 8 is a schematic block diagram of an apparatus 100 for generating an eFuse Key provided by an embodiment of the present invention.
As shown in fig. 8, the apparatus 100 for generating an eFuse Key includes: a first arithmetic unit 110, a first encryption unit 120, and a second arithmetic unit 130.
The first operation unit 110 is configured to perform a logic operation on the product identification code, the chip identification number of the product, and the key information to obtain a first encrypted character string.
In another embodiment of the present invention, the first operation unit 110 includes: the device comprises a first exclusive OR operation unit, a second exclusive OR operation unit and a first connection operation unit.
The first XOR operation unit is used for carrying out XOR operation on the chip identification number and the key information to obtain a third encryption character string; the second XOR operation unit is used for carrying out XOR operation on the chip identification number and the product identification code to obtain a fourth encryption character string; and the first connection operation unit is used for performing connection operation on the third encryption character string and the fourth encryption character string to obtain the first encryption character string.
In another embodiment of the present invention, the first exclusive or operation unit includes: the device comprises a first acquisition unit, a first processing unit and a third difference or operation unit.
A first acquiring unit, configured to acquire a first character string of the chip identification number; the first processing unit is used for processing the key information to obtain a second character string; the byte number of the first character string is the same as the byte number of the second character string; and the third differential or operation unit is used for carrying out exclusive or operation on the first character string and the second character string to obtain the third encrypted character string.
In other inventive embodiments, the first processing unit includes: the second connection arithmetic unit and the second processing unit.
The second connection operation unit is used for performing connection operation on the key type and the key index to obtain a third character string; and the second processing unit is used for carrying out byte zero padding or byte segmentation processing on the third character string to obtain the second character string.
In another embodiment of the present invention, the second exclusive or operation unit includes: the device comprises a second acquisition unit, a third processing unit and a fourth exclusive OR operation unit.
The second acquisition unit is used for acquiring a fourth character string of the chip identification number; the third processing unit is used for processing the product identification code to obtain a fifth character string; the byte number of the fourth character string is the same as the byte number of the fifth character string; and the fourth exclusive-or operation unit is used for performing exclusive-or operation on the fourth character string and the fifth character string to obtain the fourth encrypted character string.
The first encryption unit 120 is configured to encrypt the first encryption string according to a preset encryption algorithm to obtain a second encryption string.
In other inventive embodiments, the first encryption unit 120 includes: a cyclic shift unit and a second encryption unit.
The cyclic shift unit is used for carrying out cyclic shift on the first encryption character string to obtain a fifth encryption character string; and the second encryption unit is used for encrypting the fifth encrypted character string according to the encryption algorithm to obtain the second encrypted character string.
A second operation unit 130, configured to perform logical operation on the second encrypted string to obtain the eFuse Key.
The generation apparatus 100 of eFuse Key provided in the embodiment of the present invention is configured to perform the above-mentioned logical operation on the product identification code, the chip identification number of the product, and the Key information, to obtain a first encrypted character string; encrypting the first encryption character string according to a preset encryption algorithm to obtain a second encryption character string; and performing logical operation on the second encryption character string to obtain the eFuse Key.
It should be noted that, as can be clearly understood by those skilled in the art, the specific implementation processes of the eFuse Key generation apparatus 100 and each unit may refer to the corresponding descriptions in the foregoing method embodiments, and for convenience and brevity of description, no further description is provided herein.
The above-described means for generating an eFuse Key may be implemented in the form of a computer program that is executable on an electronic device as shown in fig. 9.
Referring to fig. 9, fig. 9 is a schematic block diagram of an electronic device according to an embodiment of the invention.
Referring to fig. 9, the device 500 includes a processor 502, memory, and a network interface 505 connected by a system bus 501, where the memory may include a storage medium 503 and an internal memory 504.
The storage medium 503 may store an operating system 5031 and a computer program 5032. The computer program 5032, when executed, may cause the processor 502 to execute the method for generating the eFuse Key.
The processor 502 is used to provide computing and control capabilities that support the operation of the overall device 500.
The memory 504 provides an environment for the execution of the computer program 5032 in the non-volatile storage medium 503, and when the computer program 5032 is executed by the processor 502, the processor 502 may be caused to execute the eFuse Key generation method.
The network interface 505 is used for network communication, such as providing transmission of data information. It will be appreciated by those skilled in the art that the configuration shown in fig. 9 is a block diagram of only a portion of the configuration associated with aspects of the present invention and is not intended to limit the apparatus 500 to which aspects of the present invention may be applied, and that a particular apparatus 500 may include more or fewer components than shown, or may combine certain components, or have a different arrangement of components.
Wherein the processor 502 is configured to execute the computer program 5032 stored in the memory to perform the following functions: performing logic operation on a product identification code, a chip identification number of the product and key information to obtain a first encryption character string; encrypting the first encryption character string according to a preset encryption algorithm to obtain a second encryption character string; and performing logical operation on the second encryption character string to obtain the eFuse Key.
In an embodiment, the processor 502 performs the logic operation on the product identification code, the chip identification number of the product, and the key information to obtain the first encrypted character string, and specifically implements the following steps: performing XOR operation on the chip identification number and the key information to obtain a third encrypted character string; performing XOR operation on the chip identification number and the product identification code to obtain a fourth encrypted character string; and performing connection operation on the third encryption character string and the fourth encryption character string to obtain the first encryption character string.
In an embodiment, the processor 502 performs an xor operation on the chip identification number and the key information to obtain a third encrypted character string, specifically implementing the following steps: acquiring a first character string of the chip identification number; processing the key information to obtain a second character string; the byte number of the first character string is the same as the byte number of the second character string; and carrying out XOR operation on the first character string and the second character string to obtain the third encrypted character string.
In one embodiment, the key information includes a key type and a key index; the processor 502 implements the processing of the key information to obtain the second character string, and specifically implements the following steps: performing connection operation on the key type and the key index to obtain a third character string; and carrying out byte zero padding or byte segmentation processing on the third character string to obtain the second character string.
In an embodiment, the processor 502 performs an xor operation on the chip identification number and the product identification code to obtain a fourth encrypted character string, and specifically implements the following steps: acquiring a fourth character string of the chip identification number; processing the product identification code to obtain a fifth character string; the byte number of the fourth character string is the same as that of the fifth character string; and carrying out XOR operation on the fourth character string and the fifth character string to obtain the fourth encryption character string.
In an embodiment, the processor 502 performs the encryption processing on the first encryption character string according to a preset encryption algorithm to obtain a second encryption character string, and specifically implements the following steps: circularly shifting the first encryption character string to obtain a fifth encryption character string; and encrypting the fifth encrypted character string according to the encryption algorithm to obtain the second encrypted character string.
In an embodiment, the processor 502 implements the logic operation on the second encrypted string to obtain the eFuse Key, and specifically implements the following steps: and circularly shifting the second encryption character string to obtain the eFuse Key.
Those skilled in the art will appreciate that the embodiment of the apparatus 500 shown in fig. 9 does not constitute a limitation on the specific construction of the apparatus 500, and in other embodiments, the apparatus 500 may include more or fewer components than shown, or some components may be combined, or a different arrangement of components. For example, in some embodiments, the apparatus 500 may only include the memory and the processor 502, and in such embodiments, the structure and the function of the memory and the processor 502 are the same as those of the embodiment shown in fig. 9, and are not repeated herein.
It should be understood that in the present embodiment, the Processor 502 may be a Central Processing Unit (CPU), and the Processor 502 may also be other general-purpose processors 502, a Digital Signal Processor 502 (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic device, discrete hardware component, etc. The general-purpose processor 502 may be a microprocessor 502 or the processor 502 may be any conventional processor 502 or the like.
In another embodiment of the present invention, a computer storage medium is provided. The storage medium may be a nonvolatile computer-readable storage medium or a volatile storage medium. The storage medium stores a computer program 5032, wherein the computer program 5032 when executed by the processor 502 performs the steps of: performing logic operation on a product identification code, a chip identification number of the product and key information to obtain a first encryption character string; encrypting the first encryption character string according to a preset encryption algorithm to obtain a second encryption character string; and performing logical operation on the second encryption character string to obtain the eFuse Key.
In an embodiment, the processor performs the logic operation on the product identification code, the chip identification number of the product, and the key information to obtain the first encrypted character string by executing the program instruction, and specifically includes the following steps: performing XOR operation on the chip identification number and the key information to obtain a third encrypted character string; performing XOR operation on the chip identification number and the product identification code to obtain a fourth encrypted character string; and performing connection operation on the third encryption character string and the fourth encryption character string to obtain the first encryption character string.
In an embodiment, the processor performs the xor operation on the chip identification number and the key information to obtain a third encrypted character string when executing the program instruction, and specifically implements the following steps: acquiring a first character string of the chip identification number; processing the key information to obtain a second character string; the byte number of the first character string is the same as the byte number of the second character string; and carrying out XOR operation on the first character string and the second character string to obtain the third encrypted character string.
In one embodiment, the key information includes a key type and a key index; the processor executes the program instruction to process the key information to obtain a second character string, and the specific implementation steps are as follows: performing connection operation on the key type and the key index to obtain a third character string; and carrying out byte zero padding or byte segmentation processing on the third character string to obtain the second character string.
In an embodiment, the processor performs the xor operation on the chip identification number and the product identification code to obtain a fourth encrypted character string when executing the program instruction, and specifically implements the following steps: acquiring a fourth character string of the chip identification number; processing the product identification code to obtain a fifth character string; the byte number of the fourth character string is the same as that of the fifth character string; and carrying out XOR operation on the fourth character string and the fifth character string to obtain the fourth encryption character string.
In an embodiment, the processor executes the program instruction to implement the encryption processing on the first encryption character string according to a preset encryption algorithm to obtain a second encryption character string, and specifically implements the following steps: circularly shifting the first encryption character string to obtain a fifth encryption character string; and encrypting the fifth encryption character string according to the encryption algorithm to obtain the second encryption character string.
In an embodiment, the processor implements the logical operation on the second encrypted string to obtain the eFuse Key by executing the program instruction, and specifically implements the following steps: and circularly shifting the second encryption character string to obtain the eFuse Key.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described apparatuses, devices and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again. Those of ordinary skill in the art will appreciate that the elements and algorithm steps of the examples described in connection with the embodiments disclosed herein may be embodied in electronic hardware, computer software, or combinations of both, and that the components and steps of the examples have been described in a functional general in the foregoing description for the purpose of illustrating clearly the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the technical solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
In the embodiments provided by the present invention, it should be understood that the disclosed apparatus, device and method can be implemented in other ways. For example, the above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only a logical division, and there may be other divisions when the actual implementation is performed, or units having the same function may be grouped into one unit, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may also be an electric, mechanical or other form of connection.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one position, or may be distributed on multiple network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiments of the present invention.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a storage medium. Based on such understanding, the technical solution of the present invention essentially contributes to the prior art, or all or part of the technical solution can be embodied in the form of a software product stored in a storage medium and including instructions for causing a device 500 (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a magnetic disk, or an optical disk.
While the invention has been described with reference to specific embodiments, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (10)
1. A method for generating an eFuse Key comprises the following steps:
performing logic operation on the product identification code, the chip identification number of the product and the key information to obtain a first encryption character string;
encrypting the first encryption character string according to a preset encryption algorithm to obtain a second encryption character string;
and performing logical operation on the second encrypted character string to obtain the eFuse Key.
2. The method for generating an eFuse Key of claim 1 wherein the performing a logical operation on a product identification code, a chip identification number of the product, and Key information to obtain a first encrypted string comprises:
performing XOR operation on the chip identification number and the key information to obtain a third encrypted character string;
performing XOR operation on the chip identification number and the product identification code to obtain a fourth encrypted character string;
and performing connection operation on the third encryption character string and the fourth encryption character string to obtain the first encryption character string.
3. The method for generating an eFuse Key according to claim 2, wherein the XOR operation of the chip identification number and the Key information to obtain a third encrypted string comprises:
acquiring a first character string of the chip identification number;
processing the key information to obtain a second character string; the byte number of the first character string is the same as the byte number of the second character string;
and carrying out XOR operation on the first character string and the second character string to obtain the third encrypted character string.
4. The method for generating an eFuse Key of claim 3, wherein the Key information comprises a Key type and a Key index;
the processing the key information to obtain a second character string includes:
performing connection operation on the key type and the key index to obtain a third character string;
and carrying out byte zero padding or byte segmentation processing on the third character string to obtain the second character string.
5. The method for generating an eFuse Key according to claim 2, wherein the XOR operation of the chip identification number and the product identification code to obtain a fourth encrypted string comprises:
acquiring a fourth character string of the chip identification number;
processing the product identification code to obtain a fifth character string; the byte number of the fourth character string is the same as that of the fifth character string;
and carrying out XOR operation on the fourth character string and the fifth character string to obtain the fourth encryption character string.
6. The method for generating an eFuse Key according to claim 1, wherein the encrypting the first encrypted string according to a preset encryption algorithm to obtain a second encrypted string comprises:
circularly shifting the first encryption character string to obtain a fifth encryption character string;
and encrypting the fifth encrypted character string according to the encryption algorithm to obtain the second encrypted character string.
7. The method for generating an eFuse Key according to claim 1, wherein the performing a logical operation on the second encrypted string to obtain the eFuse Key comprises:
and circularly shifting the second encryption character string to obtain the eFuse Key.
8. An apparatus for generating an eFuse Key, comprising:
the first operation unit is used for carrying out logic operation on the product identification code, the chip identification number of the product and the key information to obtain a first encryption character string;
the first encryption unit is used for encrypting the first encryption character string according to a preset encryption algorithm to obtain a second encryption character string;
and the second arithmetic unit is used for carrying out logical operation on the second encryption character string to obtain the eFuse Key.
9. An electronic device comprising a memory and a processor; the memory stores an application program, and the processor is configured to execute the application program in the memory to perform an operation of the method for generating an eFuse Key of any of claims 1 to 7.
10. A computer-readable storage medium, characterized in that the computer-readable storage medium has stored thereon a computer program, which is executed by a processor to implement the method for generating an eFuse Key of any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211353081.4A CN115408675B (en) | 2022-11-01 | 2022-11-01 | Method, device, equipment and storage medium for generating eFuse Key |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211353081.4A CN115408675B (en) | 2022-11-01 | 2022-11-01 | Method, device, equipment and storage medium for generating eFuse Key |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115408675A true CN115408675A (en) | 2022-11-29 |
| CN115408675B CN115408675B (en) | 2023-02-07 |
Family
ID=84167435
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211353081.4A Active CN115408675B (en) | 2022-11-01 | 2022-11-01 | Method, device, equipment and storage medium for generating eFuse Key |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115408675B (en) |
Citations (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JPH06268640A (en) * | 1993-03-16 | 1994-09-22 | Mitsubishi Electric Corp | Ciphering key generator |
| CN1936870A (en) * | 2005-09-23 | 2007-03-28 | 中国科学院计算技术研究所 | Hard-disc fan-area data enciphering and deciphering method and system |
| US20090238367A1 (en) * | 2008-03-18 | 2009-09-24 | Howard Pinder | Direct delivery of content descrambling keys using chip-unique code |
| CN105205674A (en) * | 2015-09-08 | 2015-12-30 | 云南省通海正华印刷有限公司 | Product anti-counterfeiting method based on two-dimensional code |
| WO2018076289A1 (en) * | 2016-10-28 | 2018-05-03 | 美的智慧家居科技有限公司 | Key negotiation method and device |
| CN108959978A (en) * | 2018-06-28 | 2018-12-07 | 北京海泰方圆科技股份有限公司 | The generation of key and acquisition methods and device in equipment |
| CN109446831A (en) * | 2018-12-26 | 2019-03-08 | 贵州华芯通半导体技术有限公司 | Key generation and verification method and system based on hardware device |
| CN109951275A (en) * | 2019-02-22 | 2019-06-28 | 记忆科技(深圳)有限公司 | Key generation method, device, computer equipment and storage medium |
| CN110784313A (en) * | 2019-09-25 | 2020-02-11 | 苏州浪潮智能科技有限公司 | Key protection method, device and storage medium |
| CN111222148A (en) * | 2019-12-26 | 2020-06-02 | 河南芯盾网安科技发展有限公司 | Key generation method, encryption method, decryption method and device |
| WO2020151194A1 (en) * | 2019-01-24 | 2020-07-30 | 山东华芯半导体有限公司 | Secure storage method based on domestic cryptography chip |
| CN111835505A (en) * | 2019-04-16 | 2020-10-27 | 上海擎感智能科技有限公司 | Activation code generation method and device and computer storage medium |
| WO2021017128A1 (en) * | 2019-07-29 | 2021-02-04 | 深圳壹账通智能科技有限公司 | Login token generation method and apparatus, login token verification method and apparatus, and server |
| CN112769543A (en) * | 2019-10-21 | 2021-05-07 | 千寻位置网络有限公司 | Method and system for protecting dynamic secret key |
| CN113079002A (en) * | 2021-03-26 | 2021-07-06 | 北京深思数盾科技股份有限公司 | Data encryption method, data decryption method, key management method, medium, and device |
| JP2022064688A (en) * | 2020-10-14 | 2022-04-26 | 凸版印刷株式会社 | IoT DEVICE AUTHENTICATION SYSTEM, IoT DEVICE AUTHENTICATION METHOD, KEY DISTRIBUTION SERVER, AND IC CHIP |
-
2022
- 2022-11-01 CN CN202211353081.4A patent/CN115408675B/en active Active
Patent Citations (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JPH06268640A (en) * | 1993-03-16 | 1994-09-22 | Mitsubishi Electric Corp | Ciphering key generator |
| CN1936870A (en) * | 2005-09-23 | 2007-03-28 | 中国科学院计算技术研究所 | Hard-disc fan-area data enciphering and deciphering method and system |
| US20090238367A1 (en) * | 2008-03-18 | 2009-09-24 | Howard Pinder | Direct delivery of content descrambling keys using chip-unique code |
| CN105205674A (en) * | 2015-09-08 | 2015-12-30 | 云南省通海正华印刷有限公司 | Product anti-counterfeiting method based on two-dimensional code |
| WO2018076289A1 (en) * | 2016-10-28 | 2018-05-03 | 美的智慧家居科技有限公司 | Key negotiation method and device |
| CN108959978A (en) * | 2018-06-28 | 2018-12-07 | 北京海泰方圆科技股份有限公司 | The generation of key and acquisition methods and device in equipment |
| CN109446831A (en) * | 2018-12-26 | 2019-03-08 | 贵州华芯通半导体技术有限公司 | Key generation and verification method and system based on hardware device |
| WO2020151194A1 (en) * | 2019-01-24 | 2020-07-30 | 山东华芯半导体有限公司 | Secure storage method based on domestic cryptography chip |
| CN109951275A (en) * | 2019-02-22 | 2019-06-28 | 记忆科技(深圳)有限公司 | Key generation method, device, computer equipment and storage medium |
| CN111835505A (en) * | 2019-04-16 | 2020-10-27 | 上海擎感智能科技有限公司 | Activation code generation method and device and computer storage medium |
| WO2021017128A1 (en) * | 2019-07-29 | 2021-02-04 | 深圳壹账通智能科技有限公司 | Login token generation method and apparatus, login token verification method and apparatus, and server |
| CN110784313A (en) * | 2019-09-25 | 2020-02-11 | 苏州浪潮智能科技有限公司 | Key protection method, device and storage medium |
| CN112769543A (en) * | 2019-10-21 | 2021-05-07 | 千寻位置网络有限公司 | Method and system for protecting dynamic secret key |
| CN111222148A (en) * | 2019-12-26 | 2020-06-02 | 河南芯盾网安科技发展有限公司 | Key generation method, encryption method, decryption method and device |
| JP2022064688A (en) * | 2020-10-14 | 2022-04-26 | 凸版印刷株式会社 | IoT DEVICE AUTHENTICATION SYSTEM, IoT DEVICE AUTHENTICATION METHOD, KEY DISTRIBUTION SERVER, AND IC CHIP |
| CN113079002A (en) * | 2021-03-26 | 2021-07-06 | 北京深思数盾科技股份有限公司 | Data encryption method, data decryption method, key management method, medium, and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115408675B (en) | 2023-02-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10650151B2 (en) | Method of execution of a binary code of a secure function by a microprocessor | |
| US20170288869A1 (en) | Secure key storage using physically unclonable functions | |
| EP3044901B1 (en) | Keying infrastructure | |
| US11829479B2 (en) | Firmware security verification method and device | |
| TW202009778A (en) | Firmware upgrade method and device | |
| CN102163268B (en) | The term of execution verifying software code the method and apparatus of integrality | |
| US9501646B2 (en) | Program verification apparatus, program verification method, and computer readable medium | |
| US9397830B2 (en) | Method and apparatus for encrypting and decrypting data | |
| US10003612B1 (en) | Protection for computing systems from revoked system updates | |
| US10572635B2 (en) | Automatic correction of cryptographic application program interfaces | |
| US20140173294A1 (en) | Techniques for emulating an eeprom device | |
| US10942868B2 (en) | Execution process of binary code of function secured by microprocessor | |
| US10223249B2 (en) | Test methodology for detection of unwanted cryptographic key destruction | |
| US11042610B1 (en) | Enabling integrity and authenticity of design data | |
| CN115408675B (en) | Method, device, equipment and storage medium for generating eFuse Key | |
| CN111143904B (en) | Data decryption method, device and computer readable storage medium | |
| US11829231B2 (en) | Methods and systems for generating core dump in a user equipment | |
| JP2009169489A (en) | Encryption method, decryption method, encryption device, and decryption device | |
| CN107391970B (en) | Function access control method and device in Flash application program | |
| JP2011123229A (en) | Program code encryption device and program | |
| CN112182509A (en) | Method, device and equipment for detecting abnormity of compliance data | |
| CN110995447A (en) | Data storage method, device, equipment and medium | |
| US20170244554A1 (en) | Method and apparatus for encrypting and decrypting data | |
| CN114095175B (en) | Gray-check-capable data confidentiality method, device and storage medium | |
| CN113032265B (en) | Asymmetric encryption algorithm testing method and device, computer equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |