CN115438332A - Chip identification method, computer device and readable storage medium - Google Patents

Chip identification method, computer device and readable storage medium Download PDF

Info

Publication number
CN115438332A
CN115438332A CN202211085789.6A CN202211085789A CN115438332A CN 115438332 A CN115438332 A CN 115438332A CN 202211085789 A CN202211085789 A CN 202211085789A CN 115438332 A CN115438332 A CN 115438332A
Authority
CN
China
Prior art keywords
chip
firmware
signature
public key
plaintext
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211085789.6A
Other languages
Chinese (zh)
Inventor
丁镜然
刘海亮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiangsu Xinsheng Intelligent Technology Co ltd
Original Assignee
Jiangsu Xinsheng Intelligent Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiangsu Xinsheng Intelligent Technology Co ltd filed Critical Jiangsu Xinsheng Intelligent Technology Co ltd
Priority to CN202211085789.6A priority Critical patent/CN115438332A/en
Publication of CN115438332A publication Critical patent/CN115438332A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • G06F21/445Program or device authentication by mutual authentication, e.g. between devices or programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the invention discloses a chip identification method, computer equipment and a readable storage medium. The method comprises the following steps: importing firmware into a chip, wherein the firmware checks a label of the chip; and if the signature verification is unsuccessful, terminating the firmware import. According to the chip identification method, the signature and signature verification functions based on the preset algorithm are realized at the chip end and the firmware end, so that the mutual safety between the chip and the firmware can be better guaranteed, and the protection of the internal data of the chip is further improved.

Description

Chip identification method, computer device and readable storage medium
Technical Field
The present invention relates to the field of chip technologies, and in particular, to a chip identification method, a computer device, and a readable storage medium.
Background
With the development of the internet and hardware technology, the role of data security in human life is more and more important. The chip is a trusted platform module, and has an independent processor and a storage unit inside, and can store keys and characteristic data, so that encryption and security authentication services are provided for a computer, and functions of data encryption and decryption, key generation and the like can be realized through the chip, thereby protecting business privacy and data security.
The mainstream security scheme in the market at present is that a chip uses a public key to check and sign firmware signed by a private key, and when the check and sign are not passed, the chip does not open access authority, so that the data protection function is realized.
However, the prior art mainly has the following defects: when the chip checks and signs the firmware, the adopted identity authentication means is one-way, only the function of verifying the legality of the firmware by the chip can be realized, and whether the chip is legal or not cannot be determined, so that risks are brought to the safety of the chip and the data in the firmware.
Disclosure of Invention
In view of the above, an object of the present invention is to provide a chip authentication method, a computer device and a readable storage medium, which are used to overcome the shortcomings in the prior art, and are intended to solve the problem that the current one-way identity authentication method can only achieve the validity of a chip verification firmware, thereby bringing risks to the security of data.
The invention provides the following technical scheme:
in a first aspect, an embodiment of the present disclosure provides a chip identification method, where the method includes:
importing firmware into a chip, wherein the firmware checks a label of the chip;
and if the signature verification is unsuccessful, terminating the firmware import.
Further, the chip stores therein a signature of the chip and a corresponding public key.
Further, the chip identification method further includes:
processing the unique identifier of the chip to obtain a plaintext of the chip;
and encrypting the plaintext of the chip by a private key corresponding to the public key to obtain the signature of the chip.
Further, after encrypting the plaintext of the chip by using the private key corresponding to the public key to obtain the signature of the chip, the method further includes:
and programming the signature of the chip into a one-time programmable memory inside the chip.
Further, the importing the firmware into the chip, the firmware checking the chip, including:
importing the firmware into the chip;
and the firmware calls a preset algorithm and the public key to verify the signature of the chip.
Further, the chip identification method further includes:
importing the firmware into the chip, and verifying and signing the firmware by the chip;
and if the signature verification is unsuccessful, terminating the firmware import.
Further, the firmware stores therein a signature of the firmware and a corresponding public key.
Further, the chip identification method further includes:
processing the data in the firmware to obtain a plaintext of the firmware;
and encrypting the plaintext of the firmware through a private key corresponding to the public key to obtain the signature of the firmware.
In a second aspect, an embodiment of the present disclosure provides a computer device to solve a problem that a current one-way identity authentication means can only achieve validity of a chip verification firmware, thereby bringing a risk to data security, where the computer device includes a memory and a processor, the memory stores a computer program, and the processor implements the steps of the chip authentication method in the first aspect when executing the computer program.
In a third aspect, an embodiment of the present disclosure provides a computer-readable storage medium to solve a problem that a current one-way identity authentication means can only achieve the validity of a chip verification firmware, thereby bringing a risk to data security, where the computer-readable storage medium stores a computer program, and the computer program, when executed by a processor, implements the steps of the chip authentication method in the first aspect.
The embodiment of the application has the following advantages:
the chip identification method provided by the embodiment of the application comprises the following steps: importing firmware into a chip, wherein the firmware checks a label of the chip; and if the signature verification is unsuccessful, terminating the firmware import. According to the chip identification method, the signature and signature verification functions based on the preset algorithm are realized at the chip end and the firmware end, so that the defect that in the prior art, when the firmware is written into the chip, the chip only verifies the legality of the firmware, but the chip legality is not verified by the firmware is overcome. In the prior art, since the validity of the firmware is mainly guaranteed by the signature provided by the firmware vendor, there is a possibility that the incorrect firmware of the correct firmware vendor is imported into the chip, and after the incorrect firmware is imported into the chip, the incorrect firmware may conflict with other firmware in the chip, so that the robustness of the chip is reduced. The method and the device for verifying the chip validity verify the chip validity when the firmware is written into the chip, and guarantee that the firmware is issued to a correct chip. The safety between the chip and the firmware can be better guaranteed, and the protection of the data in the chip is further improved.
In order to make the aforementioned objects, features and advantages of the present invention more comprehensible and comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present invention and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained according to the drawings without inventive efforts. Like components are numbered similarly in the various figures.
Fig. 1 is a flowchart illustrating a chip identification method according to an embodiment of the present application;
fig. 2 shows a schematic structural diagram of a chip identification apparatus provided in an embodiment of the present application.
Detailed Description
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like reference numerals refer to the same or similar elements or elements having the same or similar functions throughout. The embodiments described below with reference to the accompanying drawings are illustrative only for the purpose of explaining the present invention, and are not to be construed as limiting the present invention.
It will be understood that when an element is referred to as being "secured to" another element, it can be directly on the other element or intervening elements may also be present. When an element is referred to as being "connected" to another element, it can be directly connected to the other element or intervening elements may also be present. In contrast, when an element is referred to as being "directly on" another element, there are no intervening elements present. The terms "vertical," "horizontal," "left," "right," and the like as used herein are for illustrative purposes only.
In the present invention, unless otherwise expressly stated or limited, the terms "mounted," "connected," "secured," and the like are to be construed broadly and can, for example, be fixedly connected, detachably connected, or integrally formed; can be mechanically or electrically connected; either directly or indirectly through intervening media, either internally or in any other relationship. The specific meanings of the above terms in the present invention can be understood by those skilled in the art according to specific situations.
Furthermore, the terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include one or more of that feature. In the description of the present invention, "a plurality" means two or more unless specifically defined otherwise.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. The terminology used in the description of the templates herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used herein, the term "and/or" includes any and all combinations of one or more of the associated listed items.
Example 1
As shown in fig. 1, which is a flowchart of a chip identification method in an embodiment of the present application, the chip identification method provided in the embodiment of the present application includes the following steps:
step 110, a firmware is imported into a chip, and the firmware checks the chip.
Specifically, the chip identification method provided by the present application is to implement bidirectional identification of a chip and a firmware, so that the firmware needs to be first introduced into the chip, and the firmware is downloaded into a front-end memory inside the chip through an interface corresponding to the front end.
It can be understood that, in the present embodiment, the signature of the chip and the corresponding public key are stored in the chip. Specifically, each chip has a unique identifier, different chips have corresponding fixed constants, the unique identifier of each chip is processed, that is, the unique identifier of each chip is spliced with the corresponding fixed constant, the spliced data is hashed by using a preset algorithm, and the result obtained after hashing is used as the plaintext of the chip. And then encrypting the plaintext of the chip by a private key corresponding to the public key to obtain the signature of the chip. And after the signature of the chip is obtained, programming the signature of the chip into a one-time programmable memory inside the chip. It will be appreciated that the signature and the plaintext are identical for the same chip.
Furthermore, after the firmware is introduced into the chip, the firmware firstly verifies the validity of the chip. And the firmware calls a preset algorithm and a public key to check the signature of the chip, the result obtained by checking the signature is compared with the plaintext of the chip, and the check is passed if the compared result is consistent. If the verification passes, the chip is legal, and the firmware is issued to the correct chip. Therefore, the safety between the chip and the firmware can be better guaranteed, and the protection of the data in the chip is further improved.
And step 120, if the signature verification is unsuccessful, terminating the firmware import.
After the firmware is imported into the chip, the firmware verifies the validity of the chip. And the firmware calls a preset algorithm and a public key to check the signature of the chip, the result obtained by checking the signature is compared with the plaintext of the chip, if the compared result is inconsistent, the signature is not checked successfully, and the introduction of the firmware is terminated.
It can be understood that, the validity of the chip is verified by executing the firmware first, so that the firmware can be guaranteed to be issued to the correct chip, and when the firmware is issued to the wrong chip, the issuing of the firmware is stopped and the firmware is discarded, so that the firmware can be effectively prevented from being issued to the wrong chip, the robustness of the chip is improved, and the protection of data inside the chip is further improved.
In an optional embodiment, the chip identification method further comprises:
step 130, importing the firmware into the chip, and verifying the firmware by the chip.
Specifically, when the validity of the chip passes the verification, the validity verification of the firmware issue is performed. It is understood that, in the present embodiment, the firmware stores therein a signature of the firmware and a corresponding public key. Specifically, the data in the firmware is processed, that is, a preset algorithm is called to process all the data in the firmware, a section of summary information with a fixed length is obtained after the processing, and the summary information is used as a plaintext of the firmware. And encrypting the plaintext of the firmware through a private key corresponding to the public key to obtain a signature of the firmware. It will be appreciated that for the same piece of firmware, the signature and the plaintext are identical.
Further, the chip checks the firmware, calls a preset algorithm and a public key to check the signature of the firmware, compares the result obtained by checking the signature with the plaintext of the firmware, and if the compared result is consistent, the verification is passed. If the verification is passed, the firmware is legal, and the firmware issued to the chip is safe and correct.
And further, if the signature passes, calling a preset algorithm and a secret key to encrypt the firmware, storing the encrypted firmware into a front-end memory inside the chip, and refreshing the encrypted firmware into a rear-end memory inside the chip.
It can be understood that when the chip identification of the chip and the firmware passes the verification, the firmware is stored in the chip, so that the safety of the chip and the firmware can be better guaranteed, and the protection of the data in the chip is further improved.
Step 140, if the signature verification is unsuccessful, terminating the firmware import.
After the firmware is led into the chip, the chip checks the firmware, the chip calls a preset algorithm and a public key to check the signature of the firmware, the result obtained by checking the signature is compared with the plaintext of the firmware, if the comparison result is inconsistent, the signature is not checked successfully, and the lead-in of the firmware is stopped.
It can be understood that, by verifying the validity of the chip and the validity of the firmware issuing, when the verification tag does not pass, the issuing of the firmware is terminated and the firmware is discarded, so that the firmware can be effectively prevented from being issued to an incorrect chip, and the incorrect firmware can be effectively prevented from being stored inside the chip, so that the mutual safety between the chip and the firmware can be better guaranteed, and the protection of the data inside the chip is further improved.
Further, the preset algorithm adopted in the embodiment of the present application may be SM2, SM3, SM4 or a hash algorithm, and the specifically adopted algorithm may be set according to an actual situation, which is not limited in the embodiment of the present application.
According to the chip identification method provided by the embodiment of the application, the firmware is introduced into the chip, and the firmware performs signature verification on the chip; and if the signature verification is unsuccessful, terminating the firmware import. According to the chip identification method, the signature and signature verification functions based on the preset algorithm are realized at the chip end and the firmware end, so that the mutual safety between the chip and the firmware can be better guaranteed, and the protection of the internal data of the chip is further improved.
Example 2
As shown in fig. 2, a schematic structural diagram of a chip identification apparatus 200 in an embodiment of the present application is shown, and the apparatus includes:
a first signature verification module 210, configured to introduce firmware into a chip, where the firmware performs signature verification on the chip;
a first termination module 220, configured to terminate the firmware import if the signature verification is unsuccessful.
Optionally, the chip authentication apparatus further comprises:
the first plaintext acquisition module is used for processing the unique identifier of the chip to obtain a plaintext of the chip;
and the first signature acquisition module is used for encrypting the plaintext of the chip through a private key corresponding to the public key to obtain the signature of the chip.
Optionally, the chip authentication apparatus further comprises:
and the storage module is used for programming the signature of the chip into a one-time programmable memory in the chip.
Optionally, the chip authentication device further includes:
the import module is used for importing the firmware into the chip;
and the first signature verification sub-module is used for verifying the signature of the chip by calling a preset algorithm and the public key by the firmware.
Optionally, the chip authentication device further includes:
the second signature checking module is used for guiding the firmware into the chip, and the chip checks the signature of the firmware;
and the second termination module is used for terminating the firmware import if the signature verification is unsuccessful.
Optionally, the chip authentication device further includes:
the second plaintext obtaining module is used for processing the data in the firmware to obtain a plaintext of the firmware;
and the second signature obtaining module is used for encrypting the plaintext of the firmware through a private key corresponding to the public key to obtain the signature of the firmware.
The chip identification device provided by the embodiment of the application realizes the signature and signature verification functions based on the preset algorithm at the chip end and the firmware end, so that the safety between the chip and the firmware can be better guaranteed, and the protection of the internal data of the chip is further improved.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method can be implemented in other ways. The apparatus embodiments described above are merely illustrative and, for example, the flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems that perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, each functional module or unit in each embodiment of the present invention may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
The functions may be stored in a computer-readable storage medium if they are implemented in the form of software functional modules and sold or used as separate products. Based on such understanding, the technical solution of the present invention or a part of the technical solution that contributes to the prior art in essence can be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a smart phone, a personal computer, a server, or a network device, etc.) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk, and various media capable of storing program codes.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention.

Claims (10)

1. A method of chip authentication, the method comprising:
importing firmware into a chip, wherein the firmware checks the chip;
and if the signature verification is unsuccessful, terminating the firmware import.
2. The chip authentication method according to claim 1, wherein the chip stores therein a signature of the chip and a corresponding public key.
3. The chip authentication method according to claim 2, further comprising:
processing the unique identifier of the chip to obtain a plaintext of the chip;
and encrypting the plaintext of the chip by a private key corresponding to the public key to obtain the signature of the chip.
4. The method for authenticating the chip according to claim 3, wherein after the encrypting the plaintext of the chip by the private key corresponding to the public key to obtain the signature of the chip, the method further comprises:
and programming the signature of the chip into a one-time programmable memory inside the chip.
5. The method for chip authentication according to claim 2, wherein the step of importing the firmware into the chip, the firmware verifying the chip comprises:
importing the firmware into the chip;
and the firmware calls a preset algorithm and the public key to verify the signature of the chip.
6. The chip authentication method according to claim 1, further comprising:
importing the firmware into the chip, and verifying and signing the firmware by the chip;
and if the signature verification is unsuccessful, terminating the firmware import.
7. The chip authentication method according to claim 6, wherein the firmware has a signature and a corresponding public key stored therein.
8. The chip authentication method as claimed in claim 7, further comprising:
processing the data in the firmware to obtain a plaintext of the firmware;
and encrypting the plain text of the firmware through a private key corresponding to the public key to obtain the signature of the firmware.
9. A computer device, characterized by comprising a memory storing a computer program and a processor implementing the steps of the chip authentication method according to any one of claims 1 to 8 when the processor executes the computer program.
10. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program which, when executed by a processor, implements the steps of the chip authentication method according to any one of claims 1 to 8.
CN202211085789.6A 2022-09-06 2022-09-06 Chip identification method, computer device and readable storage medium Pending CN115438332A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211085789.6A CN115438332A (en) 2022-09-06 2022-09-06 Chip identification method, computer device and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211085789.6A CN115438332A (en) 2022-09-06 2022-09-06 Chip identification method, computer device and readable storage medium

Publications (1)

Publication Number Publication Date
CN115438332A true CN115438332A (en) 2022-12-06

Family

ID=84247654

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211085789.6A Pending CN115438332A (en) 2022-09-06 2022-09-06 Chip identification method, computer device and readable storage medium

Country Status (1)

Country Link
CN (1) CN115438332A (en)

Similar Documents

Publication Publication Date Title
US11323272B2 (en) Electronic identification verification methods and systems with storage of certification records to a side chain
US20180308098A1 (en) Identity Management Service Using A Block Chain Providing Identity Transactions Between Devices
US11979505B2 (en) File acquisition method and device based on two-dimensional code and two-dimensional code generating method
ES2779750T3 (en) Electronic signature system for an electronic document that uses a third-party authentication circuit
CN106452764B (en) Method for automatically updating identification private key and password system
US10147092B2 (en) System and method for signing and authenticating secure transactions through a communications network
CN106161350B (en) Method and device for managing application identifier
CN108734018B (en) Authentication method, device, system and computer readable storage medium
CN110401615A (en) A kind of identity identifying method, device, equipment, system and readable storage medium storing program for executing
CN106230813B (en) Method for authenticating, authentication device and terminal
CN111275419B (en) Block chain wallet signature right confirming method, device and system
CN109495268B (en) Two-dimensional code authentication method and device and computer readable storage medium
CN108462700B (en) Background server, terminal device, safety early warning method suitable for face recognition and storage medium
CN103546289A (en) USB (universal serial bus) Key based secure data transmission method and system
CN106897761A (en) A kind of two-dimensional code generation method and device
CN104125064B (en) A kind of dynamic cipher authentication method, client and Verification System
CN106209730B (en) Method and device for managing application identifier
CN112241527B (en) Secret key generation method and system of terminal equipment of Internet of things and electronic equipment
CN115859267A (en) Method for safely starting application program, storage control chip and electronic equipment
CN106792669A (en) Information of mobile terminal encryption method and device based on Hybrid Encryption algorithm
CN117692185A (en) Electronic seal using method and device, electronic equipment and storage medium
CN108234125B (en) System and method for identity authentication
CN115438332A (en) Chip identification method, computer device and readable storage medium
CN114297673A (en) Password verification method, solid state disk and upper computer
CN110933047B (en) Network authentication information security verification method, device, medium and terminal equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination