CN115499139B - Detection device of cipher machine and cipher machine - Google Patents
Detection device of cipher machine and cipher machine Download PDFInfo
- Publication number
- CN115499139B CN115499139B CN202211417519.0A CN202211417519A CN115499139B CN 115499139 B CN115499139 B CN 115499139B CN 202211417519 A CN202211417519 A CN 202211417519A CN 115499139 B CN115499139 B CN 115499139B
- Authority
- CN
- China
- Prior art keywords
- detection circuit
- case
- lead
- cover body
- signal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/36—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols with means for detecting characters not meant for transmission
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/12—Details relating to cryptographic hardware or logic circuitry
Abstract
The invention provides a detection device of a cipher machine and the cipher machine, the detection device of the cipher machine comprises: the first detection circuit is used for outputting a first signal when the outer shell of the cipher machine case is in an opened state; the second detection circuit is used for outputting a second signal when the shell of the security area in the password machine is in an opened state; the third detection circuit is used for outputting a third signal when the grid network connected with the safety zone shell in a contact way is detected to be broken; and the processor is electrically connected with the first detection circuit, the second detection circuit and the third detection circuit and enters a safety protection state according to at least one of the first signal, the second signal and the third signal. The scheme of the invention can realize effective protection of the cipher machine and improve the safety of the cipher machine.
Description
Technical Field
The invention relates to the technical field of cipher machine detection, in particular to a detection device of a cipher machine and the cipher machine.
Background
In the prior art, the shell of the cipher machine is a closed shell, and when the cipher machine is damaged, the cipher machine cannot be effectively protected.
Disclosure of Invention
The invention aims to provide a detection device of a cipher machine and the cipher machine, which can realize effective protection of the cipher machine and improve the safety of the cipher machine.
In order to solve the technical problems, the technical scheme of the invention is as follows:
a cryptographic machine detection apparatus comprising:
the first detection circuit is used for outputting a first signal when the outer shell of the cipher machine case is in an opened state;
the second detection circuit is used for outputting a second signal when the shell of the security area in the password machine is in an opened state;
the third detection circuit is used for outputting a third signal when the wireless grid network in contact connection in the safety zone shell is detected to be broken;
and the processor is electrically connected with the first detection circuit, the second detection circuit and the third detection circuit and enters a safety protection state according to at least one of the first signal, the second signal and the third signal.
Optionally, the first detection circuit includes: the case cover opening detection circuit is arranged inside the case shell of the cipher machine and is in contact connection with a cover body of the case shell of the cipher machine, and when the cover body is in an opened state, a first signal is output.
Optionally, the cover body of the case outer shell of the cipher machine includes: the first cover body, the second cover body, the third cover body and the fourth cover body; at least one case uncovering detection circuit comprises:
the first case cover opening detection circuit is arranged in the cipher machine case outer shell and is in contact connection with the first cover body, the second case cover opening detection circuit is in contact connection with the second cover body, the third case cover opening detection circuit is in contact connection with the third cover body, and the fourth case cover opening detection circuit is in contact connection with the fourth cover body;
at least one of the first case cover opening detection circuit, the second case cover opening detection circuit, the third case cover opening detection circuit and the fourth case cover opening detection circuit outputs a first signal when detecting that the corresponding cover body is in an opened state.
Optionally, first quick-witted case uncap detection circuitry, second machine case uncap detection circuitry, third machine case uncap detection circuitry and fourth machine case uncap detection circuitry all include:
a connector disposed on the printed circuit board, the connector connecting the first pin, the second pin, and the third pin;
the cipher machine shell key is electrically connected with the connector and is in contact connection with the cover body;
when the cover body is in an opened state, the cipher machine shell key is in an bouncing state, the voltage of the first pin is changed from low to high, and a first signal is output;
the second pin is electrically connected with the power supply unit through the first resistor, and the third pin is grounded through the second resistor.
Optionally, the safety zone housing comprises: a fifth cover body; the second detection circuit is in contact connection with a fifth cover body in the safety zone shell, and outputs a second signal when the fifth cover body is in an opened state.
Optionally, the second detection circuit includes:
at least one of a first safety area housing cover opening detection circuit, a second safety area housing cover opening detection circuit, a third safety area housing cover opening detection circuit and a fourth safety area housing cover opening detection circuit which are arranged in the safety area housing and are in contact connection with the fifth cover body;
at least one of the first safety zone shell uncovering detection circuit, the second safety zone shell uncovering detection circuit, the third safety zone shell uncovering detection circuit and the fourth safety zone shell uncovering detection circuit outputs a second signal when the fifth cover body is detected to be in an opened state.
Optionally, the first safe area housing uncovering detection circuit, the second safe area housing uncovering detection circuit, the third safe area housing uncovering detection circuit and the fourth safe area housing uncovering detection circuit all include:
the safety zone shell detection switch is in contact connection with the fifth cover body and is provided with a first pin, a second pin, a third pin and a fourth pin;
when the fifth cover body is in an opened state, the safety zone shell detection switch is in a bouncing state, the voltage of the first pin is changed from low to high, and a second signal is output;
the second pin and the fourth pin are grounded;
and the third pin is electrically connected with the power supply unit through a third resistor.
Optionally, the method includes: the safety zone shell detection switch is connected with the grid network in series, and a third signal is output when the grid network is detected to be broken and/or the safety zone shell detection switch is disconnected.
Optionally, the detection apparatus for a cryptographic machine further includes:
the power supply unit is connected with a system power supply and is respectively and electrically connected with the first detection circuit, the second detection circuit, the third detection circuit and the processor;
when the processor is in a working state, the system power supply supplies power to the processor;
when the processor is in a power-off state and does not enter a protection state, the power supply unit supplies power to the first detection circuit, the second detection circuit and the third detection circuit;
when the processor enters a protection state from a working state or a power-off state, the power supply unit supplies power to the processor.
An embodiment of the present invention further provides a cryptographic machine, including: the computer case comprises a computer case shell, a safety zone shell arranged inside the computer case shell, a grid network in contact and electric connection with the safety zone shell, and the computer case further comprises the detection device.
The scheme of the invention at least comprises the following beneficial effects:
outputting a first signal when the outer shell of the cipher machine case is in an opened state through a first detection circuit; the second detection circuit outputs a second signal when the shell of the safe area in the password machine is in an opened state; the third detection circuit outputs a third signal when detecting that the grid network in contact connection in the safety zone shell is broken; and the processor is electrically connected with the first detection circuit, the second detection circuit and the third detection circuit and enters a safety protection state according to at least one of the first signal, the second signal and the third signal. Therefore, the effective detection of the cipher machine can be realized, the effective protection of the cipher machine is realized, and the safety of the cipher machine is improved.
Drawings
Fig. 1 is a block diagram of a detection apparatus of a cryptographic machine according to an embodiment of the present invention;
fig. 2 is a schematic distribution diagram of covers on the outer casing of the case of the cipher machine according to the embodiment of the present invention;
FIG. 3 is a schematic view of a key of a cipher housing according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a first case lid opening detection circuit of the detection device of the cipher machine according to the embodiment of the present invention;
fig. 5 is a schematic structural diagram of a second case uncovering detection circuit of the detection device of the cipher machine according to the embodiment of the present invention;
fig. 6 is a schematic structural diagram of a third case uncovering detection circuit of the detection device of the cipher machine according to the embodiment of the present invention;
fig. 7 is a schematic structural diagram of a fourth case uncovering detection circuit of the detection device of the cipher machine according to the embodiment of the present invention;
fig. 8 is a schematic diagram of a second detection circuit of the detection device of the cipher machine according to the embodiment of the present invention;
fig. 9 is a schematic circuit diagram of a third detection circuit of the detection device of the cipher machine according to the embodiment of the present invention;
fig. 10 is a schematic circuit configuration diagram of a power supply unit according to an embodiment of the present invention;
FIG. 11 is a schematic diagram of a battery switching circuit according to an embodiment of the present invention;
FIG. 12 is a schematic diagram of a battery switching enable control circuit according to an embodiment of the present invention;
fig. 13 is a schematic view of the operation of the detection device of the cipher machine according to the embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
As shown in fig. 1, an embodiment of the present invention provides a detection apparatus 1 for a cryptographic machine, including:
the first detection circuit 11 is used for outputting a first signal when detecting that the outer shell of the cipher machine case is in an opened state;
a second detection circuit 12, configured to output a second signal when the secure area enclosure in the cryptographic machine is in an opened state;
a third detection circuit 13, configured to output a third signal when detecting that the grid network in contact connection within the secure area enclosure is disconnected;
and a processor 14 electrically connected to the first detection circuit 11, the second detection circuit 12, and the third detection circuit 13, and entering a safety protection state according to at least one of the first signal, the second signal, and the third signal.
In this embodiment, when the first detection circuit 11 detects that the cover of the case outer housing of the cipher machine is opened, a first signal is output; when the second detection circuit 12 detects that the cover of the shell of the security area in the cipher is opened, a second signal is output; when the third detection circuit 13 detects that the grid network in contact connection in the safety zone shell is broken, a third signal is output; the processor 14 enters a secure state and stops the password-related service based on at least one of the first signal, the second signal, and the third signal. The processor can be a Micro Control Unit (MCU), so that the effective detection of the cipher machine is realized, the effective protection of the cipher machine is realized, and the safety of the cipher machine is improved.
As shown in fig. 2, a distribution diagram of the cover of the cipher machine case outer shell 20 is shown, and the cover may include: the first cover body, the second cover body, the third cover body and the fourth cover body are distributed in four areas of the cipher machine case outer shell body 20; certainly, the cover body can be arranged according to actual requirements, and the number of the cover bodies is not limited to 4;
the first detection circuit includes: at least one case cover opening detection circuit 31 which is arranged inside the case outer shell of the cipher machine, is in contact connection with a cover body of the case outer shell of the cipher machine, and outputs a first signal when the cover body is in an opened state; the processor may enter a secure state based on the first signal.
Wherein, at least one case uncovering detection circuit 31 includes:
the first case cover opening detection circuit is arranged in the cipher machine case outer shell and is in contact connection with the first cover body, the second case cover opening detection circuit is in contact connection with the second cover body, the third case cover opening detection circuit is in contact connection with the third cover body, and the fourth case cover opening detection circuit is in contact connection with the fourth cover body;
at least one of the first case cover opening detection circuit, the second case cover opening detection circuit, the third case cover opening detection circuit and the fourth case cover opening detection circuit outputs a first signal when detecting that the corresponding cover body is in an opened state.
The cover body can be any one of a first cover body, a second cover body, a third cover body or a fourth cover body, the first case cover opening detection circuit, the second case cover opening detection circuit, the third case cover opening detection circuit and the fourth case cover opening detection circuit all comprise a cipher machine shell key, the cipher machine shell key of the first case cover opening detection circuit is in contact connection with the first cover body, the cipher machine shell key of the second case cover opening detection circuit is in contact connection with the second cover body, the cipher machine shell key of the third case cover opening detection circuit is in contact connection with the third cover body, and the cipher machine shell key of the fourth case cover opening detection circuit is in contact connection with the fourth cover body;
in order to illustrate the cover closing state of the cover of the case outer housing of the cryptographic engine, the cover may be any one of a first cover, a second cover, a third cover, or a fourth cover.
In an optional embodiment of the present invention, the first chassis cover opening detection circuit, the second chassis cover opening detection circuit, the third chassis cover opening detection circuit, and the fourth chassis cover opening detection circuit all include:
a connector disposed on the printed circuit board, the connector connecting the first pin, the second pin, and the third pin;
the cipher machine shell key is electrically connected with the connector and is in contact connection with the cover body;
when the cover body is in an opened state, the cipher machine shell key is in an bouncing state, the voltage of the first pin is changed from low to high, and a first signal is output;
the second pin is electrically connected with the power supply unit through the first resistor, and the third pin is grounded through the second resistor.
As shown in fig. 3, the key of the cipher machine shell has three pins, a COM pin, an NC pin and an NO pin; the cipher machine shell key can be a microswitch specifically; specifically, as shown in fig. 4, the first chassis cover opening detection circuit includes: the first connector J28 is connected with a first lead (namely COM lead), a second lead (namely NC lead) and a third lead (namely NO lead);
when the first cover body is in an opened state, a cipher machine shell key of the first case cover opening detection circuit is in a bouncing state, the level of the first lead COM is changed from low to high, and a first signal is output; in a specific implementation of the first chassis cover opening detection circuit, the second lead NC is electrically connected to one end of the first resistor R434, and the other end of the first resistor R434 is electrically connected to the power supply unit VBAT; the third lead NO is electrically connected to one end of the second resistor R435, and the other end of the second resistor R435 is grounded.
When the first cover body is in a cover closing state with the outer shell of the cipher machine case, the keys of the cipher machine case are in a pressing state, and the first lead wire COM transmits electric signals to the MESH0 in a normal state.
In this embodiment, after the first cover is opened, the key of the crypto engine case of the first case opening detection circuit is bounced, at this time, the first lead COM pin is changed from low level to high level, the processor detects that the first cover is in an open-cover attacked state, the processor stops servicing, sends out an early warning, and enters a protection state.
As shown in fig. 5, the second casing cover opening detection circuit includes: a second cipher housing button and a second connector J30 electrically connected with the second cipher housing button, the second connector J30 also has a first lead (i.e. COM lead), a second lead (i.e. NC lead) and a third lead (i.e. NO lead);
when the second cover body is in an opened state, a cipher machine shell key of the second case uncovering detection circuit is in a flicking state, the level of the first lead COM is changed from low to high, and a first signal is output; in a specific implementation of the second chassis cover opening detection circuit, the second lead NC is electrically connected to one end of a third resistor R438, and the other end of the third resistor R438 is electrically connected to a power supply unit (VBAT); the third lead NO is electrically connected to one end of a fourth resistor R440, and the other end of the fourth resistor R440 is grounded.
When the second cover body is in a cover closing state with the outer shell of the cipher machine case, a cipher machine case key of the second case cover opening detection circuit is in a pressing state, and the first pin COM transmits an electric signal to the MESH 1.
In this embodiment, after the second cover is opened, the keys of the crypto engine case are bounced, at this time, the first lead COM pin is changed from the low level to the high level, the processor detects that the second cover is in an open-cover attacked state, and the processor stops servicing, sends out an early warning, and enters a protection state.
As shown in fig. 6, the third casing uncovering detection circuit includes: a third cipher housing button and a third connector J31 electrically connected to the third cipher housing button, the third connector J31 having a first lead (i.e., COM lead), a second lead (i.e., NC lead) and a third lead (i.e., NO lead);
when the third cover body is in an opened state, a cipher machine shell key of the third case uncovering detection circuit is in a flicking state, the level of the first lead COM is changed from low to high, and a first signal is output; in a specific implementation of the third case uncovering detection circuit, the second lead NC is electrically connected to one end of a fifth resistor R444, and the other end of the fifth resistor R444 is electrically connected to a power supply unit (VBAT); the third lead NO is electrically connected to one end of the fourth resistor R445, and the other end of the sixth resistor R445 is grounded.
When the third cover body is in a cover closing state with the outer shell of the cipher machine case, a cipher machine case key of the third case cover opening detection circuit is in a pressing state, and the first pin COM transmits an electric signal to the MESH 4.
In this embodiment, after the third cover is opened, the key of the crypto engine case of the third case open-cover detection circuit is bounced, at this time, the first lead COM pin is changed from the low level to the high level, the processor detects that the third cover is in the state of open-cover attack, the processor stops servicing, sends out an early warning, and enters the protection state.
As shown in fig. 7, the fourth chassis lid opening detection circuit includes: a fourth cipher housing key and a fourth connector J32 electrically connected to the fourth cipher housing key, the fourth connector J32 having a first lead (i.e., COM lead), a second lead (i.e., NC lead) and a third lead (i.e., NO lead);
when the fourth cover body is in an opened state, a cipher machine shell key of the fourth case uncovering detection circuit is in a flicking state, the level of the first lead COM is changed from low to high, and a first signal is output; in a specific implementation of the fourth chassis cover opening detection circuit, the second lead NC is electrically connected to one end of a seventh resistor R448, and the other end of the seventh resistor R448 is electrically connected to a power supply unit (VBAT); the third lead NO is electrically connected to one end of an eighth resistor R449, and the other end of the eighth resistor R449 is grounded.
When the fourth cover body is in a cover closing state with the outer shell of the cipher machine case, a cipher machine case key of the fourth case cover opening detection circuit is in a pressing state, and the first lead COM transmits an electric signal to the MESH 4.
In this embodiment, after the cover opening action of the fourth cover occurs, the key of the crypto engine case of the cover opening detection circuit of the fourth case is bounced, at this time, the first lead COM pin is changed from the low level to the high level, the processor detects that the fourth cover is in a state where the cover opening is attacked, the processor stops the service, sends out an early warning, and enters a protection state.
In the above embodiment of the present invention, when the cipher machine housing key of any one of the first cover, the second cover, the third cover and the fourth cover detects the action of opening the box body, correspondingly, one or more of the first case open-cover detection circuit, the second case open-cover detection circuit, the third case open-cover detection circuit and the fourth case open-cover detection circuit is triggered, and sends a first signal (i.e., an open-box signal) to the processor MCU, and the MCU records the state and destroys the secret key, and enters the security protection state, thereby implementing the security protection of the cipher machine.
In an alternative embodiment of the present invention, the safe zone housing comprises: a fifth cover (not shown in the drawings), wherein the fifth cover and the secure area housing may be arranged in the same manner as the first cover, the second cover, the third cover or the fourth cover and the cipher machine case outer housing;
the second detection circuit is in contact connection with a fifth cover body in the safety zone shell, and outputs a second signal when the fifth cover body is in an opened state. The processor may enter a secure state based on the second signal.
As shown in fig. 8, the second detection circuit may include: at least one of a first secure area housing cover opening detection circuit 91, a second secure area housing cover opening detection circuit 92, a third secure area housing cover opening detection circuit 93 and a fourth secure area housing cover opening detection circuit 94 which are arranged in the secure area housing and are in contact connection with the fifth cover body;
at least one of the first secure area housing open cover detection circuit 91, the second secure area housing open cover detection circuit 92, the third secure area housing open cover detection circuit 93, and the fourth secure area housing open cover detection circuit 94 outputs a second signal when detecting that the fifth lid is in an open state.
Wherein, first safe zone casing detection circuitry that uncaps, second safe zone casing detection circuitry that uncaps, third safe zone casing detection circuitry that uncaps and fourth safe zone casing detection circuitry that uncaps all include:
a safe zone housing detection switch, such as safe zone housing detection switches SW3, SW4, SW5, SW6, having a first pin 1, a second pin 2, a third pin 3, and a fourth pin 4;
the safety zone shell detection switch is in contact connection with the fifth cover body;
when the fifth cover body is in an opened state, the fifth cover body and the safety zone shell detection switch are in an bouncing state, the voltage of the first pin 1 is changed from high to low, and a second signal is output;
the second pin 2 and the fourth pin 4 are grounded; the third pin 3 is electrically connected to the power supply unit VBAT through resistors (e.g., R433, R436, R439, and R442).
Here, the third pin of the fourth secure area housing cover opening detection circuit may be further connected to a sensor detection circuit, which is electrically connected to the OPT _ DETECT detection signal through a resistor R443.
In the embodiment of the invention, the safety zone shell uncovering detection switches of the first safety zone shell uncovering detection circuit, the second safety zone shell uncovering detection circuit, the third safety zone shell uncovering detection circuit and the fourth safety zone shell uncovering detection circuit are microswitches, the microswitches are placed in the safety zone and are in close contact with the safety zone shell, after the safety zone shell is installed, the switches are in a closed state, once the safety zone shell screw is taken out, the pressing position of the safety zone shell and the microswitches changes, the detection circuits are triggered, an uncovering signal is sent to a processor (such as a micro control unit MCU), and the MCU records the state and destroys a secret key to enter a protection state.
As shown in fig. 9, the third detection circuit includes: the safety zone shell detection switch is connected with the grid network in series, and when the grid network is detected to be broken and/or the safety zone shell detection switch is disconnected, a third signal is output.
In this embodiment, the detection switch of the shell in the security area is any one of SW3, SW4, SW5 and SW6 shown in fig. 8, the MESH network protection circuit in the security area is an FPC soft board, the detection signal and the grounding signal are designed in a parallel winding manner, the whole FPC soft board is fully distributed, the soft board is completely attached to the inside of the shell in the security area, after the installation, the MESH network is in a closed state, once there is a disassembly action that damages the shell, such as cutting, drilling and the like, the detection circuit composed of the MESH network is triggered, a disassembly action signal is sent to the security detection processor (such as a micro control unit MCU), the MCU records a state and destroys a secret key, and enters a security protection state.
As shown in fig. 10, the detection apparatus for a crypto engine further includes:
the power supply unit VBAT is connected with a system power supply and is respectively and electrically connected with the first detection circuit, the second detection circuit, the third detection circuit and the processor;
when the processor is in a working state, the system power supply MP supplies power to the processor;
when the processor is in a power-off state and does not enter a protection state, the power supply unit VBAT supplies power to the first detection circuit, the second detection circuit and the third detection circuit;
when the processor enters a protection state from a working state or a power-off state, the power supply unit supplies power to the processor.
When the system is powered on, VBAT is provided by the system power supply MP, and the electric quantity of the battery is not consumed; when the system is not on, VBAT switches to supply power to the battery.
From fig. 4 to 8, it can be calculated that the power consumption of each MESH network is detected as: 3.3/(3.8M + 10K) =0.87uA,8 MESH networks totally consume 7uA of electric quantity, the electric quantity of the battery is 2500mAH, and the service life of the MESH safety protection circuit is calculated to be longer than 5 years.
After the electric quantity of the battery is exhausted: the password machine box opening detection function can still detect under the system power condition, the system is not powered, and only the cover opening detection function fails.
As shown in fig. 11, the battery switching circuit includes: the connector J33 is electrically connected to a VBAT pin of the power management unit U47, and is electrically connected to a VBAT pin of the power supply unit U47, and the VOUT pin of the power management unit U47 is electrically connected to the system power supply MP through a diode, and the power supply unit VBAT is electrically connected to the system power supply MP.
When the cipher machine operates normally, the processor is provided by the system power supply MP and does not consume the electric quantity of a battery (namely a power supply unit VBAT); when the cipher machine is powered off and no cover opening attack signal exists, the battery only supplies power to each detection circuit and does not supply power to the MCU, and the battery almost consumes no power;
when the cipher machine is powered off and a cover opening attack signal exists, the battery supplies power to the MCU, the cover opening attack signal is sent to the interior of the MCU, the MCU records the attack signal, when the cipher machine is powered on again to run self-checking, the MCU enables the equipment to stop cipher related services, makes early warning and enters a specific protection state.
As shown in fig. 12, the power management unit chip stabilizes the battery level at about 3.3V in the battery switching enable control circuit, and BAT _ LOW is an enable control terminal of U47.
When the system of the cipher machine is on, both MP and 3.3V are on, BAT _ LOW in FIG. 12 is LOW, turning off the output of U47 in FIG. 12, at which time VBAT is provided by MP. When the system of the cipher machine is powered down, BAT _ LOW in fig. 11 is pulled up to high level by the battery in fig. 12 via R452, enabling U47, VBAT is switched to supply power to the battery.
The detection device of the cipher machine according to the above embodiment of the present invention employs multiple detection circuits, and after detecting a specific attack, transmits an attack signal to an interrupt input pin of the processor, and after receiving the attack signal, the processor records a flag of the attack signal and stores the flag in the flash memory.
Specifically, if the attacked cryptographic engine works and the detection device of the cryptographic engine detects the attack, the MCU records the attack signal, immediately stops the cryptographic-related service, makes an early warning, and enters a protection state.
If the attacked cipher machine is not in a working state, namely the equipment is not powered on, at this time, if the equipment is attacked, the detection device of the cipher machine still can transmit the attack signal to the processor, the processor only records the attack signal, no further operation is needed, but once the cipher machine is powered on again and runs, the equipment reads the flag bit of the attack signal during self-checking, the processor immediately stops the cipher related service like the above, an early warning is given, and then the equipment enters a protection state.
As shown in fig. 13, the workflow of the detection device of the cipher machine includes:
after detecting a specific attack, the detection device of the cipher machine transmits an attack signal to a detection pin of the security processor, and after receiving the signal, the processor records a mark of the attack signal and stores the mark into the internal flash memory. The specific response functions are divided into the following two cases:
if the attacked cipher machine device works, the processor can record the attack signal if the detection device detects the attack, then immediately stops the cipher related service, destroys the secret key, makes early warning, and then enters a destruction state.
If the attacked cipher machine device is not in a working state, namely the device is not powered on, if the device is attacked, the detection device still can transmit an attack signal to the processor under the condition of power supply of the battery, the processor can record the attack signal, then immediately stop the cipher related service, destroy the secret key, make an early warning, and then enter a destruction state.
According to the embodiment of the invention, through the first detection circuit for detecting whether the case of the cipher machine case is attacked or not, the second detection circuit for detecting whether the shell of the safety area in the cipher machine is attacked or not and at least one of the third detection circuits for detecting the contact connection of the grid network circuit breaker in the shell of the safety area, whether the cipher machine is attacked or not can be automatically detected, and the safety of the cipher machine is improved;
furthermore, when the cipher machine is not powered on, the detection circuit can still detect whether the cipher machine is attacked or not and can transmit an attack signal to the processor, the processor only records the attack signal, no further operation is needed, once the cipher machine is powered on again, the equipment reads the flag bit of the attack signal during self-check, the processor immediately stops the cipher related service, early warning is made, and then the equipment enters a specific protection state, so that the early warning performance and the safety of the cipher machine are improved.
An embodiment of the present invention further provides a cryptographic machine, including: the cipher machine comprises a case outer shell, a safety zone shell arranged in the case outer shell, a grid network in contact and electric connection with the safety zone shell, and a detection device of the cipher machine according to any one of the embodiments. All the implementation modes of the detection device of the cipher machine are suitable for the embodiment of the cipher machine, and the same technical effect can be achieved.
Embodiments of the present invention also provide a computer-readable storage medium storing instructions that, when executed on a computer, cause the computer to perform the method as described above. All the implementation manners in the above method embodiments are applicable to the embodiment, and the same technical effect can be achieved.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the technical solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: various media capable of storing program codes, such as a U disk, a removable hard disk, a ROM, a RAM, a magnetic disk, or an optical disk.
Furthermore, it is to be noted that in the device and method of the invention, it is obvious that the individual components or steps can be decomposed and/or recombined. These decompositions and/or recombinations are to be regarded as equivalents of the present invention. Also, the steps of performing the series of processes described above may naturally be performed chronologically in the order described, but need not necessarily be performed chronologically, and some steps may be performed in parallel or independently of each other. It will be understood by those skilled in the art that all or any of the steps or elements of the method and apparatus of the present invention may be implemented in any computing device (including processors, storage media, etc.) or network of computing devices, in hardware, firmware, software, or any combination thereof, which can be implemented by those skilled in the art using their basic programming skills after reading the description of the present invention.
Thus, the objects of the invention may also be achieved by running a program or a set of programs on any computing device. The computing device may be a general purpose device as is well known. The object of the invention is thus also achieved solely by providing a program product comprising program code for implementing the method or device. That is, such a program product also constitutes the present invention, and a storage medium storing such a program product also constitutes the present invention. It is to be understood that the storage medium may be any known storage medium or any storage medium developed in the future. It is further noted that in the apparatus and method of the present invention, it is apparent that each component or step can be decomposed and/or recombined. These decompositions and/or recombinations are to be regarded as equivalents of the present invention. Also, the steps of executing the series of processes described above may naturally be executed chronologically in the order described, but need not necessarily be executed chronologically. Some steps may be performed in parallel or independently of each other.
While the foregoing is directed to the preferred embodiment of the present invention, it will be understood by those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the invention as defined in the appended claims.
Claims (7)
1. A cryptographic machine testing apparatus, comprising:
the first detection circuit is used for outputting a first signal when the outer shell of the cipher machine case is in an opened state;
the second detection circuit is used for outputting a second signal when the shell of the security area in the password machine is in an opened state;
the third detection circuit is used for outputting a third signal when the grid network in contact connection in the safety zone shell is detected to be broken;
the processor is electrically connected with the first detection circuit, the second detection circuit and the third detection circuit and enters a safety protection state according to at least one of the first signal, the second signal and the third signal;
wherein the first detection circuit comprises:
the case cover opening detection circuit is arranged in the case shell of the cipher machine, is in contact connection with a cover body of the case shell of the cipher machine, and outputs a first signal when the cover body is in an opened state;
wherein, the lid of cipher machine chassis exterior body includes: the first cover body, the second cover body, the third cover body and the fourth cover body; at least one case uncovering detection circuit comprises:
the first case cover opening detection circuit is arranged in the cipher machine case outer shell and is in contact connection with the first cover body, the second case cover opening detection circuit is in contact connection with the second cover body, the third case cover opening detection circuit is in contact connection with the third cover body, and the fourth case cover opening detection circuit is in contact connection with the fourth cover body;
at least one of the first case cover opening detection circuit, the second case cover opening detection circuit, the third case cover opening detection circuit and the fourth case cover opening detection circuit outputs a first signal when detecting that the corresponding cover body is in an opened state;
wherein, first quick-witted case detection circuitry that uncaps, second machine case detection circuitry that uncaps, third machine case detection circuitry that uncaps and fourth machine case detection circuitry that uncaps all include:
a connector disposed on the printed circuit board, the connector connecting the first pin, the second pin, and the third pin;
the cipher machine shell key is electrically connected with the connector and is in contact connection with the cover body;
when the cover body is in an opened state, the cipher machine shell key is in an bouncing state, the voltage of the first pin is changed from low to high, and a first signal is output;
the second pin is electrically connected with the power supply unit through a first resistor, and the third pin is grounded through a second resistor;
the cipher machine shell key is provided with a COM pin, an NC pin and an NO pin; the cipher machine shell key can be a microswitch;
the first chassis cover opening detection circuit includes: the first cipher machine shell key and a first connector (J28) electrically connected with the first cipher machine shell key, wherein the first connector (J28) is connected with the first lead, the second lead and the third lead;
when the first cover body is in an opened state, a cipher machine shell key of the first case cover opening detection circuit is in a bouncing state, the level of the first lead is changed from low to high, and a first signal is output; in a specific implementation of the first chassis cover opening detection circuit, the second lead is electrically connected with one end of a first resistor, and the other end of the first resistor is electrically connected with a power supply unit; the third lead is electrically connected with one end of a second resistor, and the other end of the second resistor is grounded;
when the first cover body is in a cover closing state with the case body of the cipher machine case, the keys of the case body of the cipher machine are in a pressing state, and the first lead wire normally transmits an electric signal to the MESH network MESH 0;
the second case uncovering detection circuit comprises: the second connector (J30) is electrically connected with the second cipher machine shell key, and the second connector (J30) is connected with the fourth lead, the fifth lead and the sixth lead;
when the second cover body is in an opened state, a cipher machine shell key of the second case uncovering detection circuit is in a flicking state, the level of the fourth lead is changed from low to high, and a first signal is output; in a specific implementation of the second chassis cover opening detection circuit, the fifth lead is electrically connected with one end of a third resistor, and the other end of the third resistor is electrically connected with a power supply unit; the sixth lead is electrically connected with one end of a fourth resistor, and the other end of the fourth resistor is grounded;
when the second cover body is in a cover closing state with the cipher machine case outer shell, a cipher machine case key of the second case cover opening detection circuit is in a pressing state, and the first pin transmits an electric signal to the MESH network MESH 1;
the third case uncovering detection circuit comprises: a third cipher housing button and a third connector (J31) electrically connected with the third cipher housing button, the third connector (J31) having a seventh lead, an eighth lead and a ninth lead;
when the third cover body is in an opened state, a cipher machine shell key of the third case uncovering detection circuit is in a flicking state, the level of the seventh lead is changed from low to high, and a first signal is output; in a specific implementation of the third chassis cover opening detection circuit, the eighth lead is electrically connected to one end of a fifth resistor, and the other end of the fifth resistor is electrically connected to a power supply unit (VBAT); the ninth lead is electrically connected with one end of a sixth resistor, and the other end of the sixth resistor is grounded;
when the third cover body is in a cover closing state with the cipher machine case outer shell, a cipher machine case key of the third case cover opening detection circuit is in a pressing state, and the first pin transmits an electric signal to a third MESH network MESH 4;
fourth machine case uncap detection circuitry includes: a fourth cipher housing button and a fourth connector (J32) electrically connected with the fourth cipher housing button, wherein the fourth connector (J32) is provided with a tenth lead, an eleventh lead and a twelfth lead;
when the fourth cover body is in an opened state, a cipher machine shell key of the fourth case uncovering detection circuit is in a flicking state, the level of the tenth lead is changed from low to high, and a first signal is output; in a specific implementation of the fourth chassis cover opening detection circuit, the eleventh lead NC is electrically connected to one end of a seventh resistor, and the other end of the seventh resistor is electrically connected to a power supply unit (VBAT); the twelfth lead is electrically connected with one end of an eighth resistor, and the other end of the eighth resistor is grounded;
when the fourth cover body is in a cover closing state with the cipher machine case outer shell, a cipher machine case key of the fourth case cover opening detection circuit is in a pressing state, and the first pin transmits an electric signal to the fourth MESH network MESH 4.
2. The crypto machine detection device of claim 1, wherein the secure zone enclosure comprises: a fifth cover body;
the second detection circuit is in contact connection with a fifth cover body in the safety zone shell, and outputs a second signal when the fifth cover body is in an opened state.
3. The detection apparatus for a crypto machine according to claim 2, wherein the second detection circuit comprises:
at least one of a first safety area housing cover opening detection circuit, a second safety area housing cover opening detection circuit, a third safety area housing cover opening detection circuit and a fourth safety area housing cover opening detection circuit which are arranged in the safety area housing and are in contact connection with the fifth cover body;
at least one of the first safety zone housing cover opening detection circuit, the second safety zone housing cover opening detection circuit, the third safety zone housing cover opening detection circuit and the fourth safety zone housing cover opening detection circuit outputs a second signal when detecting that the fifth cover body is in an opened state.
4. The apparatus as claimed in claim 3, wherein the first, second, third and fourth security zone cover detection circuits each comprise:
the safety zone shell detection switch is in contact connection with the fifth cover body and is provided with a first pin, a second pin, a third pin and a fourth pin;
when the fifth cover body is in an opened state, the safety zone shell detection switch is in a bouncing state, the voltage of the first pin is changed from low to high, and a second signal is output;
the second pin and the fourth pin are grounded;
and the third pin is electrically connected with the power supply unit through a third resistor.
5. The detection apparatus for a crypto machine according to claim 1, wherein the third detection circuit comprises: the safety zone shell detection switch is connected with the grid network in series, and when the grid network is detected to be broken and/or the safety zone shell detection switch is disconnected, a third signal is output.
6. The apparatus for detecting a crypto-engine according to claim 1, further comprising:
the power supply unit is connected with a system power supply and is respectively and electrically connected with the first detection circuit, the second detection circuit, the third detection circuit and the processor;
when the processor is in a working state, the system power supply supplies power to the processor;
when the processor is in a power-off state and does not enter a protection state, the power supply unit supplies power to the first detection circuit, the second detection circuit and the third detection circuit;
when the processor enters a protection state from a working state or a power-off state, the power supply unit supplies power to the processor.
7. A cryptographic engine comprising: case outer shell, safety zone shell arranged inside case outer shell and
a mesh network in electrical contact with the secure zone enclosure, further comprising a detection device according to any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211417519.0A CN115499139B (en) | 2022-11-14 | 2022-11-14 | Detection device of cipher machine and cipher machine |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211417519.0A CN115499139B (en) | 2022-11-14 | 2022-11-14 | Detection device of cipher machine and cipher machine |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115499139A CN115499139A (en) | 2022-12-20 |
| CN115499139B true CN115499139B (en) | 2023-03-24 |
Family
ID=85115596
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211417519.0A Active CN115499139B (en) | 2022-11-14 | 2022-11-14 | Detection device of cipher machine and cipher machine |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115499139B (en) |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP4269289B2 (en) * | 1999-04-08 | 2009-05-27 | 日本ビクター株式会社 | Information playback device |
| JP5082737B2 (en) * | 2007-10-09 | 2012-11-28 | パナソニック株式会社 | Information processing apparatus and information theft prevention method |
| CN112906849B (en) * | 2021-05-06 | 2021-08-13 | 北京数盾信息科技有限公司 | Password card cover opening detection method and device and password card |
-
2022
- 2022-11-14 CN CN202211417519.0A patent/CN115499139B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN115499139A (en) | 2022-12-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US6646565B1 (en) | Point of sale (POS) terminal security system | |
| US6512454B2 (en) | Tamper resistant enclosure for an electronic device and electrical assembly utilizing same | |
| KR101051246B1 (en) | Consumer abuse detection system and method | |
| US9578763B1 (en) | Tamper detection using internal power signal | |
| US6710269B2 (en) | Foil keyboard with security system | |
| CN112906849B (en) | Password card cover opening detection method and device and password card | |
| US20210225159A1 (en) | Systems And Methods For Detecting Chassis Intrusion And/Or Tampering Events In Battery-Powered Information Handling Systems | |
| CN112272083A (en) | Internet of things terminal safety protection device and method | |
| CN115499139B (en) | Detection device of cipher machine and cipher machine | |
| CN109346389B (en) | Electronic circuit breaker capable of customizing protection parameters and protection parameter customizing system | |
| CN113496047A (en) | Electronic password card with anti-disassembly protection | |
| CN113574570A (en) | Tamper detection | |
| Vasile et al. | Protecting the secrets: advanced technique for active tamper detection systems | |
| CN115460609B (en) | Detection device for password card and password card | |
| CN206209730U (en) | A kind of Information Security equipment | |
| EP3721173B1 (en) | Integrity monitor | |
| JP4879234B2 (en) | Information terminal equipment | |
| CN214098427U (en) | Storage device capable of being automatically destroyed | |
| US20050166002A1 (en) | Memory intrusion protection circuit | |
| CN214757406U (en) | Electronic device and circuit board | |
| JP7238689B2 (en) | Information processing equipment | |
| CN214896834U (en) | Double-technology detection alarm device | |
| CN213843851U (en) | Prevent reverse engineering device | |
| US20230376619A1 (en) | Tamper and zeroization response unit | |
| CN220820666U (en) | Safety pogo pin |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP02 | Change in the address of a patent holder | ||
| CP02 | Change in the address of a patent holder |
Address after: 100000 901, Floor 9, Building 7, Yard 8, Auto Museum East Road, Fengtai District, Beijing Patentee after: BEIJING SHUDUN INFORMATION TECHNOLOGY CO.,LTD. Address before: 100094 room 101-502, 5th floor, building 10, yard 3, fengxiu Middle Road, Haidian District, Beijing Patentee before: BEIJING SHUDUN INFORMATION TECHNOLOGY CO.,LTD. |