CN115694805A - Electronic device, integrated circuit design and manufacturing method and product operation method - Google Patents
Electronic device, integrated circuit design and manufacturing method and product operation method Download PDFInfo
- Publication number
- CN115694805A CN115694805A CN202211338940.2A CN202211338940A CN115694805A CN 115694805 A CN115694805 A CN 115694805A CN 202211338940 A CN202211338940 A CN 202211338940A CN 115694805 A CN115694805 A CN 115694805A
- Authority
- CN
- China
- Prior art keywords
- key information
- mapping
- information
- ciphertext
- integrated circuit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 93
- 238000004519 manufacturing process Methods 0.000 title claims abstract description 52
- 238000013461 design Methods 0.000 title claims description 38
- 238000003860 storage Methods 0.000 claims abstract description 60
- 238000012545 processing Methods 0.000 claims abstract description 25
- 238000012938 design process Methods 0.000 claims abstract description 12
- 238000013507 mapping Methods 0.000 claims description 123
- 238000004590 computer program Methods 0.000 claims description 10
- 238000011017 operating method Methods 0.000 claims description 6
- 238000006243 chemical reaction Methods 0.000 claims description 5
- 238000009826 distribution Methods 0.000 claims description 2
- 238000011161 development Methods 0.000 abstract description 5
- 238000012423 maintenance Methods 0.000 abstract description 3
- 230000008569 process Effects 0.000 description 18
- 238000010586 diagram Methods 0.000 description 10
- 230000003287 optical effect Effects 0.000 description 4
- 230000006870 function Effects 0.000 description 3
- 230000000694 effects Effects 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 230000002411 adverse Effects 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Landscapes
- Semiconductor Integrated Circuits (AREA)
Abstract
The present disclosure provides an electronic device, a method for designing and manufacturing an integrated circuit, and a method for operating a product. The electronic device comprises a secret key prestoring unit, a ciphertext storage unit and a decryption processing module. The key pre-storage unit is configured to store pre-set key information solidified during the integrated circuit design process. The ciphertext storage unit is configured to store a ciphertext encrypted using the preset key information. The decryption processing module is configured to decrypt the ciphertext based on the preset key information. According to the method, the preset key information is solidified in the circuit in the design process of the integrated circuit, so that the privacy information in the production process is not easy to leak under the condition that the cost of the invested development and maintenance is low, and the safety of the privacy information is improved.
Description
Technical Field
Embodiments of the present disclosure relate to an electronic device, a method of designing and manufacturing an integrated circuit, and a method of operating a product.
Background
To protect the integrity and confidentiality of data, encryption algorithms are widely used in the field of information security. At present, in the conventional aspect of key burning security control, a chip designer generally provides a key generation and burning program to a production manufacturer, the production manufacturer loads the key generation and burning program into a test device, and the device is used to burn information such as a key into a designated memory in a chip. Therefore, the secret key is easy to leak or crack, and the safety of the private information needing to be protected in the production process is low. However, the security of device privacy protection is also an important factor to be considered in chip design and production processes.
Disclosure of Invention
At least one embodiment of the present disclosure provides an electronic device, including: a key pre-storage unit configured to store pre-set key information solidified in an integrated circuit design process; a cipher text storage unit configured to store a cipher text obtained by encrypting using the preset key information; and the decryption processing module is configured to decrypt the ciphertext based on the preset key information.
For example, at least one embodiment of the present disclosure provides an electronic device, wherein the decryption processing module includes a first decryption processing unit configured to extract the preset key information and decrypt the ciphertext using the preset key information.
For example, an electronic device provided in at least one embodiment of the present disclosure further includes a mapping module, where the ciphertext storage unit is further configured to store mapping information, and the mapping module is configured to map the preset key information based on the mapping information, and obtain mapped mapping key information.
For example, in an electronic device provided by at least one embodiment of the present disclosure, the decryption processing module includes a second decryption processing unit configured to extract the mapping key information and decrypt the ciphertext using the mapping key information.
For example, in an electronic apparatus provided by at least one embodiment of the present disclosure, the second decryption processing unit includes secure firmware, and the secure firmware is configured to read the mapping key information and the ciphertext, and decrypt the ciphertext with the mapping key information to obtain a plaintext.
For example, in an electronic device provided in at least one embodiment of the present disclosure, the mapping module includes a multiplexer and a selector, where the multiplexer is configured to rearrange the preset key information to obtain arranged arrangement key information, and the selector is configured to select a multi-bit width of the arrangement key information to obtain the mapping key information.
For example, in an electronic device provided in at least one embodiment of the present disclosure, the preset key information includes a hard code of N1 bits, and the hard code includes M groups of preset keys of N2 bits, where M is an integer greater than 1, and N1= M × N2.
For example, in an electronic device provided in at least one embodiment of the present disclosure, the mapping information includes at least one of the following: a start bit in the hard-coded N1 bits, a bit step per jump, direction information from high to low or low to high, a start offset of selected N3 bits, where N3 is less than N1.
For example, in an electronic device provided in at least one embodiment of the present disclosure, the ciphertext storage unit includes a one-time programmable memory.
At least one embodiment of the present disclosure further provides a method for designing an integrated circuit, including: acquiring preset key information; designing a key pre-storage unit in the integrated circuit, and solidifying the preset key information in the key pre-storage unit of the integrated circuit; design information for the integrated circuit is provided for use in manufacturing a product for the integrated circuit.
For example, in a design method provided by at least one embodiment of the present disclosure, solidifying the preset key information in a key pre-storing unit of the integrated circuit includes: and in the stage of a register conversion stage circuit in the integrated circuit design process, the preset key information is solidified in the key prestoring unit.
For example, in a design method provided in at least one embodiment of the present disclosure, acquiring preset key information includes: generating M groups of preset keys of N2 bits to obtain hard-coded N1 bits, thereby generating the preset key information, where M is an integer greater than 1, and N1= M × N2.
For example, a design method provided in at least one embodiment of the present disclosure further includes: and responding to the register conversion stage circuit in wiring, and dispersedly arranging the preset key information.
At least one embodiment of the present disclosure also provides a method for manufacturing an integrated circuit, which obtains design information of the integrated circuit obtained by the design method as described in any one of the above; and acquiring at least one product of the integrated circuit through tape-out based on the design information.
For example, in a manufacturing method provided by at least one embodiment of the present disclosure, to-be-protected privacy information is acquired, and the privacy information is encrypted by using the preset key information to acquire a ciphertext; and programming the ciphertext to a ciphertext storage unit of a product of the integrated circuit.
For example, at least one embodiment of the present disclosure provides a manufacturing method further including: and programming mapping information for decrypting the ciphertext to the ciphertext storage unit.
At least one embodiment of the present disclosure further provides a method of operating an integrated circuit product, including: obtaining a product of said integrated circuit obtained by the manufacturing method as described above; the preset key information is extracted and used to decrypt the ciphertext in a ciphertext storage unit of a product of the integrated circuit.
At least one embodiment of the present disclosure also provides a method of operating a product of an integrated circuit, including: obtaining a product of said integrated circuit obtained by the manufacturing method as described above; and decrypting the ciphertext in a ciphertext storage unit of a product of the integrated circuit based on the preset key information and the mapping information.
For example, in an operation method provided by at least one embodiment of the present disclosure, decrypting the ciphertext in the ciphertext storage unit of the product of the integrated circuit based on the preset key information and the mapping information includes: mapping the preset key information based on the mapping information to obtain mapped mapping key information; extracting the mapping key information and decrypting the ciphertext using the mapping key information.
For example, in an operation method provided by at least one embodiment of the present disclosure, extracting the mapping key information, and decrypting the ciphertext using the mapping key information includes: and reading the mapping key information and the ciphertext through the security firmware, and decrypting the ciphertext by using the mapping key information to obtain a plaintext.
For example, in an operation method provided in at least one embodiment of the present disclosure, mapping the preset key information based on the mapping information, and acquiring mapped mapping key information includes: rearranging the preset key information to obtain the arranged key information; and selecting the bit width of the configuration key information to obtain the mapping key information.
For example, in one method of operation provided in at least one embodiment of the present disclosure, the preset key information includes a hard code of N1 bits, the hard code includes M groups of preset keys of N2 bits, where M is an integer greater than 1, and N1= M × N2; the mapping information includes at least one of: a start bit in the hard-coded N1 bits, a bit step per jump, direction information from high to low or low to high bits, a start offset of selected N3 bits, wherein N3 is less than N1.
For example, in an operation method provided in at least one embodiment of the present disclosure, mapping the preset key information based on the mapping information, and acquiring the mapped mapping key information includes: rearranging the preset key information based on the start bit in the hard coded N1 bit, the bit step length of each jump and the direction information to obtain the arranged key information; and selecting the bit width of the distribution key information based on the selected starting offset of the N3 bits to obtain the mapping key information.
For example, in an operation method provided by at least one embodiment of the present disclosure, decrypting the ciphertext in the ciphertext storage unit of the product of the integrated circuit based on the preset key information and the mapping information includes: and decrypting the ciphertext through a symmetric cryptographic algorithm to obtain a plaintext.
For example, in one method of operation provided by at least one embodiment of the present disclosure, the privacy information includes: at least one of a root key of a user, factory debugging parameters of equipment operation, power supply configuration information and working frequency configuration information.
For example, in an operation method provided by at least one embodiment of the present disclosure, reading, by secure firmware, the mapping key information and the ciphertext includes: and the security firmware sends an access request to a storage space where the mapping key information is located according to a target storage access address to read the mapping key information, wherein the target storage access address is configured to be uniquely used by the security firmware.
For example, in an operation method provided by at least one embodiment of the present disclosure, reading, by secure firmware, the mapping key information and the ciphertext includes: and responding to the access information acquired by the security firmware based on the sent access request, wherein the access information comprises the mapping key information, and the product of the integrated circuit is started normally.
At least one embodiment of the present disclosure provides an electronic device, including: a processor and a memory, wherein the memory has stored thereon a computer program which, when executed by the processor, implements a design method as defined in any of the above or an operating method as defined in any of the above.
At least one embodiment of the present disclosure provides a computer-readable storage medium, wherein the storage medium has stored therein a computer program, which when executed by a processor, implements a design method as set forth in any one of the above or an operation method as set forth in any one of the above.
Drawings
In order to more clearly illustrate the embodiments of the present disclosure or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present disclosure, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a schematic diagram of an electronic device according to some embodiments of the present disclosure;
FIG. 2 is a schematic diagram of an electronic device according to further embodiments of the present disclosure;
FIG. 3 is a schematic diagram of an electronic device according to still other embodiments of the disclosure;
FIG. 4 is a schematic diagram of a mapping module provided in some embodiments of the present disclosure;
FIG. 5 is a flow chart of a method of designing an integrated circuit according to some embodiments of the present disclosure;
FIG. 6 is a flow chart of a method of manufacturing an integrated circuit according to some embodiments of the present disclosure;
FIG. 7 is a flow chart of a method of fabricating an integrated circuit according to further embodiments of the present disclosure;
FIG. 8 is a flow chart of a method of operation of an integrated circuit product provided by some embodiments of the present disclosure;
FIG. 9 is a flow chart of a method of operation of an integrated circuit product according to further embodiments of the present disclosure;
FIG. 10 is a flowchart of one implementation of step Q2 of the method of operation of FIG. 9;
FIG. 11 is a flow chart of one implementation of step Q21 of the method of operation of FIG. 10;
FIG. 12 is a flow chart of another specific implementation of step Q21 of the method of operation of FIG. 10;
fig. 13 is a schematic structural diagram of an electronic device according to at least one embodiment of the present disclosure.
Detailed Description
The technical solutions in the embodiments of the present disclosure will be described clearly and completely with reference to the drawings in the embodiments of the present disclosure, and it is obvious that the embodiments described are only some embodiments of the present disclosure, rather than all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments disclosed herein without making any creative effort, shall fall within the protection scope of the present disclosure.
Unless otherwise defined, all terms (including technical and scientific terms) used in the embodiments of the present disclosure have the same meaning as commonly understood by one of ordinary skill in the art to which this disclosure belongs. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the relevant art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.
The use of "first," "second," and similar terms in the embodiments of the disclosure is not intended to indicate any order, quantity, or importance, but rather is used to distinguish one element from another. The use of the terms "a" and "an" or "the" and similar referents do not denote a limitation of quantity, but rather denote the presence of at least one. Likewise, the word "comprising" or "comprises", and the like, means that the element or item listed before the word covers the element or item listed after the word and its equivalents, but does not exclude other elements or items. The terms "connected" or "coupled" and the like are not restricted to physical or mechanical connections, but may include electrical connections, whether direct or indirect. Flow charts are used in the disclosed embodiments to illustrate the steps of a method according to an embodiment of the disclosure. It should be understood that the preceding and following steps are not necessarily performed in the exact order in which they are performed. Rather, various steps may be processed in reverse order or simultaneously. Meanwhile, other operations may be added to the processes, or a certain step or steps may be removed from the processes.
At present, some methods for protecting equipment privacy in the chip production process all face the risk that the equipment privacy is revealed. Various privacy information is contained in a memory (such as a one-time programmable memory) of the chip, a programming process of the one-time programmable memory is generally completed by a third-party factory in production, and the information can be used as a key for starting the chip or influencing an initialization configuration behavior, so that a protection means for the part of information needs to be added.
The inventor of the present disclosure finds that the current device privacy mode is complicated in application, for example, each chip is required to have a unique key, that is, a chip-to-chip mode is difficult to implement in a series of production, a management system and a production interaction system which are more complicated must be matched, and the use process and application development are also complicated, for example, different application keys need to be used for the keys of each device, thereby requiring additional development and management costs.
At least one embodiment of the present disclosure provides an electronic device, including: a key pre-storage unit configured to store pre-set key information solidified in an integrated circuit design process; a ciphertext storage unit configured to store a ciphertext encrypted using preset key information; and the decryption processing module is configured to decrypt the ciphertext based on the preset key information.
At least one embodiment of the present disclosure further provides a method for designing an integrated circuit, including: acquiring preset key information; designing a key pre-storing unit in the integrated circuit, and solidifying the pre-set key information in the key pre-storing unit of the integrated circuit; design information for an integrated circuit is provided for use in manufacturing a product for the integrated circuit.
At least one embodiment of the present disclosure further provides a method for manufacturing an integrated circuit, including: obtaining design information of an integrated circuit obtained by the design method according to the embodiment; and acquiring the product of at least one integrated circuit through tape-out based on the design information.
At least one embodiment of the present disclosure further provides an operation method of an integrated circuit product based on the above embodiments.
According to the electronic device or the method, the preset key information is solidified in the circuit in the integrated circuit design process, so that the privacy information in the production process is not easy to leak under the condition that the cost of the invested development and maintenance is low, the safety of the privacy information is improved, and the requirement of privacy information protection can be met. For example, in the case that a plurality of integrated circuit chips have the same secret key, at least one embodiment of the present disclosure can also ensure that the private information of the device has higher security, and the adverse situation that information of an integrated circuit chip in a whole batch is leaked due to information leakage of one integrated circuit chip does not occur.
Fig. 1 is a schematic diagram of an electronic device according to some embodiments of the disclosure.
For example, as shown in fig. 1, the electronic device 100 includes at least a key pre-storing unit 110, a ciphertext storing unit 120, and a decryption processing module 130. The key pre-storing unit 110 is configured to store pre-set key information A1 solidified during the integrated circuit design process. The ciphertext storage unit 120 may be configured to store a ciphertext B1 that may be encrypted using the preset key information A1. The decryption processing module 130 is configured to decrypt the ciphertext B1 based on the preset key information A1.
According to the electronic device disclosed by the embodiment, the preset key information is solidified in the circuit in the design process of the integrated circuit, so that the privacy information in the production process is not easy to leak under the condition that the cost of the invested development and maintenance is low, the security of the privacy information is high, the mode is simple, the production efficiency is high, and meanwhile, the privacy information protection using the same key can be met.
In some examples, ciphertext storage unit 120 comprises a one-time programmable memory. Of course, this is merely an example and not a limitation of the present disclosure.
Fig. 2 is a schematic diagram of an electronic device according to other embodiments of the disclosure.
For example, as shown in fig. 2, the decryption processing module 130 includes a first decryption processing unit 131, and the first decryption processing unit 131 is configured to extract preset key information A1 and decrypt a ciphertext B1 using the preset key information A1.
The embodiment of the disclosure realizes decryption of the ciphertext by directly using the preset key information, and has the advantages of simple mode and efficiency improvement.
Fig. 3 is a schematic diagram of an electronic device according to still other embodiments of the present disclosure.
For example, as shown in fig. 3, the electronic device 100 further includes a mapping module 140. The ciphertext storage unit 120 is further configured to store mapping information D1, and the mapping module 140 is configured to map the preset key information A1 based on the mapping information D1, and obtain mapped mapping key information A2.
For example, as shown in fig. 3, the decryption processing module 130 includes a second decryption processing unit 132, and the second decryption processing unit 132 is configured to extract the mapping key information A2 and decrypt the ciphertext B1 using the mapping key information A2.
The embodiment of the disclosure can map the preset key information and keep the mapping rule secret, thereby improving the security of privacy information protection.
In some examples, the second decryption processing unit 132 includes secure firmware configured to read the mapping key information A2 and the ciphertext B1, and decrypt the ciphertext B1 using the mapping key information A2 to obtain plaintext. For example, the secure firmware may send an access request to the memory space where the mapping key information A2 is located according to the target memory access address to read the mapping key information A2, and the target memory access address is configured to be uniquely used by the secure firmware.
Therefore, according to the embodiment of the disclosure, a space which is only known by the secure firmware and cannot be read by an external bus or other access components is allocated to the secure firmware, so that the security of privacy information protection is greatly improved.
Fig. 4 is a schematic diagram of a mapping module according to some embodiments of the present disclosure.
For example, as shown in fig. 3 and 4, the mapping module 140 includes a multiplexer 141 and a selector 142. The multiplexer 141 is configured to rearrange the preset key information A1 to obtain arranged arrangement key information A3. The selector 142 is configured to select the configuration key information A3 with multiple bit widths to obtain the mapping key information A2.
In some examples, the preset key information A1 includes a hard-coded N1 bit including M groups of preset keys of N2 bits, where M is an integer greater than 1, and N1= M × N2. The embodiment of the disclosure can adapt to different users and different subdivision applications by generating a plurality of groups of solidified keys in a safe manner. For example, N2 is a multiple of 8. Of course, this is merely exemplary and not a limitation of the present disclosure, and other reasonable numbers of N2 may be selected, which are not exhaustive or described in detail herein.
For example, in the example of fig. 4, N1 may be 1024. For example, M may be 32. Thus, the hard coding of the embodiments of the present disclosure employs 32 sets of preset key information of 32bit width, for a total of 1024 bits, such as hardbit 0 to hardbit 1023 included in fig. 4. For example, each of the M groups of N2-bit preset keys may be different from each other. For example, the arrangement key information A3 also has 1024 bits, for example, remap bit 0 to remap bit 1023 included in fig. 4. Of course, this is merely exemplary and not a limitation of the present disclosure.
In some examples, the mapping information D1 includes at least one of: a start bit D101 of hard coded N1 bits, a bit step D102 per jump, direction information D103 from high to low or low to high, a start offset D104 of selected N3 bits, where N3 is smaller than N1.
In some examples, N3 is a multiple of 8. Of course, this is merely exemplary and not a limitation of the present disclosure, and other reasonable numbers of N3 may be selected and are not exhaustive or described herein.
For example, in the example of FIG. 4, N3 may be 256, such as 256 bits for mapping key information A2 in FIG. 4, and includes select bit 0-select bit 255. Of course, this is merely exemplary and not a limitation of the present disclosure.
Fig. 5 is a flowchart of a design method of an integrated circuit according to some embodiments of the disclosure.
For example, as shown in fig. 5, the designing method includes at least steps S1 to S3.
And S1, acquiring preset key information A1.
Step S2, designing a key pre-storing unit 110 in the integrated circuit, and solidifying the preset key information A1 in the key pre-storing unit 110 of the integrated circuit.
And S3, providing design information of the integrated circuit for manufacturing the product of the integrated circuit.
According to the embodiment of the disclosure, the preset key information is generated in a safe manner and is solidified in the design of the integrated circuit, so that the hidden danger problem that the privacy information is provided to a third party in an original text form can be simply and effectively solved, instead, the original text of the privacy information can be kept in a safe environment for use and the privacy information can be provided in a ciphertext form, and therefore, the safety is high, the manner is simple, and the production efficiency is high.
In some examples, the secure environment may be a corporate internal environment that is not networked to the outside world or other secure environment protected by hardware. Of course, this is merely an example and not a limitation of the present disclosure.
For example, for step S1, in some examples, obtaining the preset key information A1 includes the following process or steps: generating M groups of preset keys of N2 bits to obtain hard-coded N1 bits, thereby generating preset key information A1, where M is an integer greater than 1, and N1= M × N2.
For example, N2 is a multiple of 8. Of course, this is merely exemplary and not a limitation of the present disclosure.
For example, for step S2, in some examples, consolidating preset key information A1 in a key pre-storage unit of an integrated circuit includes the following process or steps: in a stage of a Register Transfer Level (RTL) in the integrated circuit design process, the preset key information A1 is fixed in the key pre-storing unit 110. In this way, the embodiment of the disclosure solidifies the preset key information in the RTL, so that an attacker cannot acquire the preset key information in a circuit with a huge number of transistors after the integrated circuit is taped out, and thus, the security of protecting the privacy information can be improved.
In some examples, the design method of the integrated circuit further includes the following processes or steps: the preset key information A1 is dispersedly arranged in response to the register conversion stage circuit being wired.
The above embodiments of the present disclosure increase interference by performing distributed layout of the preset key information during RTL wiring, which makes it difficult for an attacker to obtain from, for example, billions of transistors, and thus can improve security of privacy information protection.
Fig. 6 is a flow chart of a method of manufacturing an integrated circuit according to some embodiments of the present disclosure.
For example, as shown in fig. 6, the manufacturing method includes at least step T1 and step T2.
And T1, obtaining design information of the integrated circuit.
And T2, acquiring the product of at least one integrated circuit through tape-out based on the design information.
For example, for step T1, in some examples, obtaining design information for an integrated circuit includes the following processes or steps: the design information of the integrated circuit obtained by the design method according to any of the above embodiments may specifically refer to the description of the design method, and is not repeated here.
For example, for step T2, in some examples, obtaining a product of at least one integrated circuit through tape-out based on the design information includes the following process or steps: the production of a plurality of integrated circuits having the same preset key information A1 as each other is acquired through a tape-out based on the design information.
The manufacturing method of the embodiment of the disclosure is very simple and efficient in production, and can meet the requirement of protecting the privacy information of the integrated circuit chip by using the same key.
Fig. 7 is a flow chart of a method for manufacturing an integrated circuit according to further embodiments of the present disclosure.
For example, as shown in fig. 7, the manufacturing method includes not only step T1 and step T2 but also step T3 and step T4.
And T3, acquiring the privacy information to be protected, and encrypting the privacy information by using the preset key information A1 to acquire a ciphertext B1.
And step T4, programming the ciphertext B1 to the ciphertext storage unit 120 of the product of the integrated circuit.
In some examples, the method of manufacturing further comprises: the mapping information D1 for decrypting the ciphertext B1 is programmed to the ciphertext storage unit 120.
For example, in a secure environment, the private information exists in plain text and may be encrypted or decrypted, such that the information sent out away from the secure environment is in cipher text, e.g., the private information may be sent to the third party production facility in cipher text. Therefore, the security of the private information that needs to be protected in the embodiment of the present disclosure is high.
For example, for step T3, in some examples, the privacy information includes: at least one of a root key of a user, factory debugging parameters of equipment operation, power supply configuration information and working frequency configuration information. Of course, this is merely exemplary and not a limitation of the present disclosure, and any privacy information required in the encryption production process is within the protection scope of the present disclosure, and will not be described herein again.
In some examples, the electronic device 100 according to the above embodiment of the disclosure may be an integrated circuit product obtained by the above manufacturing method, or may be a combination of the integrated circuit product obtained by the above manufacturing method and other functional circuits, which is not limited or described in detail in this embodiment of the disclosure.
Fig. 8 is a flow chart of a method of operation of an integrated circuit product according to some embodiments of the present disclosure.
For example, as shown in fig. 8, the operation method includes at least step P1 and step P2.
And P1, obtaining the product of the integrated circuit.
And P2, extracting the preset key information A1, and decrypting the ciphertext B1 in the ciphertext storage unit 120 of the product of the integrated circuit by using the preset key information A1.
For example, for step P1, in some examples, obtaining a product of an integrated circuit includes the following processes or steps: the product of the integrated circuit obtained by the manufacturing method according to any of the above embodiments can be obtained by specifically referring to the above description of the manufacturing method, which is not repeated herein.
Fig. 9 is a flow chart of a method of operation of an integrated circuit product according to further embodiments of the present disclosure.
For example, as shown in fig. 9, the operation method includes at least step Q1 and step Q2.
And Q1, obtaining the product of the integrated circuit.
And step Q2, decrypting the ciphertext B1 in the ciphertext storage unit of the product of the integrated circuit based on the preset key information A1 and the mapping information D1.
For example, for step Q1, in some examples, obtaining a product of an integrated circuit includes the following processes or steps: the product of the integrated circuit obtained by the manufacturing method according to the above embodiment can be obtained by specifically referring to the above description of the manufacturing method, which is not repeated herein.
According to the embodiment of the disclosure, the private information is encrypted in a form of the ciphertext during production and then sent to the third-party factory, and the ciphertext is written into the one-time programmable memory by the third-party factory, so that although the ciphertext may be leaked, the original text corresponding to the private information is in a safe or confidential state all the time, and the security of the private information is high.
Fig. 10 is a flow chart of one implementation of step Q2 of the method of operation of fig. 9.
For example, as shown in fig. 10, one example of the step Q2 includes at least a step Q21 and a step Q22.
And step Q21, mapping the preset key information A1 based on the mapping information D1, and acquiring the mapped mapping key information A2.
And step Q22, extracting the mapping key information A2, and decrypting the ciphertext B1 by using the mapping key information A2.
For example, for step Q22, in some examples, extracting the mapping key information A2 and decrypting the ciphertext B1 using the mapping key information A2 includes the following process or step Q221: and reading the mapping key information A2 and the ciphertext B1 through the secure firmware, and decrypting the ciphertext B1 by using the mapping key information A2 to obtain a plaintext. Therefore, the embodiment of the disclosure can ensure that the original text of the private information is used in a safe environment all the time, and only the safe firmware can obtain the mapping key information and the preset key information, so that the safety of protecting the private information can be improved.
Fig. 11 is a flow chart of one implementation of step Q21 of the method of operation of fig. 10. Fig. 12 is a flow chart of another specific implementation of step Q21 of the method of operation of fig. 10.
For example, as shown in fig. 11, one example of the step Q21 includes at least a step Q211 and a step Q212.
And step Q211, rearranging the preset key information A1, and acquiring the arranged arrangement key information A3.
And step Q212, selecting the bit width of the configuration key information A3 to obtain mapping key information A2.
In some examples, the preset key information A1 includes a hard-coded N1 bit including M groups of preset keys of N2 bits, where M is an integer greater than 1, and N1= M × N2.
In some examples, N2 is a multiple of 8. Of course, this is merely exemplary and not a limitation of the present disclosure, and other reasonable numbers of N2 may be selected and are not exhaustive or described.
For example, N1 may be 1024. In some examples, the mapping information D1 includes at least one of: a start bit D101 of hard coded N1 bits, a bit step D102 per jump, direction information D103 from high to low or low to high, a start offset D104 of selected N3 bits, where N3 is smaller than N1.
In some examples, N3 is a multiple of 8. Of course, this is merely exemplary and not a limitation of the present disclosure, and other reasonable numbers of N3 may be selected and are not exhaustive or described herein. For example, N3 may be 256.
In this regard, as shown in fig. 12, one example of the step Q21 may further include a step Q211a and a step Q212a.
And step Q211a, rearranging the preset key information A1 based on the start bit D101 in the hard coded N1 bit, the bit step D102 of each jump and the direction information D103, and acquiring the arranged arrangement key information A3.
And step Q212a, selecting a plurality of bit widths for the arrangement key information A3 based on the selected start offset D104 of the N3 bits, and obtaining mapping key information A2.
It should be noted that the present disclosure is not limited to the specific example of mapping preset key information based on mapping information to obtain mapped mapping key information described in the foregoing embodiment, and may also be any other reasonable mapping manner, which is not described herein again.
For example, for step Q2, in some examples, decrypting the ciphertext B1 in the ciphertext storage unit 120 of the product of the integrated circuit based on the preset key information A1 and the mapping information D1 includes the following processes or steps: and decrypting the ciphertext B1 through a symmetric cryptographic algorithm to obtain a plaintext. Therefore, the encryption or decryption speed of the information is high, and the key management is simple.
In some examples, the symmetric cryptographic algorithm comprises an SM4 cryptographic algorithm. Of course, this is merely an example and is not a limitation of the present disclosure, for example, the embodiments of the present disclosure may also decrypt a ciphertext through an asymmetric cryptographic algorithm to obtain a plaintext, which is not described herein again.
For example, for step Q221, in some examples, reading the mapping key information and the ciphertext by the secure firmware includes the following processes or steps: the secure firmware sends an access request to the storage space where the mapping key information A2 is located according to a target storage access address to read the mapping key information A2, wherein the target storage access address is configured to be uniquely used by the secure firmware.
In some examples, reading the mapping key information and the ciphertext by the secure firmware may also include the following processes or steps: the access information acquired by the response to the security firmware based on the sent access request comprises mapping key information, and the product of the integrated circuit is normally started, namely the verification is passed at this time, the decryption can be smoothly performed through the mapping key information, and the product of the integrated circuit can be normally started for use; on the contrary, if the secure firmware does not access and acquire the mapping key information, the product of the integrated circuit is not started, that is, the verification is not passed at this time, and the product of the integrated circuit is not started. Therefore, the integrated circuit chip can be enabled to be started and used very safely, and the safety of protecting the privacy information can be greatly improved.
For example, the privacy information to be protected is as follows:
EF7E09B382945F7731A6DDC83EBCAD5E53C345F1D9275D1B1118B564A952B382。
for example, the ciphertext B1 of the private information after being encrypted may be written to the ciphertext storage unit 120, where the ciphertext B1 is as follows:
0FC8B5C41F4744A55D9D2DDE445B96C548A7287C4CC2726F84B1139D8CF3D720。
for example, the preset key information A1 is: 117AC9C66D9AEC6804D4E9DD2269ED10.
Based on the above, the information read after startup is the ciphertext B1, and after decryption, the plaintext transmitted to the secure firmware is as follows:
EF7E09B382945F7731A6DDC83EBCAD5E53C345F1D9275D1B1118B564A952B382。
of course, the privacy information, preset key information, cipher text, and the like provided above are merely exemplary and are not limitations of the present disclosure.
It should be noted that, in the embodiment of the present disclosure, the electronic apparatus 100 may include more or less modules, and the connection relationship between the modules is not limited and may be determined according to actual requirements. The specific configuration of each module is not limited.
It should be noted that, in the embodiments of the present disclosure, specific implementation manners and technical effects related to the electronic device 100, a design method of an integrated circuit, a manufacturing method of the integrated circuit, and an operation method of a product of the integrated circuit may all refer to related contents mutually, and are not described herein again.
The modules in the above embodiments of the present disclosure may be respectively configured as software, hardware, firmware or any combination of the above for performing specific functions. For example, the modules may correspond to an application specific integrated circuit, to pure software code, or to a combination of software and hardware.
It should be noted that, although the electronic device 100 is described as being divided into modules for respectively executing corresponding processes, it is clear to those skilled in the art that the processes executed by the modules may also be executed without any specific division of the modules by the electronic device 100 or explicit demarcation between the modules.
Fig. 13 is a schematic structural diagram of an electronic device provided in at least one embodiment of the present disclosure, where the electronic device 200 includes a processor 210 and a memory 220, where the memory 220 stores a computer program, and when the computer program is executed by the processor 210, the method for designing or operating the electronic device in at least some embodiments of the present disclosure is implemented.
The electronic devices in the embodiments of the present disclosure may include, but are not limited to, mobile terminals such as notebook computers, tablet computers, and the like, and stationary terminals such as desktop computers and the like. The electronic device shown in fig. 13 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present disclosure.
For example, the processes described above with reference to the flowcharts may be implemented as computer software programs, according to embodiments of the present disclosure. For example, embodiments of the present disclosure include a computer program product comprising a computer program carried on a non-transitory computer readable medium, the computer program containing program code for performing the method illustrated by the flow chart. The computer program, when executed by a processor, performs a method of designing or operating the disclosed embodiments.
It should be noted that the computer readable medium of the present disclosure may be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In embodiments of the disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In embodiments of the present disclosure, however, a computer readable signal medium may comprise a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: electrical wires, optical cables, RF (radio frequency), etc., or any suitable combination of the foregoing.
The computer readable medium may be embodied in the electronic device; or may exist separately without being assembled into the electronic device.
It should be noted that, in the embodiment of the present disclosure, reference may be made to the above description on the design method or the operation method for specific functions and technical effects of the electronic device 200, and details are not described herein again.
The following points need to be explained:
(1) The drawings of the embodiments of the disclosure only relate to the structures related to the embodiments of the disclosure, and other structures can refer to common designs.
(2) Without conflict, embodiments of the present disclosure and features of the embodiments may be combined with each other to arrive at new embodiments.
The above description is only a specific embodiment of the present disclosure, but the scope of the present disclosure is not limited thereto, and the scope of the present disclosure should be subject to the scope of the claims.
Claims (29)
1. An electronic device, comprising:
a key pre-storage unit configured to store pre-set key information solidified in an integrated circuit design process;
the ciphertext storage unit is configured to store ciphertext obtained by encrypting by using the preset key information;
and the decryption processing module is configured to decrypt the ciphertext based on the preset key information.
2. The electronic device of claim 1,
the decryption processing module includes a first decryption processing unit configured to extract the preset key information and decrypt the ciphertext using the preset key information.
3. The electronic device of claim 1, further comprising a mapping module, wherein the ciphertext storage unit is further configured to store mapping information,
the mapping module is configured to map the preset key information based on the mapping information to obtain mapped mapping key information.
4. The electronic device of claim 3,
the decryption processing module includes a second decryption processing unit configured to extract the mapping key information and decrypt the ciphertext using the mapping key information.
5. The electronic device of claim 4,
the second decryption processing unit includes a secure firmware configured to read the mapping key information and the ciphertext, and decrypt the ciphertext using the mapping key information to obtain a plaintext.
6. The electronic device of claim 3, wherein the mapping module comprises a multiplexer and a selector,
the multiplexer is configured to rearrange the preset key information to obtain arranged key information;
the selector is configured to select a plurality of bit widths for the arrangement key information to obtain the mapping key information.
7. The electronic device of claim 3,
the preset key information includes a hard code of N1 bits, the hard code includes M groups of preset keys of N2 bits, where M is an integer greater than 1, and N1= M × N2.
8. The electronic device of claim 7,
the mapping information includes at least one of: a start bit in the hard-coded N1 bits, a bit step per jump, direction information from high to low or low to high bits, a start offset of selected N3 bits, wherein N3 is less than N1.
9. The electronic device of claim 1, wherein the ciphertext storage unit comprises a one-time programmable memory.
10. A method of designing an integrated circuit, comprising:
acquiring preset key information;
designing a key pre-storage unit in the integrated circuit, and solidifying the preset key information in the key pre-storage unit of the integrated circuit;
design information for the integrated circuit is provided for use in manufacturing a product for the integrated circuit.
11. The design method of claim 10, wherein consolidating the preset key information in a key pre-storage unit of the integrated circuit comprises:
and in the stage of a register conversion stage circuit in the integrated circuit design process, the preset key information is solidified in the key prestoring unit.
12. The designing method of claim 10, wherein the obtaining of the preset key information includes:
generating M groups of preset keys of N2 bits to obtain hard-coded N1 bits, thereby generating the preset key information, where M is an integer greater than 1, and N1= M × N2.
13. The design method of claim 11, further comprising:
and responding to the register conversion stage circuit in wiring, and dispersedly arranging the preset key information.
14. A method of manufacturing an integrated circuit, comprising:
acquiring design information of the integrated circuit obtained by the design method according to any one of claims 10 to 13;
and acquiring at least one product of the integrated circuit through tape-out based on the design information.
15. The manufacturing method of claim 14, further comprising:
acquiring privacy information to be protected, and encrypting the privacy information by using the preset key information to acquire a ciphertext;
and programming the ciphertext to a ciphertext storage unit of a product of the integrated circuit.
16. The manufacturing method of claim 15, further comprising:
and programming mapping information for decrypting the ciphertext to the ciphertext storage unit.
17. A method of operation of an integrated circuit product, comprising:
obtaining a product of the integrated circuit obtained by the manufacturing method according to claim 15;
the preset key information is extracted and used to decrypt the ciphertext in a ciphertext storage unit of a product of the integrated circuit.
18. A method of operation of an integrated circuit product, comprising:
obtaining a product of the integrated circuit obtained by the manufacturing method according to claim 16;
and decrypting the ciphertext in a ciphertext storage unit of a product of the integrated circuit based on the preset key information and the mapping information.
19. The method of operation of claim 18, wherein decrypting the ciphertext in the ciphertext storage unit of the product of the integrated circuit based on the preset key information and the mapping information comprises:
mapping the preset key information based on the mapping information to obtain mapped mapping key information;
extracting the mapping key information, and decrypting the ciphertext using the mapping key information.
20. The operating method of claim 19, wherein extracting the mapping key information and decrypting the ciphertext using the mapping key information comprises:
and reading the mapping key information and the ciphertext through the security firmware, and decrypting the ciphertext by using the mapping key information to obtain a plaintext.
21. The operating method of claim 19, wherein mapping the preset key information based on the mapping information, and obtaining mapped mapping key information comprises:
rearranging the preset key information to obtain the arranged key information;
and selecting the bit width of the configuration key information to obtain the mapping key information.
22. The method of operation of claim 18,
the preset key information comprises N1-bit hard code, and the hard code comprises M groups of N2-bit preset keys, wherein M is an integer greater than 1, and N1= M × N2;
the mapping information includes at least one of: a start bit in the hard-coded N1 bits, a bit step per jump, direction information from high to low or low to high bits, a start offset of selected N3 bits, wherein N3 is less than N1.
23. The operating method of claim 22, wherein mapping the preset key information based on the mapping information to obtain mapped mapping key information comprises:
rearranging the preset key information based on the start bit in the hard-coded N1 bit, the bit step length of each jump and the direction information to obtain arranged key information;
and selecting the bit width of the distribution key information based on the selected starting offset of the N3 bits to obtain the mapping key information.
24. The method of operation of claim 18, wherein decrypting the ciphertext in the ciphertext storage unit of the product of the integrated circuit based on the preset key information and the mapping information comprises:
and decrypting the ciphertext through a symmetric cryptographic algorithm to obtain a plaintext.
25. The method of operation of claim 18,
the privacy information includes: at least one of a root key of a user, factory debugging parameters of equipment operation, power supply configuration information and working frequency configuration information.
26. The method of operation of claim 20, wherein reading the mapping key information and the ciphertext by secure firmware comprises:
and the security firmware sends an access request to a storage space where the mapping key information is located according to a target storage access address to read the mapping key information, wherein the target storage access address is configured to be uniquely used by the security firmware.
27. The method of operation of claim 20, wherein reading the mapping key information and the ciphertext by secure firmware comprises:
and responding to the access information acquired by the security firmware based on the sent access request, wherein the access information comprises the mapping key information, and the product of the integrated circuit is started normally.
28. An electronic device, comprising:
a processor and a memory, wherein the processor is capable of processing a plurality of data,
wherein the memory has stored thereon a computer program which, when executed by the processor, implements the design method of any one of claims 10 to 13 or the operating method of any one of claims 17 to 27.
29. A computer-readable storage medium, wherein the storage medium has stored therein a computer program which, when executed by a processor, implements the design method of any one of claims 10 to 13 or the operating method of any one of claims 17 to 27.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211338940.2A CN115694805A (en) | 2022-10-28 | 2022-10-28 | Electronic device, integrated circuit design and manufacturing method and product operation method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211338940.2A CN115694805A (en) | 2022-10-28 | 2022-10-28 | Electronic device, integrated circuit design and manufacturing method and product operation method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115694805A true CN115694805A (en) | 2023-02-03 |
Family
ID=85045677
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211338940.2A Pending CN115694805A (en) | 2022-10-28 | 2022-10-28 | Electronic device, integrated circuit design and manufacturing method and product operation method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115694805A (en) |
-
2022
- 2022-10-28 CN CN202211338940.2A patent/CN115694805A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8543838B1 (en) | Cryptographic module with secure processor | |
| CN101401105B (en) | Encryption apparatus and method for providing an encrypted file system | |
| CN106301774B (en) | Safety chip, its encryption key generation method and encryption method | |
| TWI493951B (en) | Systems and methods for protecting symmetric encryption keys | |
| CN108475237A (en) | Storage operation is encrypted | |
| TW201812638A (en) | Storage design method of blockchain encrypted radio frequency chip | |
| US11308241B2 (en) | Security data generation based upon software unreadable registers | |
| CN101309138A (en) | Encryption-based security protection method for processor and apparatus thereof | |
| CN103562922A (en) | Establishing unique key during chip manufacturing | |
| CN103345609A (en) | Method and device for text encryption and decryption | |
| US10565381B2 (en) | Method and apparatus for performing firmware programming on microcontroller chip, and associated microcontroller chip | |
| CN107315966B (en) | Solid state disk data encryption method and system | |
| JP6533553B2 (en) | Encryption / decryption device and power analysis protection method therefor | |
| CN112612486B (en) | Memory burning method and device and chip to be burned | |
| CN112989356A (en) | Blank security chip burning method and system, blank security chip and storage medium | |
| CN109687966A (en) | Encryption method and its system | |
| CN103853943A (en) | Program protection method and device | |
| CN108667598B (en) | Device and method for realizing secure key exchange and secure key exchange method | |
| WO2020078804A1 (en) | Puf based securing of device update | |
| US20220198068A1 (en) | Privacy-enhanced computation via sequestered encryption | |
| JP2007251783A (en) | Scrambling/descrambling method of data-to-be-processed of semiconductor device, its program, scrambling/descrambling circuit, and semiconductor device provided with them | |
| CN109598105A (en) | A kind of microcontroller is safely loaded with the method, apparatus, computer equipment and storage medium of firmware | |
| CN111130784B (en) | Key generation method and device, CPU chip and server | |
| CN110932853A (en) | Key management device and key management method based on trusted module | |
| CN115694805A (en) | Electronic device, integrated circuit design and manufacturing method and product operation method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Country or region after: China Address after: 201100 room 1302, 13 / F, building 16, No. 2388, Chenhang highway, Minhang District, Shanghai Applicant after: Shanghai Bi Ren Technology Co.,Ltd. Address before: 201100 room 1302, 13 / F, building 16, No. 2388, Chenhang highway, Minhang District, Shanghai Applicant before: Shanghai Bilin Intelligent Technology Co.,Ltd. Country or region before: China |
|
| CB02 | Change of applicant information |