CN116150824A - Anti-cracking method and device for chip security data, chip and storage medium - Google Patents
Anti-cracking method and device for chip security data, chip and storage medium Download PDFInfo
- Publication number
- CN116150824A CN116150824A CN202310195795.5A CN202310195795A CN116150824A CN 116150824 A CN116150824 A CN 116150824A CN 202310195795 A CN202310195795 A CN 202310195795A CN 116150824 A CN116150824 A CN 116150824A
- Authority
- CN
- China
- Prior art keywords
- data
- chip
- encrypted
- identification
- cracking
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/72—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the application provides an anti-cracking method and device for chip security data, a chip and a storage medium, and relates to the field of chip security. The chip is provided with an SRAM connected with the power supply battery, the SRAM is used for storing the encrypted safety data and passively losing the encrypted safety data under the condition that the power supply of the power supply battery is disconnected, and the chip is also provided with a corresponding relation among the encrypted safety data, the identification bit and the decryption secret key; the chip can acquire the identification data corresponding to the identification bit of the chip under the conditions that the chip is electrified and the SRAM does not passively lose the encrypted safety data; and determining the encrypted safety data in the cracking state according to the identification data, the identification bits and the corresponding relation, and deleting a decryption key corresponding to the encrypted safety data in the cracking state so as to prevent the encrypted safety data from being cracked. By the method, the cracking prevention degree of the chip can be improved, and the safety of the chip is further improved.
Description
Technical Field
The present disclosure relates to the field of chip security, and in particular, to a method, an apparatus, a chip, and a storage medium for preventing cracking of chip security data.
Background
At present, in order to realize the anti-cracking of the chip, the security data in the memory is often encrypted to prevent the external device from reading the security data so as to crack the chip, but the method has the problem of low anti-cracking degree, so that the security of the chip is poor.
Disclosure of Invention
In view of this, the present application aims to provide a method, a device, a chip and a storage medium for preventing chip security data from being cracked, so as to solve the problem in the prior art that the chip security is poor due to the low degree of chip cracking prevention.
In order to achieve the above purpose, the technical solution adopted in the embodiment of the present application is as follows:
in a first aspect, the present application provides a method for preventing cracking of chip security data, applied to a chip, where an SRAM connected to a power supply battery is provided in the chip, where the SRAM is configured to store encrypted security data and passively lose the encrypted security data when the power supply of the power supply battery is disconnected, and where a correspondence between the encrypted security data, an identification bit, and a decryption key is further stored in the chip, where the method includes:
under the condition that the chip is electrified and the SRAM does not passively lose the encrypted safety data, acquiring identification data corresponding to the identification bit of the chip; the identification data represents whether the encrypted safety data corresponding to the identification bit is in a cracking state or not;
and determining the encrypted safety data in a cracking state according to the identification data, the identification bits and the corresponding relation, and deleting a decryption key corresponding to the encrypted safety data in the cracking state so as to prevent the encrypted safety data from being cracked.
In an optional implementation manner, the encrypted security data is stored in the SRAM in a layered manner according to a cracking order, and the correspondence includes each layer of the encrypted security data, an identification bit corresponding to each layer of the encrypted security data, and a decryption key corresponding to each layer of the encrypted security data;
the step of determining the encrypted security data in the cracked state according to the identification data, the identification bits and the corresponding relation, and deleting the decryption key corresponding to the encrypted security data in the cracked state, comprises the following steps:
according to the first-to-last cracking order, determining whether the encrypted safety data corresponding to the identification bit is in a cracking state or not according to the identification data corresponding to one identification bit each time;
if the corresponding encrypted safety data is not in a cracking state, stopping executing the step of determining whether the corresponding encrypted safety data is in a cracking state or not according to the identification data corresponding to one identification bit each time according to the cracking sequence from first to last;
if the corresponding encrypted safety data is in a cracking state, deleting a decryption key corresponding to the encrypted safety data in the cracking state according to the identification bit and the corresponding relation, and determining whether the corresponding encrypted safety data is in the cracking state according to the identification data corresponding to the next identification bit until determining whether all the encrypted safety data are in the cracking state.
In an optional embodiment, the determining, according to the identification data corresponding to one of the identification bits, whether the encrypted security data corresponding to the identification bit is in a cracked state includes:
if the identification data are preset data, determining that the encrypted safety data corresponding to the identification bit are in a cracking state;
if the identification data is not the preset data, determining that the encrypted safety data corresponding to the identification bit is not in a cracking state.
In an alternative embodiment, the method further comprises:
and if the identification data is not the factory identification data, determining that the chip is in a data interference abnormal state.
In an alternative embodiment, the method further comprises:
and if the encrypted security data in the SRAM are not in a cracking state, determining that the chip is in a security state.
In an alternative embodiment, the method further comprises:
under the condition that the chip is in a safe state and receives an operation instruction, acquiring target encrypted safe data from the SRAM according to the operation instruction;
acquiring a target decryption key corresponding to the target encryption security data according to the target encryption security data and the corresponding relation;
and decrypting the target encrypted safety data according to the target decryption secret key to obtain target safety data, and operating according to the target safety data.
In an optional embodiment, before acquiring the identification data corresponding to the identification bit of the chip, the method further includes:
and under the condition that the power supply of the power supply battery is disconnected, determining that the SRAM passively loses the encrypted security data.
In a second aspect, the present application provides an anti-cracking device for chip security data, applied to a chip, where an SRAM connected to a power supply battery is provided in the chip, where the SRAM is configured to store encrypted security data and passively lose the encrypted security data when the power supply of the power supply battery is disconnected, and where a correspondence between the encrypted security data, an identification bit, and a decryption key is further stored in the chip, where the device includes:
the acquisition module is used for acquiring the identification data corresponding to the identification bit of the chip under the condition that the chip is electrified and the SRAM does not passively lose the safety data; the identification data represents whether the encrypted safety data corresponding to the identification bit is in a cracking state or not;
and the anti-cracking module is used for determining the encrypted safety data in a cracking state according to the identification data, the identification bits and the corresponding relation, and deleting a decryption key corresponding to the encrypted safety data in the cracking state so as to prevent the encrypted safety data from being cracked.
In a third aspect, the present application provides a chip comprising a processor and a memory, the memory storing a computer program executable by the processor, the processor being executable to implement the method of any of the preceding embodiments.
In a fourth aspect, the present application provides a computer-readable storage medium, having stored thereon a computer program which, when executed by a processor, implements a method according to any of the preceding embodiments.
According to the anti-cracking method, the anti-cracking device, the anti-cracking chip and the anti-cracking storage medium for the chip safety data, provided by the embodiment of the invention, the chip is provided with an SRAM (Static Random-Access Memory) connected with a power supply battery, and the encrypted safety data is stored in the SRAM, when the chip is damaged and the power supply battery is disconnected, the SRAM can passively lose the stored encrypted safety data due to the characteristic of volatile data of the SRAM, so that the external data is prevented from acquiring the encrypted safety data; in addition, if the chip is electrified and the SRAM does not passively lose the encrypted safety data, the chip can determine the encrypted safety data in a cracked state according to the identification data corresponding to the identification bit, the identification bit and the corresponding relation, so that a decryption key corresponding to the encrypted safety data in the cracked state is deleted, at the moment, the external equipment cannot acquire the decryption key, and the encrypted safety data is decrypted to obtain the safety data, so that the anti-cracking degree of the chip can be improved, and the safety of the chip is further improved.
In order to make the above objects, features and advantages of the present application more comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the embodiments will be briefly described below, it being understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered limiting the scope, and that other related drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 shows a block schematic diagram of a chip provided by an embodiment of the present application;
fig. 2 is a schematic flow chart of a method for preventing chip security data from being cracked according to an embodiment of the present application;
fig. 3 is another flow chart of a method for preventing cracking of chip security data according to an embodiment of the present application;
FIG. 4 is a functional block diagram of a device for preventing chip security data from being broken according to an embodiment of the present application;
fig. 5 shows another functional block diagram of a chip security data cracking prevention device according to an embodiment of the present application.
Icon: 10-chip; 100-memory; 110-a processor; 120-a communication module; 200-an acquisition module; 210-a cracking prevention module; 220-run module.
Detailed Description
The following description of the embodiments of the present application will be made clearly and completely with reference to the drawings in the embodiments of the present application, and it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments. The components of the embodiments of the present application, which are generally described and illustrated in the figures herein, may be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the present application, as provided in the accompanying drawings, is not intended to limit the scope of the application, as claimed, but is merely representative of selected embodiments of the application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present application without making any inventive effort, are intended to be within the scope of the present application.
It is noted that relational terms such as "first" and "second", and the like, are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
Fig. 1 is a block diagram of a chip 10 according to an embodiment of the present application, and referring to fig. 1, the chip includes a memory 100, a processor 110, and a communication module 120. The memory 100, the processor 110, and the communication module 120 are electrically connected directly or indirectly to each other to realize data transmission or interaction. For example, the components may be electrically connected to each other via one or more communication buses or signal lines.
Wherein the memory 100 is used for storing programs or data. The Memory 100 may be, but is not limited to, random access Memory (Random Access Memory, RAM), read Only Memory (ROM), programmable Read Only Memory (Programmable Read-Only Memory, PROM), erasable Read Only Memory (Erasable Programmable Read-Only Memory, EPROM), electrically erasable Read Only Memory (Electric Erasable Programmable Read-Only Memory, EEPROM), etc.
The processor 110 is used to read/write data or programs stored in the memory and perform corresponding functions.
The communication module 120 is used for establishing communication connection between the chip and other communication terminals through a network, and for transceiving data through the network.
Optionally, a power battery and an SRAM are further disposed in the chip 10, where the power battery is electrically connected to the SRAM, and it is understood that the power battery may supply power to the SRAM.
Alternatively, the power supply battery may be a button battery; the SRAM stores therein encrypted security data. It can be understood that the encrypted security data is security data required for normal operation of the encrypted chip.
Optionally, a Flash storage area may be further provided in the chip, for storing a decryption key corresponding to the encrypted security data.
Optionally, the chip further stores a correspondence between the encrypted security data, the identification bits, and the decryption key.
Alternatively, the identification bits may be set in advance and stored in the chip, and the number of the identification bits may be one or more. In one possible implementation, the encrypted secure data may be stored in multiple partitions, in which case the number of identification bits may be consistent with the number of partitions into which the encrypted secure data is divided, and each of the encrypted secure data may be associated with a decryption key, where different decryption keys may also be stored in a Flash memory region.
It can be understood that the identification bits and each encrypted piece of security data can be in one-to-one correspondence or one-to-many correspondence, and can be specifically set according to actual conditions; similarly, each encrypted secure data and the decryption key may be in a one-to-one correspondence, or may be in a relationship that one decryption key can decrypt multiple encrypted secure data, and may be specifically set according to practical situations.
It should be understood that the structure shown in fig. 1 is merely a schematic diagram of a chip, and that a chip may also include more or fewer components than shown in fig. 1, or have a different configuration than shown in fig. 1. The components shown in fig. 1 may be implemented in hardware, software, or a combination thereof.
Optionally, the embodiment of the present application further provides a computer readable storage medium, on which a computer program is stored, where the computer program can implement the method for preventing cracking of chip security data provided by the embodiment of the present application when the computer program is executed by a processor.
Next, the chip in fig. 1 is taken as an execution body, and the method for preventing cracking of the chip security data provided in the embodiment of the present application is described by way of example with reference to a flowchart. Specifically, fig. 2 is a flow chart of a method for preventing cracking of chip security data provided in an embodiment of the present application, referring to fig. 2, the method includes:
step S20, under the condition that the chip is electrified and the SRAM does not passively lose the encrypted safety data, acquiring the identification data corresponding to the identification bit of the chip;
the identification data represents whether the encrypted safety data corresponding to the identification bit is in a cracking state or not;
optionally, the protection shell of the chip needs to be damaged when the external device breaks the chip, and the circuit inside the chip is cut or modified by the probe, so that the circuit structure inside the chip may be damaged, and the power supply of the power supply battery is disconnected.
Meanwhile, when the external device breaks the chip, for example, the probe of the upper base station detects the chip, the chip cannot be powered off, so that static electricity can be generated, and the static electricity can influence the circuit inside the chip, so that the power supply of the power supply battery is disconnected.
It can be understood that the SRAM passively loses the encrypted security data when the power supply of the power supply battery is disconnected, and can be used as a passive protection method for the chip to be cracked, and if the encrypted security data in the SRAM is determined not to be passively lost, an active protection method can be adopted, and at this time, the identification data corresponding to the identification bit of the chip needs to be acquired first.
Optionally, after the chip is powered on, whether the encrypted security data in the SRAM is lost passively is first determined, and if not, the identification data corresponding to the identification bit of the chip is acquired. In one possible implementation manner, a security protection circuit may be disposed in the chip, and the chip may obtain the identification data corresponding to the identification bit through the security protection circuit.
Optionally, the identification data corresponding to the identification bit is fixed factory identification data when the chip is shipped, and if the chip is tried to be cracked or interfered later, the identification data corresponding to the identification bit is correspondingly changed.
In this embodiment, the chip needs to acquire the identification data corresponding to all the identification bits, for example, if 4 identification bits, i.e., flag1, flag2, flag3, and flag4, can be set in the chip, then the chip can acquire the identification data corresponding to each of flag1, flag2, flag3, and flag 4.
Step S21, according to the identification data, the identification bits and the corresponding relation, the encrypted safety data in the cracking state is determined, and the decryption key corresponding to the encrypted safety data in the cracking state is deleted, so that the encrypted safety data is prevented from being cracked.
Optionally, the chip may determine that the encrypted security data in the cracked state is obtained or may not determine the encrypted security data in the cracked state according to the identification data, the identification bits and the correspondence, and it may be understood that if the encrypted security data in the cracked state cannot be determined, the chip is in the secure state at this time.
In this embodiment, after the chip determines the encrypted secure data in the cracked state, the decryption key corresponding to the encrypted secure data in the cracked state is deleted, and since the external device needs to obtain the encrypted secure data and the corresponding key in the chip when cracking the chip, after deleting the decryption key corresponding to the encrypted secure data in the cracked state, the external device cannot obtain the corresponding decryption key to decrypt the encrypted secure data, so that cracking of the chip cannot be achieved.
According to the anti-cracking method for the chip safety data, the SRAM connected with the power supply battery is arranged in the chip, the encrypted safety data are stored in the SRAM, and when the chip is damaged and the power supply battery is disconnected, the SRAM can passively lose the stored encrypted safety data due to the characteristic of the volatile data, so that the external data are prevented from acquiring the encrypted safety data; in addition, if the chip is electrified and the SRAM does not passively lose the safety data, the chip can determine the encrypted safety data in a cracked state according to the identification data corresponding to the identification bit, the identification bit and the corresponding relation, so that a decryption key corresponding to the encrypted safety data in the cracked state is deleted, at the moment, the external equipment cannot acquire the decryption key, and the encrypted safety data is decrypted to obtain the safety data, so that the chip cracking prevention degree can be improved, and the chip safety is further improved.
Alternatively, the chip may determine whether the SRAM passively loses the encrypted security data by determining whether the power supply battery is powered off, or whether the corresponding encrypted security data is available. That is, the chip may determine that the SRAM passively loses the encrypted security data when the power supply of the power supply battery is disconnected, or may attempt to invoke the corresponding encrypted security data, and determine that the SRAM passively loses the encrypted security data when the corresponding encrypted security data cannot be obtained.
In one possible implementation, the chip may first obtain the identification data corresponding to all the identification bits, and then determine the security data in a cracked state according to each identification data, so as to delete the corresponding decryption key.
For example, the chip has three identification bits, which correspond to the security data stored in the three partitions and the three decryption keys, respectively, so that the chip can obtain the identification data corresponding to the three identification bits, determine that the security data in the cracked state is the first security data and the third security data, and in this case, the chip can delete the decryption key corresponding to the first security data and the decryption key corresponding to the third security data.
In another possible implementation manner, in order to improve the anti-cracking efficiency of the chip and save electric energy, the encrypted security data may be stored in the SRAM layer by layer according to the cracking sequence, and then the chip may determine whether the encrypted security data is in a cracked state layer by layer, and delete the decryption key of the encrypted security data in the cracked state layer by layer.
Specifically, fig. 3 is a schematic flow chart of another method for preventing cracking of chip security data provided in the embodiment of the present application on the basis of fig. 2, please refer to fig. 3, in the above step S21, the encrypted security data in a cracked state is determined according to the identification data, the identification bits and the correspondence, and the decryption key corresponding to the encrypted security data in the cracked state is deleted, which may also be implemented by the following steps:
step S21-1, determining whether encrypted safety data corresponding to an identification bit is in a cracking state or not according to the identification data corresponding to the identification bit every time according to a cracking sequence from first to last;
optionally, the encrypted security data may be stored in layers according to the order of the data obtained when the chip is cracked under normal conditions, where the cracked data is first used as top layer data, and then the cracked data may be used as bottom layer data.
In this embodiment, the chip may determine, layer by layer, according to the identification data corresponding to the identification bits, whether the encrypted security data corresponding to the identification bits is in a cracked state according to the order from the top layer data to the bottom layer data.
Step S21-2, if the corresponding encrypted safety data is not in a cracking state, stopping executing the step of determining whether the corresponding encrypted safety data is in a cracking state according to the first-to-last cracking sequence according to the identification data corresponding to one identification bit each time;
optionally, since the judging order is a first-to-last cracking order, if it is determined that the encrypted security data is not in a cracking state according to the identification data corresponding to the identification bit corresponding to the encrypted security data of a certain layer, the encrypted security data after description is not in the cracking state, so that the judgment is not needed.
And S21-3, if the corresponding encrypted safety data is in a cracking state, deleting a decryption key corresponding to the encrypted safety data in the cracking state according to the identification bit and the corresponding relation, and determining whether the corresponding encrypted safety data is in the cracking state according to the identification data corresponding to the next identification bit until determining whether all the encrypted safety data are in the cracking state.
Optionally, if the corresponding encrypted security data is in a decrypted state, the chip may delete the decryption key corresponding to the encrypted security data in the decrypted state according to the identification bit and the corresponding relationship.
Optionally, since the judging order is a first-to-last cracking order, if the encrypted security data of the layer is in a cracking state, it is necessary to continuously determine whether the next layer of security data is in a cracking state until the encrypted security data of a certain layer is not in a cracking state, or determine whether all the encrypted security data are in a cracking state. Optionally, if the number of identification bits in the chip is 4, and the corresponding encrypted security data are respectively flag1, flag2, flag3, and flag4 arranged from first to last according to the cracking order, the chip may first determine whether the corresponding encrypted security data is in a cracking state according to the identification data corresponding to the identification bit flag 1.
If the encrypted security data corresponding to the identification bit flag1 is in a cracking state, deleting the decryption key corresponding to the flag1, and then continuing to determine whether the encrypted security data corresponding to the identification bit flag2 is in the cracking state or not according to the identification data corresponding to the identification bit flag 2.
If the encrypted security data corresponding to the identification bit flag2 is in a cracking state, deleting the decryption key corresponding to the flag2, determining whether the encrypted security data corresponding to the identification bit flag2 is in the cracking state, and so on until determining whether the encrypted security data corresponding to the identification bit flag4 is in the cracking state.
It can be understood that if the encrypted secure data corresponding to the flag4 is in a decrypted state, after deleting the decryption key corresponding to the flag4, all the decryption keys in the chip are deleted.
In this example, if the encrypted security data corresponding to the flag2 is not in the cracked state, the judging process may be exited, and whether the encrypted security data corresponding to the flag3 and the flag4 is in the cracked state is not determined.
It can be understood that at this time, since the decryption key corresponding to the flag1 is deleted, the chip cannot operate normally, and in this case, the chip may send an error signal for the operator to check.
Optionally, the preset data may be set in advance to determine whether the encrypted security data corresponding to the identification bit is in a cracked state, in which case, if the identification data is the preset data, the encrypted security data corresponding to the identification bit is determined to be in a cracked state; if the identification data is not the preset data, determining that the encrypted safety data corresponding to the identification bit is not in a cracking state.
Alternatively, the preset data may be set according to actual situations, and in one possible implementation, the preset data may be SRAM factory original data, for example, 0xFF.
Alternatively, since data in the SRAM may be abnormal when it is interfered by external such as ESD (Electro-Static discharge), even if the encrypted security data corresponding to the identification bit is not in a cracked state, the data may be in an abnormal state, and since each identification bit is set as factory identification data when it is shipped, if the identification data is not the factory identification data at this time, it may be determined that the chip is in an abnormal state due to data interference.
Optionally, if the chip is in the abnormal state of data interference, the identification data corresponding to the identification bit is neither preset data nor factory identification data, and should be a random number, and at this time, the corresponding encrypted security data may also be a random number, and in this case, the chip may enter a self-locking state, so as to stop using.
Optionally, if it is determined that the encrypted security data in the SRAM is not in a cracked state according to the identification data, the identification bit, and the correspondence, then it is determined that the chip is in a secure state.
In one possible implementation manner, the chip may first obtain the identification data corresponding to all the identification bits, then determine the security data in the cracked state according to each identification data, and if the security data corresponding to each identification data is not in the cracked state, determine that the chip is in the security state.
In another possible implementation, if the encrypted security data may be stored in the SRAM in a layer by layer in a hacking order, the chip may determine that the chip is in a secure state if the top-level encrypted security data is not in a hacked state.
It can be appreciated that in the secure state, the chip can operate normally according to the received operation instruction, that is, the method further includes:
under the condition that the chip is in a safe state and receives an operation instruction, acquiring target encrypted safety data from the SRAM according to the operation instruction; acquiring a target decryption key corresponding to the target encryption security data according to the target encryption security data and the corresponding relation; and decrypting the target encrypted safety data according to the target decryption key to obtain target safety data, and operating according to the target safety data.
Optionally, the operation instruction is used for indicating the chip to operate, where the operation instruction carries storage information or attribute information of the target encrypted security data, for example, a data name or a storage address of the target encrypted security data, and the chip may obtain the target encrypted security data from the SRAM according to the operation instruction, and decrypt the target encrypted security data according to a target decryption key corresponding to the target encrypted security data, so as to obtain the target security data to operate normally according to the operation instruction.
Optionally, in some devices, the encrypted security data is also used to perform a run check. In one example, the chip may obtain the encrypted security data stored in the SRAM and the corresponding decryption key under the condition of being in the secure state, and input the encrypted security data and the corresponding decryption key to the operation module in the chip to perform the weighted operation, thereby obtaining the unique verification data and performing verification with the device.
In order to perform the corresponding steps in the above embodiments and the various possible ways, an implementation of a device for preventing cracking of chip security data is given below. Further, referring to fig. 4, fig. 4 is a functional block diagram of an apparatus for preventing chip security data from being cracked according to an embodiment of the present application. It should be noted that, the basic principle and the technical effects of the anti-cracking device for chip security data provided in this embodiment are the same as those of the foregoing embodiments, and for brevity, reference may be made to the corresponding contents of the foregoing embodiments. The anti-cracking device for the chip safety data comprises: the acquisition module 200 and the anti-hacking module 210.
The acquiring module 200 is configured to acquire identification data corresponding to an identification bit of the chip when the chip is powered on and the SRAM does not passively lose the security data; the identification data represents whether the encrypted safety data corresponding to the identification bit is in a cracking state or not;
it is understood that the obtaining module 200 may be configured to perform the step S20 described above;
the anti-cracking module 210 is configured to determine the encrypted security data in a cracked state according to the identification data, the identification bits, and the correspondence, and delete a decryption key corresponding to the encrypted security data in the cracked state, so as to prevent the encrypted security data from being cracked.
It is understood that the anti-cracking module 210 may be configured to perform the step S21.
Optionally, the anti-cracking module 210 is further configured to determine, according to a first-to-last cracking order, whether the encrypted security data corresponding to the identification bit is in a cracked state according to the identification data corresponding to the identification bit each time; if the corresponding encrypted safety data is not in a cracking state, stopping executing the step of determining whether the corresponding encrypted safety data is in a cracking state according to the first-to-last cracking order according to the identification data corresponding to one identification bit each time; if the corresponding encrypted safety data is in the cracking state, deleting the decryption key corresponding to the encrypted safety data in the cracking state according to the identification bit and the corresponding relation, and determining whether the corresponding encrypted safety data is in the cracking state according to the identification data corresponding to the next identification bit until determining whether all the encrypted safety data are in the cracking state.
It is understood that the anti-cracking module 210 can also be used to perform the steps S21-1 to S21-3 described above.
Optionally, the anti-cracking module 210 is further configured to determine that the encrypted security data corresponding to the identification bit is in a cracked state if the identification data is preset data; if the identification data is not the preset data, determining that the encrypted safety data corresponding to the identification bit is not in a cracking state.
Optionally, the anti-cracking module 210 is further configured to determine that the chip is in a data interference abnormal state if the identification data is not factory identification data.
Optionally, the anti-cracking module 210 is further configured to determine that the chip is in a secure state if none of the encrypted secure data in the SRAM is in a cracked state.
Optionally, on the basis of fig. 4, fig. 5 is another functional block diagram of a device for preventing cracking of chip security data provided in an embodiment of the present application, where the device for preventing cracking of chip security data further includes: the module 220 is run.
Optionally, the operation module 220 is further configured to obtain, when the chip is in a secure state and an operation instruction is received, target encrypted secure data from the SRAM according to the operation instruction; acquiring a target decryption key corresponding to the target encryption security data according to the target encryption security data and the corresponding relation; and decrypting the target encrypted safety data according to the target decryption key to obtain target safety data, and operating according to the target safety data.
Optionally, the obtaining module 200 is further configured to determine that the SRAM passively loses the encrypted security data when the power supply is disconnected.
According to the anti-cracking device for the chip safety data, provided by the embodiment of the application, the SRAM connected with the power supply battery is arranged in the chip, the encrypted safety data are stored in the SRAM, and when the chip is damaged and the power supply battery is disconnected, the SRAM can passively lose the stored encrypted safety data due to the characteristic of the volatile data, so that the external data are prevented from acquiring the encrypted safety data; in addition, under the condition that the acquisition module is electrified on the chip and the SRAM does not passively lose the safety data, acquiring the identification data corresponding to the identification bit of the chip; the identification data represents whether the encrypted safety data corresponding to the identification bit is in a cracking state or not; the anti-cracking module determines the encrypted safety data in a cracked state according to the identification data, the identification bits and the corresponding relation, and deletes the decryption key corresponding to the encrypted safety data in the cracked state so as to prevent the encrypted safety data from being cracked.
In the several embodiments provided in this application, it should be understood that the disclosed apparatus and method may be implemented in other manners as well. The apparatus embodiments described above are merely illustrative, for example, flow diagrams and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, the functional modules in the embodiments of the present application may be integrated together to form a single part, or each module may exist alone, or two or more modules may be integrated to form a single part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The foregoing description is only of the preferred embodiments of the present application and is not intended to limit the same, but rather, various modifications and variations may be made by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principles of the present application should be included in the protection scope of the present application.
Claims (10)
1. The method is characterized in that the method is applied to a chip, an SRAM connected with a power supply battery is arranged in the chip, the SRAM is used for storing encrypted safety data and passively losing the encrypted safety data under the condition that the power supply of the power supply battery is disconnected, and the corresponding relation among the encrypted safety data, an identification bit and a decryption secret key is also stored in the chip, and the method comprises the following steps:
under the condition that the chip is electrified and the SRAM does not passively lose the encrypted safety data, acquiring identification data corresponding to the identification bit of the chip; the identification data represents whether the encrypted safety data corresponding to the identification bit is in a cracking state or not;
and determining the encrypted safety data in a cracking state according to the identification data, the identification bits and the corresponding relation, and deleting a decryption key corresponding to the encrypted safety data in the cracking state so as to prevent the encrypted safety data from being cracked.
2. The method according to claim 1, wherein the encrypted security data is stored in the SRAM in layers in a cracking order, and the correspondence includes each layer of the encrypted security data, an identification bit corresponding to each layer of the encrypted security data, and a decryption key corresponding to each layer of the encrypted security data;
the step of determining the encrypted security data in the cracked state according to the identification data, the identification bits and the corresponding relation, and deleting the decryption key corresponding to the encrypted security data in the cracked state, comprises the following steps:
according to the first-to-last cracking order, determining whether the encrypted safety data corresponding to the identification bit is in a cracking state or not according to the identification data corresponding to one identification bit each time;
if the corresponding encrypted safety data is not in a cracking state, stopping executing the step of determining whether the corresponding encrypted safety data is in a cracking state or not according to the identification data corresponding to one identification bit each time according to the cracking sequence from first to last;
if the corresponding encrypted safety data is in a cracking state, deleting a decryption key corresponding to the encrypted safety data in the cracking state according to the identification bit and the corresponding relation, and determining whether the corresponding encrypted safety data is in the cracking state according to the identification data corresponding to the next identification bit until determining whether all the encrypted safety data are in the cracking state.
3. The method according to claim 2, wherein determining whether the encrypted security data corresponding to the identification bit is in a cracked state according to the identification data corresponding to one of the identification bits comprises:
if the identification data are preset data, determining that the encrypted safety data corresponding to the identification bit are in a cracking state;
if the identification data is not the preset data, determining that the encrypted safety data corresponding to the identification bit is not in a cracking state.
4. A method according to claim 3, characterized in that the method further comprises:
and if the identification data is not the factory identification data, determining that the chip is in a data interference abnormal state.
5. The method according to claim 1, wherein the method further comprises:
and if the encrypted security data in the SRAM are not in a cracking state, determining that the chip is in a security state.
6. The method of claim 5, wherein the method further comprises:
under the condition that the chip is in a safe state and receives an operation instruction, acquiring target encrypted safe data from the SRAM according to the operation instruction;
acquiring a target decryption key corresponding to the target encryption security data according to the target encryption security data and the corresponding relation;
and decrypting the target encrypted safety data according to the target decryption secret key to obtain target safety data, and operating according to the target safety data.
7. The method of claim 1, wherein prior to obtaining the identification data corresponding to the identification bits of the chip, the method further comprises:
and under the condition that the power supply of the power supply battery is disconnected, determining that the SRAM passively loses the encrypted security data.
8. The utility model provides a chip safety data's anti-cracking device, its characterized in that is applied to the chip, be provided with the SRAM who is connected with the power supply battery in the chip, the SRAM is used for storing encryption safety data and under the circumstances that power supply battery power supply disconnection, the passive loss encryption safety data, still store in the chip the correspondence between encryption safety data, sign bit and the decryption secret key, the device includes:
the acquisition module is used for acquiring the identification data corresponding to the identification bit of the chip under the condition that the chip is electrified and the SRAM does not passively lose the safety data; the identification data represents whether the encrypted safety data corresponding to the identification bit is in a cracking state or not;
and the anti-cracking module is used for determining the encrypted safety data in a cracking state according to the identification data, the identification bits and the corresponding relation, and deleting a decryption key corresponding to the encrypted safety data in the cracking state so as to prevent the encrypted safety data from being cracked.
9. A chip comprising a processor and a memory, the memory storing a computer program executable by the processor, the processor being executable to implement the method of any one of claims 1-6.
10. A computer readable storage medium, on which a computer program is stored, which computer program, when being executed by a processor, implements the method according to any of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310195795.5A CN116150824A (en) | 2023-03-02 | 2023-03-02 | Anti-cracking method and device for chip security data, chip and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310195795.5A CN116150824A (en) | 2023-03-02 | 2023-03-02 | Anti-cracking method and device for chip security data, chip and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116150824A true CN116150824A (en) | 2023-05-23 |
Family
ID=86373532
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310195795.5A Pending CN116150824A (en) | 2023-03-02 | 2023-03-02 | Anti-cracking method and device for chip security data, chip and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116150824A (en) |
-
2023
- 2023-03-02 CN CN202310195795.5A patent/CN116150824A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20210240869A1 (en) | Secure memory device with unique identifier for authentication | |
| US8281388B1 (en) | Hardware secured portable storage | |
| US8219806B2 (en) | Management system, management apparatus and management method | |
| US20080140967A1 (en) | Method and system for programmable memory device security | |
| SG171919A1 (en) | Hardware encrypting storage device with physically separable key storage device | |
| CN102549594A (en) | Secure storage of temporary secrets | |
| CN101788959A (en) | Solid state hard disk secure encryption system | |
| CN104903911B (en) | One-time programmable integrated circuit security | |
| CN102439897A (en) | Electronic device, key generation program, recording medium, and key generation method | |
| CN103559435A (en) | Method and device for controlling debugging ports of terminal equipment | |
| CN101123507A (en) | A protection method and storage device for data information in storage device | |
| CN107679421A (en) | A kind of movable memory apparatus monitoring means of defence and system | |
| CN109190401A (en) | A kind of date storage method, device and the associated component of Qemu virtual credible root | |
| CN106845261A (en) | A kind of method and device of destruction SSD hard disc datas | |
| CN105631366A (en) | Encryption chip and encryption method therefor | |
| CN114884649A (en) | Intelligent gas meter and system | |
| CN116150824A (en) | Anti-cracking method and device for chip security data, chip and storage medium | |
| CN106533678B (en) | A kind of login method and its system based on multi-signature | |
| EP1906334A2 (en) | Information leak-preventing apparatus and information leak-preventing method | |
| CN103440465A (en) | Mobile storage medium safety control method | |
| JP2009129413A (en) | Shared management method of portable storage device, and portable storage device | |
| CN108345803B (en) | Data access method and device of trusted storage equipment | |
| TWI783531B (en) | Method performed by a system-on-chip integrated circuit device and a computer apparatus | |
| CN102411545A (en) | EEPROM operation protection method, device and system | |
| CN114239006A (en) | Social security card PIN resetting method, system and medium based on standard interface |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |