CN201054140Y - Information security control chip - Google Patents
Information security control chip Download PDFInfo
- Publication number
- CN201054140Y CN201054140Y CNU2007201485058U CN200720148505U CN201054140Y CN 201054140 Y CN201054140 Y CN 201054140Y CN U2007201485058 U CNU2007201485058 U CN U2007201485058U CN 200720148505 U CN200720148505 U CN 200720148505U CN 201054140 Y CN201054140 Y CN 201054140Y
- Authority
- CN
- China
- Prior art keywords
- module
- encryption
- decryption
- data
- interface
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Abstract
The utility model relates to an information security control chip which comprises a microprocessor module, a storage module, an encryption and decryption module, a port module, a power detection module and an internal bus, wherein, the microprocessor module controls the data communication and transmission between the port module and a periphery equipment, controls the encryption and the decryption operations of the encryption and decryption module, controls the storage of data received or encryption and decryption operation resulted from the port module. The storage module is used to store data, encryption and decryption keys and encryption and decryption operation results. The encryption and decryption module generates keys for encryption and decryption operations, or implements the encryption and decryption operations with the generated keys under the control of the microprocessor module. The port module is used to communicate data with the periphery equipment. The power detection module implement detection and management of a power supply under the control of the microprocessor module. The internal bus is communicated with the modules and transmits data. Compared with the prior security chips, the utility model has the advantages of more security applications, increased security, greater versatility and easy usage.
Description
Technical field
The utility model relates to network and computer safety field, particularly relates to a kind of information security control chip.
Background technology
Along with improving constantly of social informatization degree, the continuous expansion of IT application and the continual renovation of network new technology, the negative effect that network and information security issue are brought also becomes increasingly conspicuous.Taking measures aspect the software and hardware two respectively technically at present, promoting the continuous development of data encryption technology and physical containment technology, and hardware encipher must become the trend of technical development, the phy chip realization of hardware encipher algorithm engine that this hardware-based cryptographic employing is integrated.Yet, present safety chip design is being faced with a series of challenge, System on Chip/SoC SoC (System-on-a-Chip) has become the focus of IC industry, chip performance is more and more stronger, scale is increasing, and the construction cycle is more and more longer, and designing quality is more and more restive, it is high that the chip design cost more and more is tending towards, and obtained very big development based on the integrated reusable designing technique of IP (Intellectual Property).
At present, this class dedicated IC chip is used intelligent key and safety intelligent card and Trusted Computing etc. in information security field.Current, in security fields such as Web bank, E-Government, ecommerce, electronics military task, Internet securities, online game, data broadcasting and member management etc. adopted intelligent key and safety intelligent card product, be a kind of convenience that grew up in recent years, safe, economic identity identifying technology.Intelligent key is a kind of hardware device of USB interface, can store user's key or digital certificate etc., utilizes built-in cryptographic algorithm to realize authentication to user identity.Intelligent key directly provides safeguard protection from system and hardware view as the terminal encryption authenticating device, guarantees that key message such as key, certificate and Authorization Attributes etc. are safely stored in the hardware device.Safety intelligent card also can canned data also be used to authentication, has good processing power and excellent security performance simultaneously.In order to improve the security protection ability of computing machine, 1999, TCPA (TrustedComputing Platform Alliance) credible calculating platform alliance sets up, and TCPA has defined TPM (the Trusted Platform Module) credible platform module with safe storage and encryption function.2003, TCPA reorganization renamed TCG (Trusted Computing Group) Trusted Computing tissue as.This safety chip principle based on Trusted Computing is, this special chip is built on the mainboard of computing machine, can protect computer resource to be used safely by validated user, and protection computer hardware, software and data are not suffered to destroy, change and revealing.
Similar above-mentioned safety chip, its I/O interface module by chip are realized carrying out communication with external unit such as computing machine (PC), card reader, mobile phone etc., and chip carries out encryption and decryption to the input data of I/O interface, thus the safety of guarantee information.Yet present safety chip does not take resist technology that the storage unit module of inside is implemented memory protection, can not guarantee that the data of the storage unit module of chip internal are safe.In addition, such safety chip adopts traditional architecture at present, and inside bus structure is fairly simple, lack one efficiently, on-chip bus structure flexibly, more and more be difficult to satisfy the requirement of the reusable technology of IP in the SoC design process.
Summary of the invention
The purpose of this utility model is, overcome the defective that existing safety chip exists, and provide a kind of information security control chip of new structure, technical matters to be solved is to make it have characteristics such as more Secure Application, higher security, higher versatility and ease for use, is very suitable for practicality.
The purpose of this utility model and solve its technical matters and realize by the following technical solutions.According to a kind of information security control chip that the utility model proposes, it is characterized in that it comprises: a microprocessor module, the data communication transmission of control interface module and external unit, and the control interface module sends the data that receive to the encryption and decryption module, perhaps, control encryption and decryption module is carried out the encryption and decryption computing, and control encryption and decryption module is transferred to interface module with operation result, perhaps, control store module is preserved data or the encryption and decryption operation result that receives from interface module; Memory module is used to store data, encryption and decryption key, encryption and decryption operation result; The encryption and decryption module under the control of microprocessor, generates the needed key of encryption and decryption, perhaps uses the key that is generated and carries out the encryption and decryption computing; Interface module is used for the data communication with external unit, under the control of microprocessor, receives the input data of external unit, and perhaps the operational data with the encryption and decryption module sends external unit to; The power supply detection module realizes that under microprocessor module control power supply detects management; System bus is used to be electrically connected microprocessor module and memory module, security module and power supply detection module; The IP bus is used to be electrically connected security module and interface module; And bridge, be used for connected system bus and IP bus.
The purpose of this utility model and solve its technical matters and also can be applied to the following technical measures to achieve further.
Aforesaid information security control chip, it more comprises a security module, itself and described microprocessor module cooperatively interact work to protect the information security of this information security control chip inside.
Aforesaid information security control chip, wherein said security module comprises: memory protection unit is used to protect the sensitive information on this information security control chip; And safety detection and protection module, be used to prevent rogue attacks and protected data safety.
Aforesaid information security control chip, wherein said encryption and decryption module comprises: the RSA module, finish the computing of RSA encryption and decryption; The DES module is used to realize the DES/3DES enciphering and deciphering algorithm; And real random number generator, be used for generating fast random number and with it as RSA, the required key of DES computing.
Aforesaid information security control chip, wherein said memory module comprises: volatile memory, the temporary and ephemeral data that is used for the user program operation result is preserved; And nonvolatile memory, be used on the chip user program and data static store and upgrading and preserve key, certificate.
Aforesaid information security control chip, wherein said interface module comprises USB interface, ISO7816 standard interface, LPC interface and GPIO interface.
By technique scheme, the utility model information security control chip has following advantage and beneficial effect at least:
One, utilizes the demixing technology of bus, set up one based on efficiently, on-chip bus structure flexibly, adopt this novel system architecture and utilize the reusable designing technique of IP, realize the Highgrade integration of complication system, so that the module of various different qualities better is connected with bus.
Two, for realizing that multiple Secure Application has disposed USB interface, ISO7816 standard interface, LPC interface and GPIO interface, can be applicable to information security fields such as intelligent key, safety intelligent card, Trusted Computing.
Three, inner integrated memory protection unit; can realize the partition protecting of storage space and realize the encryption/decryption functionality of the data/address of storage unit; prevent from the sensitive data of chip internal is carried out unauthorized access, thus the information security of assurance chip internal.
In sum, the utlity model has above-mentioned plurality of advantages and practical value, no matter it all has bigger improvement on product structure or function, obvious improvement is arranged technically, and produced handy and practical effect, and more existing safety chip has the outstanding effect of enhancement, thus be suitable for practicality more, and have the extensive value of industry, really be a new and innovative, progressive, practical new design.
Above-mentioned explanation only is the general introduction of technical solutions of the utility model, for can clearer understanding technological means of the present utility model, and can be implemented according to the content of instructions, and for above-mentioned and other purposes, feature and advantage of the present utility model can be become apparent, below especially exemplified by preferred embodiment, and conjunction with figs., be described in detail as follows.
Description of drawings
Fig. 1 is the structural representation according to information security control chip of the present utility model.
Embodiment
For further setting forth the utility model is to reach technological means and the effect that predetermined goal of the invention is taked, below in conjunction with accompanying drawing and preferred embodiment, to according to its embodiment of information security control chip, structure, feature and the effect thereof that the utility model proposes, describe in detail as after.
See also shown in Figure 1ly, be information security control chip structural representation according to the utility model one preferred embodiment.This information security control chip comprises microprocessor module 1, memory module 2, security module 3, encryption and decryption module 4, interface module 5, power supply detection module 6, system bus 7, IP (Intellectual Property) bus 8 and bridge 9.Wherein, microprocessor module 1, be the computing and the control center of entire chip, each module is worked harmoniously, its control interface module 5 is transmitted with the data communication of external unit, and control interface module 5 sends the data that receive to encryption and decryption module 4, perhaps, control encryption and decryption module 4 is carried out the encryption and decryption computing, and control encryption and decryption module 4 is transferred to interface module 5 with operation result, perhaps, control store module 2 is preserved data or the encryption and decryption operation result that receives from interface module 5, and protects the information security of this information security control chip inside with security module 3 work of cooperatively interacting; Memory module 2 is used to preserve the data that receive from interface module 5, encryption and decryption key, encryption and decryption operation result etc.; Security module 3 and microprocessor module 1 work of cooperatively interacting realize the protection of this information security control chip internal data; Encryption and decryption module 4 is carried out the encryption and decryption computing to data under the control of microprocessor module 1; Interface module 5 is responsible for the communication with external unit, and the input data that it receives external unit under the control of microprocessor module 1, send the data that receive to encryption and decryption module 4, perhaps, will give external unit from the data transmission of encryption and decryption module 4; Power supply detection module 6 is realized the detection management to this information security control chip power supply under the control of microprocessor module 1, support low-power consumption; Above-mentioned each module of chip integrates by internal bus, and internal bus is made of system bus 7, IP bus 8 and bridge 9 three parts.
In the present embodiment, security module 3 comprises memory protection unit and safety detection and protection module, memory protection unit (MPU, Memory Protection Unit) employing hardware access control technology and storage encryption technology are protected the sensitive information on this information security control chip, it can be integrated in microprocessor module 1, for example adopts the integrated MPU of 32 bit CPUs; Safety detection and protection module adopt current balance type distribution design technology to prevent energy attack and protected data safety.
In the present embodiment, encryption and decryption module 4 comprises the RSA module, the DES module, and real random number generator, the RSA module is finished the computing of RSA encryption and decryption; The DES module mainly realizes DES/3DES (DataEncryption Standard) enciphering and deciphering algorithm; Real random number generator be used for generating fast random number and with it as RSA, the required key of DES computing;
In the present embodiment, interface module 5 comprises four kinds of interfaces, USB interface, ISO7816 standard interface, LPC interface and GPIO interface, and the distinct interface of chip can have different application.USB interface can be used for the intelligent key product, with as the terminal encryption authenticating device; The LPC interface is to use the interface dispose for the Trusted Computing field, is connected with South Bridge chip group on the computer motherboard, and chip and computing machine carry out data transmission; The GPIO interface is a kind of universal input/output interface, can be used as multiple function, and its basic function provides an external interface with the outer resource of visit sheet, when they are not when being used to external interface is provided, can be used as general digital I/O (I/O) end; 7816 interfaces are used to provide intelligent card interface, and it allows to carry out asynchronous serial communication between the microprocessor module 1 of this chip and the peripheral hardware.Certainly, those skilled in the art can use wherein part interface or other interfaces to adapt to different application, and this is all in the technical solution of the utility model scope.
In the present embodiment, system bus 7 is responsible for being electrically connected microprocessor module 1 and memory module 2, security module 3 and power supply detection module 6, to realize the data transmission of high speed, wide bandwidth; IP bus 8 then is encryption and decryption module 4 and the interface module 5 that is used for being electrically connected chip, the requirement of low in energy consumption to satisfy, portable, reusability; Link to each other by bridge 9 between system bus 7 and the IP bus 8.
The above, it only is preferred embodiment of the present utility model, be not that the utility model is done any pro forma restriction, though the utility model discloses as above with preferred embodiment, yet be not in order to limit the utility model, any those skilled in the art, in not breaking away from the technical solutions of the utility model scope, when the technology contents that can utilize above-mentioned announcement is made a little change or is modified to the equivalent embodiment of equivalent variations, in every case be the content that does not break away from technical solutions of the utility model, according to technical spirit of the present utility model to any simple modification that above embodiment did, equivalent variations and modification all still belong in the scope of technical solutions of the utility model.
Claims (6)
1. information security control chip is characterized in that it comprises:
One microprocessor module, the data communication transmission of control interface module and external unit, and the control interface module sends the data that receive to the encryption and decryption module, perhaps, control encryption and decryption module is carried out the encryption and decryption computing, and control encryption and decryption module is transferred to interface module with operation result, and perhaps, the control store module is preserved data or the encryption and decryption operation result that receives from interface module;
Memory module is used to store data, encryption and decryption key, encryption and decryption operation result;
The encryption and decryption module under the control of microprocessor, generates the needed key of encryption and decryption, perhaps uses the key that is generated and carries out the encryption and decryption computing;
Interface module is used for the data communication with external unit, under the control of microprocessor, receives the input data of external unit, and perhaps the operational data with the encryption and decryption module sends external unit to;
The power supply detection module realizes that under microprocessor module control power supply detects management;
System bus is used to be electrically connected microprocessor module and memory module, security module and power supply detection module;
The IP bus is used to be electrically connected security module and interface module; And
Bridge is used for connected system bus and IP bus.
2. information security control chip according to claim 1 is characterized in that it more comprises a security module, and itself and described microprocessor module cooperatively interact work to protect the information security of this information security control chip inside.
3. information security control chip according to claim 2 is characterized in that described security module comprises:
Memory protection unit is used to protect the sensitive information on this information security control chip; And
Safety detection and protection module are used to prevent rogue attacks and protected data safety.
4. information security control chip according to claim 1 and 2 is characterized in that wherein said encryption and decryption module comprises:
The RSA module is carried out the computing of RSA encryption and decryption to the data that receive;
The DES module is used to realize the DES/3DES enciphering and deciphering algorithm; And
Real random number generator, be used for generating fast random number and with it as RSA, the required key of DES computing.
5. information security control chip according to claim 1 and 2 is characterized in that wherein said memory module comprises:
Volatile memory, the temporary and ephemeral data that is used for the user program operation result is preserved; And
Nonvolatile memory is used on the chip user program and data static store and upgrading and preserves key, certificate.
6. information security control chip according to claim 1 and 2 is characterized in that wherein said interface module comprises USB interface, ISO7816 standard interface, LPC interface and GPIO interface.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNU2007201485058U CN201054140Y (en) | 2007-04-27 | 2007-04-27 | Information security control chip |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNU2007201485058U CN201054140Y (en) | 2007-04-27 | 2007-04-27 | Information security control chip |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN201054140Y true CN201054140Y (en) | 2008-04-30 |
Family
ID=39393801
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNU2007201485058U Expired - Fee Related CN201054140Y (en) | 2007-04-27 | 2007-04-27 | Information security control chip |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN201054140Y (en) |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101533444B (en) * | 2008-05-24 | 2010-12-01 | 威盛电子股份有限公司 | Device for providing secure execution environment and method for executing secure code thereof |
| CN101908112A (en) * | 2010-07-30 | 2010-12-08 | 上海华岭集成电路技术股份有限公司 | Test method and system of security chip |
| CN102722943A (en) * | 2012-06-13 | 2012-10-10 | 福建睿矽微电子科技有限公司 | Security chip of telephone POS (point of sale) |
| CN102882856A (en) * | 2012-09-10 | 2013-01-16 | 广东电网公司电力科学研究院 | Terminal password device based on system on chip (SoC) |
| CN103475463A (en) * | 2013-08-19 | 2013-12-25 | 华为技术有限公司 | Encryption realization method and apparatus |
| CN104391813A (en) * | 2014-10-23 | 2015-03-04 | 山东维固信息科技股份有限公司 | SOC (system-on-chip) chip for embedded data security system |
| CN105930115A (en) * | 2016-04-25 | 2016-09-07 | 杭州旗捷科技有限公司 | Key data reduction consumable chip and stored data protection method |
| CN106096477A (en) * | 2016-06-07 | 2016-11-09 | 恒宝股份有限公司 | A kind of method of card reader for multiplex roles parallel communications and card reader |
| CN107239682A (en) * | 2017-06-15 | 2017-10-10 | 武汉万千无限科技有限公司 | A kind of computer internet information safety control system based on cloud computing |
| CN109145613A (en) * | 2018-07-10 | 2019-01-04 | 杨俊佳 | Security encryption chip and electronic equipment containing the chip |
| WO2019029393A1 (en) * | 2017-08-08 | 2019-02-14 | 杭州中天微系统有限公司 | Storage data encryption and decryption device and method |
| US10944289B2 (en) | 2013-08-06 | 2021-03-09 | Bedrock Automation Plattforms Inc. | Smart power system |
| CN112749419A (en) * | 2020-12-31 | 2021-05-04 | 广州万协通信息技术有限公司 | Protection device and method for security chip test mode |
-
2007
- 2007-04-27 CN CNU2007201485058U patent/CN201054140Y/en not_active Expired - Fee Related
Cited By (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101533444B (en) * | 2008-05-24 | 2010-12-01 | 威盛电子股份有限公司 | Device for providing secure execution environment and method for executing secure code thereof |
| CN101908112A (en) * | 2010-07-30 | 2010-12-08 | 上海华岭集成电路技术股份有限公司 | Test method and system of security chip |
| CN101908112B (en) * | 2010-07-30 | 2013-04-17 | 上海华岭集成电路技术股份有限公司 | Test method and system of security chip |
| CN102722943A (en) * | 2012-06-13 | 2012-10-10 | 福建睿矽微电子科技有限公司 | Security chip of telephone POS (point of sale) |
| CN102722943B (en) * | 2012-06-13 | 2015-09-16 | 福建睿矽微电子科技有限公司 | A kind of telephone POS safety chip |
| CN102882856A (en) * | 2012-09-10 | 2013-01-16 | 广东电网公司电力科学研究院 | Terminal password device based on system on chip (SoC) |
| US10944289B2 (en) | 2013-08-06 | 2021-03-09 | Bedrock Automation Plattforms Inc. | Smart power system |
| US11605953B2 (en) | 2013-08-06 | 2023-03-14 | Bedrock Automation Platforms Inc. | Smart power system |
| CN103475463A (en) * | 2013-08-19 | 2013-12-25 | 华为技术有限公司 | Encryption realization method and apparatus |
| CN103475463B (en) * | 2013-08-19 | 2017-04-05 | 华为技术有限公司 | Encryption implementation method and device |
| CN104391813A (en) * | 2014-10-23 | 2015-03-04 | 山东维固信息科技股份有限公司 | SOC (system-on-chip) chip for embedded data security system |
| CN105930115B (en) * | 2016-04-25 | 2018-11-16 | 杭州旗捷科技有限公司 | A kind of critical data reduction consumable chip and storing data guard method |
| CN105930115A (en) * | 2016-04-25 | 2016-09-07 | 杭州旗捷科技有限公司 | Key data reduction consumable chip and stored data protection method |
| CN106096477A (en) * | 2016-06-07 | 2016-11-09 | 恒宝股份有限公司 | A kind of method of card reader for multiplex roles parallel communications and card reader |
| CN107239682A (en) * | 2017-06-15 | 2017-10-10 | 武汉万千无限科技有限公司 | A kind of computer internet information safety control system based on cloud computing |
| WO2019029393A1 (en) * | 2017-08-08 | 2019-02-14 | 杭州中天微系统有限公司 | Storage data encryption and decryption device and method |
| US11030119B2 (en) | 2017-08-08 | 2021-06-08 | C-Sky Microsystems Co., Ltd. | Storage data encryption and decryption apparatus and method |
| CN109145613A (en) * | 2018-07-10 | 2019-01-04 | 杨俊佳 | Security encryption chip and electronic equipment containing the chip |
| CN112749419A (en) * | 2020-12-31 | 2021-05-04 | 广州万协通信息技术有限公司 | Protection device and method for security chip test mode |
| CN112749419B (en) * | 2020-12-31 | 2023-11-21 | 广州万协通信息技术有限公司 | Protection device and method for safety chip test mode |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN201054140Y (en) | Information security control chip | |
| Dai et al. | SBLWT: A secure blockchain lightweight wallet based on trustzone | |
| CN101551784B (en) | Method and device for encrypting data in ATA memory device with USB interface | |
| Hwang et al. | Securing embedded systems | |
| CN102609665B (en) | Method and device for signing user program and method and device for verifying signature of user program | |
| CN101976320B (en) | Credible computer platform | |
| CN102123031A (en) | Hardware attestation techniques | |
| TW201342867A (en) | Systems and methods for protecting symmetric encryption keys | |
| CN100373376C (en) | Encryption chip, CPU program encryption method using said chip and system thereof | |
| CN101364187A (en) | Double operating system computer against worms | |
| CN102693385A (en) | Embedded terminal based on SD (secure digital) trusted computing module and implementation method thereof | |
| CN102024115B (en) | Computer with user security subsystem | |
| Choi et al. | Design of security enhanced TPM chip against invasive physical attacks | |
| CN201150069Y (en) | Information safety equipment supporting multiple identification authentication | |
| CN103984901A (en) | Trusted computer system and application method thereof | |
| CN1808457B (en) | Portable trusted device for remote dynamic management | |
| Yussoff et al. | Trusted wireless sensor node platform | |
| CN204808325U (en) | Carry out black equipment to data | |
| CN207475576U (en) | A kind of safety mobile terminal system based on safety chip | |
| CN203300226U (en) | High-security secret key USB flash disk | |
| CN201845340U (en) | Safety computer provided with user safety subsystem | |
| CN202600714U (en) | Embedded terminal based on SD (Secure Digital) trusted computing module | |
| CN202711243U (en) | Encryption type movable storage device based on fingerprint authentication | |
| CN212749835U (en) | Safe credible computer based on domestic TPM encryption module | |
| CN101950345A (en) | Hardware decryption-based high-reliability terminal equipment and working method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20080430 Termination date: 20130427 |