CN201556209U - Encryption device of embedded software program based on safety MCU - Google Patents
Encryption device of embedded software program based on safety MCU Download PDFInfo
- Publication number
- CN201556209U CN201556209U CN2009200169743U CN200920016974U CN201556209U CN 201556209 U CN201556209 U CN 201556209U CN 2009200169743 U CN2009200169743 U CN 2009200169743U CN 200920016974 U CN200920016974 U CN 200920016974U CN 201556209 U CN201556209 U CN 201556209U
- Authority
- CN
- China
- Prior art keywords
- module
- deciphering
- firmware
- random number
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The utility model discloses an encryption device of an embedded software program based on a safety MCU (microprogrammed control unit). The adopted safety MCU comprises a microcontroller and a verification module A, wherein, the verification module A comprises a random number generator, an encryption module A, a decryption module B and a comparative validation unit; the embedded program firmware comprises a host processor and a verification module B, wherein, the verification module B comprises a decryption module A, an encryption module B and a comparative validation unit; the encryption method of the MCU adopted by the device corresponds to the decryption method of the firmware, in a similar way, the encryption method of the firmware corresponds to the decryption method of the MCU, therefore, the two-way verification way encrypts the program. The device adopts the safety MCU, the encryption technology is relatively mature, the program code is unreadable to prevent the program from being copied, the cost is very low, the varieties are wide, and the development technique is also relatively mature; in addition, most electronic systems are provided with the hardware architecture implemented by the utility model, so the utility model has universality and is suitable for wide popularization.
Description
Technical field
The utility model relates to a kind of embedded electronic system firmware programmed protection device and method, relates in particular to a kind of encryption device of the embedded software program based on safe MCU.
Background technology
The embedded electronic product is universal day by day, becomes an indispensable part in the daily life.The firmware that is installed in the hardware is the software that store electrons equipment is carried out the basic operation information needed, normally adopt C language or the assembly language binary code that compiling obtains through compiler, be written to (as Flash or ROM) in the storer, and the firmware that illegally duplicates in the storer is also quite easy.
Jue Daduoshuo electronic product all adopts identical solution on the other hand, hardware and software platform between each manufacturer is all identical, thereby caused groups of people for certain purpose, the hardware platform of using others comes the application program of burning oneself, perhaps from Flash, read the application binaries code and be used for the hardware platform of oneself, copy.
At present a kind of encryption method that adopts be adopt a fixed address of ROM storer preserve one fixing ID number, after firmware program starts, reading ID number verifies, this kind method is preventing imitated certain effect of having played, but because the content of duplicating in the storer is quite easy, after knowing the encryption method of employing, product image also is quite easy, on the other hand, adopt this kind encryption way, for preventing that other firmware program of operation does not have any effect on its hardware platform.
The another kind of method of encrypting is that the firmware program binary code is encrypted, and at first is decrypted before the operation firmware program.One of this encryption method implementation method is: additionally develop a cover decrypted program, at first moving decrypted program reads firmware program and is decrypted, save as executable binary code form, increased extra execution time expense thus, decrypted program also is easy to be replicated simultaneously.
Summary of the invention
The utility model is at the proposition of above problem, and develop a kind of with the specialized hardware platform, be the processor CPU of design specialized, carry out the system of bi-directional verification of the firmware program of encryption, realize preventing that firmware program is carried out illegal malice to be refreshed or read firmware program and copy.The technical solution adopted in the utility model is as follows:
A kind of encryption device of the embedded software program based on safe MCU is characterized in that safe MCU is connected by data communication bus with embedding program firmware;
Described safe MCU comprises microcontroller and authentication module A; Described authentication module A comprises tandom number generator, encrypting module A, deciphering module B and comparatively validate unit;
Described tandom number generator is used for producing the random number that proof procedure uses;
Described encrypting module A is used for the random number that tandom number generator produces is carried out encryption;
Described deciphering module B, the enciphered data that the embedding program firmware that is used for that safe MCU is received is passed back is decrypted processing;
Described comparatively validate unit is used for the tandom number generator random number is compared with deciphering module B data decryption, simultaneously decrypted result is sent to microcontroller and handles;
Described embedding program firmware comprises primary processor and authentication module B; Described authentication module B comprises deciphering module A, encrypting module B and comparatively validate unit;
Described deciphering module A is used for the enciphered data that embedding program firmware receives is decrypted processing;
Described comparatively validate unit is used for the data of deciphering module A reduction are compared with the execution command data of presetting, and comparative result is sent to primary processor;
Described encrypting module B is used for the random number of deciphering module A deciphering is encrypted once more;
Random number of described in use tandom number generator generation is transferred to encrypting module A by data line and encrypts, be transferred to by data communication bus among the deciphering module A of authentication module B and be decrypted, the back compares judgement by the comparatively validate unit that is connected with deciphering module A, when comparison result satisfies condition, other unit of primary processor control embedding program firmware works on, when comparison result does not satisfy condition, primary processor is controlled connected encrypting module B the random number of deciphering module A deciphering is encrypted once more, the random number that the back will be encrypted once more by data communication bus is sent among the deciphering module B of authentication module A and is decrypted, comparing judgement through the comparatively validate unit that is connected with deciphering module B, when comparison result does not satisfy condition, the microprocessor controls controllable electric power cuts away primary processor, the power supply of firmware memory and random access memory, when comparison result does not satisfy condition, microcontroller sends the steering order that continues executive routine by data communication bus to primary processor.
Data communication bus adopts I2C, SPI, USB or RS232 to carry out opposing traffic.
It is conspicuous that the utility model is compared its advantage with prior art, specific as follows:
1: adopted safe MCU, its encryption technology is quite ripe, and program code is not readable, and the program that prevented is replicated, and price is also relatively more cheap, and of a great variety, development technique is comparative maturity also.
2: utilize safe MCU and firmware to verify; have only by the checking firmware and could normally carry out; otherwise it is to be verified that firmware program enters deadlock etc.; unilaterally firmware program being carried out malice thus refreshes or reads firmware program and copy all cisco unity malfunctions; and the encipherment protection technology of MCU is quite ripe; the possibility that part MCU is cracked is almost nil, thereby effectively protects development and Design personnel intellecture property.
3: the utility model is the firmware self-encryption on the other hand, need not additionally the firmware binaries code to be carried out encryption and decryption, implements easylier also can use with other encryption methods flexibly, further adds the intensity of strong encryption.
4: all possessed the hardware structure that the utility model is implemented at most electronic systems, need not hardware is done too much change.
Description of drawings
Fig. 1 is a hardware system structure synoptic diagram of the present utility model;
Fig. 2 is the authentication module refined structure synoptic diagram of microcontroller;
Fig. 3 is the checking mould structure refined structure synoptic diagram of embedded system firmware;
Fig. 4 is the process flow diagram of encryption method described in the utility model.
Embodiment
The encryption system of embedded software program as shown in Figure 1, be that safe MCU is connected by data communication bus with embedding program firmware, wherein 101 1 important effects of microcontroller are that power supply is managed, the beginning position of firmware application programs after startup communicated by bus by primary processor 102 and microcontroller 101, both sides verify, if checking is passed through, 101 pairs of primary processors of microcontroller 102 send instruction and continue to carry out following application program, otherwise primary processor 102 just stops to carry out following firmware program, it is to be verified to enter deadlock etc., and can cut off primary processor 102 power supplys by control controllable electric power 105 for microcontroller 101, reach encryption thus to firmware program.What microcontroller 101 adopted is safe MCU, and its program storage not can read, and there is corresponding model each MCU factory commercial city, actual enforcement can freely be selected, for data communication, preferably adopt MCU with hardware data communication bus, make things convenient for procedure development.
As shown in Figures 2 and 3 safe MCU and the program of embedding firmware are carried out the refinement description, so that further understand the utility model.Wherein safe MCU comprises microcontroller 101 and authentication module A2; Described authentication module A comprises tandom number generator 201, encrypting module A202, deciphering module B204 and comparatively validate unit 205; Tandom number generator 201 is used for producing the random number of using in the proof procedure, its realization can be that hardware produces, also can be that software is realized, in order not increase the complexity of hardware, present embodiment adopts software to realize, method has: iteration is got middle method, multiplicative congruential method, additive congruential method, mixed congruence method etc., and various implementation method the utility model no longer repeat, and can inquire about related data.Encrypting module A202 is used for the random number that tandom number generator 201 produces is encrypted, its cryptographic algorithm is also varied, adopted the method for XOR to explain in the present embodiment, the random number that tandom number generator 201 is produced and a fixing number carry out XOR and encrypt.Data communication bus 203 preferably MCU self is realized by hardware, its communication is two-way, present MCU generally supports one or more, as: I2C, SPI, USB, RS232, concrete form is determined that by selected MCU data communication bus adopts software simulation also can achieve the goal, but its stability can reduce, the development difficulty of software also can increase, and the utility model still advises adopting MCU self to be realized by hardware.The data that deciphering module B204 returns at firmware program are decrypted, and its decryption method is corresponding with the encryption method in the firmware program.Comparatively validate 205 compares data and original random number after the deciphering, and MCU makes corresponding operation according to the result.
Wherein embed the program firmware and comprise primary processor 102 and authentication module B3; Described authentication module B comprises deciphering module A302, encrypting module B304 and comparatively validate unit 303; Carried out the refinement description at the authentication module structure of firmware program and the contact between the each several part.The function of its each module is identical with Fig. 2 with implementation method, it should be noted that encryption and the encrypting module among two figure has nothing in common with each other, and has adopted different encipher-decipher methods to be distinguished with A and B in the drawings.Comparatively validate module 303 is used to judge that decrypted data is instruction or verification msg, if instruct then firmware program will jump out proof procedure, continues to carry out the application code of back.
Be to initiate checking in concrete implementation by microcontroller 101, enciphered data is passed to the firmware program that primary processor 102 is carried out, after firmware program is decrypted, the reduction data encrypt again with other cryptographic algorithm after, return to microcontroller 101, last microcontroller 101 compares checking to data decryption that returns and original data, and makes corresponding processing.Same reason also can be initiated checking by firmware program, replys and made by microcontroller 101.Below in conjunction with Fig. 4, provide a concrete proof procedure embodiment:
S1000: checking is initiated by microcontroller 101.
S2000: produce random number by the random number device, and store, be used for follow-up comparatively validate, what suppose generation is 8 random numbers: 10101010.
S3000: utilize PKI and cryptographic algorithm A that the random number that S2000 produces is encrypted, and by data bus as: I2C sends to firmware program.Cryptographic algorithm is varied can freely be selected, and this is 11111111 with PKI again, and it is example that cryptographic algorithm adopts the XOR algorithm, and then data encrypted is 01010101.
After the firmware program of carrying out among the S4000:CPU received the enciphered data of microcontroller 101 transmissions, utilizing PKI and cryptographic algorithm A inverse operation was former random number with reduction of data: 10101010.
S5000: firmware program compares the data of reduction and the execution command data of presetting, if identical, then continue to carry out follow-up firmware program code, otherwise just carries out S6000.
S6000: under the condition of S5000, utilize data encrypted PKI and cryptographic algorithm B that the data of S5000 reduction are encrypted once more, and have bus to send to microcontroller 101.
S7000: after microcontroller 101 received the data that firmware returns, utilizing PKI and cryptographic algorithm B inverse operation was former random number with reduction of data: 10101010.
S8000: the data S7000 reduction, compare with original random number, identically just carry out S9000, otherwise, cut away the power supply of primary processor 102, firmware memory 103, random access memory 104 just as authentication failed.
S9000: under the condition that S8000 sets up, microcontroller 101 just sends execution command to firmware program, finishes proof procedure.
In sum, the utility model has adopted the mode of bi-directional verification, when verifying, both sides adopt the mode of random number encryption, having avoided fixed data fixed-encryption algorithm to catch waveform by oscillograph deciphers, strengthen the difficulty of deciphering, when verifying, carried out the encryption and decryption process twice.Both sides' encryption and decryption method has nothing in common with each other, and the encryption method of MCU is corresponding with the decryption method of firmware, and in like manner the encryption method of firmware is corresponding with the decryption method of MCU, has realized bi-directional verification thus.
The above; it only is the preferable embodiment of the utility model; but protection domain of the present utility model is not limited thereto; anyly be familiar with those skilled in the art in the technical scope that the utility model discloses; be equal to replacement or change according to the technical solution of the utility model and inventive concept thereof, all should be encompassed within the protection domain of the present utility model.
Claims (1)
1. the encryption device based on the embedded software program of safe MCU is characterized in that safe MCU comprises microcontroller (101) and authentication module A (2);
Described authentication module A comprises tandom number generator (201), encrypting module A (202), deciphering module B (204) and comparatively validate unit (205);
Described tandom number generator (201) is used for producing the random number that proof procedure uses;
Described encrypting module A (202) is used for the random number that tandom number generator (201) produces is carried out encryption;
Described deciphering module B (204), the enciphered data that the embedding program firmware that is used for that safe MCU is received is passed back is decrypted processing;
Described comparatively validate unit (205) is used for tandom number generator (201) random number is compared with deciphering module B (204) data decryption, simultaneously decrypted result is sent to microcontroller (101) and handles;
Described embedding program firmware comprises primary processor (102) and authentication module B (3); Described authentication module B comprises deciphering module A (302), encrypting module B (304) and comparatively validate unit (303);
Described deciphering module A (302) is used for the enciphered data that embedding program firmware receives is decrypted processing;
Described comparatively validate unit (303) is used for the data of deciphering module A (302) reduction are compared with the execution command data of presetting, and comparative result is sent to primary processor (102);
Described encrypting module B (304) is used for the random number of deciphering module A (302) deciphering is encrypted once more;
Random number of described tandom number generator (201) generation is transferred to encrypting module A (202) by data line and encrypts, be transferred to by data communication bus (203) among the deciphering module A (302) of authentication module B (3) and be decrypted, the back compares judgement by the comparatively validate unit (303) that is connected with deciphering module A (302) and comparison result is sent in the primary processor (102), described primary processor (102) is also controlled connected encrypting module B (304) random number of deciphering module A (302) deciphering is encrypted once more, the random number that the back will be encrypted once more by data communication bus (203) is sent among the deciphering module B (204) of authentication module A and is decrypted, and is comparing judgement passing through the comparatively validate unit (205) that is connected with deciphering module B (204); Described microcontroller (101) control controllable electric power (105) cuts away the power supply of primary processor (102), firmware memory (103) and random access memory (104); Described microcontroller (101) can pass through data communication bus (203) and send the steering order that continues executive routine to primary processor (102).
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2009200169743U CN201556209U (en) | 2009-08-25 | 2009-08-25 | Encryption device of embedded software program based on safety MCU |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2009200169743U CN201556209U (en) | 2009-08-25 | 2009-08-25 | Encryption device of embedded software program based on safety MCU |
Publications (1)
Publication Number | Publication Date |
---|---|
CN201556209U true CN201556209U (en) | 2010-08-18 |
Family
ID=42615896
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2009200169743U Expired - Fee Related CN201556209U (en) | 2009-08-25 | 2009-08-25 | Encryption device of embedded software program based on safety MCU |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN201556209U (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103246832A (en) * | 2012-02-14 | 2013-08-14 | 新唐科技股份有限公司 | Microprocessor chip with anti-copy function and recording system thereof |
CN105574441A (en) * | 2015-11-09 | 2016-05-11 | 北京中电华大电子设计有限责任公司 | Embedded firmware protection method and device |
CN106533653A (en) * | 2016-08-22 | 2017-03-22 | 深圳市华曦达科技股份有限公司 | Encrypted chip, encryption method and encryption system |
-
2009
- 2009-08-25 CN CN2009200169743U patent/CN201556209U/en not_active Expired - Fee Related
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103246832A (en) * | 2012-02-14 | 2013-08-14 | 新唐科技股份有限公司 | Microprocessor chip with anti-copy function and recording system thereof |
CN103246832B (en) * | 2012-02-14 | 2016-01-06 | 新唐科技股份有限公司 | Microprocessor chip with anti-copy function and recording system thereof |
CN105574441A (en) * | 2015-11-09 | 2016-05-11 | 北京中电华大电子设计有限责任公司 | Embedded firmware protection method and device |
CN106533653A (en) * | 2016-08-22 | 2017-03-22 | 深圳市华曦达科技股份有限公司 | Encrypted chip, encryption method and encryption system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101635019B (en) | Encryption system of embedded type software program based on safe MCU | |
CN112035152B (en) | Secure processing system and method for upgrading firmware of SoC chip | |
CN105956456B (en) | A kind of pair of android system carries out the implementation method of quadruple combinations signature verification | |
CN104951701B (en) | A kind of method of the terminal device booting operating system based on USB controller | |
CN100515134C (en) | Mobile phone software encryption and verification method | |
CN101968834A (en) | Encryption method and device for anti-copy plate of electronic product | |
CN109446757B (en) | Method for protecting general MCU program | |
CN103761456B (en) | A kind of anti-method cracking of monolithic microcomputer kernel code | |
CN201556209U (en) | Encryption device of embedded software program based on safety MCU | |
CN105279441A (en) | Methods and architecture for encrypting and decrypting data | |
CN102111753A (en) | Mobile phone software encryption method | |
CN101576948B (en) | Allowed method for guarding singlechip programmer | |
CN102289625A (en) | Memory chip with encryption function and piracy prevention method | |
CN102831357B (en) | Encryption and authentication protection method and system of secondary development embedded type application program | |
CN105512520B (en) | Anti-cloning vehicle-mounted system and working method thereof | |
WO2013062522A1 (en) | Device authentication | |
KR102366809B1 (en) | Display driver integrated circuit for certifying application processor and mobile apparatus having the same | |
CN109150813B (en) | Equipment verification method and device | |
CN116738392A (en) | Software and hardware verification method for main control system of wind generating set | |
JP6421816B2 (en) | Control device and control device system | |
CN105426702A (en) | Android operating system based application program encrypting method and device, and Android operating system based application program decrypting method and device | |
CN107070658B (en) | Improved method of system encryption authentication mechanism | |
CN107330318A (en) | A kind of binding encryption method of digital signal panel card and its debugging system | |
CN103336919A (en) | System and method for achieving instrument encryption verification control function | |
CN103164251A (en) | Method for outputting program check codes of embedded type microprocessor |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20100818 Termination date: 20170825 |