TW201721442A - Secure chip, and nonvolatile storage control device and method for same - Google Patents

Secure chip, and nonvolatile storage control device and method for same Download PDF

Info

Publication number
TW201721442A
TW201721442A TW105135980A TW105135980A TW201721442A TW 201721442 A TW201721442 A TW 201721442A TW 105135980 A TW105135980 A TW 105135980A TW 105135980 A TW105135980 A TW 105135980A TW 201721442 A TW201721442 A TW 201721442A
Authority
TW
Taiwan
Prior art keywords
cyclic redundancy
unit
redundancy check
storage area
check value
Prior art date
Application number
TW105135980A
Other languages
Chinese (zh)
Other versions
TWI619019B (en
Inventor
謝華
劉娟
唐佳捷
Original Assignee
國民技術股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 國民技術股份有限公司 filed Critical 國民技術股份有限公司
Publication of TW201721442A publication Critical patent/TW201721442A/en
Application granted granted Critical
Publication of TWI619019B publication Critical patent/TWI619019B/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • G06F21/79Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories

Abstract

Disclosed in the present invention are a secure chip, and a nonvolatile storage control device and method for the same. The device comprises a nonvolatile memory and a storage controller. The nonvolatile memory comprises a first storage region and a check storage region. The storage controller comprises a cyclic redundancy check unit, a first write unit, a check value write unit, a register unit, a comparison unit, and a first read unit. The cyclic redundancy check unit is used for calculating a cyclic redundancy check value corresponding to data. The register unit is used for registering the cyclic redundancy check value corresponding to read data. The comparison unit is used for making a comparison between a cyclic redundancy check value in the check storage region corresponding to read data and a cyclic redundancy check value in the register unit corresponding to the read data. The first read unit is used for returning the read data when the cyclic redundancy check value in the check storage region corresponding to the read data is the same as the cyclic redundancy check value in the register unit corresponding to the read data, and otherwise, giving out an alarm signal.

Description

安全晶片、非易失性記憶體控制裝置及非易失性存儲控制方法 Security chip, nonvolatile memory control device and nonvolatile storage control method

本發明關於一種安全晶片技術領域,尤其關於一種安全晶片及其非易失性記憶體控制裝置、方法。 The present invention relates to the field of security wafer technology, and more particularly to a security chip and a nonvolatile memory control device and method thereof.

安全晶片是指帶有資料加密和防安全攻擊技術的積體電路晶片,廣泛應用於數位簽章、身份認證等領域,如常見的公共交通卡和社保卡等智慧卡、網銀優盾等都是安全晶片應用的例子。 The security chip refers to the integrated circuit chip with data encryption and anti-security attack technology. It is widely used in digital signage, identity authentication and other fields, such as common public transportation cards and social security cards, such as smart cards and online banking. An example of a secure wafer application.

對於安全晶片的攻擊目前一般分為非侵入式攻擊、侵入式攻擊和半侵入式攻擊等三種形式。其中,非侵入式攻擊不需要直接接觸晶片內部元器件,也不會對晶片造成任何損傷,比如時序攻擊和功耗分析即屬於此類;侵入式攻擊則需要直接接觸晶片內部元器件,例如化學腐蝕和雷射切割等即屬於此類;半侵入式攻擊則介於非侵入式和侵入式攻擊之間,它也需要打開晶片的封裝來存取晶片表面,但不需要與金屬表面進行電接觸,這樣對矽就沒有機械損傷,例如常見的雷射攻擊即屬於此類。 Attacks on security chips are currently divided into three types: non-intrusive attacks, intrusive attacks, and semi-intrusive attacks. Among them, non-intrusive attacks do not need to directly touch the internal components of the chip, nor do they cause any damage to the wafer. For example, timing attack and power analysis belong to this category; intrusive attacks require direct contact with internal components of the chip, such as chemistry. Corrosion and laser cutting are examples of this type; semi-invasive attacks are between non-intrusive and invasive attacks. They also require the opening of the wafer package to access the wafer surface, but do not require electrical contact with the metal surface. There is no mechanical damage to the cockroaches, such as the common laser attack.

包括光注入、電磁操縱、放射線注入等在內的半侵入式攻擊,在安全晶片運行的特定時刻特定物理位置,人為引入瞬間可控的干擾訊號,改變晶片程式流程、記憶體內 容,以獲取敏感許可權操作及金鑰等敏感資訊,而其中又以雷射注入最為常見。由於雷射的能量集中,因而很容易使晶片內部數位邏輯產生錯誤翻轉,或者使記憶體單元發生暫態資料錯誤,從而對晶片的安全性造成危害。目前晶片對抗雷射攻擊常用的方法主要有使用無源遮罩層(在晶片表面覆蓋大面積金屬層)、光感測器和增加資料校驗位元等。但是金屬遮罩層的方法受現有製程和製造條件限制只能應用於晶片正面,若雷射從晶片背面進行攻擊則該金屬遮罩層不起作用;同時光感測器的方法受限於晶片面積的制約,故總是以一定密度存在而不可能佈滿整個晶片。 Semi-invasive attacks including light injection, electromagnetic manipulation, radiation injection, etc., specific physical positions at specific moments of safe wafer operation, artificially introducing instantaneous controllable interference signals, changing wafer program flow, memory To obtain sensitive information such as sensitive permission operations and keys, and laser injection is the most common. Due to the concentrated energy of the laser, it is easy to cause the internal logic of the chip to be erroneously flipped, or the memory unit is subjected to transient data errors, thereby jeopardizing the safety of the wafer. At present, the commonly used methods for wafers against laser attacks mainly include the use of a passive mask layer (covering a large area of metal layer on the surface of the wafer), a photosensor, and an additional data check bit. However, the method of the metal mask layer can only be applied to the front side of the wafer due to the limitations of existing processes and manufacturing conditions. If the laser strikes from the back side of the wafer, the metal mask layer does not work; at the same time, the method of the photo sensor is limited to the wafer. The area is limited, so it always exists at a certain density and cannot spread the entire wafer.

圖1為先前技術的安全晶片的結構示意圖,如圖1所示,安全晶片主要包括以下。 1 is a schematic structural view of a prior art security wafer. As shown in FIG. 1, the security wafer mainly includes the following.

安全演算法單元101,用於實現安全演算法。一般,安全演算法包括RSA(Rivest Shamir Adlemen,一種公開金鑰加密)演算法,AES(Advanced Encryption Standard,高級對稱密碼標準)演算法,雜湊(HASH)演算法等。 The security algorithm unit 101 is configured to implement a security algorithm. In general, security algorithms include RSA (Rivest Shamir Adlemen, a public key encryption) algorithm, AES (Advanced Encryption Standard) algorithm, hash (HASH) algorithm, and the like.

模擬振盪器102,用於為整個晶片系統提供所需的時鐘訊號。 The analog oscillator 102 is used to provide the required clock signal for the entire wafer system.

電源管理單元103,用於為整個晶片提供穩定可靠的電源,以及配合系統的低功耗策略。 The power management unit 103 is configured to provide a stable and reliable power supply for the entire wafer, and to cooperate with the system's low power consumption strategy.

安全防護單元104,通常包括光感測器、溫度感測器和磁場感測器等。 The security protection unit 104 generally includes a light sensor, a temperature sensor, a magnetic field sensor, and the like.

微處理器及匯流排矩陣105,微處理器是整個晶片的核心,它通過匯流排矩陣和各種外設聯繫起來,從而通過 運行於處理器上的軟體來控制整個系統的運行。 Microprocessor and bus bar matrix 105, the microprocessor is the core of the entire chip, it is connected through the bus matrix and various peripherals, thereby passing Software running on the processor to control the operation of the entire system.

時鐘及重定管理單元106,用於管理整個晶片的時鐘和重定網路。 The clock and reconfiguration management unit 106 is configured to manage the clock and re-network of the entire wafer.

介面單元107,通常包括符合ISO 7816協議,或ISO 14443協議的通訊介面。 The interface unit 107 generally includes a communication interface conforming to the ISO 7816 protocol or the ISO 14443 protocol.

非易失性記憶體及其控制器108,通常包括ROM、EEPROM或FLASH等及其對應的記憶體控制器。 The non-volatile memory and its controller 108 typically include a ROM, EEPROM or FLASH, etc., and their corresponding memory controllers.

動態隨機記憶體及其控制器109,亦即微處理器運行所需要的記憶體及記憶體控制器。 The dynamic random memory and its controller 109, that is, the memory and memory controller required for the microprocessor to operate.

通常,在安全晶片中,非易失性記憶體(主要指快閃記憶體和EEPROM)總是佔有相當大的面積,因此也最容易成為半侵入式安全攻擊的目標,而針對非易失性記憶體的安全防護也一直是安全晶片設計所考慮的重點之一。 Generally, in security chips, non-volatile memory (mainly flash memory and EEPROM) always occupies a considerable area, so it is also the easiest target for semi-intrusive security attacks, but for non-volatile Memory security has also been one of the key considerations for secure chip design.

為解決先前技術存在的技術問題,本發明實施例期望提供一種安全晶片及其非易失性記憶體控制裝置、方法,能以較小的硬體和系統開銷實現對安全晶片中非易失性存儲資料的保護。 In order to solve the technical problems existing in the prior art, embodiments of the present invention are expected to provide a security chip and a non-volatile memory control apparatus and method thereof, which can realize non-volatileness in a security chip with a small hardware and system overhead. Protection of stored data.

本發明實施例的技術方案是如下述這樣實現的。 The technical solution of the embodiment of the present invention is implemented as follows.

本發明實施例提供一種非易失性記憶體控制裝置,包括:非易失性記憶體和記憶體控制器。 Embodiments of the present invention provide a nonvolatile memory control device including: a nonvolatile memory and a memory controller.

該非易失性記憶體包括:第一存儲區和校驗存儲區。 The non-volatile memory includes: a first storage area and a verification storage area.

第一存儲區,用於存儲第一寫資料。 The first storage area is configured to store the first write data.

校驗存儲區,用於存儲第一寫資料對應的循環冗餘校 驗值。 Verifying the storage area for storing the cyclic redundancy check corresponding to the first write data Test value.

該記憶體控制器包括:循環冗餘校驗單元、校驗值寫單元、第一寫單元、寄存單元、比對單元和第一讀單元。 The memory controller includes: a cyclic redundancy check unit, a check value write unit, a first write unit, a registration unit, a comparison unit, and a first read unit.

循環冗餘校驗單元,用於計算資料對應的循環冗餘校驗值。 A cyclic redundancy check unit is used to calculate a cyclic redundancy check value corresponding to the data.

校驗值寫單元,用於將該第一寫資料對應的循環冗餘校驗值寫入該校驗存儲區。 The check value writing unit is configured to write the cyclic redundancy check value corresponding to the first write data into the check storage area.

第一寫單元,用於將第一寫資料寫入該第一存儲區。 The first writing unit is configured to write the first write data into the first storage area.

寄存單元,用於寄存讀資料對應的循環冗餘校驗值。 The registration unit is configured to register a cyclic redundancy check value corresponding to the read data.

比對單元,用於比對讀資料對應的該校驗存儲區中的循環冗餘校驗值和讀資料對應的寄存單元中的循環冗餘校驗值。 The comparison unit is configured to compare the cyclic redundancy check value in the check storage area corresponding to the read data and the cyclic redundancy check value in the registration unit corresponding to the read data.

第一讀單元,用於當讀資料對應的該校驗存儲區中的循環冗餘校驗值和讀資料對應的寄存單元中的循環冗餘校驗值相同時,返回該讀資料。 The first reading unit is configured to return the read data when the cyclic redundancy check value in the check storage area corresponding to the read data is the same as the cyclic redundancy check value in the register unit corresponding to the read data.

上述方案中,該記憶體控制器還包括:報警單元,用於當讀資料對應的該校驗存儲區中的循環冗餘校驗值和讀資料對應的寄存單元中的循環冗餘校驗值不相同時,返回報警資訊。 In the above solution, the memory controller further includes: an alarm unit, configured to: when the read data corresponds to the cyclic redundancy check value in the check storage area and the cyclic redundancy check value in the register unit corresponding to the read data When not the same, the alarm information is returned.

上述方案中,該非易失性記憶體還包括:第二存儲區,用於存儲第二寫資料。 In the above solution, the non-volatile memory further includes: a second storage area, configured to store the second write data.

該記憶體控制器還包括:第二寫單元,用於直接將第二寫資料寫入該第二存儲區;第二讀單元,用於直接返回該第二存儲區中的資料。 The memory controller further includes: a second write unit for directly writing the second write data to the second storage area; and a second read unit for directly returning the data in the second storage area.

上述方案中,該非易失性記憶體的第一存儲區與校驗存儲區不相鄰,或第一存儲區與校驗存儲區的首位址相距較遠。 In the above solution, the first storage area of the non-volatile memory is not adjacent to the verification storage area, or the first storage area is far from the first address of the verification storage area.

上述方案中,該非易失性記憶體中,第一存儲區的一個單位資料對應校驗存儲區的一個循環冗餘校驗值。 In the above solution, in the non-volatile memory, one unit data of the first storage area corresponds to a cyclic redundancy check value of the verification storage area.

本發明實施例還提供一種安全晶片,該安全晶片中包括上述任意一種非易失性記憶體控制裝置。 The embodiment of the invention further provides a security chip, which includes any of the above non-volatile memory control devices.

本發明實施例還提供一種非易失性存儲控制方法,該方法包括:當對第一存儲區執行寫操作時,循環冗餘校驗單元計算第一寫資料對應的循環冗餘校驗值;校驗值寫單元將該第一寫資料對應的循環冗餘校驗值寫入該校驗存儲區;第一寫單元將該第一寫資料寫入該第一存儲區;當對該第一存儲區執行讀操作時,循環冗餘校驗單元計算讀資料對應的循環冗餘校驗值;寄存單元寄存讀資料對應的循環冗餘校驗值;比對單元比對讀資料對應的該校驗存儲區中的循環冗餘校驗值和讀資料對應的寄存單元中的循環冗餘校驗值;當讀資料對應的該校驗存儲區中的循環冗餘校驗值和讀資料對應的寄存單元中的循環冗餘校驗值相同時,第一讀單元返回該讀資料。 The embodiment of the present invention further provides a non-volatile storage control method, the method includes: when performing a write operation on the first storage area, the cyclic redundancy check unit calculates a cyclic redundancy check value corresponding to the first write data; The check value writing unit writes the cyclic redundancy check value corresponding to the first write data into the check storage area; the first write unit writes the first write data into the first storage area; When the storage area performs a read operation, the cyclic redundancy check unit calculates a cyclic redundancy check value corresponding to the read data; the registration unit registers the cyclic redundancy check value corresponding to the read data; and the comparison unit compares the read data corresponding to the school Verifying the cyclic redundancy check value in the storage area and the cyclic redundancy check value in the register unit corresponding to the read data; the cyclic redundancy check value and the read data corresponding to the check storage area corresponding to the read data When the cyclic redundancy check value in the registration unit is the same, the first read unit returns the read data.

上述方案中,該方法還包括:當讀資料對應的該校驗存儲區中的循環冗餘校驗值和讀資料對應的寄存單元中的循環冗餘校驗值不相同時,報警單元返回報警資訊。 In the above solution, the method further includes: when the cyclic redundancy check value in the check storage area corresponding to the read data is different from the cyclic redundancy check value in the register unit corresponding to the read data, the alarm unit returns an alarm. News.

上述方案中,該方法還包括:當對第二存儲區執行寫操作時,第二寫單元直接將第二寫資料寫入該第二存儲 區;當對第二存儲區執行讀操作時,第二讀單元直接返回該第二存儲區中的資料。 In the above solution, the method further includes: when performing a write operation on the second storage area, the second write unit directly writes the second write data to the second storage When the read operation is performed on the second storage area, the second read unit directly returns the data in the second storage area.

上述方案中,該計算第一寫資料對應的循環冗餘校驗值包括:對第一寫資料的每單位資料逐一計算與之對應的循環冗餘校驗值。 In the above solution, the calculating the cyclic redundancy check value corresponding to the first write data comprises: calculating a cyclic redundancy check value corresponding to each unit data of the first write data one by one.

本發明實施例所提供的安全晶片及其非易失性記憶體控制裝置、方法,通過對非易失性記憶體內的重要資料可使用專用的循環冗餘校驗電路進行特徵值運算,並且將該特徵值與重要資料分別獨立存放,從而在安全晶片的非易失性記憶體受到攻擊時,系統能及時發現重要資料是否已被篡改,進而可以及時報警或採取其他應對措施。採用循環冗餘校驗電路計算特徵值,軟硬體實現複雜度低,系統性能損失小。 The security chip and the non-volatile memory control device and method provided by the embodiments of the present invention can perform eigenvalue calculation by using a dedicated cyclic redundancy check circuit for important data in the non-volatile memory, and The feature value is stored separately from the important data, so that when the non-volatile memory of the security chip is attacked, the system can timely discover whether the important data has been tampered with, and then can promptly alarm or take other countermeasures. The cyclic redundancy check circuit is used to calculate the eigenvalues, the hardware and software implementation complexity is low, and the system performance loss is small.

21‧‧‧非易失性記憶體 21‧‧‧ Non-volatile memory

22‧‧‧記憶體控制器 22‧‧‧Memory Controller

101‧‧‧安全演算法單元 101‧‧‧Security algorithm unit

102‧‧‧模擬振盪器 102‧‧‧ Analog Oscillator

103‧‧‧電源管理單元 103‧‧‧Power Management Unit

104‧‧‧安全防護單元 104‧‧‧Safety protection unit

105‧‧‧微處理器及匯流排矩陣 105‧‧‧Microprocessor and Bus Bar Matrix

106‧‧‧時鐘及重定管理單元 106‧‧‧clock and re-management unit

107‧‧‧介面單元 107‧‧‧Interface unit

108‧‧‧非易失性記憶體及其控制器 108‧‧‧ Non-volatile memory and its controller

109‧‧‧動態隨機記憶體及其控制器 109‧‧‧Dynamic random memory and its controller

211‧‧‧第一存儲區 211‧‧‧First storage area

212‧‧‧校驗存儲區 212‧‧‧Check storage area

221‧‧‧循環冗餘校驗單元 221‧‧‧Cyclic Redundancy Check Unit

222‧‧‧校驗值寫單元 222‧‧‧Check value writing unit

223‧‧‧第一寫單元 223‧‧‧first writing unit

224‧‧‧寄存單元 224‧‧‧Registering unit

225‧‧‧比對單元 225‧‧‧ comparison unit

226‧‧‧第一讀單元 226‧‧‧ first reading unit

301~307‧‧‧步驟 301~307‧‧‧Steps

圖1為先前技術的安全晶片的結構示意圖。 1 is a schematic structural view of a prior art security wafer.

圖2為本發明實施例提供的非易失性記憶體控制裝置的組成結構示意圖。 2 is a schematic structural diagram of a structure of a nonvolatile memory control device according to an embodiment of the present invention.

圖3為本發明實施例提供的非易失性存儲控制方法的實現流程示意圖。 FIG. 3 is a schematic flowchart of an implementation process of a non-volatile storage control method according to an embodiment of the present invention.

為了更清楚地說明本發明實施例和技術方案,下面將結合圖式及實施例對本發明的技術方案進行更詳細的說明,顯然,所描述的實施例是本發明的一部分實施例,而不是全部實施例。基於本發明的實施例,本領域普通技術 人員在不付出創造性勞動的前提下所獲得的所有其他實施例,都屬於本發明保護的範圍。 In order to more clearly illustrate the embodiments and technical solutions of the present invention, the technical solutions of the present invention will be described in more detail below with reference to the drawings and embodiments. It is obvious that the described embodiments are a part of the embodiments of the present invention, and not all Example. General techniques in the art based on embodiments of the invention All other embodiments obtained by a person without creative efforts are within the scope of the present invention.

本發明實施例中,將安全晶片中的非易失性記憶體及其控制器合稱為非易失性記憶體控制裝置,例如圖1中的非易失性記憶體及其控制器108可被稱為非易失性記憶體控制裝置。 In the embodiment of the present invention, the non-volatile memory in the security chip and its controller are collectively referred to as a non-volatile memory control device, such as the non-volatile memory in FIG. 1 and its controller 108. It is called a non-volatile memory control device.

圖2為本發明實施例提供的非易失性記憶體控制裝置的結構示意圖,如圖2所示,該裝置包括:非易失性記憶體21和記憶體控制器22。 2 is a schematic structural diagram of a nonvolatile memory control device according to an embodiment of the present invention. As shown in FIG. 2, the device includes a nonvolatile memory 21 and a memory controller 22.

該非易失性記憶體21包括:第一存儲區211和校驗存儲區212;其中第一存儲區211用於存儲第一寫資料;校驗存儲區212用於存儲第一寫資料對應的循環冗餘校驗值。 The non-volatile memory 21 includes: a first storage area 211 and a verification storage area 212; wherein the first storage area 211 is configured to store the first write data; and the verification storage area 212 is configured to store a cycle corresponding to the first write data. Redundancy check value.

該記憶體控制器22包括:循環冗餘校驗單元221、校驗值寫單元222、第一寫單元223、寄存單元224、比對單元225和第一讀單元226。 The memory controller 22 includes a cyclic redundancy check unit 221, a check value write unit 222, a first write unit 223, a registration unit 224, a comparison unit 225, and a first read unit 226.

循環冗餘校驗單元221,用於計算資料對應的循環冗餘校驗值。 The cyclic redundancy check unit 221 is configured to calculate a cyclic redundancy check value corresponding to the data.

校驗值寫單元222,用於將該第一寫資料對應的循環冗餘校驗值寫入該校驗存儲區212。 The check value writing unit 222 is configured to write the cyclic redundancy check value corresponding to the first write data into the check storage area 212.

第一寫單元223,用於將第一寫資料寫入該第一存儲區211。 The first writing unit 223 is configured to write the first write data into the first storage area 211.

寄存單元224,用於寄存讀資料對應的循環冗餘校驗值。 The register unit 224 is configured to register a cyclic redundancy check value corresponding to the read data.

比對單元225,用於比對讀資料對應的該校驗存儲區212中的循環冗餘校驗值和讀資料對應的寄存單元224中的循環冗餘校驗值。 The comparing unit 225 is configured to compare the cyclic redundancy check value in the check storage area 212 corresponding to the read data with the cyclic redundancy check value in the register unit 224 corresponding to the read data.

第一讀單元226,用於當讀資料對應的該校驗存儲區212中的循環冗餘校驗值和讀資料對應的寄存單元224中的循環冗餘校驗值相同時,返回該讀資料。 The first reading unit 226 is configured to return the read data when the cyclic redundancy check value in the check storage area 212 corresponding to the read data is the same as the cyclic redundancy check value in the register unit 224 corresponding to the read data. .

具體的,第一寫資料通常是十分重要的資料,一旦這類資料被篡改或者丟失,將對安全晶片的使用者造成損失,例如用戶金鑰,充值卡餘額資訊等。因此這類資料需要做專門保護。安全晶片在將這類資料(第一寫資料)寫入非易失性記憶體21時,應將第一寫資料存儲於第一存儲區211中。為了加強對第一寫資料的保護力度,本發明實施例中,記憶體控制器22包括循環冗餘校驗單元221,可對第一寫入資料計算其對應的循環冗餘校驗值,並由校驗值寫單元222將該循環冗餘校驗值寫入校驗存儲區212。相應的,第一寫資料由第一寫單元223寫入第一存儲區211。 Specifically, the first written data is usually very important information. Once such data is tampered with or lost, it will cause losses to users of the security chip, such as user keys, recharge card balance information, and the like. Therefore, such information needs to be specifically protected. When the security chip writes such material (first write data) into the nonvolatile memory 21, the first write data should be stored in the first storage area 211. In order to enhance the protection of the first write data, in the embodiment of the present invention, the memory controller 22 includes a cyclic redundancy check unit 221, and can calculate a corresponding cyclic redundancy check value for the first write data, and The cyclic redundancy check value is written to the check storage area 212 by the check value writing unit 222. Correspondingly, the first write data is written by the first write unit 223 to the first storage area 211.

這裡,用於計算循環冗餘校驗值的多項式的選擇可以不是固定的,安全晶片可根據應用需要來選定。常用且標準的循環冗余校驗值生成多項式有:X8+X5+X4+1、X16+X15+X2+1、X32+X26+X23+X22+X16+X12+X11+X10+X8+X7+X5+X4+X2+1等。但無論選用何種多項式,循環冗餘校驗的好處在於,硬體的實現難度較低,佔用邏輯資源較少,同時存儲校驗值所需要的空間也少。這對於一些對成本和功耗敏感 的安全晶片(例如智慧卡)是極為有利的。 Here, the selection of the polynomial used to calculate the cyclic redundancy check value may not be fixed, and the security chip may be selected according to the needs of the application. Commonly used and standard cyclic redundancy check value generator polynomials are: X8+X5+X4+1, X16+X15+X2+1, X32+X26+X23+X22+X16+X12+X11+X10+X8+X7+ X5+X4+X2+1 and so on. However, no matter which polynomial is chosen, the advantage of cyclic redundancy check is that the implementation of the hardware is less difficult, the logic resources are less, and the space required for storing the check value is also small. This is sensitive to some cost and power consumption Security chips (such as smart cards) are extremely advantageous.

當安全晶片讀取非易失性記憶體21中第一存儲區211的資料,即讀取位址在第一存儲區211內時,這裡稱讀取位址對應的資料為“讀資料”,則記憶體控制器22的循環冗餘校驗單元221計算該讀資料對應的循環冗餘校驗值,並由寄存單元224寄存該讀資料對應的循環冗餘校驗值;接著,比對單元225比對讀資料對應的該校驗存儲區212中的循環冗餘校驗值和讀資料對應的寄存單元224中的循環冗餘校驗值;當讀資料對應的該校驗存儲區212中的循環冗餘校驗值和讀資料對應的寄存單元224中的循環冗餘校驗值相同時,說明非易失性記憶體21未遭到破壞,則第一讀單元226向安全晶片返回該讀資料。 When the security chip reads the data of the first storage area 211 in the non-volatile memory 21, that is, when the read address is in the first storage area 211, the data corresponding to the read address is referred to as "read data". Then, the cyclic redundancy check unit 221 of the memory controller 22 calculates a cyclic redundancy check value corresponding to the read data, and registers the cyclic redundancy check value corresponding to the read data by the register unit 224; then, the comparison unit 225: the cyclic redundancy check value in the check storage area 212 corresponding to the read data and the cyclic redundancy check value in the register unit 224 corresponding to the read data; in the check storage area 212 corresponding to the read data When the cyclic redundancy check value is the same as the cyclic redundancy check value in the register unit 224 corresponding to the read data, the non-volatile memory 21 is not destroyed, and the first read unit 226 returns the security chip to the security chip. Read the materials.

較佳的,上述控制裝置中,該記憶體控制器22還包括:報警單元,用於當讀資料對應的該校驗存儲區212中的循環冗餘校驗值和讀資料對應的寄存單元224中的循環冗餘校驗值不相同時,向安全晶片返回報警資訊。 Preferably, in the above control device, the memory controller 22 further includes: an alarm unit, and a registration unit 224 corresponding to the cyclic redundancy check value and the read data in the check storage area 212 corresponding to the read data. When the cyclic redundancy check values are different, the alarm information is returned to the security chip.

進一步的,該向安全晶片返回報警資訊可以包括:報警單元向安全晶片內部微處理器或者晶片系統控制單元發送報警訊號;可由安全晶片固件或者硬體系統對該報警訊號進行安全防護和處理,例如晶片內部斷電或者重定等。 Further, the returning the alarm information to the security chip may include: the alarm unit sends an alarm signal to the internal microprocessor of the security chip or the chip system control unit; and the security signal may be securely protected and processed by the security chip firmware or the hardware system, for example, The inside of the chip is powered off or reset.

在一些實施例中,非易失性記憶體21中也可能存儲一些不十分重要的資料,這類資料不需要專門保護,因此,上述非易失性記憶體控制裝置中,如圖2所示,非易失性記憶體21還可以包括:第二存儲區,用於存儲第二寫資 料;這裡,第二寫資料即指不需要特別保護的那類資料。 In some embodiments, some non-essential data may also be stored in the non-volatile memory 21, and such data does not need special protection. Therefore, in the above non-volatile memory control device, as shown in FIG. The non-volatile memory 21 may further include: a second storage area for storing the second write capital Here, the second written data refers to the type of information that does not require special protection.

相應的,該記憶體控制器22還可以包括:第二寫單元,用於直接將第二寫資料寫入該第二存儲區;第二讀單元,用於直接返回該第二存儲區中的資料。 Correspondingly, the memory controller 22 may further include: a second write unit for directly writing the second write data to the second storage area; and a second read unit for directly returning to the second storage area data.

如此,非易失性記憶體控制裝置對於存儲在內的資料可根據資料安全等級、重要性等不同因素,而採用不同的存儲控制策略,提高了靈活性。 In this way, the non-volatile memory control device uses different storage control strategies for the stored data according to different factors such as the data security level and importance, thereby improving flexibility.

進一步的,為了減少非易失性記憶體21的第一存儲區211與校驗存儲區212同時受到攻擊的機率,上述控制裝置中,非易失性記憶體21的第一存儲區211與校驗存儲區212最好不相鄰,例如,讓它們中間以第二存儲區相隔;或著讓第一存儲區211的首位址與校驗存儲區212的首位址相距比較遠的距離。 Further, in order to reduce the probability that the first storage area 211 and the verification storage area 212 of the non-volatile memory 21 are simultaneously attacked, in the above control device, the first storage area 211 of the non-volatile memory 21 is calibrated. Preferably, the memory areas 212 are not adjacent, for example, such that they are separated by a second memory area; or the first address of the first memory area 211 is at a relatively long distance from the first address of the verification memory area 212.

進一步的,上述非易失性記憶體21中,第一存儲區211的一個單位資料對應校驗存儲區212的一個循環冗餘校驗值。 Further, in the non-volatile memory 21, one unit data of the first storage area 211 corresponds to one cyclic redundancy check value of the verification storage area 212.

具體的,一份重要的資料可能需要多個存儲單位來保存,這裡,存儲單位可以是1byte,也可以是1page,具體根據非易失性記憶體21的讀/寫頻寬和應用場景確定;為了提高安全性,在一些實施例中,對一份第一寫資料的每個單位資料分別計算一個循環冗餘校驗值進行存儲,如此,一份重要的資料將對應一個以上的循環冗餘校驗值。 Specifically, an important data may need to be stored in multiple storage units. Here, the storage unit may be 1 byte or 1 page, which is determined according to the read/write bandwidth of the non-volatile memory 21 and the application scenario; In order to improve security, in some embodiments, a cyclic redundancy check value is separately calculated for each unit data of a first write data, so that an important data will correspond to more than one cyclic redundancy. Check value.

在實際應用中,上述非易失性記憶體21可以是一次性可程式設計唯讀記憶體(OTP ROM)、電可擦可程式設計唯 讀記憶體(EEPROM)或快閃記憶體(Flash),記憶體控制器22可以由控制電路實現。 In practical applications, the non-volatile memory 21 may be a one-time programmable read-only memory (OTP ROM), electrically erasable and programmable. The read memory (EEPROM) or flash memory (Flash), the memory controller 22 can be implemented by a control circuit.

本發明實施例還提供一種安全晶片,該安全晶片中包括上述任意一種非易失性記憶體控制裝置。 The embodiment of the invention further provides a security chip, which includes any of the above non-volatile memory control devices.

本發明實施例還提供一種非易失性存儲控制方法,如圖3所示,該方法包括:當對第一存儲區執行寫操作時,步驟301,循環冗餘校驗單元計算第一寫資料對應的循環冗餘校驗值。 The embodiment of the present invention further provides a non-volatile storage control method. As shown in FIG. 3, the method includes: when performing a write operation on the first storage area, in step 301, the cyclic redundancy check unit calculates the first write data. Corresponding cyclic redundancy check value.

步驟302,校驗值寫單元將該第一寫資料對應的循環冗餘校驗值寫入該校驗存儲區。 Step 302: The check value writing unit writes the cyclic redundancy check value corresponding to the first write data into the check storage area.

步驟303,第一寫單元將該第一寫資料寫入該第一存儲區。 Step 303: The first write unit writes the first write data into the first storage area.

當對第一存儲區執行讀操作時,步驟304,循環冗餘校驗單元計算讀資料對應的循環冗餘校驗值。 When a read operation is performed on the first storage area, in step 304, the cyclic redundancy check unit calculates a cyclic redundancy check value corresponding to the read data.

步驟305,寄存單元寄存讀資料對應的循環冗餘校驗值。 Step 305, the registration unit registers the cyclic redundancy check value corresponding to the read data.

步驟306,比對單元比對讀資料對應的該校驗存儲區中的循環冗餘校驗值和讀資料對應的寄存單元中的循環冗餘校驗值。 Step 306: The comparison unit compares the cyclic redundancy check value in the check storage area corresponding to the read data with the cyclic redundancy check value in the register unit corresponding to the read data.

步驟307,當讀資料對應的該校驗存儲區中的循環冗餘校驗值和讀資料對應的寄存單元中的循環冗餘校驗值相同時,第一讀單元返回該讀資料。 Step 307: When the cyclic redundancy check value in the check storage area corresponding to the read data is the same as the cyclic redundancy check value in the register unit corresponding to the read data, the first read unit returns the read data.

較佳的,上述方法還包括:當讀資料對應的該校驗存儲區中的循環冗餘校驗值和 讀資料對應的寄存單元中的循環冗餘校驗值不相同時,報警單元返回報警資訊。 Preferably, the method further includes: when the read data corresponds to the cyclic redundancy check value in the check storage area and When the cyclic redundancy check value in the registration unit corresponding to the read data is different, the alarm unit returns the alarm information.

進一步的,上述方法還可以包括:當對第二存儲區執行寫操作時,第二寫單元直接將第二寫資料寫入該第二存儲區;當對第二存儲區執行讀操作時,第二讀單元直接返回該第二存儲區中的資料。 Further, the method may further include: when performing a write operation on the second storage area, the second write unit directly writes the second write data to the second storage area; when performing the read operation on the second storage area, The second reading unit directly returns the data in the second storage area.

進一步的,上述方法中,該計算第一寫資料對應的循環冗餘校驗值包括:對第一寫資料的每單位資料逐一計算與之對應的循環冗餘校驗值。 Further, in the above method, the calculating the cyclic redundancy check value corresponding to the first write data comprises: calculating, according to each unit data of the first write data, a cyclic redundancy check value corresponding thereto.

本領域內的技術人員應明白,本發明的實施例可提供為方法、系統、或電腦程式產品。因此,本發明可採用硬體實施例、軟體實施例、或結合軟體和硬體方面的實施例的形式。而且,本發明可採用在一個或多個其中包含有電腦可用程式碼的電腦可用存儲介質(包括但不限於磁碟記憶體和光學記憶體等)上實施的電腦程式產品的形式。 Those skilled in the art will appreciate that embodiments of the present invention can be provided as a method, system, or computer program product. Thus, the invention may take the form of a hardware embodiment, a software embodiment, or an embodiment incorporating a software and a hardware. Moreover, the present invention can take the form of a computer program product embodied on one or more computer usable storage media (including but not limited to disk memory and optical memory, etc.) including computer usable code.

本發明是參照根據本發明實施例的方法、設備(系統)、和電腦程式產品的流程圖及/或方框圖來描述的。應理解可由電腦程式指令實現流程圖及/或方框圖中的每一流程及/或方框、以及流程圖及/或方框圖中的流程及/或方框的結合。可提供這些電腦程式指令到通用電腦、專用電腦、嵌入式處理機或其他可程式設計資料處理設備的處理器以產生一個機器,使得通過電腦或其他可程式設計資料處理設備的處理器執行的指令產生用於實現在流程圖一個流程或多個流程及/或方框圖一個方框或多個方框中指定 的功能的裝置。 The present invention has been described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (system), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of flowcharts and/or block diagrams, and combinations of flows and/or blocks in the flowcharts and/or block diagrams can be implemented by computer program instructions. These computer program instructions can be provided to a processor of a general purpose computer, a special purpose computer, an embedded processor or other programmable data processing device to produce a machine for executing instructions by a processor of a computer or other programmable data processing device Generated for implementation in a flow or a flow or a block diagram in a block or blocks Functional device.

這些電腦程式指令也可存儲在能引導電腦或其他可程式設計資料處理設備以特定方式工作的電腦可讀記憶體中,使得存儲在該電腦可讀記憶體中的指令產生包括指令裝置的製造品,該指令裝置實現在流程圖一個流程或多個流程及/或方框圖一個方框或多個方框中指定的功能。 The computer program instructions can also be stored in a computer readable memory that can boot a computer or other programmable data processing device to operate in a particular manner, such that instructions stored in the computer readable memory produce an article of manufacture including the instruction device. The instruction device implements the functions specified in one or more flows of the flowchart or in a block or blocks of the flowchart.

這些電腦程式指令也可裝載到電腦或其他可程式設計資料處理設備上,使得在電腦或其他可程式設計設備上執行一系列操作步驟以產生電腦實現的處理,從而在電腦或其他可程式設計設備上執行的指令提供用於實現在流程圖一個流程或多個流程及/或方框圖一個方框或多個方框中指定的功能的步驟。 These computer program instructions can also be loaded onto a computer or other programmable data processing device to perform a series of operational steps on a computer or other programmable device to produce computer-implemented processing on a computer or other programmable device. The instructions executed on the steps provide steps for implementing the functions specified in one or more of the flow or in a block or blocks of the flowchart.

以上所述,僅為本發明的較佳實施例而已,並非用於限定本發明的保護範圍。 The above is only the preferred embodiment of the present invention and is not intended to limit the scope of the present invention.

21‧‧‧非易失性記憶體 21‧‧‧ Non-volatile memory

22‧‧‧記憶體控制器 22‧‧‧Memory Controller

211‧‧‧第一存儲區 211‧‧‧First storage area

212‧‧‧校驗存儲區 212‧‧‧Check storage area

221‧‧‧循環冗餘校驗單元 221‧‧‧Cyclic Redundancy Check Unit

222‧‧‧校驗值寫單元 222‧‧‧Check value writing unit

223‧‧‧第一寫單元 223‧‧‧first writing unit

224‧‧‧寄存單元 224‧‧‧Registering unit

225‧‧‧比對單元 225‧‧‧ comparison unit

226‧‧‧第一讀單元 226‧‧‧ first reading unit

Claims (10)

一種非易失性記憶體控制裝置,包括:非易失性記憶體以及記憶體控制器;該非易失性記憶體包括:第一存儲區,用於存儲第一寫資料;校驗存儲區,用於存儲第一寫資料對應的循環冗餘校驗值;該記憶體控制器包括:循環冗餘校驗單元,用於計算資料對應的循環冗餘校驗值;校驗值寫單元,用於將該第一寫資料對應的循環冗餘校驗值寫入該校驗存儲區;第一寫單元,用於將第一寫資料寫入該第一存儲區;寄存單元,用於寄存讀資料對應的循環冗餘校驗值;比對單元,用於比對讀資料對應的該校驗存儲區中的循環冗餘校驗值和讀資料對應的該寄存單元中的循環冗餘校驗值;第一讀單元,用於當讀資料對應的該校驗存儲區中的循環冗餘校驗值和讀資料對應的該寄存單元中的循環冗餘校驗值相同時,返回該讀資料。 A non-volatile memory control device includes: a non-volatile memory and a memory controller; the non-volatile memory includes: a first storage area for storing a first write data; a check storage area, And a cyclic redundancy check value corresponding to the first write data; the memory controller includes: a cyclic redundancy check unit, configured to calculate a cyclic redundancy check value corresponding to the data; and a check value write unit, Writing a cyclic redundancy check value corresponding to the first write data to the check storage area; a first write unit for writing the first write data to the first storage area; and a register unit for registering the read The cyclic redundancy check value corresponding to the data; the comparison unit is configured to compare the cyclic redundancy check value in the check storage area corresponding to the read data and the cyclic redundancy check in the register unit corresponding to the read data a first reading unit, configured to return the read data when the cyclic redundancy check value in the check storage area corresponding to the read data is the same as the cyclic redundancy check value in the register unit corresponding to the read data . 如請求項1所記載之非易失性記憶體控制裝置,其中 該記憶體控制器進一步包括:報警單元,用於當讀資料對應的該校驗存儲區中的循環冗餘校驗值和讀資料對應的該寄存單元中的循環冗餘校驗值不相同時,返回報警資訊。 A nonvolatile memory control device as recited in claim 1, wherein The memory controller further includes: an alarm unit, configured to: when the cyclic redundancy check value in the check storage area corresponding to the read data is different from the cyclic redundancy check value in the register unit corresponding to the read data , return to the alarm information. 如請求項1所記載之非易失性記憶體控制裝置,其中該非易失性記憶體進一步包括:第二存儲區,用於存儲第二寫資料;該記憶體控制器進一步包括:第二寫單元,用於直接將第二寫資料寫入該第二存儲區;第二讀單元,用於直接返回該第二存儲區中的資料。 The non-volatile memory control device of claim 1, wherein the non-volatile memory further comprises: a second storage area for storing the second write data; the memory controller further comprising: the second write a unit for directly writing the second write data to the second storage area; and a second read unit for directly returning the data in the second storage area. 如請求項1所記載之非易失性記憶體控制裝置,其中該非易失性記憶體的該第一存儲區與該校驗存儲區不相鄰,或該第一存儲區與該校驗存儲區的首位址相距較遠。 The non-volatile memory control device of claim 1, wherein the first storage area of the non-volatile memory is not adjacent to the verification storage area, or the first storage area and the verification storage The first addresses of the district are far apart. 如請求項1所記載之非易失性記憶體控制裝置,其中該非易失性記憶體中,該第一存儲區的一個單位資料對應該校驗存儲區的一個循環冗餘校驗值。 The non-volatile memory control device of claim 1, wherein a unit data of the first storage area corresponds to a cyclic redundancy check value of the storage area in the non-volatile memory. 一種安全晶片,包括請求項1至5中任一項所記載之非易失性記憶體控制裝置。 A security chip comprising the nonvolatile memory control device according to any one of claims 1 to 5. 一種非易失性存儲控制方法,包括以下步驟:當對第一存儲區執行寫操作時,循環冗餘校驗單元計算第一寫資料對應的循環冗餘校驗值; 校驗值寫單元將該第一寫資料對應的循環冗餘校驗值寫入校驗存儲區;第一寫單元將該第一寫資料寫入該第一存儲區;當對該第一存儲區執行讀操作時,該循環冗餘校驗單元計算讀資料對應的循環冗餘校驗值;寄存單元寄存讀資料對應的循環冗餘校驗值;比對單元比對讀資料對應的該校驗存儲區中的循環冗餘校驗值和讀資料對應的該寄存單元中的循環冗餘校驗值;以及當讀資料對應的該校驗存儲區中的循環冗餘校驗值和讀資料對應的該寄存單元中的循環冗餘校驗值相同時,第一讀單元返回該讀資料。 A non-volatile storage control method includes the following steps: when performing a write operation on the first storage area, the cyclic redundancy check unit calculates a cyclic redundancy check value corresponding to the first write data; The check value writing unit writes the cyclic redundancy check value corresponding to the first write data into the check storage area; the first write unit writes the first write data into the first storage area; when the first storage is When the area performs a read operation, the cyclic redundancy check unit calculates a cyclic redundancy check value corresponding to the read data; the register unit registers the cyclic redundancy check value corresponding to the read data; and the comparison unit compares the read data corresponding to the school Verifying the cyclic redundancy check value in the storage area and the cyclic redundancy check value in the registration unit corresponding to the read data; and the cyclic redundancy check value and the read data in the check storage area corresponding to the read data When the corresponding cyclic redundancy check value in the register unit is the same, the first read unit returns the read data. 如請求項7所記載之非易失性存儲控制方法,其中該非易失性存儲控制方法進一步包括:當讀資料對應的該校驗存儲區中的循環冗餘校驗值和讀資料對應的該寄存單元中的循環冗餘校驗值不相同時,報警單元返回報警資訊。 The non-volatile storage control method as claimed in claim 7, wherein the non-volatile storage control method further comprises: the cyclic redundancy check value and the read data corresponding to the read storage area corresponding to the read data When the cyclic redundancy check values in the registration unit are different, the alarm unit returns an alarm message. 如請求項7所記載之非易失性存儲控制方法,其中該非易失性存儲控制方法進一步包括:當對第二存儲區執行寫操作時,第二寫單元直接將第二寫資料寫入該第二存儲區;當對第二存儲區執行讀操作時,第二讀單元直接返回該第二存儲區中的資料。 The nonvolatile storage control method as claimed in claim 7, wherein the nonvolatile storage control method further comprises: when performing a write operation on the second storage area, the second write unit directly writes the second write data to the a second storage area; when performing a read operation on the second storage area, the second read unit directly returns the data in the second storage area. 如請求項7所記載之非易失性存儲控制方法,其中該計算第一寫資料對應的循環冗餘校驗值包括:對該第一寫資料的每單位資料逐一計算與之對應的循環冗餘校驗值。 The non-volatile storage control method as claimed in claim 7, wherein the calculating the cyclic redundancy check value corresponding to the first write data comprises: calculating, by each unit of the first write data, a cyclic redundancy corresponding thereto The remaining check value.
TW105135980A 2015-12-07 2016-11-04 Security chip, non-volatile memory control device and non-volatile memory control method TWI619019B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510894144.0A CN106845289A (en) 2015-12-07 2015-12-07 A kind of safety chip and its non-volatile memories control device, method

Publications (2)

Publication Number Publication Date
TW201721442A true TW201721442A (en) 2017-06-16
TWI619019B TWI619019B (en) 2018-03-21

Family

ID=59012668

Family Applications (1)

Application Number Title Priority Date Filing Date
TW105135980A TWI619019B (en) 2015-12-07 2016-11-04 Security chip, non-volatile memory control device and non-volatile memory control method

Country Status (3)

Country Link
CN (1) CN106845289A (en)
TW (1) TWI619019B (en)
WO (1) WO2017097042A1 (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107451494B (en) * 2017-06-30 2020-05-22 杭州旗捷科技有限公司 Data protection method of chip rewriting device, electronic device and storage medium
WO2020019267A1 (en) * 2018-07-26 2020-01-30 华为技术有限公司 Data processing method and device
CN109947590A (en) * 2019-03-27 2019-06-28 奇瑞商用车(安徽)有限公司 A kind of method of data redundancy verification in automobile electronic system
CN110276213B (en) * 2019-06-24 2021-03-16 恒宝股份有限公司 Smart card and storage and verification method for sensitive result thereof
CN111274186B (en) * 2020-01-19 2022-06-24 北京中微芯成微电子科技有限公司 Singlechip for improving execution efficiency of central processing unit
CN112464499B (en) * 2020-12-24 2023-05-26 芯天下技术股份有限公司 Nonvolatile chip erasing data checking method and device, storage medium and terminal
CN115398862A (en) * 2021-03-09 2022-11-25 华为技术有限公司 Attack detection method and device
DE102021132005A1 (en) 2021-12-06 2023-06-07 Trumpf Laser Gmbh Control method and control device for a laser processing machine

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN200990146Y (en) * 2006-06-09 2007-12-12 刘明豪 Multichannel identification apparatus
TWI384367B (en) * 2008-12-31 2013-02-01 Askey Computer Corp System of updating firmware and method thereof
US8806112B2 (en) * 2011-07-14 2014-08-12 Lsi Corporation Meta data handling within a flash media controller
US8726104B2 (en) * 2011-07-28 2014-05-13 Sandisk Technologies Inc. Non-volatile memory and method with accelerated post-write read using combined verification of multiple pages
KR101213119B1 (en) * 2011-12-16 2012-12-18 플러스기술주식회사 Method and system for blocking improper contents
CN103365737B (en) * 2012-04-06 2016-09-14 国民技术股份有限公司 Data read-write method, read-write equipment and data-storage system
CN102890657B (en) * 2012-10-10 2016-04-27 深圳市航盛电子股份有限公司 The method that the reading and writing data of a kind of EEPROM of minimizing is made mistakes
CN103809147A (en) * 2012-11-12 2014-05-21 苏州工业园区新宏博通讯科技有限公司 AC ammeter fault self diagnosis method

Also Published As

Publication number Publication date
CN106845289A (en) 2017-06-13
WO2017097042A1 (en) 2017-06-15
TWI619019B (en) 2018-03-21

Similar Documents

Publication Publication Date Title
TWI619019B (en) Security chip, non-volatile memory control device and non-volatile memory control method
US11562075B2 (en) Secure booting method, apparatus, device for embedded program, and storage medium
CN102103673B (en) Providing integrity verification and attestation in a hidden execution environment
US10536274B2 (en) Cryptographic protection for trusted operating systems
KR20210131438A (en) Identity verification using secret key
US10503892B2 (en) Remote attestation for multi-core processor
US9276750B2 (en) Secure processing environment measurement and attestation
KR20210132216A (en) Verification of the identity of emergency vehicles during operation
KR20210131444A (en) Identity creation for computing devices using physical copy protection
TWI576698B (en) Maintaining a secure processing environment across power cycles
WO2017041603A1 (en) Data encryption method and apparatus, mobile terminal, and computer storage medium
CN104268487A (en) Reset and self-destruction management system for security chip
CN105718806A (en) Method for achieving trusted active measurement based on domestic BMC and TPM2.0
CN103530548A (en) Embedded terminal dependable starting method based on mobile dependable computing module
US10050981B2 (en) Attack detection through signal delay monitoring
US20150143533A1 (en) Method of generating a structure and corresponding structure
US11354415B2 (en) Warm boot attack mitigations for non-volatile memory modules
US10878100B2 (en) Secure boot processor with embedded NVRAM
JP2018169694A (en) Security device having tamper resistance against failure utilization attack
US11533172B2 (en) Apparatus and method for securely managing keys
Gordon et al. A novel IoT sensor authentication using HaLo extraction method and memory chip variability
US20140289874A1 (en) Integrated circuit (ic) chip and method of verifying data thereof
JP6396119B2 (en) IC module, IC card, and IC card manufacturing method
Wu et al. Uprooting trust: Learnings from an unpatchable hardware root-of-trust vulnerability in Siemens S7-1500 PLCs
JP5724387B2 (en) Portable device and dynamic data storage position changing method

Legal Events

Date Code Title Description
MM4A Annulment or lapse of patent due to non-payment of fees