TWI833533B - Key management device, processor chip and method for avoid using incomplete keys - Google Patents

Key management device, processor chip and method for avoid using incomplete keys Download PDF

Info

Publication number
TWI833533B
TWI833533B TW111150795A TW111150795A TWI833533B TW I833533 B TWI833533 B TW I833533B TW 111150795 A TW111150795 A TW 111150795A TW 111150795 A TW111150795 A TW 111150795A TW I833533 B TWI833533 B TW I833533B
Authority
TW
Taiwan
Prior art keywords
key
mentioned
management device
control circuit
processor
Prior art date
Application number
TW111150795A
Other languages
Chinese (zh)
Inventor
李鈺珊
吳坤益
Original Assignee
新唐科技股份有限公司
Filing date
Publication date
Application filed by 新唐科技股份有限公司 filed Critical 新唐科技股份有限公司
Application granted granted Critical
Publication of TWI833533B publication Critical patent/TWI833533B/en

Links

Images

Abstract

A key management device for avoiding using incomplete keys is provided. The key management device comprises a static random access memory (SRAM), a register and a control circuit. The control circuit arranges a key lookup table in the SRAM or the register, wherein the key database stores one or more keys; wherein the control circuit executes: receiving a key creation instruction sent by a processor, wherein the key creation instruction includes a new key and corresponding metadata; when the new key has been stored in the key database, and the corresponding metadata of the new key has been added in the key lookup table, setting the activation bit corresponding to the new key is ON in the key lookup table; and reporting a key number corresponding to the new key.

Description

避免使用不完整金鑰的金鑰管理裝置、處理器晶片及方法Key management devices, processor chips and methods that avoid using incomplete keys

本揭露係有關於一種金鑰管理裝置、處理器晶片及方法,特別是有關於一種避免使用不完整金鑰的金鑰管理裝置、處理器晶片及方法。The present disclosure relates to a key management device, a processor chip and a method, and in particular to a key management device, a processor chip and a method that avoid using incomplete keys.

在現今的電腦系統或控制系統中,往往會需要對資料進行資料加解密處理。然而,資料解密的過程往往需要金鑰或私鑰,當金鑰或私鑰的數量變多時,金鑰管理及保存亦會對使用者造成相當大的困擾。In today's computer systems or control systems, it is often necessary to encrypt and decrypt data. However, the process of data decryption often requires gold keys or private keys. When the number of gold keys or private keys increases, key management and storage will also cause considerable trouble to users.

此外,在金鑰建立過程中,如果遇到系統重置(System reset)或是其他不明原因,進而導致金鑰建立過程被中斷。這種狀況將會使得金鑰未能完整寫入。等到系統需要使用此金鑰時,由於系統可能操作著不完整建立的金鑰而造成加解密運算失敗,將會發生不如預期的結果而面臨安全上的風險與問題。In addition, during the key creation process, if a system reset or other unknown reasons are encountered, the key creation process will be interrupted. This situation will prevent the key from being completely written. When the system needs to use this key, the encryption and decryption operations will fail because the system may be operating an incompletely created key, resulting in less than expected results and security risks and problems.

因此,需要一種避免使用不完整金鑰的金鑰管理裝置、處理器晶片及方法,以確保所有金鑰建立過程被中斷的金鑰無法被使用。Therefore, there is a need for a key management device, a processor chip and a method that avoid using incomplete keys to ensure that all keys whose key creation process is interrupted cannot be used.

以下揭露的內容僅為示例性的,且不意指以任何方式加以限制。除所述說明方面、實施方式和特徵之外,透過參照附圖和下述具體實施方式,其他方面、實施方式和特徵也將顯而易見。即,以下揭露的內容被提供以介紹概念、重點、益處及本文所描述新穎且非顯而易見的技術優勢。所選擇,非所有的,實施例將進一步詳細描述如下。因此,以下揭露的內容並不意旨在所要求保護主題的必要特徵,也不意旨在決定所要求保護主題的範圍中使用。The following disclosure is illustrative only and is not intended to be limiting in any way. In addition to the illustrated aspects, embodiments, and features, other aspects, embodiments, and features will become apparent by reference to the accompanying drawings and the following detailed description. That is, the following disclosure is provided to introduce the concepts, highlights, benefits, and advantages of the novel and non-obvious technologies described herein. Selected, but not all, embodiments are described in further detail below. Accordingly, the following disclosure is not intended to be essential features of the claimed subject matter, nor is it intended to be used in determining the scope of the claimed subject matter.

因此,本揭露之主要目的即在於提供一種避免使用不完整金鑰的金鑰管理裝置、處理器晶片及方法。Therefore, the main purpose of the present disclosure is to provide a key management device, a processor chip and a method that avoid using incomplete keys.

本揭露提出一種避免使用不完整金鑰的金鑰管理裝置,包括:一靜態隨機存取記憶體;一暫存器;以及一控制電路,用以在上述靜態隨機存取記憶體或上述暫存器設置一金鑰查找表,並管理一金鑰資料庫,其中上述金鑰資料庫係儲存一或多把金鑰;其中,上述控制電路執行以下步驟:接收由一處理器所傳送之一金鑰創建指令,其中上述金鑰創建指令包括一新金鑰及相應的元資料;當上述新金鑰已被儲存至上述金鑰資料庫,並且上述新金鑰相應的元資料已在上述金鑰查找表中被新增後,在上述金鑰查找表中設定上述新金鑰相應的激活位元為開啟狀態;以及回報上述新金鑰相應的一金鑰編號至上述處理器。The present disclosure proposes a key management device that avoids the use of incomplete keys, including: a static random access memory; a temporary register; and a control circuit for storing in the static random access memory or the temporary storage The device is provided with a key lookup table and manages a key database, wherein the above-mentioned key database stores one or more keys; wherein, the above-mentioned control circuit performs the following steps: receiving a key sent by a processor. Key creation instruction, wherein the above-mentioned key creation instruction includes a new key and corresponding metadata; when the above-mentioned new key has been stored in the above-mentioned key database, and the corresponding metadata of the above-mentioned new key has been stored in the above-mentioned key After being added to the lookup table, set the activation bit corresponding to the new key in the key lookup table to an on state; and report a key number corresponding to the new key to the processor.

在一些實施例中,上述新金鑰相應的上述激活位元預設為關閉狀態。In some embodiments, the activation bit corresponding to the new key is in a closed state by default.

在一些實施例中,上述控制電路更執行:接收一金鑰讀取指令,其中上述金鑰讀取指令係用以請求讀取一第一金鑰;當在上述金鑰查找表找到上述第一金鑰相應的一第一金鑰編號後,判斷上述第一金鑰相應的一第一激活位元是否為開啟狀態;當上述第一激活位元為開啟狀態時,從上述金鑰資料庫讀取上述第一金鑰,並傳送上述第一金鑰至上述處理器;以及當上述第一激活位元為關閉狀態時,回報一讀取失敗資訊至上述處理器。In some embodiments, the above-mentioned control circuit further executes: receiving a key read instruction, wherein the above-mentioned key read instruction is used to request to read a first key; when the above-mentioned first key is found in the above-mentioned key lookup table, After a first key number corresponding to the key is determined, whether a first activation bit corresponding to the first key is in an on state; when the first activation bit is in an on state, read from the key database Obtain the first key and send the first key to the processor; and when the first activation bit is in a closed state, report a read failure message to the processor.

在一些實施例中,上述控制電路更執行:接收來自上述處理器之一金鑰刪除指令,其中上述金鑰刪除指令係用以刪除一第二金鑰;依據來自上述金鑰刪除指令中之上述第二金鑰相應的一第二金鑰編號從上述金鑰資料庫中刪除上述第二金鑰編號的上述第二金鑰;以及設定在上述金鑰查找表中之上述第二金鑰相應的一第二激活位元為關閉狀態。In some embodiments, the above-mentioned control circuit further executes: receiving a key deletion instruction from the above-mentioned processor, wherein the above-mentioned key deletion instruction is used to delete a second key; according to the above-mentioned key deletion instruction from the above-mentioned key deletion instruction A second key number corresponding to the second key is deleted from the above-mentioned key database; and the second key corresponding to the above-mentioned second key number is set in the above-mentioned key lookup table. A second activation bit is in an off state.

在一些實施例中,當上述新金鑰相應的元資料或上述金鑰編號無法在上述金鑰查找表中被新增,或是上述新金鑰無法被儲存至上述金鑰資料庫時,產生一中斷資訊,其中上述中斷資訊係記錄上述新金鑰的儲存資訊。In some embodiments, when the metadata corresponding to the new key or the key number cannot be added in the key lookup table, or the new key cannot be stored in the key database, an error occurs. 1. Interruption information, wherein the above-mentioned interruption information records the storage information of the above-mentioned new key.

本揭露提出一種處理器晶片,包括:一處理器;一次性可程式化(One-time Programmable (OTP) Memory)記憶體;一快閃記憶體;以及一金鑰管理裝置,電性連接至上述處理器、上述OTP記憶體及上述快閃記憶體,上述金鑰管理裝置包括:一靜態隨機存取記憶體;一暫存器;以及一控制電路,用以在上述靜態隨機存取記憶體或上述暫存器設置一金鑰查找表,並管理一金鑰資料庫,其中上述金鑰資料庫係儲存一或多把金鑰;其中,上述控制電路接收由一處理器所傳送之一金鑰創建指令,其中上述金鑰創建指令包括一新金鑰及相應的元資料;其中,當上述新金鑰已被儲存至上述金鑰資料庫,並且上述新金鑰相應的元資料已在上述金鑰查找表中被新增後,上述控制電路在上述金鑰查找表中設定上述新金鑰相應的激活位元為開啟狀態;以及其中,上述控制電路回報上述新金鑰相應的一金鑰編號至上述處理器。The disclosure proposes a processor chip, including: a processor; a one-time programmable (OTP) memory; a flash memory; and a key management device electrically connected to the above-mentioned The processor, the above-mentioned OTP memory and the above-mentioned flash memory, the above-mentioned key management device includes: a static random access memory; a temporary register; and a control circuit for controlling the above-mentioned static random access memory or The above-mentioned temporary register sets a key lookup table and manages a key database, wherein the above-mentioned key database stores one or more keys; wherein, the above-mentioned control circuit receives a key transmitted by a processor Creation instruction, wherein the above-mentioned key creation instruction includes a new key and corresponding metadata; wherein, when the above-mentioned new key has been stored in the above-mentioned key database, and the corresponding metadata of the above-mentioned new key has been stored in the above-mentioned key database, After the key lookup table is added, the above-mentioned control circuit sets the corresponding activation bit of the above-mentioned new key in the above-mentioned key lookup table to an open state; and wherein the above-mentioned control circuit reports a key number corresponding to the above-mentioned new key. to the above processor.

本揭露提出一種避免使用不完整金鑰的方法,用於一金鑰管理裝置中,包括:由一控制電路在一靜態隨機存取記憶體或一暫存器設置一金鑰查找表,並管理一金鑰資料庫,其中上述金鑰資料庫係儲存一或多把金鑰;由上述控制電路接收由一處理器所傳送之一金鑰創建指令,其中上述金鑰創建指令包括一新金鑰及相應的元資料;當上述新金鑰已被儲存至上述金鑰資料庫,並且上述新金鑰相應的元資料已在上述金鑰查找表中被新增後,由上述控制電路在上述金鑰查找表中設定上述新金鑰相應的激活位元為開啟狀態;以及由上述控制電路回報上述新金鑰相應的一金鑰編號至上述處理器。The present disclosure proposes a method for avoiding the use of incomplete keys, which is used in a key management device, including: a control circuit setting a key lookup table in a static random access memory or a temporary register, and managing A key database, wherein the above-mentioned key database stores one or more keys; the above-mentioned control circuit receives a key creation instruction transmitted by a processor, wherein the above-mentioned key creation instruction includes a new key and corresponding metadata; when the above-mentioned new key has been stored in the above-mentioned key database, and the corresponding metadata of the above-mentioned new key has been added in the above-mentioned key lookup table, the above-mentioned control circuit will The activation bit corresponding to the new key is set to an on state in the key lookup table; and the control circuit reports a key number corresponding to the new key to the processor.

在下文中將參考附圖對本揭露的各方面進行更充分的描述。然而,本揭露可以具體化成許多不同形式且不應解釋為侷限於貫穿本揭露所呈現的任何特定結構或功能。相反地,提供這些方面將使得本揭露周全且完整,並且本揭露將給本領域技術人員充分地傳達本揭露的範圍。基於本文所教導的內容,本領域的技術人員應意識到,無論是單獨還是結合本揭露的任何其它方面實現本文所揭露的任何方面,本揭露的範圍旨在涵蓋本文中所揭露的任何方面。例如,可以使用本文所提出任意數量的裝置或者執行方法來實現。另外,除了本文所提出本揭露的多個方面之外,本揭露的範圍更旨在涵蓋使用其它結構、功能或結構和功能來實現的裝置或方法。應可理解,其可透過申請專利範圍的一或多個元件具體化本文所揭露的任何方面。Aspects of the present disclosure will be described more fully below with reference to the accompanying drawings. This disclosure may, however, be embodied in many different forms and should not be construed as limited to any specific structure or functionality presented throughout this disclosure. Rather, these aspects are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art. Based on the teachings herein, those skilled in the art will appreciate that the scope of the disclosure is intended to encompass any aspect disclosed herein, whether implemented alone or in combination with any other aspect of the disclosure. For example, it can be implemented using any number of devices or execution methods proposed herein. In addition, in addition to the various aspects of the present disclosure set forth herein, the scope of the present disclosure is intended to include devices or methods implemented using other structures, functions, or structures and functions. It is understood that any aspect disclosed herein may be embodied by one or more elements of the claimed scope.

詞語「示例性」在本文中用於表示「用作示例、實例或說明」。本揭露的任何方面或本文描述為「示例性」的設計不一定被解釋為優選於或優於本揭露或設計的其他方面。此外,相同的數字在所有若干圖示中指示相同的元件,且除非在描述中另有指定,冠詞「一」和「上述」包含複數的參考。The word "exemplary" is used herein to mean "serving as an example, instance, or illustration." Any aspect of the disclosure or design described herein as "exemplary" is not necessarily to be construed as preferred or superior to other aspects of the disclosure or design. Furthermore, like numbers refer to like elements throughout the several figures, and the articles "a", "an" and "the above" include plural references unless otherwise specified in the description.

可以理解,當元件被稱為被「連接」或「耦接」至另一元件時,該元件可被直接地連接到或耦接至另一元件或者可存在中間元件。相反地,當該元件被稱為被「直接連接」或「直接耦接」至到另一元件時,則不存在中間元件。用於描述元件之間的關係的其他詞語應以類似方式被解釋(例如,「在…之間」與「直接在…之間」、「相鄰」與「直接相鄰」等方式)。It will be understood that when an element is referred to as being "connected" or "coupled" to another element, it can be directly connected or coupled to the other element or intervening elements may be present. In contrast, when an element is referred to as being "directly connected" or "directly coupled" to another element, there are no intervening elements present. Other words used to describe the relationship between elements should be interpreted in a like fashion (e.g., "between" versus "directly between," "adjacent" versus "directly adjacent," etc.).

第1圖係顯示本揭露一實施例中之控制系統10的方塊圖。Figure 1 is a block diagram showing a control system 10 in an embodiment of the present disclosure.

如第1圖所示,控制系統10包括一處理器晶片110、一動態隨機存取記憶體(Dynamic Random Access Memory,DRAM)130、一儲存裝置140、一傳輸介面150、至少一週邊裝置160。處理器晶片110及DRAM 130係透過匯流排21而互相電性連接。在一些實施例中,匯流排21例如為先進高效能匯流排(Advanced High-Performance Bus,AHB)。傳輸介面150及週邊裝置160例如可電性連接至匯流排22,且匯流排21及22之間係透過一橋接器(bridge)23進行溝通,其中匯流排22例如可為一先進系統匯流排(Advanced System Bus,ASB)或一先進週邊匯流排(Advanced Peripheral Bus,APB),但本揭露並不侷限於此。As shown in FIG. 1 , the control system 10 includes a processor chip 110 , a dynamic random access memory (DRAM) 130 , a storage device 140 , a transmission interface 150 , and at least one peripheral device 160 . The processor chip 110 and the DRAM 130 are electrically connected to each other through the bus 21 . In some embodiments, the bus 21 is, for example, an Advanced High-Performance Bus (AHB). The transmission interface 150 and the peripheral device 160 can be electrically connected to the bus 22, for example, and the buses 21 and 22 communicate through a bridge 23, where the bus 22 can be, for example, an advanced system bus ( Advanced System Bus (ASB) or an Advanced Peripheral Bus (APB), but the disclosure is not limited thereto.

處理器晶片110包括一中央處理器(或微處理器)111、揮發性記憶體112、快閃記憶體113及一次性可程式化記憶體(One-time Programmable (OTP) Memory)114、一圖形處理單元120、一金鑰管理裝置170及一加解密裝置180。揮發性記憶體112例如可為一靜態隨機存取記憶體(Static Random Access Memory,SRAM)。快閃記憶體113例如可為一NAND快閃記憶體。一次性可程式化記憶體114,例如可稱為可程式化唯讀記憶體(Programmable Read-only Memory,PROM),其可利用具有鎖定位元(Lock Bit)暫存器的非揮發性記憶體,例如:快閃記憶體、可抹除可程式化唯讀記憶體(Erasable Programmable Read-only Memory,EPROM)、或電子可抹除可程式化唯讀記憶體(Electrically Erasable Programmable Read-only Memory,EEPROM)所實現。The processor chip 110 includes a central processing unit (or microprocessor) 111, volatile memory 112, flash memory 113, one-time programmable (OTP) Memory 114, a graphics The processing unit 120, a key management device 170 and an encryption and decryption device 180. The volatile memory 112 may be, for example, a static random access memory (Static Random Access Memory, SRAM). The flash memory 113 may be a NAND flash memory, for example. The one-time programmable memory 114, for example, can be called a programmable read-only memory (PROM), which can utilize a non-volatile memory with a lock bit (Lock Bit) register. , such as: flash memory, Erasable Programmable Read-only Memory (EPROM), or Electronically Erasable Programmable Read-only Memory (Electrically Erasable Programmable Read-only Memory, EEPROM).

舉例來說,當中央處理器111編程或寫入資料至一次性可程式化記憶體114後會修改一次性可程式化記憶體114之鎖定位元暫存器。例如將鎖定位元由1(表示未鎖定狀態)修改至0(表示鎖定狀態)以表示一次性可程式化記憶體114所儲存的資料無法再修改,且鎖定位元無法再從0修改為1。For example, when the CPU 111 programs or writes data to the one-time programmable memory 114, the lock bit register of the one-time programmable memory 114 will be modified. For example, modifying the lock bit from 1 (indicating the unlocked state) to 0 (indicating the locked state) indicates that the data stored in the one-time programmable memory 114 cannot be modified, and the lock bit cannot be modified from 0 to 1. .

圖形處理單元120例如可為單獨的圖形處理器或可整合至中央處理器111中。記憶體單元130為一揮發性記憶體,例如是動態隨機存取記憶體(DRAM),但本揭露並不侷限於此。儲存裝置140為一非揮發性記憶體(Non-volatile Memory)。例如可為一硬碟機(Hard Disk Drive)、一固態硬碟(Solid-state Disk)、一快閃記憶體(Flash Memory)、或一唯讀記憶體(Read-only Memory),但本發明並不限於此。在一些實施例中,儲存裝置140例如可電性連接至匯流排22。The graphics processing unit 120 may be, for example, a separate graphics processor or may be integrated into the central processing unit 111 . The memory unit 130 is a volatile memory, such as a dynamic random access memory (DRAM), but the disclosure is not limited thereto. The storage device 140 is a non-volatile memory (Non-volatile Memory). For example, it can be a Hard Disk Drive, a Solid-state Disk, a Flash Memory, or a Read-only Memory. However, the present invention It is not limited to this. In some embodiments, the storage device 140 may be electrically connected to the bus 22 , for example.

儲存裝置140可儲存一或多個應用程式141及一作業系統142(例如可為Windows、Linux、MacOS、或是嵌入式作業系統(Embedded OS)等等),且處理單元110係將作業系統142及應用程式141讀取至記憶體單元130並執行。The storage device 140 can store one or more applications 141 and an operating system 142 (for example, it can be Windows, Linux, MacOS, or an embedded operating system (Embedded OS), etc.), and the processing unit 110 converts the operating system 142 and the application program 141 is read into the memory unit 130 and executed.

傳輸介面150可包括一或多個資料傳輸介面,例如一通用序列匯流排(Universal Serial Bus,USB)介面、USB Type-C介面、雷靂(Thunderbolt)介面、一般用途輸入輸出(General-purpose Input/Output,GPIO)介面、通用非同步收發傳輸器(Universal Asynchronous Receiver/Transmitter,UART)介面、序列周邊介面(Serial Peripheral Interface,SPI)介面、積體電路匯流排(inter-integrated circuit,I2C)介面、或其組合,但本揭露並不侷限於此。週邊裝置160例如包括:鍵盤、滑鼠、觸控板等輸入裝置,但本揭露並不侷限於此。The transmission interface 150 may include one or more data transmission interfaces, such as a Universal Serial Bus (USB) interface, USB Type-C interface, Thunderbolt interface, general-purpose input and output (General-purpose Input) /Output, GPIO) interface, Universal Asynchronous Receiver/Transmitter (UART) interface, Serial Peripheral Interface (SPI) interface, Integrated Circuit Bus (inter-integrated circuit, I2C) interface , or combinations thereof, but the present disclosure is not limited thereto. The peripheral device 160 includes, for example, input devices such as a keyboard, a mouse, and a trackpad, but the disclosure is not limited thereto.

金鑰管理裝置170例如可為一智慧金鑰儲存裝置(Intelligent Key Storage Device)的硬體電路,其可由應用導向積體電路(Application-specific Integrated Circuit,ASIC)或是現在可程式化邏輯閘陣列(Field Programmable Gate Array,FPGA)所實現。金鑰管理裝置170例如可依據處理器晶片110之控制指令以對不同的金鑰進行相關操作,例如增加金鑰、讀取金鑰、抹除(或廢止)其中一把金鑰、抹除(或廢止)所有金鑰等等,但本揭露並不侷限於此。The key management device 170 may be, for example, a hardware circuit of an Intelligent Key Storage Device, which may be an application-specific integrated circuit (ASIC) or a programmable logic gate array. (Field Programmable Gate Array, FPGA) implemented. For example, the key management device 170 can perform related operations on different keys according to the control instructions of the processor chip 110, such as adding a key, reading a key, erasing (or revoking) one of the keys, erasing ( or abolish) all keys, etc., but the disclosure is not limited thereto.

在一實施例中,金鑰管理裝置170包括一控制電路171、一匯流排封套(bus wrapper)172、一暫存器174及一靜態隨機存取記憶體(SRAM)175。控制電路171係用以控制金鑰之各種操作,例如創建金鑰、讀取金鑰、刪除單一金鑰、刪除全部金鑰等等。匯流排封套172例如可提供金鑰管理裝置170之內部元件的信號與匯流排21之信號的轉換介面。暫存器174係用以記錄各金鑰之金鑰編號及相應的其他元資料的欄位,其中暫存器174所記錄的金鑰資訊亦可稱為一金鑰查找表(Key Lookup Table)。在另一實施例中,控制電路171可將金鑰查找表設置於靜態隨機存取記憶體175。靜態隨機存取記憶體175例如可為金鑰資料庫的其中一個儲存空間,其係用以儲存一或多把金鑰。在一些實施例中,控制電路171係將上述金鑰查找表備份於靜態隨機存取記憶體175或快閃記憶體(例如可為處理器晶片110中的快閃記憶體113或儲存裝置140的快閃記憶體)中。金鑰管理裝置170之詳細操作將於後述實施例中進行說明。In one embodiment, the key management device 170 includes a control circuit 171 , a bus wrapper 172 , a register 174 and a static random access memory (SRAM) 175 . The control circuit 171 is used to control various operations of the key, such as creating a key, reading a key, deleting a single key, deleting all keys, etc. For example, the bus envelope 172 may provide a conversion interface between signals of internal components of the key management device 170 and signals of the bus 21 . The temporary register 174 is a field used to record the key number of each key and the corresponding other metadata. The key information recorded in the temporary register 174 can also be called a key lookup table (Key Lookup Table). . In another embodiment, the control circuit 171 may set the key lookup table in the static random access memory 175 . The static random access memory 175 can be, for example, one of the storage spaces of the key database, which is used to store one or more keys. In some embodiments, the control circuit 171 backs up the key lookup table in the static random access memory 175 or flash memory (for example, the flash memory 113 in the processor chip 110 or the storage device 140 flash memory). The detailed operation of the key management device 170 will be described in the following embodiments.

加解密裝置180例如為支援多種加解密演算法的硬體電路,且各種加解密演算法在加解密裝置180中均有相應的硬體電路,例如進階加密標準(Advanced Encryption Standard,AES)加解密電路181、金鑰雜湊訊息認證碼(Keyed-hash Message Authentication Code,HMAC)加解密電路182、橢圓曲線密碼學(Elliptic Curve Cryptography,ECC)加解密電路183、RSA加解密電路184、隨機數產生(Random Number Generator)電路185、或其組合,且可分別針對相應的加解密演算法進行硬體加速。隨機數產生電路185例如可為偽隨機數(Pseudorandom Number)產生電路或真隨機數產生電路。在一些實施例中,金鑰管理裝置170及加解密裝置180可為獨立的硬體電路,且可設置於處理器晶片110之外,並透過匯流排21以電性連接至處理器晶片110。 The encryption and decryption device 180 is, for example, a hardware circuit that supports multiple encryption and decryption algorithms, and various encryption and decryption algorithms have corresponding hardware circuits in the encryption and decryption device 180 , such as Advanced Encryption Standard (AES) encryption. Decryption circuit 181, Keyed-hash Message Authentication Code (HMAC) encryption and decryption circuit 182, Elliptic Curve Cryptography (ECC) encryption and decryption circuit 183, RSA encryption and decryption circuit 184, random number generation (Random Number Generator) circuit 185, or a combination thereof, and can perform hardware acceleration for corresponding encryption and decryption algorithms respectively. The random number generation circuit 185 may be, for example, a pseudo-random number (Pseudorandom Number) generation circuit or a true random number generation circuit. In some embodiments, the key management device 170 and the encryption and decryption device 180 may be independent hardware circuits and may be disposed outside the processor chip 110 and electrically connected to the processor chip 110 through the bus 21 .

舉例來說,在一實施例中,當控制系統10進行運作時,不同的應用程式141可能會使用不同的加解密演算法以對欲加密的內容(例如,使用者密碼)進行加密。例如,可使用在加解密裝置180中所設置的各種加解密電路181~185。不同的加解密演算法所使用的金鑰尺寸亦不同,例如可從64位元至4096位元。當加解密裝置180對欲加密的內容加密完成後,會將相應的金鑰(密鑰)傳送至金鑰管理裝置170以進行金鑰管理。 For example, in one embodiment, when the control system 10 is operating, different applications 141 may use different encryption and decryption algorithms to encrypt content to be encrypted (eg, user passwords). For example, various encryption and decryption circuits 181 to 185 provided in the encryption and decryption device 180 can be used. Different encryption and decryption algorithms use different key sizes, for example, from 64 bits to 4096 bits. After the encryption and decryption device 180 completes encrypting the content to be encrypted, the corresponding key (key) will be sent to the key management device 170 for key management.

金鑰管理裝置170之金鑰管理可分為幾個不同的操作,例如寫入(增加)金鑰、讀取金鑰、抹除(刪除)單一金鑰、抹除(刪除)所有金鑰。若為寫入金鑰之操作,金鑰管理裝置170例如可接收來自處理器晶片110(或加解密裝置180)的金鑰及相應的元資料(Metadata),其中上述元資料之屬性(Attribute)欄位例如可包括:金鑰尺寸(Key Size)、擁有者(Owner)、安全等級、特權等級、讀取(Readable)屬性、廢除(Revoke)屬性、開機狀態(Booting State)等等,但本揭露並不侷限於此。以下將一一說明元資料之各種欄位的內容。 The key management of the key management device 170 can be divided into several different operations, such as writing (adding) a key, reading a key, erasing (deleting) a single key, and erasing (deleting) all keys. For the operation of writing a key, the key management device 170 may, for example, receive the key and corresponding metadata (Metadata) from the processor chip 110 (or the encryption and decryption device 180), wherein the attributes of the metadata (Attribute) Fields may include, for example: Key Size, Owner, Security Level, Privilege Level, Readable attribute, Revoke attribute, Booting State, etc., but this The revelations don’t stop there. The contents of the various fields of metadata will be explained one by one below.

「金鑰尺寸」例如可用金鑰所使用的位元數量表示,例如80位元、128位元、256位元等等。依據所使用的加解密演算法的不同,加解密裝置180例如可支援64位元至4096位元之金鑰尺寸。「擁有者」例如表示此金鑰的擁有者,非此金鑰的擁有人無法讀取此金鑰。金鑰的擁有者可依需求而設定,例如可包括:CPU(即,處理器晶片110)、AES、HMAC、ECC、RSA等等。舉例來說,若金鑰之元資料中的金鑰擁有者之欄位為AES,表示在加解密裝置180中的AES加解密電路才能讀取此金鑰。"Key size" can be represented by the number of bits used by the key, such as 80 bits, 128 bits, 256 bits, etc. Depending on the encryption and decryption algorithms used, the encryption and decryption device 180 may support a key size ranging from 64 bits to 4096 bits, for example. "Owner" means, for example, the owner of this key. Non-owners of this key cannot read this key. The owner of the key can be set according to requirements, and may include, for example: CPU (ie, processor chip 110), AES, HMAC, ECC, RSA, etc. For example, if the key owner field in the metadata of the key is AES, it means that the AES encryption and decryption circuit in the encryption and decryption device 180 can read this key.

「安全等級」表示金鑰的安全等級,例如可分為安全(Secure)等級及非安全(Non-secure)等級。具有安全等級的金鑰僅能給同樣具有安全等級的擁有者使用,具有非安全等級的金鑰則無需確認擁有者的安全等級。需注意的是,金鑰之元資料中的安全等級屬性是否發揮作用需要搭配處理器晶片110之設計。舉例來說,處理器晶片110可分為安全處理器或非安全處理器,且當處理器晶片110為安全處理器時,金鑰之元資料中的安全等級之欄位設定才能發揮作用。當處理器晶片110為非安全處理器時,則金鑰之元資料中的安全等級之欄位設定並無法發揮作用。"Security level" indicates the security level of the key, which can be divided into security (Secure) level and non-security (Non-secure) level, for example. Keys with a security level can only be used by owners with the same security level, while keys with a non-security level do not need to confirm the owner's security level. It should be noted that whether the security level attribute in the key metadata is effective depends on the design of the processor chip 110 . For example, the processor chip 110 can be classified as a secure processor or a non-secure processor, and when the processor chip 110 is a secure processor, the field setting of the security level in the metadata of the key can take effect. When the processor chip 110 is a non-secure processor, the security level field setting in the key's metadata does not take effect.

「特權等級」表示金鑰的特權等級,例如可分為特權(Privilege)等級及非特權(Non-privilege)等級。具有特權等級的金鑰僅能給同樣具有特權等級的擁有者使用,具有非特權等級的金鑰則無需確認擁有者的特權等級。舉例來說,不同的使用者可能會具有不同的權限,管理者或超級使用者(Super User)之特權等級最高,例如可對被設定有特權等級的金鑰進行存取,但未具有特權等級的一般使用者則無法對被設定有特權等級的金鑰進行存取。"Privilege level" indicates the privilege level of the key, which can be divided into privileged (Privilege) level and non-privilege (Non-privilege) level, for example. Keys with a privileged level can only be used by owners with the same privileged level, while keys with a non-privileged level do not need to confirm the owner's privileged level. For example, different users may have different permissions. Administrators or super users have the highest privilege level. For example, they can access keys that are set with a privilege level but do not have a privilege level. General users cannot access keys with a privileged level.

「讀取屬性」表示此金鑰是否能給處理器晶片110讀取。舉例來說,若此金鑰的擁有者欄位為CPU,表示此金鑰必定能給處理器晶片110讀取。若此金鑰的擁有者欄位為其他加解密電路,則金鑰管理裝置170會依據金鑰的讀取屬性之欄位以決定處理器晶片110是否能讀取此金鑰。 The "read attribute" indicates whether the key can be read by the processor chip 110. For example, if the owner field of this key is CPU, it means that this key must be readable by the processor chip 110. If the owner field of the key is another encryption and decryption circuit, the key management device 170 will determine whether the processor chip 110 can read the key based on the read attribute field of the key.

「廢除屬性」,此欄位係記錄於金鑰管理裝置170中之內部暫存器,且無法在創建金鑰時一併設定相應的廢除屬性。舉例來說,在一般使用情況下,金鑰管理裝置170會將金鑰的廢除屬性之欄位的數值係設定為0,表示此金鑰正常使用。當使用者執行金鑰刪除操作時,金鑰管理裝置170可能會針對儲存於快閃記憶體或一次性可程式化記憶體中的金鑰進行刪除。然而,上述快閃記憶體或一次性可程式化記憶體中可能因為鎖定位元被設定而無法真正刪除所儲存的金鑰。因此,金鑰管理裝置170在執行金鑰刪除操作時,會設定其內部暫存器中相應於欲刪除之金鑰的廢除屬性。金鑰在金鑰管理裝置170中相應的廢除屬性一旦被設定後就無法再修改,意即無法將相應的金鑰回復為可使用的狀態。此時,無論其他屬性的條件成立與否,金鑰管理裝置170均無法讀取或使用已被設定廢除屬性的金鑰,意即金鑰的廢除屬性係優先於其他屬性。 "Revocation attribute", this field is recorded in the internal register in the key management device 170, and the corresponding revocation attribute cannot be set when the key is created. For example, under normal usage conditions, the key management device 170 will set the value of the field of the key's revocation attribute to 0, indicating that the key is used normally. When the user performs a key deletion operation, the key management device 170 may delete the key stored in the flash memory or one-time programmable memory. However, the key stored in the flash memory or one-time programmable memory may not be truly deleted because the lock bit is set. Therefore, when the key management device 170 performs a key deletion operation, it will set the revocation attribute corresponding to the key to be deleted in its internal register. Once the corresponding revocation attribute of a key is set in the key management device 170, it cannot be modified, which means that the corresponding key cannot be restored to a usable state. At this time, no matter whether the conditions of other attributes are met or not, the key management device 170 cannot read or use the key that has been set with the revocation attribute, which means that the revocation attribute of the key has priority over other attributes.

「開機狀態」屬性係表示金鑰能被使用的開機狀態,例如可分為開機狀態1(BL1)及開機狀態2(BL2)。舉例來說,當控制系統10之開機狀態處於開機狀態1(BL1)時,金鑰管理裝置170可使用具有BL1及BL2之開機狀態屬性的金鑰。當控制系統10之開機狀態處於開機狀態2(BL2)時,金鑰管理裝置170則僅能使用具有BL2之開機狀態屬性的金鑰。The "power-on state" attribute indicates the power-on state in which the key can be used. For example, it can be divided into power-on state 1 (BL1) and power-on state 2 (BL2). For example, when the power-on state of the control system 10 is power-on state 1 (BL1), the key management device 170 may use a key with power-on state attributes of BL1 and BL2. When the power-on state of the control system 10 is power-on state 2 (BL2), the key management device 170 can only use keys with the power-on state attribute of BL2.

第2A~2B圖為依據本發明一實施例中避免使用不完整金鑰之金鑰創建操作的示意圖。Figures 2A-2B are schematic diagrams of key creation operations to avoid using incomplete keys according to an embodiment of the present invention.

在一實施例中,當使用者欲在金鑰管理裝置170創建新的金鑰時,使用者可先填入欲創建之金鑰的元資料之各欄位的內容,例如金鑰尺寸、擁有者、安全等級、特權等級、讀取屬性、廢除屬性、開機狀態等等,並接著填入金鑰的內容。當填入金鑰所需的上述內容後,使用者即可啟動金鑰儲存程序(例如可按下一軟體按鈕),且金鑰管理裝置170會先依據金鑰尺寸及內部儲存空間之剩餘空間以決定是否可儲存目前的金鑰。若金鑰管理裝置170中的內部儲存空間小於金鑰尺寸,金鑰管理裝置170則會回報一讀取失敗信息至處理器111以通知使用者。若金鑰管理裝置170中的內部儲存空間大於或等於金鑰尺寸,金鑰管理裝置170則開始創建金鑰,且當金鑰被創建成功並儲存後,金鑰管理裝置170將設定金鑰相應的激活位元為開啟狀態,例如,將激活位元由0設定為1(表示開啟狀態)。接著,金鑰管理裝置170會回報一完成狀態以通知使用者所創建的金鑰之金鑰編號(Key number),如第2A圖所示。在一實施中,在金鑰被創建並儲存之前,金鑰相應的激活位元係預設為關閉狀態,例如,將激活位元預設為0(表示關閉狀態)。In one embodiment, when the user wants to create a new key in the key management device 170, the user can first fill in the contents of each field of the metadata of the key to be created, such as the key size, ownership user, security level, privilege level, read attributes, cancel attributes, power-on status, etc., and then fill in the content of the key. After filling in the above content required for the key, the user can start the key storage process (for example, by pressing a software button), and the key management device 170 will first determine the size of the key and the remaining space in the internal storage space. to determine whether the current key can be stored. If the internal storage space in the key management device 170 is smaller than the key size, the key management device 170 will report a read failure message to the processor 111 to notify the user. If the internal storage space in the key management device 170 is greater than or equal to the key size, the key management device 170 starts to create the key, and when the key is successfully created and stored, the key management device 170 will set the key corresponding The activation bit is in the on state, for example, set the activation bit from 0 to 1 (indicating the on state). Then, the key management device 170 will report a completion status to notify the user of the key number of the created key, as shown in Figure 2A. In one implementation, before the key is created and stored, the corresponding activation bit of the key is preset to the off state, for example, the activation bit is preset to 0 (indicating the off state).

在一實施例中,金鑰管理裝置170的金鑰資料庫可分為幾個儲存空間,例如快閃記憶體、OTP記憶體及SRAM 175,其中上述快閃記憶體可為處理器晶片110中的快閃記憶體113或是儲存裝置140中的快閃記憶體,OTP記憶體可為處理器晶片110中的OTP記憶體114或是電性連接至匯流排21或22的OTP記憶體。本發明技術領域中具有通常知識者當可了解可視實際的設計需求而使用合適位置的快閃記憶體及OTP記憶體,以與SRAM 175一共組成金鑰資料庫,且本揭露並不以此為限。In one embodiment, the key database of the key management device 170 can be divided into several storage spaces, such as flash memory, OTP memory and SRAM 175, where the flash memory can be in the processor chip 110. The flash memory 113 or the flash memory in the storage device 140 , the OTP memory can be the OTP memory 114 in the processor chip 110 or the OTP memory electrically connected to the bus 21 or 22 . A person with ordinary knowledge in the technical field of the present invention will understand that the flash memory and OTP memory in appropriate locations may be used depending on the actual design requirements to form a key database together with the SRAM 175, and this disclosure does not take this as an example. limit.

承上述實施例,當遇到系統重置(System reset)或是其他不明原因,進而導致金鑰建立過程被中斷時,金鑰管理裝置170會產生中斷資訊紀錄新金鑰的儲存資訊。換言之,當欲創建的金鑰相應的元資料或相應的金鑰編號無法在金鑰查找表中被新增,或是欲創建的金鑰無法被儲存至金鑰資料庫時,金鑰管理裝置170可產生一中斷資訊,其中中斷資訊係記錄欲創建的金鑰的儲存資訊。例如,使用者所填入欲創建之金鑰的元資料之各欄位的內容,以及此欲創建的金鑰係被儲存至哪個階段。舉另一例子說明,在已新增欲創建的金鑰相應的元資料至金鑰查找表後發生中斷時,金鑰管理裝置170將記錄使用者所填入欲創建之金鑰的元資料之各欄位的內容,以及此欲創建的金鑰相應的元資料已被儲存至金鑰查找表中。Following the above embodiment, when a system reset or other unknown reasons cause the key creation process to be interrupted, the key management device 170 will generate interruption information to record the storage information of the new key. In other words, when the corresponding metadata or the corresponding key number of the key to be created cannot be added in the key lookup table, or the key to be created cannot be stored in the key database, the key management device 170 can generate an interrupt message, wherein the interrupt message records the storage information of the key to be created. For example, the content of each field of the metadata of the key to be created that the user fills in, and the stage to which the key to be created is stored. To give another example, when an interruption occurs after the metadata corresponding to the key to be created has been added to the key lookup table, the key management device 170 will record the metadata of the key to be created filled in by the user. The contents of each field and the metadata corresponding to the key to be created have been stored in the key lookup table.

而使用者可自行透過金鑰管理裝置170觀看上述紀錄,以得知哪些欲創建的金鑰未被建立成功。當使用者根據上述紀錄發現有金鑰未被建立成功時,可重新啟動金鑰儲存程序,以重新儲存未被建立成功之金鑰。在一實施例中,當金鑰管理裝置170前次係將未被建立成功之金鑰新增至SRAM 175中時,在重新啟動金鑰儲存程序的過程中,金鑰管理裝置170可將此金鑰重新新增至與前次未被建立成功之金鑰在SRAM 175的同一位置中。在另一實施例中,當金鑰管理裝置170前次係將未被建立成功之金鑰新增至快閃記憶體中時,在重新啟動金鑰儲存程序的過程中,金鑰管理裝置170係將此金鑰重新新增至與前次未被建立成功之金鑰在快閃記憶體不同的位置中。The user can view the above records through the key management device 170 to know which keys to be created have not been successfully created. When the user finds that a key has not been successfully created based on the above records, the user can restart the key storage process to re-save the key that has not been successfully created. In one embodiment, when the key management device 170 adds a key that has not been successfully created to the SRAM 175 last time, during the process of restarting the key storage process, the key management device 170 can add the key to the SRAM 175 . The key is re-added to the same location in SRAM 175 as the key that was not successfully created last time. In another embodiment, when the key management device 170 adds a key that has not been successfully created to the flash memory last time, during the process of restarting the key storage process, the key management device 170 This key is re-added to a different location in the flash memory than the key that was not successfully created last time.

如第2B圖所示,若在金鑰管理裝置170原本已創建了兩把金鑰,例如金鑰00及金鑰01,且金鑰00及金鑰01係儲存於金鑰管理裝置170的金鑰資料庫210中,例如分別儲存於OTP記憶體及快閃記憶體。在金鑰管理裝置170之暫存器174中係記錄有金鑰00及金鑰01的金鑰編號、相應的元資料及相應的激活位元。為了便於說明,元資訊係以金鑰尺寸及擁有者為例。需注意的是,金鑰資料庫210係為統稱,其包含複數個儲存空間用以儲存金鑰,例如金鑰資料庫210可包括OTP記憶體、快閃記憶體及SRAM 175,其中上述快閃記憶體可為處理器晶片110中的快閃記憶體113或是儲存裝置140中的快閃記憶體,OTP記憶體可為處理器晶片110中的OTP記憶體114或是電性連接至匯流排21或22的OTP記憶體。As shown in Figure 2B, if two keys, such as key 00 and key 01, have been originally created in the key management device 170, and key 00 and key 01 are keys stored in the key management device 170, The key database 210 is stored in an OTP memory and a flash memory respectively, for example. The key numbers, corresponding metadata and corresponding activation bits of key 00 and key 01 are recorded in the register 174 of the key management device 170 . For ease of explanation, the meta-information takes the key size and owner as an example. It should be noted that the key database 210 is a collective system that includes a plurality of storage spaces for storing keys. For example, the key database 210 may include OTP memory, flash memory and SRAM 175, where the above-mentioned flash memory The memory can be the flash memory 113 in the processor chip 110 or the flash memory in the storage device 140. The OTP memory can be the OTP memory 114 in the processor chip 110 or be electrically connected to the bus. 21 or 22 OTP memory.

當金鑰管理裝置170由處理器晶片110接收到一金鑰創建指令及相應的金鑰及元資訊(例如擁有者為AES,且金鑰尺寸為512位元)後,金鑰管理裝置170例如可將該金鑰設定為金鑰02,並且將金鑰02儲存於金鑰資料庫中的SRAM 175。接著,金鑰管理裝置170可更新在暫存器174中的金鑰查找表關於金鑰02的複數個欄位以及儲存位置。當上述更新動作完成後,金鑰管理裝置170在金鑰查找表中設定金鑰02相應的激活位元為開啟狀態,例如,將激活位元由0設定為1(表示開啟狀態)。當上述激活位元設定完成後,金鑰管理裝置170可回報一金鑰創建完成之資訊以及金鑰編號(意即金鑰編號02)至處理器晶片110。對於使用者來說,其僅能得知所儲存的金鑰相應的金鑰編號,但並無法得知所儲存的金鑰之儲存位置。若需讀取相應的金鑰,則使用者僅需經由處理器晶片110或加解密電路181~185傳送欲取得的金鑰之金鑰編號至金鑰管理裝置170,且金鑰管理裝置170在驗證取讀取的金鑰之資訊通過及判斷欲取得的金鑰相應的激活位元為開啟狀態後,即可將所讀取的金鑰回報至處理器晶片110或加解密電路181~185。When the key management device 170 receives a key creation command and the corresponding key and meta-information (for example, the owner is AES and the key size is 512 bits) from the processor chip 110, the key management device 170, for example The key can be set to key 02, and key 02 is stored in the SRAM 175 in the key database. Then, the key management device 170 may update the plurality of fields and storage locations of the key lookup table in the register 174 regarding the key 02. After the above update operation is completed, the key management device 170 sets the corresponding activation bit of key 02 in the key lookup table to the on state, for example, sets the activation bit from 0 to 1 (indicating the on state). After the above-mentioned activation bit setting is completed, the key management device 170 can report a key creation completion information and a key number (ie, key number 02) to the processor chip 110 . For the user, he can only know the key number corresponding to the stored key, but he cannot know the storage location of the stored key. If the corresponding key needs to be read, the user only needs to transmit the key number of the key to be obtained to the key management device 170 through the processor chip 110 or the encryption and decryption circuits 181-185, and the key management device 170 After verifying the information of the read key and determining that the corresponding activation bit of the key to be obtained is in the on state, the read key can be reported to the processor chip 110 or the encryption and decryption circuits 181-185.

第2C~2D圖為依據本發明一實施例中避免使用不完整金鑰之讀取金鑰操作的示意圖。Figures 2C to 2D are schematic diagrams of key reading operations to avoid using incomplete keys according to an embodiment of the present invention.

在一實施例中,當處理器晶片110或是加解密裝置180中的加解密電路181~185的其中一者欲讀取由金鑰管理裝置170所保存的其中一把金鑰時,金鑰管理裝置170係從加解密裝置180或是處理器晶片110接收欲讀取之金鑰的一金鑰編號。當金鑰管理裝置170從加解密裝置180或是處理器晶片110接收金鑰編號後,金鑰管理裝置170除了從其金鑰資料庫找尋相應的金鑰之外,還會判斷欲讀取金鑰相應的激活位元是否為開啟狀態,例如,判斷激活位元是否為1。In one embodiment, when the processor chip 110 or one of the encryption and decryption circuits 181 to 185 in the encryption and decryption device 180 wants to read one of the keys saved by the key management device 170, the key The management device 170 receives a key number of the key to be read from the encryption and decryption device 180 or the processor chip 110 . After the key management device 170 receives the key number from the encryption and decryption device 180 or the processor chip 110, the key management device 170 not only searches for the corresponding key from its key database, but also determines whether to read the key. Whether the corresponding activation bit of the key is on, for example, determine whether the activation bit is 1.

舉例來說,若金鑰的激活位元並未被設定開啟(即,激活位元為關閉狀態或激活位元為0),金鑰管理裝置170會判斷欲讀取金鑰並未被完整新增至金鑰資料庫,並回報讀取失敗信息至欲讀取此金鑰的元件。若金鑰的激活位元已被設定為開啟狀態,金鑰管理裝置170將進行後續讀取金鑰之步驟。例如,金鑰管理裝置170依據金鑰的元資料以進一步判斷欲讀取金鑰之元件或使用者是否符合金鑰之元資料所記錄的權限或特權、並確認是否有設定廢除屬性以及確認當前控制系統10的開機狀態是否符合金鑰的元資料之開機狀態屬性。 For example, if the activation bit of the key is not set to be on (that is, the activation bit is off or the activation bit is 0), the key management device 170 will determine that the key to be read has not been completely updated. Add to the key database and report read failure information to the component that wants to read the key. If the activation bit of the key has been set to the on state, the key management device 170 will perform subsequent steps of reading the key. For example, the key management device 170 further determines whether the component or user who wants to read the key meets the permissions or privileges recorded in the metadata of the key based on the metadata of the key, confirms whether the revoke attribute is set, and confirms the current Control whether the power-on state of the system 10 conforms to the power-on state attribute of the metadata of the key.

舉例來說,請參考第2D圖,當處理器晶片110欲讀取金鑰編號00的金鑰時,處理器晶片110係傳送欲讀取之金鑰的金鑰編號(即金鑰編號00)至金鑰管理裝置170。金鑰管理裝置170先查找在暫存器174中的金鑰查找表中關於金鑰編號00的相應的激活位元,並確認金鑰編號00相應的激活位元是否為開啟狀態。當金鑰管理裝置170判斷金鑰編號00相應的激活位元為開啟狀態時,金鑰管理裝置170再繼續查找在暫存器174中的金鑰查找表中關於金鑰編號00的相關元資訊,並確認處理器晶片110是否為金鑰編號00的擁有者。當金鑰管理裝置170判斷處理器晶片110確實為金鑰編號00的擁有者時,金鑰管理裝置170即會回報讀取完成之資訊及金鑰編號00之金鑰的內容至處理器晶片110。 For example, please refer to Figure 2D. When the processor chip 110 wants to read the key with key number 00, the processor chip 110 sends the key number of the key to be read (ie, key number 00) to Key management device 170. The key management device 170 first searches for the corresponding activation bit of the key number 00 in the key lookup table in the temporary register 174, and confirms whether the corresponding activation bit of the key number 00 is in the on state. When the key management device 170 determines that the corresponding activation bit of key number 00 is in the on state, the key management device 170 continues to search for relevant meta-information about key number 00 in the key lookup table in the temporary register 174 , and confirm whether the processor chip 110 is the owner of key number 00. When the key management device 170 determines that the processor chip 110 is indeed the owner of key number 00, the key management device 170 will report the read completion information and the content of the key number 00 to the processor chip 110 .

第2E~2F圖為依據本發明一實施例中避免使用不完整金鑰之刪除金鑰操作的示意圖。 Figures 2E to 2F are schematic diagrams of key deletion operations to avoid using incomplete keys according to an embodiment of the present invention.

在一實施例中,當使用者認為在金鑰管理裝置170所儲存的特定金鑰已經不再使用時,使用者可經由處理器晶片110發出抹除(或刪除)單一金鑰操作的指令及欲抹除的金鑰編號至金鑰管理裝置170。當金鑰管理裝置170判斷上述抺除金鑰指令為處理器晶片110所發出之合格指令後,金鑰管理裝置170即可將欲抹除的金鑰從金鑰資料庫中相應的儲存空間刪除,並將已刪除金鑰對應的激活位元設定為關閉狀態,並回報刪除成功之資訊至處理器晶片110,如第2E圖所示。In one embodiment, when the user believes that a specific key stored in the key management device 170 is no longer used, the user can issue an instruction to erase (or delete) a single key operation through the processor chip 110 and The key number to be erased is sent to the key management device 170 . When the key management device 170 determines that the delete key command is a qualified command issued by the processor chip 110, the key management device 170 can delete the key to be deleted from the corresponding storage space in the key database. , and sets the activation bit corresponding to the deleted key to the off state, and reports the successful deletion information to the processor chip 110, as shown in Figure 2E.

詳細而言,假定金鑰管理裝置170已儲存了金鑰00、金鑰01及金鑰02,當金鑰管理裝置從處理器晶片110接收到抹除(或刪除)單一金鑰操作的指令及欲抹除的金鑰編號01後,金鑰管理裝置170會依據在暫存器174之金鑰查找表以得到欲抹除之金鑰的金鑰編號01、金鑰尺寸及其儲存位置,並據以計算出該金鑰所所佔用的儲存空間及範圍。金鑰管理裝置170之控制電路171並刪除上述儲存空間中之所有資料,更新在暫存器174中的金鑰查找表並重新計算在金鑰資料庫中之各個儲存空間的剩餘空間,並將所刪除金鑰編號01相應的激活位元設定為關閉狀態(例如,激活位元由1設定為0),如第2F圖所示。In detail, it is assumed that the key management device 170 has stored key 00, key 01 and key 02. When the key management device receives an instruction to erase (or delete) a single key operation from the processor chip 110 and After the key number 01 is to be erased, the key management device 170 will obtain the key number 01, the key size and the storage location of the key to be erased based on the key lookup table in the temporary register 174, and This is used to calculate the storage space and range occupied by the key. The control circuit 171 of the key management device 170 deletes all data in the above storage space, updates the key lookup table in the temporary register 174 and recalculates the remaining space of each storage space in the key database, and The activation bit corresponding to the deleted key number 01 is set to the off state (for example, the activation bit is set from 1 to 0), as shown in Figure 2F.

須注意的是,金鑰管理裝置170能儲存的金鑰數量最大值係對應激活位元的數量。儘管金鑰數量在第2A~2F圖中係以三個金鑰作為例子,但本揭露不應被限制於此。It should be noted that the maximum number of keys that the key management device 170 can store corresponds to the number of activated bits. Although the number of keys is taken as an example of three keys in Figures 2A to 2F, the present disclosure should not be limited thereto.

第3圖為依據本發明一實施例中金鑰管理裝置避免使用不完整金鑰的創建新金鑰流程300的示意圖。FIG. 3 is a schematic diagram of a new key creation process 300 for the key management device to avoid using incomplete keys according to an embodiment of the present invention.

在步驟S302中,金鑰管理裝置170進入準備狀態。舉例來說,金鑰管理裝置170在開機後或重置後會先進行初始化,當初始化完成後即會進入準備狀態(Ready Status)以接收不同的金鑰操作之指令。In step S302, the key management device 170 enters the preparation state. For example, the key management device 170 will first be initialized after being powered on or reset. After the initialization is completed, it will enter the Ready Status to receive instructions for different key operations.

在步驟S304,金鑰管理裝置170接收一金鑰創建指令,其中上述金鑰創建指令例如是來自中央處理器111。In step S304, the key management device 170 receives a key creation instruction, where the key creation instruction comes from, for example, the central processor 111.

在步驟S306中,金鑰管理裝置170係檢查金鑰資料庫的剩餘空間。舉例來說,金鑰管理裝置170可檢查金鑰資料庫中之不同儲存空間的剩餘空間,例如SRAM 175、快閃記憶體113及OTP記憶體114之剩餘空間。In step S306, the key management device 170 checks the remaining space of the key database. For example, the key management device 170 can check the remaining space of different storage spaces in the key database, such as the remaining space of the SRAM 175, the flash memory 113, and the OTP memory 114.

在步驟S308中,金鑰管理裝置170判斷剩餘空間是否大於或等於金鑰尺寸。若是,執行步驟S310。若否,執行步驟S318。在另一實施例中,在步驟S308中,金鑰管理裝置170判斷剩餘空間是否大於或等於金鑰尺寸並判斷金鑰資料庫是否已達到金鑰儲存數量之上限。若剩餘空間大於或等於金鑰尺寸且金鑰資料庫未達到金鑰儲存數量之上限,則執行步驟S310。若剩餘空間小於金鑰尺寸或金鑰資料庫已達到金鑰儲存數量之上限時,則執行步驟S320。In step S308, the key management device 170 determines whether the remaining space is greater than or equal to the key size. If yes, execute step S310. If not, execute step S318. In another embodiment, in step S308, the key management device 170 determines whether the remaining space is greater than or equal to the key size and determines whether the key database has reached the upper limit of the number of key storage. If the remaining space is greater than or equal to the key size and the key database does not reach the upper limit of key storage quantity, step S310 is executed. If the remaining space is less than the key size or the key database has reached the upper limit of key storage quantity, step S320 is executed.

在步驟S310中,金鑰管理裝置170寫入金鑰之元資料至金鑰查找表。金鑰管理裝置170寫入金鑰查找表中之新金鑰的元資料的屬性包括:金鑰尺寸、擁有者、安全等級、特權等級、讀取屬性、開機狀態及儲存位置。In step S310, the key management device 170 writes the metadata of the key into the key lookup table. The attributes of the metadata of the new key written by the key management device 170 into the key lookup table include: key size, owner, security level, privilege level, read attribute, power-on status and storage location.

在步驟S312中,金鑰管理裝置170在金鑰查找表增加新金鑰的金鑰編號。舉例來說,金鑰管理裝置170之控制電路171可從編號0遞增搜尋尚未使用的金鑰編號,且可使用尚未使用的最小金鑰編號以做為新金鑰的金鑰編號。In step S312, the key management device 170 adds the key number of the new key to the key lookup table. For example, the control circuit 171 of the key management device 170 can search for an unused key number incrementally from number 0, and can use the smallest unused key number as the key number of the new key.

在步驟S314中,金鑰管理裝置170將新金鑰寫入金鑰資料庫。舉例來說,金鑰管理裝置170可依據新金鑰的元資料中已被設定的安全等級或特權等級而將新金鑰儲存於金鑰資料庫中的OTP記憶體。若新金鑰的元資料中的安全等級或特權等級未被設定,金鑰管理裝置170可將新金鑰儲存於金鑰資料庫中的SRAM 175或是快閃記憶體113。In step S314, the key management device 170 writes the new key into the key database. For example, the key management device 170 may store the new key in the OTP memory in the key database according to the security level or privilege level that has been set in the metadata of the new key. If the security level or privilege level in the metadata of the new key is not set, the key management device 170 can store the new key in the SRAM 175 or flash memory 113 in the key database.

在步驟S316中,金鑰管理裝置170在金鑰查找表中設定新金鑰相應的激活位元為開啟狀態,表示新金鑰已被完整儲存至金鑰資料庫。在一實施例中,新金鑰相應的激活位元為關閉狀態可用數值0表示:而新金鑰相應的激活位元為開啟狀態可用數值1表示。In step S316, the key management device 170 sets the corresponding activation bit of the new key in the key lookup table to an on state, indicating that the new key has been completely stored in the key database. In one embodiment, the corresponding activation bit of the new key is in the off state and can be represented by the value 0; and the corresponding activation bit of the new key is in the on state and can be represented by the value 1.

在步驟S318中,金鑰管理裝置170回報金鑰編號及寫入完成信息至中央處理器111。In step S318, the key management device 170 reports the key number and writing completion information to the central processor 111.

在步驟S320中,金鑰管理裝置170係回報一寫入失敗信息至中央處理器111。In step S320, the key management device 170 reports a writing failure message to the central processor 111.

在步驟S322中,金鑰創造指令完成,並回到步驟S302。In step S322, the key creation instruction is completed, and the process returns to step S302.

第4圖為依據本發明一實施例中金鑰管理裝置避免使用不完整金鑰的讀取新金鑰流程400的示意圖。Figure 4 is a schematic diagram of a new key reading process 400 for the key management device to avoid using incomplete keys according to an embodiment of the present invention.

在步驟S402中,金鑰管理裝置170進入準備狀態。舉例來說,金鑰管理裝置170在開機後或重置後會先進行初始化,當初始化完成後即會進入準備狀態(Ready Status)以接收不同的金鑰操作之指令。In step S402, the key management device 170 enters the preparation state. For example, the key management device 170 will first be initialized after being powered on or reset. After the initialization is completed, it will enter the Ready Status to receive instructions for different key operations.

在步驟S404中,金鑰管理裝置170接收一金鑰讀取指令,其中上述金鑰讀取指令例如是來自處理器晶片110或是加解密裝置180中的加解密電路181~185的其中一者,並用以係請求讀取一第一金鑰。In step S404, the key management device 170 receives a key read instruction, where the key read instruction comes from, for example, the processor chip 110 or one of the encryption and decryption circuits 181 to 185 in the encryption and decryption device 180. , and used to request reading of a first key.

在步驟S406中,金鑰管理裝置170判斷是否能在金鑰查找表中找到金鑰讀取指令中的相應第一金鑰的一第一金鑰編號。若是,執行步驟S408。若否,執行步驟S418。In step S406, the key management device 170 determines whether a first key number corresponding to the first key in the key read instruction can be found in the key lookup table. If yes, execute step S408. If not, execute step S418.

在步驟S408中,金鑰管理裝置170判斷上述第一金鑰相應的一第一激活位元是否為開啟狀態。若是,執行步驟S410。若否,執行步驟S418。In step S408, the key management device 170 determines whether a first activation bit corresponding to the first key is in an open state. If yes, execute step S410. If not, execute step S418.

在步驟S410中,金鑰管理裝置170依據第一金鑰的元資料以進一步判斷欲讀取第一金鑰之元件或使用者是否符合第一金鑰之元資料所記錄的權限或特權。若是,執行步驟S412。若否,執行步驟S418。In step S410, the key management device 170 further determines whether the component or user who wants to read the first key meets the permissions or privileges recorded in the metadata of the first key based on the metadata of the first key. If yes, execute step S412. If not, execute step S418.

在步驟S412中,金鑰管理裝置170從金鑰資料庫中讀取第一金鑰。In step S412, the key management device 170 reads the first key from the key database.

在步驟S414中,金鑰管理裝置170傳送上述第一金鑰至欲讀取此金鑰的元件。In step S414, the key management device 170 sends the first key to the component that wants to read the key.

在步驟S416中,金鑰管理裝置170回報一讀取完成信息至中央處理器111。In step S416, the key management device 170 reports a reading completion message to the central processor 111.

在步驟S418中,金鑰管理裝置170係回報一寫入失敗信息至中央處理器111。In step S418, the key management device 170 reports a writing failure message to the central processor 111.

在步驟S420中,金鑰讀取指令完成,並回到步驟S402。In step S420, the key reading instruction is completed, and the process returns to step S402.

在一實施例中,當金鑰管理裝置170在步驟S412中從金鑰資料庫中讀取第一金鑰發生中斷時,金鑰管理裝置170將會記錄是第一金鑰相應的第一金鑰編號,已使使用者可查看金鑰管理裝置170在讀取哪個金鑰的過程中發生中斷。In one embodiment, when the key management device 170 is interrupted in reading the first key from the key database in step S412, the key management device 170 will record the first key corresponding to the first key. The key number allows the user to check which key the key management device 170 was interrupted in the process of reading.

綜上所述,本揭露係提供一種避免使用不完整金鑰的金鑰管理裝置、處理器晶片及方法,其新增一組激活位元。當金鑰被創建並儲存成功時為開啟狀態,當金鑰被刪除時而回歸關閉狀態。藉此,金鑰管理裝置可以透過讀取激活位元狀態可以決定金鑰是否完整且已被啟用。因此,即使在金鑰建立的過程中發生中斷,只要在創建尚未成功前,能夠確保該金鑰的激活位元都處於關閉的狀態,更可避免使用到不完整金鑰的風險,並增加金鑰管理的安全性。In summary, the present disclosure provides a key management device, a processor chip and a method to avoid using incomplete keys, which add a new set of activation bits. It is in the open state when the key is created and stored successfully, and returns to the closed state when the key is deleted. Thereby, the key management device can determine whether the key is complete and has been activated by reading the activation bit status. Therefore, even if an interruption occurs during the key creation process, as long as the key creation is not successful, the activation bits of the key can be ensured to be in a closed state. This can also avoid the risk of using incomplete keys and increase the financial risk. Security of key management.

在此所揭露程序之任何具體順序或分層之步驟純為一舉例之方式。基於設計上之偏好,必須了解到程序上之任何具體順序或分層之步驟可在此文件所揭露的範圍內被重新安排。伴隨之方法權利要求以一示例順序呈現出各種步驟之元件,也因此不應被此所展示之特定順序或階層所限制。Any specific sequence or layering of steps in the process disclosed herein is provided by way of example only. Based on design preferences, it is understood that any specific order or hierarchy of steps in the process may be rearranged within the scope disclosed in this document. The accompanying method claims present elements of the various steps in a sample order and therefore should not be limited to the specific order or hierarchy presented.

申請專利範圍中用以修飾元件之「第一」、「第二」、「第三」等序數詞之使用本身未暗示任何優先權、優先次序、各元件之間之先後次序、或方法所執行之步驟之次序,而僅用作標識來區分具有相同名稱(具有不同序數詞)之不同元件。The use of "first", "second", "third" and other ordinal numbers used to modify elements in the scope of the patent application itself does not imply any priority, priority, sequence between elements, or method execution. The order of the steps is only used as an identifier to distinguish different components with the same name (with different ordinal numbers).

雖然本揭露已以實施範例揭露如上,然其並非用以限定本案,任何熟悉此項技藝者,在不脫離本揭露之精神和範圍內,當可做些許更動與潤飾,因此本案之保護範圍當視後附之申請專利範圍所界定者為準。Although this disclosure has been disclosed above with implementation examples, it is not intended to limit this case. Anyone familiar with this technology can make some changes and modifications without departing from the spirit and scope of this disclosure. Therefore, the scope of protection of this case should be The scope of the patent application shall be determined by the attached patent application.

10:控制系統 21:匯流排 22:匯流排 23:橋接器 110:處理器晶片 111:中央處理器 112:揮發性記憶體 113:快閃記憶體 114:OTP記憶體 120:圖形處理器 130:動態隨機存取記憶體 140:儲存裝置 141:應用程式 142:作業系統 150:傳輸介面 160:週邊裝置 170:金鑰管理裝置 171:控制電路 172:匯流排封套 174:暫存器 175:靜態隨機存取記憶體 180:加解密裝置 181:AES加解密電路 182:HMAC加解密電路 183:ECC加解密電路 184:RSA加解密電路 185:隨機數產生電路 186:匯流排封套 188:內部匯流排 210:金鑰資料庫 300:流程 S302, S304, S306, S308, S310, S312, S314, S316, S318, S320, S322:步驟 400:流程 S402,S404,S406,S408,S410,S412,S414,S416,S418,S420:步驟 10:Control system 21:Bus 22:Bus 23:Bridge 110: Processor chip 111:CPU 112: Volatile memory 113: Flash memory 114:OTP memory 120: Graphics processor 130:Dynamic Random Access Memory 140:Storage device 141:Application 142:Operating system 150:Transmission interface 160:Peripheral devices 170:Key management device 171:Control circuit 172:Bus Envelope 174: Temporary register 175: Static random access memory 180: Encryption and decryption device 181:AES encryption and decryption circuit 182:HMAC encryption and decryption circuit 183:ECC encryption and decryption circuit 184:RSA encryption and decryption circuit 185: Random number generation circuit 186:Bus Envelope 188: Internal bus 210:Key database 300:Process S302, S304, S306, S308, S310, S312, S314, S316, S318, S320, S322: Steps 400:Process S402, S404, S406, S408, S410, S412, S414, S416, S418, S420: Steps

第1圖係顯示本揭露一實施例中之控制系統的方塊圖。 第2A~2B圖為依據本發明一實施例中避免使用不完整金鑰之金鑰創建操作的示意圖。 第2C~2D圖為依據本發明一實施例中避免使用不完整金鑰之讀取金鑰操作的示意圖。 第2E~2F圖為依據本發明一實施例中避免使用不完整金鑰之刪除金鑰操作的示意圖。 第3圖為依據本發明一實施例中金鑰管理裝置避免使用不完整金鑰的創建新金鑰流程的示意圖。 第4圖為依據本發明一實施例中金鑰管理裝置避免使用不完整金鑰的讀取新金鑰流程的示意圖。 Figure 1 is a block diagram showing a control system in an embodiment of the present disclosure. Figures 2A-2B are schematic diagrams of key creation operations to avoid using incomplete keys according to an embodiment of the present invention. Figures 2C to 2D are schematic diagrams of key reading operations to avoid using incomplete keys according to an embodiment of the present invention. Figures 2E to 2F are schematic diagrams of key deletion operations to avoid using incomplete keys according to an embodiment of the present invention. Figure 3 is a schematic diagram of a process of creating a new key by the key management device to avoid using incomplete keys according to an embodiment of the present invention. Figure 4 is a schematic diagram of the process of reading a new key by the key management device to avoid using incomplete keys according to an embodiment of the present invention.

300:流程 300:Process

S302,S304,S306,S308,S310,S312,S314,S316,S318,S320,S322:步驟 S302, S304, S306, S308, S310, S312, S314, S316, S318, S320, S322: Steps

Claims (10)

一種避免使用不完整金鑰的金鑰管理裝置,包括: 一靜態隨機存取記憶體; 一暫存器;以及 一控制電路,用以在上述靜態隨機存取記憶體或上述暫存器設置一金鑰查找表,並管理一金鑰資料庫,其中上述金鑰資料庫係儲存一或多把金鑰; 其中,上述控制電路執行以下步驟: 接收由一處理器所傳送之一金鑰創建指令,其中上述金鑰創建指令包括一新金鑰及相應的元資料; 當上述新金鑰已被儲存至上述金鑰資料庫,並且上述新金鑰相應的元資料已在上述金鑰查找表中被新增後,在上述金鑰查找表中設定上述新金鑰相應的激活位元為開啟狀態;以及 回報上述新金鑰相應的一金鑰編號至上述處理器。 A key management device that avoids the use of incomplete keys, including: a static random access memory; a scratchpad; and A control circuit for setting a key lookup table in the above-mentioned static random access memory or the above-mentioned temporary register, and managing a key database, wherein the above-mentioned key database stores one or more keys; Among them, the above control circuit performs the following steps: Receive a key creation instruction sent by a processor, wherein the key creation instruction includes a new key and corresponding metadata; When the above-mentioned new key has been stored in the above-mentioned key database, and the metadata corresponding to the above-mentioned new key has been added in the above-mentioned key lookup table, the above-mentioned new key corresponding to the above-mentioned key lookup table is set. The activation bit is on; and Return a key number corresponding to the above-mentioned new key to the above-mentioned processor. 如請求項1之避免使用不完整金鑰的金鑰管理裝置,其中上述新金鑰相應的上述激活位元預設為關閉狀態。A key management device for avoiding the use of incomplete keys as claimed in claim 1, wherein the activation bit corresponding to the new key is in a closed state by default. 如請求項1之避免使用不完整金鑰的金鑰管理裝置,其中上述控制電路更執行: 接收一金鑰讀取指令,其中上述金鑰讀取指令係用以請求讀取一第一金鑰; 當在上述金鑰查找表找到上述第一金鑰相應的一第一金鑰編號後,判斷上述第一金鑰相應的一第一激活位元是否為開啟狀態; 當上述第一激活位元為開啟狀態時,從上述金鑰資料庫讀取上述第一金鑰,並傳送上述第一金鑰至上述處理器;以及 當上述第一激活位元為關閉狀態時,回報一讀取失敗資訊至上述處理器。 As claimed in claim 1, the key management device avoids using incomplete keys, wherein the above control circuit further executes: Receive a key read command, wherein the key read command is used to request to read a first key; After finding a first key number corresponding to the above-mentioned first key in the above-mentioned key lookup table, determine whether a first activation bit corresponding to the above-mentioned first key is in an open state; When the first activation bit is in the on state, read the first key from the key database and transmit the first key to the processor; and When the first activation bit is in the off state, a read failure message is reported to the processor. 如請求項1之避免使用不完整金鑰的金鑰管理裝置,其中上述控制電路更執行: 接收來自上述處理器之一金鑰刪除指令,其中上述金鑰刪除指令係用以刪除一第二金鑰; 依據來自上述金鑰刪除指令中之上述第二金鑰相應的一第二金鑰編號從上述金鑰資料庫中刪除上述第二金鑰編號的上述第二金鑰;以及 設定在上述金鑰查找表中之上述第二金鑰相應的一第二激活位元為關閉狀態。 As claimed in claim 1, the key management device avoids using incomplete keys, wherein the above control circuit further executes: Receive a key deletion instruction from the above-mentioned processor, wherein the above-mentioned key deletion instruction is used to delete a second key; Delete the second key with the second key number from the key database based on a second key number corresponding to the second key from the key deletion command; and A second activation bit corresponding to the second key in the key lookup table is set to an off state. 一種處理器晶片,包括: 一處理器; 一次性可程式化(One-time Programmable (OTP) Memory)記憶體; 一快閃記憶體;以及 一金鑰管理裝置,電性連接至上述處理器、上述OTP記憶體及上述快閃記憶體,上述金鑰管理裝置包括: 一靜態隨機存取記憶體; 一暫存器;以及 一控制電路,用以在上述靜態隨機存取記憶體或上述暫存器設置一金鑰查找表,並管理一金鑰資料庫,其中上述金鑰資料庫係儲存一或多把金鑰; 其中,上述控制電路接收由一處理器所傳送之一金鑰創建指令,其中上述金鑰創建指令包括一新金鑰及相應的元資料; 其中,當上述新金鑰已被儲存至上述金鑰資料庫,並且上述新金鑰相應的元資料已在上述金鑰查找表中被新增後,上述控制電路在上述金鑰查找表中設定上述新金鑰相應的激活位元為開啟狀態;以及 其中,上述控制電路回報上述新金鑰相應的一金鑰編號至上述處理器。 A processor chip including: a processor; One-time Programmable (OTP) Memory; a flash memory; and A key management device electrically connected to the above-mentioned processor, the above-mentioned OTP memory and the above-mentioned flash memory. The above-mentioned key management device includes: a static random access memory; a scratchpad; and A control circuit for setting a key lookup table in the above-mentioned static random access memory or the above-mentioned temporary register, and managing a key database, wherein the above-mentioned key database stores one or more keys; Wherein, the above-mentioned control circuit receives a key creation instruction sent by a processor, wherein the above-mentioned key creation instruction includes a new key and corresponding metadata; Among them, when the above-mentioned new key has been stored in the above-mentioned key database, and the metadata corresponding to the above-mentioned new key has been added in the above-mentioned key lookup table, the above-mentioned control circuit is set in the above-mentioned key lookup table. The corresponding activation bit of the above new key is turned on; and The control circuit reports a key number corresponding to the new key to the processor. 如請求項5之處理器晶片,其中上述控制電路更執行: 接收一金鑰讀取指令,其中上述金鑰讀取指令係用以請求讀取一第一金鑰; 當在上述金鑰查找表找到上述第一金鑰相應的一第一金鑰編號後,判斷上述第一金鑰相應的一第一激活位元是否為開啟狀態; 當上述第一激活位元為開啟狀態時,從上述金鑰資料庫讀取上述第一金鑰,並傳送上述第一金鑰至上述處理器;以及 當上述第一激活位元為關閉狀態時,回報一讀取失敗資訊至上述處理器。 Such as the processor chip of claim 5, wherein the above control circuit further executes: Receive a key read command, wherein the key read command is used to request to read a first key; After finding a first key number corresponding to the above-mentioned first key in the above-mentioned key lookup table, determine whether a first activation bit corresponding to the above-mentioned first key is in an open state; When the first activation bit is in the on state, read the first key from the key database and transmit the first key to the processor; and When the first activation bit is in the off state, a read failure message is reported to the processor. 如請求項5之處理器晶片,其中當上述新金鑰相應的元資料或上述金鑰編號無法在上述金鑰查找表中被新增,或是上述新金鑰無法被儲存至上述金鑰資料庫時,產生一中斷資訊,其中上述中斷資訊係記錄上述新金鑰的儲存資訊。For example, the processor chip of request item 5, wherein the metadata corresponding to the above-mentioned new key or the above-mentioned key number cannot be added in the above-mentioned key lookup table, or the above-mentioned new key cannot be stored in the above-mentioned key data. When accessing the database, an interrupt message is generated, wherein the interrupt message records the storage information of the new key. 一種避免使用不完整金鑰的方法,用於一金鑰管理裝置中,包括: 由一控制電路在一靜態隨機存取記憶體或一暫存器設置一金鑰查找表,並管理一金鑰資料庫,其中上述金鑰資料庫係儲存一或多把金鑰; 由上述控制電路接收由一處理器所傳送之一金鑰創建指令,其中上述金鑰創建指令包括一新金鑰及相應的元資料; 當上述新金鑰已被儲存至上述金鑰資料庫,並且上述新金鑰相應的元資料已在上述金鑰查找表中被新增後,由上述控制電路在上述金鑰查找表中設定上述新金鑰相應的激活位元為開啟狀態;以及 由上述控制電路回報上述新金鑰相應的一金鑰編號至上述處理器。 A method to avoid using incomplete keys, used in a key management device, including: A control circuit sets a key lookup table in a static random access memory or a temporary register, and manages a key database, wherein the above-mentioned key database stores one or more keys; The control circuit receives a key creation instruction sent by a processor, wherein the key creation instruction includes a new key and corresponding metadata; When the above new key has been stored in the above key database and the metadata corresponding to the above new key has been added in the above key lookup table, the above control circuit sets the above in the above key lookup table. The corresponding activation bit of the new key is turned on; and The control circuit reports a key number corresponding to the new key to the processor. 如請求項8之避免使用不完整金鑰的方法,上述方法更包括: 由上述控制電路接收來自上述處理器之一金鑰刪除指令,其中上述金鑰刪除指令係用以刪除一第二金鑰; 由上述控制電路依據來自上述金鑰刪除指令中之上述第二金鑰相應的一第二金鑰編號從上述金鑰資料庫中刪除上述第二金鑰編號的上述第二金鑰;以及 由上述控制電路設定在上述金鑰查找表中之上述第二金鑰相應的一第二激活位元為關閉狀態。 For example, in Request 8, methods to avoid using incomplete keys, the above methods include: The control circuit receives a key deletion instruction from the processor, wherein the key deletion instruction is used to delete a second key; The control circuit deletes the second key with the second key number from the key database based on a second key number corresponding to the second key from the key deletion command; and The control circuit sets a second activation bit corresponding to the second key in the key lookup table to a closed state. 如請求項8之避免使用不完整金鑰的方法,其中當上述新金鑰相應的元資料或上述金鑰編號無法在上述金鑰查找表中被新增,或是上述新金鑰無法被儲存至上述金鑰資料庫時,由上述控制電路產生一中斷資訊,其中上述中斷資訊係記錄上述新金鑰的儲存資訊。Such as the method of avoiding the use of incomplete keys in request item 8, when the metadata corresponding to the above-mentioned new key or the above-mentioned key number cannot be added in the above-mentioned key lookup table, or the above-mentioned new key cannot be stored When reaching the above-mentioned key database, the above-mentioned control circuit generates an interrupt information, wherein the above-mentioned interrupt information records the storage information of the above-mentioned new key.
TW111150795A 2022-12-30 Key management device, processor chip and method for avoid using incomplete keys TWI833533B (en)

Publications (1)

Publication Number Publication Date
TWI833533B true TWI833533B (en) 2024-02-21

Family

ID=

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW202111584A (en) 2019-09-09 2021-03-16 新唐科技股份有限公司 Key management device having bypass channels and processor chip

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW202111584A (en) 2019-09-09 2021-03-16 新唐科技股份有限公司 Key management device having bypass channels and processor chip

Similar Documents

Publication Publication Date Title
US11861194B2 (en) Storage device configuration and method managing storage configuration
TWI716023B (en) Memory system
US8407488B2 (en) Semiconductor device including encryption section, semiconductor device including external interface, and content reproduction method
CN100580642C (en) Universal serial bus storage device and access control method thereof
JP2013506910A (en) Write Once Read Many (WORM) Memory Device Authentication and Secure Ring
KR20090005219A (en) Execution of a secured environment initialization instruction on a point-to-point interconnect system
US11507284B2 (en) Storage device and control method
TWI705687B (en) Key management device and processor chip for data encryption/decryption
JP2011086026A (en) Information storage device and program, recording medium with the program recorded thereon, and information storage method
WO2019211385A1 (en) Cryptographic key distribution
TWI833533B (en) Key management device, processor chip and method for avoid using incomplete keys
TWI821675B (en) memory system
TWI731407B (en) Key management device having bypass channels and processor chip
US11468159B2 (en) Memory system
TWI738020B (en) Electronic machine and its control method
JP2000250818A (en) Storage system, storage device and stored data protecting method
CN117407327A (en) Memory device with RPMB reset function and RPMB management method thereof
JP2023137886A (en) storage device