WO2007059701A1 - A system encrypting method adopting a multiple use supplementary single-chip microcomputer - Google Patents

A system encrypting method adopting a multiple use supplementary single-chip microcomputer Download PDF

Info

Publication number
WO2007059701A1
WO2007059701A1 PCT/CN2006/003122 CN2006003122W WO2007059701A1 WO 2007059701 A1 WO2007059701 A1 WO 2007059701A1 CN 2006003122 W CN2006003122 W CN 2006003122W WO 2007059701 A1 WO2007059701 A1 WO 2007059701A1
Authority
WO
WIPO (PCT)
Prior art keywords
main processor
auxiliary
chip microcomputer
program
password
Prior art date
Application number
PCT/CN2006/003122
Other languages
French (fr)
Chinese (zh)
Inventor
Yaoliang Lin
Jinhua Fan
Qingjiang Zeng
Original Assignee
Xiamen Overseas Chinese Electronic Co., Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xiamen Overseas Chinese Electronic Co., Ltd filed Critical Xiamen Overseas Chinese Electronic Co., Ltd
Publication of WO2007059701A1 publication Critical patent/WO2007059701A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/72Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2149Restricted operating environment

Definitions

  • the present invention relates to a computer program encryption method, and more particularly to a system encryption method using a multi-purpose auxiliary chip microcomputer.
  • the program memory generally uses rewritable program memory (FLASH R0M).
  • FLASH R0M rewritable program memory
  • the program can be read and copied, so that the system can also be There is no confidentiality in the case of copying.
  • data reading is usually introduced between the microprocessor and the FLASH ROM to introduce a programmable logic device for encryption.
  • the programmable logic device is expensive, the use convenience is poor, and the hardware circuit needs to be added, the system is complicated. Maintainability is relatively poor.
  • the existing complex control system usually consists of the main processor 1 ', program memory 2' (ROM / Flash) and the auxiliary microcontroller 3', the system schematic block diagram shown in Figure 1, the main processor 1 'complete the main data operation processing And the control function, ROM/Flash is the program memory 2' of the main processor, the auxiliary MCU 3' is used to complete various control and other simple control functions during system standby, and between the auxiliary MCU 3' and the main processor 1' Communication using I 2 C bus.
  • the confidentiality of existing complex control systems is still very low. For hardware circuits, the copying is very simple, and the confidentiality we are talking about is generally for software programs.
  • the software program of the main processor 1' is stored in the program memory 2' (ROM/Flash), and due to the inherent characteristics of the ROM/Flash, the software program stored therein is easily copied;
  • the software program of the auxiliary MCU 3' is stored in its built-in program memory. If it is not copy-protected, it can be easily copied. Even if the program memory is burned (anti-read), the software program can be prevented from being copied.
  • the auxiliary MCU 3' is simple in function and small in software program, it is easy to write a software program that matches the main processor 1', and the time required is small. Even some systems are removing the auxiliary MCU 3'. In this case, the main functions of the system can be completed, so it is very simple to copy the entire system. Summary of the invention
  • the object of the present invention is to overcome the deficiencies of the prior art and provide a special programmable logic that is not required.
  • Device easy to use system encryption method.
  • the present invention is based on the principle of adding a cryptographically calibrated encryption protocol algorithm to a host processor software program and an auxiliary microcontroller software program based on a single-chip microcomputer with a built-in burn-in (anti-read) program memory.
  • the method of verification makes the system start the protection function when the password verification error occurs, and achieves the purpose of system encryption.
  • the technical solution adopted by the present invention to solve the technical problem thereof is: a system encryption method using a multi-purpose auxiliary single-chip microcomputer, and the encryption and verification include the following steps:
  • a main processor software program and an auxiliary single chip software program having a predetermined encryption protocol algorithm are respectively stored in a program memory of the main processor and a program memory of the single chip microcomputer, wherein the agreed encryption protocol algorithm is a reversible algorithm or an irreversible algorithm;
  • One or more checkpoints entering the running encryption protocol communication are provided in the main processor software program; the auxiliary single-chip microcomputer software program is solidified in the program memory of the single-chip microcomputer by using a burn-in method; b. starting the system work, main processing The main processor software program is run, and the auxiliary single chip computer runs the auxiliary single chip software program;
  • the host processor When the main processor software program runs to the checkpoint, the host processor generates a random number as the plain code, and sends it to the auxiliary single chip through the communication bus between the main processor and the auxiliary single chip microcomputer;
  • the auxiliary chip transmits the received clear code sent by the main processor according to the agreed encryption protocol algorithm to generate a password, and sends the password to the main processor through the communication bus between the main processor and the auxiliary single chip;
  • the main processor decrypts and restores the password sent by the auxiliary MCU according to the agreed encryption protocol algorithm into a clear code, and compares the decrypted and restored plain code with the original generated plain code; or
  • the main processor encrypts the random number generated by itself according to the agreed encryption protocol algorithm to generate a password, and compares the password with the password sent by the auxiliary MCU;
  • step c the main processor continues to run the subsequent software program or includes repeating step c;
  • the main processor refuses to run the subsequent software program, and the system ends running.
  • the system encryption method of the present invention is to change the auxiliary single-chip microcomputer into a single-chip microcomputer with a built-in burn-in (anti-read) program memory in the hardware circuit of the existing complex control system, and the other hardware structures are completely the same.
  • an encryption protocol is used in the communication between the main processor and the auxiliary single chip, thereby achieving the purpose of system encryption.
  • one checkpoint can be set, for example, before the system needs to perform a task; and the checkpoint can also be set, for example, during the running of the software program.
  • the host processor When the software program runs to the checkpoint, the host processor generates a random number and sends it to the auxiliary microcontroller. After receiving the random number, the auxiliary microcontroller generates a password according to the agreed encryption protocol algorithm and sends it back to the main processor.
  • the main processor In the main processor, according to the reversible algorithm or the irreversible algorithm in the agreed encryption protocol algorithm, the corresponding method is used for comparison check.
  • the agreement encryption protocol algorithm selects the reversible algorithm
  • the main processor decrypts the password sent by the auxiliary single chip to the clear code according to the agreed encryption protocol algorithm, and compares the clear code with the random number originally generated by the main processor, that is, the clear code. If they are equal, the communication is successful, and the main processor executes the corresponding task. If it is not equal, the communication fails, the main processor does not perform the corresponding task; when the agreed encryption protocol algorithm selects the irreversible algorithm, the main processor encrypts according to the agreement.
  • the protocol algorithm converts the generated random number into a password, and compares the password with the password sent back by the auxiliary MCU. If they are equal, the communication is successful, and the main processor performs the corresponding task. If it is not equal, the communication fails. The processor does not perform the corresponding task.
  • the system encryption method of the present invention makes the illegal copying of the system more difficult.
  • the software program of the main processor in ROM/Rash can still be copied, since the auxiliary MCU uses a MCU with built-in burn-in (anti-read) program memory, its software program cannot be copied, and in the case of no auxiliary MCU.
  • the whole system does not work; if you want to make the system work by separately writing the auxiliary MCU software program, since the password during communication is generated by the random number through the encryption protocol, the cracking is very difficult. Therefore, the entire system has a very high safety factor, which greatly reduces the possibility of the system being copied.
  • the main processor and the external program memory are communicated and stored in an unencrypted manner, which facilitates maintenance work such as modification and upgrade of the software program.
  • the key points in the running of the main processor's software program are password verified, and the checkpoint is set at the key point of the software program operation.
  • the present invention uses a single-chip microcomputer with a built-in burn-in (anti-read) program memory to replace a secondary microprocessor (for example, a power management auxiliary microprocessor) having a relatively simple function and a small software program. And adding a method of cryptographic verification of the cryptographic protocol algorithm in the main processor software program and the auxiliary single-chip software program.
  • the beneficial effect is that, because the auxiliary single chip adopts the built-in burned (anti-proof Read the program memory of the MCU, the software program can not be copied, and the whole system does not work without the auxiliary MCU. If you want to make the system work by separately writing the auxiliary MCU software program, the password is the random number when communicating. After the encryption protocol is generated, the difficulty of cracking is very large, so the whole system has a very high security factor, which greatly reduces the possibility of the system being copied.
  • the auxiliary MCU can also undertake other tasks and complete the encryption with relatively high security performance at a small cost, which greatly increases the cost and cost of decryption;
  • the encryption process is simple, does not affect the original hardware design and modification of the main processor software program, upgrade and other production and after-sales maintenance work.
  • FIG. 1 is a schematic view showing the structure of a conventional complex control system
  • Figure 2 is a schematic view showing the structure of the system of the present invention.
  • FIG. 3 is a schematic flow chart of system encryption/verification of the first embodiment of the present invention.
  • FIG. 4 is a schematic flow chart showing the encryption of the irreversible algorithm of the first embodiment of the present invention.
  • FIG. 5 is a block diagram of the system structure of the LCD TV
  • FIG. 6 is a schematic flow chart showing the encryption of the reversible algorithm of the second embodiment of the present invention.
  • Embodiment 1 Referring to FIG. 2 to FIG. 4, a system encryption method using a multi-purpose auxiliary single-chip microcomputer according to the present invention is based on using a single-chip microcomputer with a built-in burn-in (anti-read) program memory.
  • the main processor software program and the auxiliary MCU software program add a password verification method of the encryption protocol algorithm, and since the software program of the MCU cannot be illegally read out, the system software program cannot be copied, and the system encryption is achieved.
  • Its system hardware usually includes the main processor 1, ROM / Flash program Memory 2, auxiliary microcontroller 3.
  • the unencrypted communication and storage between the main processor 1 and the external program memory 2 facilitates maintenance work such as modification and upgrade of the software program.
  • the main processor 1 performs password verification at a plurality of key points of the software program running, that is, the check point is set at each key point of the software program running.
  • the system encryption method includes the following steps:
  • Step a The main processor software program and the auxiliary single chip software program provided with the agreed encryption protocol algorithm are respectively stored in the program memory 2 of the main processor 1 and the program memory of the single chip microcomputer 3.
  • the agreed encryption protocol algorithm is an irreversible algorithm. ;
  • the main processor software program a plurality of checkpoints for entering the running encryption protocol communication are provided; the auxiliary single-chip microcomputer software program is solidified in the program memory of the single chip microcomputer 3 by using a burn-in method; Step b.
  • the main processing The device 1 runs the main processor software program, and the auxiliary MCU 3 runs the auxiliary MCU software program, as shown in block 101 and block 102;
  • Step c When the main processor software program runs to the checkpoint, the host processor 1 generates a random number, and sends it as the clear code to the auxiliary microcontroller 3 through the communication bus 13 ⁇ 4 between the main processor 1 and the auxiliary microcontroller 3. , as shown in block 103, block 104, and block 105;
  • Step d After receiving the clear code sent by the main processor 1 received by the auxiliary single chip microcomputer 3, the password is encrypted according to the agreed encryption protocol algorithm, and the password is passed through the communication bus between the main processor 1 and the auxiliary single chip 3. I 2 C is sent to the main processor 1, as indicated by block 106, block 107, block 108;
  • Step e The main processor 1 encrypts the random number generated by itself according to the agreed encryption protocol algorithm to generate a password, and compares the password with the password sent by the auxiliary MCU 3, as in block 109, block 110. , shown in block 111;
  • step c the main processor 1 continues to run the subsequent software program and includes repeating step c, as indicated by block 112;
  • the main processor 1 refuses to run the subsequent software program, and the system ends the operation.
  • Encryption Algorithm 0x55aa
  • a 16-bit number is first randomly generated by the main processor 1, as shown in block 201; the 16-bit random number is sent as a plain code to the auxiliary microcontroller 3, as shown in block 202;
  • the clear code sent by the main processor 1 is encrypted, that is, the random number is shifted to the right by one bit, and then X055aa is XORed to form a password, as shown in block 203;
  • the password is sent back to the main processor 1, as shown in block 204;
  • the 16-bit random number generated by itself is encrypted by the same encryption algorithm as that in the auxiliary single-chip microcomputer 3, that is, the random number is shifted to the right by one bit, and then X055aa is XORed.
  • the password is formed, as shown in block 205; then, the main processor 1 compares the password generated by itself with the password sent by the microcontroller 3, as shown in block 206, if the two are equal, the main processor 1 continues. Run, see block 207, if the two are not equal, the representation is incorrect, the main processor 1 refuses to run, see block 208.
  • the system encryption method of the present invention is adopted, and since the auxiliary single chip microcomputer 3 is a single-chip microcomputer with a built-in burn-in (anti-read) program memory, the software program thereof is used. It is difficult to be copied, and in the absence of the auxiliary MCU 3, the whole system does not work; if you want to make the system work by separately writing the auxiliary MCU software program, since the password during communication is generated by the random number through the encryption protocol, the crack is generated. The difficulty is very large, so the entire system has a very high safety factor, greatly reducing the possibility of the system being copied.
  • FIG. 5 A specific embodiment of the encryption method of the present invention for use in an LCD TV is shown in Fig. 5.
  • the video signals input by various signal channels (RF, AV, VGA, HDTV, etc.) of the LCD TV system are directly (or subjected to necessary processing) connected to the SWITCH channel selection control IC, and the SWITCH channel selection control IC inputs the video of the selected channel.
  • the signal is sent to the main processor 1, and the main processor 1 passes the various optimization processes and outputs the image to the liquid crystal display to display the image.
  • the core of this system is the main processor 1, which performs most of the control and image processing functions.
  • the main processor 1 is externally connected with ROM7Flash2 for storing the main processor software program, and the main processor 1 is connected through the I 2 C bus.
  • the auxiliary MCU 3 is connected.
  • a single-chip microcomputer with a built-in burn-out (anti-readout) program memory is selected for the auxiliary single-chip microcomputer 3, and an agreement is added in the main processor software program and the auxiliary single-chip microcomputer software program.
  • Password verification of the secret protocol algorithm Even if the software program of the main processor 1 may be copied, since the software program of the auxiliary microcontroller 3 cannot be copied, the main processor 1 cannot establish normal communication with the auxiliary microcontroller 3, so the main processor 1 does not By performing any task, the entire system will not work properly. Therefore, it is possible to effectively prevent the occurrence of the main processor software program being copied and used in the LCD TV.
  • the auxiliary microcomputer 3 can also perform power management of the television, that is, control the power supply in the state of work, standby, shutdown, and the like.
  • Embodiment 2 Referring to FIG. 6, a system encryption method using a multi-purpose auxiliary single-chip microcomputer according to the present invention is different from the first embodiment in that the encryption protocol algorithm used is a reversible algorithm; therefore, in step e The main processor 1 decrypts and restores the password sent by the auxiliary single chip microcomputer 3 to the clear code according to the encryption protocol algorithm of the reversible algorithm, and compares the decrypted and restored plain code with the original generated plain code;
  • step f when the corresponding two clear codes are consistent, the main processor 1 continues to run the subsequent software program or includes repeating step c;
  • the main processor 1 refuses to run the subsequent software program, and the system ends the operation.
  • FIG. 6 is a schematic flow chart of encryption of a reversible algorithm
  • a cryptographic key codes -Randoml6 A 0x55aa
  • Clear code cryptographic key - (Randoml6 A 0x55aa) A 0x55aa
  • a 16-bit number is first randomly generated by the main processor 1, as shown in block 301; the 16-bit random number is sent as a plain code to the auxiliary microcontroller 3, as shown in block 202;
  • the clear code sent by the main processor 1 is encrypted, that is, the random number is XORed with 0x55aa to form a password, as shown in block 303; then, the password is sent back to the main processor 1, See block 204;
  • the main processor 1 the password sent by the auxiliary single chip microcomputer 3 is decrypted, that is, the password of the auxiliary single chip microcomputer 3 is again XORed with 0x55aa and restored to the clear code, as shown in block 305; the main processor 1 will itself
  • the randomly generated 16-bit number that is, the clear code sent to the single-chip microcomputer
  • the main processor 1 is compared with the clear code decoded by the auxiliary single-chip microcomputer 3 after being decoded, as shown in block 306, if the two are equal, it means Correctly, the main processor 1 continues to operate, as shown in block 307, if the two are not equal, the representation is incorrect, and the main processor 1 refuses to operate, see block 308.
  • the invention encrypts the system by means of a cryptographic protocol by communication between the single chip microcomputer with the built-in burning program memory and the main processor, and does not need other devices, and has a clever idea, a simple structure and good industrial applicability.

Abstract

A system encrypting method adopting a multiple use supplementary single-chip microcomputer is disclosed. The method adopts a single-chip microcomputer built-in a burning (prevent being read out) program memory instead of a supplementary microprocessor whose function is simple relatively and the software code amount is small (such as a power supply managing supplementary microprocessor) in a multi-microprocessor system. A password verifying according to an appoint encrypting protocol algorithm is added to the main processor program and the supplementary single-chip microcomputer program, thus the program can not be read out and it could not be copied, therefore achieving the purpose of encrypting the system.

Description

一种采用多用途辅助单片机的系统加密方法 技术领域  System encryption method using multi-purpose auxiliary single chip microcomputer
本发明涉及一种计算机程序加密方法, 特别是涉及一种采用多用途辅助单 片机的系统加密方法。  The present invention relates to a computer program encryption method, and more particularly to a system encryption method using a multi-purpose auxiliary chip microcomputer.
背景技术 Background technique
目前,采用微处理器的复杂控制系统中, 由于软件程序量大,所需的程序存 储器 (ROM)也相对要求较大,通常釆用的架构是微处理器 +程序存储器的两片结 构。从开发的方便性及生产可操作性出发,程序存储器一般采用可擦写程序存储 器(FLASH R0M) o 由于 FLASH ROM本身所固有的特点, 程序能够被读出并复制, 使得系统在硬件也可被复制的情况下毫无保密可言。为解决该问题,通常在微处 理器和 FLASH ROM之间数据读取引进可编程逻辑器件来加密, 但是, 由于可编程 逻辑器件价格昂贵、使用方便性差, 而且需要增加硬件电路, 使得系统复杂, 可 维护性相对较差。  At present, in a complex control system using a microprocessor, due to the large amount of software programs, the required program memory (ROM) is relatively large, and the commonly used architecture is a two-chip structure of the microprocessor + program memory. From the convenience of development and the operability of production, the program memory generally uses rewritable program memory (FLASH R0M). o Due to the inherent characteristics of FLASH ROM, the program can be read and copied, so that the system can also be There is no confidentiality in the case of copying. In order to solve this problem, data reading is usually introduced between the microprocessor and the FLASH ROM to introduce a programmable logic device for encryption. However, since the programmable logic device is expensive, the use convenience is poor, and the hardware circuit needs to be added, the system is complicated. Maintainability is relatively poor.
现有的复杂控制系统通常由主处理器 1 '、程序存储器 2' (ROM/Flash)和辅 助单片机 3' 组成, 系统示意框图如图 1所示, 主处理器 1 ' 完成主要的数据运 算处理及控制功能, ROM/Flash是主处理器的程序存储器 2', 辅助单片机 3' 用 来完成系统待机时的各种控制及其他简单的控制功能, 辅助单片机 3' 与主处理 器 1 ' 之间采用 I2C总线通讯。 现有这种复杂控制系统的保密性仍然非常低。对于硬件电路,其复制是非常 简单的,我们所说的保密性一般都是针对软件程序方面的。在这种结构的系统中, 主处理器 1 '的软件程序存储在程序存储器 2' (ROM/Flash)中,而由于 ROM/Flash 的本身特性, 存储在其内部的软件程序很容易被复制; 辅助单片机 3' 的软件程 序存储在其内置的程序存储器中,如果不釆取防复制措施,也很容易被复制,就 算使用烧死(防读出)程序存储器的方法来防止软件程序被复制,但由于辅助单 片机 3' 功能简单, 软件程序量小, 要编写出与主处理器 1 ' 相匹配的软件程序 也很容易, 所需时间也很少, 甚至某些系统在去掉辅助单片机 3' 的情况下还能 完成系统的主要功能, 如此要复制整个系统是非常简单的。 发明内容 The existing complex control system usually consists of the main processor 1 ', program memory 2' (ROM / Flash) and the auxiliary microcontroller 3', the system schematic block diagram shown in Figure 1, the main processor 1 'complete the main data operation processing And the control function, ROM/Flash is the program memory 2' of the main processor, the auxiliary MCU 3' is used to complete various control and other simple control functions during system standby, and between the auxiliary MCU 3' and the main processor 1' Communication using I 2 C bus. The confidentiality of existing complex control systems is still very low. For hardware circuits, the copying is very simple, and the confidentiality we are talking about is generally for software programs. In the system of this configuration, the software program of the main processor 1' is stored in the program memory 2' (ROM/Flash), and due to the inherent characteristics of the ROM/Flash, the software program stored therein is easily copied; The software program of the auxiliary MCU 3' is stored in its built-in program memory. If it is not copy-protected, it can be easily copied. Even if the program memory is burned (anti-read), the software program can be prevented from being copied. However, since the auxiliary MCU 3' is simple in function and small in software program, it is easy to write a software program that matches the main processor 1', and the time required is small. Even some systems are removing the auxiliary MCU 3'. In this case, the main functions of the system can be completed, so it is very simple to copy the entire system. Summary of the invention
本发明的目的在于克服现有技术之不足,提供一种不需要专门的可编程逻辑 器件、 使用方便性好的的系统加密方法。 The object of the present invention is to overcome the deficiencies of the prior art and provide a special programmable logic that is not required. Device, easy to use system encryption method.
本发明是基于这样的原理实现的:在使用带内置烧死(防读出)程序存储器 的单片机的基础上,通过在主处理器软件程序和辅助单片机软件程序中增加约定 加密协议算法的密码校验的方式,使得系统在密码校验出错时启动保护功能,达 到系统加密的目的。  The present invention is based on the principle of adding a cryptographically calibrated encryption protocol algorithm to a host processor software program and an auxiliary microcontroller software program based on a single-chip microcomputer with a built-in burn-in (anti-read) program memory. The method of verification makes the system start the protection function when the password verification error occurs, and achieves the purpose of system encryption.
本发明解决其技术问题所采用的技术方案是:一种采用多用途辅助单片机的 系统加密方法, 其加密、 校验包括如下步骤:  The technical solution adopted by the present invention to solve the technical problem thereof is: a system encryption method using a multi-purpose auxiliary single-chip microcomputer, and the encryption and verification include the following steps:
a. 将设有约定加密协议算法的主处理器软件程序和辅助单片机软件程序分 别存入主处理器的程序存储器和单片机的程序存储器中,所述的约定加密协议算 法为可逆算法或不可逆算法;  a main processor software program and an auxiliary single chip software program having a predetermined encryption protocol algorithm are respectively stored in a program memory of the main processor and a program memory of the single chip microcomputer, wherein the agreed encryption protocol algorithm is a reversible algorithm or an irreversible algorithm;
在主处理器软件程序中设有一个或多个进入运行加密协议通讯的校验点; 所述的辅助单片机软件程序采用烧死方式固化于单片机的程序存储器中; b. 启动系统工作, 主处理器运行主处理器软件程序, 辅助单片机运行辅助 单片机软件程序;  One or more checkpoints entering the running encryption protocol communication are provided in the main processor software program; the auxiliary single-chip microcomputer software program is solidified in the program memory of the single-chip microcomputer by using a burn-in method; b. starting the system work, main processing The main processor software program is run, and the auxiliary single chip computer runs the auxiliary single chip software program;
c . 主处理器软件程序运行至校验点时, 由主处理器产生一随机数作为明码 通过主处理器与辅助单片机之间的通讯总线发送给辅助单片机;  c. When the main processor software program runs to the checkpoint, the host processor generates a random number as the plain code, and sends it to the auxiliary single chip through the communication bus between the main processor and the auxiliary single chip microcomputer;
d. 辅助单片机将收到的由主处理器发送过来的明码按所述的约定加密协议 算法加密生成密码,并将密码通过主处理器与辅助单片机之间的通讯总线发送给 主处理器;  d. The auxiliary chip transmits the received clear code sent by the main processor according to the agreed encryption protocol algorithm to generate a password, and sends the password to the main processor through the communication bus between the main processor and the auxiliary single chip;
e. 主处理器将辅助单片机发送的密码按所述的约定加密协议算法解密还原 成明码, 并将解密还原的明码与原先产生的明码进行比较核对; 或  e. The main processor decrypts and restores the password sent by the auxiliary MCU according to the agreed encryption protocol algorithm into a clear code, and compares the decrypted and restored plain code with the original generated plain code; or
主处理器将自身所产生的随机数按所述的约定加密协议算法加密生成一密 码, 并将该密码与由辅助单片机发送过来的密码进行比较核对;  The main processor encrypts the random number generated by itself according to the agreed encryption protocol algorithm to generate a password, and compares the password with the password sent by the auxiliary MCU;
f. 当对应的两明码或两密码相一致时, 主处理器继续运行后续软件程序或 包括重复步骤 c;  f. When the corresponding two clear codes or two passwords are consistent, the main processor continues to run the subsequent software program or includes repeating step c;
当对应的两明码或两密码不一致时,主处理器拒绝运行后续软件程序,系统 结束运行。  When the corresponding two clear codes or two passwords are inconsistent, the main processor refuses to run the subsequent software program, and the system ends running.
本发明的系统加密方法,是在现有的复杂控制系统的硬件电路中将辅助单片 机更改为带内置烧死(防读出)程序存储器的单片机, 其他硬件结构完全一样, 软件程序上则在主处理器与辅助单片机之间的通讯中采用一种加密协议,从而来 实现系统加密的目的。 The system encryption method of the present invention is to change the auxiliary single-chip microcomputer into a single-chip microcomputer with a built-in burn-in (anti-read) program memory in the hardware circuit of the existing complex control system, and the other hardware structures are completely the same. In the software program, an encryption protocol is used in the communication between the main processor and the auxiliary single chip, thereby achieving the purpose of system encryption.
本发明的系统加密方法,其校验点可以设置一个, 比如设定在系统需执行任 务之前; 校验点也可以设置多个, 比如设定在软件程序运行的过程中。  In the system encryption method of the present invention, one checkpoint can be set, for example, before the system needs to perform a task; and the checkpoint can also be set, for example, during the running of the software program.
当软件程序运行到校验点时, 由主处理器生成一个随机数发送给辅助单片 机,辅助单片机接收到此随机数后,按照约定加密协议算法生成一个密码发回给 主处理器。  When the software program runs to the checkpoint, the host processor generates a random number and sends it to the auxiliary microcontroller. After receiving the random number, the auxiliary microcontroller generates a password according to the agreed encryption protocol algorithm and sends it back to the main processor.
在主处理器中,根据约定加密协议算法中的可逆算法或不可逆算法,分别采 取对应的方式进行比较核对。当约定加密协议算法是选用可逆算法时,主处理器 按照约定加密协议算法,将辅助单片机发送过来的密码解密还原成明码,并将此 明码与主处理器原先产生的随机数即明码进行比较核对,如果相等则表示通讯成 功, 主处理器执行相应的任务,如果不相等则表示通讯失败,主处理器不执行相 应的任务;当约定加密协议算法是选用不可逆算法时,主处理器按照约定加密协 议算法将其生成的随机数转换成密码,并将此密码与辅助单片机发回的密码相比 较, 如果相等则表示通讯成功,主处理器执行相应的任务, 如果不相等则表示通 讯失败, 主处理器不执行相应的任务。  In the main processor, according to the reversible algorithm or the irreversible algorithm in the agreed encryption protocol algorithm, the corresponding method is used for comparison check. When the agreement encryption protocol algorithm selects the reversible algorithm, the main processor decrypts the password sent by the auxiliary single chip to the clear code according to the agreed encryption protocol algorithm, and compares the clear code with the random number originally generated by the main processor, that is, the clear code. If they are equal, the communication is successful, and the main processor executes the corresponding task. If it is not equal, the communication fails, the main processor does not perform the corresponding task; when the agreed encryption protocol algorithm selects the irreversible algorithm, the main processor encrypts according to the agreement. The protocol algorithm converts the generated random number into a password, and compares the password with the password sent back by the auxiliary MCU. If they are equal, the communication is successful, and the main processor performs the corresponding task. If it is not equal, the communication fails. The processor does not perform the corresponding task.
本发明的系统加密方法使系统的非法复制增加了难度。 虽然 ROM/Rash中 的主处理器的软件程序仍然可以复制, 由于辅助单片机采用的是带内置烧死(防 读出)程序存储器的单片机,其软件程序不能被复制, 而且在没有辅助单片机的 情况下,整个系统不工作;如果想通过另行编写辅助单片机软件程序使系统工作, 由于通讯时的密码是由随机数经过加密协议而生成的,破解的难度非常大。所以 整个系统具有非常髙的安全系数, 大大减小了系统被复制的可能性。  The system encryption method of the present invention makes the illegal copying of the system more difficult. Although the software program of the main processor in ROM/Rash can still be copied, since the auxiliary MCU uses a MCU with built-in burn-in (anti-read) program memory, its software program cannot be copied, and in the case of no auxiliary MCU. Next, the whole system does not work; if you want to make the system work by separately writing the auxiliary MCU software program, since the password during communication is generated by the random number through the encryption protocol, the cracking is very difficult. Therefore, the entire system has a very high safety factor, which greatly reduces the possibility of the system being copied.
本发明的系统加密方法,其主处理器及外挂的程序存储器采用未加密的方式 通讯和存储,便于软件程序的修改升级等维护工作。主处理器的软件程序运行中 的关键点都进行密码校验, 也即将校验点设在软件程序运行的关键点处。  In the system encryption method of the present invention, the main processor and the external program memory are communicated and stored in an unencrypted manner, which facilitates maintenance work such as modification and upgrade of the software program. The key points in the running of the main processor's software program are password verified, and the checkpoint is set at the key point of the software program operation.
在多微处理器系统中,本发明釆用了以带内置烧死(防读出)程序存储器的 单片机替代功能相对简单、软件程序量小的辅助微处理器(例如电源管理辅助微 处理器), 并在主处理器软件程序和辅助单片机软件程序中增加约定加密协议算 法的密码校验的方法。其有益效果是, 由于辅助单片机采用的是带内置烧死(防 读出)程序存储器的单片机,其软件程序不能被复制, 而且在没有辅助单片机的 情况下整个系统不工作, 如果想通过另行编写辅助单片机软件程序使系统工作, 由于通讯时的密码是由随机数经过加密协议生成的,破解的难度非常大,所以整 个系统具有非常髙的安全系数, 大大减小了系统被复制的可能性。 In a multi-microprocessor system, the present invention uses a single-chip microcomputer with a built-in burn-in (anti-read) program memory to replace a secondary microprocessor (for example, a power management auxiliary microprocessor) having a relatively simple function and a small software program. And adding a method of cryptographic verification of the cryptographic protocol algorithm in the main processor software program and the auxiliary single-chip software program. The beneficial effect is that, because the auxiliary single chip adopts the built-in burned (anti-proof Read the program memory of the MCU, the software program can not be copied, and the whole system does not work without the auxiliary MCU. If you want to make the system work by separately writing the auxiliary MCU software program, the password is the random number when communicating. After the encryption protocol is generated, the difficulty of cracking is very large, so the whole system has a very high security factor, which greatly reduces the possibility of the system being copied.
采用本发明的系统加密方法, 具有如下优点:  The system encryption method of the present invention has the following advantages:
1)采用算法加密, 使用成熟的权威算法, 确保系统不易受通讯波形分析和 复制等攻击;  1) Using algorithmic encryption, using mature authoritative algorithms to ensure that the system is not vulnerable to attacks such as communication waveform analysis and replication;
2)使用安全的小单片机, 由于其带内置烧死(防读出)功能, 无法读取和 破解软件程序信息, 若试图研磨打开芯片,则芯片破碎将致使数据无法判读,提 高了系统的安全性;  2) Using a safe small single-chip microcomputer, because it has built-in burn-in (anti-readout) function, it cannot read and crack software program information. If you try to grind and open the chip, the chip break will make the data unreadable, which improves the security of the system. Sex
3)辅助单片机同时还可承担其它任务, 以较小的成本完成具有较髙安全性 能的加密, 大大提高了解密的成本和代价;  3) The auxiliary MCU can also undertake other tasks and complete the encryption with relatively high security performance at a small cost, which greatly increases the cost and cost of decryption;
4)加密的过程简单, 不影响原来硬件的设计和主处理器软件程序的修改, 升级等生产和售后维护工作。  4) The encryption process is simple, does not affect the original hardware design and modification of the main processor software program, upgrade and other production and after-sales maintenance work.
附图说明 DRAWINGS
以下结合附图及实施例对本发明作进一步详细说明;但本发明的一种采用多 用途辅助单片机的系统加密方法不局限于实施例。  The present invention will be further described in detail below with reference to the accompanying drawings and embodiments; however, a system encryption method using a multi-purpose auxiliary single chip microcomputer of the present invention is not limited to the embodiment.
图 1是现有复杂控制系统的构成示意图;  1 is a schematic view showing the structure of a conventional complex control system;
图 2是本发明的系统构成示意图;  Figure 2 is a schematic view showing the structure of the system of the present invention;
图 3是实施例一本发明的系统加密 /校验示意流程图;  3 is a schematic flow chart of system encryption/verification of the first embodiment of the present invention;
图 4是实施例一本发明的不可逆算法的加密示意流程图;  4 is a schematic flow chart showing the encryption of the irreversible algorithm of the first embodiment of the present invention;
图 5是 LCD TV的系统结构框图;  Figure 5 is a block diagram of the system structure of the LCD TV;
图 6是实施例二本发明的可逆算法的加密示意流程图。  6 is a schematic flow chart showing the encryption of the reversible algorithm of the second embodiment of the present invention.
具体实施方式 detailed description
实施例一,参见图 2至图 4所示,本发明的一种采用多用途辅助单片机的系 统加密方法, 是在使用带内置烧死(防读出)程序存储器的单片机的基础上, 通 过在主处理器软件程序和辅助单片机软件程序中增加约定加密协议算法的密码 校验的方式,且由于单片机的软件程序无法被非法读出,使得无法复制系统软件 程序, 达到系统加密的目的。 其系统硬件通常包括主处理器 1、 ROM/Flash程序 存储器 2、 辅助单片机 3。 主处理器 1及外挂的程序存储器 2之间采用未加密方 式的通讯和存储,便于软件程序的修改升级等维护工作。主处理器 1在软件程序 运行的多个关键点进行密码校验, 也即将校验点设在软件程序运行的各关键点 处。 Embodiment 1 Referring to FIG. 2 to FIG. 4, a system encryption method using a multi-purpose auxiliary single-chip microcomputer according to the present invention is based on using a single-chip microcomputer with a built-in burn-in (anti-read) program memory. The main processor software program and the auxiliary MCU software program add a password verification method of the encryption protocol algorithm, and since the software program of the MCU cannot be illegally read out, the system software program cannot be copied, and the system encryption is achieved. Its system hardware usually includes the main processor 1, ROM / Flash program Memory 2, auxiliary microcontroller 3. The unencrypted communication and storage between the main processor 1 and the external program memory 2 facilitates maintenance work such as modification and upgrade of the software program. The main processor 1 performs password verification at a plurality of key points of the software program running, that is, the check point is set at each key point of the software program running.
系统加密方法包括如下步骤:  The system encryption method includes the following steps:
步骤 a. 将设有约定加密协议算法的主处理器软件程序和辅助单片机软件程 序分别存入主处理器 1的程序存储器 2和单片机 3的程序存储器中,所述的约定 加密协议算法为不可逆算法;  Step a. The main processor software program and the auxiliary single chip software program provided with the agreed encryption protocol algorithm are respectively stored in the program memory 2 of the main processor 1 and the program memory of the single chip microcomputer 3. The agreed encryption protocol algorithm is an irreversible algorithm. ;
在主处理器软件程序中设有多个进入运行加密协议通讯的校验点; 所述的辅助单片机软件程序采用烧死方式固化于单片机 3的程序存储器中; 步骤 b. 启动系统工作, 主处理器 1运行主处理器软件程序, 辅助单片机 3 运行辅助单片机软件程序, 如框 101、 框 102所示;  In the main processor software program, a plurality of checkpoints for entering the running encryption protocol communication are provided; the auxiliary single-chip microcomputer software program is solidified in the program memory of the single chip microcomputer 3 by using a burn-in method; Step b. Starting the system work, the main processing The device 1 runs the main processor software program, and the auxiliary MCU 3 runs the auxiliary MCU software program, as shown in block 101 and block 102;
步骤 c. 主处理器软件程序运行至校验点时, 由主处理器 1产生一随机数, 并将其作为明码通过主处理器 1与辅助单片机 3之间的通讯总线 1¾发送给辅助 单片机 3, 如框 103、 框 104、 框 105所示;  Step c. When the main processor software program runs to the checkpoint, the host processor 1 generates a random number, and sends it as the clear code to the auxiliary microcontroller 3 through the communication bus 13⁄4 between the main processor 1 and the auxiliary microcontroller 3. , as shown in block 103, block 104, and block 105;
步骤 d. 辅助单片机 3收到的由主处理器 1发送过来的明码后, 按所述的约 定加密协议算法加密生成密码,并将该密码通过主处理器 1与辅助单片机 3之间 的通讯总线 I2C发送给主处理器 1, 如框 106、 框 107、框 108所示; Step d. After receiving the clear code sent by the main processor 1 received by the auxiliary single chip microcomputer 3, the password is encrypted according to the agreed encryption protocol algorithm, and the password is passed through the communication bus between the main processor 1 and the auxiliary single chip 3. I 2 C is sent to the main processor 1, as indicated by block 106, block 107, block 108;
步骤 e. 主处理器 1将自身所产生的随机数按所述的约定加密协议算法加密 生成一密码,并将该密码与由辅助单片机 3发送过来的密码进行比较核对,如框 109、 框 110、 框 111所示;  Step e. The main processor 1 encrypts the random number generated by itself according to the agreed encryption protocol algorithm to generate a password, and compares the password with the password sent by the auxiliary MCU 3, as in block 109, block 110. , shown in block 111;
f . 当对应的两密码相一致时, 主处理器 1继续运行后续软件程序并包括重 复步骤 c, 如框 112所示;  f. When the corresponding two passwords match, the main processor 1 continues to run the subsequent software program and includes repeating step c, as indicated by block 112;
当对应的两密码不一致时,主处理器 1拒绝运行后续软件程序,系统结束运 行。  When the corresponding two passwords are inconsistent, the main processor 1 refuses to run the subsequent software program, and the system ends the operation.
图 4为不可逆算法的加密示意流程图; 其中,  4 is a schematic flow chart of encryption of an irreversible algorithm;
明码 =Randoml6  Clear code =Randoml6
密钥 =0x55aa  Key =0x55aa
加密算法:
Figure imgf000007_0001
0x55aa 在主处理器 1中, 首先由主处理器 1随机产生一个 16位的数, 见框 201所 示; 这个 16位的随机数作为明码发送给辅助单片机 3, 见框 202所示; Encryption Algorithm:
Figure imgf000007_0001
0x55aa In the main processor 1, a 16-bit number is first randomly generated by the main processor 1, as shown in block 201; the 16-bit random number is sent as a plain code to the auxiliary microcontroller 3, as shown in block 202;
在辅助单片机 3中,对由主处理器 1发来的明码进行加密处理, 即,将随机 数先右移一位后, 再与 0x55aa异或后形成密码, 见框 203所示; 然后, 将密码 发回主处理器 1, 见框 204所示;  In the auxiliary MCU 3, the clear code sent by the main processor 1 is encrypted, that is, the random number is shifted to the right by one bit, and then X055aa is XORed to form a password, as shown in block 203; The password is sent back to the main processor 1, as shown in block 204;
在主处理器 1中, 将自身产生的 16位随机数采用与辅助单片机 3中相同的 加密算法对随机数进行加密处理, 即, 将随机数先右移一位后, 再与 0x55aa异 或后形成密码, 见框 205所示; 然后, 主处理器 1将本身产生的密码和单片机 3 发来的密码进行比较核对, 见框 206所示,如果两者相等则表示正确, 主处理器 1继续运行, 见框 207所示, 如果两者不相等则表示不正确, 主处理器 1拒绝运 行, 见框 208所示。  In the main processor 1, the 16-bit random number generated by itself is encrypted by the same encryption algorithm as that in the auxiliary single-chip microcomputer 3, that is, the random number is shifted to the right by one bit, and then X055aa is XORed. The password is formed, as shown in block 205; then, the main processor 1 compares the password generated by itself with the password sent by the microcontroller 3, as shown in block 206, if the two are equal, the main processor 1 continues. Run, see block 207, if the two are not equal, the representation is incorrect, the main processor 1 refuses to run, see block 208.
明码及密码的传送过程经由 I2C总线直接快速完成。 由于随机数的参与, 使 得企图通过 I2C总线通讯波形的逻辑分析, 破解系统软件程序的代价大大提高。 The transmission of the clear code and password is done directly and quickly via the I 2 C bus. Due to the participation of random numbers, the cost of cracking the system software program is greatly improved by the logic analysis of the communication waveform of the I 2 C bus.
虽然 ROM/Flash中的主处理器的软件程序仍然可以复制, 但采用本发明的 系统加密方法, 且由于辅助单片机 3采用的是带内置烧死(防读出)程序存储器 的单片机,其软件程序很难被复制,而且在没有辅助单片机 3的情况下,整个系 统不工作;如果想通过另行编写辅助单片机软件程序使系统工作, 由于通讯时的 密码是由随机数经过加密协议生成的,破解的难度非常大,所以整个系统具有非 常髙的安全系数, 大大减小了系统被复制的可能性。  Although the software program of the main processor in the ROM/Flash can still be copied, the system encryption method of the present invention is adopted, and since the auxiliary single chip microcomputer 3 is a single-chip microcomputer with a built-in burn-in (anti-read) program memory, the software program thereof is used. It is difficult to be copied, and in the absence of the auxiliary MCU 3, the whole system does not work; if you want to make the system work by separately writing the auxiliary MCU software program, since the password during communication is generated by the random number through the encryption protocol, the crack is generated. The difficulty is very large, so the entire system has a very high safety factor, greatly reducing the possibility of the system being copied.
本发明的加密方法用在 LCD TV中的一个具体实施例如图 5所示。 LCD TV 系统各种信号通道(RF、 AV、 VGA、 HDTV等)输入的视频信号, 直接(或经 过必要的处理)连接到 SWITCH通道选择控制 IC, SWITCH通道选择控制 IC 将选定通道输入的视频信号输送给主处理器 1,主处理器 1将视频信号经过各种 优化处理后输出到液晶显示屏上显示出图像。  A specific embodiment of the encryption method of the present invention for use in an LCD TV is shown in Fig. 5. The video signals input by various signal channels (RF, AV, VGA, HDTV, etc.) of the LCD TV system are directly (or subjected to necessary processing) connected to the SWITCH channel selection control IC, and the SWITCH channel selection control IC inputs the video of the selected channel. The signal is sent to the main processor 1, and the main processor 1 passes the various optimization processes and outputs the image to the liquid crystal display to display the image.
此系统中的核心是主处理器 1,它完成绝大部分的控制和图像处理功能,主 处理器 1外挂有 ROM7Flash2,用于存储主处理器软件程序,主处理器 1通过 I2C 总线与辅助单片机 3相连接。 The core of this system is the main processor 1, which performs most of the control and image processing functions. The main processor 1 is externally connected with ROM7Flash2 for storing the main processor software program, and the main processor 1 is connected through the I 2 C bus. The auxiliary MCU 3 is connected.
采用本发明的加密方法, 对辅助单片机 3选用带内置烧死(防读出)程序 存储器的单片机,并且在主处理器软件程序和辅助单片机软件程序中增加约定加 密协议算法的密码校验。这样, 即使主处理器 1的软件程序可能被复制,但由于 辅助单片机 3的软件程序无法复制,则主处理器 1无法建立与辅助单片机 3之间 的正常通讯, 所以, 主处理器 1不会执行任何任务, 整个系统便无法正常工作。 因此,可以有效防止 LCD TV中主处理器软件程序被复制使用的现象发生。辅助 单片机 3除完成与主处理器 1的加密协议算法的密码校验的通讯外,还可进行电 视机的电源管理, 即对工作, 待机, 关机等状态下的电源进行控制。 By using the encryption method of the invention, a single-chip microcomputer with a built-in burn-out (anti-readout) program memory is selected for the auxiliary single-chip microcomputer 3, and an agreement is added in the main processor software program and the auxiliary single-chip microcomputer software program. Password verification of the secret protocol algorithm. Thus, even if the software program of the main processor 1 may be copied, since the software program of the auxiliary microcontroller 3 cannot be copied, the main processor 1 cannot establish normal communication with the auxiliary microcontroller 3, so the main processor 1 does not By performing any task, the entire system will not work properly. Therefore, it is possible to effectively prevent the occurrence of the main processor software program being copied and used in the LCD TV. In addition to completing the communication with the password verification of the encryption protocol algorithm of the main processor 1, the auxiliary microcomputer 3 can also perform power management of the television, that is, control the power supply in the state of work, standby, shutdown, and the like.
实施例二,参见图 6所示,本发明的一种采用多用途辅助单片机的系统加密 方法, 与实施例一的不同之处在于, 所采用的加密协议算法为可逆算法; 因此, 在步骤 e中:主处理器 1将辅助单片机 3发送的密码按所述的可逆算法的加 密协议算法解密还原成明码,并将解密还原的明码与原先产生的明码进行比较核 对;  Embodiment 2 Referring to FIG. 6, a system encryption method using a multi-purpose auxiliary single-chip microcomputer according to the present invention is different from the first embodiment in that the encryption protocol algorithm used is a reversible algorithm; therefore, in step e The main processor 1 decrypts and restores the password sent by the auxiliary single chip microcomputer 3 to the clear code according to the encryption protocol algorithm of the reversible algorithm, and compares the decrypted and restored plain code with the original generated plain code;
在步骤 f中: 当对应的两明码相一致时,主处理器 1继续运行后续软件程序 或包括重复步骤 c ;  In step f: when the corresponding two clear codes are consistent, the main processor 1 continues to run the subsequent software program or includes repeating step c;
当对应的两明码不一致时,主处理器 1拒绝运行后续软件程序,系统结束运 行。  When the corresponding two clear codes are inconsistent, the main processor 1 refuses to run the subsequent software program, and the system ends the operation.
图 6为可逆算法的加密示意流程图; 其中,  6 is a schematic flow chart of encryption of a reversible algorithm;
明码: Randoml6  Clear code: Randoml6
密钥 =0x55aa  Key =0x55aa
加密算法: 密码 =明码 A密钥 -Randoml6A0x55aa The encryption algorithm: A cryptographic key codes = -Randoml6 A 0x55aa
解密算法: 明码 =密码密钥- (Randoml6A0x55aa) A0x55aa Decryption algorithm: Clear code = cryptographic key - (Randoml6 A 0x55aa) A 0x55aa
在主处理器 1中, 首先由主处理器 1随机产生一个 16位的数, 见框 301所 示; 这个 16位的随机数作为明码发送给辅助单片机 3, 见框 202所示;  In the main processor 1, a 16-bit number is first randomly generated by the main processor 1, as shown in block 301; the 16-bit random number is sent as a plain code to the auxiliary microcontroller 3, as shown in block 202;
在辅助单片机 3中, 对由主处理器 1发来的明码进行加密处理, 即,将随机 数与 0x55aa异或后形成密码, 见框 303所示; 然后, 将密码发回主处理器 1, 见框 204所示;  In the auxiliary MCU 3, the clear code sent by the main processor 1 is encrypted, that is, the random number is XORed with 0x55aa to form a password, as shown in block 303; then, the password is sent back to the main processor 1, See block 204;
在主处理器 1中,将辅助单片机 3发来的密码进行解密处理, 即,将辅助单 片机 3的密码再次与 0x55aa异或后还原成明码, 见框 305所示; 主处理器 1将 其自身随机产生的 16位的数(即发送给单片机的明码)与辅助单片机 3发来的 密码被解码后还原成的明码进行比较核对,见框 306所示,如果两者相等则表示 正确, 主处理器 1继续运行, 见框 307所示, 如果两者不相等则表示不正确, 主 处理器 1拒绝运行, 见框 308所示。 In the main processor 1, the password sent by the auxiliary single chip microcomputer 3 is decrypted, that is, the password of the auxiliary single chip microcomputer 3 is again XORed with 0x55aa and restored to the clear code, as shown in block 305; the main processor 1 will itself The randomly generated 16-bit number (that is, the clear code sent to the single-chip microcomputer) is compared with the clear code decoded by the auxiliary single-chip microcomputer 3 after being decoded, as shown in block 306, if the two are equal, it means Correctly, the main processor 1 continues to operate, as shown in block 307, if the two are not equal, the representation is incorrect, and the main processor 1 refuses to operate, see block 308.
工业实用性 Industrial applicability
本发明通过带内置烧死程序存储器的单片机与主处理器之间的通讯采用一 个加密协议的方式对系统加密, 不需要外加其他装置, 其构思巧妙, 结构简单, 具有良好的工业实用性。  The invention encrypts the system by means of a cryptographic protocol by communication between the single chip microcomputer with the built-in burning program memory and the main processor, and does not need other devices, and has a clever idea, a simple structure and good industrial applicability.

Claims

权 利 要 求 Rights request
1、 一种采用多用途辅助单片机的系统加密方法, 其系统包括主处理器、 程 序存储器和辅助单片机,辅助单片机为带内置烧死程序存储器的单片机,并在辅 助单片机与主处理器之间的通讯采用一种加密协议,系统运行过程中,主处理器 多次向辅助单片机发出数字信息,辅助单片机向主处理器发回与该数字信息对应 的密码, 主处理器对该密码进行校验, 且在密码校验出错时启动保护功能, 达到 系统加密。  1. A system encryption method using a multi-purpose auxiliary single-chip microcomputer, the system comprising a main processor, a program memory and a auxiliary single-chip microcomputer, the auxiliary single-chip microcomputer is a single-chip microcomputer with a built-in burn-in program memory, and between the auxiliary single-chip microcomputer and the main processor The communication adopts an encryption protocol. During the running of the system, the main processor sends digital information to the auxiliary single-chip microcomputer multiple times, and the auxiliary single-chip microcomputer sends back a password corresponding to the digital information to the main processor, and the main processor checks the password. And when the password verification error occurs, the protection function is activated to achieve system encryption.
2、 根据权利要求 1所述的一种采用多用途辅助单片机的系统加密方法, 其 特征在于:所述的主处理器通过通讯总线与辅助单片机连接,主处理器通过数据 或程序总线与程序存储器连接。  2. The system encryption method using a multi-purpose auxiliary single-chip microcomputer according to claim 1, wherein the main processor is connected to the auxiliary single-chip microcomputer through a communication bus, and the main processor passes the data or the program bus and the program memory. connection.
3、根据权利要求 1或 2所述的一种采用多用途辅助单片机的系统加密方法, 其特征在于: 其加密及校验包括如下步骤:  3. A system encryption method using a multi-purpose auxiliary single chip according to claim 1 or 2, wherein: the encryption and verification comprises the following steps:
a. 将设有约定加密协议算法的主处理器软件程序和辅助单片机软件程序分 别存入主处理器的程序存储器和单片机的程序存储器中,所述的约定加密协议算 法为可逆算法;  a main processor software program and an auxiliary single chip software program having a predetermined encryption protocol algorithm are respectively stored in a program memory of the main processor and a program memory of the single chip microcomputer, and the agreed encryption protocol algorithm is a reversible algorithm;
在主处理器程序中设有一个或多个进入运行加密协议通讯的校验点; 所述的辅助单片机程序采用烧死方式固化于单片机的程序存储器中; b. 启动系统工作, 主处理器运行主处理器软件程序, 辅助单片机运行辅助 单片机软件程序;  The main processor program is provided with one or more checkpoints for entering the communication protocol of the running encryption protocol; the auxiliary single-chip microcomputer program is solidified in the program memory of the single-chip microcomputer by using a burn-in method; b. starting the system work, the main processor is running The main processor software program, the auxiliary single chip computer runs the auxiliary single chip software program;
c主处理器软件程序运行至校验点时, 由主处理粱产生一随机数作为明码, 并通过主处理器与辅助单片机之间的通讯总线发送给辅助单片机;  c When the main processor software program runs to the checkpoint, a random number is generated by the main processing unit as the clear code, and is sent to the auxiliary single chip through the communication bus between the main processor and the auxiliary single chip;
d. 辅助单片机将收到的由主处理器发送过来的明码按所述的约定加密协议 算法加密生成密码,并将该密码通过主处理器与辅助单片机之间的通讯总线发送 给主处理器;  d. The auxiliary microcontroller transmits the received clear code sent by the main processor according to the agreed encryption protocol algorithm to generate a password, and sends the password to the main processor through the communication bus between the main processor and the auxiliary single chip;
e. 主处理器将本身所产生的随机数按所述的约定加密协议算法加密生成一 密码, 并将该密码与由辅助单片机发送过来的密码进行比较核对;  e. The main processor encrypts the random number generated by itself according to the agreed encryption protocol algorithm to generate a password, and compares the password with the password sent by the auxiliary MCU;
f. 当对应的两密码相一致时, 主处理器继续运行后续程序或包括重复步骤 f. When the corresponding two passwords match, the main processor continues to run subsequent programs or includes repeated steps
C; C;
当对应的两密码不一致时, 主处理器拒绝运行后续程序, 系统结束运行。 When the corresponding two passwords are inconsistent, the main processor refuses to run the subsequent program, and the system ends running.
4、根据权利要求 1或 2所述的一种采用多用途辅助单片机的系统加密方法, 其特征在于: 其加密及校验包括如下步骤: 4. A system encryption method using a multi-purpose auxiliary single chip according to claim 1 or 2, wherein: the encryption and verification comprises the following steps:
a. 将设有约定加密协议算法的主处理器软件程序和辅助单片机软件程序分 别存入主处理器的程序存储器和单片机的程序存储器中,所述的约定加密协议算 法为不可逆算法;  a main processor software program and an auxiliary single chip software program having a predetermined encryption protocol algorithm are respectively stored in a program memory of the main processor and a program memory of the single chip microcomputer, wherein the agreed encryption protocol algorithm is an irreversible algorithm;
在主处理器程序中设有一个或多个进入运行加密协议通讯的校验点; 所述的辅助单片机程序采用烧死方式固化于单片机的程序存储器中; b. 启动系统工作, 主处理器运行主处理器软件程序, 辅助单片机运行辅助 单片机软件程序;  The main processor program is provided with one or more checkpoints for entering the communication protocol of the running encryption protocol; the auxiliary single-chip microcomputer program is solidified in the program memory of the single-chip microcomputer by using a burn-in method; b. starting the system work, the main processor is running The main processor software program, the auxiliary single chip computer runs the auxiliary single chip software program;
c 主处理器程序运行至校验点时, 由主处理器产生一随机数作为明码通过 主处理器与辅助单片机之间的通讯总线发送给辅助单片机;  c When the main processor program runs to the checkpoint, the host processor generates a random number as the plain code to send to the auxiliary microcontroller through the communication bus between the main processor and the auxiliary microcontroller;
d. 辅助单片机将收到的由主处理器发送过来的明码按所述的约定加密协议 算法加密生成密码,并将密码通过主处理器与辅助单片机之间的通讯总线发送给 主处理器;  d. The auxiliary chip transmits the received clear code sent by the main processor according to the agreed encryption protocol algorithm to generate a password, and sends the password to the main processor through the communication bus between the main processor and the auxiliary single chip;
e. 主处理器将辅助单片机发送的密码按所述的约定加密协议算法解密还原 成明码, 并将解密还原的明码与原先自身产生的明码进行比较核对;  e. The main processor decrypts and restores the password sent by the auxiliary MCU according to the agreed encryption protocol algorithm into a clear code, and compares the decrypted and restored plain code with the original self-generated clear code;
f. 当对应的两明码相一致时, 主处理器继续运行后续程序或包括重复步骤 f. When the corresponding two clear codes match, the main processor continues to run subsequent programs or includes repeated steps
C C
当对应的两明码不一致时, 主处理器拒绝运行后续程序, 系统结束运行。 When the corresponding two clear codes are inconsistent, the main processor refuses to run the subsequent program, and the system ends running.
5、 一种采用多用途辅助单片机的系统加密方法的电视机, 其主处理器外挂 有程序存储器,其电源管理辅助处理器为带内置烧死程序存储器的单片机,在辅 助单片机与主处理器之间的通讯采用一种加密协议;电视机系统在运行过程中主 处理器向辅助单片机发出数字信息,辅助单片机向主处理器发回与该数字信息对 应的密码, 主处理器对该密码进行校验,且在密码校验出错时启动保护功能, 达 到系统加密。 5. A television set adopting a system encryption method of a multi-purpose auxiliary single-chip microcomputer, the main processor is externally loaded with a program memory, and the power management auxiliary processor is a single-chip microcomputer with a built-in burn-in program memory, in the auxiliary single-chip microcomputer and the main processor The communication between the two uses an encryption protocol; during the operation of the television system, the main processor sends digital information to the auxiliary microcontroller, and the auxiliary microcontroller sends back a password corresponding to the digital information to the main processor, and the main processor performs the calibration on the password. Check, and start the protection function when the password verification error occurs, to achieve system encryption.
PCT/CN2006/003122 2005-11-24 2006-11-20 A system encrypting method adopting a multiple use supplementary single-chip microcomputer WO2007059701A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200510045425.5 2005-11-24
CNB2005100454255A CN100461063C (en) 2005-11-24 2005-11-24 System encrypted method using multifunctional assistant SCM

Publications (1)

Publication Number Publication Date
WO2007059701A1 true WO2007059701A1 (en) 2007-05-31

Family

ID=38066918

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2006/003122 WO2007059701A1 (en) 2005-11-24 2006-11-20 A system encrypting method adopting a multiple use supplementary single-chip microcomputer

Country Status (2)

Country Link
CN (1) CN100461063C (en)
WO (1) WO2007059701A1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101888627B (en) * 2009-05-12 2013-08-21 中兴通讯股份有限公司 Mobile terminal and system data protection method thereof
CN103729602B (en) * 2013-12-18 2016-08-17 东莞市乐升电子有限公司 Utilize the method that power source management controller is encrypted protection to system
CN104794089B (en) * 2015-05-12 2018-02-16 中国电子科技集团公司第四十七研究所 The method, apparatus and system to be communicated suitable for the modified UART of single-chip microcomputer
CN109831303B (en) * 2018-12-24 2021-09-14 华升智建科技(深圳)有限公司 High-strength random encryption method capable of being realized by low-end 8-bit singlechip

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6741991B2 (en) * 1994-09-30 2004-05-25 Mitsubishi Corporation Data management system
WO2005010726A2 (en) * 2003-07-23 2005-02-03 Ping Kang Hsiung Digital media cartridge system and method
CN1679273A (en) * 2002-08-08 2005-10-05 M-系统快闪盘开拓者公司 Integrated circuit for digital rights management

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6741991B2 (en) * 1994-09-30 2004-05-25 Mitsubishi Corporation Data management system
CN1679273A (en) * 2002-08-08 2005-10-05 M-系统快闪盘开拓者公司 Integrated circuit for digital rights management
WO2005010726A2 (en) * 2003-07-23 2005-02-03 Ping Kang Hsiung Digital media cartridge system and method

Also Published As

Publication number Publication date
CN100461063C (en) 2009-02-11
CN1971470A (en) 2007-05-30

Similar Documents

Publication Publication Date Title
US9921978B1 (en) System and method for enhanced security of storage devices
US6625730B1 (en) System for validating a bios program and memory coupled therewith by using a boot block program having a validation routine
US7389536B2 (en) System and apparatus for limiting access to secure data through a portable computer to a time set with the portable computer connected to a base computer
KR102013841B1 (en) Method of managing key for secure storage of data, and and apparatus there-of
US7073064B1 (en) Method and apparatus to provide enhanced computer protection
US9613215B2 (en) Method and system for implementing a secure chain of trust
EP2248063B1 (en) Method and apparatus for controlling system access during protected modes of operation
KR101657613B1 (en) Backing up digital content that is stored in a secured storage device
US9942219B2 (en) Data security
US20130086385A1 (en) System and Method for Providing Hardware-Based Security
US20050283662A1 (en) Secure data backup and recovery
US20030188162A1 (en) Locking a hard drive to a host
EP1855224B1 (en) Method and system for command authentication to achieve a secure interface
JP2008204459A (en) Hibernation of processing apparatus for processing secure data
JP2011522469A (en) Integrated circuit having protected software image and method therefor
JP2009225439A (en) Secure update of boot image without knowledge of security key
US20090193261A1 (en) Apparatus and method for authenticating a flash program
US20070153580A1 (en) Memory arrangement, memory device, method for shifting data from a first memory device to a second memory device, and computer program element
TW202009717A (en) Storage device and program
WO2007059701A1 (en) A system encrypting method adopting a multiple use supplementary single-chip microcomputer
US11019098B2 (en) Replay protection for memory based on key refresh
JP2009080772A (en) Software starting system, software starting method and software starting program
CN114785503B (en) Cipher card, root key protection method thereof and computer readable storage medium
US20080104396A1 (en) Authentication Method
CN107861892B (en) Method and terminal for realizing data processing

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06828172

Country of ref document: EP

Kind code of ref document: A1