WO2007059701A1 - Procede de cryptage systeme par micro-ordinateur mono-circuit polyvalent d'appoint - Google Patents

Procede de cryptage systeme par micro-ordinateur mono-circuit polyvalent d'appoint Download PDF

Info

Publication number
WO2007059701A1
WO2007059701A1 PCT/CN2006/003122 CN2006003122W WO2007059701A1 WO 2007059701 A1 WO2007059701 A1 WO 2007059701A1 CN 2006003122 W CN2006003122 W CN 2006003122W WO 2007059701 A1 WO2007059701 A1 WO 2007059701A1
Authority
WO
WIPO (PCT)
Prior art keywords
main processor
auxiliary
chip microcomputer
program
password
Prior art date
Application number
PCT/CN2006/003122
Other languages
English (en)
Chinese (zh)
Inventor
Yaoliang Lin
Jinhua Fan
Qingjiang Zeng
Original Assignee
Xiamen Overseas Chinese Electronic Co., Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xiamen Overseas Chinese Electronic Co., Ltd filed Critical Xiamen Overseas Chinese Electronic Co., Ltd
Publication of WO2007059701A1 publication Critical patent/WO2007059701A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/72Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2149Restricted operating environment

Definitions

  • the present invention relates to a computer program encryption method, and more particularly to a system encryption method using a multi-purpose auxiliary chip microcomputer.
  • the program memory generally uses rewritable program memory (FLASH R0M).
  • FLASH R0M rewritable program memory
  • the program can be read and copied, so that the system can also be There is no confidentiality in the case of copying.
  • data reading is usually introduced between the microprocessor and the FLASH ROM to introduce a programmable logic device for encryption.
  • the programmable logic device is expensive, the use convenience is poor, and the hardware circuit needs to be added, the system is complicated. Maintainability is relatively poor.
  • the existing complex control system usually consists of the main processor 1 ', program memory 2' (ROM / Flash) and the auxiliary microcontroller 3', the system schematic block diagram shown in Figure 1, the main processor 1 'complete the main data operation processing And the control function, ROM/Flash is the program memory 2' of the main processor, the auxiliary MCU 3' is used to complete various control and other simple control functions during system standby, and between the auxiliary MCU 3' and the main processor 1' Communication using I 2 C bus.
  • the confidentiality of existing complex control systems is still very low. For hardware circuits, the copying is very simple, and the confidentiality we are talking about is generally for software programs.
  • the software program of the main processor 1' is stored in the program memory 2' (ROM/Flash), and due to the inherent characteristics of the ROM/Flash, the software program stored therein is easily copied;
  • the software program of the auxiliary MCU 3' is stored in its built-in program memory. If it is not copy-protected, it can be easily copied. Even if the program memory is burned (anti-read), the software program can be prevented from being copied.
  • the auxiliary MCU 3' is simple in function and small in software program, it is easy to write a software program that matches the main processor 1', and the time required is small. Even some systems are removing the auxiliary MCU 3'. In this case, the main functions of the system can be completed, so it is very simple to copy the entire system. Summary of the invention
  • the object of the present invention is to overcome the deficiencies of the prior art and provide a special programmable logic that is not required.
  • Device easy to use system encryption method.
  • the present invention is based on the principle of adding a cryptographically calibrated encryption protocol algorithm to a host processor software program and an auxiliary microcontroller software program based on a single-chip microcomputer with a built-in burn-in (anti-read) program memory.
  • the method of verification makes the system start the protection function when the password verification error occurs, and achieves the purpose of system encryption.
  • the technical solution adopted by the present invention to solve the technical problem thereof is: a system encryption method using a multi-purpose auxiliary single-chip microcomputer, and the encryption and verification include the following steps:
  • a main processor software program and an auxiliary single chip software program having a predetermined encryption protocol algorithm are respectively stored in a program memory of the main processor and a program memory of the single chip microcomputer, wherein the agreed encryption protocol algorithm is a reversible algorithm or an irreversible algorithm;
  • One or more checkpoints entering the running encryption protocol communication are provided in the main processor software program; the auxiliary single-chip microcomputer software program is solidified in the program memory of the single-chip microcomputer by using a burn-in method; b. starting the system work, main processing The main processor software program is run, and the auxiliary single chip computer runs the auxiliary single chip software program;
  • the host processor When the main processor software program runs to the checkpoint, the host processor generates a random number as the plain code, and sends it to the auxiliary single chip through the communication bus between the main processor and the auxiliary single chip microcomputer;
  • the auxiliary chip transmits the received clear code sent by the main processor according to the agreed encryption protocol algorithm to generate a password, and sends the password to the main processor through the communication bus between the main processor and the auxiliary single chip;
  • the main processor decrypts and restores the password sent by the auxiliary MCU according to the agreed encryption protocol algorithm into a clear code, and compares the decrypted and restored plain code with the original generated plain code; or
  • the main processor encrypts the random number generated by itself according to the agreed encryption protocol algorithm to generate a password, and compares the password with the password sent by the auxiliary MCU;
  • step c the main processor continues to run the subsequent software program or includes repeating step c;
  • the main processor refuses to run the subsequent software program, and the system ends running.
  • the system encryption method of the present invention is to change the auxiliary single-chip microcomputer into a single-chip microcomputer with a built-in burn-in (anti-read) program memory in the hardware circuit of the existing complex control system, and the other hardware structures are completely the same.
  • an encryption protocol is used in the communication between the main processor and the auxiliary single chip, thereby achieving the purpose of system encryption.
  • one checkpoint can be set, for example, before the system needs to perform a task; and the checkpoint can also be set, for example, during the running of the software program.
  • the host processor When the software program runs to the checkpoint, the host processor generates a random number and sends it to the auxiliary microcontroller. After receiving the random number, the auxiliary microcontroller generates a password according to the agreed encryption protocol algorithm and sends it back to the main processor.
  • the main processor In the main processor, according to the reversible algorithm or the irreversible algorithm in the agreed encryption protocol algorithm, the corresponding method is used for comparison check.
  • the agreement encryption protocol algorithm selects the reversible algorithm
  • the main processor decrypts the password sent by the auxiliary single chip to the clear code according to the agreed encryption protocol algorithm, and compares the clear code with the random number originally generated by the main processor, that is, the clear code. If they are equal, the communication is successful, and the main processor executes the corresponding task. If it is not equal, the communication fails, the main processor does not perform the corresponding task; when the agreed encryption protocol algorithm selects the irreversible algorithm, the main processor encrypts according to the agreement.
  • the protocol algorithm converts the generated random number into a password, and compares the password with the password sent back by the auxiliary MCU. If they are equal, the communication is successful, and the main processor performs the corresponding task. If it is not equal, the communication fails. The processor does not perform the corresponding task.
  • the system encryption method of the present invention makes the illegal copying of the system more difficult.
  • the software program of the main processor in ROM/Rash can still be copied, since the auxiliary MCU uses a MCU with built-in burn-in (anti-read) program memory, its software program cannot be copied, and in the case of no auxiliary MCU.
  • the whole system does not work; if you want to make the system work by separately writing the auxiliary MCU software program, since the password during communication is generated by the random number through the encryption protocol, the cracking is very difficult. Therefore, the entire system has a very high safety factor, which greatly reduces the possibility of the system being copied.
  • the main processor and the external program memory are communicated and stored in an unencrypted manner, which facilitates maintenance work such as modification and upgrade of the software program.
  • the key points in the running of the main processor's software program are password verified, and the checkpoint is set at the key point of the software program operation.
  • the present invention uses a single-chip microcomputer with a built-in burn-in (anti-read) program memory to replace a secondary microprocessor (for example, a power management auxiliary microprocessor) having a relatively simple function and a small software program. And adding a method of cryptographic verification of the cryptographic protocol algorithm in the main processor software program and the auxiliary single-chip software program.
  • the beneficial effect is that, because the auxiliary single chip adopts the built-in burned (anti-proof Read the program memory of the MCU, the software program can not be copied, and the whole system does not work without the auxiliary MCU. If you want to make the system work by separately writing the auxiliary MCU software program, the password is the random number when communicating. After the encryption protocol is generated, the difficulty of cracking is very large, so the whole system has a very high security factor, which greatly reduces the possibility of the system being copied.
  • the auxiliary MCU can also undertake other tasks and complete the encryption with relatively high security performance at a small cost, which greatly increases the cost and cost of decryption;
  • the encryption process is simple, does not affect the original hardware design and modification of the main processor software program, upgrade and other production and after-sales maintenance work.
  • FIG. 1 is a schematic view showing the structure of a conventional complex control system
  • Figure 2 is a schematic view showing the structure of the system of the present invention.
  • FIG. 3 is a schematic flow chart of system encryption/verification of the first embodiment of the present invention.
  • FIG. 4 is a schematic flow chart showing the encryption of the irreversible algorithm of the first embodiment of the present invention.
  • FIG. 5 is a block diagram of the system structure of the LCD TV
  • FIG. 6 is a schematic flow chart showing the encryption of the reversible algorithm of the second embodiment of the present invention.
  • Embodiment 1 Referring to FIG. 2 to FIG. 4, a system encryption method using a multi-purpose auxiliary single-chip microcomputer according to the present invention is based on using a single-chip microcomputer with a built-in burn-in (anti-read) program memory.
  • the main processor software program and the auxiliary MCU software program add a password verification method of the encryption protocol algorithm, and since the software program of the MCU cannot be illegally read out, the system software program cannot be copied, and the system encryption is achieved.
  • Its system hardware usually includes the main processor 1, ROM / Flash program Memory 2, auxiliary microcontroller 3.
  • the unencrypted communication and storage between the main processor 1 and the external program memory 2 facilitates maintenance work such as modification and upgrade of the software program.
  • the main processor 1 performs password verification at a plurality of key points of the software program running, that is, the check point is set at each key point of the software program running.
  • the system encryption method includes the following steps:
  • Step a The main processor software program and the auxiliary single chip software program provided with the agreed encryption protocol algorithm are respectively stored in the program memory 2 of the main processor 1 and the program memory of the single chip microcomputer 3.
  • the agreed encryption protocol algorithm is an irreversible algorithm. ;
  • the main processor software program a plurality of checkpoints for entering the running encryption protocol communication are provided; the auxiliary single-chip microcomputer software program is solidified in the program memory of the single chip microcomputer 3 by using a burn-in method; Step b.
  • the main processing The device 1 runs the main processor software program, and the auxiliary MCU 3 runs the auxiliary MCU software program, as shown in block 101 and block 102;
  • Step c When the main processor software program runs to the checkpoint, the host processor 1 generates a random number, and sends it as the clear code to the auxiliary microcontroller 3 through the communication bus 13 ⁇ 4 between the main processor 1 and the auxiliary microcontroller 3. , as shown in block 103, block 104, and block 105;
  • Step d After receiving the clear code sent by the main processor 1 received by the auxiliary single chip microcomputer 3, the password is encrypted according to the agreed encryption protocol algorithm, and the password is passed through the communication bus between the main processor 1 and the auxiliary single chip 3. I 2 C is sent to the main processor 1, as indicated by block 106, block 107, block 108;
  • Step e The main processor 1 encrypts the random number generated by itself according to the agreed encryption protocol algorithm to generate a password, and compares the password with the password sent by the auxiliary MCU 3, as in block 109, block 110. , shown in block 111;
  • step c the main processor 1 continues to run the subsequent software program and includes repeating step c, as indicated by block 112;
  • the main processor 1 refuses to run the subsequent software program, and the system ends the operation.
  • Encryption Algorithm 0x55aa
  • a 16-bit number is first randomly generated by the main processor 1, as shown in block 201; the 16-bit random number is sent as a plain code to the auxiliary microcontroller 3, as shown in block 202;
  • the clear code sent by the main processor 1 is encrypted, that is, the random number is shifted to the right by one bit, and then X055aa is XORed to form a password, as shown in block 203;
  • the password is sent back to the main processor 1, as shown in block 204;
  • the 16-bit random number generated by itself is encrypted by the same encryption algorithm as that in the auxiliary single-chip microcomputer 3, that is, the random number is shifted to the right by one bit, and then X055aa is XORed.
  • the password is formed, as shown in block 205; then, the main processor 1 compares the password generated by itself with the password sent by the microcontroller 3, as shown in block 206, if the two are equal, the main processor 1 continues. Run, see block 207, if the two are not equal, the representation is incorrect, the main processor 1 refuses to run, see block 208.
  • the system encryption method of the present invention is adopted, and since the auxiliary single chip microcomputer 3 is a single-chip microcomputer with a built-in burn-in (anti-read) program memory, the software program thereof is used. It is difficult to be copied, and in the absence of the auxiliary MCU 3, the whole system does not work; if you want to make the system work by separately writing the auxiliary MCU software program, since the password during communication is generated by the random number through the encryption protocol, the crack is generated. The difficulty is very large, so the entire system has a very high safety factor, greatly reducing the possibility of the system being copied.
  • FIG. 5 A specific embodiment of the encryption method of the present invention for use in an LCD TV is shown in Fig. 5.
  • the video signals input by various signal channels (RF, AV, VGA, HDTV, etc.) of the LCD TV system are directly (or subjected to necessary processing) connected to the SWITCH channel selection control IC, and the SWITCH channel selection control IC inputs the video of the selected channel.
  • the signal is sent to the main processor 1, and the main processor 1 passes the various optimization processes and outputs the image to the liquid crystal display to display the image.
  • the core of this system is the main processor 1, which performs most of the control and image processing functions.
  • the main processor 1 is externally connected with ROM7Flash2 for storing the main processor software program, and the main processor 1 is connected through the I 2 C bus.
  • the auxiliary MCU 3 is connected.
  • a single-chip microcomputer with a built-in burn-out (anti-readout) program memory is selected for the auxiliary single-chip microcomputer 3, and an agreement is added in the main processor software program and the auxiliary single-chip microcomputer software program.
  • Password verification of the secret protocol algorithm Even if the software program of the main processor 1 may be copied, since the software program of the auxiliary microcontroller 3 cannot be copied, the main processor 1 cannot establish normal communication with the auxiliary microcontroller 3, so the main processor 1 does not By performing any task, the entire system will not work properly. Therefore, it is possible to effectively prevent the occurrence of the main processor software program being copied and used in the LCD TV.
  • the auxiliary microcomputer 3 can also perform power management of the television, that is, control the power supply in the state of work, standby, shutdown, and the like.
  • Embodiment 2 Referring to FIG. 6, a system encryption method using a multi-purpose auxiliary single-chip microcomputer according to the present invention is different from the first embodiment in that the encryption protocol algorithm used is a reversible algorithm; therefore, in step e The main processor 1 decrypts and restores the password sent by the auxiliary single chip microcomputer 3 to the clear code according to the encryption protocol algorithm of the reversible algorithm, and compares the decrypted and restored plain code with the original generated plain code;
  • step f when the corresponding two clear codes are consistent, the main processor 1 continues to run the subsequent software program or includes repeating step c;
  • the main processor 1 refuses to run the subsequent software program, and the system ends the operation.
  • FIG. 6 is a schematic flow chart of encryption of a reversible algorithm
  • a cryptographic key codes -Randoml6 A 0x55aa
  • Clear code cryptographic key - (Randoml6 A 0x55aa) A 0x55aa
  • a 16-bit number is first randomly generated by the main processor 1, as shown in block 301; the 16-bit random number is sent as a plain code to the auxiliary microcontroller 3, as shown in block 202;
  • the clear code sent by the main processor 1 is encrypted, that is, the random number is XORed with 0x55aa to form a password, as shown in block 303; then, the password is sent back to the main processor 1, See block 204;
  • the main processor 1 the password sent by the auxiliary single chip microcomputer 3 is decrypted, that is, the password of the auxiliary single chip microcomputer 3 is again XORed with 0x55aa and restored to the clear code, as shown in block 305; the main processor 1 will itself
  • the randomly generated 16-bit number that is, the clear code sent to the single-chip microcomputer
  • the main processor 1 is compared with the clear code decoded by the auxiliary single-chip microcomputer 3 after being decoded, as shown in block 306, if the two are equal, it means Correctly, the main processor 1 continues to operate, as shown in block 307, if the two are not equal, the representation is incorrect, and the main processor 1 refuses to operate, see block 308.
  • the invention encrypts the system by means of a cryptographic protocol by communication between the single chip microcomputer with the built-in burning program memory and the main processor, and does not need other devices, and has a clever idea, a simple structure and good industrial applicability.

Abstract

L'invention concerne un procédé de cryptage système par micro-ordinateur mono-circuit polyvalent d'appoint. Ledit procédé utilise une mémoire de programme figée (ce qui empêche la lecture) intégrée au micro-ordinateur mono-circuit. Les fonctions du micro-ordinateur d'appoint sont relativement simples, et la quantité de code est plutôt réduite, de l'ordre de ce qui est nécessaire pour un microprocesseur d'appoint de gestion d'alimentation électrique. Au programme du processeur principal, ainsi qu'au programme de micro-ordinateur mono-circuit polyvalent d'appoint, on a ajouté un algorithme de vérification de mot de passe respectant un protocole de cryptage d'appoint. Il en résulte que le programme est inaccessible en lecture et ne peut donc être recopié, ce qui correspond à la finalité du cryptage système.
PCT/CN2006/003122 2005-11-24 2006-11-20 Procede de cryptage systeme par micro-ordinateur mono-circuit polyvalent d'appoint WO2007059701A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CNB2005100454255A CN100461063C (zh) 2005-11-24 2005-11-24 一种采用多用途辅助单片机的系统加密方法
CN200510045425.5 2005-11-24

Publications (1)

Publication Number Publication Date
WO2007059701A1 true WO2007059701A1 (fr) 2007-05-31

Family

ID=38066918

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2006/003122 WO2007059701A1 (fr) 2005-11-24 2006-11-20 Procede de cryptage systeme par micro-ordinateur mono-circuit polyvalent d'appoint

Country Status (2)

Country Link
CN (1) CN100461063C (fr)
WO (1) WO2007059701A1 (fr)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101888627B (zh) * 2009-05-12 2013-08-21 中兴通讯股份有限公司 一种移动终端及保护其系统数据的方法
CN103729602B (zh) * 2013-12-18 2016-08-17 东莞市乐升电子有限公司 利用电源管理控制器对系统进行加密保护的方法
CN104794089B (zh) * 2015-05-12 2018-02-16 中国电子科技集团公司第四十七研究所 适用于单片机的改进型uart通信的方法、装置及系统
CN109831303B (zh) * 2018-12-24 2021-09-14 华升智建科技(深圳)有限公司 一种可用低端8位单片机实现的高强度随机加密方法

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6741991B2 (en) * 1994-09-30 2004-05-25 Mitsubishi Corporation Data management system
WO2005010726A2 (fr) * 2003-07-23 2005-02-03 Ping Kang Hsiung Systeme et procede de cartouche de supports numeriques
CN1679273A (zh) * 2002-08-08 2005-10-05 M-系统快闪盘开拓者公司 用于数字权利管理的集成电路

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6741991B2 (en) * 1994-09-30 2004-05-25 Mitsubishi Corporation Data management system
CN1679273A (zh) * 2002-08-08 2005-10-05 M-系统快闪盘开拓者公司 用于数字权利管理的集成电路
WO2005010726A2 (fr) * 2003-07-23 2005-02-03 Ping Kang Hsiung Systeme et procede de cartouche de supports numeriques

Also Published As

Publication number Publication date
CN1971470A (zh) 2007-05-30
CN100461063C (zh) 2009-02-11

Similar Documents

Publication Publication Date Title
US9921978B1 (en) System and method for enhanced security of storage devices
US6625730B1 (en) System for validating a bios program and memory coupled therewith by using a boot block program having a validation routine
US7389536B2 (en) System and apparatus for limiting access to secure data through a portable computer to a time set with the portable computer connected to a base computer
KR102013841B1 (ko) 데이터의 안전한 저장을 위한 키 관리 방법 및 그 장치
US7073064B1 (en) Method and apparatus to provide enhanced computer protection
US9613215B2 (en) Method and system for implementing a secure chain of trust
EP2248063B1 (fr) Procédé et appareil pour commander un accès de système durant des modes de fonctionnement protégés
KR101657613B1 (ko) 보안 저장 장치에 저장된 디지털 컨텐츠의 백업
US9942219B2 (en) Data security
US20130086385A1 (en) System and Method for Providing Hardware-Based Security
US20050283662A1 (en) Secure data backup and recovery
US20030188162A1 (en) Locking a hard drive to a host
EP1855224B1 (fr) Procédé et système pour l'authentification de commandes pour obtenir une interface sûre
JP2011522469A (ja) 保護されたソフトウエアイメージを有する集積回路及びそのための方法
JP2008204459A (ja) 機密データを処理する処理装置のハイバーネイション
JP2009225439A (ja) 安全キーの知識なしのブート映像の安全更新
US20090193261A1 (en) Apparatus and method for authenticating a flash program
US20070153580A1 (en) Memory arrangement, memory device, method for shifting data from a first memory device to a second memory device, and computer program element
TW202009717A (zh) 記憶裝置及程式
CN114785503B (zh) 密码卡及其根密钥保护方法、计算机可读存储介质
WO2007059701A1 (fr) Procede de cryptage systeme par micro-ordinateur mono-circuit polyvalent d'appoint
US11019098B2 (en) Replay protection for memory based on key refresh
JP2009080772A (ja) ソフトウェア起動システム、ソフトウェア起動方法、及びソフトウェア起動プログラム
US20080104396A1 (en) Authentication Method
CN107861892B (zh) 一种实现数据处理的方法及终端

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06828172

Country of ref document: EP

Kind code of ref document: A1