WO2019210490A1

WO2019210490A1 - Data processing method and apparatus, and system chip

Info

Publication number: WO2019210490A1
Application number: PCT/CN2018/085495
Authority: WO
Inventors: 潘时林
Original assignee: 华为技术有限公司
Priority date: 2018-05-03
Filing date: 2018-05-03
Publication date: 2019-11-07
Also published as: CN111386513B; CN111386513A

Abstract

Provided in the present application are a system chip, and a data writing and data reading method and apparatus; the system chip comprises a security element and a central processor, the security element and the central processor being coupled, the central processor being used to control the security element, and the security element being used to: determine verification information, the verification information being used to verify the legitimacy of data to be stored; according to the verification information, performing security processing on the data to be stored so as to obtain first data; storing the first data to a first memory, and storing the verification information to a second memory, the first memory and the second memory being different memories outside of the system chip; the described solution may reduce costs and increase the level of security.

Description

Data processing method, device and system chip

Technical field

The present application relates to the field of data processing and, more particularly, to a method, apparatus and system chip for data writing and data reading.

Background technique

As the most widely used terminal device, mobile phones play an increasingly important role in mobile e-commerce with the wide application of the Internet and the continuous improvement of mobile phone performance. In the future, mobile phones must implement various functions such as bank cards, bus cards, keys, and ID cards. To achieve these functions, mobile phone chips are required to provide hardware-level security solutions.

In the existing mobile phone secure storage, an external secure element (SE) can be used, which is usually provided in the form of a chip, and the SE chip is integrated on the mobile phone product board to prevent external malicious attack attacks and protect data security. Safely complete application services such as finance. In this solution, in order to meet the requirements of all security application scenarios of the universal mobile phone, the external dedicated storage chip needs to have a large capacity, and the cost is high. For example, 4MB of external dedicated storage space costs are high, and the cost of subsequent security space will continue to rise.

In addition, there is a common platform for integrating the SE module into the System on Chip (SOC) to implement mobile payment and multi-service. However, the current SOC process flow causes the SOC security module to have no non-volatile memory (NVM), and the capacity integrated into the main chip inSE is limited. For example, it includes One Time Programmable (OTP) storage, Read Only Memory (ROM), and Random-access memory (RAM), where the number of OTP writes is limited and cannot be Meet growing business needs. Other memory capacities are also limited and cannot be effectively implemented as NVM for data storage. Therefore, an implementation process of secure storage is needed, which can meet the requirements of all security business scenarios while ensuring cost.

Summary of the invention

The present application provides a method, device and system chip for data writing and data reading, which can reduce the cost and improve the security level.

In a first aspect, a system chip is provided, the system chip comprising a secure element and a central processor, the secure element coupled to the central processor, the central processor for controlling the secure element, The security element is configured to: determine verification information, where the verification information is used to verify the legality of the data to be stored; perform security processing on the data to be stored according to the verification information to obtain first data; and store the first data to a first memory and storing the verification information to a second memory, wherein the first memory and the second memory are different memories than the system chip.

Optionally, the first memory is a shared memory of the SE and the central processing unit CPU, and the second memory is a dedicated secure memory (Secure Flash) of the secure element SE.

The embodiment of the present application sets the first memory and the second memory. It should be understood that the first memory is a general-purpose memory, has no security requirements, and has a large capacity. Specifically, the first memory may be an intrinsic memory of the mobile phone itself. For example, the size of the current mobile phone memory is generally 64 GB, 132 GB, etc., and has a relatively large storage space. The first memory 202 involved in the embodiment of the present application is 4 MB or 16 MB of 64 GB or 132 GB. The capacity of such a first memory has substantially no cost impact on the currently large mobile phone inherent storage, and even if the user's demand grows in the future, the capacity of the first memory is increased, and the cost of the mobile phone is not affected. .

The second memory is a dedicated secure memory and does not require a large storage capacity, specifically, an externally authenticated dedicated secure storage Secure Flash. In a possible case, the Secure Flash is placed inside the SE and belongs to the scope of security certification, or the Secure Flash is a device external to the secure element. The embodiment of the present application is described in detail by taking SE as an example. It should be understood that the application includes but is not limited thereto.

As a shared memory of the SE and the central processing unit CPU, the first memory may include different storage areas that are isolated from each other, and store information such as SE or CPU data or programs, respectively.

Optionally, the embodiment of the present application further sets a third memory, and the third memory may be a one-time programmable OTP memory inside the SE. The third memory is used to store the ID of the SE, HUK 1 and HUK 2. Here, HUK 1 and HUK 2 are explained. HUK 1 is a key for storing data or reading data between the SE and the external first memory, and HUK2 is for storing verification information or reading between the SE and the external second memory. The key to verify the information. It should be understood that in a secure application scenario, data and programs stored outside of the SE need to be encrypted for storage to ensure data and program security.

Among them, HUK1 is an independent and unique key for each SE, and is used for the first stored data storage to encrypt and decrypt the root key. The HUK 1 is mainly for the encryption of the first memory, and all the programs and application data are placed in the first memory. Since the first memory is an external memory, the encryption is required, and the key can be derived using HUK 1 as the root key, so that each The stored small unit is used as an encrypted block unit, and the encryption keys are different. Specifically, the key used for data encryption to be stored may be derived according to the root key HUK 1, for example, according to the root key HUK1, the storage address of the data to be stored in the storage address of the first memory, and other sequences. The key is encrypted by the stored data and stored in the first memory. The key used to encrypt the data to be stored stored in the first memory in the present application is referred to as a first key.

The HUK 2 is also a unique key key for each SE, and is a shared key for pairing with the second memory. Secure Flash is a special secure memory for SE. When binding with SE, the binding process depends on the product. It can be written to the Secure flash in the whole machine production line or in the chip packaging production line. This enables Secure Flash and SE devices to establish a secure channel using the same shared key HUK2 for secure communication, ensuring that Secure Flash content is encrypted and verified for reading or writing. That is, the same shared key is used for secure communication between the second memory 201 and the SE. The key used to encrypt the authentication information stored in the second memory in this application is referred to as a second key. Correspondingly, the second memory 201 also stores the HUK 2 inside, which can be written to the HUK 2 at the time of production.

In addition, the third memory can store keys required by other systems in addition to the IDs of the SE, HUK1, and HUK2. These keys are written to the OTP during chip production. For example, for HUK 1 and HUK 2, the SOC can be internally written to the third storage OTP by random number generator during production, and can not be changed after writing. . It should be understood that the application includes but is not limited thereto.

It should be understood that the embodiment of the present application sets a first memory for storing data or a program, and the second memory is used for storing verification information corresponding to the data to be stored. Assuming that the size of the data to be stored is 4 KB, and the size of the verification information is smaller than the size of the data to be stored, for example, the check segment of the verification information is only 32 bytes, if the second memory size is 128 KB, the first memory of 16 MB can be supported. Safety. That is, the system architecture and method provided by the embodiments of the present application can reduce the cost and ensure the security of the data application. At the same time, since the large-capacity inherent storage space of the terminal device can be fully utilized as the first memory, the capacity is increased while the cost is reduced.

The data writing method provided by the above application, on the one hand, can reduce the cost and fully utilize the large capacity space of the first memory to support more applications, compared to the current inSE solution using Secure Flash. On the other hand, the number of times the data is safely written in this application is not limited, and the requirements for all security service scenarios can be met. Through this solution, the inSE chip architecture can meet the requirements of CC EAL5+ certification, and is not limited by the storage capacity and the number of writes, thereby reducing the cost and improving the security level and user experience.

With reference to the first aspect, in some implementations of the first aspect, the verification information includes at least one of the following information: a check sequence generated by performing verification processing on the data to be stored; and recorded by a counter Count value; or a random sequence generated by a random number.

Specifically, the verification information may be that the SE processes the to-be-stored data according to a preset verification algorithm to generate a check sequence, and the verification algorithm may be a secure hash algorithm such as a hash algorithm SHA-256 or a message authentication code security algorithm. (Message Authentication Code, MAC) (such as the advanced encryption standard AES-CMAC algorithm). In this case, the verification information can include the generated verification sequence.

In another possible case, the verification information includes a count value recorded by the counter. For example, the one-way counter records the count value, counting from 0, and writing data to the first memory (or Page x of the first memory) each time, and the corresponding count value is incremented by one.

In another possible case, the verification information includes a random sequence generated by a random number Random-x-valid. For example, it may be a random sequence generated according to a preset random function.

With reference to the first aspect and the foregoing implementation manner, in some implementation manners of the first aspect, the performing security processing on the to-be-stored data according to the verification information includes at least one of: using the verification information Performing a verification process on the data to be stored; or determining a first key according to the verification information, and encrypting the first data by using the first key.

Three different types of verification information are introduced for the above, and there are different processing methods, and the following is also specifically described.

When the SE processes the data to be stored according to a preset verification algorithm to generate a check sequence, where the verification information is a check sequence, the verification information and the data to be stored have been verified in the process of the check processing. relationship. In this case, the verification information and the data to be stored may together constitute the first data. For example, when the algorithm algorithm authentication code secure MAC algorithm is verified, the 240 bytes of data to be stored are processed by the MAC algorithm to generate a 16-byte check sequence, and the 240-byte data to be stored and the 16-byte check sequence form the first data. The first key encryption generates 256 bytes of ciphertext and stores it in the first memory.

When the verification information includes the count value Count recorded by the counter. For example, the one-way counter records the count value, counting from 0, and writing data to the first memory (or Page x of the first memory) each time, and the corresponding count value is incremented by one. Then, at this time, it is necessary to ensure that the verification relationship and the data to be stored constitute a verification relationship, that is, the count value Count is to participate in the processing of the data to be stored, otherwise the two do not matter, and the verification relationship cannot be formed.

Optionally, in the process of performing the secure authentication of the message authentication code, the SE brings the count value Count to the data plaintext for MAC processing, and the count value is used as the verification information, and is stored after being encrypted by the second key. Go to the second memory; the data to be stored and the count value are processed by the MAC to generate the first data, so that the first data is stored in the first memory after being encrypted by the first key.

In another possible implementation manner, during the secure MAC processing of the message authentication code of the data to be stored, the count value Count is not added. After the MAC processing is completed, when the encryption is performed, the count value Count may participate in determining the first key. The process, the SE encrypts the first data by using the first key.

Specifically, when the data to be stored needs to be stored in the first memory, the SE derives the first key according to the HUK1 and the count value, and then stores the first data in the first memory after being encrypted by the first key.

Alternatively, when the data to be stored needs to be stored in Page 2 in the first memory, the SE derives the first key according to the ID address and the count value of the HUK1, the Page 2, and then passes the first data through the first key. After the encryption process, it is stored in the storage area of Page 2 of the first memory.

It should be understood that the above two processing methods for participating in the count value to the data to be stored may be implemented by an application, and the two methods may be implemented together. As long as you are sure to participate in any way, you can use the corresponding method to verify. It should be understood that the application includes but is not limited thereto.

Through the related processing of the above data writing process, the correlation between the verification information and the data to be stored can be realized. Since there is an association, the next step is to read the data of the first memory and the corresponding verification information of the second memory into the internal RAM, and then verify the validity of the data.

When the verification information includes a random sequence generated by a random number Random-x-valid. For example, it may be a random sequence generated according to a preset random function. Then, at this time, it is necessary to ensure that the verification relationship and the data to be stored constitute a verification relationship, that is, the random sequence is to participate in the processing of the data to be stored, otherwise the two do not matter, and the verification relationship cannot be formed.

Optionally, in the process of performing secure MAC address processing on the message authentication code, the SE brings the random sequence to the data plaintext for MAC processing. The random sequence is used as the verification information, and is stored in the second memory after being encrypted by the second key; the data to be stored and the random sequence are processed by the MAC to generate the first data, thereby passing the first data to the first key. The encryption process is stored in the first memory.

In another possible implementation manner, the SE does not add a random sequence in the process of secure MAC address processing of the message authentication code of the data to be stored. After the MAC processing is completed, the random sequence may participate in determining the first key when performing encryption. The process, the SE encrypts the first data by using the first key.

Specifically, when the data to be stored needs to be stored in the first memory, the SE derives the first key according to the HUK1 and the random sequence, and then stores the first data in the first memory through the encryption process of the first key.

Alternatively, when the data to be stored needs to be stored in Page 2 in the first memory, the SE derives the first key according to the ID address of the HUK1, the Page 2, and the random sequence, and then passes the first data through the first key. After the encryption process, it is stored in the storage area of Page 2 of the first memory.

Alternatively, the random sequence may be directly derived as the first key of the first data in Page 2 in the first memory without derivation.

It should be understood that the above three processing methods for participating in the random sequence to the data to be stored may be implemented by an application, and the three methods may be implemented together. As long as you are sure to participate in any way, you can use the corresponding method to verify. It should be understood that the application includes but is not limited thereto.

In conjunction with the first aspect and the implementation described above, in some implementations of the first aspect, the secure element is further configured to: verify the verification according to the second key pair before storing the verification information to the second memory The information is encrypted, the second key being different from the first key.

With reference to the first aspect and the foregoing implementation manner, in some implementation manners of the first aspect, the determining, according to the verification information, the first key comprises: determining, according to the verification information and a first preset sequence, a key; and the secure element is further configured to: determine the second key according to a second preset sequence, the second preset sequence being different from the first preset sequence.

It should be understood that the first preset sequence herein may be the above-mentioned HUK1, and the second preset sequence may be the above.

HUK2.

In conjunction with the first aspect, in some implementations of the first aspect, the first memory includes N regions, the second memory includes N regions, and the N regions of the first memory and the second The N areas of the memory are in one-to-one correspondence, N is a positive integer, and the storing the first data to the first memory and storing the verification information to the second memory comprises: storing the first data Going to a first one of the N regions of the first memory, and storing the verification information to a second region of the N regions of the second memory, wherein the first region and the first region The two areas correspond.

With reference to the first aspect and the foregoing implementation manner, in some implementations of the first aspect, each of the N regions of the second memory includes at least two sub-regions, each sub-region having a size greater than or equal to Verifying the size of the information, the secure element is further configured to perform the storing the storing the first data to the first memory and storing the verification information to the second memory in an order of: storing the verification information And the sub-area that is not occupied in the second area; storing the first data to the first area; and deleting historical verification information stored in the sub-area that has been occupied in the second area.

Specifically, the verification block 2 of the second memory is divided into two sub-areas, which are an effective area and a blank area, and each area can store verification information of the data to be stored. After obtaining the first data encrypted by the first key and the verification information encrypted by the second key by using the above method, if the first data is written to the storage block Page 2 of the first memory, the verification information is written In the process of verifying block 2 of the second memory, the verification information is written to the valid area of the verification block 2, and the blank area has no data. When there is new data to be stored in the storage block Page 2, assuming that the second data is new to be stored, the following writing process is required: (1) the second data to be stored, and the second data corresponding to the second data is determined. Second verification information, the process refers to the above method of the first data, and will not be described again here; (2) retaining the first verification information corresponding to the original first data of the valid area of the verification block 2 of the second memory, and passing the second key The encrypted second verification information is written to the blank area of the verification block 2; (3) the second data to be stored is subjected to security processing, and then encrypted according to the first key and then written to the first memory storage block Page 2 (4) deleting the first verification information corresponding to the original first data of the valid area of the verification block 2 of the second memory, the original valid area becomes a blank area, and the newly written second verification information is used as valid verification information.

The reason why each verification block is divided into two areas is because it can prevent power loss when data is written, and power-down protection is performed. When the above data is written, the system may be powered down at any point. After the above-mentioned writing process, if the power is turned off at any time, it will be found that the verification block of the second memory is valid for one area and one area is blank. At this time, the field included in the valid area is taken as the verification information.

Alternatively, if both areas have verification information, the stored data of page 2 of the first memory is read again, and the verification information of both areas is tried to be verified.

Or, if the verification information of one area is correct, another incorrect verification information is erased. If the two verification information are not correct, it is considered to be a security attack, the storage is invalid, and an error is reported.

Through the above execution process, the data can be protected from power failure, and any link is powered down, which does not affect the correspondence between the verification information and the stored data, and can maintain the security of the data and improve the user experience.

In conjunction with the first aspect and the implementation described above, in some implementations of the first aspect, the first memory is a shared memory of the secure element and the central processor, and the second memory is the secure element Dedicated memory.

In a second aspect, a system chip is provided, characterized in that the system chip comprises a security element and a central processor, the security element being coupled to the central processor, the central processor for controlling the security An element for: acquiring first data from a first memory; obtaining verification information from a second storage space, the verification information being used to verify validity of the first data, the first memory and The second memory is a different memory than the system chip; and the first data is de-secured according to the verification information to obtain processed data.

According to the data reading method provided by the above application, on the one hand, compared with the current inSE solution using Secure Flash, the cost can be reduced, and the large capacity of the first memory can be fully utilized to support more applications. On the other hand, the number of times the data is safely written in this application is not limited, and the requirements for all security service scenarios can be met. Through this solution, the inSE chip architecture can meet the requirements of CC EAL5+ certification, and is not limited by the storage capacity and the number of writes, thereby reducing the cost and improving the security level and user experience.

With reference to the second aspect, in some implementations of the second aspect, the verification information includes at least one of the following information: a check sequence generated by performing verification processing on the data to be stored; and recorded by a counter Count value; or a random sequence generated by a random number.

With reference to the second aspect, in some implementations of the second aspect, the performing the de-secure processing on the first data according to the verification information includes at least one of: using the verification information to Decoding the first data; or determining a first key according to the verification information, and decrypting the first data by using the first key.

With reference to the second aspect and the foregoing implementation manner, in some implementations of the second aspect, the secure element is configured to decrypt the verification information according to the second key before acquiring the verification information from the second memory, where The second key is different from the first key.

With reference to the second aspect and the foregoing implementation manner, in some implementation manners of the second aspect, the determining, according to the verification information, the first key comprises: determining, according to the verification information and a first preset sequence, The first key; and the secure element is further configured to: determine the second key according to the second preset sequence, where the second preset sequence is different from the first preset sequence.

With reference to the second aspect and the foregoing implementation manner, in some implementations of the second aspect, the first memory includes N regions, the second memory includes N regions, and the N regions of the first memory are The N areas of the second memory are in one-to-one correspondence, N is a positive integer, and the acquiring the first data from the first memory includes: acquiring the first area from the N areas of the first memory The first data; and the obtaining the verification information from the second memory, comprising: obtaining verification information from a second one of the N regions of the second memory, wherein the first region corresponds to the second region .

With reference to the second aspect and the foregoing implementation manner, in some implementations of the second aspect, each of the N regions of the second memory includes at least two sub-regions, each sub-region having a size greater than or equal to The size of the verification information, the de-securing the first data according to the verification information, comprising: using information stored in a first sub-area of the second area as the verification information, and The first data is subjected to de-secure processing; the information stored in the second sub-area of the second area is used as the verification information, and the first data is de-secured.

In conjunction with the second aspect and the implementation described above, in some implementations of the second aspect, the first memory is a shared memory of the secure element and the central processor, and the second memory is the secure element Corresponding dedicated memory.

In a third aspect, a method of processing data is provided, which is applied to a system chip including a secure element and a central processor, the secure element being coupled to the central processor, the central processor for controlling The security element, the security element performing the method, the method comprising: determining verification information, the verification information is used to verify validity of data to be stored; and the data to be stored is secured according to the verification information Processing the first data; storing the first data to the first memory, and storing the verification information to the second memory, wherein the first memory and the second memory are outside the system chip Different memory.

With reference to the third aspect, in some implementations of the third aspect, the verification information includes at least one of the following information: a check sequence generated by performing verification processing on the data to be stored; and recorded by a counter Count value; or a random sequence generated by a random number.

With reference to the third aspect and the foregoing implementation manner, in some implementation manners of the third aspect, the performing security processing on the to-be-stored data according to the verification information includes at least one of: using the verification information Performing a verification process on the data to be stored; or determining a first key according to the verification information, and encrypting the first data by using the first key.

With reference to the third aspect and the foregoing implementation manner, in some implementation manners of the third aspect, the method further includes: performing the verification information according to the second key before storing the verification information to the second memory Encrypted, the second key being different from the first key.

With reference to the third aspect and the foregoing implementation manner, in some implementation manners of the third aspect, the determining, according to the verification information, the first key comprises: determining, according to the verification information and the first preset sequence, a key; and the method further comprises: determining the second key according to a second preset sequence, the second preset sequence being different from the first preset sequence.

In conjunction with the third aspect and the foregoing implementation manner, in some implementations of the third aspect, the first memory includes N regions, the second memory includes N regions, and the N regions of the first memory are The N areas of the second memory are in one-to-one correspondence, N is a positive integer, and the storing the first data to the first memory and storing the verification information to the second memory includes: The first data is stored to a first one of the N regions of the first memory, and the verification information is stored to a second region of the N regions of the second memory, wherein the first region Corresponding to the second region.

With reference to the third aspect and the foregoing implementation manner, in some implementations of the third aspect, each of the N regions of the second memory includes at least two sub-regions, each sub-region having a size greater than or equal to Verifying the size of the information, the method further comprising performing the storing the first data to the first memory and storing the verification information to the second memory in an order of: storing the verification information to the Determining the unoccupied sub-area in the second area; storing the first data to the first area; deleting historical verification information stored in the occupied sub-area in the second area.

In conjunction with the third aspect and the implementation described above, in some implementations of the third aspect, the first memory is a shared memory of the secure element and the central processor, and the second memory is the secure element Dedicated memory.

In a fourth aspect, a method of processing data is provided, which is applied to a system chip including a secure element and a central processor, the secure element being coupled to the central processor, the central processor for controlling The secure element, the secure element performing the method, the method comprising: acquiring first data from a first memory; obtaining verification information from a second memory, the verification information being used to verify validity of the first data And the first memory and the second memory are different memories except the system chip; and the first data is de-secured according to the verification information to obtain processed data.

With reference to the fourth aspect, in some implementations of the fourth aspect, the verification information includes at least one of the following information: a verification sequence generated by performing verification processing on the to-be-stored data; recorded by a counter Count value; or a random sequence generated by a random number.

With reference to the fourth aspect and the foregoing implementation manner, in some implementation manners of the fourth aspect, the performing the de-secure processing on the first data according to the verification information includes at least one of: using the verification Decoding the first data by the information; or determining the first key according to the verification information, and decrypting the first data by using the first key.

With reference to the fourth aspect and the foregoing implementation manner, in some implementation manners of the fourth aspect, before the obtaining the verification information from the second memory, the method further includes: decrypting the verification information according to the second key, The second key is different from the first key.

With reference to the fourth aspect and the foregoing implementation manner, in some implementation manners of the fourth aspect, the determining, according to the verification information, the first key includes: determining, according to the verification information and a first preset sequence, a first key; and the method further comprises: determining the second key according to a second preset sequence, the second preset sequence being different from the first preset sequence.

In conjunction with the fourth aspect and the foregoing implementation manner, in some implementations of the fourth aspect, the first memory includes N regions, the second memory includes N regions, and the N regions of the first memory are The N areas of the second memory are in one-to-one correspondence, N is a positive integer, and the acquiring the first data from the first memory includes: acquiring the first area from the N areas of the first memory The first data; and the obtaining the verification information from the second memory, comprising: obtaining verification information from a second one of the N regions of the second memory, wherein the first region corresponds to the second region .

With reference to the fourth aspect and the foregoing implementation manner, in some implementations of the fourth aspect, each of the N regions of the second memory includes at least two sub-regions, each sub-region having a size greater than or equal to The size of the verification information, the de-securing the first data according to the verification information, comprising: using information stored in a first sub-area of the second area as the verification information, and The first data is subjected to de-secure processing; the information stored in the second sub-area of the second area is used as the verification information, and the first data is de-secured.

In conjunction with the fourth aspect and the implementation described above, in some implementations of the fourth aspect, the first memory is a shared memory of the secure element and the central processor, and the second memory is the secure element Corresponding dedicated memory.

In a fifth aspect, a communication device is provided, comprising: the first aspect, any possible implementation manner of the first aspect, and the second aspect, any one of the possible implementation manners of the first aspect A system chip, a first memory and a second memory.

In a sixth aspect, a communication device is provided, which may be a terminal device or a chip disposed in the terminal device. The communication device includes a processor coupled to the memory and operative to execute instructions in the memory to implement any of the possible implementations of the third and third aspects above, and any of the fourth and fourth aspects. A step performed in one possible implementation. Optionally, the communication device further comprises a memory. Optionally, the communication device further includes a communication interface, the processor being coupled to the communication interface.

In a seventh aspect, a computer program product is provided, the computer program product comprising: computer program code, when the computer program code is run on a computing device or a secure element, causing the computing device or the secure element to perform the third aspect described above And any one of the possible implementations of the third aspect and the method of any one of the fourth aspect and the fourth aspect.

In an eighth aspect, a computer readable medium storing program code for causing a computing device or a secure element to perform the third step when the computer program code is run on a computing device or a secure element Aspects and any one of the possible implementations of the third aspect and the method of any one of the fourth aspect and the fourth aspect.

In a ninth aspect, a system chip is provided, the system chip comprising a processor for supporting a terminal device to implement the functions involved in the foregoing aspects, such as writing data, encrypting, decrypting, reading data, or other processing Data and/or information involved in the method. In a possible design, the system chip further includes a memory for storing necessary program instructions and data of the terminal device. The system chip can be composed of chips, and can also include chips and other discrete devices.

DRAWINGS

Figure 1 is a schematic diagram of a possible chip design architecture.

FIG. 2 is a schematic diagram of a system chip architecture provided by an embodiment of the present application.

FIG. 3 is a schematic diagram of still another example of memory storage content provided by an embodiment of the present application.

FIG. 4 is a schematic diagram of an example of processing data according to an embodiment of the present application.

FIG. 5 is a schematic diagram of still another example of data processing provided by an embodiment of the present application.

FIG. 6 is a schematic diagram of still another example of data processing provided by an embodiment of the present application.

FIG. 7 is a schematic diagram of still another example of data processing provided by an embodiment of the present application.

FIG. 8 is a schematic diagram of still another example of data processing provided by an embodiment of the present application.

FIG. 9 is a schematic diagram of still another example of data processing provided by an embodiment of the present application.

FIG. 10 is a schematic diagram of still another example of data processing provided by an embodiment of the present application.

FIG. 11 is a schematic diagram of a storage sub-area of another memory provided by an embodiment of the present application.

FIG. 12 is a schematic diagram of another method for processing data according to an embodiment of the present application.

detailed description

The technical solutions in the present application will be described below with reference to the accompanying drawings.

The terms "component," "module," "system," and the like, as used in this specification, are used to mean a terminal device-related entity, hardware, firmware, a combination of hardware and software, software, or software in execution. It should be understood that the manners, the conditions, the categories, and the divisions of the embodiments in the embodiments of the present application are only for convenience of description, and should not be specifically limited. The various modes, categories, situations, and features in the embodiments are not contradictory. In case you can combine them.

It should also be understood that the terms "first", "second", and "third" in the application examples are merely a distinction and should not be construed as limiting.

It should also be understood that, in various embodiments of the present application, the size of the sequence number of each process does not mean the order of execution, and the order of execution of each process should be determined by its function and internal logic, and should not be taken to the embodiment of the present application. The implementation process constitutes any limitation.

It should be noted that, in the embodiment of the present application, “pre-definition” may be implemented by pre-storing corresponding codes, tables or other manners in the device (for example, including the terminal device), which may be used to indicate related information. The specific implementation manner is not limited. For example, pre-definition can be defined in the protocol.

It should be noted that, in the embodiment of the present application, “of”, “corresponding, relevant” and “corresponding” may sometimes be mixed, and it should be noted that the difference is not emphasized. At the time, the meaning to be expressed is the same.

It should also be noted that “and/or” describes the association relationship of the associated objects, indicating that there may be three relationships, for example, A and/or B, which may indicate that A exists separately, A and B exist simultaneously, and B exists separately. These three situations. The character "/" generally indicates that the contextual object is an "or" relationship. "At least one" means one or more; "at least one of A and B", similar to "A and/or B", describing the association of associated objects, indicating that there may be three relationships, for example, A and B. At least one of them may indicate that A exists separately, and A and B exist simultaneously, and B cases exist separately. The technical solutions provided by the present application will be described in detail below with reference to the accompanying drawings.

The method and apparatus for storing data provided by the embodiments of the present application can be applied to a terminal device. A terminal device may also be called a user equipment (UE), an access terminal, a subscriber unit, a subscriber station, a mobile station, a mobile station, a remote station, a remote terminal, a mobile device, a user terminal, a terminal, a wireless communication device, and a user. Agent or user device. The terminal device in the embodiment of the present application may be a mobile phone, a tablet, a computer with a wireless transceiver function, a virtual reality (VR) terminal device, and an augmented reality (AR) terminal. Equipment, wireless terminals in industrial control, wireless terminals in self driving, wireless terminals in remote medical, wireless terminals in smart grid, transportation security ( A wireless terminal in a transportation safety, a wireless terminal in a smart city, a wireless terminal in a smart home, and the like. The embodiment of the present application does not limit the application scenario. In the present application, the foregoing terminal device and a chip that can be disposed in the foregoing terminal device are collectively referred to as a terminal device.

In addition, in the embodiment of the present application, the terminal device may also be a terminal device in an Internet of Things (IoT) system, and the IoT is an important component of future information technology development, and its main technical feature is to pass the article through the communication technology. Connected to the network to realize an intelligent network of human-machine interconnection and physical interconnection.

The embodiment of the present application will be described in detail by taking the most widely used smartphone in life as an example.

In addition to the ever-increasing demand for the performance of cameras, audio, video and smartphones, the demand for smartphones involving mobile payments, mobile finance and other mobile phones is increasing. In addition, smart phones have gradually become a demand for security applications such as car keys and bank cards. In the future, mobile phones may include all bank cards, bus cards, keys and ID cards. To achieve these functions, in addition to the support of various software developments, mobile phone chips are required to provide hardware-level security.

Figure 1 is a schematic diagram of a possible chip design architecture. As shown in the chip architecture 100 of FIG. 1, the chip architecture 100 incorporates the secure element SE 104 in the system chip SOC 103, which may include the following components.

A, Power Management Unit (PMU) 101

The power management unit 101 in the chip architecture 100 integrates all power management functions of the chip architecture 100. The main functions include system reset, phase-locked loop and frequency divider, pin signal recognition and decoding, sleep mode, and module power management. The power management system can be connected to the processor logic to manage functions such as charging, discharging, and power consumption through a power management system.

B, RF circuit 102

The RF circuit 102 can be used to transmit and receive information and receive and transmit signals during a call. Generally, RF circuits include, but are not limited to, an antenna, at least one amplifier, a transceiver, a coupler, an LNA (Low Noise Amplifier), a duplexer, and the like. In addition, the RF circuit 102 can also communicate with other devices such as network devices through wireless communication. The wireless communication may use any communication standard or protocol, including but not limited to Wireless Local Area Networks (WLAN), Global System of Mobile communication (GSM) systems, Code Division Multiple Access (Code Division Multiple) Access, CDMA) system, Wideband Code Division Multiple Access (WCDMA) system, General Packet Radio Service (GPRS), Long Term Evolution (LTE) system, LTE frequency division dual (Frequency Division Duplex (FDD) system, LTE Time Division Duplex (TDD), Universal Mobile Telecommunication System (UMTS), Worldwide Interoperability for Microwave Access (WiMAX) communication System, future 5th Generation (5G) system or New Radio (NR).

C, AP main chip 103

The main chip 103, that is, the system chip SOC described above, is an integrated circuit chip, and the logic core includes a central processing unit (CPU) 105, a clock circuit, a timer, an interrupt controller, a serial parallel interface, and other peripheral devices. Input/output (I/O) ports and glue logic for various IP cores, etc.; memory cores include various volatile memory, non-volatile memory (Non-Volatile Memory) , NVM) and Cache and other memory; analog cores include Analog to Digital Converter (ADC), Digital to Analog Converter (DAC), Phase Locked Loop (PLL) and some Analog circuits used in high speed circuits.

D, the central processing unit 105

The CPU 105 is the control center of the SOC 103, that is, the control center of the terminal device, which connects various parts of the entire terminal device by various interfaces and lines, by running or executing software programs and/or modules stored in the memory, and calling the storage in The data in the memory performs various functions and processing data of the terminal device, thereby performing overall monitoring on the terminal device. Optionally, the processor may include one or more processing units; preferably, the processor may integrate an application processor and a modem processor, where the application processor mainly processes an operating system, a user interface, an application, etc., and modulates The demodulation processor primarily handles wireless communications. It can be understood that the above modem processor may not be integrated into the processor.

The CPU 105 can optionally include an operator and a controller, which are core components of the system chip for acquiring instructions and processing data. Specifically, it can be used to perform control of an instruction execution sequence, operation control, time control, and arithmetic and logical operations on data, or processing of other information.

E, storage device 107

Specifically, it includes an embedded multimedia media (eMMC), a universal flash storage (UFS), a double rate (Double Data Rate, DDR) synchronous dynamic random access memory, and the like. Specifically, such as a memory array Array, a Replay Protected Memory Block (RPMB), where RPMB is a relatively special partition of eMMC, the main function is to store some core sensitive data.

The memory device also includes a program and a module that can be used to store software programs and modules that execute various functional applications and data processing of the terminal device by running software programs and modules stored in the memory device. The storage device further includes a storage program area and a storage data area, such as a read-only memory (ROM), a random access memory (RAM), and the like in the chip architecture 100. The storage program area may store an operating system, an application required for at least one function (such as a sound playing function, an image playing function, etc.), and the storage data area may store data created according to the use of the terminal device (such as audio data, Phone book, etc.). In addition, the memory device may also include a high speed random access memory, and may also include a non-volatile memory (NVM), such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.

F, short-range wireless communication controller 108

The Near Filed Communication (NFC) controller 108 can be a chip that combines an inductive card reader, an inductive card, and a peer-to-peer function on a single chip to identify compatible devices in a short distance. And data exchange. The NFC chip has mutual communication capability and computing power, and may further include an encryption logic circuit, an encryption/decryption module, and the like.

G, other input devices

Other input devices can be used to receive input numeric or character information, as well as to generate key signal inputs related to user settings and function control of the terminal device.

In addition to the various modules listed above, the system chip also includes other units or modules not shown, such as the storage unit and the controller together to implement a multimedia storage (Multi Media Card, MMC) controller on the system chip, double The rate controller (Double Data Rate Controler, DDRC), etc., will not be described here.

The SE 104 inside the SOC 103 will be highlighted below. In the above-described system chip of the SOC 103 in which the SE 104 is built in the terminal device, we can call it the inSE system, which can enhance the security level of the mobile phone. It should be understood that in the inSE system architecture, the SE 104 is controlled by the central processing unit CPU 105 of the SOC 103, specifically including controlling the opening, closing, controlling power consumption or operating state of the SE 104, and the like. In addition, the CPU 105 can control other parts of the system chip as the core of the system chip, which is not limited in this embodiment.

The secure element SE 104 is typically provided in the form of an embedded SOC 103 that can run a smart card application, preventing external malicious resolution attacks and protecting data security. In addition, there is an encryption/decryption logic circuit in the system chip. The conventional secure element SE can be used in an IC chip in a smart card, but now the SIM card, SD and other chips in the mobile phone also perform the same function.

As shown by the black thick solid line portion in Fig. 1, the SE 104 has a complete CPU, ROM, RAM, and the like. The following is a brief introduction to the internal structure of the SE. As shown by 104 in Fig. 1, SE as an element also includes most of the elements or structures similar to those described above in SOC 103, and specifically includes the following components.

A, central processing unit CPU 106

Using various interfaces and lines to connect various parts within or outside the system chip, perform various functions and process data operations by running or executing software programs and/or modules stored in the memory, and calling data stored in the memory. . Optionally, the processor can include one or more processing units.

The CPU 106 can optionally include an operator and a controller, which are core components of the SE 104 for fetching instructions and processing data. Specifically, it can be used to perform control of an instruction execution sequence, operation control, time control, and arithmetic and logical operations on data, or processing of other information.

In the chip architecture 100, the CPU 106 of the secure element SE can be in communication connection with the CPU 105 of the system chip SOC, and the central processing unit SE of the system chip SOC controls the secure element SE, including controlling the opening and closing of the SE. Control power consumption or working status, etc.

B, storage device

The storage device can be used to store data, software programs, and modules, and the processor can perform various functional applications and perform data processing by running software programs and modules stored in the storage device. The memory device also includes a memory program area and a memory data area, such as ROM, RAM, etc., shown in chip architecture 100. In addition, the SE also includes One Time Programmable (OTP) memory.

C, asynchronous transceiver (Universal Asynchronous Receiver/Transmitter, UART)

The UART is part of the hardware and is a general-purpose serial data bus for asynchronous communication. The bus bidirectional communication enables full duplex transmission and reception. It converts data or programs between serial communication and parallel communication. As a chip that converts parallel input signals into serial output signals, the UART is usually integrated into the links of other communication interfaces. The UART can be used as a stand-alone modular chip or as a peripheral device integrated in the microprocessor as an interface to external devices.

D, single wire connection protocol (SWP)

The single-line connection protocol is mainly a mobile payment solution based on NFC technology, which is applied to communication between a mobile phone SIM card or an SD card to a contactless front end (CLF).

The inSE system can be connected to the NFC controller via NFC and SWP interfaces and has three modes of operation: off, wired and virtual. It can usually be communicated to the SE via an external reader or via an internal connection interface.

E. Crypto IP Encapsulation (CIPE)

CIPE uses encrypted IP packets, which are given header information and encrypted using the default CIPE encryption mechanism.

F, Random Number Generator (TRNG)

A random number generator is a device that generates random numbers through physical processes rather than computer programs.

The above briefly introduces the composition of the inSE system and the communication between the various parts. The inSE system security solution integrates the security components into the processor, and is more resistant to attacks from the physical level and has higher security. In this scheme, the SE module integrated into the main chip SOC has no non-volatile memory NVM, because the current SOC main chip process is very advanced, the mainstream has reached 7nm, and in this process, the NVM media flash cannot be integrated into the main The chip's die Die.

The security level of the SE is very high. The non-volatile storage NVM stores data and can meet the following requirements:

(1) Protection against data leakage against non-volatile storage (Confidentiality);

(2) having an anti-interference protection capability against non-volatile storage;

(3) It has the ability to resist the modification and anti-rollback of nonvolatile storage (integrity & anti-rollback).

NVM storage can guarantee the confidentiality, integrity and anti-return capability of data. In the inSE system, there is no NVM. At present, the prior art has realized the requirement of ensuring data confidentiality and integrity, and anti-backup for data ( The ability to anti-rollback is mainly achieved using an on-chip One Time Programmable (OTP). Specifically, the data counter rollback is performed using the bit counter inside the OTP, and the security can also meet the certification requirements of the CC EAL4+.

However, the current bit counter inside the OTP can currently reach tens of K bits. A few tens of K bits means that the maximum number of secure writes is tens of thousands of times, so there is a limit on the number of writes. Although the tens of thousands of write restrictions can meet the needs of current consumers' cards, car keys, ID cards, etc., these times are not enough for some security scenarios. For example, the scenario in which the mobile phone is used as a Pos machine, the system security against brute force cracking, etc., which frequently need to be recorded in the security application scenario of the secure element SE, tens of thousands of write restrictions cannot meet the user's needs.

In order to meet the needs of users in various security scenarios, one possible solution is to set up external dedicated secure storage Secure Flash. It has been verified that such a solution can achieve the safety certification standard up to CC EAL5+, which can ensure the confidentiality and integrity of the data, thus ensuring the safety of the user.

A possible secure storage system, in addition to the system chip SOC 103 and the secure element SE 104 described above, stores a data and a program to be stored in Secure Flash by setting a dedicated secure memory chip Secure Flash 201 outside the SOC. In 201, the security meets the requirements. At the same time, the program can even be executed on-chip, without all being transferred to the internal RAM. The data writing requirements can satisfy various security application scenarios. The storage uses dedicated Secure Flash, which generally takes about 4MB to meet the security requirements of the mobile phone, such as completing the smart. Mobile payment for mobile phones, bus cards, security shields, etc. However, the cost of 4MB Flash is very high and will not be adopted. Moreover, if there is more and more demand for mobile phone security space, the cost will continue to rise.

Therefore, an implementation process of secure storage is needed, which can meet the requirements of all security business scenarios while ensuring cost. The embodiment of the present application provides a process for implementing secure storage based on the current inSE chip architecture, and supports the secure application data space by fully multiplexing the inherent storage space of the terminal device, and uses the external secure Flash memory chip to perform data defense only. Rollback and key storage management, without actual data storage, resulting in less demand for secure Flash storage capacity.

FIG. 2 is a schematic diagram of a system chip architecture provided by an embodiment of the present application. The system architecture 200, as shown in FIG. 2, includes a secure element SE 104 built into the system chip SOC 103, which is coupled to a central processing unit CPU 105 of the SOC 103 for controlling the secure element SE 104. In addition, system architecture 200 also includes a first memory 202 and a second memory 201, which are different memories than the system chip SOC 103. The first memory 202 is used to store data and programs, and the second memory 201 is used to store verification information for verifying the legality of the data to be stored.

Further, communication between the second memory 201 and the SE 104 via a high speed serial interface (SerDes Framer Interface, SFI) is shown in FIG. It should be understood that the communication between Secure Flash and SE 104 needs to establish a secure channel for data transmission, which is realized by the connection between the SFI interface and the security logic. Thus, encrypted data can be transmitted between Secure Flash and SE, and such a secure channel can prevent data from being tampered or rolled back. The establishment of the secure channel belongs to the prior art, and the present embodiment does not introduce too much.

Optionally, the first memory 202 is a shared memory of the SE 104 and the central processing unit CPU, and the second memory 201 is a dedicated secure memory (Secure Flash) of the secure element SE 104.

The first embodiment of the present application sets the first memory 202 and the second memory 201. It should be understood that the first memory 202 is a general-purpose memory and has no security requirements and has a large capacity; the second memory 201 is a dedicated secure memory. Specifically, the first memory may be a memory that the mobile phone itself has. For example, the size of the current mobile phone memory is generally 64 GB, 132 GB, etc., and has a relatively large storage space. The first memory 202 involved in the embodiment of the present application is 4 MB or 16 MB of 64 GB or 132 GB. The capacity of such a first memory has substantially no cost impact on the currently large mobile phone inherent storage, and even if the user's demand grows in the future, the capacity of the first memory is increased, and the cost of the mobile phone is not affected. .

The second memory 201 is a dedicated secure memory, and specifically may be an externally authenticated dedicated secure storage Secure Flash. In a possible case, the Secure Flash is placed inside the SE 104 and belongs to the scope of security certification, or the Secure Flash is a device external to the secure element. The embodiment of the present application is described in detail by taking the SE 104 as an example. It should be understood that the application includes but is not limited thereto.

As a shared memory of the SE 104 and the central processing unit CPU 105, the first memory 202 may include different storage areas that are isolated from each other, and store information such as data or programs of the SE 104 and the CPU 105, respectively.

It should be understood that the embodiment of the present application sets a first memory for storing data or a program, and the second memory is used for storing verification information corresponding to the data to be stored. Assuming that the size of the data to be stored is 4 KB, and the size of the verification information is much smaller than the size of the data to be stored, for example, the verification segment of the verification information is only 32 bytes, if the second memory size is 128 KB, the first 16 MB can be supported. Memory security. That is, the system architecture and method provided by the embodiments of the present application can reduce the cost and ensure the security of the data application. At the same time, since the large-capacity inherent storage space of the terminal device can be fully utilized as the first memory, the capacity is increased while the cost is reduced.

Optionally, the embodiment of the present application further sets a third memory, which may be a one-time programmable OTP memory inside the SE, such as the OTP 203 shown in FIG. 2 . The OTP 203 is integrated into the digital logic portion of the SOC chip to enable one-time programming of non-volatile storage (NVS). This third memory is used to store the IDs of the SE 104, HUK1 and HUK2. Here, HUK1 and HUK2 are explained. HUK1 is a key for storing data or reading data between the SE and the external first memory, and HUK2 is for storing verification information or reading verification information between the SE and the external second memory. Key. It should be understood that in a secure application scenario, data and programs stored outside of the SE need to be encrypted for storage to ensure data and program security.

Among them, HUK1 is an independent and unique key for each SE, and is used for the first stored data storage to encrypt and decrypt the root key. HUK1 is mainly used for the encryption of the first memory. All programs and application data are placed in the first memory. Since the first memory is an external memory, encrypted storage is required, and the key can be derived using HUK1 as a root key, so that each storage is The small unit is used as an encryption block unit, and its encryption keys are different. Specifically, the key used for data encryption to be stored may be derived according to the root key HUK1, for example, a key derived from the root key HUK1, a storage address of the data to be stored in the first memory, and other sequences. The stored data is encrypted and stored in the first memory 202. The key used to encrypt the data to be stored stored in the first memory in the present application is referred to as a first key.

HUK2 is also a unique key key for each SE, and is a shared key for pairing with the second memory. Secure Flash is a dedicated secure memory for SE. When binding with SE, the binding process depends on the product. It can be written to the Secure flash in the whole machine production line or in the chip packaging production line. The Secure Flash and SE devices can use the same shared key HUK2 to establish a secure channel for secure communication, ensuring that Secure Flash content is encrypted and has a verified read or write. That is, the same shared key is used for secure communication between the second memory 201 and the SE. The key used to encrypt the authentication information stored in the second memory in the present application is referred to as a second key. Correspondingly, the second memory 201 also stores the HUK 2 inside, which can be written to the HUK 2 during the production of the whole machine.

Further, the third memory can store keys required by other systems in addition to the IDs of the SE 104, HUK1, and HUK2. These keys are written to the OTP when the chip is produced. For example, for HUK1 and HUK2, the SOC can be internally written into the third storage OTP by a random number generator during production, and cannot be changed after being written. It should be understood that the application includes but is not limited thereto.

Optionally, the first memory includes N regions, and the second memory includes N regions, and the N regions of the first memory are in one-to-one correspondence with the N regions of the second memory, where N is a positive integer.

FIG. 3 is a schematic diagram showing an example of memory storage contents provided by an embodiment of the present application, that is, the first memory or the second memory may be divided according to a certain size. Specifically, the first memory is divided into N storage blocks according to the size of 4 KB, such as Page 1 , Page 2...Page N shown in FIG. 3; the second memory is divided into N verification blocks according to the size of 32 bytes, for example The verification block 1, the verification block 2, ... the verification block N shown in FIG. Each page has a corresponding secure authentication storage block of the Secure Flash (second memory), that is, the second memory retains the verification information corresponding to the page, and ensures that the data stored in the first memory is not tampered or rolled back.

In addition, in this implementation manner, the first key may be Kenc_page 1, Kenc_page 2...Kenc_page N derived from the ID of HUK1 and different Pages, and then the data to be stored stored in different pages is respectively encrypted, and then Write the corresponding Page. It should be understood that this application includes, but is not limited to, this.

The system architecture of the embodiment of the present application and the storage contents of the functions of the first memory and the second memory are described above with reference to FIG. 2 and FIG. 3. It should be understood that the method provided by the embodiment of the present application is applied to all communication devices including the foregoing system architecture. Terminal devices such as the listed smart phones, that is, all devices including the architecture of the system, fall within the scope of protection of the present application. The method for processing data provided by the embodiment of the present application is described in detail below with reference to FIG. 4 to FIG.

FIG. 4 is a schematic diagram of an example of processing data according to an embodiment of the present application. The method 400 illustrates a specific process of data writing applied to the architecture 200 described above, including a secure element SE and a system chip of a central processor coupled to the central processor for controlling The secure element SE includes controlling its opening, closing, controlling power consumption or working state, and the like. The method 400 includes the following.

S410. The secure element SE determines verification information, which is used to verify the legality of the data to be stored.

In the process of writing data to be stored, the data to be stored needs to be encrypted and stored in the first memory. However, in a series of processes of processing data, data may be tampered with or attacked at any point outside the processing of the secure element SE. Therefore, in order to ensure the legitimacy of the data, certain verification information is required to verify the legitimacy of the data. The data to be stored is then written to the first memory, and the corresponding verification information of the data to be stored is stored to the second memory.

Optionally, the verification information includes at least one of the following information: a check sequence generated by performing check processing on the data to be stored; or a count value recorded by a counter; or a random sequence generated by a random number.

It should be understood that the verification process here is to verify whether the data has been tampered with, and to perform an integrity check, for example, to obtain a verification message by the verification process. Correspondingly, in the process of reading data, the de-verification process is performed, that is, the verification information obtained by the verification process is used to verify whether the data is tampered or maliciously attacked during the process, thereby ensuring security.

S420. The secure element SE performs security processing on the data to be stored according to the verification information to obtain first data.

In the step of S410, the verification information is obtained, and the data to be stored may be securely processed according to the verification information to obtain the first data. The security process includes at least one of the following processes: performing MAC processing on the data to be stored by using the verification information; or determining a first key according to the verification information, using the first key to the first data Encrypt.

S430. The secure element SE stores the first data to the first memory and stores the verification information to the second memory, wherein the first memory and the second memory are different memories outside the system chip.

After the step S410 is performed, the secure element SE obtains the verification information, but the verification information and the data to be stored constitute a verification relationship, and the read data can be verified by the verification information in the process of reading the data. Legitimacy, otherwise it makes no sense. That is, the verification information is to be involved in the data processing process to be stored, otherwise the two have no relationship and cannot be verified.

It is described in S410 that the verification information may be at least one of the three listed information. Specifically, it is divided into the following three cases for detailed description.

Case 1:

When the SE processes the data to be stored according to a preset verification algorithm to generate a check sequence, where the verification information is a check sequence, the verification information and the data to be stored have been verified in the process of the check processing. relationship. In this case, as shown in the data processing diagram shown in FIG. 5, the verification information and the data to be stored may together constitute the first data. For example, when the algorithm algorithm authentication code secure MAC algorithm is verified, the 240 bytes of data to be stored are processed by the MAC algorithm to generate a 16-byte check sequence, and the 240-byte data to be stored and the 16-byte check sequence form the first data. The first key is encrypted to generate 256 bytes of ciphertext and stored in the first memory, and the 16-byte check sequence is stored as the verification information of the first data by the second key and stored in the second memory. Various possibilities regarding the first key and the first memory or the second key and the second memory have been described in detail above, and are not described herein again for the sake of brevity.

Alternatively, as shown in the data processing diagram shown in FIG. 6, after the check algorithm processes the stored data, a check sequence is generated, and the check sequence is encrypted by the second key and stored in the second memory. At this time, the check sequence is generated according to the data to be stored, so the check sequence can uniquely verify the legality of the data to be stored. The data to be stored is used as the first data, encrypted according to the first key, and stored in the first memory. For example, in conjunction with the memory type shown in FIG. 3, the first memory is divided into N memory blocks in a size of 4 KB, and the second memory is divided into N verification blocks in a size of 32 bytes. As shown in the schematic diagram of FIG. 6, 4 KB of data to be stored is stored in the first memory through the first key encryption process; and a 32-byte check sequence is stored in the second memory through the encryption process of the second key. It should be understood that the application includes but is not limited thereto.

Case 2:

The verification information includes the count value Count recorded by the counter. For example, the one-way counter records the count value, counting from 0, and writing data to the first memory (or Page x of the first memory) each time, and the corresponding count value is incremented by one. Then, at this time, it is necessary to ensure that the verification relationship and the data to be stored constitute a verification relationship, that is, the count value Count is to participate in the processing of the data to be stored, otherwise the two do not matter, and the verification relationship cannot be formed.

7 and 8 are diagrams showing a process of a process in which a count value participates in data to be stored. In FIG. 7, it is shown that the data to be stored is subjected to a verification process, for example, performing message authentication code secure MAC processing, and the count value Count is brought into the data plaintext to be stored for MAC processing, and the count value is As the verification information, after the encryption process of the second key, the second data is stored in the second memory; the data to be stored and the count value are processed by the MAC to generate the first data, so that the first data is encrypted by the first key and then stored. Go to the first memory.

Another processing method in which the count value participates in the data to be stored is as shown in FIG. 8. The message authentication code to be stored in the secure MAC address process does not include the count value Count. After the MAC processing is completed, the count value Count can participate in the process of determining the first key when the encryption is performed, and the SE uses the first The key encrypts the first data.

Specifically, when the data to be stored needs to be stored in the first memory, the SE derives the first key according to the HUK1 and the count value, and then stores the first data in the first memory after being encrypted by the first key. How to derive the first key belongs to the prior art, and this embodiment does not introduce the expansion.

Case 3:

The verification information includes a random sequence generated by a random number Random-x-valid. For example, it may be a random sequence generated according to a preset random function. Then, at this time, it is necessary to ensure that the verification relationship and the data to be stored constitute a verification relationship, that is, the random sequence is to participate in the processing of the data to be stored, otherwise the two do not matter, and the verification relationship cannot be formed.

9 and 10 are schematic diagrams showing a processing procedure in which a random sequence participates in data to be stored. In FIG. 9, it is shown that in the process of performing secure authentication of the message authentication code in the data to be stored, the random sequence is brought into the data plaintext for MAC processing. The random sequence is used as the verification information, and is stored in the second memory after being encrypted by the second key. The data to be stored and the random sequence are processed by the MAC to generate the first data, so that the first data is first encrypted. The key is encrypted and stored in the first memory.

Another processing method in which a random sequence participates in data to be stored is shown in FIG. During the secure MAC processing of the message authentication code to be stored, the random sequence is not added. After the MAC processing is completed, the random sequence may participate in the process of determining the first key when the encryption is performed, and the SE uses the first key. The first data is encrypted.

Specifically, when the data to be stored needs to be stored in the first memory, the SE derives the first key according to the HUK 1 and the random sequence, and then stores the first data in the first memory after being encrypted by the first key.

Alternatively, when the data to be stored needs to be stored in Page 2 in the first memory, the SE derives the first key according to the ID address of the HUK1, the Page 2 and the random sequence, and then passes the first data through the first key. After the encryption process, it is stored in the storage area of Page 2 of the first memory.

The above examples of the data size, for example, 240 bytes, 32 bytes, or 4 KB are examples, and the actual situation can be modified. Even the size of the memory block Page in the first memory or the size of the verification block in the second memory can be The type of data stored varies. It should be understood that this application includes, but is not limited to, this.

Furthermore, the first memory and the second memory may be divided when introducing the first memory and the second memory. For example, the first memory includes N regions, and the second memory includes N regions, and the N regions of the first memory are in one-to-one correspondence with the N regions of the second memory, and N is a positive integer.

In another possible implementation, each of the N regions of the second memory includes at least two sub-regions, each sub-region having a size greater than or equal to a size of the verification information, and the security element is further used as follows Performing an operation of storing the first data to the first memory and storing the verification information to the second memory: the secure element stores the verification information to the unoccupied sub-area in the second area; The first data is stored in the first area; and the historical verification information stored in the occupied sub-area in the second area is deleted.

Specifically, as shown in FIG. 11, the verification block 2 of the second memory is divided into two sub-areas, which are an effective area and a blank area, and each area can store verification information of the data to be stored. After obtaining the first data encrypted by the first key and the verification information encrypted by the second key by using the above method, if the first data is written to the storage block Page 2 of the first memory, the verification information is written In the process of verifying block 2 of the second memory, the verification information is written to the valid area of the verification block 2, and the blank area has no data. When there is new data to be stored in the storage block Page 2, assuming that the second data is new to be stored, the flow needs to be written in the following order:

(1) determining the second verification information corresponding to the second data to be stored, and the process refers to the method of the foregoing first data, and details are not described herein again;

(2) retaining the first verification information corresponding to the original first data of the valid area of the verification block 2 of the second memory, and writing the second verification information encrypted by the second key to the blank area of the verification block 2;

(3) The second data to be stored is subjected to security processing, and then encrypted according to the first key and then written to the storage block Page 2 of the first memory;

(4) Deleting the first verification information corresponding to the original first data of the valid area of the verification block 2 of the second memory, the original valid area becomes a blank area, and the newly written second verification information is used as valid verification information.

It should be understood that the verification information may be a check sequence generated by the message authentication code MAC processing of the data to be stored; or a count value recorded by a counter; or a random sequence generated by a random number. When the verification information is the count value recorded by the counter, it is not necessary to perform the method of dividing the memory block of the second memory into two areas and the data writing flow as described above, because the counter value of the counter is incremented by one every time it is written. Therefore, when the second data is written, it is sufficient to add 1 to the first verification information, and it is not necessary to re-determine the second verification information, so that the correctness of the verification information can be ensured. That is, if there is a correlation between the verification information of different memory blocks of the second memory, the flow of data writing can be simplified, and the validity of the data can be determined based on the verification information. This application includes but is not limited to this.

The above process of data writing is completed, and the process of data reading will be described in detail below with reference to FIG. FIG. 12 is a schematic diagram of another method for processing data according to an embodiment of the present application. The method 1200 illustrates a specific process of data reading applied to the architecture 200 described above, including a secure element SE and a system chip of a central processor coupled to the central processor for controlling The secure element SE includes controlling its opening, closing, controlling power consumption or working state, and the like. The method 1200 includes the following.

S1210. The secure element SE acquires the first data from the first memory.

S1220. The secure element SE obtains verification information from the second memory, where the verification information is used to verify the validity of the first data, and the first memory and the second memory are different memories outside the system chip.

S1230. The secure element SE performs de-secured processing on the first data according to the verification information to obtain processed data.

In the method provided by the embodiment of the present application, the first memory is used to store data and a program, and the second memory is used to store data of the first memory and verification information of the program. Then, in the process of data reading, the secure element SE first obtains the verification information corresponding to the first data encrypted by the second key from the second memory, and acquires the first data encrypted by the first key from the first memory. . Thereafter, the secure element performs de-secure processing on the encrypted first data to obtain the first data. Similarly, the secure component needs to perform security processing on the encrypted verification information to obtain verification information. Finally, the validity of the first data is determined according to the verification information.

The verification information includes at least one of the following information: a check sequence generated by the message authentication code MAC processing on the to-be-stored data; a count value recorded by the counter; or a random sequence generated by the random number.

Optionally, the security element SE performs de-secure processing on the first data according to the verification information, including at least one of: performing MAC processing on the first data by using the verification information; or determining, according to the verification information, a key that decrypts the first data using the first key.

In the solution security process, first the secure element SE needs to acquire the first key. Optionally, corresponding to the encryption in the process of data writing, the secure element SE may store the first key for encrypting the data to be stored in the SE during the writing process, and in the process of reading the data, The stored first key is directly extracted for decryption.

Alternatively, the secure element SE first decrypts the verification information acquired according to the second key pair. For example, the obtained verification information is obtained by decrypting the acquired verification information according to HUK2.

After the verification information is obtained, the first data can be de-MAC processed by using the verification information. Specifically, it is divided into the following three cases for detailed description. It should be understood that the SE can select a corresponding processing procedure when reading data according to a corresponding processing procedure when writing data.

Case 1:

When the verification information is that the SE processes the data to be stored according to the preset verification algorithm, the SE selects a corresponding security process to perform security processing.

Optionally, the verification algorithm may be a secure hash algorithm such as a hash algorithm SHA-256 or a message authentication code security algorithm MAC. The SE obtains the processed data according to the inverse process of the verification algorithm.

The foregoing enumerates the possible cases of the verification process. When the verification process is the process shown in FIG. 5, that is, the data to be stored and the check sequence are included in the first data, the first data is encrypted by the first key. Stored in the first memory; the check sequence is encrypted by the second key and stored in the second memory. In this case, during the decryption security process, the SE decrypts the data stored in the first memory, and acquires the first check sequence in the stored data, and simultaneously corresponds to the second memory according to the second key pair. The verification information is decrypted to obtain a second verification sequence. The validity of the data is verified by the first check sequence and the second check sequence. When the first check sequence and the second check sequence are the same, it is determined that the data is legal. It should be understood that this application includes, but is not limited to, this.

Correspondingly, when the verification process is a process as shown in FIG. 6, the data to be stored is stored in the first memory after being encrypted by the first key; the check sequence is encrypted by the second key and stored in the second memory. . In this case, in the solution security process, the SE decrypts the stored data, and obtains the first check sequence in the stored data according to the check algorithm, and simultaneously pairs the second memory according to the second key. The corresponding verification information is decrypted to obtain a second check sequence. The validity of the data is verified by the first check sequence and the second check sequence. When the first check sequence and the second check sequence are the same, it is determined that the data is legal. It should be understood that this application includes, but is not limited to, this. Case 2:

When the verification information includes the count value Count recorded by the counter. For example, the one-way counter records the count value, counting from 0, and writing data to the first memory (or Page x of the first memory) each time, and the corresponding count value is incremented by one. The SE participates in the processing of the data to be stored according to the count value, and selects a corresponding solution security processing method.

Optionally, if the SE sends the count value Count to the data plaintext before the MAC processing, and then participates in the MAC processing, correspondingly, in the process of the security processing, the reverse process of the MAC processing may be performed first. Get the count value Count in the data. And comparing the count value Count obtained in the first memory with the verification information count value Count obtained in the second memory. If the two values are consistent, it is determined that the acquired data is legal data; if the two values are inconsistent, If it is judged that the acquired data is illegal, it is determined that it is subjected to a security attack, the acquisition is invalid, and an error is reported.

Optionally, if the count value Count is not added during the MAC processing, after the MAC processing is completed, when the encryption is performed, the count value Count may participate in the process of determining the first key, and the SE uses the first key. The first data is encrypted. At this time, the SE derives the first key according to the HUK1 and the count value, and then stores the first data through the encryption process of the first key and stores it in the first memory. Alternatively, when the data to be stored needs to be stored in Page 2 in the first memory, the SE derives the first key according to the ID address and the count value of the HUK1, the Page 2, and then passes the first data through the first key. After the encryption process, it is stored in the storage area of Page 2 of the first memory.

Correspondingly, in the process of the security processing, the SE decrypts the data acquired according to the first key pair, obtains the count value Count, and then obtains the count value Count obtained in the first memory and the second memory. Verify the information count value Count for comparison. If the two values are consistent, it is judged that the acquired data is legal data; if the two values are inconsistent, it is judged that the acquired data is illegal, and it is determined that the security is attacked, the acquisition is invalid, and an error is reported.

It should be understood that the above two solutions for the secure processing process may be implemented by an application, and the two methods may be implemented together. As long as the method of writing data is guaranteed to be safely processed, the corresponding method is used to perform the security processing in the process of reading the data. It should be understood that the application includes but is not limited thereto.

Case 3:

When the verification information includes a random sequence generated by a random number Random-x-valid. For example, it may be a random sequence generated according to a preset random function.

Optionally, if the SE sends the random sequence to the data plaintext before performing the MAC processing, and then participates in the MAC processing, correspondingly, in the process of the security processing, the reverse processing of the MAC processing may be performed first. A random sequence in the data. And comparing the random sequence obtained in the first memory with the random sequence of the verification information acquired in the second memory, if the two values are consistent, determining that the acquired data is legal data; if the two values are inconsistent, determining The acquired data is illegal, and it is determined that it is subjected to a security attack, the acquisition is invalid, and an error is reported.

Optionally, if the random sequence is not added in the MAC processing process, after the MAC processing is completed, when the encryption is performed, the random sequence may participate in the process of determining the first key, and the SE uses the first key to The first data is encrypted. At this time, the SE derives the first key according to the HUK1 and the count value, and then stores the first data through the encryption process of the first key and stores it in the first memory. Alternatively, when the data to be stored needs to be stored in Page 2 in the first memory, the SE derives the first key according to the ID address and the count value of the HUK1, the Page 2, and then encrypts the first data by the first key. After processing, it is stored in the storage area of Page 2 of the first memory.

Correspondingly, in the process of performing the security process, the SE decrypts the data acquired according to the first key, acquires a random sequence, and then obtains the random sequence acquired in the first memory and the verification information acquired in the second memory. Random sequences were compared. If the two values are consistent, it is judged that the acquired data is legal data; if the two values are inconsistent, it is judged that the acquired data is illegal, and it is determined that the security is attacked, the acquisition is invalid, and an error is reported.

Alternatively, the random sequence may be directly derived as the first key of the first data in Page 2 in the first memory without derivation. Correspondingly, the SE can use the random sequence as the first key to decrypt the acquired data.

It should be understood that the above three solutions for the secure processing process may be implemented by one application, and the three methods may be implemented together. As long as the method of writing data is guaranteed to be safely processed, the corresponding method is used to perform the security processing in the process of reading the data. It should be understood that the application includes but is not limited thereto.

As a possible case, the first memory includes N regions, the second memory includes N regions, and the N regions of the first memory are in one-to-one correspondence with the N regions of the second memory, where N is a positive integer . The SE may acquire the first data from a first one of the N regions of the first memory; and the SE acquires verification information from a second region of the N regions of the second memory, wherein the first region and the first region The second area corresponds.

Optionally, each of the N regions of the second memory includes at least two sub-regions, and the size of each sub-region is greater than or equal to the size of the verification information, and the SE may be the first sub-region of the second region. The stored information is used as the verification information, and the first data is de-secured; and the information stored in the second sub-area of the second area is further used as the verification information, and the first data is de-secured. deal with. Any one of the two sub-areas can be verified by the verification information.

Specifically, as shown in FIG. 11, the verification block 2 of the second memory is divided into two sub-areas, which are an effective area and a blank area, and each area can store verification information of the data to be stored. Corresponding to the process of data writing, each process has the possibility of power failure, so the two sub-areas of the verification block 2 of the second memory may have the following three cases:

(1) The valid area has verification information, and the blank area has no verification information;

(2) Both the valid area and the blank area have verification information, and the verification information is different;

(3) There is no verification information in the effective area, and there is verification information in the blank area;

In any of the above possible situations, the verification information may be obtained, and as long as the verification data obtained by the verification information is legal, the data is determined as legal data; if the two verification information are not correct, then It is considered that a security attack is received, the storage is invalid, and an error is reported.

The reason why each verification block is divided into two areas is because it can prevent power loss when data is written, and power-down protection is performed. The specific process has been described in detail when writing data. For the sake of brevity, it will not be described here.

The method provided by the embodiment of the present application is specifically described in terms of two aspects of writing data and reading data, respectively, in conjunction with FIG. 2 to FIG. The method for writing and reading data by the data provided by the above application, on the one hand, can reduce the cost and fully utilize the large capacity of the first memory to support more than the current inSE solution using Secure Flash. More applications. On the other hand, the number of times the data is safely written in this application is not limited, and the requirements for all security service scenarios can be met. Through this solution, the inSE chip architecture can meet the requirements of CC EAL5+ certification, and is not limited by the storage capacity and the number of writes, thereby reducing the cost and improving the security level and user experience.

Those of ordinary skill in the art will appreciate that the elements and algorithm steps of the various examples described in connection with the embodiments disclosed herein can be implemented in electronic hardware or a combination of computer software and electronic hardware. Whether these functions are performed in hardware or software depends on the specific application and design constraints of the solution. A person skilled in the art can use different methods to implement the described functions for each particular application, but such implementation should not be considered to be beyond the scope of the present application.

A person skilled in the art can clearly understand that for the convenience and brevity of the description, the specific working process of the system, the device and the unit described above can refer to the corresponding process in the foregoing method embodiment, and details are not described herein again.

The functions described in the above embodiments may be stored in a computer readable storage medium if implemented in the form of a software functional unit and sold or used as a standalone product. Based on such understanding, the technical solution of the present application, which is essential or contributes to the prior art, or a part of the technical solution, may be embodied in the form of a software product, which is stored in a storage medium, including The instructions are used to cause a computer device or computing processor, such as the security element previously described, to perform all or part of the steps of the methods described in various embodiments of the present application. The foregoing storage medium includes: a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk, and the like, which can store program codes. .

The foregoing is only a specific embodiment of the present application, but the scope of protection of the present application is not limited thereto, and any person skilled in the art can easily think of changes or substitutions within the technical scope disclosed in the present application. It should be covered by the scope of protection of this application. Therefore, the scope of protection of the present application should be determined by the scope of the claims.

Claims

A system chip, characterized in that the system chip comprises a security element and a central processor, the security element being coupled to the central processor, the central processor for controlling the security element, the security element Used for:

Determining verification information, the verification information being used to verify the legality of the data to be stored;

Performing security processing on the to-be-stored data according to the verification information to obtain first data;

The first data is stored to a first memory and the verification information is stored to a second memory, wherein the first memory and the second memory are different memories than the system chip.
The system chip according to claim 1, wherein the verification information comprises at least one of the following information:

a check sequence generated by performing verification processing on the data to be stored;

The count value recorded by the counter; or

A random sequence generated by a random number.
The system chip according to claim 1 or 2, wherein the performing security processing on the to-be-stored data according to the verification information comprises at least one of the following processes:

Performing verification processing on the to-be-stored data by using the verification information; or

Determining a first key according to the verification information, and encrypting the first data by using the first key.
The system chip of claim 3, wherein the secure element is further configured to:

The verification information is encrypted according to a second key different from the first key before storing the verification information to the second memory.
The system chip according to claim 4, wherein the determining the first key according to the verification information comprises:

Determining the first key according to the verification information and the first preset sequence;

The security element is also used to:

Determining, according to the second preset sequence, the second key, where the second preset sequence is different from the first preset sequence.
The system chip according to any one of claims 1 to 5, wherein the first memory comprises N areas, the second memory comprises N areas, and N areas of the first memory are N regions of the second memory are in one-to-one correspondence, N is a positive integer, and

The storing the first data to the first memory and storing the verification information to the second memory includes:

Storing the first data to a first one of the N regions of the first memory and storing the verification information to a second region of the N regions of the second memory, wherein The first area corresponds to the second area.
The system chip according to claim 6, wherein each of the N regions of the second memory comprises at least two sub-regions, each sub-region having a size greater than or equal to a size of the verification information, The security element is further configured to perform the operations of storing the first data to the first memory and storing the verification information to the second memory in the following order:

Storing the verification information to an unoccupied sub-area in the second area;

Storing the first data to the first area;

The history verification information stored in the occupied sub-area in the second area is deleted.
The system chip according to any one of claims 1 to 7, wherein the first memory is a shared memory of the secure element and the central processor, and the second memory is the secure element Dedicated memory.
A system chip, characterized in that the system chip comprises a security element and a central processor, the security element being coupled to the central processor, the central processor for controlling the security element, the security element Used for:

Acquiring first data from the first memory;

Acquiring verification information for verifying validity of the first data from a second storage space, the first memory and the second memory being different memories outside the system chip;

Performing de-secured processing on the first data according to the verification information to obtain processed data.
The system chip according to claim 9, wherein the verification information comprises at least one of the following information:

a check sequence generated by performing verification processing on the data to be stored;

The count value recorded by the counter; or

A random sequence generated by a random number.
The system chip according to claim 9 or 10, wherein the de-securing the first data according to the verification information comprises at least one of the following:

Demyuncing the first data by using the verification information; or

Determining a first key according to the verification information, and decrypting the first data by using the first key.
The system chip according to claim 11, wherein the secure element is configured to decrypt the verification information according to a second key before acquiring the verification information from the second memory, the second key being different The first key.
The system chip according to claim 12, wherein the determining the first key according to the verification information comprises:

Determining the first key according to the verification information and the first preset sequence;

The security element is also used to:

Determining, according to the second preset sequence, the second key, where the second preset sequence is different from the first preset sequence.
The system chip according to any one of claims 9 to 13, wherein the first memory comprises N areas, the second memory comprises N areas, and N areas of the first memory N regions of the second memory are in one-to-one correspondence, N is a positive integer, and

The acquiring the first data from the first memory includes:

Acquiring the first data from a first one of the N regions of the first memory;

The obtaining the verification information from the second memory includes:

Acquiring information is acquired from a second one of the N regions of the second memory, wherein the first region corresponds to the second region.
The system chip according to claim 14, wherein each of the N regions of the second memory comprises at least two sub-regions, each sub-region having a size greater than or equal to a size of the verification information, De-securing the first data according to the verification information, including:

And using the information stored in the first sub-area of the second area as the verification information, and performing de-secure processing on the first data;

The information stored in the second sub-area of the second area is used as the verification information, and the first data is de-secured.
The system chip according to any one of claims 9 to 15, wherein the first memory is a shared memory of the secure element and the central processor, and the second memory is the secure element Corresponding dedicated memory.
A method of processing data, characterized by being applied to a system chip including a secure element and a central processor, the secure element being coupled to the central processor, the central processor for controlling the secure element, The security element performs the method, the method comprising:

Determining verification information, the verification information being used to verify the legality of the data to be stored;

Performing security processing on the to-be-stored data according to the verification information to obtain first data;

The first data is stored to a first memory and the verification information is stored to a second memory, wherein the first memory and the second memory are different memories than the system chip.
The method of claim 17, wherein the verification information comprises at least one of the following information:

a check sequence generated by performing verification processing on the data to be stored;

The count value recorded by the counter; or

A random sequence generated by a random number.
The method according to claim 17 or 18, wherein the performing security processing on the to-be-stored data according to the verification information comprises at least one of the following processes:

Performing verification processing on the to-be-stored data by using the verification information; or

Determining a first key according to the verification information, and encrypting the first data by using the first key.
The method of claim 19, wherein the method further comprises:

The verification information is encrypted according to a second key different from the first key before storing the verification information to the second memory.
The method according to claim 20, wherein the determining the first key according to the verification information comprises:

Determining the first key according to the verification information and the first preset sequence;

The method further includes:

Determining, according to the second preset sequence, the second key, where the second preset sequence is different from the first preset sequence.
The method according to any one of claims 17 to 21, wherein the first memory comprises N regions, the second memory comprises N regions, and N regions of the first memory One-to-one correspondence of N regions of the second memory, N being a positive integer, and

The storing the first data to the first memory and storing the verification information to the second memory includes:

Storing the first data to a first one of the N regions of the first memory and storing the verification information to a second region of the N regions of the second memory, wherein The first area corresponds to the second area.
The method according to claim 22, wherein each of the N regions of the second memory comprises at least two sub-regions, each sub-region having a size greater than or equal to a size of the verification information, The method also includes performing the operations of storing the first data to the first memory and storing the verification information to the second memory in the following order:

Storing the verification information to an unoccupied sub-area in the second area;

Storing the first data to the first area;

The history verification information stored in the occupied sub-area in the second area is deleted.
The method according to any one of claims 17 to 23, wherein the first memory is a shared memory of the secure element and the central processor, and the second memory is the secure element Dedicated memory.
A method of processing data, characterized by being applied to a system chip including a secure element and a central processor, the secure element being coupled to the central processor, the central processor for controlling the secure element, The security element performs the method, the method comprising:

Acquiring first data from the first memory;

Acquiring verification information for verifying validity of the first data from a second memory, the first memory and the second memory being different memories outside the system chip;

Performing de-secured processing on the first data according to the verification information to obtain processed data.
The method of claim 25, wherein the verification information comprises at least one of the following information:

a check sequence generated by performing verification processing on the data to be stored;

The count value recorded by the counter; or

A random sequence generated by a random number.
The method according to claim 25 or 26, wherein the de-securing the first data according to the verification information comprises at least one of the following:

Demyuncing the first data by using the verification information; or

Determining a first key according to the verification information, and decrypting the first data by using the first key.
The method according to claim 27, wherein the method further comprises: before acquiring the verification information from the second memory, the method further comprises:

The verification information is decrypted according to a second key, the second key being different from the first key.
The method according to claim 28, wherein the determining the first key according to the verification information comprises:

Determining the first key according to the verification information and the first preset sequence;

The method further includes:

Determining, according to the second preset sequence, the second key, where the second preset sequence is different from the first preset sequence.
The method according to any one of claims 25 to 29, wherein the first memory comprises N areas, the second memory comprises N areas, and N areas of the first memory One-to-one correspondence of N regions of the second memory, N being a positive integer, and

The acquiring the first data from the first memory includes:

Acquiring the first data from a first one of the N regions of the first memory;

The obtaining the verification information from the second memory includes:

Acquiring information is acquired from a second one of the N regions of the second memory, wherein the first region corresponds to the second region.
The method according to claim 30, wherein each of the N regions of the second memory comprises at least two sub-regions, each sub-region having a size greater than or equal to a size of the verification information, De-securing the first data according to the verification information, including:

And using the information stored in the first sub-area of the second area as the verification information, and performing de-secure processing on the first data;

The information stored in the second sub-area of the second area is used as the verification information, and the first data is de-secured.
The method according to any one of claims 25 to 31, wherein the first memory is a shared memory of the secure element and the central processor, and the second memory is a corresponding one of the secure elements Dedicated memory.
A communication device, comprising: the system chip according to any one of claims 1 to 16, a first memory, and a second memory.
A computer readable storage medium, for storing computer instructions, when said computer instructions are executed, causing said computing device or security element to perform the method of any one of claims 17 to 32 .