WO2020010642A1 - Secure encryption chip and electronic device comprising same - Google Patents
Secure encryption chip and electronic device comprising same Download PDFInfo
- Publication number
- WO2020010642A1 WO2020010642A1 PCT/CN2018/095977 CN2018095977W WO2020010642A1 WO 2020010642 A1 WO2020010642 A1 WO 2020010642A1 CN 2018095977 W CN2018095977 W CN 2018095977W WO 2020010642 A1 WO2020010642 A1 WO 2020010642A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- encryption
- memory
- interface
- electrically connected
- key
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/72—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
Definitions
- the present application relates to the field of integrated circuits, and in particular, to a security encryption chip and an electronic device containing the chip.
- the main purpose of this application is to provide a secure encryption chip and an electronic device containing the chip, in order to solve the problem of insecure user data caused by irrational design of electronic components in the related technology.
- a security encryption chip is provided.
- the security encryption chip includes: an encryption unit for generating a key according to a preset encryption algorithm, a memory for storing the key, and a bus interface for data interaction.
- the encryption unit is electrically connected to the memory.
- the memory is electrically connected to the bus interface.
- bus interface is a CAN bus interface.
- the encryption unit generates the key based on a symmetric encryption algorithm and an asymmetric encryption algorithm.
- the principle of the symmetric encryption algorithm uses any one or more of DES, 3DES, and AES.
- FSMC interface for performing static storage
- the FSMC interface is electrically connected to the memory.
- the memory is any one or more of SRAM, ROM, RAM, DRAM, and FLASH.
- an ADC data acquisition interface is further included, and the ADC data acquisition interface is electrically connected to the bus interface.
- a GPIO interface is further included, and the GPIO interface is electrically connected to the bus interface.
- JTAG interface for internal testing of the chip, and the JTAG interface is electrically connected to the encryption unit.
- an electronic device is provided.
- the electronic device includes: the security encryption chip, a local data transmission module, and a local data storage module.
- the bus interface is electrically connected to the local data transmission module.
- the local data transmission module is in communication with the local data transmission module.
- the local data storage module is electrically connected, the security encryption chip receives the to-be-encrypted data sent by the local data transmission module to perform an encryption operation, and saves the encrypted encrypted data to the local data storage module.
- a method of setting an encryption unit in a chip is adopted, and the purpose of enhancing data security is achieved by setting a memory to store a key generated by the encryption unit, thereby solving the related technical problems due to the design of electronic components.
- Reasonably insecure user data is adopted.
- FIG. 1 is a schematic structural diagram of an encryption chip according to the present application.
- installation should be interpreted in a broad sense.
- it can be a fixed connection, a detachable connection, or a monolithic structure; it can be a mechanical connection or an electrical connection; it can be directly connected or indirectly connected through an intermediate medium, or it can be two devices, components, or components. Internal connectivity.
- the specific meanings of the above terms in the present invention can be understood according to specific situations.
- the present application relates to a secure encryption chip.
- the device includes an encryption unit for generating a key according to a preset encryption algorithm, a memory for storing the key, and a bus interface for data interaction.
- the encryption unit is electrically connected to the memory, and the memory is connected to the memory.
- the bus interface is electrically connected.
- the security encryption chip of the present application is a local data processing chip that can be used independently, and is not connected to the external Internet and does not perform data interaction with the external Internet, thereby ensuring the absolute security of local data.
- the encryption unit according to the present invention generates a key locally / offline based on the blockchain encryption technology and stores the key to the local / offline local data storage module, thereby preventing hacking and preventing Technical effects of data loss and tampering.
- the key is a private key and a public key.
- the key described in the present invention may also be a private key; among them, a Bitcoin wallet contains a series of key pairs, and each key pair includes a private key and a public key.
- the private key is a number, which is usually randomly selected.
- With the public key we can use a one-way cryptographic hash. The function generates a Bitcoin address.
- the first and most important step in generating a key is to find a sufficiently secure source of entropy, that is, a source of randomness.
- Generating a Bitcoin private key is essentially the same as "choosing a number between 1 and 2 ⁇ 256". As long as the results selected are unpredictable or non-repeatable, the specific method of selecting numbers is not important.
- Bitcoin software uses a random number generator underlying the operating system to generate 256-bit entropy (randomness).
- To generate such a private key we randomly select a 256-bit number and check if it is less than n-1. From a programming point of view, it is generally to take a long string of random bytes from a cryptographically secure random source and use the SHA256 hash algorithm to operate it, so that a 256-bit number can be easily generated. If the result of the operation is less than n-1, we have a suitable private key. Otherwise, we
- the elliptic curve encryption method is an asymmetric (or public key) encryption method based on the discrete logarithm problem.
- the Bitcoin address is a string of numbers and letters that can be shared with anyone who wants to give you Bitcoin. In transactions, the Bitcoin address usually appears as the payee. If a Bitcoin transaction is compared to a check, the Bitcoin address is the payee, and the Bitcoin address can be obtained from the public key through a one-way cryptographic hash algorithm.
- the hash algorithm is a one-way function that receives an input of any length to generate a fingerprint digest.
- Cryptographic hash functions are widely used in Bitcoin: Bitcoin addresses, script addresses, and proof-of-work algorithms in mining.
- the algorithm used to generate a Bitcoin address from a public key is Secure Hash Algorithm (SHA) and the RACE Integration Primitives Evaluation Message Digest (RIPEMD), especially SHA256 and RIPEMD160.
- SHA Secure Hash Algorithm
- RIPEMD Evaluation Message Digest
- the Bitcoin address that users see is encoded by "Base58Check" Yes, this encoding uses 58 characters (a Base58 number system) and a check code to improve readability, avoid ambiguity, and effectively prevent errors in address transcription and input.
- the private key must be kept secret.
- BIP0038 proposes a common standard. A password is used to encrypt the private key and Base58Check is used to encode the encrypted private key. In this way, the encrypted private key can be safely stored in the backup medium Transfer between wallets, keeping the security of the key in any possible exposure.
- This encryption standard uses AES, a standard established by NIST and widely used for data encryption in commercial and military applications.
- the bus interface is a CAN bus interface.
- CAN is the abbreviation of Controller Area Network (hereinafter referred to as CAN) and is a serial communication protocol standardized by ISO International.
- ISO International Controller Area Network
- the encryption unit generates the key based on a symmetric encryption algorithm and an asymmetric encryption algorithm, and the principle of the symmetric encryption algorithm uses any one or more of DES, 3DES, and AES.
- the DES algorithm changes a 64-bit plaintext input block into a ciphertext output block with a data length of 64 bits, of which 8 bits are parity bits and the other 56 bits are the length of the password.
- DES reassembles the input 64-bit data block bit by bit, and divides the output into two parts, L0 and R0, each of which is 32 bits in length. After 16 iterative operations according to this rule, L16 and R16 are obtained, and this is used as an input to perform inverse permutation opposite to the initial permutation to obtain the ciphertext output.
- the DES algorithm has extremely high security. So far, Except for using the exhaustive search method to attack the DES algorithm, no more effective method has been found. The exhaustive space of a 56-bit long key is 2 ⁇ 56, which means that if a computer's speed is detected per second, 1 million keys, it will take almost 2285 years to search all the keys, so the DES algorithm is a very reliable encryption method.
- the 3DES is also called Triple DES, which is a mode of the DES encryption algorithm. It uses three 56-bit keys to encrypt 3DES data three times.
- the Data Encryption Standard (DES) is a long-established encryption standard in the United States. It uses a symmetric key encryption method and was standardized by the ANSI organization as ANSI X.3.92 in 1981.
- DES uses a 56-bit key and cipher block method. In the cipher block method, the text is divided into 64-bit-sized text blocks and then encrypted. 3DES is more secure than the original DES.
- the AES Advanced Encryption Standard (English: Advanced Encryption Standard, abbreviation: AES), also called Rijndael encryption method in cryptography, is a block encryption standard adopted by the US federal government. This standard is used to replace the original DES, which has been analyzed by many parties and widely used throughout the world. After a five-year selection process, the Advanced Encryption Standard was published by the National Institute of Standards and Technology (NIST) on FIPS PUB 197 on November 26, 2001, and became a valid standard on May 26, 2002. In 2006, the Advanced Encryption Standard has become one of the most popular algorithms in symmetric key encryption; unlike its predecessor, DES, Rijndael uses a substitution-permutation network instead of the Feistel architecture. AES can be quickly encrypted and decrypted in both software and hardware. It is relatively easy to implement and requires very little memory. As a new encryption standard, it is being deployed to a wider range.
- AES Advanced Encryption Standard
- the encryption unit adopts an asymmetric encryption algorithm for encryption, and adopts an asymmetric encryption algorithm.
- the strength of the algorithm is complex, and the security depends on the algorithm and the key.
- the encryption and decryption speed does not have the speed of the symmetric encryption and decryption. fast.
- There is only one kind of key in a symmetric cryptosystem and it is not public. If you want to decrypt it, you must let the other party know the key. Therefore, to ensure its security is to ensure the security of the key.
- There are two types of keys in the asymmetric key system one of which is public, so that it is not necessary to transfer the other party's key like a symmetric password, which greatly improves data security. Sex.
- the encryption unit may also use other encryption algorithms to generate a key.
- an FSMC interface for static storage is further included, and the FSMC interface is electrically connected to the memory.
- FSMC Flexible Static Memory Controller
- STM32 series a new type of memory expansion technology adopted by the STM32 series. It has unique advantages in terms of external memory expansion. It can easily expand different types of large-capacity static memories according to the application needs of the system.
- the memory is any one or more of SRAM, ROM, RAM, DRAM, and FLASH.
- Static Random Access Memory is a type of random access memory.
- static means that as long as the memory is kept powered, the data stored in it can be constantly maintained.
- DRAM dynamic random access memory
- DRAM dynamic random access memory
- ROM is an abbreviation of ROM image (read-only memory mirroring), which is often used in the circle of mobile phone customization system players.
- the ROM in the smart phone configuration refers to EEProm (electrically erasable and writable read-only memory), which is similar to the hard disk of a computer.
- the process of flashing a mobile phone is to write the read-only memory image (ROM image) into the read-only memory (ROM). )the process of.
- the ROM of a smart phone refers to its storage space, which is generally made of flash memory such as UFS. Its hardware is not read-only.
- the so-called read-only refers to the software layer's read and write permission settings for the system partition.
- random access memory is also called “random memory”, which is an internal memory that directly exchanges data with the CPU, also called main memory (memory). It can be read and written at any time, and it is very fast. It is usually used as a temporary data storage medium for the operating system or other running programs.
- DRAM Dynamic Random Access Memory
- DRAM Dynamic Random Access Memory
- capacitor storage In order to maintain data, DRAM uses capacitor storage, so it must be refreshed once in a while. If the memory cell is not refreshed, the stored information will be lost (data will be lost when the power is turned off).
- the English name of the FLASH flash memory is “Flash”, generally referred to as “Flash”, which belongs to a type of memory device and is a non-volatile (Non-Volatile) memory.
- an ADC data acquisition interface is further included, and the ADC data acquisition interface is electrically connected to the bus interface.
- ADC an abbreviation of Analog-to-Digital Converter
- a device that converts a continuously changing analog signal into a discrete digital signal.
- Real-world analog signals such as temperature, pressure, sound, or images, need to be converted into digital forms that are easier to store, process, and emit.
- the A / D converter can achieve this function, and it can be found in various products.
- a GPIO interface is further included, and the GPIO interface is electrically connected to the bus interface.
- General Input / Output is called GPIO or bus expander for short.
- People use industry standard I2C, SMBus or SPI interface to simplify the expansion of I / O port.
- GPIO products can provide additional control and monitoring functions.
- a JTAG interface for chip internal testing is further included, and the JTAG interface is electrically connected to the encryption unit.
- JTAG Joint Test Action Group
- IEEE 1149.1 compatible International Standard test protocol
- the standard JTAG interface is 4 lines: TMS, TCK, TDI, TDO, which are the mode selection, clock, data input and data output lines.
- an electronic device is provided.
- the electronic device includes: the security encryption chip, a local data transmission module, and a local data storage module.
- the bus interface is electrically connected to the local data transmission module.
- the local data transmission module is in communication with the local data transmission module.
- the local data storage module is electrically connected, the security encryption chip receives the to-be-encrypted data sent by the local data transmission module to perform an encryption operation, and saves the encrypted encrypted data to the local data storage module.
- a method of setting an encryption unit in a chip is adopted, and the purpose of enhancing data security is achieved by setting a memory to store a key generated by the encryption unit, thereby solving the related technical problems due to the design of electronic components.
- Reasonably insecure user data is adopted.
- a method of setting an encryption unit in a chip is adopted, and the purpose of enhancing data security is achieved by setting a memory to store a key generated by the encryption unit, thereby solving the related technical problems due to the design of electronic components.
- Reasonably insecure user data is adopted.
Abstract
Description
Claims (10)
- 一种安全加密芯片,其特征在于,包括:用于按照预设加密算法生成密钥的加密单元、对所述密钥进行保存的存储器以及用于数据交互的总线接口,所述加密单元与所述存储器电性连接,所述存储器与所述总线接口电性连接。A security encryption chip, comprising: an encryption unit for generating a key according to a preset encryption algorithm; a memory for storing the key; and a bus interface for data interaction. The memory is electrically connected, and the memory is electrically connected to the bus interface.
- 根据权利要求1所述的安全加密芯片,其特征在于,所述总线接口为CAN总线接口。The security encryption chip according to claim 1, wherein the bus interface is a CAN bus interface.
- 根据权利要求1所述的安全加密芯片,其特征在于,所述加密单元基于对称加密算法和非对称加密算法生成所述密钥。The security encryption chip according to claim 1, wherein the encryption unit generates the key based on a symmetric encryption algorithm and an asymmetric encryption algorithm.
- 根据权利要求3所述的安全加密芯片,其特征在于,所述对称加密算法原理采用DES、3DES和AES中的任意一种或多种。The security encryption chip according to claim 3, wherein the principle of the symmetric encryption algorithm uses any one or more of DES, 3DES, and AES.
- 根据权利要求1所述的安全加密芯片,其特征在于,还包括用于进行静态存储的FSMC接口,所述FSMC接口与所述存储器电性连接。The security encryption chip according to claim 1, further comprising an FSMC interface for performing static storage, wherein the FSMC interface is electrically connected to the memory.
- 根据权利要求1所述的安全加密芯片,其特征在于,所述存储器为SRAM、ROM、RAM、DRAM以及FLASH中的任意一种或多种。The security encryption chip according to claim 1, wherein the memory is any one or more of SRAM, ROM, RAM, DRAM, and FLASH.
- 根据权利要求1所述的安全加密芯片,其特征在于,还包括ADC数据采集接口,所述ADC数据采集接口与所述总线接口电性连接。The security encryption chip according to claim 1, further comprising an ADC data acquisition interface, wherein the ADC data acquisition interface is electrically connected to the bus interface.
- 根据权利要求1所述的安全加密芯片,其特征在于,还包括GPIO接口,所述GPIO接口与所述总线接口电性连接。The security encryption chip according to claim 1, further comprising a GPIO interface, wherein the GPIO interface is electrically connected to the bus interface.
- 根据权利要求1所述的安全加密芯片,其特征在于,还包括用于芯片内部测试的JTAG接口,所述JTAG接口与所述加密单元电性连接。The security encryption chip according to claim 1, further comprising a JTAG interface for internal testing of the chip, wherein the JTAG interface is electrically connected to the encryption unit.
- 一种电子设备,其特征在于,包含有上述权利要求1至权利要求9所述的安全加密芯片、本地数据传输模块以及本地数据存储模块,所述总线接口与所述本地数据传输模块电性连接,所述本地数据传输模块与所述本地数据存储模块电性连接,所述安全加密芯片接收所述本地数据传输模块发送来的待加密数据执行加密操作,并将加密后的加密数据保存到所述本地数据存储模块中。An electronic device, comprising the security encryption chip, the local data transmission module, and the local data storage module according to the preceding claims 1 to 9, and the bus interface is electrically connected to the local data transmission module. The local data transmission module is electrically connected to the local data storage module, the security encryption chip receives the data to be encrypted sent by the local data transmission module to perform an encryption operation, and saves the encrypted data after encryption Described in the local data storage module.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810750863.9 | 2018-07-10 | ||
CN201810750863.9A CN109145613A (en) | 2018-07-10 | 2018-07-10 | Security encryption chip and electronic equipment containing the chip |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2020010642A1 true WO2020010642A1 (en) | 2020-01-16 |
Family
ID=64800223
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2018/095977 WO2020010642A1 (en) | 2018-07-10 | 2018-07-17 | Secure encryption chip and electronic device comprising same |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN109145613A (en) |
WO (1) | WO2020010642A1 (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113127888A (en) * | 2019-12-30 | 2021-07-16 | 广东博智林机器人有限公司 | Security chip, terminal and method for generating symmetric key |
CN114002587B (en) * | 2021-12-30 | 2022-03-18 | 中科声龙科技发展(北京)有限公司 | Chip supporting workload proving mechanism and testing method thereof |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103150524A (en) * | 2013-01-30 | 2013-06-12 | 华中科技大学 | Safe memory chip, system and authentication method of safe memory chip |
CN104202161A (en) * | 2014-08-06 | 2014-12-10 | 广东电网公司电力科学研究院 | An SoC cryptographic chip |
CN104391813A (en) * | 2014-10-23 | 2015-03-04 | 山东维固信息科技股份有限公司 | SOC (system-on-chip) chip for embedded data security system |
CN206712806U (en) * | 2017-04-26 | 2017-12-05 | 美的智慧家居科技有限公司 | Key chip system and internet of things equipment |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101281496A (en) * | 2007-04-02 | 2008-10-08 | 北京华旗资讯数码科技有限公司 | Ciphering type mobile storage apparatus |
CN201054140Y (en) * | 2007-04-27 | 2008-04-30 | 北京华大恒泰科技有限责任公司 | Information security control chip |
CN106301774B (en) * | 2015-05-29 | 2019-08-06 | 辰芯科技有限公司 | Safety chip, its encryption key generation method and encryption method |
CN105631366A (en) * | 2015-10-13 | 2016-06-01 | 上海磁宇信息科技有限公司 | Encryption chip and encryption method therefor |
-
2018
- 2018-07-10 CN CN201810750863.9A patent/CN109145613A/en active Pending
- 2018-07-17 WO PCT/CN2018/095977 patent/WO2020010642A1/en active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103150524A (en) * | 2013-01-30 | 2013-06-12 | 华中科技大学 | Safe memory chip, system and authentication method of safe memory chip |
CN104202161A (en) * | 2014-08-06 | 2014-12-10 | 广东电网公司电力科学研究院 | An SoC cryptographic chip |
CN104391813A (en) * | 2014-10-23 | 2015-03-04 | 山东维固信息科技股份有限公司 | SOC (system-on-chip) chip for embedded data security system |
CN206712806U (en) * | 2017-04-26 | 2017-12-05 | 美的智慧家居科技有限公司 | Key chip system and internet of things equipment |
Also Published As
Publication number | Publication date |
---|---|
CN109145613A (en) | 2019-01-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20230224148A1 (en) | System and method for quantum-safe authentication, encryption and decryption of information | |
US11811923B2 (en) | Single node multi-party encryption | |
US10313128B2 (en) | Address-dependent key generator by XOR tree | |
JP6144992B2 (en) | Searchable cryptographic processing system and method | |
JP5306465B2 (en) | Pre-calculation of message authentication code applied to secure memory | |
TW201826162A (en) | Method and system for generation of cipher round keys by bit-mixers | |
CN105760764B (en) | Encryption and decryption method and device for embedded storage device file and terminal | |
TW201812638A (en) | Storage design method of blockchain encrypted radio frequency chip | |
US10146701B2 (en) | Address-dependent key generation with a substitution-permutation network | |
US11308241B2 (en) | Security data generation based upon software unreadable registers | |
JPH10511778A (en) | Method of executing a communication protocol between two processing devices using a secret key | |
US20110314301A1 (en) | Systems and methods for hardware key encryption | |
US7841014B2 (en) | Confidential information processing method, confidential information processor, and content data playback system | |
US9729319B2 (en) | Key management for on-the-fly hardware decryption within integrated circuits | |
US9602281B2 (en) | Parallelizable cipher construction | |
US9928385B2 (en) | Periodic memory refresh in a secure computing system | |
WO2020010642A1 (en) | Secure encryption chip and electronic device comprising same | |
US9946662B2 (en) | Double-mix Feistel network for key generation or encryption | |
TWI665901B (en) | Encryption method and decryption method | |
CN115296808B (en) | Key replacing method, device, computer equipment and storage medium | |
Budzik et al. | Encryption-based Security in Wearable Devices | |
CN114996735A (en) | Data encryption method and device, storage medium and terminal | |
Garay et al. | E cient Techniques for Securing O-Chip Memory |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 18926050 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 18926050 Country of ref document: EP Kind code of ref document: A1 |
|
32PN | Ep: public notification in the ep bulletin as address of the adressee cannot be established |
Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 02/02/2022) |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 18926050 Country of ref document: EP Kind code of ref document: A1 |