WO2020010642A1 - Secure encryption chip and electronic device comprising same - Google Patents

Secure encryption chip and electronic device comprising same Download PDF

Info

Publication number
WO2020010642A1
WO2020010642A1 PCT/CN2018/095977 CN2018095977W WO2020010642A1 WO 2020010642 A1 WO2020010642 A1 WO 2020010642A1 CN 2018095977 W CN2018095977 W CN 2018095977W WO 2020010642 A1 WO2020010642 A1 WO 2020010642A1
Authority
WO
WIPO (PCT)
Prior art keywords
encryption
memory
interface
electrically connected
key
Prior art date
Application number
PCT/CN2018/095977
Other languages
French (fr)
Chinese (zh)
Inventor
杨俊佳
杨俊诚
Original Assignee
杨俊佳
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 杨俊佳 filed Critical 杨俊佳
Publication of WO2020010642A1 publication Critical patent/WO2020010642A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/72Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits

Definitions

  • the present application relates to the field of integrated circuits, and in particular, to a security encryption chip and an electronic device containing the chip.
  • the main purpose of this application is to provide a secure encryption chip and an electronic device containing the chip, in order to solve the problem of insecure user data caused by irrational design of electronic components in the related technology.
  • a security encryption chip is provided.
  • the security encryption chip includes: an encryption unit for generating a key according to a preset encryption algorithm, a memory for storing the key, and a bus interface for data interaction.
  • the encryption unit is electrically connected to the memory.
  • the memory is electrically connected to the bus interface.
  • bus interface is a CAN bus interface.
  • the encryption unit generates the key based on a symmetric encryption algorithm and an asymmetric encryption algorithm.
  • the principle of the symmetric encryption algorithm uses any one or more of DES, 3DES, and AES.
  • FSMC interface for performing static storage
  • the FSMC interface is electrically connected to the memory.
  • the memory is any one or more of SRAM, ROM, RAM, DRAM, and FLASH.
  • an ADC data acquisition interface is further included, and the ADC data acquisition interface is electrically connected to the bus interface.
  • a GPIO interface is further included, and the GPIO interface is electrically connected to the bus interface.
  • JTAG interface for internal testing of the chip, and the JTAG interface is electrically connected to the encryption unit.
  • an electronic device is provided.
  • the electronic device includes: the security encryption chip, a local data transmission module, and a local data storage module.
  • the bus interface is electrically connected to the local data transmission module.
  • the local data transmission module is in communication with the local data transmission module.
  • the local data storage module is electrically connected, the security encryption chip receives the to-be-encrypted data sent by the local data transmission module to perform an encryption operation, and saves the encrypted encrypted data to the local data storage module.
  • a method of setting an encryption unit in a chip is adopted, and the purpose of enhancing data security is achieved by setting a memory to store a key generated by the encryption unit, thereby solving the related technical problems due to the design of electronic components.
  • Reasonably insecure user data is adopted.
  • FIG. 1 is a schematic structural diagram of an encryption chip according to the present application.
  • installation should be interpreted in a broad sense.
  • it can be a fixed connection, a detachable connection, or a monolithic structure; it can be a mechanical connection or an electrical connection; it can be directly connected or indirectly connected through an intermediate medium, or it can be two devices, components, or components. Internal connectivity.
  • the specific meanings of the above terms in the present invention can be understood according to specific situations.
  • the present application relates to a secure encryption chip.
  • the device includes an encryption unit for generating a key according to a preset encryption algorithm, a memory for storing the key, and a bus interface for data interaction.
  • the encryption unit is electrically connected to the memory, and the memory is connected to the memory.
  • the bus interface is electrically connected.
  • the security encryption chip of the present application is a local data processing chip that can be used independently, and is not connected to the external Internet and does not perform data interaction with the external Internet, thereby ensuring the absolute security of local data.
  • the encryption unit according to the present invention generates a key locally / offline based on the blockchain encryption technology and stores the key to the local / offline local data storage module, thereby preventing hacking and preventing Technical effects of data loss and tampering.
  • the key is a private key and a public key.
  • the key described in the present invention may also be a private key; among them, a Bitcoin wallet contains a series of key pairs, and each key pair includes a private key and a public key.
  • the private key is a number, which is usually randomly selected.
  • With the public key we can use a one-way cryptographic hash. The function generates a Bitcoin address.
  • the first and most important step in generating a key is to find a sufficiently secure source of entropy, that is, a source of randomness.
  • Generating a Bitcoin private key is essentially the same as "choosing a number between 1 and 2 ⁇ 256". As long as the results selected are unpredictable or non-repeatable, the specific method of selecting numbers is not important.
  • Bitcoin software uses a random number generator underlying the operating system to generate 256-bit entropy (randomness).
  • To generate such a private key we randomly select a 256-bit number and check if it is less than n-1. From a programming point of view, it is generally to take a long string of random bytes from a cryptographically secure random source and use the SHA256 hash algorithm to operate it, so that a 256-bit number can be easily generated. If the result of the operation is less than n-1, we have a suitable private key. Otherwise, we
  • the elliptic curve encryption method is an asymmetric (or public key) encryption method based on the discrete logarithm problem.
  • the Bitcoin address is a string of numbers and letters that can be shared with anyone who wants to give you Bitcoin. In transactions, the Bitcoin address usually appears as the payee. If a Bitcoin transaction is compared to a check, the Bitcoin address is the payee, and the Bitcoin address can be obtained from the public key through a one-way cryptographic hash algorithm.
  • the hash algorithm is a one-way function that receives an input of any length to generate a fingerprint digest.
  • Cryptographic hash functions are widely used in Bitcoin: Bitcoin addresses, script addresses, and proof-of-work algorithms in mining.
  • the algorithm used to generate a Bitcoin address from a public key is Secure Hash Algorithm (SHA) and the RACE Integration Primitives Evaluation Message Digest (RIPEMD), especially SHA256 and RIPEMD160.
  • SHA Secure Hash Algorithm
  • RIPEMD Evaluation Message Digest
  • the Bitcoin address that users see is encoded by "Base58Check" Yes, this encoding uses 58 characters (a Base58 number system) and a check code to improve readability, avoid ambiguity, and effectively prevent errors in address transcription and input.
  • the private key must be kept secret.
  • BIP0038 proposes a common standard. A password is used to encrypt the private key and Base58Check is used to encode the encrypted private key. In this way, the encrypted private key can be safely stored in the backup medium Transfer between wallets, keeping the security of the key in any possible exposure.
  • This encryption standard uses AES, a standard established by NIST and widely used for data encryption in commercial and military applications.
  • the bus interface is a CAN bus interface.
  • CAN is the abbreviation of Controller Area Network (hereinafter referred to as CAN) and is a serial communication protocol standardized by ISO International.
  • ISO International Controller Area Network
  • the encryption unit generates the key based on a symmetric encryption algorithm and an asymmetric encryption algorithm, and the principle of the symmetric encryption algorithm uses any one or more of DES, 3DES, and AES.
  • the DES algorithm changes a 64-bit plaintext input block into a ciphertext output block with a data length of 64 bits, of which 8 bits are parity bits and the other 56 bits are the length of the password.
  • DES reassembles the input 64-bit data block bit by bit, and divides the output into two parts, L0 and R0, each of which is 32 bits in length. After 16 iterative operations according to this rule, L16 and R16 are obtained, and this is used as an input to perform inverse permutation opposite to the initial permutation to obtain the ciphertext output.
  • the DES algorithm has extremely high security. So far, Except for using the exhaustive search method to attack the DES algorithm, no more effective method has been found. The exhaustive space of a 56-bit long key is 2 ⁇ 56, which means that if a computer's speed is detected per second, 1 million keys, it will take almost 2285 years to search all the keys, so the DES algorithm is a very reliable encryption method.
  • the 3DES is also called Triple DES, which is a mode of the DES encryption algorithm. It uses three 56-bit keys to encrypt 3DES data three times.
  • the Data Encryption Standard (DES) is a long-established encryption standard in the United States. It uses a symmetric key encryption method and was standardized by the ANSI organization as ANSI X.3.92 in 1981.
  • DES uses a 56-bit key and cipher block method. In the cipher block method, the text is divided into 64-bit-sized text blocks and then encrypted. 3DES is more secure than the original DES.
  • the AES Advanced Encryption Standard (English: Advanced Encryption Standard, abbreviation: AES), also called Rijndael encryption method in cryptography, is a block encryption standard adopted by the US federal government. This standard is used to replace the original DES, which has been analyzed by many parties and widely used throughout the world. After a five-year selection process, the Advanced Encryption Standard was published by the National Institute of Standards and Technology (NIST) on FIPS PUB 197 on November 26, 2001, and became a valid standard on May 26, 2002. In 2006, the Advanced Encryption Standard has become one of the most popular algorithms in symmetric key encryption; unlike its predecessor, DES, Rijndael uses a substitution-permutation network instead of the Feistel architecture. AES can be quickly encrypted and decrypted in both software and hardware. It is relatively easy to implement and requires very little memory. As a new encryption standard, it is being deployed to a wider range.
  • AES Advanced Encryption Standard
  • the encryption unit adopts an asymmetric encryption algorithm for encryption, and adopts an asymmetric encryption algorithm.
  • the strength of the algorithm is complex, and the security depends on the algorithm and the key.
  • the encryption and decryption speed does not have the speed of the symmetric encryption and decryption. fast.
  • There is only one kind of key in a symmetric cryptosystem and it is not public. If you want to decrypt it, you must let the other party know the key. Therefore, to ensure its security is to ensure the security of the key.
  • There are two types of keys in the asymmetric key system one of which is public, so that it is not necessary to transfer the other party's key like a symmetric password, which greatly improves data security. Sex.
  • the encryption unit may also use other encryption algorithms to generate a key.
  • an FSMC interface for static storage is further included, and the FSMC interface is electrically connected to the memory.
  • FSMC Flexible Static Memory Controller
  • STM32 series a new type of memory expansion technology adopted by the STM32 series. It has unique advantages in terms of external memory expansion. It can easily expand different types of large-capacity static memories according to the application needs of the system.
  • the memory is any one or more of SRAM, ROM, RAM, DRAM, and FLASH.
  • Static Random Access Memory is a type of random access memory.
  • static means that as long as the memory is kept powered, the data stored in it can be constantly maintained.
  • DRAM dynamic random access memory
  • DRAM dynamic random access memory
  • ROM is an abbreviation of ROM image (read-only memory mirroring), which is often used in the circle of mobile phone customization system players.
  • the ROM in the smart phone configuration refers to EEProm (electrically erasable and writable read-only memory), which is similar to the hard disk of a computer.
  • the process of flashing a mobile phone is to write the read-only memory image (ROM image) into the read-only memory (ROM). )the process of.
  • the ROM of a smart phone refers to its storage space, which is generally made of flash memory such as UFS. Its hardware is not read-only.
  • the so-called read-only refers to the software layer's read and write permission settings for the system partition.
  • random access memory is also called “random memory”, which is an internal memory that directly exchanges data with the CPU, also called main memory (memory). It can be read and written at any time, and it is very fast. It is usually used as a temporary data storage medium for the operating system or other running programs.
  • DRAM Dynamic Random Access Memory
  • DRAM Dynamic Random Access Memory
  • capacitor storage In order to maintain data, DRAM uses capacitor storage, so it must be refreshed once in a while. If the memory cell is not refreshed, the stored information will be lost (data will be lost when the power is turned off).
  • the English name of the FLASH flash memory is “Flash”, generally referred to as “Flash”, which belongs to a type of memory device and is a non-volatile (Non-Volatile) memory.
  • an ADC data acquisition interface is further included, and the ADC data acquisition interface is electrically connected to the bus interface.
  • ADC an abbreviation of Analog-to-Digital Converter
  • a device that converts a continuously changing analog signal into a discrete digital signal.
  • Real-world analog signals such as temperature, pressure, sound, or images, need to be converted into digital forms that are easier to store, process, and emit.
  • the A / D converter can achieve this function, and it can be found in various products.
  • a GPIO interface is further included, and the GPIO interface is electrically connected to the bus interface.
  • General Input / Output is called GPIO or bus expander for short.
  • People use industry standard I2C, SMBus or SPI interface to simplify the expansion of I / O port.
  • GPIO products can provide additional control and monitoring functions.
  • a JTAG interface for chip internal testing is further included, and the JTAG interface is electrically connected to the encryption unit.
  • JTAG Joint Test Action Group
  • IEEE 1149.1 compatible International Standard test protocol
  • the standard JTAG interface is 4 lines: TMS, TCK, TDI, TDO, which are the mode selection, clock, data input and data output lines.
  • an electronic device is provided.
  • the electronic device includes: the security encryption chip, a local data transmission module, and a local data storage module.
  • the bus interface is electrically connected to the local data transmission module.
  • the local data transmission module is in communication with the local data transmission module.
  • the local data storage module is electrically connected, the security encryption chip receives the to-be-encrypted data sent by the local data transmission module to perform an encryption operation, and saves the encrypted encrypted data to the local data storage module.
  • a method of setting an encryption unit in a chip is adopted, and the purpose of enhancing data security is achieved by setting a memory to store a key generated by the encryption unit, thereby solving the related technical problems due to the design of electronic components.
  • Reasonably insecure user data is adopted.
  • a method of setting an encryption unit in a chip is adopted, and the purpose of enhancing data security is achieved by setting a memory to store a key generated by the encryption unit, thereby solving the related technical problems due to the design of electronic components.
  • Reasonably insecure user data is adopted.

Abstract

A secure encryption chip and an electronic device comprising same. The chip comprises: an encryption unit for generating a key according to a preset encryption algorithm, a memory for saving the key, and a bus interface for data interaction. The encryption unit is electrically connected to the memory; the memory is electrically connected to the bus interface. By means of an approach of providing the encryption unit in the chip, and by providing the memory for storing the key generated by the encryption unit, the purpose of improving the data security is achieved, thereby solving the problem in the related technology of the user data insecurity caused by the unreasonable design of an electronic element.

Description

安全加密芯片及含有该芯片的电子设备Security encryption chip and electronic equipment containing the chip 技术领域Technical field
本申请涉及集成电路领域,具体而言,涉及一种安全加密芯片及含有该芯片的电子设备。The present application relates to the field of integrated circuits, and in particular, to a security encryption chip and an electronic device containing the chip.
背景技术Background technique
近年来,随着通信、测控、嵌入式等新技术的发展,为了满足各种不同的需求,设计人员需要设计不同的终端,不管这些终端设计如何变化,其核心部分如处理器、存储器是不变的;相关技术中在设计和制造基于区块链的电子设备时,由于设计上的缺陷,导致用户数据容易被窃取泄露,不能达到绝对的安全性。In recent years, with the development of new technologies such as communication, measurement and control, and embedded systems, in order to meet various needs, designers need to design different terminals. No matter how the design of these terminals changes, its core parts such as processors and memories are not In the related technology, when designing and manufacturing a blockchain-based electronic device, due to design defects, user data is easily stolen and leaked, and absolute security cannot be achieved.
因此,急需一种安全加密芯片及含有该芯片的电子设备,以解决相关技术中由于电子元件设计不合理导致的用户数据不安全的问题。Therefore, a security encryption chip and an electronic device containing the chip are urgently needed to solve the problem of insecure user data caused by the irrational design of electronic components in related technologies.
发明内容Summary of the invention
本申请的主要目的在于提供一种安全加密芯片及含有该芯片的电子设备,以解决相关技术中由于电子元件设计不合理导致的用户数据不安全的问题。The main purpose of this application is to provide a secure encryption chip and an electronic device containing the chip, in order to solve the problem of insecure user data caused by irrational design of electronic components in the related technology.
为了实现上述目的,根据本申请的一个方面,提供了一种安全加密芯片。To achieve the above object, according to one aspect of the present application, a security encryption chip is provided.
根据本申请的安全加密芯片包括:用于按照预设加密算法生成密钥的加密单元、对所述密钥进行保存的存储器以及用于数据交互的总线接口,所述加密单元与所述存储器电性连接,所述存储器与所述总线接口电性连接。The security encryption chip according to the present application includes: an encryption unit for generating a key according to a preset encryption algorithm, a memory for storing the key, and a bus interface for data interaction. The encryption unit is electrically connected to the memory. The memory is electrically connected to the bus interface.
进一步的,所述总线接口为CAN总线接口。Further, the bus interface is a CAN bus interface.
进一步的,所述加密单元基于对称加密算法和非对称加密算法生成所述密钥。Further, the encryption unit generates the key based on a symmetric encryption algorithm and an asymmetric encryption algorithm.
进一步的,所述对称加密算法原理采用DES、3DES和AES中的任意一种或多种。Further, the principle of the symmetric encryption algorithm uses any one or more of DES, 3DES, and AES.
进一步的,还包括用于进行静态存储的FSMC接口,所述FSMC接口与所述存储器电性连接。Further, it further comprises an FSMC interface for performing static storage, and the FSMC interface is electrically connected to the memory.
进一步的,所述存储器为SRAM、ROM、RAM、DRAM以及FLASH中的任意一种或多种。Further, the memory is any one or more of SRAM, ROM, RAM, DRAM, and FLASH.
进一步的,还包括ADC数据采集接口,所述ADC数据采集接口与所述总线接口电性连接。Further, an ADC data acquisition interface is further included, and the ADC data acquisition interface is electrically connected to the bus interface.
进一步的,还包括GPIO接口,所述GPIO接口与所述总线接口电性连接。Further, a GPIO interface is further included, and the GPIO interface is electrically connected to the bus interface.
进一步的,还包括用于芯片内部测试的JTAG接口,所述JTAG接口与所述加密单元电性连接。Further, it further comprises a JTAG interface for internal testing of the chip, and the JTAG interface is electrically connected to the encryption unit.
为了实现上述目的,根据本申请的另一方面,提供了一种电子设备。To achieve the above object, according to another aspect of the present application, an electronic device is provided.
根据本申请的电子设备包括:包含有上述的安全加密芯片、本地数据传输模块以及本地数据存储模块,所述总线接口与所述本地数据传输模块电性连接,所述本地数据传输模块与所述本地数据存储模块电性连接,所述安全加密芯片接收所述本地数据传输模块发送来的待加密数据执行加密操作,并将加密后的加密数据保存到所述本地数据存储模块中。The electronic device according to this application includes: the security encryption chip, a local data transmission module, and a local data storage module. The bus interface is electrically connected to the local data transmission module. The local data transmission module is in communication with the local data transmission module. The local data storage module is electrically connected, the security encryption chip receives the to-be-encrypted data sent by the local data transmission module to perform an encryption operation, and saves the encrypted encrypted data to the local data storage module.
在本申请实施例中,采用在芯片中设置加密单元的方式,通过设置存储器存储所述加密单元生成的密钥,达到了增强数据安全性的目的,进而解决了相关技术中由于电子元件设计不合理导致的用户数据不安全的问题。In the embodiment of the present application, a method of setting an encryption unit in a chip is adopted, and the purpose of enhancing data security is achieved by setting a memory to store a key generated by the encryption unit, thereby solving the related technical problems due to the design of electronic components. Reasonably insecure user data.
附图说明BRIEF DESCRIPTION OF THE DRAWINGS
构成本申请的一部分的附图用来提供对本申请的进一步理解,使得本申请的其它特征、目的和优点变得更明显。本申请的示意性实施例附图及其说明用于解释本申请,并不构成对本申请的不当限定。在附图中:The accompanying drawings, which form a part of this application, serve to provide further understanding of the application, and make other features, objects, and advantages of the application more apparent. The drawings and descriptions of the schematic embodiments of the present application are used to explain the present application, and do not constitute an improper limitation on the present application. In the drawings:
图1是根据本申请所述加密芯片的结构示意图。FIG. 1 is a schematic structural diagram of an encryption chip according to the present application.
具体实施方式detailed description
为了使本技术领域的人员更好地理解本申请方案,下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本申请一部分的实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都应当属于本申请保护的范围。In order to enable those skilled in the art to better understand the solutions of the present application, the technical solutions in the embodiments of the present application will be clearly and completely described with reference to the accompanying drawings in the embodiments of the present application. Obviously, the described embodiments are merely Examples are part of this application, but not all examples. Based on the embodiments in this application, all other embodiments obtained by a person of ordinary skill in the art without creative efforts should fall within the protection scope of this application.
需要说明的是,本申请的说明书和权利要求书及上述附图中的术语“第一”、“第二”等是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。应该理解这样使用的数据在适当情况下可以互换,以便这里描述的本申请的实施例。此外,术语“包括”和“具有”以及他们的任何变形,意图在于覆盖不排他的包含,例如,包含了一系列步骤或单元的过程、方法、系统、产品或设备不必限于清楚地列出的那些步骤或单元,而是可包括没有清楚地列出的或对于这些过程、方法、产品或设备固有的其它步骤或单元。It should be noted that the terms “first” and “second” in the specification and claims of the present application and the above drawings are used to distinguish similar objects, and are not necessarily used to describe a specific order or sequence. It should be understood that the data used in this way may be interchanged where appropriate in order to facilitate the embodiments of the present application described herein. Furthermore, the terms "including" and "having" and any of their variations are intended to cover non-exclusive inclusions, for example, a process, method, system, product, or device that contains a series of steps or units need not be limited to those explicitly listed Those steps or units may instead include other steps or units not explicitly listed or inherent to these processes, methods, products or equipment.
在本申请中,术语“上”、“下”、“左”、“右”、“前”、“后”、“顶”、“底”、“内”、“外”、“中”、“竖直”、“水平”、“横向”、“纵向”等指示的方位或位置关系为基于附图所示的方位或位置关系。这些术语主要是为了更好地描述本发明及其实施例,并非用于限定所指示的装置、元件或组成部分必须具有特定方位,或以特定方位进行构造和操作。In this application, the terms "up", "down", "left", "right", "front", "rear", "top", "bottom", "inside", "outside", "middle", The orientation or position relationship indicated by “vertical”, “horizontal”, “horizontal”, “longitudinal” and the like is based on the orientation or position relationship shown in the drawings. These terms are mainly used to better describe the present invention and its embodiments, and are not used to limit that the indicated device, element or component must have a specific orientation, or be constructed and operated in a specific orientation.
并且,上述部分术语除了可以用于表示方位或位置关系以外,还可能用于表示其他含义,例如术语“上”在某些情况下也可能用于表示某种依附关系或连接关系。对于本领域普通技术人员而言,可以根据具体情况理解这些术语在本发明中的具体含义。In addition, some of the above terms may be used to indicate other positions or positions, in addition to other meanings. For example, the term "up" may be used to indicate some kind of dependency relationship or connection relationship in some cases. For those of ordinary skill in the art, the specific meanings of these terms in the present invention can be understood according to specific situations.
此外,术语“安装”、“设置”、“设有”、“连接”、“相连”、“套接”应做广义理解。例如,可以是固定连接,可拆卸连接,或整体式构造;可以是机械连接,或电连接;可以是直接相连,或者是通过中间媒介间接相连,又或者是两 个装置、元件或组成部分之间内部的连通。对于本领域普通技术人员而言,可以根据具体情况理解上述术语在本发明中的具体含义。In addition, the terms "installation", "setup", "installation", "connection", "connection", and "socket" should be interpreted in a broad sense. For example, it can be a fixed connection, a detachable connection, or a monolithic structure; it can be a mechanical connection or an electrical connection; it can be directly connected or indirectly connected through an intermediate medium, or it can be two devices, components, or components. Internal connectivity. For those of ordinary skill in the art, the specific meanings of the above terms in the present invention can be understood according to specific situations.
需要说明的是,在不冲突的情况下,本申请中的实施例及实施例中的特征可以相互组合。下面将参考附图并结合实施例来详细说明本申请。It should be noted that, in the case of no conflict, the embodiments in the present application and the features in the embodiments can be combined with each other. The application will be described in detail below with reference to the drawings and embodiments.
如图1所示,本申请涉及一种安全加密芯片。包括:用于按照预设加密算法生成密钥的加密单元、对所述密钥进行保存的存储器以及用于数据交互的总线接口,所述加密单元与所述存储器电性连接,所述存储器与所述总线接口电性连接。As shown in FIG. 1, the present application relates to a secure encryption chip. The device includes an encryption unit for generating a key according to a preset encryption algorithm, a memory for storing the key, and a bus interface for data interaction. The encryption unit is electrically connected to the memory, and the memory is connected to the memory. The bus interface is electrically connected.
优选的,本申请的所述安全加密芯片为可以独立使用的本地数据处理芯片,不与外界互联网连接,不与外界互联网进行数据交互,以此确保本地数据的绝对安全。Preferably, the security encryption chip of the present application is a local data processing chip that can be used independently, and is not connected to the external Internet and does not perform data interaction with the external Internet, thereby ensuring the absolute security of local data.
优选的,本发明所述的加密单元基于区块链加密技术在本地/离线生成密钥,并将所述密钥存储至本地/离线的所述本地数据存储模块,达到了防止黑客入侵、防止数据丢失和篡改的技术效果。Preferably, the encryption unit according to the present invention generates a key locally / offline based on the blockchain encryption technology and stores the key to the local / offline local data storage module, thereby preventing hacking and preventing Technical effects of data loss and tampering.
具体的,所述密钥为私钥和公钥,虽然大多数比特币钱包工具为了方便会将私钥和公钥以密钥对的形式存储在一起,然而,公钥可以由私钥计算得到,所以本发明所述密钥也可以只是私钥;其中,一个比特币钱包中包含一系列的密钥对,每个密钥对包括一个私钥和一个公钥。私钥是一个数字,通常是随机选出的,有了私钥,我们就可以使用椭圆曲线乘法这个单向加密函数产生一个公钥,有了公钥,我们就可以使用一个单向加密哈希函数生成比特币地址。Specifically, the key is a private key and a public key. Although most Bitcoin wallet tools store the private key and the public key together in the form of a key pair for convenience, the public key can be calculated from the private key. Therefore, the key described in the present invention may also be a private key; among them, a Bitcoin wallet contains a series of key pairs, and each key pair includes a private key and a public key. The private key is a number, which is usually randomly selected. With the private key, we can use the one-way encryption function of elliptic curve multiplication to generate a public key. With the public key, we can use a one-way cryptographic hash. The function generates a Bitcoin address.
优选的,生成密钥的第一步也是最重要的一步,是要找到足够安全的熵源,即随机性来源。生成一个比特币私钥在本质上与“在1到2^256之间选一个数字”无异。只要选取的结果是不可预测或不可重复的,那么选取数字的具体方法并不重要。比特币软件使用操作系统底层的随机数生成器来产生256位的熵(随机性)。通常情况下,操作系统随机数生成器由人工的随机源进行初始化,也可能需要通过几秒钟内不停晃动鼠标等方式进行初始化;具体的,私钥可以是1和n-1之间的任何数字,其中n是一个常数(n=1.158*10^77,略小于2^256), 并由比特币所使用的椭圆曲线的阶所定义。要生成这样的一个私钥,我们随机选择一个256位的数字,并检查它是否小于n-1。从编程的角度来看,一般是通过在一个密码学安全的随机源中取出一长串随机字节,对其使用SHA256哈希算法进行运算,这样就可以方便地产生一个256位的数字。如果运算结果小于n-1,我们就有了一个合适的私钥。否则,我们就用另一个随机数再重复一次。Preferably, the first and most important step in generating a key is to find a sufficiently secure source of entropy, that is, a source of randomness. Generating a Bitcoin private key is essentially the same as "choosing a number between 1 and 2 ^ 256". As long as the results selected are unpredictable or non-repeatable, the specific method of selecting numbers is not important. Bitcoin software uses a random number generator underlying the operating system to generate 256-bit entropy (randomness). Under normal circumstances, the operating system random number generator is initialized by an artificial random source, and it may also need to be initialized by shaking the mouse continuously for a few seconds; specifically, the private key can be between 1 and n-1 Any number, where n is a constant (n = 1.158 * 10 ^ 77, slightly less than 2 ^ 256), and is defined by the order of the elliptic curve used by Bitcoin. To generate such a private key, we randomly select a 256-bit number and check if it is less than n-1. From a programming point of view, it is generally to take a long string of random bytes from a cryptographically secure random source and use the SHA256 hash algorithm to operate it, so that a 256-bit number can be easily generated. If the result of the operation is less than n-1, we have a suitable private key. Otherwise, we repeat again with another random number.
优选的,通过椭圆曲线算法可以从私钥计算得到公钥,这是不可逆转的过程:K=k*G。其中k是私钥,G是被称为生成点的常数点,而K是所得公钥,其中,椭圆曲线加密法是一种基于离散对数问题的非对称(或公钥)加密法。Preferably, the public key can be calculated from the private key by an elliptic curve algorithm, which is an irreversible process: K = k * G. Where k is the private key, G is a constant point called the generation point, and K is the resulting public key. Among them, the elliptic curve encryption method is an asymmetric (or public key) encryption method based on the discrete logarithm problem.
优选的,比特币地址是一个由数字和字母组成的字符串,可以与任何想给你比特币的人分享,在交易中,比特币地址通常以收款方出现。如果把比特币交易比作一张支票,比特币地址就是收款人,比特币地址可由公钥经过单向的加密哈希算法得到。Preferably, the Bitcoin address is a string of numbers and letters that can be shared with anyone who wants to give you Bitcoin. In transactions, the Bitcoin address usually appears as the payee. If a Bitcoin transaction is compared to a check, the Bitcoin address is the payee, and the Bitcoin address can be obtained from the public key through a one-way cryptographic hash algorithm.
具体的,哈希算法是一种单向函数,接收任意长度的输入产生指纹摘要。加密哈希函数在比特币中被广泛使用:比特币地址、脚本地址以及在挖矿中的工作量证明算法。由公钥生成比特币地址时使用的算法是Secure Hash Algorithm(SHA)和the RACE Integrity Primitives Evaluation Message Digest(RIPEMD),特别是SHA256和RIPEMD160,通常用户见到的比特币地址是经过“Base58Check”编码的,这种编码使用了58个字符(一种Base58数字系统)和校验码,提高了可读性、避免歧义并有效防止了在地址转录和输入中产生的错误。Specifically, the hash algorithm is a one-way function that receives an input of any length to generate a fingerprint digest. Cryptographic hash functions are widely used in Bitcoin: Bitcoin addresses, script addresses, and proof-of-work algorithms in mining. The algorithm used to generate a Bitcoin address from a public key is Secure Hash Algorithm (SHA) and the RACE Integration Primitives Evaluation Message Digest (RIPEMD), especially SHA256 and RIPEMD160. Generally, the Bitcoin address that users see is encoded by "Base58Check" Yes, this encoding uses 58 characters (a Base58 number system) and a check code to improve readability, avoid ambiguity, and effectively prevent errors in address transcription and input.
优选的,私钥必须保密,BIP0038提出了一个通用标准,使用一个口令加密私钥并使用Base58Check对加密的私钥进行编码,这样加密的私钥就可以安全地保存在备份介质里,安全地在钱包间传输,保持密钥在任何可能被暴露情况下的安全性。这个加密标准使用了AES,这个标准由NIST建立,并广泛应用于商业和军事应用的数据加密。Preferably, the private key must be kept secret. BIP0038 proposes a common standard. A password is used to encrypt the private key and Base58Check is used to encode the encrypted private key. In this way, the encrypted private key can be safely stored in the backup medium Transfer between wallets, keeping the security of the key in any possible exposure. This encryption standard uses AES, a standard established by NIST and widely used for data encryption in commercial and military applications.
在本申请的一些实施例中,所述总线接口为CAN总线接口。In some embodiments of the present application, the bus interface is a CAN bus interface.
优选的,CAN是Controller Area Network的缩写(以下称为CAN),是ISO国际标准化的串行通信协议。为适应“减少线束的数量”、“通过多个LAN,进行大量数据的高速通信”的需要,1986年德国电气商博世公司开发出面向汽车的CAN通信协议。Preferably, CAN is the abbreviation of Controller Area Network (hereinafter referred to as CAN) and is a serial communication protocol standardized by ISO International. In order to meet the needs of "reducing the number of wiring harnesses" and "high-speed communication of a large amount of data through multiple LANs", in 1986, the German electric maker Bosch developed a CAN communication protocol for automobiles.
在本申请的一些实施例中,所述加密单元基于对称加密算法和非对称加密算法生成所述密钥,所述对称加密算法原理采用DES、3DES和AES中的任意一种或多种。In some embodiments of the present application, the encryption unit generates the key based on a symmetric encryption algorithm and an asymmetric encryption algorithm, and the principle of the symmetric encryption algorithm uses any one or more of DES, 3DES, and AES.
优选的,所述DES算法把64位的明文输入块变为数据长度为64位的密文输出块,其中8位为奇偶校验位,另外56位作为密码的长度。首先,DES把输入的64位数据块按位重新组合,并把输出分为L0、R0两部分,每部分各长32位,并进行前后置换,最终由L0输出左32位,R0输出右32位,根据这个法则经过16次迭代运算后,得到L16、R16,将此作为输入,进行与初始置换相反的逆置换,即得到密文输出;DES算法具有极高的安全性,到目前为止,除了用穷举搜索法对DES算法进行攻击外,还没有发现更有效的办法,而56位长密钥的穷举空间为2^56,这意味着如果一台计算机的速度是每秒种检测100万个密钥,那么它搜索完全部密钥就需要将近2285年的时间,因此DES算法是一种很可靠的加密方法。Preferably, the DES algorithm changes a 64-bit plaintext input block into a ciphertext output block with a data length of 64 bits, of which 8 bits are parity bits and the other 56 bits are the length of the password. First, DES reassembles the input 64-bit data block bit by bit, and divides the output into two parts, L0 and R0, each of which is 32 bits in length. After 16 iterative operations according to this rule, L16 and R16 are obtained, and this is used as an input to perform inverse permutation opposite to the initial permutation to obtain the ciphertext output. The DES algorithm has extremely high security. So far, Except for using the exhaustive search method to attack the DES algorithm, no more effective method has been found. The exhaustive space of a 56-bit long key is 2 ^ 56, which means that if a computer's speed is detected per second, 1 million keys, it will take almost 2285 years to search all the keys, so the DES algorithm is a very reliable encryption method.
优选的,所述3DES又称Triple DES,是DES加密算法的一种模式,它使用3条56位的密钥对3DES数据进行三次加密。数据加密标准(DES)是美国的一种由来已久的加密标准,它使用对称密钥加密法,并于1981年被ANSI组织规范为ANSI X.3.92。DES使用56位密钥和密码块的方法,而在密码块的方法中,文本被分成64位大小的文本块然后再进行加密。比起最初的DES,3DES更为安全。Preferably, the 3DES is also called Triple DES, which is a mode of the DES encryption algorithm. It uses three 56-bit keys to encrypt 3DES data three times. The Data Encryption Standard (DES) is a long-established encryption standard in the United States. It uses a symmetric key encryption method and was standardized by the ANSI organization as ANSI X.3.92 in 1981. DES uses a 56-bit key and cipher block method. In the cipher block method, the text is divided into 64-bit-sized text blocks and then encrypted. 3DES is more secure than the original DES.
优选的,所述AES高级加密标准(英语:Advanced Encryption Standard,缩写:AES),在密码学中又称Rijndael加密法,是美国联邦政府采用的一种区块加密标准。这个标准用来替代原先的DES,已经被多方分析且广为全世 界所使用。经过五年的甄选流程,高级加密标准由美国国家标准与技术研究院(NIST)于2001年11月26日发布于FIPS PUB 197,并在2002年5月26日成为有效的标准。2006年,高级加密标准已然成为对称密钥加密中最流行的算法之一;不同于它的前任标准DES,Rijndael使用的是代换-置换网络,而非Feistel架构。AES在软件及硬件上都能快速地加解密,相对来说较易于实作,且只需要很少的存储器。作为一个新的加密标准,目前正被部署应用到更广大的范围。Preferably, the AES Advanced Encryption Standard (English: Advanced Encryption Standard, abbreviation: AES), also called Rijndael encryption method in cryptography, is a block encryption standard adopted by the US federal government. This standard is used to replace the original DES, which has been analyzed by many parties and widely used throughout the world. After a five-year selection process, the Advanced Encryption Standard was published by the National Institute of Standards and Technology (NIST) on FIPS PUB 197 on November 26, 2001, and became a valid standard on May 26, 2002. In 2006, the Advanced Encryption Standard has become one of the most popular algorithms in symmetric key encryption; unlike its predecessor, DES, Rijndael uses a substitution-permutation network instead of the Feistel architecture. AES can be quickly encrypted and decrypted in both software and hardware. It is relatively easy to implement and requires very little memory. As a new encryption standard, it is being deployed to a wider range.
优选的,所述加密单元采用非对称加密算法进行加密,采用非对称加密算法,算法强度复杂、安全性依赖于算法与密钥但是由于其算法复杂,而使得加密解密速度没有对称加密解密的速度快。对称密码体制中只有一种密钥,并且是非公开的,如果要解密就得让对方知道密钥。所以保证其安全性就是保证密钥的安全,而非对称密钥体制有两种密钥,其中一个是公开的,这样就可以不需要像对称密码那样传输对方的密钥,大幅度提高数据安全性。Preferably, the encryption unit adopts an asymmetric encryption algorithm for encryption, and adopts an asymmetric encryption algorithm. The strength of the algorithm is complex, and the security depends on the algorithm and the key. However, due to the complexity of the algorithm, the encryption and decryption speed does not have the speed of the symmetric encryption and decryption. fast. There is only one kind of key in a symmetric cryptosystem, and it is not public. If you want to decrypt it, you must let the other party know the key. Therefore, to ensure its security is to ensure the security of the key. There are two types of keys in the asymmetric key system, one of which is public, so that it is not necessary to transfer the other party's key like a symmetric password, which greatly improves data security. Sex.
在本申请的其他实施例中,所述加密单元也可以使用其他加密算法来生成密钥。In other embodiments of the present application, the encryption unit may also use other encryption algorithms to generate a key.
在本申请的一些实施例中,还包括用于进行静态存储的FSMC接口,所述FSMC接口与所述存储器电性连接。In some embodiments of the present application, an FSMC interface for static storage is further included, and the FSMC interface is electrically connected to the memory.
优选的,FSMC(Flexible Static Memory Controller,可变静态存储控制器)是STM32系列采用的一种新型的存储器扩展技术。在外部存储器扩展方面具有独特的优势,可根据系统的应用需要,方便地进行不同类型大容量静态存储器的扩展。Preferably, FSMC (Flexible Static Memory Controller) is a new type of memory expansion technology adopted by the STM32 series. It has unique advantages in terms of external memory expansion. It can easily expand different types of large-capacity static memories according to the application needs of the system.
在本申请的一些实施例中,所述存储器为SRAM、ROM、RAM、DRAM以及FLASH中的任意一种或多种。In some embodiments of the present application, the memory is any one or more of SRAM, ROM, RAM, DRAM, and FLASH.
优选的,静态随机存取存储器(Static Random-Access Memory,SRAM)是随机存取存储器的一种。所谓的“静态”,是指这种存储器只要保持通电,里面储存的数据就可以恒常保持。相对之下,动态随机存取存储器(DRAM)里面所储存的数据就需要周期性地更新。然而,当电力供应停止时,SRAM储 存的数据还是会消失(被称为volatile memory),这与在断电后还能储存资料的ROM或闪存是不同的。Preferably, Static Random Access Memory (SRAM) is a type of random access memory. The so-called "static" means that as long as the memory is kept powered, the data stored in it can be constantly maintained. In contrast, data stored in dynamic random access memory (DRAM) needs to be updated periodically. However, when the power supply is stopped, the data stored in the SRAM will still disappear (known as volatile memory), which is different from the ROM or flash memory that can store data after power failure.
优选的,ROM是ROM image(只读内存镜像)的简称,常用于手机定制系统玩家的圈子中。智能手机配置中的ROM指的是EEProm(电擦除可写只读存储器),类似于计算机的硬盘,一般手机刷机的过程,就是将只读内存镜像(ROM image)写入只读内存(ROM)的过程。智能手机的ROM指的是其存储空间,一般是由UFS等闪存制作,其硬件不是只读的,所谓只读是指软件层面对系统分区的读写权限设置。Preferably, ROM is an abbreviation of ROM image (read-only memory mirroring), which is often used in the circle of mobile phone customization system players. The ROM in the smart phone configuration refers to EEProm (electrically erasable and writable read-only memory), which is similar to the hard disk of a computer. The process of flashing a mobile phone is to write the read-only memory image (ROM image) into the read-only memory (ROM). )the process of. The ROM of a smart phone refers to its storage space, which is generally made of flash memory such as UFS. Its hardware is not read-only. The so-called read-only refers to the software layer's read and write permission settings for the system partition.
优选的,随机存取存储器(random access memory,RAM)又称作“随机存储器”,是与CPU直接交换数据的内部存储器,也叫主存(内存)。它可以随时读写,而且速度很快,通常作为操作系统或其他正在运行中的程序的临时数据存储媒介。Preferably, random access memory (RAM) is also called "random memory", which is an internal memory that directly exchanges data with the CPU, also called main memory (memory). It can be read and written at any time, and it is very fast. It is usually used as a temporary data storage medium for the operating system or other running programs.
优选的,DRAM(Dynamic Random Access Memory),即动态随机存取存储器,最为常见的系统内存。DRAM只能将数据保持很短的时间。为了保持数据,DRAM使用电容存储,所以必须隔一段时间刷新(refresh)一次,如果存储单元没有被刷新,存储的信息就会丢失(关机就会丢失数据)。Preferably, DRAM (Dynamic Random Access Memory), that is, dynamic random access memory, is the most common system memory. DRAM can only hold data for a short time. In order to maintain data, DRAM uses capacitor storage, so it must be refreshed once in a while. If the memory cell is not refreshed, the stored information will be lost (data will be lost when the power is turned off).
优选的,FLASH闪存闪存的英文名称是″Flash Memory″,一般简称为″Flash″,它属于内存器件的一种,是一种非易失性(Non-Volatile)内存。Preferably, the English name of the FLASH flash memory is "Flash", generally referred to as "Flash", which belongs to a type of memory device and is a non-volatile (Non-Volatile) memory.
在本申请的一些实施例中,还包括ADC数据采集接口,所述ADC数据采集接口与所述总线接口电性连接。In some embodiments of the present application, an ADC data acquisition interface is further included, and the ADC data acquisition interface is electrically connected to the bus interface.
优选的,ADC,Analog-to-Digital Converter的缩写,指模/数转换器或者模数转换器。是指将连续变化的模拟信号转换为离散的数字信号的器件。真实世界的模拟信号,例如温度、压力、声音或者图像等,需要转换成更容易储存、处理和发射的数字形式。模/数转换器可以实现这个功能,在各种不同的产品中都可以找到它的身影。Preferably, ADC, an abbreviation of Analog-to-Digital Converter, refers to an analog-to-digital converter or an analog-to-digital converter. A device that converts a continuously changing analog signal into a discrete digital signal. Real-world analog signals, such as temperature, pressure, sound, or images, need to be converted into digital forms that are easier to store, process, and emit. The A / D converter can achieve this function, and it can be found in various products.
在本申请的一些实施例中,还包括GPIO接口,所述GPIO接口与所述总线接口电性连接。In some embodiments of the present application, a GPIO interface is further included, and the GPIO interface is electrically connected to the bus interface.
优选的,General Purpose Input Output(通用输入/输出)简称为GPIO,或总线扩展器,人们利用工业标准I2C、SMBus或SPI接口简化了I/O口的扩展。当微控制器或芯片组没有足够的I/O端口,或当系统需要采用远端串行通信或控制时,GPIO产品能够提供额外的控制和监视功能。Preferably, General Input / Output is called GPIO or bus expander for short. People use industry standard I2C, SMBus or SPI interface to simplify the expansion of I / O port. When the microcontroller or chipset does not have enough I / O ports, or when the system needs to use remote serial communication or control, GPIO products can provide additional control and monitoring functions.
在本申请的一些实施例中,还包括用于芯片内部测试的JTAG接口,所述JTAG接口与所述加密单元电性连接。In some embodiments of the present application, a JTAG interface for chip internal testing is further included, and the JTAG interface is electrically connected to the encryption unit.
优选的,JTAG(Joint Test Action Group;联合测试工作组)是一种国际标准测试协议(IEEE 1149.1兼容),主要用于芯片内部测试。现在多数的高级器件都支持JTAG协议,如DSP、FPGA器件等。标准的JTAG接口是4线:TMS、TCK、TDI、TDO,分别为模式选择、时钟、数据输入和数据输出线。Preferably, JTAG (Joint Test Action Group) is an international standard test protocol (IEEE 1149.1 compatible), which is mainly used for chip internal testing. Most advanced devices now support the JTAG protocol, such as DSP and FPGA devices. The standard JTAG interface is 4 lines: TMS, TCK, TDI, TDO, which are the mode selection, clock, data input and data output lines.
为了实现上述目的,根据本申请的另一方面,提供了一种电子设备。To achieve the above object, according to another aspect of the present application, an electronic device is provided.
根据本申请的电子设备包括:包含有上述的安全加密芯片、本地数据传输模块以及本地数据存储模块,所述总线接口与所述本地数据传输模块电性连接,所述本地数据传输模块与所述本地数据存储模块电性连接,所述安全加密芯片接收所述本地数据传输模块发送来的待加密数据执行加密操作,并将加密后的加密数据保存到所述本地数据存储模块中。The electronic device according to this application includes: the security encryption chip, a local data transmission module, and a local data storage module. The bus interface is electrically connected to the local data transmission module. The local data transmission module is in communication with the local data transmission module. The local data storage module is electrically connected, the security encryption chip receives the to-be-encrypted data sent by the local data transmission module to perform an encryption operation, and saves the encrypted encrypted data to the local data storage module.
从以上的描述中,可以看出,本申请实现了如下技术效果:From the above description, it can be seen that the present application achieves the following technical effects:
在本申请实施例中,采用在芯片中设置加密单元的方式,通过设置存储器存储所述加密单元生成的密钥,达到了增强数据安全性的目的,进而解决了相关技术中由于电子元件设计不合理导致的用户数据不安全的问题。In the embodiment of the present application, a method of setting an encryption unit in a chip is adopted, and the purpose of enhancing data security is achieved by setting a memory to store a key generated by the encryption unit, thereby solving the related technical problems due to the design of electronic components. Reasonably insecure user data.
以上所述仅为本申请的优选实施例而已,并不用于限制本申请,对于本领域的技术人员来说,本申请可以有各种更改和变化。凡在本申请的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本申请的保护范围之内。The above description is only a preferred embodiment of the present application, and is not intended to limit the present application. For those skilled in the art, this application may have various modifications and changes. Any modification, equivalent replacement, or improvement made within the spirit and principle of this application shall be included in the protection scope of this application.
工业实用性Industrial applicability
在本申请实施例中,采用在芯片中设置加密单元的方式,通过设置存储器存储所述加密单元生成的密钥,达到了增强数据安全性的目的,进而解决了相关技术中由于电子元件设计不合理导致的用户数据不安全的问题。In the embodiment of the present application, a method of setting an encryption unit in a chip is adopted, and the purpose of enhancing data security is achieved by setting a memory to store a key generated by the encryption unit, thereby solving the related technical problems due to the design of electronic components. Reasonably insecure user data.

Claims (10)

  1. 一种安全加密芯片,其特征在于,包括:用于按照预设加密算法生成密钥的加密单元、对所述密钥进行保存的存储器以及用于数据交互的总线接口,所述加密单元与所述存储器电性连接,所述存储器与所述总线接口电性连接。A security encryption chip, comprising: an encryption unit for generating a key according to a preset encryption algorithm; a memory for storing the key; and a bus interface for data interaction. The memory is electrically connected, and the memory is electrically connected to the bus interface.
  2. 根据权利要求1所述的安全加密芯片,其特征在于,所述总线接口为CAN总线接口。The security encryption chip according to claim 1, wherein the bus interface is a CAN bus interface.
  3. 根据权利要求1所述的安全加密芯片,其特征在于,所述加密单元基于对称加密算法和非对称加密算法生成所述密钥。The security encryption chip according to claim 1, wherein the encryption unit generates the key based on a symmetric encryption algorithm and an asymmetric encryption algorithm.
  4. 根据权利要求3所述的安全加密芯片,其特征在于,所述对称加密算法原理采用DES、3DES和AES中的任意一种或多种。The security encryption chip according to claim 3, wherein the principle of the symmetric encryption algorithm uses any one or more of DES, 3DES, and AES.
  5. 根据权利要求1所述的安全加密芯片,其特征在于,还包括用于进行静态存储的FSMC接口,所述FSMC接口与所述存储器电性连接。The security encryption chip according to claim 1, further comprising an FSMC interface for performing static storage, wherein the FSMC interface is electrically connected to the memory.
  6. 根据权利要求1所述的安全加密芯片,其特征在于,所述存储器为SRAM、ROM、RAM、DRAM以及FLASH中的任意一种或多种。The security encryption chip according to claim 1, wherein the memory is any one or more of SRAM, ROM, RAM, DRAM, and FLASH.
  7. 根据权利要求1所述的安全加密芯片,其特征在于,还包括ADC数据采集接口,所述ADC数据采集接口与所述总线接口电性连接。The security encryption chip according to claim 1, further comprising an ADC data acquisition interface, wherein the ADC data acquisition interface is electrically connected to the bus interface.
  8. 根据权利要求1所述的安全加密芯片,其特征在于,还包括GPIO接口,所述GPIO接口与所述总线接口电性连接。The security encryption chip according to claim 1, further comprising a GPIO interface, wherein the GPIO interface is electrically connected to the bus interface.
  9. 根据权利要求1所述的安全加密芯片,其特征在于,还包括用于芯片内部测试的JTAG接口,所述JTAG接口与所述加密单元电性连接。The security encryption chip according to claim 1, further comprising a JTAG interface for internal testing of the chip, wherein the JTAG interface is electrically connected to the encryption unit.
  10. 一种电子设备,其特征在于,包含有上述权利要求1至权利要求9所述的安全加密芯片、本地数据传输模块以及本地数据存储模块,所述总线接口与所述本地数据传输模块电性连接,所述本地数据传输模块与所述本地数据存储模块电性连接,所述安全加密芯片接收所述本地数据传输模块发送来的待加密数据执行加密操作,并将加密后的加密数据保存到所述本地数据存储模块中。An electronic device, comprising the security encryption chip, the local data transmission module, and the local data storage module according to the preceding claims 1 to 9, and the bus interface is electrically connected to the local data transmission module. The local data transmission module is electrically connected to the local data storage module, the security encryption chip receives the data to be encrypted sent by the local data transmission module to perform an encryption operation, and saves the encrypted data after encryption Described in the local data storage module.
PCT/CN2018/095977 2018-07-10 2018-07-17 Secure encryption chip and electronic device comprising same WO2020010642A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201810750863.9 2018-07-10
CN201810750863.9A CN109145613A (en) 2018-07-10 2018-07-10 Security encryption chip and electronic equipment containing the chip

Publications (1)

Publication Number Publication Date
WO2020010642A1 true WO2020010642A1 (en) 2020-01-16

Family

ID=64800223

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/095977 WO2020010642A1 (en) 2018-07-10 2018-07-17 Secure encryption chip and electronic device comprising same

Country Status (2)

Country Link
CN (1) CN109145613A (en)
WO (1) WO2020010642A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113127888A (en) * 2019-12-30 2021-07-16 广东博智林机器人有限公司 Security chip, terminal and method for generating symmetric key
CN114002587B (en) * 2021-12-30 2022-03-18 中科声龙科技发展(北京)有限公司 Chip supporting workload proving mechanism and testing method thereof

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103150524A (en) * 2013-01-30 2013-06-12 华中科技大学 Safe memory chip, system and authentication method of safe memory chip
CN104202161A (en) * 2014-08-06 2014-12-10 广东电网公司电力科学研究院 An SoC cryptographic chip
CN104391813A (en) * 2014-10-23 2015-03-04 山东维固信息科技股份有限公司 SOC (system-on-chip) chip for embedded data security system
CN206712806U (en) * 2017-04-26 2017-12-05 美的智慧家居科技有限公司 Key chip system and internet of things equipment

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101281496A (en) * 2007-04-02 2008-10-08 北京华旗资讯数码科技有限公司 Ciphering type mobile storage apparatus
CN201054140Y (en) * 2007-04-27 2008-04-30 北京华大恒泰科技有限责任公司 Information security control chip
CN106301774B (en) * 2015-05-29 2019-08-06 辰芯科技有限公司 Safety chip, its encryption key generation method and encryption method
CN105631366A (en) * 2015-10-13 2016-06-01 上海磁宇信息科技有限公司 Encryption chip and encryption method therefor

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103150524A (en) * 2013-01-30 2013-06-12 华中科技大学 Safe memory chip, system and authentication method of safe memory chip
CN104202161A (en) * 2014-08-06 2014-12-10 广东电网公司电力科学研究院 An SoC cryptographic chip
CN104391813A (en) * 2014-10-23 2015-03-04 山东维固信息科技股份有限公司 SOC (system-on-chip) chip for embedded data security system
CN206712806U (en) * 2017-04-26 2017-12-05 美的智慧家居科技有限公司 Key chip system and internet of things equipment

Also Published As

Publication number Publication date
CN109145613A (en) 2019-01-04

Similar Documents

Publication Publication Date Title
US20230224148A1 (en) System and method for quantum-safe authentication, encryption and decryption of information
US11811923B2 (en) Single node multi-party encryption
US10313128B2 (en) Address-dependent key generator by XOR tree
JP6144992B2 (en) Searchable cryptographic processing system and method
JP5306465B2 (en) Pre-calculation of message authentication code applied to secure memory
TW201826162A (en) Method and system for generation of cipher round keys by bit-mixers
CN105760764B (en) Encryption and decryption method and device for embedded storage device file and terminal
TW201812638A (en) Storage design method of blockchain encrypted radio frequency chip
US10146701B2 (en) Address-dependent key generation with a substitution-permutation network
US11308241B2 (en) Security data generation based upon software unreadable registers
JPH10511778A (en) Method of executing a communication protocol between two processing devices using a secret key
US20110314301A1 (en) Systems and methods for hardware key encryption
US7841014B2 (en) Confidential information processing method, confidential information processor, and content data playback system
US9729319B2 (en) Key management for on-the-fly hardware decryption within integrated circuits
US9602281B2 (en) Parallelizable cipher construction
US9928385B2 (en) Periodic memory refresh in a secure computing system
WO2020010642A1 (en) Secure encryption chip and electronic device comprising same
US9946662B2 (en) Double-mix Feistel network for key generation or encryption
TWI665901B (en) Encryption method and decryption method
CN115296808B (en) Key replacing method, device, computer equipment and storage medium
Budzik et al. Encryption-based Security in Wearable Devices
CN114996735A (en) Data encryption method and device, storage medium and terminal
Garay et al. E cient Techniques for Securing O-Chip Memory

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18926050

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18926050

Country of ref document: EP

Kind code of ref document: A1

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 02/02/2022)

122 Ep: pct application non-entry in european phase

Ref document number: 18926050

Country of ref document: EP

Kind code of ref document: A1