WO2023273933A1 - Method for authenticating system on chip, and related product - Google Patents
Method for authenticating system on chip, and related product Download PDFInfo
- Publication number
- WO2023273933A1 WO2023273933A1 PCT/CN2022/099768 CN2022099768W WO2023273933A1 WO 2023273933 A1 WO2023273933 A1 WO 2023273933A1 CN 2022099768 W CN2022099768 W CN 2022099768W WO 2023273933 A1 WO2023273933 A1 WO 2023273933A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- authentication
- chip
- evidence
- information
- key
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 100
- 238000004590 computer program Methods 0.000 claims abstract description 11
- 230000004044 response Effects 0.000 claims description 12
- 230000000977 initiatory effect Effects 0.000 claims description 7
- 238000005259 measurement Methods 0.000 claims description 6
- 238000009795 derivation Methods 0.000 claims description 5
- 238000012795 verification Methods 0.000 claims description 4
- 238000012545 processing Methods 0.000 abstract description 39
- 238000004891 communication Methods 0.000 description 23
- 230000008569 process Effects 0.000 description 22
- 238000010586 diagram Methods 0.000 description 13
- 238000004422 calculation algorithm Methods 0.000 description 10
- 238000005516 engineering process Methods 0.000 description 10
- 230000006870 function Effects 0.000 description 10
- PSYGHMBJXWRQFD-UHFFFAOYSA-N 2-(2-sulfanylacetyl)oxyethyl 2-sulfanylacetate Chemical compound SCC(=O)OCCOC(=O)CS PSYGHMBJXWRQFD-UHFFFAOYSA-N 0.000 description 7
- 238000013135 deep learning Methods 0.000 description 7
- 238000012546 transfer Methods 0.000 description 6
- 230000003993 interaction Effects 0.000 description 5
- 230000009471 action Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 3
- 230000010354 integration Effects 0.000 description 3
- 239000011159 matrix material Substances 0.000 description 3
- 230000002093 peripheral effect Effects 0.000 description 3
- 238000003491 array Methods 0.000 description 2
- 238000013473 artificial intelligence Methods 0.000 description 2
- 230000004888 barrier function Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 230000008878 coupling Effects 0.000 description 2
- 238000010168 coupling process Methods 0.000 description 2
- 238000005859 coupling reaction Methods 0.000 description 2
- 238000007418 data mining Methods 0.000 description 2
- 235000019800 disodium phosphate Nutrition 0.000 description 2
- 238000010801 machine learning Methods 0.000 description 2
- 210000002569 neuron Anatomy 0.000 description 2
- 238000011160 research Methods 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 238000005481 NMR spectroscopy Methods 0.000 description 1
- 240000007594 Oryza sativa Species 0.000 description 1
- 235000007164 Oryza sativa Nutrition 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 239000003999 initiator Substances 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000004377 microelectronic Methods 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000003058 natural language processing Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 235000009566 rice Nutrition 0.000 description 1
- 230000008054 signal transmission Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
- 238000002604 ultrasonography Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
- 238000005406 washing Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F15/00—Digital computers in general; Data processing equipment in general
- G06F15/76—Architectures of general purpose stored program computers
- G06F15/78—Architectures of general purpose stored program computers comprising a single central processing unit
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F15/00—Digital computers in general; Data processing equipment in general
- G06F15/76—Architectures of general purpose stored program computers
- G06F15/78—Architectures of general purpose stored program computers comprising a single central processing unit
- G06F15/7807—System on chip, i.e. computer system on a single chip; System in package, i.e. computer system on one or more chips in a single package
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
Definitions
- the present disclosure relates generally to the field of authentication technologies. More specifically, the present disclosure relates to a method for authenticating a system on chip, a system on chip for performing the aforementioned method, an authentication device and a computer program product, and an authentication system including the aforementioned system on chip and the authentication device.
- SoC System on Chip
- SoC System on Chip
- TPM Trusted Platform Module
- this disclosure proposes a scheme for authenticating a system on chip.
- the system-on-chip authentication can be realized without adding additional dedicated hardware.
- the authentication scheme disclosed in the present disclosure not only reduces the cost of certification for the SoC, but also ensures the security of the SoC, and further improves the safety certification level of the SoC.
- the present disclosure provides a scheme for authenticating a system on chip in the following aspects.
- the present disclosure provides a method for authenticating a system-on-chip, including: receiving an authentication request for authenticating the system-on-chip from an authentication device, wherein the authentication request includes first authentication information; according to the The first authentication information and the second authentication information determine an authentication evidence; and send the authentication evidence to the authentication device, so that the authentication device uses the authentication evidence to authenticate whether the system-on-chip in the running phase is credible.
- the present disclosure provides a method for authenticating a system-on-chip, comprising: generating an authentication request for initiating authentication of the system-on-chip, wherein the authentication request includes first authentication information; sending the authentication request to the system-on-chip, so that when the authentication request is received in the system-on-chip, determining authentication evidence based on the second authentication information and the first authentication information; receiving from the system-on-chip the authentication evidence; and authenticating whether the system-on-chip in the running phase is authentic according to the authentication evidence.
- the present disclosure provides a method for authenticating a system-on-chip, including: executing at an authentication device: initiating an authentication request for authenticating the system-on-chip, wherein the authentication request includes first authentication information; sending the authentication request to the system-on-chip; executing at the system-on-chip in the running phase: receiving the authentication request from the authentication device; according to the first authentication information and the second The authentication information determines authentication evidence; and sends the authentication evidence to the authentication device; performs at the authentication device: receiving the authentication evidence; and whether the system-on-a-chip in the running phase is trusted according to the authentication evidence Authenticate.
- the present disclosure provides a system-on-chip, including: a processor; and a memory storing a program that, when executed by the processor, causes the system-on-chip to perform the first aspect of the present disclosure
- a system-on-chip including: a processor; and a memory storing a program that, when executed by the processor, causes the system-on-chip to perform the first aspect of the present disclosure
- the present disclosure provides an authentication device for authenticating a system on chip, including: a processor; and a memory storing a program that, when executed by the processor, causes the authentication
- the device executes the method provided by the second aspect of the present disclosure and the methods in the following multiple embodiments.
- the present disclosure provides a computer program product, including a computer program for authenticating a system-on-chip, when the computer program is executed by a processor, the method and the method provided in the first aspect of the present disclosure are implemented. It will hereinafter describe the methods of multiple embodiments, or realize the method provided by the second aspect of the present disclosure and its methods in hereinafter described multiple embodiments.
- the present disclosure provides an authentication system for authenticating a system-on-chip, including: at least one system-on-chip as described above, which is configured to execute the method provided in the first aspect of the present disclosure and will be described in The method in the multiple embodiments described below, so as to generate the authentication evidence; and the aforementioned authentication device, which is configured to execute the method provided by the second aspect of the present disclosure and its multiple embodiments described below A method for authenticating whether the system-on-chip in the running phase is authentic according to the authentication evidence.
- the present disclosure can realize effective security authentication of the system on chip, especially effective authentication of the system on chip during the running phase.
- the scheme of the present disclosure determines the authentication evidence through the first authentication information on the authentication device side and the second authentication information on the SoC side, so that the authentication device uses the authentication evidence to authenticate whether the SoC in the running phase is credible.
- the authentication scheme disclosed in the present disclosure no additional dedicated hardware needs to be added in the whole authentication process, thereby effectively reducing the authentication cost.
- the system on chip can be applied to low-cost technical fields (such as low-cost Internet of Things field), thereby broadening the application market of the system on chip.
- the authentication evidence of the present disclosure may include sensitive information about the SoC, for example, the sensitive information may include encrypted system configuration parameters and system memory filling values. Based on such setting, through the authentication of the aforementioned sensitive information, the solution of the present disclosure can not only confirm whether the SoC in the startup phase is credible, but also can confirm in time whether the SoC in the running phase is credible. Therefore, the solution disclosed in the present disclosure ensures the security of the system on chip, and further enhances the security authentication level of the system on chip.
- FIG. 1 is a structural diagram showing a board according to an embodiment of the present disclosure
- FIG. 2 is a structural diagram illustrating a combination processing device according to an embodiment of the present disclosure
- FIG. 3 is a schematic diagram showing the internal structure of a computing device according to an embodiment of the present disclosure.
- FIG. 4 is a schematic diagram showing the internal structure of a processor core according to an embodiment of the present disclosure
- FIG. 5 is a schematic diagram illustrating a data writing process between processing cores of different clusters according to an embodiment of the present disclosure
- Figure 6A is a flowchart illustrating a method for authenticating a system-on-chip according to one embodiment of the present disclosure
- FIG. 6B is a flowchart illustrating a method of generating authentication evidence according to one embodiment of the present disclosure
- FIG. 7A is a flowchart illustrating a method for authenticating a system on chip according to another embodiment of the present disclosure
- FIG. 7B is a flow chart illustrating a method for authenticating a system-on-chip according to an authentication evidence according to another embodiment of the present disclosure
- FIG. 8 is a schematic diagram illustrating an authentication interaction process between devices in an authentication system according to an embodiment of the present disclosure.
- Fig. 9 is a schematic diagram illustrating an authentication interaction process between devices in an authentication system according to another embodiment of the present disclosure.
- the term “if” may be interpreted as “when” or “once” or “in response to determining” or “in response to detecting” depending on the context.
- the phrase “if determined” or “if [the described condition or event] is detected” may be construed, depending on the context, to mean “once determined” or “in response to the determination” or “once detected [the described condition or event] ]” or “in response to detection of [described condition or event]”.
- FIG. 1 shows a schematic structural diagram of a board 10 according to an embodiment of the present disclosure.
- the board 10 includes a chip 101, which is a system-on-chip SoC, or system-on-chip, integrated with one or more combination processing devices, and the combination processing device is an artificial intelligence computing unit for It supports various deep learning and machine learning algorithms to meet the intelligent processing requirements in complex scenarios in the fields of computer vision, speech, natural language processing, and data mining.
- the combination processing device is an artificial intelligence computing unit for It supports various deep learning and machine learning algorithms to meet the intelligent processing requirements in complex scenarios in the fields of computer vision, speech, natural language processing, and data mining.
- deep learning technology is widely used in the field of cloud intelligence.
- a notable feature of cloud intelligence applications is the large amount of input data, which has high requirements for the storage capacity and computing power of the platform.
- the board 10 of this embodiment is suitable for cloud intelligence applications. Applications, with huge off-chip storage, on-chip storage and a lot of computing power.
- the chip 101 is connected to an external device 103 through an external interface device 102 .
- the external device 103 is, for example, a server, a computer, a camera, a display, a mouse, a keyboard, a network card or a wifi interface, and the like.
- the data to be processed can be transmitted to the chip 101 by the external device 103 through the external interface device 102 .
- the calculation result of the chip 101 can be sent back to the external device 103 via the external interface device 102 .
- the external interface device 102 may have different interface forms, such as a PCIe interface and the like.
- the board 10 also includes a storage device 104 for storing data, which includes one or more storage units 105 .
- the storage device 104 is connected and data transmitted with the control device 106 and the chip 101 through the bus.
- the control device 106 in the board 10 is configured to regulate the state of the chip 101 .
- the control device 106 may include a microcontroller (Micro Controller Unit, MCU).
- FIG. 2 is a block diagram showing the combined processing means in the chip 101 of this embodiment.
- combined processing means 20 includes computing means 201, interface means 202, processing means 203 and DRAM 204.
- the computing device 201 is configured to perform operations specified by the user, and is mainly implemented as a single-core intelligent processor or a multi-core intelligent processor for performing deep learning or machine learning calculations, which can interact with the processing device 203 through the interface device 202 to Work together to complete user-specified operations.
- the interface device 202 is used to transmit data and control instructions between the computing device 201 and the processing device 203 .
- the computing device 201 may obtain input data from the processing device 203 via the interface device 202 and write it into a storage device on the computing device 201 .
- the computing device 201 may obtain control instructions from the processing device 203 via the interface device 202 and write them into the control cache on the chip of the computing device 201 .
- the interface device 202 may also read data in the storage device of the computing device 201 and transmit it to the processing device 203 .
- the processing device 203 performs basic control including but not limited to data transfer, starting and/or stopping the computing device 201 .
- the processing device 203 may be one or more types of a central processing unit (central processing unit, CPU), a graphics processing unit (graphics processing unit, GPU) or other general-purpose and/or special-purpose processors.
- processors including but not limited to digital signal processors (digital signal processors, DSPs), application specific integrated circuits (application specific integrated circuits, ASICs), field-programmable gate arrays (field-programmable gate arrays, FPGAs) or other Programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc., and the number thereof can be determined according to actual needs.
- the computing device 201 of the present disclosure can be regarded as having a single-core structure or a homogeneous multi-core structure. However, when considering the integration of the computing device 201 and the processing device 203 together, they are considered to form a heterogeneous multi-core structure.
- the DRAM 204 is used to store data to be processed, and is a DDR memory, usually 16G or larger in size, for storing data of the computing device 201 and/or the processing device 203.
- FIG. 3 shows a schematic diagram of the internal structure of the computing device 201 .
- the computing device 201 is used for processing input data such as computer vision, speech, natural language, and data mining.
- the computing device 201 in the figure adopts a multi-core hierarchical structure design, and the computing device 201 is a system-on-chip, which includes multiple clusters, and each cluster includes multiple processor cores. In other words, the computing device 201 is structured at the level of SoC-cluster-processor core.
- the computing device 201 includes an external storage controller 301 , a peripheral communication module 302 , an on-chip interconnection module 303 , a synchronization module 304 and multiple clusters 305 .
- the peripheral communication module 302 is used for receiving a control signal from the processing device 203 through the interface device 202 to start the computing device 201 to execute tasks.
- the on-chip interconnection module 303 connects the external memory controller 301 , the peripheral communication module 302 and multiple clusters 305 to transmit data and control signals among the various modules.
- the synchronization module 304 is a global synchronization barrier controller (global barrier controller, GBC), which is used to coordinate the work progress of each cluster and ensure the synchronization of information.
- GBC global barrier controller
- a plurality of clusters 305 are the computing cores of the computing device 201 , exemplarily four are shown in the figure. With the development of hardware, the computing device 201 of the present disclosure may also include 8, 16, 64, or even more clusters 305 . Cluster 305 is used to efficiently execute deep learning algorithms.
- each cluster 305 includes a plurality of processor cores (IPU core) 306 and a storage core (MEM core) 307.
- processor cores IPU core
- MEM core storage core
- processor cores 306 are exemplarily shown in the figure, and the present disclosure does not limit the number of processor cores 306 . Its internal architecture is shown in Figure 4. Each processor core 306 includes three modules: a control module 41 , an operation module 42 and a storage module 43 .
- the control module 41 is used to coordinate and control the work of the operation module 42 and the storage module 43 to complete the task of deep learning, which includes an instruction fetch unit (instruction fetch unit, IFU) 411 and an instruction decoding unit (instruction decode unit, IDU) 412.
- the instruction fetching unit 411 is used to obtain instructions from the processing device 203 , and the instruction decoding unit 412 decodes the obtained instructions and sends the decoding results to the computing module 42 and the storage module 43 as control information.
- the operation module 42 includes a vector operation unit 421 and a matrix operation unit 422 .
- the vector operation unit 421 is used to perform vector operations, and can support complex operations such as vector multiplication, addition, and nonlinear transformation;
- the matrix operation unit 422 is responsible for the core calculation of the deep learning algorithm, namely matrix multiplication and convolution.
- the storage module 43 is used to store or carry relevant data, including a neuron storage unit (neuron RAM, NRAM) 431, a weight storage unit (weight RAM, WRAM) 432, an input/output direct memory access module (input/output direct memory access) , IODMA) 433, moving direct memory access module (move direct memory access, MVDMA) 434.
- NRAM 431 is used to store the input and output data and intermediate results calculated by processor core 306;
- WRAM 432 is used to store the weights of the deep learning network;
- IODMA 433 controls the access of NRAM 431/WRAM 432 and DRAM 204 through broadcast bus 309
- MVDMA 434 is used to control the memory access of NRAM 431/WRAM 432 and SRAM 308.
- the storage core 307 is mainly used for storage and communication, that is, storing shared data or intermediate results between the processor cores 306, and performing communication between the cluster 305 and the DRAM 204, communication between the clusters 305, processors communication between the cores 306 and the like.
- the storage core 307 has a scalar operation capability, and is used for performing scalar operations.
- the storage core 307 includes a shared memory unit (SRAM) 308, a broadcast bus 309, a cluster direct memory access module (cluster direct memory access, CDMA) 310 and a global direct memory access module (global direct memory access, GDMA) 311.
- SRAM shared memory unit
- CDMA cluster direct memory access
- GDMA global direct memory access module
- the SRAM 308 assumes the role of a high-performance data transfer station.
- the data multiplexed between different processor cores 306 in the same cluster 305 does not need to be obtained from the DRAM 204 through the processor cores 306 respectively, but is transferred to the processor through the SRAM 308.
- Inter-nuclear 306 transit.
- the storage core 307 only needs to quickly distribute the multiplexed data from the SRAM 308 to multiple processor cores 306, so as to improve the communication efficiency between cores and greatly reduce on-chip and off-chip input/output access.
- the broadcast bus 309, the CDMA 310 and the GDMA 311 are respectively used to perform communication between the processor cores 306, communication between the clusters 305, and data transmission between the clusters 305 and the DRAM 204. They will be described separately below.
- the broadcast bus 309 is used to complete high-speed communication among the processor cores 306 in the cluster 305.
- the broadcast bus 309 of this embodiment supports inter-core communication methods including unicast, multicast and broadcast.
- Unicast refers to point-to-point (that is, a single processor core to a single processor core) data transmission
- multicast is a communication method that transmits a piece of data from the SRAM 308 to specific processor cores 306, and broadcasting is to transfer a data
- a communication method in which data is transmitted from SRAM 308 to all processor cores 306 belongs to a special case of multicast.
- the CDMA 310 is used to control the memory access of the SRAM 308 between different clusters 305 in the same computing device 201.
- FIG. 5 shows a schematic diagram when one processor core intends to write data to another cluster of processor cores to illustrate the working principle of CDMA 310.
- the same computing device includes multiple clusters.
- cluster 0 and cluster 1 are shown in the figure, and cluster 0 and cluster 1 include multiple processor cores respectively.
- cluster 0 in the figure only shows processor core 0, and cluster 1 only shows processor core 1.
- Processor core 0 intends to write data to processor core 1.
- processor core 0 sends a unicast write request to write data into local SRAM 0, CDMA 0 acts as the master (master), and CDMA 1 acts as the slave (slave) end.
- the master pushes the write request to the slave, that is, the master sends the write address AW and write data W, and transfers the data to SRAM 1 of cluster 1.
- the slave sends a write response B as a response, and finally processor core 1 of cluster 1 sends a unicast read request to read data from SRAM 1.
- the GDMA 311 cooperates with the external storage controller 301 to control the memory access from the SRAM 308 of the cluster 305 to the DRAM 204, or to read data from the DRAM 204 to the SRAM 308.
- the communication between the DRAM 204 and the NRAM 431 or WRAM 432 can be realized through two channels.
- the first channel is to directly contact DRAM 204 and NRAM 431 or WRAM 432 through IODAM 433;
- the second channel is to first transmit data between DRAM 204 and SRAM 308 through GDMA 311, and then make data transfer between SRAM 308 and NRAM through MVDMA 434 431 or WRAM 432 transfer.
- the bandwidth of the second channel is much greater than that of the first channel. Therefore, communication between DRAM 204 and NRAM 431 or WRAM 432 may be more efficient through the second channel.
- the embodiment of the present disclosure can select a data transmission channel according to its own hardware conditions.
- the functionality of the GDMA 311 and the functionality of the IODMA 433 may be integrated into the same component.
- this disclosure considers GDMA 311 and IODMA 433 as different components.
- the function of GDMA 311, the function of IODMA 433, the function of CDMA 310, and the function of MVDMA 434 can also be realized by the same component. protection scope of this disclosure.
- this disclosure proposes to use the authentication device to interact with the SoC to obtain authentication evidence from the SoC , so that the authenticity of the system on chip can be authenticated by using the authentication evidence.
- the generation of authentication evidence at the system-on-chip side of the present disclosure involves the application of a device identity combination engine (DICE).
- DICE device identity combination engine
- TCG Trusted Computing Group
- TCG Trusted Computing Group
- DICE can divide the entire boot process into multiple layers, and use a unique device secret (UDS, Unique Device Secret) known only to DICE to create confidential information unique to each software layer in secure boot.
- UDS Unique Device Secret
- schemes of the present disclosure use DICE to form authentication evidence for authentication.
- FIG. 6A is a flowchart illustrating a method 600 for authenticating a system-on-chip according to one embodiment of the present disclosure. It can be understood that the system-on-chip here may be the system-on-chip described above in conjunction with FIG. 1 to FIG. 5 , so the above description about the system-on-chip is also applicable to the following description.
- an authentication request for authenticating a system on chip is received from an authentication device, wherein the authentication request includes first authentication information.
- the aforementioned first authentication information may be dynamically generated by the authentication device, and may be used to indicate the validity of the authentication evidence in the context of the present disclosure.
- the first authentication information may include a random number, such as a Nonce value. It can be understood that, here, the random number is used as an example to describe the first authentication information for the purpose of illustration only.
- the present disclosure does not place any limitation on the specific content of the first authentication information, and therefore other information that can be used to indicate the timeliness of the authentication evidence is also applicable to the solution of the present disclosure.
- an authentication proof is determined according to the first authentication information and the second authentication information.
- the second authentication information can be obtained from the system on chip.
- the second authentication information may include sensitive information of the SoC and a key dynamically generated based on the device identity combination engine DICE.
- the aforementioned sensitive information may include encrypted system configuration parameters (SysCfg) and system memory fill values (MemFill).
- the encryption here may include, but not limited to, encryption based on one-way operations (such as HASH, HMAC, and MD5, etc.).
- the present disclosure proposes to obtain the unique identification information (SoCID) of the system on chip, and let the device identification combination engine DICE perform the following steps: use the unique identification information to generate the unique device secret UDS , and generate an asymmetrically encrypted key based on the unique device secret.
- a random number is dynamically generated based on a device identification combination engine, and a one-way operation is performed on the random number and the unique identification information (the one-way operation here includes but is not limited to HASH, HMAC and other algorithms) to obtain the unique device secret UDS.
- unique identification information SoCID may be generated each time the system on chip is started. Through such a generation method, the authentication scheme of the present disclosure does not need to securely store the unique identification information SoCID, thereby simplifying the authentication operation.
- the following operations can be performed by the device identity combination engine DICE: The integrity of image loading is measured to obtain the measurement value of each software layer; then, a one-way operation is performed on the measurement value of all software layers and the unique device secret (the one-way operation here includes but is not limited to HASH, HMAC and other algorithms) to obtain the initial value of the key; finally, perform a key derivation operation (such as a KDF key derivation function) on the initial value of the key to obtain the key.
- a key derivation operation such as a KDF key derivation function
- the solution of the present disclosure only needs to deploy the one-way operation in DICE in the process of obtaining the initial value of the key, instead of deploying the one-way operation hierarchically in each software layer as in the prior art Therefore, the disclosed solution effectively simplifies the entire deployment process and improves the key generation efficiency.
- the above-mentioned specific generation process of the UDS and the key is only a possible implementation, and the solution of the present disclosure is not limited thereto. According to the teaching of the present disclosure, those skilled in the art can also take other suitable steps or ways to realize the generation of UDS and key.
- the keys mentioned above in this disclosure may include public keys and private keys.
- the process of generating the authentication evidence in the aforementioned step S602 can be realized through the steps S602-1 and S602-2 shown in FIG. 6B.
- DICE may encrypt and sign sensitive information (such as the aforementioned SysCfg and MemFill) and first authentication information (such as the aforementioned Nonce value) according to the aforementioned private key.
- DICE may generate an authentication evidence according to the public key, the encrypted and signed sensitive information, and the first authentication information.
- step S603 the authentication evidence is sent to the authentication device, so that the authentication device uses the authentication evidence to authenticate whether the SoC in the running phase is credible.
- the authentication process on the SOC side of the present disclosure is exemplarily described above with reference to FIG. 6A and FIG. 6B .
- the authentication process of the SOC initiated from the authentication device side will be described below in conjunction with FIG. 7A and FIG. 7B .
- FIG. 7A is a flowchart illustrating a method 700 for authenticating a system on chip according to another embodiment of the present disclosure.
- the system-on-chip here may be the system-on-chip described above in conjunction with FIG. 1 to FIG. 5 , so the above description about the system-on-chip is also applicable to the following description.
- an authentication request for initiating authentication of the SoC is generated, wherein the authentication request includes first authentication information.
- the aforementioned first authentication information can be dynamically generated by the authentication device every time the authentication request is generated, and can be used to indicate the timeliness of the authentication evidence in the context of the present disclosure, so that the authentication evidence generated this time only valid during this certification process.
- the foregoing first authentication information may include a random number, such as a Nonce value. It can be understood that, here, the random number is used as an example to describe the first authentication information for the purpose of illustration only.
- step S702 an authentication request is sent to the SOC, so that when the SOC receives the authentication request, the authentication evidence is determined based on the second authentication information and the first authentication information.
- the second authentication information and authentication evidence here may be the authentication evidence described above in conjunction with FIG. 6 , so the foregoing descriptions about the second authentication information and authentication evidence are also applicable to the description below.
- an authentication evidence is received from the system on chip, and at step S704, whether the system on chip at the running stage is authentic is authenticated according to the authentication evidence.
- the authentication device determines whether the SoC is authentic according to the authentication evidence, it may be implemented through the steps shown in FIG. 7B .
- reference evidence related to authenticating the SoC is obtained.
- the foregoing reference evidence includes a reference public key and reference sensitive information.
- the reference public key in one embodiment, it can be obtained by performing an encryption operation on the public key in the aforementioned keys.
- the aforementioned reference public key may be stored in a memory (such as a database) on the side of the authentication device.
- the above benchmark sensitive information may also be stored in a memory on the side of the authentication device.
- the baseline sensitive information here may also include the sensitive information mentioned above on the system-on-chip side, that is, encrypted system configuration parameters and system memory filling values.
- encryption here may also include, but not limited to, encryption operations performed based on one-way operations (such as HASH, HMAC, and MD5, etc.).
- the system configuration parameters and system The memory fill value should be configured to have the same value to facilitate authentication during later runtime stages.
- the aforementioned judging operation can be performed based on whether the public key and sensitive information match or not.
- the public key in the authentication evidence can be verified according to the aforementioned reference public key.
- the public key in the aforementioned authentication evidence may be encrypted by using an encryption operation (such as HASH, HMAC, etc.) used by the aforementioned reference public key.
- an encryption operation such as HASH, HMAC, etc.
- the sensitive information in the aforementioned authentication evidence can be decrypted according to the public key.
- the aforementioned determination operation is only a possible implementation manner, and the solution of the present disclosure is not limited thereto. According to the teaching of the present disclosure, those skilled in the art may also take other appropriate steps or methods to determine whether the aforementioned reference evidence matches the authentication evidence.
- step S704-3 that is, the on-chip The system is trustworthy.
- step S704-4 that is, The system-on-chip at the run stage is determined to be untrusted.
- the authentication device as the authentication initiator can infer that the system-on-chip is already in an untrusted state at this time, and can perform further measures to eliminate potential risks, such as forcibly shutting down the entire system-on-chip, overhaul or maintenance.
- FIG. 8 is a schematic diagram illustrating an authentication interaction process 800 between devices in an authentication system according to an embodiment of the present disclosure.
- the authentication system of the present disclosure may include an authentication device and at least one SoC.
- the system on chip here may be the system on chip described above in conjunction with FIGS. 1 to 7
- the authentication device here may be the authentication device described above in connection with FIGS. 6 and 7 . Therefore, the foregoing descriptions about the system on chip and the authentication device are also applicable to the following descriptions. The interaction between the authentication device and the SoC will be described in detail below.
- an authentication request for authenticating the SoC is initiated, wherein the authentication request includes first authentication information.
- the first authentication information here is the first authentication information described above in conjunction with FIG. 6 to FIG. timeliness.
- the first authentication information may include a dynamically randomly generated Nonce value. It can be understood that, here, the random number is used as an example to describe the first authentication information for the purpose of illustration only.
- the aforementioned authentication request is sent to the system on chip, so as to wait for the system on chip to return the authentication proof.
- an authentication request from the authentication device is received and at step S804, authentication evidence is determined according to the first authentication information and the second authentication information.
- the second authentication information and authentication evidence here may be the second authentication information and authentication evidence described above in conjunction with FIG. 6 and FIG. 7 .
- the above-mentioned second authentication information may include the sensitive information of the system on chip and the public key and private key dynamically generated based on the device identity combination engine DICE, and the above-mentioned authentication evidence may include the above-mentioned public key, The sensitive information and the first authentication information encrypted and signed by the aforementioned private key.
- step S805 the aforementioned authentication evidence is sent to the authentication device, so that the aforementioned authentication device performs a subsequent authentication process based on the authentication evidence.
- step S806 an authentication proof from the SoC side is received.
- step S807 whether the system-on-chip in the running stage is authentic is authenticated according to the authentication evidence.
- the authentication of whether the system on chip is authentic in one embodiment, it can be implemented with reference to the authentication process described in step S704-1, step S704-2, step S704-3 and step S704-4 in FIG. 7 .
- the authentication device and the system-on-chip in FIG. 8 may be arranged at different distances. Therefore, the two can communicate and connect in different ways to achieve authentication. When the two are relatively close to each other, they can be connected through short-distance communication technology (such as Bluetooth communication technology, Wi-Fi communication technology, etc.) to complete the authentication. Conversely, when the two are far apart, they can be connected through long-distance communication technology (such as 4G/5G communication technology) to complete the authentication.
- short-distance communication technology such as Bluetooth communication technology, Wi-Fi communication technology, etc.
- long-distance communication technology such as 4G/5G communication technology
- the system-on-a-chip of the present disclosure may be arranged at a vehicle (for example, at an autonomous driving vehicle).
- the system on a chip can be arranged in a vehicle terminal.
- the aforementioned vehicle-mounted terminal may include a vehicle-mounted information collection device (such as a sensor, a camera, etc.) and a vehicle-mounted central control device (such as a processor), so that the convenience of device authentication in the field of automatic driving can be improved. sex and safety.
- the security level and performance of the device in the self-driving vehicle can be greatly improved, so that the system-on-chip of the present disclosure can better serve the self-driving vehicle.
- FIG. 9 is a schematic diagram illustrating an authentication interaction process 900 between devices in an authentication system according to another embodiment of the present disclosure.
- the authentication system includes an authentication device and at least one SoC.
- the system-on-chip here may be the system-on-chip described above in conjunction with FIG. 1 to FIG. 8 , so the foregoing description about the system-on-chip is also applicable to the following description.
- an authentication system including an authentication device and a system-on-chip is taken as an example for illustration:
- the system-on-chip In the startup phase, after the system-on-chip is powered on (BootUp), it first executes a solidified boot program, which can be stored in the BootRom (Boot Read-Only Memory) in the system-on-chip (Boot Read-Only Memory, a memory used to store the boot program, which can be viewed as as a small block of mask ROM or write-protected flash).
- the system-on-chip can run the above-mentioned startup program to generate the chip's unique SoCID (that is, the aforementioned unique identification information).
- the system on chip generates a unique SoCID of the chip every time it is started.
- the BootRom here may be a diskless boot ROM interface.
- the solution disclosed in the present disclosure can construct a diskless workstation by remotely starting the service, so that the unique SoCID of the chip can be obtained efficiently.
- DICE device identity combination engine
- K pub ie public key
- K priv ie private key
- the system-on-a-chip of the present disclosure completes the startup deployment and waits for authentication.
- the public key and system sensitive information may be stored in a database at the authentication device after the startup deployment is completed, so as to be used for later authentication operations of the authentication device.
- the authentication device sends an authentication request with a Nonce ("N" as shown in the figure) to the SoC during the running phase of the SoC, so that the Nonce value can be transferred step by step after the Nonce is received by the SoC to DICE.
- the authentication device dynamically generates the aforementioned Nonce value during each generation of the authentication request.
- the authentication device After the authentication device receives the aforementioned authentication evidence, it uses the reference public key H(K pub ) stored in the database of the authentication device to verify the authenticity of K pub (specifically, the encryption operation used by H(K pub ) is used to K pub is encrypted, and it is judged whether the encrypted K pub is consistent with H(K pub ). If the authenticity of K pub is true, K pub is used to decrypt the encrypted information in the aforementioned authentication evidence. Next, use the baseline sensitive information stored in the database of the authentication device to match (for example, whether they are the same) with the system configuration parameters (SysCfg) and key memory values (MemFill) in the aforementioned evidence.
- SysCfg system configuration parameters
- MemFill key memory values
- the devices or devices disclosed in this disclosure may include servers, cloud servers, server clusters, data processing devices, robots, computers, printers, scanners, tablet computers, smart terminals, PC equipment, Internet of Things terminals, mobile terminals , mobile phone, driving recorder, navigator, sensor, camera, camera, video camera, projector, watch, earphone, mobile storage, wearable device, visual terminal, automatic driving terminal, transportation, household appliances, and/or medical equipment .
- Said vehicles include airplanes, ships and/or vehicles; said household appliances include televisions, air conditioners, microwave ovens, refrigerators, rice cookers, humidifiers, washing machines, electric lights, gas stoves, range hoods; said medical equipment includes nuclear magnetic resonance instruments, Ultrasound and/or electrocardiograph.
- the devices or devices disclosed in the present disclosure can also be applied to fields such as the Internet, the Internet of Things, data centers, energy, transportation, public management, manufacturing, education, power grids, telecommunications, finance, retail, construction sites, and medical care.
- the device or device disclosed herein can also be used in application scenarios related to artificial intelligence, big data, and/or cloud computing, such as cloud, edge, and terminal.
- the device or device with high computing power according to the present disclosure can be applied to cloud devices (such as cloud servers), and the device or device with low power consumption can be applied to terminal devices and/or edge terminals Devices (such as smartphones or cameras).
- the hardware information of the cloud device and the hardware information of the terminal device and/or the edge device are compatible with each other, so that according to the hardware information of the terminal device and/or the edge device, the hardware resources of the cloud device can be Match appropriate hardware resources to simulate the hardware resources of terminal devices and/or edge devices, so as to complete the unified management, scheduling and collaborative work of device-cloud integration or cloud-edge-end integration.
- the present disclosure expresses some methods and their embodiments as a series of actions and combinations thereof, but those skilled in the art can understand that the solution of the present disclosure is not limited by the order of the described actions . Therefore, according to the disclosure or teaching of the present disclosure, those skilled in the art may understand that certain steps may be performed in other orders or simultaneously. Further, those skilled in the art can understand that the embodiments described in the present disclosure can be regarded as optional embodiments, that is, the actions or modules involved therein are not necessarily required for the realization of one or some solutions of the present disclosure. In addition, according to different schemes, the description of some embodiments in this disclosure also has different emphases. In view of this, those skilled in the art may understand the part that is not described in detail in a certain embodiment of the present disclosure, and may also refer to related descriptions of other embodiments.
- a unit described as a separate component may or may not be physically separated, and a component shown as a unit may or may not be a physical unit.
- the aforementioned components or units may be located at the same location or distributed over multiple network units.
- some or all of the units may be selected to achieve the purpose of the solutions described in the embodiments of the present disclosure.
- multiple units in the embodiments of the present disclosure may be integrated into one unit, or each unit exists physically independently.
- the above integrated units may be implemented in the form of software program modules. If implemented in the form of a software program module and sold or used as a stand-alone product, the integrated unit may be stored in a computer readable memory. Based on this, when the solution of the present disclosure is embodied in the form of a software product (such as a computer-readable storage medium), the software product can be stored in a memory, and it can include several instructions to make a computer device (such as a personal computer, a server, or Network devices, etc.) execute some or all of the steps of the methods described in the embodiments of the present disclosure.
- a computer device such as a personal computer, a server, or Network devices, etc.
- the aforementioned memory may include but not limited to U disk, flash disk, read-only memory ("Read Only Memory”, abbreviated as ROM), random access memory (“Random Access Memory”, abbreviated as RAM), mobile hard disk, magnetic disk Or various media such as CDs that can store program codes.
- ROM read-only memory
- RAM random access memory
- CDs compact discs
- the above-mentioned integrated units may also be implemented in the form of hardware, that is, specific hardware circuits, which may include digital circuits and/or analog circuits.
- the physical realization of the hardware structure of the circuit may include but not limited to physical devices, and the physical devices may include but not limited to devices such as transistors or memristors.
- various devices such as computing devices or other processing devices described herein may be implemented by appropriate hardware processors, such as CPU, GPU, FPGA, DSP, and ASIC.
- the aforementioned storage unit or storage device can be any suitable storage medium (including magnetic storage medium or magneto-optical storage medium, etc.), which can be, for example, a variable resistance memory ("Resistive Random Access Memory”, abbreviated as RRAM), dynamic random access memory (“Dynamic Random Access Memory”, abbreviated as DRAM), static random access memory (“Static Random Access Memory”, abbreviated as SRAM), enhanced dynamic random access memory (“Enhanced Dynamic Random Access Memory”, abbreviated as "EDRAM”), high bandwidth memory (“High Bandwidth Memory”, abbreviated as "HBM”), hybrid memory cube ("Hybrid Memory Cube”, abbreviated as "HMC”), ROM and RAM, etc.
- RRAM variable resistance memory
- DRAM dynamic random access memory
- SRAM static random access memory
- EDRAM enhanced dynamic random access memory
- HBM High Bandwidth Memory
- HMC Hybrid Memory Cube
- ROM and RAM etc.
- a method for authenticating a system on chip comprising:
- the authentication evidence is sent to the authentication device, so that the authentication device uses the authentication evidence to authenticate whether the system-on-chip in the running phase is authentic.
- Clause A2 The method according to Clause A1, wherein the first authentication information is dynamically generated by the authentication device, and the second authentication information includes sensitive information of the system-on-chip and an authentication information dynamically generated based on a device identity combination engine. key, the method also includes:
- the second authentication information is acquired at the system on chip.
- Clause A3 The method of clause A2, wherein the key is dynamically generated based on a device identity combination engine, the method further comprising:
- the key for asymmetric encryption is generated based on the unique device secret.
- Clause A4 The method of Clause A3, wherein in using the unique identification information to generate a unique device secret, the device identity combination engine performs:
- a one-way operation is performed on the random number and the unique identification information to obtain the unique device secret.
- Clause A5 The method of Clause A3, wherein in generating the key for asymmetric encryption based on the unique device secret, the device identity combination engine performs:
- Clause A6 The method of any one of clauses A2-A5, wherein said key comprises a public key and a private key, wherein determining authentication evidence based on said first authentication information and said second authentication information comprises in said During the operation phase of the above-mentioned system-on-chip, perform the following operations:
- the authentication evidence is generated according to the public key, the encrypted and signed sensitive information and the first authentication information.
- Clause A7 The method of Clause A6, wherein the sensitive information includes encrypted system configuration parameters and system memory fill values.
- a method for authenticating a system on chip comprising:
- the authentication request includes first authentication information
- Clause A9 The method of Clause A8, wherein the first authentication information comprises a random number, the method comprising:
- the random number is dynamically generated.
- Clause A10 The method of Clause A8, wherein authenticating based on the authentication evidence whether the system-on-a-chip in the runtime phase is authentic comprises:
- Clause A12 The method of Clause A10 or Clause A11, wherein the baseline sensitive information includes encrypted system configuration parameters and system memory fill values.
- a method for authenticating a system on a chip comprising:
- a system on a chip comprising:
- a memory storing a program which, when executed by the processor, causes the system-on-chip to perform the method according to any one of clauses A1-A7.
- An authentication device for authenticating a system on a chip comprising:
- a memory storing a program which, when executed by the processor, causes the authentication device to perform the method according to any one of clauses A8-A12.
- Clause A16 A computer program product comprising a computer program for authenticating a system-on-chip, which computer program, when executed by a processor, implements any of clauses A1-A7 or clauses A8-A12 method.
- An authentication system for authenticating a system on a chip comprising:
- At least one system-on-chip according to clause A14 configured to perform the method according to any one of clauses A1-A7 in order to generate said proof of authentication
- An authentication device configured to perform the method according to any one of clauses A8-A12, in order to authenticate whether said system-on-chip in a run phase is authentic based on said authentication evidence.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Mathematical Physics (AREA)
- Computing Systems (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Storage Device Security (AREA)
Abstract
A method for authenticating a system on chip, and a related product, which relate to the technical field of authentication. The related product comprises a system on chip, an authentication device, a computer program product and an authentication system. The product may be comprised in a computing processing apparatus of a combined processing apparatus, wherein the computing processing apparatus may comprise one or more data processing apparatuses; the combined processing apparatus may further comprise an interface apparatus and other processing apparatuses; the computing processing apparatus interacts with the other processing apparatuses, so as to jointly complete a computing operation specified by a user; and the combined processing apparatus may further comprise a storage apparatus, which is respectively connected to a device and the other processing apparatuses, and is used for storing the data of the device and the other processing apparatuses. By means of the method and the related product, it is possible to authenticate whether a system on chip in a running stage can be trusted.
Description
相关申请的交叉引用Cross References to Related Applications
本公开要求于2021年6月30日申请的、申请号为2021107347893、发明名称为“用于对片上系统进行认证的方法及相关产品”的中国专利申请的优先权。This disclosure claims the priority of the Chinese patent application with the application number 2021107347893 and the title of the invention "Method for Authenticating System-on-Chip and Related Products" filed on June 30, 2021.
本公开一般地涉及认证技术领域。更具体地,本公开涉及一种用于对片上系统进行认证的方法、用于执行前述方法的片上系统、认证设备和计算机程序产品以及包括前述片上系统和认证设备的认证系统。The present disclosure relates generally to the field of authentication technologies. More specifically, the present disclosure relates to a method for authenticating a system on chip, a system on chip for performing the aforementioned method, an authentication device and a computer program product, and an authentication system including the aforementioned system on chip and the authentication device.
随着片上系统技术的不断提升,其被广泛应用于多个技术领域。通常所说的片上系统(System on Chip,简写“SoC”)是指在单个芯片上集成微电子应用产品所需全部功能的系统。目前对于片上系统的研究多偏向于片上系统的算力方面,而涉及对片上系统(特别是运行阶段的片上系统)的安全性的研究还并不充分。特别地,在现有相关技术中,即便存在对片上系统的安全性进行认证的操作,该操作也需要搭建额外的专用硬件(例如可信任平台模块TPM(Trusted Platform Module))来实现。鉴于此,可以看出当前对片上系统的认证过程不仅繁琐和低效,并且还增加了认证的成本。With the continuous improvement of SoC technology, it is widely used in many technical fields. The so-called System on Chip (System on Chip, abbreviated as "SoC") refers to a system that integrates all the functions required by microelectronics application products on a single chip. At present, the research on SoCs is mostly biased towards the computing power of SoCs, but the research on the security of SoCs (especially the SoCs in the running stage) is not enough. In particular, in the existing related technologies, even if there is an operation to authenticate the security of the system-on-chip, this operation needs to be implemented by building additional dedicated hardware (such as a trusted platform module TPM (Trusted Platform Module)). In view of this, it can be seen that the current system-on-chip certification process is not only cumbersome and inefficient, but also increases the cost of certification.
发明内容Contents of the invention
鉴于上述背景技术部分所提及的技术问题,本公开提出一种用于对片上系统进行认证的方案。利用本公开的方案,无需增加额外的专用硬件即可实现对片上系统的认证。特别地,对于运行阶段的片上系统,本公开的认证方案不仅降低对片上系统的认证成本,同时还确保了片上系统的安全性,并进而提升了片上系统的安全认证等级。为此,本公开在如下的多个方面中提供用于对片上系统进行认证的方案。In view of the technical problems mentioned in the background technology section above, this disclosure proposes a scheme for authenticating a system on chip. With the solution disclosed in the present disclosure, the system-on-chip authentication can be realized without adding additional dedicated hardware. Especially, for the SoC in the running stage, the authentication scheme disclosed in the present disclosure not only reduces the cost of certification for the SoC, but also ensures the security of the SoC, and further improves the safety certification level of the SoC. To this end, the present disclosure provides a scheme for authenticating a system on chip in the following aspects.
在第一方面中,本公开提供了一种用于对片上系统进行认证的方法,包括:从认证设备接收对片上系统进行认证的认证请求,其中所述认证请求包括第一认证信息;根据所述第一认证信息和第二认证信息确定认证证据;以及向所述认证设备发送所述认证证据,以便所述认证设备利用所述认证证据对运行阶段的所述片上系统是否可信进行认证。In a first aspect, the present disclosure provides a method for authenticating a system-on-chip, including: receiving an authentication request for authenticating the system-on-chip from an authentication device, wherein the authentication request includes first authentication information; according to the The first authentication information and the second authentication information determine an authentication evidence; and send the authentication evidence to the authentication device, so that the authentication device uses the authentication evidence to authenticate whether the system-on-chip in the running phase is credible.
在第二方面中,本公开提供了一种用于对片上系统进行认证的方法,包括:生成用于发起对所述片上系统进行认证的认证请求,其中所述认证请求包括第一认证信息;向所述片上系统处发送所述认证请求,以便在所述片上系统处接收到所述认证请求时,基于第二认证信息和所述第一认证信息确定认证证据;从所述片上系统处接收所述认证证据;以及根据所述认证证据对运行阶段的所述片上系统是否可信进行认证。In a second aspect, the present disclosure provides a method for authenticating a system-on-chip, comprising: generating an authentication request for initiating authentication of the system-on-chip, wherein the authentication request includes first authentication information; sending the authentication request to the system-on-chip, so that when the authentication request is received in the system-on-chip, determining authentication evidence based on the second authentication information and the first authentication information; receiving from the system-on-chip the authentication evidence; and authenticating whether the system-on-chip in the running phase is authentic according to the authentication evidence.
在第三方面中,本公开提供了一种用于对片上系统进行认证的方法,包括:在认证设备处执行:用于发起对所述片上系统进行认证的认证请求,其中所述认证请求包括第一认证信息;向所述片上系统处发送所述认证请求;在处于运行阶段的片上系统处执行:接收来自于所述认证设备的所述认证请求;根据所述第一认证信息和第二认 证信息确定认证证据;以及向所述认证设备发送所述认证证据;在所述认证设备处执行:接收所述认证证据;以及根据所述认证证据对处于运行阶段的所述片上系统是否可信进行认证。In a third aspect, the present disclosure provides a method for authenticating a system-on-chip, including: executing at an authentication device: initiating an authentication request for authenticating the system-on-chip, wherein the authentication request includes first authentication information; sending the authentication request to the system-on-chip; executing at the system-on-chip in the running phase: receiving the authentication request from the authentication device; according to the first authentication information and the second The authentication information determines authentication evidence; and sends the authentication evidence to the authentication device; performs at the authentication device: receiving the authentication evidence; and whether the system-on-a-chip in the running phase is trusted according to the authentication evidence Authenticate.
在第四方面中,本公开提供了一种片上系统,包括:处理器;以及存储器,其存储有程序,当所述程序由处理器执行时,使得所述片上系统执行本公开的第一方面提供的方法以及在下文多个实施例中的方法。In a fourth aspect, the present disclosure provides a system-on-chip, including: a processor; and a memory storing a program that, when executed by the processor, causes the system-on-chip to perform the first aspect of the present disclosure Methods are provided as well as in the various examples below.
在第五方面中,本公开提供了一种用于对片上系统进行认证的认证设备,包括:处理器;以及存储器,其存储有程序,当所述程序由处理器执行时,使得所述认证设备执行本公开的第二方面提供的方法以及在下文多个实施例中的方法。In a fifth aspect, the present disclosure provides an authentication device for authenticating a system on chip, including: a processor; and a memory storing a program that, when executed by the processor, causes the authentication The device executes the method provided by the second aspect of the present disclosure and the methods in the following multiple embodiments.
在第六方面中,本公开提供了一种计算机程序产品,包括用于对片上系统进行认证的计算机程序,所述计算机程序在被处理器执行时,实现本公开的第一方面提供的方法及其将在下文描述的多个实施例的方法,或者实现本公开的第二方面提供的方法及其将在下文描述的多个实施例中的方法。In a sixth aspect, the present disclosure provides a computer program product, including a computer program for authenticating a system-on-chip, when the computer program is executed by a processor, the method and the method provided in the first aspect of the present disclosure are implemented. It will hereinafter describe the methods of multiple embodiments, or realize the method provided by the second aspect of the present disclosure and its methods in hereinafter described multiple embodiments.
在第七方面中,本公开提供了一种用于对片上系统进行认证的认证系统,包括:至少一个如前述的片上系统,其配置成执行本公开的第一方面提供的方法及其将在下文描述的多个实施例中的方法,以便生成所述认证证据;以及如前述的认证设备,其配置成执行本公开的第二方面提供的方法及其将在下文描述的多个实施例中的方法,以便根据所述认证证据来认证运行阶段的所述片上系统是否可信。In a seventh aspect, the present disclosure provides an authentication system for authenticating a system-on-chip, including: at least one system-on-chip as described above, which is configured to execute the method provided in the first aspect of the present disclosure and will be described in The method in the multiple embodiments described below, so as to generate the authentication evidence; and the aforementioned authentication device, which is configured to execute the method provided by the second aspect of the present disclosure and its multiple embodiments described below A method for authenticating whether the system-on-chip in the running phase is authentic according to the authentication evidence.
通过如上多个方面中所提供的方案,本公开可以实现对片上系统的有效安全认证,特别是运行阶段时的片上系统的有效认证。具体地,本公开的方案通过认证设备侧的第一认证信息和片上系统侧的第二认证信息来确定认证证据,以便认证设备利用认证证据对运行阶段的片上系统是否可信进行认证。通过本公开的认证方案,整个认证过程无需增加额外的专用硬件,从而有效降低了认证成本。由此,可以使得片上系统应用到低成本的技术领域(例如低成本的物联网领域)中,从而拓宽了片上系统的应用市场。进一步,在一些实施场景中,本公开的认证证据中可以包括关于片上系统的敏感信息,该敏感信息例如可以包含经加密的系统配置参数和系统内存填充值。基于这样的设置,通过对前述这些敏感信息的认证,本公开的方案不仅能够确认启动阶段的片上系统是否可信,还能够及时确认运行阶段的片上系统是否可信。由此,本公开的方案确保了片上系统的安全性,并进而增强了片上系统的安全认证等级。Through the solutions provided in the above multiple aspects, the present disclosure can realize effective security authentication of the system on chip, especially effective authentication of the system on chip during the running phase. Specifically, the scheme of the present disclosure determines the authentication evidence through the first authentication information on the authentication device side and the second authentication information on the SoC side, so that the authentication device uses the authentication evidence to authenticate whether the SoC in the running phase is credible. Through the authentication scheme disclosed in the present disclosure, no additional dedicated hardware needs to be added in the whole authentication process, thereby effectively reducing the authentication cost. Thus, the system on chip can be applied to low-cost technical fields (such as low-cost Internet of Things field), thereby broadening the application market of the system on chip. Further, in some implementation scenarios, the authentication evidence of the present disclosure may include sensitive information about the SoC, for example, the sensitive information may include encrypted system configuration parameters and system memory filling values. Based on such setting, through the authentication of the aforementioned sensitive information, the solution of the present disclosure can not only confirm whether the SoC in the startup phase is credible, but also can confirm in time whether the SoC in the running phase is credible. Therefore, the solution disclosed in the present disclosure ensures the security of the system on chip, and further enhances the security authentication level of the system on chip.
通过参考附图阅读下文的详细描述,本公开示例性实施方式的上述以及其他目的、特征和优点将变得易于理解。在附图中,以示例性而非限制性的方式示出了本公开的若干实施方式,并且相同或对应的标号表示相同或对应的部分,其中:The above and other objects, features and advantages of exemplary embodiments of the present disclosure will become readily understood by reading the following detailed description with reference to the accompanying drawings. In the drawings, several embodiments of the present disclosure are shown by way of illustration and not limitation, and the same or corresponding reference numerals indicate the same or corresponding parts, wherein:
图1是示出根据本公开实施例的板卡的结构图;FIG. 1 is a structural diagram showing a board according to an embodiment of the present disclosure;
图2是示出根据本公开实施例的组合处理装置的结构图;FIG. 2 is a structural diagram illustrating a combination processing device according to an embodiment of the present disclosure;
图3是示出根据本公开实施例的计算装置的内部结构示意图;3 is a schematic diagram showing the internal structure of a computing device according to an embodiment of the present disclosure;
图4是示出根据本公开实施例的处理器核的内部结构示意图;FIG. 4 is a schematic diagram showing the internal structure of a processor core according to an embodiment of the present disclosure;
图5是示出根据本公开实施例的不同集群的处理核间的数据写入过程的示意图;FIG. 5 is a schematic diagram illustrating a data writing process between processing cores of different clusters according to an embodiment of the present disclosure;
图6A是示出根据本公开的一个实施例的用于对片上系统进行认证的方法的流程 图;Figure 6A is a flowchart illustrating a method for authenticating a system-on-chip according to one embodiment of the present disclosure;
图6B是示出根据本公开一个实施例的生成认证证据的方法的流程图;FIG. 6B is a flowchart illustrating a method of generating authentication evidence according to one embodiment of the present disclosure;
图7A是示出根据本公开另一个实施例的用于对片上系统进行认证的方法的流程图;FIG. 7A is a flowchart illustrating a method for authenticating a system on chip according to another embodiment of the present disclosure;
图7B是示出根据本公开另一个实施例的根据认证证据对片上系统进行认证的方法的流程图;FIG. 7B is a flow chart illustrating a method for authenticating a system-on-chip according to an authentication evidence according to another embodiment of the present disclosure;
图8是示出根据本公开的一个实施例的认证系统中设备之间的认证交互过程的示意图;以及FIG. 8 is a schematic diagram illustrating an authentication interaction process between devices in an authentication system according to an embodiment of the present disclosure; and
图9是示出根据本公开的另一个实施例的认证系统中设备之间的认证交互过程的示意图。Fig. 9 is a schematic diagram illustrating an authentication interaction process between devices in an authentication system according to another embodiment of the present disclosure.
下面将结合本公开实施方式中的附图,对本公开实施方式中的技术方案进行清楚、完整地描述,显然,所描述的实施方式是本公开一部分实施方式,而不是全部的实施方式。基于本公开中的实施方式,本领域技术人员在没有做出创造性劳动前提下所获得的所有其他实施方式,都属于本公开保护的范围。The following will clearly and completely describe the technical solutions in the embodiments of the present disclosure with reference to the accompanying drawings in the embodiments of the present disclosure. Apparently, the described embodiments are part of the embodiments of the present disclosure, but not all of them. Based on the implementation manners in the present disclosure, all other implementation manners obtained by those skilled in the art without creative efforts fall within the protection scope of the present disclosure.
应当理解,本公开的权利要求、说明书及附图中的术语“第一”、“第二”、“第三”和“第四”等是用于区别不同对象,而不是用于描述特定顺序。本公开的说明书和权利要求书中使用的术语“包括”和“包含”指示所描述特征、整体、步骤、操作、元素和/或组件的存在,但并不排除一个或多个其它特征、整体、步骤、操作、元素、组件和/或其集合的存在或添加。It should be understood that the terms "first", "second", "third" and "fourth" in the claims, specification and drawings of the present disclosure are used to distinguish different objects, rather than to describe a specific order . The terms "comprising" and "comprises" used in the specification and claims of the present disclosure indicate the presence of described features, integers, steps, operations, elements and/or components, but do not exclude one or more other features, integers , steps, operations, elements, components, and/or the presence or addition of collections thereof.
还应当理解,在此本公开说明书中所使用的术语仅仅是出于描述特定实施方式的目的,而并不意在限定本公开。如在本公开说明书和权利要求书中所使用的那样,除非上下文清楚地指明其它情况,否则单数形式的“一”、“一个”及“该”意在包括复数形式。还应当进一步理解,在本公开说明书和权利要求书中使用的术语“和/或”是指相关联列出的项中的一个或多个的任何组合以及所有可能组合,并且包括这些组合。It should also be understood that the terminology used in the present disclosure is for the purpose of describing particular embodiments only and is not intended to be limiting of the present disclosure. As used in this disclosure and the claims, the singular forms "a", "an" and "the" are intended to include plural referents unless the context clearly dictates otherwise. It should be further understood that the term "and/or" used in the present disclosure and claims refers to any combination and all possible combinations of one or more of the associated listed items, and includes these combinations.
如在本说明书和权利要求书中所使用的那样,术语“如果”可以依据上下文被解释为“当...时”或“一旦”或“响应于确定”或“响应于检测到”。类似地,短语“如果确定”或“如果检测到[所描述条件或事件]”可以依据上下文被解释为意指“一旦确定”或“响应于确定”或“一旦检测到[所描述条件或事件]”或“响应于检测到[所描述条件或事件]”。As used in this specification and claims, the term "if" may be interpreted as "when" or "once" or "in response to determining" or "in response to detecting" depending on the context. Similarly, the phrase "if determined" or "if [the described condition or event] is detected" may be construed, depending on the context, to mean "once determined" or "in response to the determination" or "once detected [the described condition or event] ]” or “in response to detection of [described condition or event]”.
下面结合附图来详细描述本公开的具体实施方式。Specific embodiments of the present disclosure will be described in detail below in conjunction with the accompanying drawings.
图1示出本披露实施例的一种板卡10的结构示意图。如图1所示,板卡10包括芯片101,其是一种系统级芯片SoC,或称片上系统,集成有一个或多个组合处理装置,组合处理装置是一种人工智能运算单元,用以支持各类深度学习和机器学习算法,满足计算机视觉、语音、自然语言处理、数据挖掘等领域复杂场景下的智能处理需求。特别是深度学习技术大量应用在云端智能领域,云端智能应用的一个显著特点是输入数据量大,对平台的存储能力和计算能力有很高的要求,此实施例的板卡10适用在云端智能应用,具有庞大的片外存储、片上存储和大量的计算能力。FIG. 1 shows a schematic structural diagram of a board 10 according to an embodiment of the present disclosure. As shown in FIG. 1 , the board 10 includes a chip 101, which is a system-on-chip SoC, or system-on-chip, integrated with one or more combination processing devices, and the combination processing device is an artificial intelligence computing unit for It supports various deep learning and machine learning algorithms to meet the intelligent processing requirements in complex scenarios in the fields of computer vision, speech, natural language processing, and data mining. In particular, deep learning technology is widely used in the field of cloud intelligence. A notable feature of cloud intelligence applications is the large amount of input data, which has high requirements for the storage capacity and computing power of the platform. The board 10 of this embodiment is suitable for cloud intelligence applications. Applications, with huge off-chip storage, on-chip storage and a lot of computing power.
芯片101通过对外接口装置102与外部设备103相连接。外部设备103例如是服务器、计算机、摄像头、显示器、鼠标、键盘、网卡或wifi接口等。待处理的数据可以由外部设备103通过对外接口装置102传递至芯片101。芯片101的计算结果可以经由对外接口装置102传送回外部设备103。根据不同的应用场景,对外接口装置102可以具有不同的接口形式,例如PCIe接口等。The chip 101 is connected to an external device 103 through an external interface device 102 . The external device 103 is, for example, a server, a computer, a camera, a display, a mouse, a keyboard, a network card or a wifi interface, and the like. The data to be processed can be transmitted to the chip 101 by the external device 103 through the external interface device 102 . The calculation result of the chip 101 can be sent back to the external device 103 via the external interface device 102 . According to different application scenarios, the external interface device 102 may have different interface forms, such as a PCIe interface and the like.
板卡10还包括用于存储数据的存储器件104,其包括一个或多个存储单元105。存储器件104通过总线与控制器件106和芯片101进行连接和数据传输。板卡10中的控制器件106配置用于对芯片101的状态进行调控。为此,在一个应用场景中,控制器件106可以包括单片机(Micro Controller Unit,MCU)。The board 10 also includes a storage device 104 for storing data, which includes one or more storage units 105 . The storage device 104 is connected and data transmitted with the control device 106 and the chip 101 through the bus. The control device 106 in the board 10 is configured to regulate the state of the chip 101 . To this end, in an application scenario, the control device 106 may include a microcontroller (Micro Controller Unit, MCU).
图2是示出此实施例的芯片101中的组合处理装置的结构图。如图2中所示,组合处理装置20包括计算装置201、接口装置202、处理装置203和DRAM 204。FIG. 2 is a block diagram showing the combined processing means in the chip 101 of this embodiment. As shown in FIG. 2 , combined processing means 20 includes computing means 201, interface means 202, processing means 203 and DRAM 204.
计算装置201配置成执行用户指定的操作,主要实现为单核智能处理器或者多核智能处理器,用以执行深度学习或机器学习的计算,其可以通过接口装置202与处理装置203进行交互,以共同完成用户指定的操作。The computing device 201 is configured to perform operations specified by the user, and is mainly implemented as a single-core intelligent processor or a multi-core intelligent processor for performing deep learning or machine learning calculations, which can interact with the processing device 203 through the interface device 202 to Work together to complete user-specified operations.
接口装置202用于在计算装置201与处理装置203间传输数据和控制指令。例如,计算装置201可以经由接口装置202从处理装置203中获取输入数据,写入计算装置201片上的存储装置。进一步,计算装置201可以经由接口装置202从处理装置203中获取控制指令,写入计算装置201片上的控制缓存中。替代地或可选地,接口装置202也可以读取计算装置201的存储装置中的数据并传输给处理装置203。The interface device 202 is used to transmit data and control instructions between the computing device 201 and the processing device 203 . For example, the computing device 201 may obtain input data from the processing device 203 via the interface device 202 and write it into a storage device on the computing device 201 . Further, the computing device 201 may obtain control instructions from the processing device 203 via the interface device 202 and write them into the control cache on the chip of the computing device 201 . Alternatively or optionally, the interface device 202 may also read data in the storage device of the computing device 201 and transmit it to the processing device 203 .
处理装置203作为通用的处理装置,执行包括但不限于数据搬运、对计算装置201的开启和/或停止等基本控制。根据实现方式的不同,处理装置203可以是中央处理器(central processing unit,CPU)、图形处理器(graphics processing unit,GPU)或其他通用和/或专用处理器中的一种或多种类型的处理器,这些处理器包括但不限于数字信号处理器(digital signal processor,DSP)、专用集成电路(application specific integrated circuit,ASIC)、现场可编程门阵列(field-programmable gate array,FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件等,并且其数目可以根据实际需要来确定。如前所述,仅就本披露的计算装置201而言,其可以视为具有单核结构或者同构多核结构。然而,当将计算装置201和处理装置203整合共同考虑时,二者视为形成异构多核结构。As a general processing device, the processing device 203 performs basic control including but not limited to data transfer, starting and/or stopping the computing device 201 . According to different implementations, the processing device 203 may be one or more types of a central processing unit (central processing unit, CPU), a graphics processing unit (graphics processing unit, GPU) or other general-purpose and/or special-purpose processors. Processors, including but not limited to digital signal processors (digital signal processors, DSPs), application specific integrated circuits (application specific integrated circuits, ASICs), field-programmable gate arrays (field-programmable gate arrays, FPGAs) or other Programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc., and the number thereof can be determined according to actual needs. As mentioned above, as far as the computing device 201 of the present disclosure is concerned, it can be regarded as having a single-core structure or a homogeneous multi-core structure. However, when considering the integration of the computing device 201 and the processing device 203 together, they are considered to form a heterogeneous multi-core structure.
DRAM 204用以存储待处理的数据,为DDR内存,大小通常为16G或更大,用于保存计算装置201和/或处理装置203的数据。The DRAM 204 is used to store data to be processed, and is a DDR memory, usually 16G or larger in size, for storing data of the computing device 201 and/or the processing device 203.
图3示出了计算装置201的内部结构示意图。计算装置201用以处理计算机视觉、语音、自然语言、数据挖掘等输入数据。图中的计算装置201采用多核分层结构设计,计算装置201作为一个片上系统,其包括多个集群(cluster),每个集群又包括多个处理器核。换言之,计算装置201是以片上系统-集群-处理器核的层次所构成的。FIG. 3 shows a schematic diagram of the internal structure of the computing device 201 . The computing device 201 is used for processing input data such as computer vision, speech, natural language, and data mining. The computing device 201 in the figure adopts a multi-core hierarchical structure design, and the computing device 201 is a system-on-chip, which includes multiple clusters, and each cluster includes multiple processor cores. In other words, the computing device 201 is structured at the level of SoC-cluster-processor core.
以片上系统的层级来看,如图3所示,计算装置201包括外部存储控制器301、外设通信模块302、片上互联模块303、同步模块304以及多个集群305。Viewed from the system-on-chip level, as shown in FIG. 3 , the computing device 201 includes an external storage controller 301 , a peripheral communication module 302 , an on-chip interconnection module 303 , a synchronization module 304 and multiple clusters 305 .
外部存储控制器301可以有多个,在图中示例性地展示2个,其用以响应处理器核发出的访问请求,访问外部存储设备,例如图2中的DRAM 204,从而自片外读取数据或是将数据写入。外设通信模块302用以通过接口装置202接收来自处理装置203 的控制信号,启动计算装置201执行任务。片上互联模块303将外部存储控制器301、外设通信模块302及多个集群305连接起来,用以在各个模块间传输数据和控制信号。同步模块304是一种全局同步屏障控制器(global barrier controller,GBC),用以协调各集群的工作进度,确保信息的同步。多个集群305是计算装置201的计算核心,在图中示例性地展示4个。随着硬件的发展,本披露的计算装置201还可以包括8个、16个、64个、甚至更多的集群305。集群305用以高效地执行深度学习算法。There can be multiple external storage controllers 301, and two are exemplarily shown in the figure, which are used to respond to the access request sent by the processor core to access external storage devices, such as the DRAM 204 in Figure 2, so as to read from off-chip Get data or write data. The peripheral communication module 302 is used for receiving a control signal from the processing device 203 through the interface device 202 to start the computing device 201 to execute tasks. The on-chip interconnection module 303 connects the external memory controller 301 , the peripheral communication module 302 and multiple clusters 305 to transmit data and control signals among the various modules. The synchronization module 304 is a global synchronization barrier controller (global barrier controller, GBC), which is used to coordinate the work progress of each cluster and ensure the synchronization of information. A plurality of clusters 305 are the computing cores of the computing device 201 , exemplarily four are shown in the figure. With the development of hardware, the computing device 201 of the present disclosure may also include 8, 16, 64, or even more clusters 305 . Cluster 305 is used to efficiently execute deep learning algorithms.
以集群的层级来看,如图3所示,每个集群305包括多个处理器核(IPU core)306及一个存储核(MEM core)307。In view of the cluster level, as shown in FIG. 3 , each cluster 305 includes a plurality of processor cores (IPU core) 306 and a storage core (MEM core) 307.
处理器核306在图中示例性地展示4个,本披露不限制处理器核306的数量。其内部架构如图4所示。每个处理器核306包括三大模块:控制模块41、运算模块42及存储模块43。Four processor cores 306 are exemplarily shown in the figure, and the present disclosure does not limit the number of processor cores 306 . Its internal architecture is shown in Figure 4. Each processor core 306 includes three modules: a control module 41 , an operation module 42 and a storage module 43 .
控制模块41用以协调并控制运算模块42和存储模块43的工作,以完成深度学习的任务,其包括取指单元(instruction fetch unit,IFU)411及指令译码单元(instruction decode unit,IDU)412。取指单元411用以获取来自处理装置203的指令,指令译码单元412则将获取的指令进行译码,并将译码结果作为控制信息发送给运算模块42和存储模块43。The control module 41 is used to coordinate and control the work of the operation module 42 and the storage module 43 to complete the task of deep learning, which includes an instruction fetch unit (instruction fetch unit, IFU) 411 and an instruction decoding unit (instruction decode unit, IDU) 412. The instruction fetching unit 411 is used to obtain instructions from the processing device 203 , and the instruction decoding unit 412 decodes the obtained instructions and sends the decoding results to the computing module 42 and the storage module 43 as control information.
运算模块42包括向量运算单元421及矩阵运算单元422。向量运算单元421用以执行向量运算,可支持向量乘、加、非线性变换等复杂运算;矩阵运算单元422负责深度学习算法的核心计算,即矩阵乘及卷积。The operation module 42 includes a vector operation unit 421 and a matrix operation unit 422 . The vector operation unit 421 is used to perform vector operations, and can support complex operations such as vector multiplication, addition, and nonlinear transformation; the matrix operation unit 422 is responsible for the core calculation of the deep learning algorithm, namely matrix multiplication and convolution.
存储模块43用来存储或搬运相关数据,包括神经元存储单元(neuron RAM,NRAM)431、权值存储单元(weight RAM,WRAM)432、输入/输出直接内存访问模块(input/output direct memory access,IODMA)433、搬运直接内存访问模块(move direct memory access,MVDMA)434。NRAM 431用以存储供处理器核306计算的输入、输出数据及中间结果;WRAM 432则用以存储深度学习网络的权值;IODMA 433通过广播总线309控制NRAM 431/WRAM 432与DRAM 204的访存;MVDMA 434则用以控制NRAM 431/WRAM 432与SRAM 308的访存。The storage module 43 is used to store or carry relevant data, including a neuron storage unit (neuron RAM, NRAM) 431, a weight storage unit (weight RAM, WRAM) 432, an input/output direct memory access module (input/output direct memory access) , IODMA) 433, moving direct memory access module (move direct memory access, MVDMA) 434. NRAM 431 is used to store the input and output data and intermediate results calculated by processor core 306; WRAM 432 is used to store the weights of the deep learning network; IODMA 433 controls the access of NRAM 431/WRAM 432 and DRAM 204 through broadcast bus 309 MVDMA 434 is used to control the memory access of NRAM 431/WRAM 432 and SRAM 308.
回到图3,存储核307主要用以存储和通信,即存储处理器核306间的共享数据或中间结果、以及执行集群305与DRAM 204之间的通信、集群305间彼此的通信、处理器核306间彼此的通信等。在其他实施例中,存储核307具有标量运算的能力,用以执行标量运算。Returning to FIG. 3, the storage core 307 is mainly used for storage and communication, that is, storing shared data or intermediate results between the processor cores 306, and performing communication between the cluster 305 and the DRAM 204, communication between the clusters 305, processors communication between the cores 306 and the like. In other embodiments, the storage core 307 has a scalar operation capability, and is used for performing scalar operations.
存储核307包括共享存储单元(SRAM)308、广播总线309、集群直接内存访问模块(cluster direct memory access,CDMA)310及全局直接内存访问模块(global direct memory access,GDMA)311。SRAM 308承担高性能数据中转站的角色,在同一个集群305内不同处理器核306之间所复用的数据不需要通过处理器核306各自向DRAM 204获得,而是经SRAM 308在处理器核306间中转。存储核307只需要将复用的数据从SRAM 308迅速分发给多个处理器核306即可,以提高核间通讯效率,亦大大减少片上片外的输入/输出访问。The storage core 307 includes a shared memory unit (SRAM) 308, a broadcast bus 309, a cluster direct memory access module (cluster direct memory access, CDMA) 310 and a global direct memory access module (global direct memory access, GDMA) 311. The SRAM 308 assumes the role of a high-performance data transfer station. The data multiplexed between different processor cores 306 in the same cluster 305 does not need to be obtained from the DRAM 204 through the processor cores 306 respectively, but is transferred to the processor through the SRAM 308. Inter-nuclear 306 transit. The storage core 307 only needs to quickly distribute the multiplexed data from the SRAM 308 to multiple processor cores 306, so as to improve the communication efficiency between cores and greatly reduce on-chip and off-chip input/output access.
广播总线309、CDMA 310及GDMA 311则分别用来执行处理器核306间的通信、集群305间的通信和集群305与DRAM 204的数据传输。以下将分别说明。The broadcast bus 309, the CDMA 310 and the GDMA 311 are respectively used to perform communication between the processor cores 306, communication between the clusters 305, and data transmission between the clusters 305 and the DRAM 204. They will be described separately below.
广播总线309用以完成集群305内各处理器核306间的高速通信,此实施例的广 播总线309支持核间通信方式包括单播、多播与广播。单播是指点对点(即单一处理器核至单一处理器核)的数据传输,多播是将一份数据从SRAM 308传输到特定几个处理器核306的通信方式,而广播则是将一份数据从SRAM 308传输到所有处理器核306的通信方式,属于多播的一种特例。The broadcast bus 309 is used to complete high-speed communication among the processor cores 306 in the cluster 305. The broadcast bus 309 of this embodiment supports inter-core communication methods including unicast, multicast and broadcast. Unicast refers to point-to-point (that is, a single processor core to a single processor core) data transmission, multicast is a communication method that transmits a piece of data from the SRAM 308 to specific processor cores 306, and broadcasting is to transfer a data A communication method in which data is transmitted from SRAM 308 to all processor cores 306 belongs to a special case of multicast.
CDMA 310用以控制在同一个计算装置201内不同集群305间的SRAM 308的访存。图5示出当一个处理器核欲将数据写入至另一个集群的处理器核时的示意图,以说明CDMA 310的工作原理。在此应用场景中,同一个计算装置包括多个集群,为方便说明,图中仅展示集群0与集群1,集群0与集群1分别包括多个处理器核。同样为了说明方便,图中的集群0仅展示处理器核0,集群1仅展示处理器核1。处理器核0欲将数据写入至处理器核1。The CDMA 310 is used to control the memory access of the SRAM 308 between different clusters 305 in the same computing device 201. FIG. 5 shows a schematic diagram when one processor core intends to write data to another cluster of processor cores to illustrate the working principle of CDMA 310. In this application scenario, the same computing device includes multiple clusters. For convenience of illustration, only cluster 0 and cluster 1 are shown in the figure, and cluster 0 and cluster 1 include multiple processor cores respectively. Also for the convenience of illustration, cluster 0 in the figure only shows processor core 0, and cluster 1 only shows processor core 1. Processor core 0 intends to write data to processor core 1.
首先,处理器核0发送单播写请求将数据写入本地的SRAM 0中,CDMA 0作为主(master)端,CDMA 1作为从(slave)端。主端向从端推送写请求,即主端发送写地址AW和写数据W,将数据传送到集群1的SRAM 1中。接着,从端发送写响应B作为回应,最后集群1的处理器核1发送单播读请求将数据从SRAM 1中读取出来。First, processor core 0 sends a unicast write request to write data into local SRAM 0, CDMA 0 acts as the master (master), and CDMA 1 acts as the slave (slave) end. The master pushes the write request to the slave, that is, the master sends the write address AW and write data W, and transfers the data to SRAM 1 of cluster 1. Then, the slave sends a write response B as a response, and finally processor core 1 of cluster 1 sends a unicast read request to read data from SRAM 1.
回到图3,GDMA 311与外部存储控制器301协同,用以控制集群305的SRAM 308到DRAM 204的访存,或是将数据自DRAM 204读取至SRAM 308中。从前述可知,DRAM 204与NRAM 431或WRAM 432间的通信可以经由2个渠道来实现。第一个渠道是通过IODAM 433直接联系DRAM 204与NRAM 431或WRAM 432;第二个渠道是先经由GDMA 311使得数据在DRAM 204与SRAM 308间传输,再经过MVDMA 434使得数据在SRAM 308与NRAM 431或WRAM 432间传输。虽然表面上看来第二个渠道需要更多的元件参与,数据流较长,但实际上在部分实施例中,第二个渠道的带宽远大于第一个渠道。因此,DRAM 204与NRAM 431或WRAM 432间的通信通过第二个渠道可能更有效率。本披露的实施例可根据本身硬件条件选择数据传输渠道。Returning to FIG. 3 , the GDMA 311 cooperates with the external storage controller 301 to control the memory access from the SRAM 308 of the cluster 305 to the DRAM 204, or to read data from the DRAM 204 to the SRAM 308. It can be seen from the foregoing that the communication between the DRAM 204 and the NRAM 431 or WRAM 432 can be realized through two channels. The first channel is to directly contact DRAM 204 and NRAM 431 or WRAM 432 through IODAM 433; the second channel is to first transmit data between DRAM 204 and SRAM 308 through GDMA 311, and then make data transfer between SRAM 308 and NRAM through MVDMA 434 431 or WRAM 432 transfer. Although it appears that the second channel requires more components to participate and the data flow is longer, in fact, in some embodiments, the bandwidth of the second channel is much greater than that of the first channel. Therefore, communication between DRAM 204 and NRAM 431 or WRAM 432 may be more efficient through the second channel. The embodiment of the present disclosure can select a data transmission channel according to its own hardware conditions.
在其他实施例中,GDMA 311的功能和IODMA 433的功能可以整合在同一部件中。本披露为了方便描述,将GDMA 311和IODMA 433视为不同部件,对于本领域技术人员来说,只要其实现的功能以及达到的技术效果与本披露类似,即属于本披露的保护范围。进一步地,GDMA 311的功能、IODMA 433的功能、CDMA 310的功能、MVDMA 434的功能亦可以由同一部件来实现,同样地,只要其实现的功能以及达到的技术效果与本披露类似,均属于本披露的保护范围。In other embodiments, the functionality of the GDMA 311 and the functionality of the IODMA 433 may be integrated into the same component. For the convenience of description, this disclosure considers GDMA 311 and IODMA 433 as different components. For those skilled in the art, as long as their functions and technical effects are similar to those of this disclosure, they belong to the protection scope of this disclosure. Further, the function of GDMA 311, the function of IODMA 433, the function of CDMA 310, and the function of MVDMA 434 can also be realized by the same component. protection scope of this disclosure.
以上结合图1-图5对本公开的硬件架构及其内部结构进行了详细的描述。可以理解的是上述描述仅仅是示例性的而非限制性的。根据不同的应用场景和硬件规格,本领域技术人员也可以对本公开的板卡及其内部结构进行改变,而这些改变依然落入本公开的保护范围内。The hardware architecture and its internal structure of the present disclosure have been described in detail above with reference to FIGS. 1-5 . It is to be understood that the foregoing description is illustrative only and not restrictive. According to different application scenarios and hardware specifications, those skilled in the art may also make changes to the board card and its internal structure of the present disclosure, and these changes still fall within the protection scope of the present disclosure.
如前所述,为了实现对片上系统的认证,以便保证片上系统在运行阶段具有可信的软硬件运行环境,本公开提出利用认证设备来与片上系统进行交互以获取来自于片上系统的认证证据,从而可以利用该认证证据实现对片上系统是否可信进行认证。在一个实施场景中,本公开片上系统侧的认证证据的生成涉及设备标识组合引擎(DICE)的应用。如本领域技术人员所知,可信计算组织(TCG,Trusted Computing Group)所发布的DICE旨在为资源相对匮乏的嵌入式领域提供增强的安全性和独特的设备标 识和认证能力。在操作中,DICE可以将整个启动过程分为多个层次,并且使用只有DICE已知的唯一设备秘密(UDS,Unique Device Secret)来创建安全启动中每个软件层独有的机密信息。在一些实施场景中,本公开的方案使用DICE来形成用于认证的认证证据。As mentioned above, in order to realize the authentication of the SoC, so as to ensure that the SoC has a trusted software and hardware operating environment during the running phase, this disclosure proposes to use the authentication device to interact with the SoC to obtain authentication evidence from the SoC , so that the authenticity of the system on chip can be authenticated by using the authentication evidence. In one implementation scenario, the generation of authentication evidence at the system-on-chip side of the present disclosure involves the application of a device identity combination engine (DICE). As known to those skilled in the art, the DICE issued by the Trusted Computing Group (TCG, Trusted Computing Group) aims to provide enhanced security and unique device identification and authentication capabilities for the embedded field where resources are relatively scarce. In operation, DICE can divide the entire boot process into multiple layers, and use a unique device secret (UDS, Unique Device Secret) known only to DICE to create confidential information unique to each software layer in secure boot. In some implementation scenarios, schemes of the present disclosure use DICE to form authentication evidence for authentication.
下面将对本公开的用于对片上系统进行认证的方案进行详细地描述。The scheme for authenticating a system on chip of the present disclosure will be described in detail below.
图6A是示出根据本公开的一个实施例的用于对片上系统进行认证的方法600的流程图。可以理解的是,这里片上系统可以是前文结合图1至图5所描述的片上系统,因此前文关于片上系统的描述也同样适用于下文的描述。FIG. 6A is a flowchart illustrating a method 600 for authenticating a system-on-chip according to one embodiment of the present disclosure. It can be understood that the system-on-chip here may be the system-on-chip described above in conjunction with FIG. 1 to FIG. 5 , so the above description about the system-on-chip is also applicable to the following description.
如图6A所示,在步骤S601处,从认证设备接收对片上系统进行认证的认证请求,其中认证请求包括第一认证信息。在一个实施例中,前述的第一认证信息可以由认证设备动态生成、并且可以用于指示本公开上下文中的认证证据的时效。在一些实施场景中,第一认证信息可以包括随机数,例如Nonce值。可以理解的是,这里仅为了说明的目的以随机数为例对第一认证信息进行阐述。然而,本公开并不对第一认证信息的具体内容进行任何限制,并且因此其他可以用于指示认证证据时效的信息也同样适用于本公开的方案。As shown in FIG. 6A , at step S601 , an authentication request for authenticating a system on chip is received from an authentication device, wherein the authentication request includes first authentication information. In an embodiment, the aforementioned first authentication information may be dynamically generated by the authentication device, and may be used to indicate the validity of the authentication evidence in the context of the present disclosure. In some implementation scenarios, the first authentication information may include a random number, such as a Nonce value. It can be understood that, here, the random number is used as an example to describe the first authentication information for the purpose of illustration only. However, the present disclosure does not place any limitation on the specific content of the first authentication information, and therefore other information that can be used to indicate the timeliness of the authentication evidence is also applicable to the solution of the present disclosure.
接着,在步骤S602处,根据第一认证信息和第二认证信息确定认证证据。在一个实施例中,第二认证信息可以从片上系统处获取。在该情形中,第二认证信息可以包括片上系统的敏感信息和基于设备标识组合引擎DICE动态生成的密钥。在一些实施例中,前述的敏感信息可以包括经加密的系统配置参数(SysCfg)和系统内存填充值(MemFill)。这里的加密可以包括但不限于基于单向运算(例如HASH、HMAC以及MD5等)所执行的加密。Next, at step S602, an authentication proof is determined according to the first authentication information and the second authentication information. In an embodiment, the second authentication information can be obtained from the system on chip. In this case, the second authentication information may include sensitive information of the SoC and a key dynamically generated based on the device identity combination engine DICE. In some embodiments, the aforementioned sensitive information may include encrypted system configuration parameters (SysCfg) and system memory fill values (MemFill). The encryption here may include, but not limited to, encryption based on one-way operations (such as HASH, HMAC, and MD5, etc.).
对于上述密钥的生成过程,在一个实施例中,本公开提出通过获取片上系统的唯一标识信息(SoCID),并令设备标识组合引擎DICE执行如下步骤:使用唯一标识信息来生成唯一设备秘密UDS,以及基于唯一设备秘密来生成非对称加密的密钥。对于前述唯一设备秘密UDS的生成来说,在一个实施例中,基于设备标识组合引擎来动态生成随机数,以及对随机数和唯一标识信息进行单向运算(这里的单向运算包括但不限于HASH、HMAC等算法)来得到唯一设备秘密UDS。另外,在一个实施场景中,可以在片上系统每次启动时生成唯一标识信息SoCID。通过这样的生成方式,本公开的认证方案并不需要对唯一标识信息SoCID进行安全性存储,从而简化了认证操作。Regarding the above-mentioned key generation process, in one embodiment, the present disclosure proposes to obtain the unique identification information (SoCID) of the system on chip, and let the device identification combination engine DICE perform the following steps: use the unique identification information to generate the unique device secret UDS , and generate an asymmetrically encrypted key based on the unique device secret. For the generation of the aforementioned unique device secret UDS, in one embodiment, a random number is dynamically generated based on a device identification combination engine, and a one-way operation is performed on the random number and the unique identification information (the one-way operation here includes but is not limited to HASH, HMAC and other algorithms) to obtain the unique device secret UDS. In addition, in an implementation scenario, unique identification information SoCID may be generated each time the system on chip is started. Through such a generation method, the authentication scheme of the present disclosure does not need to securely store the unique identification information SoCID, thereby simplifying the authentication operation.
对于前述基于唯一设备秘密来生成非对称加密的密钥来说,在一个实施例中,可以由设备标识组合引擎DICE执行如下的操作来实现:基于唯一设备秘密分别对片上系统中各个软件层的镜像加载的完整性进行度量,得到每个软件层的度量值;接着,对所有软件层的度量值和唯一设备秘密进行单向运算(这里的单向运算包括但不限于HASH、HMAC等算法)以得到密钥初始值;最后,对密钥初始值进行密钥派生运算(例如KDF密钥派生函数)以得到密钥。For the aforementioned generation of asymmetric encryption keys based on the unique device secret, in one embodiment, the following operations can be performed by the device identity combination engine DICE: The integrity of image loading is measured to obtain the measurement value of each software layer; then, a one-way operation is performed on the measurement value of all software layers and the unique device secret (the one-way operation here includes but is not limited to HASH, HMAC and other algorithms) to obtain the initial value of the key; finally, perform a key derivation operation (such as a KDF key derivation function) on the initial value of the key to obtain the key.
通过上面的描述可以看出,本公开的方案在获取密钥初始值过程中仅需将单向运算部署在DICE中,而无需如现有技术那样将单向运算分层的部署在各个软件层中,从而本公开的方案有效地简化了整个部署过程,提升了密钥的生成效率。另外,可以理解的是前述的UDS以及密钥的具体生成过程仅仅是一种可能的实现方式,本公开 的方案并不受此限制。根据本公开的教导,本领域技术人员也可以采取其他合适的步骤或方式来实现UDS和密钥的生成。It can be seen from the above description that the solution of the present disclosure only needs to deploy the one-way operation in DICE in the process of obtaining the initial value of the key, instead of deploying the one-way operation hierarchically in each software layer as in the prior art Therefore, the disclosed solution effectively simplifies the entire deployment process and improves the key generation efficiency. In addition, it can be understood that the above-mentioned specific generation process of the UDS and the key is only a possible implementation, and the solution of the present disclosure is not limited thereto. According to the teaching of the present disclosure, those skilled in the art can also take other suitable steps or ways to realize the generation of UDS and key.
在一些应用场景中,本公开上述的密钥可以包括公钥和私钥。基于此,前述步骤S602中生成认证证据的过程可以通过图6B中示出的步骤S602-1和步骤S602-2来实现。具体地,在步骤S602-1处,DICE可以根据前述的私钥对敏感信息(例如前述的SysCfg和MemFill)和第一认证信息(例如前述的Nonce值)进行加密签名。接着,在步骤S602-2处,DICE可以根据公钥、经加密签名后的敏感信息和第一认证信息生成认证证据。In some application scenarios, the keys mentioned above in this disclosure may include public keys and private keys. Based on this, the process of generating the authentication evidence in the aforementioned step S602 can be realized through the steps S602-1 and S602-2 shown in FIG. 6B. Specifically, at step S602-1, DICE may encrypt and sign sensitive information (such as the aforementioned SysCfg and MemFill) and first authentication information (such as the aforementioned Nonce value) according to the aforementioned private key. Next, at step S602-2, DICE may generate an authentication evidence according to the public key, the encrypted and signed sensitive information, and the first authentication information.
在完成认证证据的确定后,接着,在步骤S603处,向认证设备发送认证证据,以便认证设备利用认证证据对运行阶段的片上系统是否可信进行认证。After the determination of the authentication evidence is completed, then, at step S603, the authentication evidence is sent to the authentication device, so that the authentication device uses the authentication evidence to authenticate whether the SoC in the running phase is credible.
以上结合图6A和图6B对本公开片上系统侧的认证过程进行示例性说明,以下将结合图7A和图7B对从认证设备侧发起的片上系统的认证过程进行阐述。The authentication process on the SOC side of the present disclosure is exemplarily described above with reference to FIG. 6A and FIG. 6B . The authentication process of the SOC initiated from the authentication device side will be described below in conjunction with FIG. 7A and FIG. 7B .
图7A是示出根据本公开的另一个实施例的用于对片上系统进行认证的方法700的流程图。可以理解的是,这里片上系统可以是前文结合图1至图5所描述的片上系统,因此前文关于片上系统的描述也同样适用于下文的描述。FIG. 7A is a flowchart illustrating a method 700 for authenticating a system on chip according to another embodiment of the present disclosure. It can be understood that the system-on-chip here may be the system-on-chip described above in conjunction with FIG. 1 to FIG. 5 , so the above description about the system-on-chip is also applicable to the following description.
如图7A所示,在步骤S701处,生成用于发起对片上系统进行认证的认证请求,其中认证请求包括第一认证信息。在一个实施例中,前述的第一认证信息可以由认证设备在每次生成认证请求过程中动态生成,并且可以用于指示本公开上下文中的认证证据的时效,使得本次生成的认证证据仅在本次认证过程中有效。在一些实施场景中,前述的第一认证信息可以包括随机数,例如Nonce值。可以理解的是,这里仅为了说明的目的以随机数为例对第一认证信息进行阐述。然而,本公开并不对第一认证信息的具体内容进行任何限制,并且因此其他可以用于指示认证证据时效的信息也同样适用于本公开的方案。接着,在步骤S702处,向片上系统处发送认证请求,以便在片上系统处接收到认证请求时,基于第二认证信息和第一认证信息确定认证证据。可以理解的是,这里的第二认证信息和认证证据可以是前文结合图6所描述的认证证据,因此前文关于第二认证信息和认证证据的描述也同样适用于下文的描述。As shown in FIG. 7A , at step S701 , an authentication request for initiating authentication of the SoC is generated, wherein the authentication request includes first authentication information. In one embodiment, the aforementioned first authentication information can be dynamically generated by the authentication device every time the authentication request is generated, and can be used to indicate the timeliness of the authentication evidence in the context of the present disclosure, so that the authentication evidence generated this time only valid during this certification process. In some implementation scenarios, the foregoing first authentication information may include a random number, such as a Nonce value. It can be understood that, here, the random number is used as an example to describe the first authentication information for the purpose of illustration only. However, the present disclosure does not place any limitation on the specific content of the first authentication information, and therefore other information that can be used to indicate the timeliness of the authentication evidence is also applicable to the solution of the present disclosure. Next, at step S702, an authentication request is sent to the SOC, so that when the SOC receives the authentication request, the authentication evidence is determined based on the second authentication information and the first authentication information. It can be understood that the second authentication information and authentication evidence here may be the authentication evidence described above in conjunction with FIG. 6 , so the foregoing descriptions about the second authentication information and authentication evidence are also applicable to the description below.
接着,在步骤S703处,从片上系统处接收认证证据,以及在步骤S704处,根据认证证据对运行阶段的片上系统是否可信进行认证。在一个实施例中,在认证设备根据认证证据确定片上系统是否可信时,可以通过图7B所示的步骤来实现。具体地,在步骤S704-1处,获取与认证片上系统相关的基准证据。在一些实施场景中,前述基准证据包括基准公钥和基准敏感信息。对于基准公钥,在一个实施例中,可以通过对前述密钥中的公钥进行加密运算来获得。接着,可以将前述基准公钥保存至认证设备侧的存储器(例如database)中。Next, at step S703, an authentication evidence is received from the system on chip, and at step S704, whether the system on chip at the running stage is authentic is authenticated according to the authentication evidence. In one embodiment, when the authentication device determines whether the SoC is authentic according to the authentication evidence, it may be implemented through the steps shown in FIG. 7B . Specifically, at step S704-1, reference evidence related to authenticating the SoC is obtained. In some implementation scenarios, the foregoing reference evidence includes a reference public key and reference sensitive information. As for the reference public key, in one embodiment, it can be obtained by performing an encryption operation on the public key in the aforementioned keys. Next, the aforementioned reference public key may be stored in a memory (such as a database) on the side of the authentication device.
在一些实施场景中,上述基准敏感信息也可以存储在认证设备侧的存储器中。同样地,此处的基准敏感信息也可以包括上文片上系统侧所提及的敏感信息,即经加密的系统配置参数和系统内存填充值。类似地,这里的加密也可以包括但不限于基于单向运算(例如HASH、HMAC以及MD5等)所执行的加密操作。另外,为了保证认证的安全性和可靠性,在本公开认证方案的部署阶段,也即在将片上系统和认证设备正式交付和投入使用前,在片上系统和认证设备侧的系统配置参数和系统内存填充值应配置成具有相同的值,以便于后期运行阶段时的认证。In some implementation scenarios, the above benchmark sensitive information may also be stored in a memory on the side of the authentication device. Likewise, the baseline sensitive information here may also include the sensitive information mentioned above on the system-on-chip side, that is, encrypted system configuration parameters and system memory filling values. Similarly, encryption here may also include, but not limited to, encryption operations performed based on one-way operations (such as HASH, HMAC, and MD5, etc.). In addition, in order to ensure the security and reliability of the certification, during the deployment phase of the public certification scheme, that is, before the system on chip and certification equipment are officially delivered and put into use, the system configuration parameters and system The memory fill value should be configured to have the same value to facilitate authentication during later runtime stages.
接着,在步骤S704-2处,判断基准证据与认证证据是否相匹配。在一个实施例中,前述的判断操作可以通过对公钥以及敏感信息的匹配与否来进行。具体地,可以根据前述的基准公钥对认证证据中的公钥进行验证。在一个场景中,可以利用前述基准公钥所使用的加密运算(例如HASH、HMAC等算法)对前述认证证据中的公钥进行加密。接着,判断前述加密后的公钥与基准公钥是否一致(例如是否相同),并且在加密后的公钥与基准公钥一致时,确定前述认证证据中的公钥通过验证。反之,则可以确定验证失败。此后,鉴于认证证据中的公钥已经通过验证,则可以根据公钥对前述认证证据中的敏感信息进行解密。接着,可以判断前述基准敏感信息与解密后的敏感信息是否匹配,以便根据匹配结果来判断基准证据与认证证据是否相匹配。可以理解的是,前述的判断操作仅仅是一种可能的实现方式,本公开的方案并不受此限制。根据本公开的教导,本领域技术人员也可以采取其他合适的步骤或方式来判断前述的基准证据与认证证据是否相匹配。Next, at step S704-2, it is judged whether the reference evidence matches the authentication evidence. In one embodiment, the aforementioned judging operation can be performed based on whether the public key and sensitive information match or not. Specifically, the public key in the authentication evidence can be verified according to the aforementioned reference public key. In one scenario, the public key in the aforementioned authentication evidence may be encrypted by using an encryption operation (such as HASH, HMAC, etc.) used by the aforementioned reference public key. Next, it is judged whether the aforementioned encrypted public key is consistent with the reference public key (for example, whether they are the same), and when the encrypted public key is consistent with the reference public key, it is determined that the public key in the aforementioned authentication evidence has passed the verification. Otherwise, it can be determined that the verification fails. Thereafter, since the public key in the authentication evidence has been verified, the sensitive information in the aforementioned authentication evidence can be decrypted according to the public key. Next, it may be judged whether the aforementioned benchmark sensitive information matches the decrypted sensitive information, so as to judge whether the benchmark evidence matches the authentication evidence according to the matching result. It can be understood that the aforementioned determination operation is only a possible implementation manner, and the solution of the present disclosure is not limited thereto. According to the teaching of the present disclosure, those skilled in the art may also take other appropriate steps or methods to determine whether the aforementioned reference evidence matches the authentication evidence.
在确定前述的基准证据与认证证据相匹配时,例如在认证设备处和片上系统侧的系统配置参数和系统内存填充值相同,则流程前进到步骤S704-3,也即可以确定运行阶段的片上系统可信。反之,在确定前述的基准证据与认证证据不匹配时,例如在认证设备处和片上系统侧的系统配置参数和/或系统内存填充值不相同,则流程前进到步骤S704-4,也即可以确定运行阶段的片上系统不可信。在本公开的实施场景中,当基准证据与认证证据在运行阶段不匹配(例如系统配置参数和/或系统内存填充值发生改变)时,则可以确定此时片上系统的软硬件运行环境已经发生不期望的改变。鉴于这种不期望的改变,作为认证发起方的认证设备可以推定此时的片上系统已经处于不可信的状态,并且可以执行进一步的措施来排除潜在的风险,例如对整个片上系统的强行关闭、检修或维护。When it is determined that the aforementioned benchmark evidence matches the authentication evidence, for example, the system configuration parameters and system memory filling values at the authentication device and the system-on-chip side are the same, then the process advances to step S704-3, that is, the on-chip The system is trustworthy. Conversely, when it is determined that the aforementioned benchmark evidence does not match the authentication evidence, for example, the system configuration parameters and/or system memory filling values at the authentication device and the system-on-chip side are different, then the process proceeds to step S704-4, that is, The system-on-chip at the run stage is determined to be untrusted. In the implementation scenario of the present disclosure, when the benchmark evidence and the authentication evidence do not match during the running phase (for example, the system configuration parameters and/or system memory filling values change), it can be determined that the software and hardware operating environment of the system on chip has occurred Unexpected changes. In view of this unexpected change, the authentication device as the authentication initiator can infer that the system-on-chip is already in an untrusted state at this time, and can perform further measures to eliminate potential risks, such as forcibly shutting down the entire system-on-chip, overhaul or maintenance.
图8是示出根据本公开的一个实施例的认证系统中设备之间的认证交互过程800的示意图。FIG. 8 is a schematic diagram illustrating an authentication interaction process 800 between devices in an authentication system according to an embodiment of the present disclosure.
如图8所示,本公开的认证系统可以包括认证设备和至少一个片上系统。可以理解的是,这里的片上系统可以是前文结合图1至图7所描述的片上系统,这里的认证设备可以是前文结合图6和图7所描述的认证设备。因此前文关于片上系统和认证设备的描述也同样适用于下文的描述。下面对认证设备和片上系统的交互进行详细描述。As shown in FIG. 8 , the authentication system of the present disclosure may include an authentication device and at least one SoC. It can be understood that the system on chip here may be the system on chip described above in conjunction with FIGS. 1 to 7 , and the authentication device here may be the authentication device described above in connection with FIGS. 6 and 7 . Therefore, the foregoing descriptions about the system on chip and the authentication device are also applicable to the following descriptions. The interaction between the authentication device and the SoC will be described in detail below.
在认证设备处:At the authentication device:
在步骤S801处,发起对片上系统进行认证的认证请求,其中认证请求包括第一认证信息。可以理解的是,这里第一认证信息即是前文结合图6至图7所描述的第一认证信息,例如其可以由认证设备在每次生成认证请求过程中动态生成,并且用于反映认证证据的时效性。在一个实施场景中,如前所述,第一认证信息可以包括动态随机生成的Nonce值。可以理解的是,这里仅为了说明的目的以随机数为例对第一认证信息进行阐述。接着,在步骤S802处,向片上系统处发送前述的认证请求,以等待片上系统返回认证证据。At step S801, an authentication request for authenticating the SoC is initiated, wherein the authentication request includes first authentication information. It can be understood that the first authentication information here is the first authentication information described above in conjunction with FIG. 6 to FIG. timeliness. In an implementation scenario, as mentioned above, the first authentication information may include a dynamically randomly generated Nonce value. It can be understood that, here, the random number is used as an example to describe the first authentication information for the purpose of illustration only. Next, at step S802, the aforementioned authentication request is sent to the system on chip, so as to wait for the system on chip to return the authentication proof.
在处于运行阶段的片上系统处:At the SoC in the run phase:
在步骤S803处,接收来自于认证设备的认证请求并在步骤S804处,根据第一认证信息和第二认证信息确定认证证据。可以理解的是,这里第二认证信息和认证证据 可以是前文结合图6和图7所描述的第二认证信息和认证证据。作为一个实现场景,如前所述,上述的第二认证信息可以包括片上系统的敏感信息和基于设备标识组合引擎DICE动态生成的公钥和私钥,上述的认证证据可以包括前述的公钥、经前述私钥加密签名后的敏感信息和第一认证信息。At step S803, an authentication request from the authentication device is received and at step S804, authentication evidence is determined according to the first authentication information and the second authentication information. It can be understood that the second authentication information and authentication evidence here may be the second authentication information and authentication evidence described above in conjunction with FIG. 6 and FIG. 7 . As an implementation scenario, as mentioned above, the above-mentioned second authentication information may include the sensitive information of the system on chip and the public key and private key dynamically generated based on the device identity combination engine DICE, and the above-mentioned authentication evidence may include the above-mentioned public key, The sensitive information and the first authentication information encrypted and signed by the aforementioned private key.
接着,在步骤S805处,向认证设备发送前述的认证证据,以便前述认证设备基于认证证据来执行后续的认证过程。Next, at step S805, the aforementioned authentication evidence is sent to the authentication device, so that the aforementioned authentication device performs a subsequent authentication process based on the authentication evidence.
在认证设备处执行:Execute at the authentication device:
在步骤S806处,接收来自于片上系统侧的认证证据。接着,在步骤S807处,根据认证证据对处于运行阶段的片上系统是否可信进行认证。对于片上系统是否可信的认证,在一个实施例中,可以参照图7中步骤S704-1、步骤S704-2、步骤S704-3和步骤S704-4所描述的认证过程来实施。At step S806, an authentication proof from the SoC side is received. Next, at step S807, whether the system-on-chip in the running stage is authentic is authenticated according to the authentication evidence. For the authentication of whether the system on chip is authentic, in one embodiment, it can be implemented with reference to the authentication process described in step S704-1, step S704-2, step S704-3 and step S704-4 in FIG. 7 .
根据不同的实现场景,图8中的认证设备和片上系统可以以不同的间距来布置。由此,二者可以通过不同的方式来进行通信连接以实现认证。当二者相距较近时,可以通过近距离通信技术(例如Bluetooth通信技术、Wi-Fi通信技术等)来实现连接以完成认证。反之,当二者相距较远时,可以通过远距离通信技术(例如4G/5G通信技术)来实现连接以完成认证。According to different implementation scenarios, the authentication device and the system-on-chip in FIG. 8 may be arranged at different distances. Therefore, the two can communicate and connect in different ways to achieve authentication. When the two are relatively close to each other, they can be connected through short-distance communication technology (such as Bluetooth communication technology, Wi-Fi communication technology, etc.) to complete the authentication. Conversely, when the two are far apart, they can be connected through long-distance communication technology (such as 4G/5G communication technology) to complete the authentication.
在一个实施场景,本公开的片上系统可以布置于交通工具处(例如自动驾驶车辆处)。在片上系统应用于自动驾驶领域时,在一些实施场景中,可以将片上系统布置于车载终端中。为了实现本公开的认证操作,前述的车载终端可以包括车载的信息采集装置(例如传感器、摄像头等)和车载的中控装置(例如处理器)等,从而可以提升自动驾驶领域中设备认证的便利性和安全性。另外,基于可信的片上系统对装置中各种信息的处理,可以大幅度提升自动驾驶车辆中装置的安全等级和性能,使得本公开的片上系统可以更好地服务于自动驾驶车辆。In an implementation scenario, the system-on-a-chip of the present disclosure may be arranged at a vehicle (for example, at an autonomous driving vehicle). When the system on a chip is applied to the field of automatic driving, in some implementation scenarios, the system on a chip can be arranged in a vehicle terminal. In order to realize the authentication operation of the present disclosure, the aforementioned vehicle-mounted terminal may include a vehicle-mounted information collection device (such as a sensor, a camera, etc.) and a vehicle-mounted central control device (such as a processor), so that the convenience of device authentication in the field of automatic driving can be improved. sex and safety. In addition, based on the trusted system-on-chip processing of various information in the device, the security level and performance of the device in the self-driving vehicle can be greatly improved, so that the system-on-chip of the present disclosure can better serve the self-driving vehicle.
图9是示出根据本公开的另一个实施例的认证系统中设备之间的认证交互过程900的示意图。FIG. 9 is a schematic diagram illustrating an authentication interaction process 900 between devices in an authentication system according to another embodiment of the present disclosure.
如图9所示,认证系统包括认证设备和至少一个片上系统。可以理解的是,这里片上系统可以是前文结合图1至图8所描述的片上系统,因此前文关于片上系统的描述也同样适用于下文的描述。本实施例以包括认证设备和一个片上系统的认证系统为例进行说明:As shown in FIG. 9 , the authentication system includes an authentication device and at least one SoC. It can be understood that the system-on-chip here may be the system-on-chip described above in conjunction with FIG. 1 to FIG. 8 , so the foregoing description about the system-on-chip is also applicable to the following description. In this embodiment, an authentication system including an authentication device and a system-on-chip is taken as an example for illustration:
在片上系统处执行下面示例性操作,从而完成片上系统的部署并等待认证设备发起的认证过程:Perform the following exemplary operations at the SoC, thereby completing the deployment of the SoC and waiting for the authentication process initiated by the authentication device:
在启动阶段,片上系统上电(BootUp)后,首先执行固化有启动程序,该启动程序可以存储于在片上系统中的BootRom(Boot Read-Only Memory,用于存储启动程序的存储器,其可以视为一小块掩模ROM或写保护闪存)。在启动过程中,片上系统可以运行上述的启动程序以生成芯片唯一的SoCID(即前述的唯一标识信息)。在本公开实施例中,如前所述,每次启动时,该片上系统均会对应生成一次芯片唯一的SoCID。在一个实施场景中,这里的BootRom可以是无盘启动ROM接口。在该场景下,本公开的方案可以通过远程启动服务来构造无盘工作站,从而能够高效地获取到芯片唯一的SoCID。In the startup phase, after the system-on-chip is powered on (BootUp), it first executes a solidified boot program, which can be stored in the BootRom (Boot Read-Only Memory) in the system-on-chip (Boot Read-Only Memory, a memory used to store the boot program, which can be viewed as as a small block of mask ROM or write-protected flash). During the startup process, the system-on-chip can run the above-mentioned startup program to generate the chip's unique SoCID (that is, the aforementioned unique identification information). In the embodiment of the present disclosure, as mentioned above, the system on chip generates a unique SoCID of the chip every time it is started. In an implementation scenario, the BootRom here may be a diskless boot ROM interface. In this scenario, the solution disclosed in the present disclosure can construct a diskless workstation by remotely starting the service, so that the unique SoCID of the chip can be obtained efficiently.
接着,利用设备标识组合引擎(DICE)来执行以下操作以生成公钥和私钥:首先, DICE生成一个随机数(random num),并对该随机数和SoCID执行单向算法(包括但不限于HASH、HMAC等算法)来生成UDS(即前述的唯一设备秘密),例如UDS=HMAC(SoCID||random num)。然后,DICE通过HASH算法来度量片上系统中各个软件层加载镜像的完整性,分别得到各个软件层的度量值H(L0)、H(L1)…H(Ln);接着,再对前述的度量值和UDS执行单向算法以得到密码初始值K
0,例如K
0=HMAC(UDS,H(L0)、H(L1)…H(Ln));最后将K
0作为输入,通过密钥派生算法(例如KDF派生函数)生成非对称密钥对K
pub(即公钥)和K
priv(即私钥),例如{K
pub,K
priv}=KDF{K
0}。
Next, use the device identity combination engine (DICE) to perform the following operations to generate the public key and the private key: first, DICE generates a random number (random num), and performs a one-way algorithm on the random number and SoCID (including but not limited to HASH, HMAC and other algorithms) to generate UDS (that is, the aforementioned unique device secret), for example, UDS=HMAC(SoCID||random num). Then, DICE uses the HASH algorithm to measure the integrity of the loading image of each software layer in the system on chip, and obtains the measurement values H(L0), H(L1)...H(Ln) of each software layer respectively; then, the aforementioned measurement Value and UDS perform a one-way algorithm to obtain the initial value K 0 of the password, for example, K 0 =HMAC(UDS,H(L0), H(L1)…H(Ln)); Finally, take K 0 as input and derive it through the key An algorithm (eg KDF derivation function) generates an asymmetric key pair K pub (ie public key) and K priv (ie private key), eg {K pub , K priv }=KDF{K 0 }.
通过上述操作,本公开的片上系统完成启动部署并且等待认证。在一些应用场景中,可以在启动部署完成后将公钥和系统敏感信息存储到认证设备处的数据库中,以便用于认证设备的稍后认证操作。Through the above operations, the system-on-a-chip of the present disclosure completes the startup deployment and waits for authentication. In some application scenarios, the public key and system sensitive information may be stored in a database at the authentication device after the startup deployment is completed, so as to be used for later authentication operations of the authentication device.
为了实现有效认证,认证设备在片上系统的运行阶段,向片上系统发出附带Nonce(如图中所示出的“N”)的认证请求,以便片上系统接收到Nonce后,逐级将Nonce值传递给DICE。接着,DICE可以利用前述私钥K
priv对Nonce和系统配置参数SysCfg以及关键内存值MemFill进行加密签名,并将前述的公钥、加密签名后的Nonce、系统配置参数SysCfg以及关键内存值MemFill作为认证证据Evidence(如图中所示出的“E”,其例如表示为E={N,H(SysCfg),H(MemFill)}K
priv)发送给认证设备。在一个实施例中,认证设备在每次生成认证请求过程中动态生成前述的Nonce值。
In order to achieve effective authentication, the authentication device sends an authentication request with a Nonce ("N" as shown in the figure) to the SoC during the running phase of the SoC, so that the Nonce value can be transferred step by step after the Nonce is received by the SoC to DICE. Then, DICE can use the aforementioned private key K priv to encrypt and sign the Nonce, system configuration parameter SysCfg, and key memory value MemFill, and use the aforementioned public key, encrypted signed Nonce, system configuration parameter SysCfg, and key memory value MemFill as authentication Evidence ("E" as shown in the figure, which is expressed as E={N, H(SysCfg), H(MemFill)}K priv for example) is sent to the authentication device. In one embodiment, the authentication device dynamically generates the aforementioned Nonce value during each generation of the authentication request.
认证设备接收到前述的认证证据后,利用存储在认证设备的数据库(database)中的基准公钥H(K
pub)验证K
pub的真实性(具体采用H(K
pub)所使用的加密运算对K
pub进行加密,判断加密后的K
pub与H(K
pub)是否一致)。若K
pub的真实性为真实,则利用K
pub对前述认证证据中的加密信息进行解密。接着,利用存储在认证设备的database中的基准敏感信息与前述证据中的系统配置参数(SysCfg)、关键内存值(MemFill)进行匹配(例如是否相同)。在片上系统侧的基准敏感信息与前述认证证据中的SysCfg和MemFill相匹配时,则可以确定运行阶段的片上系统可信。反之,则确定运行阶段的片上系统不可信。
After the authentication device receives the aforementioned authentication evidence, it uses the reference public key H(K pub ) stored in the database of the authentication device to verify the authenticity of K pub (specifically, the encryption operation used by H(K pub ) is used to K pub is encrypted, and it is judged whether the encrypted K pub is consistent with H(K pub ). If the authenticity of K pub is true, K pub is used to decrypt the encrypted information in the aforementioned authentication evidence. Next, use the baseline sensitive information stored in the database of the authentication device to match (for example, whether they are the same) with the system configuration parameters (SysCfg) and key memory values (MemFill) in the aforementioned evidence. When the baseline sensitive information on the SoC side matches the SysCfg and MemFill in the aforementioned authentication evidence, it can be determined that the SoC in the running stage is credible. On the contrary, it is determined that the SoC in the running stage is untrustworthy.
以上结合附图对本公开的方案进行了详细的描述。根据不同的应用场景,本披露的设备或装置可以包括服务器、云端服务器、服务器集群、数据处理装置、机器人、电脑、打印机、扫描仪、平板电脑、智能终端、PC设备、物联网终端、移动终端、手机、行车记录仪、导航仪、传感器、摄像头、相机、摄像机、投影仪、手表、耳机、移动存储、可穿戴设备、视觉终端、自动驾驶终端、交通工具、家用电器、和/或医疗设备。所述交通工具包括飞机、轮船和/或车辆;所述家用电器包括电视、空调、微波炉、冰箱、电饭煲、加湿器、洗衣机、电灯、燃气灶、油烟机;所述医疗设备包括核磁共振仪、B超仪和/或心电图仪。本披露的设备或装置还可以被应用于互联网、物联网、数据中心、能源、交通、公共管理、制造、教育、电网、电信、金融、零售、工地、医疗等领域。The solution of the present disclosure has been described in detail above with reference to the accompanying drawings. According to different application scenarios, the devices or devices disclosed in this disclosure may include servers, cloud servers, server clusters, data processing devices, robots, computers, printers, scanners, tablet computers, smart terminals, PC equipment, Internet of Things terminals, mobile terminals , mobile phone, driving recorder, navigator, sensor, camera, camera, video camera, projector, watch, earphone, mobile storage, wearable device, visual terminal, automatic driving terminal, transportation, household appliances, and/or medical equipment . Said vehicles include airplanes, ships and/or vehicles; said household appliances include televisions, air conditioners, microwave ovens, refrigerators, rice cookers, humidifiers, washing machines, electric lights, gas stoves, range hoods; said medical equipment includes nuclear magnetic resonance instruments, Ultrasound and/or electrocardiograph. The devices or devices disclosed in the present disclosure can also be applied to fields such as the Internet, the Internet of Things, data centers, energy, transportation, public management, manufacturing, education, power grids, telecommunications, finance, retail, construction sites, and medical care.
进一步,本披露的设备或装置还可以用于云端、边缘端、终端等与人工智能、大数据和/或云计算相关的应用场景中。在一个或多个实施例中,根据本披露方案的算力高的设备或装置可以应用于云端设备(例如云端服务器),而功耗小的设备或装置可以应用于终端设备和/或边缘端设备(例如智能手机或摄像头)。在一个或多个实施例 中,云端设备的硬件信息和终端设备和/或边缘端设备的硬件信息相互兼容,从而可以根据终端设备和/或边缘端设备的硬件信息,从云端设备的硬件资源中匹配出合适的硬件资源来模拟终端设备和/或边缘端设备的硬件资源,以便完成端云一体或云边端一体的统一管理、调度和协同工作。Further, the device or device disclosed herein can also be used in application scenarios related to artificial intelligence, big data, and/or cloud computing, such as cloud, edge, and terminal. In one or more embodiments, the device or device with high computing power according to the present disclosure can be applied to cloud devices (such as cloud servers), and the device or device with low power consumption can be applied to terminal devices and/or edge terminals Devices (such as smartphones or cameras). In one or more embodiments, the hardware information of the cloud device and the hardware information of the terminal device and/or the edge device are compatible with each other, so that according to the hardware information of the terminal device and/or the edge device, the hardware resources of the cloud device can be Match appropriate hardware resources to simulate the hardware resources of terminal devices and/or edge devices, so as to complete the unified management, scheduling and collaborative work of device-cloud integration or cloud-edge-end integration.
需要说明的是,为了简明的目的,本披露将一些方法及其实施例表述为一系列的动作及其组合,但是本领域技术人员可以理解本披露的方案并不受所描述的动作的顺序限制。因此,依据本披露的公开或教导,本领域技术人员可以理解其中的某些步骤可以采用其他顺序来执行或者同时执行。进一步,本领域技术人员可以理解本披露所描述的实施例可以视为可选实施例,即其中所涉及的动作或模块对于本披露某个或某些方案的实现并不一定是必需的。另外,根据方案的不同,本披露对一些实施例的描述也各有侧重。鉴于此,本领域技术人员可以理解本披露某个实施例中没有详述的部分,也可以参见其他实施例的相关描述。It should be noted that, for the purpose of brevity, the present disclosure expresses some methods and their embodiments as a series of actions and combinations thereof, but those skilled in the art can understand that the solution of the present disclosure is not limited by the order of the described actions . Therefore, according to the disclosure or teaching of the present disclosure, those skilled in the art may understand that certain steps may be performed in other orders or simultaneously. Further, those skilled in the art can understand that the embodiments described in the present disclosure can be regarded as optional embodiments, that is, the actions or modules involved therein are not necessarily required for the realization of one or some solutions of the present disclosure. In addition, according to different schemes, the description of some embodiments in this disclosure also has different emphases. In view of this, those skilled in the art may understand the part that is not described in detail in a certain embodiment of the present disclosure, and may also refer to related descriptions of other embodiments.
在具体实现方面,基于本披露的公开和教导,本领域技术人员可以理解本披露所公开的若干实施例也可以通过本文未公开的其他方式来实现。例如,就前文所述的设备或装置实施例中的各个单元来说,本文在考虑了逻辑功能的基础上对其进行划分,而实际实现时也可以有另外的划分方式。又例如,可以将多个单元或组件结合或者集成到另一个系统,或者对单元或组件中的一些特征或功能进行选择性地禁用。就不同单元或组件之间的连接关系而言,前文结合附图所讨论的连接可以是单元或组件之间的直接或间接耦合。在一些场景中,前述的直接或间接耦合涉及利用接口的通信连接,其中通信接口可以支持电性、光学、声学、磁性或其它形式的信号传输。In terms of specific implementation, based on the disclosure and teachings of the present disclosure, those skilled in the art may understand that several embodiments disclosed in the present disclosure may also be implemented in other ways not disclosed herein. For example, with respect to each unit in the above-mentioned device or device embodiment, this paper divides them on the basis of considering logical functions, but there may be other division methods in actual implementation. As another example, multiple units or components may be combined or integrated into another system, or some features or functions in units or components may be selectively disabled. As far as the connection relationship between different units or components is concerned, the connections discussed above in conjunction with the drawings may be direct or indirect couplings between units or components. In some scenarios, the aforementioned direct or indirect coupling involves a communication connection using an interface, where the communication interface may support electrical, optical, acoustic, magnetic or other forms of signal transmission.
在本披露中,作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元示出的部件可以是或者也可以不是物理单元。前述部件或单元可以位于同一位置或者分布到多个网络单元上。另外,根据实际的需要,可以选择其中的部分或者全部单元来实现本披露实施例所述方案的目的。另外,在一些场景中,本披露实施例中的多个单元可以集成于一个单元中或者各个单元物理上单独存在。In the present disclosure, a unit described as a separate component may or may not be physically separated, and a component shown as a unit may or may not be a physical unit. The aforementioned components or units may be located at the same location or distributed over multiple network units. In addition, according to actual needs, some or all of the units may be selected to achieve the purpose of the solutions described in the embodiments of the present disclosure. In addition, in some scenarios, multiple units in the embodiments of the present disclosure may be integrated into one unit, or each unit exists physically independently.
在一些实现场景中,上述集成的单元可以采用软件程序模块的形式来实现。如果以软件程序模块的形式实现并作为独立的产品销售或使用时,所述集成的单元可以存储在计算机可读取存储器中。基于此,当本披露的方案以软件产品(例如计算机可读存储介质)的形式体现时,该软件产品可以存储在存储器中,其可以包括若干指令用以使得计算机设备(例如个人计算机、服务器或者网络设备等)执行本披露实施例所述方法的部分或全部步骤。前述的存储器可以包括但不限于U盘、闪存盘、只读存储器(“Read Only Memory”,简写为ROM)、随机存取存储器(“Random Access Memory”,简写为RAM)、移动硬盘、磁碟或者光盘等各种可以存储程序代码的介质。In some implementation scenarios, the above integrated units may be implemented in the form of software program modules. If implemented in the form of a software program module and sold or used as a stand-alone product, the integrated unit may be stored in a computer readable memory. Based on this, when the solution of the present disclosure is embodied in the form of a software product (such as a computer-readable storage medium), the software product can be stored in a memory, and it can include several instructions to make a computer device (such as a personal computer, a server, or Network devices, etc.) execute some or all of the steps of the methods described in the embodiments of the present disclosure. The aforementioned memory may include but not limited to U disk, flash disk, read-only memory ("Read Only Memory", abbreviated as ROM), random access memory ("Random Access Memory", abbreviated as RAM), mobile hard disk, magnetic disk Or various media such as CDs that can store program codes.
在另外一些实现场景中,上述集成的单元也可以采用硬件的形式实现,即为具体的硬件电路,其可以包括数字电路和/或模拟电路等。电路的硬件结构的物理实现可以包括但不限于物理器件,而物理器件可以包括但不限于晶体管或忆阻器等器件。鉴于此,本文所述的各类装置(例如计算装置或其他处理装置)可以通过适当的硬件处理器来实现,例如CPU、GPU、FPGA、DSP和ASIC等。进一步,前述的所述存储单元或存储装置可以是任意适当的存储介质(包括磁存储介质或磁光存储介质等),其例如可以是可变电阻式存储器(“Resistive Random Access Memory”,简写为RRAM)、 动态随机存取存储器(“Dynamic Random Access Memory”,简写为DRAM)、静态随机存取存储器(“Static Random Access Memory”,简写为SRAM)、增强动态随机存取存储器(“Enhanced Dynamic Random Access Memory”,简写为“EDRAM”)、高带宽存储器(“High Bandwidth Memory”,简写为“HBM”)、混合存储器立方体(“Hybrid Memory Cube”,简写为“HMC”)、ROM和RAM等。In other implementation scenarios, the above-mentioned integrated units may also be implemented in the form of hardware, that is, specific hardware circuits, which may include digital circuits and/or analog circuits. The physical realization of the hardware structure of the circuit may include but not limited to physical devices, and the physical devices may include but not limited to devices such as transistors or memristors. In view of this, various devices (such as computing devices or other processing devices) described herein may be implemented by appropriate hardware processors, such as CPU, GPU, FPGA, DSP, and ASIC. Further, the aforementioned storage unit or storage device can be any suitable storage medium (including magnetic storage medium or magneto-optical storage medium, etc.), which can be, for example, a variable resistance memory ("Resistive Random Access Memory", abbreviated as RRAM), dynamic random access memory ("Dynamic Random Access Memory", abbreviated as DRAM), static random access memory ("Static Random Access Memory", abbreviated as SRAM), enhanced dynamic random access memory ("Enhanced Dynamic Random Access Memory", abbreviated as "EDRAM"), high bandwidth memory ("High Bandwidth Memory", abbreviated as "HBM"), hybrid memory cube ("Hybrid Memory Cube", abbreviated as "HMC"), ROM and RAM, etc.
依据以下条款可更好地理解前述内容:The foregoing can be better understood in light of the following terms:
条款A1、一种用于对片上系统进行认证的方法,包括:Clause A1. A method for authenticating a system on chip, comprising:
从认证设备接收对片上系统进行认证的认证请求,其中所述认证请求包括第一认证信息;receiving an authentication request for authenticating a system-on-chip from an authentication device, wherein the authentication request includes first authentication information;
根据所述第一认证信息和第二认证信息确定认证证据;以及determining authentication evidence according to the first authentication information and the second authentication information; and
向所述认证设备发送所述认证证据,以便所述认证设备利用所述认证证据对运行阶段的所述片上系统是否可信进行认证。The authentication evidence is sent to the authentication device, so that the authentication device uses the authentication evidence to authenticate whether the system-on-chip in the running phase is authentic.
条款A2、根据条款A1所述的方法,其中所述第一认证信息由所述认证设备动态生成,并且所述第二认证信息包括所述片上系统的敏感信息和基于设备标识组合引擎动态生成的密钥,所述方法还包括:Clause A2. The method according to Clause A1, wherein the first authentication information is dynamically generated by the authentication device, and the second authentication information includes sensitive information of the system-on-chip and an authentication information dynamically generated based on a device identity combination engine. key, the method also includes:
在所述片上系统处获取所述第二认证信息。The second authentication information is acquired at the system on chip.
条款A3、根据条款A2所述的方法,其中所述密钥是基于设备标识组合引擎动态生成的,所述方法还包括:Clause A3. The method of clause A2, wherein the key is dynamically generated based on a device identity combination engine, the method further comprising:
获取所述片上系统的唯一标识信息;Obtain unique identification information of the system on chip;
令所述设备标识组合引擎执行以下操作:Make the device identification combination engine perform the following operations:
使用所述唯一标识信息来生成唯一设备秘密;以及using the unique identification information to generate a unique device secret; and
基于所述唯一设备秘密来生成非对称加密的所述密钥。The key for asymmetric encryption is generated based on the unique device secret.
条款A4、根据条款A3所述的方法,其中在使用所述唯一标识信息来生成唯一设备秘密中,所述设备标识组合引擎执行:Clause A4. The method of Clause A3, wherein in using the unique identification information to generate a unique device secret, the device identity combination engine performs:
动态生成随机数;以及Generate random numbers dynamically; and
对所述随机数和所述唯一标识信息进行单向运算,得到所述唯一设备秘密。A one-way operation is performed on the random number and the unique identification information to obtain the unique device secret.
条款A5、根据条款A3所述的方法,其中在基于所述唯一设备秘密来生成非对称加密的所述密钥中,所述设备标识组合引擎执行:Clause A5. The method of Clause A3, wherein in generating the key for asymmetric encryption based on the unique device secret, the device identity combination engine performs:
基于所述唯一设备秘密分别对所述片上系统中各个软件层的镜像加载的完整性进行度量,得到每个所述软件层的度量值;Measuring the image loading integrity of each software layer in the system-on-chip based on the unique device secret to obtain a measurement value for each software layer;
对所有所述软件层的度量值和所述唯一设备秘密进行单向运算,以得到密钥初始值;以及performing a one-way operation on all of said software layer metrics and said unique device secret to obtain an initial key value; and
对所述密钥初始值进行密钥派生运算,以得到所述密钥。performing a key derivation operation on the initial value of the key to obtain the key.
条款A6、根据条款A2-A5的任一项所述的方法,其中所述密钥包括公钥和私钥,其中根据所述第一认证信息和所述第二认证信息确定认证证据包括在所述片上系统的运行阶段,执行以下操作:Clause A6. The method of any one of clauses A2-A5, wherein said key comprises a public key and a private key, wherein determining authentication evidence based on said first authentication information and said second authentication information comprises in said During the operation phase of the above-mentioned system-on-chip, perform the following operations:
根据所述私钥对所述敏感信息和所述第一认证信息进行加密签名;以及cryptographically signing the sensitive information and the first authentication information according to the private key; and
根据所述公钥、经加密签名后的敏感信息和第一认证信息生成所述认证证据。The authentication evidence is generated according to the public key, the encrypted and signed sensitive information and the first authentication information.
条款A7、根据条款A6所述的方法,其中所述敏感信息包括经加密的系统配置参数和系统内存填充值。Clause A7. The method of Clause A6, wherein the sensitive information includes encrypted system configuration parameters and system memory fill values.
条款A8、一种用于对片上系统进行认证的方法,包括:Clause A8. A method for authenticating a system on chip, comprising:
生成用于发起对所述片上系统进行认证的认证请求,其中所述认证请求包括第一认证信息;generating an authentication request for initiating authentication of the system-on-chip, where the authentication request includes first authentication information;
向所述片上系统处发送所述认证请求,以便在所述片上系统处接收到所述认证请求时,基于第二认证信息和所述第一认证信息确定认证证据;sending the authentication request to the system-on-chip, so that when the authentication request is received at the system-on-chip, an authentication proof is determined based on the second authentication information and the first authentication information;
从所述片上系统处接收所述认证证据;以及receiving the authentication evidence from the system-on-chip; and
根据所述认证证据对运行阶段的所述片上系统是否可信进行认证。Authenticate whether the system-on-chip in the running phase is authentic according to the authentication evidence.
条款A9、根据条款A8所述的方法,其中所述第一认证信息包括随机数,所述方法包括:Clause A9. The method of Clause A8, wherein the first authentication information comprises a random number, the method comprising:
在每次生成所述认证请求的过程中,动态地生成所述随机数。During each generation of the authentication request, the random number is dynamically generated.
条款A10、根据条款A8所述的方法,其中根据所述认证证据对运行阶段的所述片上系统是否可信进行认证包括:Clause A10. The method of Clause A8, wherein authenticating based on the authentication evidence whether the system-on-a-chip in the runtime phase is authentic comprises:
获取与认证所述片上系统相关的基准证据;Obtain benchmark evidence relevant to certifying said system-on-chip;
判断所述基准证据与所述认证证据是否相匹配;judging whether the benchmark evidence matches the authentication evidence;
响应于所述基准证据与所述认证证据相匹配,确定所述运行阶段的片上系统可信;或者determining that the system-on-chip of the runtime phase is authentic in response to the baseline evidence matching the authentication evidence; or
响应于所述基准证据与所述认证证据不匹配,确定所述运行阶段的片上系统不可信。In response to the baseline evidence not matching the authentication evidence, it is determined that the run-stage system-on-chip is not authentic.
条款A11、根据条款A10所述的方法,其中所述认证证据包括公钥和经私钥加密签名后的敏感信息,所述公钥和所述私钥是基于设备标识组合引擎动态生成的密钥对,所述基准数据包括所述基准敏感信息和基准公钥,其中判断所述基准证据与所述认证证据是否相匹配包括:Clause A11. The method of clause A10, wherein the authentication evidence includes a public key and a private key cryptographically signed sensitive information, the public key and the private key being dynamically generated based on a device identity combination engine Yes, the reference data includes the reference sensitive information and the reference public key, and judging whether the reference evidence matches the authentication evidence includes:
根据所述基准公钥对所述认证证据中的所述公钥进行验证;verifying the public key in the authentication evidence based on the reference public key;
响应于所述认证证据中的公钥通过所述验证,根据所述公钥对所述认证证据中的所述敏感信息进行解密;Decrypting the sensitive information in the authentication evidence according to the public key in response to the public key in the authentication evidence passing the verification;
判断所述基准敏感信息与解密后的所述敏感信息是否匹配;以及judging whether the benchmark sensitive information matches the decrypted sensitive information; and
根据匹配结果判断所述基准证据与所述认证证据是否相匹配。Judging whether the reference evidence matches the authentication evidence according to the matching result.
条款A12、根据条款A10或条款A11所述的方法,其中所述基准敏感信息包括经加密的系统配置参数和系统内存填充值。Clause A12. The method of Clause A10 or Clause A11, wherein the baseline sensitive information includes encrypted system configuration parameters and system memory fill values.
条款A13、一种用于对片上系统进行认证的方法,包括:Clause A13. A method for authenticating a system on a chip comprising:
在认证设备处执行:Execute at the authentication device:
用于发起对所述片上系统进行认证的认证请求,其中所述认证请求包括第一认证信息;An authentication request for initiating authentication of the system-on-chip, where the authentication request includes first authentication information;
向所述片上系统处发送所述认证请求;sending the authentication request to the system on chip;
在处于运行阶段的片上系统处执行:Execute at the SoC in the run phase:
接收来自于所述认证设备的所述认证请求;receiving the authentication request from the authentication device;
根据所述第一认证信息和第二认证信息确定认证证据;以及determining authentication evidence according to the first authentication information and the second authentication information; and
向所述认证设备发送所述认证证据;sending the authentication evidence to the authentication device;
在所述认证设备处执行:Execute at the authentication device:
接收所述认证证据;以及receiving said proof of authentication; and
根据所述认证证据对处于运行阶段的所述片上系统是否可信进行认证。Authenticate whether the system-on-chip in the running phase is authentic according to the authentication evidence.
条款A14、一种片上系统,包括:Clause A14. A system on a chip comprising:
处理器;以及processor; and
存储器,其存储有程序,当所述程序由处理器执行时,使得所述片上系统执行根据条款A1-A7的任意一项所述的方法。A memory storing a program which, when executed by the processor, causes the system-on-chip to perform the method according to any one of clauses A1-A7.
条款A15、一种用于对片上系统进行认证的认证设备,包括:Clause A15. An authentication device for authenticating a system on a chip, comprising:
处理器;以及processor; and
存储器,其存储有程序,当所述程序由处理器执行时,使得所述认证设备执行根据条款A8-A12的任意一项所述的方法。A memory storing a program which, when executed by the processor, causes the authentication device to perform the method according to any one of clauses A8-A12.
条款A16、一种计算机程序产品,包括用于对片上系统进行认证的计算机程序,所述计算机程序在被处理器执行时,实现根据条款A1-A7或条款A8-A12中任意一项所述的方法。Clause A16. A computer program product comprising a computer program for authenticating a system-on-chip, which computer program, when executed by a processor, implements any of clauses A1-A7 or clauses A8-A12 method.
条款A17、一种用于对片上系统进行认证的认证系统,包括:Clause A17. An authentication system for authenticating a system on a chip, comprising:
至少一个如条款A14所述的片上系统,其配置成执行根据条款A1-A7的任意一项所述的方法,以便生成所述认证证据;以及At least one system-on-chip according to clause A14 configured to perform the method according to any one of clauses A1-A7 in order to generate said proof of authentication; and
如条款A15所述的认证设备,其配置成执行根据条款A8-A12的任意一项所述的方法,以便根据所述认证证据来认证运行阶段的所述片上系统是否可信。An authentication device according to clause A15, configured to perform the method according to any one of clauses A8-A12, in order to authenticate whether said system-on-chip in a run phase is authentic based on said authentication evidence.
虽然本说明书已经示出和描述了本公开的多个实施方式,但对于本领域技术人员显而易见的是,这样的实施方式只是以示例的方式提供的。本领域技术人员会在不偏离本公开思想和精神情况下想到许多更改、改变和替代的方式。应当理解的是在实践本公开的过程中,可以采用对本文所描述的本公开实施方式的各种替代方案。所附权利要求书旨在限定本公开的保护范围,并因此覆盖这些权利要求范围内的模块组成、等同或替代方案。While the specification has shown and described various embodiments of the disclosure, it will be obvious to those skilled in the art that such embodiments are provided by way of example only. Many modifications, changes and substitutions will occur to those skilled in the art without departing from the idea and spirit of the present disclosure. It should be understood that various alternatives to the embodiments of the disclosure described herein may be employed in practicing the disclosure. It is intended that the appended claims define the scope of protection of the present disclosure and therefore cover modular compositions, equivalents or alternatives within the scope of these claims.
Claims (17)
- 一种用于对片上系统进行认证的方法,包括:A method for authenticating a system-on-chip, comprising:从认证设备接收对片上系统进行认证的认证请求,其中所述认证请求包括第一认证信息;receiving an authentication request for authenticating a system-on-chip from an authentication device, wherein the authentication request includes first authentication information;根据所述第一认证信息和第二认证信息确定认证证据;以及determining authentication evidence according to the first authentication information and the second authentication information; and向所述认证设备发送所述认证证据,以便所述认证设备利用所述认证证据对运行阶段的所述片上系统是否可信进行认证。The authentication evidence is sent to the authentication device, so that the authentication device uses the authentication evidence to authenticate whether the system-on-chip in the running phase is authentic.
- 根据权利要求1所述的方法,其中所述第一认证信息由所述认证设备动态生成,并且所述第二认证信息包括所述片上系统的敏感信息和基于设备标识组合引擎动态生成的密钥,所述方法还包括:The method according to claim 1, wherein the first authentication information is dynamically generated by the authentication device, and the second authentication information includes sensitive information of the SoC and a key dynamically generated based on a device identification combination engine , the method also includes:在所述片上系统处获取所述第二认证信息。The second authentication information is acquired at the system on chip.
- 根据权利要求2所述的方法,其中所述密钥是基于设备标识组合引擎动态生成的,所述方法还包括:The method according to claim 2, wherein the key is dynamically generated based on a device identity combination engine, the method further comprising:获取所述片上系统的唯一标识信息;Obtain unique identification information of the system on chip;令所述设备标识组合引擎执行以下操作:Make the device identification combination engine perform the following operations:使用所述唯一标识信息来生成唯一设备秘密;以及using the unique identification information to generate a unique device secret; and基于所述唯一设备秘密来生成非对称加密的所述密钥。The key for asymmetric encryption is generated based on the unique device secret.
- 根据权利要求3所述的方法,其中在使用所述唯一标识信息来生成唯一设备秘密中,所述设备标识组合引擎执行:The method of claim 3, wherein in using the unique identification information to generate a unique device secret, the device identification combination engine performs:动态生成随机数;以及Generate random numbers dynamically; and对所述随机数和所述唯一标识信息进行单向运算,得到所述唯一设备秘密。A one-way operation is performed on the random number and the unique identification information to obtain the unique device secret.
- 根据权利要求3所述的方法,其中在基于所述唯一设备秘密来生成非对称加密的所述密钥中,所述设备标识组合引擎执行:The method of claim 3, wherein in generating the key for asymmetric encryption based on the unique device secret, the device identity combination engine performs:基于所述唯一设备秘密分别对所述片上系统中各个软件层的镜像加载的完整性进行度量,得到每个所述软件层的度量值;Measuring the image loading integrity of each software layer in the system-on-chip based on the unique device secret to obtain a measurement value for each software layer;对所有所述软件层的度量值和所述唯一设备秘密进行单向运算,以得到密钥初始值;以及performing a one-way operation on all of said software layer metrics and said unique device secret to obtain an initial key value; and对所述密钥初始值进行密钥派生运算,以得到所述密钥。performing a key derivation operation on the initial value of the key to obtain the key.
- 根据权利要求2至5中任一项所述的方法,其中所述密钥包括公钥和私钥,其中根据所述第一认证信息和所述第二认证信息确定认证证据包括在所述片上系统的运行阶段,执行以下操作:A method according to any one of claims 2 to 5, wherein said key comprises a public key and a private key, wherein determining from said first authentication information and said second authentication information that an authentication proof is included on said chip During the running phase of the system, perform the following operations:根据所述私钥对所述敏感信息和所述第一认证信息进行加密签名;以及cryptographically signing the sensitive information and the first authentication information according to the private key; and根据所述公钥、经加密签名后的敏感信息和第一认证信息生成所述认证证据。The authentication evidence is generated according to the public key, the encrypted and signed sensitive information and the first authentication information.
- 根据权利要求6所述的方法,其中所述敏感信息包括经加密的系统配置参数和系统内存填充值。The method of claim 6, wherein the sensitive information includes encrypted system configuration parameters and system memory fill values.
- 一种用于对片上系统进行认证的方法,包括:A method for authenticating a system-on-chip, comprising:生成用于发起对所述片上系统进行认证的认证请求,其中所述认证请求包括第一认证信息;generating an authentication request for initiating authentication of the system-on-chip, where the authentication request includes first authentication information;向所述片上系统处发送所述认证请求,以便在所述片上系统处接收到所述认证请求时,基于第二认证信息和所述第一认证信息确定认证证据;sending the authentication request to the system-on-chip, so that when the authentication request is received at the system-on-chip, an authentication proof is determined based on the second authentication information and the first authentication information;从所述片上系统处接收所述认证证据;以及receiving the authentication evidence from the system-on-chip; and根据所述认证证据对运行阶段的所述片上系统是否可信进行认证。Authenticate whether the system-on-chip in the running phase is authentic according to the authentication evidence.
- 根据权利要求8所述的方法,其中所述第一认证信息包括随机数,所述方法包括:The method according to claim 8, wherein the first authentication information includes a random number, the method comprising:在每次生成所述认证请求的过程中,动态地生成所述随机数。During each generation of the authentication request, the random number is dynamically generated.
- 根据权利要求8所述的方法,其中根据所述认证证据对运行阶段的所述片上系统是否可信进行认证包括:The method according to claim 8, wherein authenticating whether the system-on-chip in the running phase is authentic according to the authentication evidence comprises:获取与认证所述片上系统相关的基准证据;Obtain benchmark evidence relevant to certifying said system-on-chip;判断所述基准证据与所述认证证据是否相匹配;judging whether the benchmark evidence matches the authentication evidence;响应于所述基准证据与所述认证证据相匹配,确定所述运行阶段的片上系统可信;或者determining that the system-on-chip of the runtime phase is authentic in response to the baseline evidence matching the authentication evidence; or响应于所述基准证据与所述认证证据不匹配,确定所述运行阶段的片上系统不可信。In response to the baseline evidence not matching the authentication evidence, it is determined that the run-stage system-on-chip is not authentic.
- 根据权利要求10所述的方法,其中所述认证证据包括公钥和经私钥加密签名后的敏感信息,所述公钥和所述私钥是基于设备标识组合引擎动态生成的密钥对,所述基准数据包括所述基准敏感信息和基准公钥,其中判断所述基准证据与所述认证证据是否相匹配包括:The method according to claim 10, wherein the authentication evidence includes a public key and sensitive information encrypted and signed by a private key, the public key and the private key are a key pair dynamically generated based on a device identity combination engine, The reference data includes the reference sensitive information and the reference public key, and judging whether the reference evidence matches the authentication evidence includes:根据所述基准公钥对所述认证证据中的所述公钥进行验证;verifying the public key in the authentication evidence based on the reference public key;响应于所述认证证据中的公钥通过所述验证,根据所述公钥对所述认证证据中的所述敏感信息进行解密;Decrypting the sensitive information in the authentication evidence according to the public key in response to the public key in the authentication evidence passing the verification;判断所述基准敏感信息与解密后的所述敏感信息是否匹配;以及judging whether the benchmark sensitive information matches the decrypted sensitive information; and根据匹配结果判断所述基准证据与所述认证证据是否相匹配。Judging whether the reference evidence matches the authentication evidence according to the matching result.
- 根据权利要求10或11所述的方法,其中所述基准敏感信息包括经加密的系统配置参数和系统内存填充值。The method of claim 10 or 11, wherein the baseline sensitive information includes encrypted system configuration parameters and system memory fill values.
- 一种用于对片上系统进行认证的方法,包括:A method for authenticating a system-on-chip, comprising:在认证设备处执行:Execute at the authentication device:用于发起对所述片上系统进行认证的认证请求,其中所述认证请求包括第一认证信息;An authentication request for initiating authentication of the system-on-chip, where the authentication request includes first authentication information;向所述片上系统处发送所述认证请求;sending the authentication request to the system on chip;在处于运行阶段的片上系统处执行:Execute at the SoC in the run phase:接收来自于所述认证设备的所述认证请求;receiving the authentication request from the authentication device;根据所述第一认证信息和第二认证信息确定认证证据;以及determining authentication evidence according to the first authentication information and the second authentication information; and向所述认证设备发送所述认证证据;sending the authentication evidence to the authentication device;在所述认证设备处执行:Execute at the authentication device:接收所述认证证据;以及receiving said proof of authentication; and根据所述认证证据对处于运行阶段的所述片上系统是否可信进行认证。Authenticate whether the system-on-chip in the running phase is authentic according to the authentication evidence.
- 一种片上系统,包括:A system on a chip comprising:处理器;以及processor; and存储器,其存储有程序,当所述程序由处理器执行时,使得所述片上系统执行根据权利要求1-7的任意一项所述的方法。A memory storing a program, which, when the program is executed by the processor, causes the system-on-chip to execute the method according to any one of claims 1-7.
- 一种用于对片上系统进行认证的认证设备,包括:An authentication device for authenticating a system-on-chip, comprising:处理器;以及processor; and存储器,其存储有程序,当所述程序由处理器执行时,使得所述认证设备执行根据权利要求8-12的任意一项所述的方法。A memory storing a program, which, when the program is executed by the processor, causes the authentication device to execute the method according to any one of claims 8-12.
- 一种计算机程序产品,包括用于对片上系统进行认证的计算机程序,所述计算机程序在被处理器执行时,实现根据权利要求1-7或权利要求8-12中任意一项所述的方法。A computer program product comprising a computer program for authenticating a system on a chip, said computer program, when executed by a processor, implementing the method according to any one of claims 1-7 or 8-12 .
- 一种用于对片上系统进行认证的认证系统,包括:An authentication system for authenticating a system-on-chip, comprising:至少一个如权利要求14所述的片上系统,其配置成执行根据权利要求1-7的任意一项所述的方法,以便生成所述认证证据;以及at least one system-on-chip according to claim 14, configured to perform a method according to any one of claims 1-7, in order to generate said authentication evidence; and如权利要求15所述的认证设备,其配置成执行根据权利要求8-12的任意一项所述的方法,以便根据所述认证证据来认证运行阶段的所述片上系统是否可信。The authentication device according to claim 15, configured to execute the method according to any one of claims 8-12, so as to authenticate whether the system-on-chip in the running phase is authentic according to the authentication evidence.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110734789.3 | 2021-06-30 | ||
CN202110734789.3A CN115544484A (en) | 2021-06-30 | 2021-06-30 | Method for authenticating a system on chip and related product |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2023273933A1 true WO2023273933A1 (en) | 2023-01-05 |
Family
ID=84691205
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2022/099768 WO2023273933A1 (en) | 2021-06-30 | 2022-06-20 | Method for authenticating system on chip, and related product |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN115544484A (en) |
WO (1) | WO2023273933A1 (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2009089764A1 (en) * | 2008-01-10 | 2009-07-23 | Shaohua Ren | A system and method of secure network authentication |
CN102656592A (en) * | 2010-02-16 | 2012-09-05 | 松下电器产业株式会社 | Information processing device, information processing system, software routine execution method, and remote attestation method |
CN109547213A (en) * | 2018-12-14 | 2019-03-29 | 西安电子科技大学 | Suitable for networking Verification System and method between the star of low-track satellite network |
CN110417776A (en) * | 2019-07-29 | 2019-11-05 | 大唐高鸿信安(浙江)信息科技有限公司 | A kind of identity identifying method and device |
-
2021
- 2021-06-30 CN CN202110734789.3A patent/CN115544484A/en active Pending
-
2022
- 2022-06-20 WO PCT/CN2022/099768 patent/WO2023273933A1/en active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2009089764A1 (en) * | 2008-01-10 | 2009-07-23 | Shaohua Ren | A system and method of secure network authentication |
CN102656592A (en) * | 2010-02-16 | 2012-09-05 | 松下电器产业株式会社 | Information processing device, information processing system, software routine execution method, and remote attestation method |
CN109547213A (en) * | 2018-12-14 | 2019-03-29 | 西安电子科技大学 | Suitable for networking Verification System and method between the star of low-track satellite network |
CN110417776A (en) * | 2019-07-29 | 2019-11-05 | 大唐高鸿信安(浙江)信息科技有限公司 | A kind of identity identifying method and device |
Also Published As
Publication number | Publication date |
---|---|
CN115544484A (en) | 2022-12-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11516011B2 (en) | Blockchain data processing methods and apparatuses based on cloud computing | |
US20190334713A1 (en) | Encryption Card, Electronic Device, and Encryption Service Method | |
US20210036999A1 (en) | Method and apparatus for communication between internet of things devices | |
US11030317B2 (en) | Independently recoverable security for processor and peripheral communication | |
US20210328810A1 (en) | Methods and apparatuses for processing transactions based on blockchain integrated station | |
US20210311629A1 (en) | Trusted memory sharing mechanism | |
US11977962B2 (en) | Immutable watermarking for authenticating and verifying AI-generated output | |
US20120174199A1 (en) | Pairing of base and detachable device | |
US11847253B2 (en) | Efficient launching of trusted execution environments | |
TW202001657A (en) | Integrated-chip -based data processing method, computing device, and storage media | |
US11620411B2 (en) | Elastic launch for trusted execution environments | |
WO2020029254A1 (en) | Soc chip and bus access control method | |
US11205021B2 (en) | Securing accessory interface | |
US20220391494A1 (en) | Sharing container data inside a tenant's pod under different trusted execution environments (tees) | |
EP4198780A1 (en) | Distributed attestation in heterogenous computing clusters | |
WO2017071429A1 (en) | Data access method and bus | |
US20220417215A1 (en) | Cloud-hosted management for edge computing devices | |
US12003960B2 (en) | Booting and operating computing devices at designated locations | |
WO2023273933A1 (en) | Method for authenticating system on chip, and related product | |
US20230106455A1 (en) | Efficient launching of trusted execution environments | |
US11983264B2 (en) | Adaptive acceleration of transport layer security | |
US11416370B2 (en) | Platform measurement collection mechanism | |
US11563579B2 (en) | Token-based zero-touch enrollment for provisioning edge computing applications | |
US20240152619A1 (en) | Mechanism to update attested firmware on a platform | |
US20240273220A1 (en) | Information processing system, information processing method and computer readable medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 22831751 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 22831751 Country of ref document: EP Kind code of ref document: A1 |