+

CN115438332A - Chip identification method, computer equipment and readable storage medium - Google Patents

Chip identification method, computer equipment and readable storage medium Download PDF

Info

Publication number
CN115438332A
CN115438332A CN202211085789.6A CN202211085789A CN115438332A CN 115438332 A CN115438332 A CN 115438332A CN 202211085789 A CN202211085789 A CN 202211085789A CN 115438332 A CN115438332 A CN 115438332A
Authority
CN
China
Prior art keywords
chip
firmware
signature
plaintext
public key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211085789.6A
Other languages
Chinese (zh)
Inventor
丁镜然
刘海亮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiangsu Xinsheng Intelligent Technology Co ltd
Original Assignee
Jiangsu Xinsheng Intelligent Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiangsu Xinsheng Intelligent Technology Co ltd filed Critical Jiangsu Xinsheng Intelligent Technology Co ltd
Priority to CN202211085789.6A priority Critical patent/CN115438332A/en
Publication of CN115438332A publication Critical patent/CN115438332A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • G06F21/445Program or device authentication by mutual authentication, e.g. between devices or programs
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the invention discloses a chip identification method, computer equipment and a readable storage medium. The method comprises the following steps: importing firmware into a chip, wherein the firmware checks a label of the chip; and if the signature verification is unsuccessful, terminating the firmware import. According to the chip identification method, the signature and signature verification functions based on the preset algorithm are realized at the chip end and the firmware end, so that the mutual safety between the chip and the firmware can be better guaranteed, and the protection of the internal data of the chip is further improved.

Description

芯片鉴别方法、计算机设备及可读存储介质Chip identification method, computer equipment and readable storage medium

技术领域technical field

本发明涉及芯片技术领域,尤其涉及一种芯片鉴别方法、计算机设备及可读存储介质。The invention relates to the technical field of chips, in particular to a chip identification method, computer equipment and a readable storage medium.

背景技术Background technique

随着互联网和硬件技术的发展,数据安全在人类生活中的作用越来越重要。芯片是一种可信任的平台模块,内部拥有独立的处理器和存储单元,可存储密钥和特征数据,为电脑提供加密和安全认证服务,数据的加解密、密钥的生成等功能均可以通过芯片实现,从而保护商业隐私和数据安全。With the development of the Internet and hardware technology, data security plays an increasingly important role in human life. The chip is a trusted platform module, which has an independent processor and storage unit inside, which can store keys and characteristic data, provide encryption and security authentication services for computers, data encryption and decryption, key generation and other functions can be Realized by chips to protect business privacy and data security.

目前市面上主流的安全方案是通过芯片使用公钥验签由私钥进行签名的固件,当验签不通过时,芯片不开启访问权限,从而实现对数据的保护功能。At present, the mainstream security solution on the market is to use the chip to use the public key to verify the signature and the firmware signed by the private key. When the verification fails, the chip does not open the access right, so as to realize the protection function of the data.

但是现有技术主要存在以下缺点:芯片在对固件进行验签时,所采用的身份鉴别手段是单向的,仅能实现芯片验证固件合法性的功能,而无法确定芯片本身是否合法,这给芯片和固件内部数据的安全性带来了风险。However, the prior art mainly has the following disadvantages: when the chip checks the firmware, the identity authentication method adopted is one-way, which can only realize the function of the chip to verify the legitimacy of the firmware, but cannot determine whether the chip itself is legal, which gives The security of data inside chips and firmware poses risks.

发明内容Contents of the invention

有鉴于此,本发明的目的是为了克服现有技术中的不足,提供一种芯片鉴别方法、计算机设备及可读存储介质,旨在解决当前单向身份鉴别手段仅能实现芯片验证固件的合法性从而给数据的安全性带来风险的问题。In view of this, the purpose of the present invention is to overcome the deficiencies in the prior art and provide a chip identification method, computer equipment and readable storage medium, aiming at solving the problem that the current one-way identity identification method can only realize the legality of the chip verification firmware. Sexuality thus poses a risk to data security.

本发明提供如下技术方案:The present invention provides following technical scheme:

第一方面,本公开实施例中提供了一种芯片鉴别方法,所述方法包括:In a first aspect, an embodiment of the present disclosure provides a chip identification method, the method comprising:

将固件导入芯片,所述固件对所述芯片进行验签;Import firmware into the chip, and the firmware verifies the signature of the chip;

若验签不成功,则终止所述固件导入。If the signature verification is unsuccessful, the firmware import is terminated.

进一步地,所述芯片中存储有所述芯片的签名及对应的公钥。Further, a signature of the chip and a corresponding public key are stored in the chip.

进一步地,所述芯片鉴别方法还包括:Further, the chip identification method also includes:

对所述芯片的唯一标识进行处理,得到所述芯片的明文;Processing the unique identification of the chip to obtain the plaintext of the chip;

通过与所述公钥对应的私钥对所述芯片的明文进行加密,得到所述芯片的签名。The plaintext of the chip is encrypted by the private key corresponding to the public key to obtain the signature of the chip.

进一步地,所述通过与所述公钥对应的私钥对所述芯片的明文进行加密,得到所述芯片的签名之后,还包括:Further, after encrypting the plaintext of the chip with the private key corresponding to the public key and obtaining the signature of the chip, the method further includes:

将所述芯片的签名烧写至所述芯片内部的一次性可编程存储器中。Burning the signature of the chip into the one-time programmable memory inside the chip.

进一步地,所述将固件导入芯片,固件对芯片进行验签,包括:Further, the importing the firmware into the chip, and the firmware checking the chip includes:

将所述固件导入所述芯片;importing said firmware into said chip;

所述固件调用预设算法和所述公钥对所述芯片的签名进行验签。The firmware invokes a preset algorithm and the public key to verify the signature of the chip.

进一步地,所述芯片鉴别方法还包括:Further, the chip identification method also includes:

将所述固件导入所述芯片,所述芯片对所述固件进行验签;importing the firmware into the chip, and the chip verifies the firmware;

若验签不成功,则终止所述固件导入。If the signature verification is unsuccessful, the firmware import is terminated.

进一步地,所述固件中存储有所述固件的签名及对应的公钥。Further, a signature of the firmware and a corresponding public key are stored in the firmware.

进一步地,所述芯片鉴别方法还包括:Further, the chip identification method also includes:

对所述固件中的数据进行处理,得到所述固件的明文;Processing the data in the firmware to obtain the plaintext of the firmware;

通过与所述公钥对应的私钥对所述固件的明文进行加密,得到所述固件的签名。Encrypting the plaintext of the firmware with the private key corresponding to the public key to obtain the signature of the firmware.

第二方面,本公开实施例中提供了一种计算机设备,用以解决当前单向身份鉴别手段仅能实现芯片验证固件的合法性从而给数据的安全性带来风险的问题,所述计算机设备包括存储器和处理器,所述存储器存储有计算机程序,所述处理器执行所述计算机程序时实现第一方面中所述的芯片鉴别方法的步骤。In the second aspect, the embodiment of the present disclosure provides a computer device to solve the problem that the current one-way identity verification method can only realize the legitimacy of the chip to verify the firmware, thus bringing risks to the security of the data. The computer device It includes a memory and a processor, the memory stores a computer program, and the processor implements the steps of the chip identification method described in the first aspect when executing the computer program.

第三方面,本公开实施例中提供了一种计算机可读存储介质,用以解决当前单向身份鉴别手段仅能实现芯片验证固件的合法性从而给数据的安全性带来风险的问题,所述计算机可读存储介质存储有计算机程序,所述计算机程序被处理器执行时实现第一方面中所述的芯片鉴别方法的步骤。In the third aspect, the embodiments of the present disclosure provide a computer-readable storage medium, which is used to solve the problem that the current one-way identity authentication method can only realize the legitimacy of the chip to verify the firmware, thus bringing risks to the security of the data. The computer-readable storage medium stores a computer program, and when the computer program is executed by a processor, the steps of the chip identification method described in the first aspect are implemented.

本申请的实施例具有如下优点:Embodiments of the present application have the following advantages:

本申请实施例提供的芯片鉴别方法,方法包括:将固件导入芯片,所述固件对所述芯片进行验签;若验签不成功,则终止所述固件导入。上述芯片鉴别方法通过在芯片端和固件端都实现基于预设算法的签名和验签功能,弥补了现有技术中,将固件写入芯片时,仅由芯片验证固件的合法性,而没有固件验证芯片合法性的缺陷。在现有技术中,由于固件的合法性主要由固件供应商提供签名保证,所以存在将正确固件供应商的不正确固件导入芯片的可能,将不正确固件导入芯片后可能与芯片中的其他固件产生冲突,导致芯片的鲁棒性下降。而本申请在将固件写入芯片时固件也验证了芯片的合法性,保证了固件被下发到正确的芯片中。使得芯片与固件之间相互的安全可以得到更好的保障,从而进一步提高芯片内部数据的防护。The chip authentication method provided by the embodiment of the present application includes: importing firmware into the chip, and the firmware performs signature verification on the chip; if the signature verification is unsuccessful, the firmware import is terminated. The above-mentioned chip identification method realizes the signature and signature verification functions based on the preset algorithm on both the chip side and the firmware side, making up for the existing technology, when the firmware is written into the chip, only the chip verifies the legitimacy of the firmware, and there is no firmware verification. Flaws in verifying chip legitimacy. In the prior art, since the validity of the firmware is mainly guaranteed by the signature provided by the firmware supplier, there is a possibility that incorrect firmware from the correct firmware supplier may be imported into the chip, and after the incorrect firmware is imported into the chip, it may be compatible with other firmware A conflict occurs, resulting in a decrease in the robustness of the chip. In this application, when the firmware is written into the chip, the firmware also verifies the legitimacy of the chip, ensuring that the firmware is delivered to the correct chip. The mutual security between the chip and the firmware can be better guaranteed, thereby further improving the protection of the data inside the chip.

为使本发明的上述目的、特征和优点能更明显和易懂,下文特举较佳实施例,并配合所附附图,做详细说明如下。In order to make the above objects, features and advantages of the present invention more obvious and comprehensible, preferred embodiments will be described below in detail together with the accompanying drawings.

附图说明Description of drawings

为了更清楚地说明本发明实施例的技术方案,下面将对实施例中所需要使用的附图作简单地介绍,应当理解,以下附图仅示出了本发明的某些实施例,因此不应被看作是对范围的限定,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他相关的附图。在各个附图中,类似的构成部分采用类似的编号。In order to illustrate the technical solutions of the embodiments of the present invention more clearly, the accompanying drawings used in the embodiments will be briefly introduced below. It should be understood that the following drawings only show some embodiments of the present invention, and thus It should be regarded as a limitation on the scope, and those skilled in the art can also obtain other related drawings based on these drawings without creative work. In the respective drawings, similar components are given similar reference numerals.

图1示出了本申请实施例提供的一种芯片鉴别方法的流程图;FIG. 1 shows a flow chart of a chip identification method provided by an embodiment of the present application;

图2示出了本申请实施例提供的一种芯片鉴别装置的结构示意图。FIG. 2 shows a schematic structural diagram of a chip identification device provided by an embodiment of the present application.

具体实施方式detailed description

下面详细描述本发明的实施例,所述实施例的示例在附图中示出,其中自始至终相同或类似的标号表示相同或类似的元件或具有相同或类似功能的元件。下面通过参考附图描述的实施例是示例性的,仅用于解释本发明,而不能理解为对本发明的限制。Embodiments of the present invention are described in detail below, examples of which are shown in the drawings, wherein the same or similar reference numerals designate the same or similar elements or elements having the same or similar functions throughout. The embodiments described below by referring to the figures are exemplary only for explaining the present invention and should not be construed as limiting the present invention.

需要说明的是,当元件被称为“固定于”另一个元件,它可以直接在另一个元件上或者也可以存在居中的元件。当一个元件被认为是“连接”另一个元件,它可以是直接连接到另一个元件或者可能同时存在居中元件。相反,当元件被称作“直接在”另一元件“上”时,不存在中间元件。本文所使用的术语“垂直的”、“水平的”、“左”、“右”以及类似的表述只是为了说明的目的。It should be noted that when an element is referred to as being “fixed” to another element, it can be directly on the other element or there can also be an intervening element. When an element is referred to as being "connected to" another element, it can be directly connected to the other element or intervening elements may also be present. In contrast, when an element is referred to as being "directly on" another element, there are no intervening elements present. The terms "vertical," "horizontal," "left," "right," and similar expressions are used herein for purposes of illustration only.

在本发明中,除非另有明确的规定和限定,术语“安装”、“相连”、“连接”、“固定”等术语应做广义理解,例如,可以是固定连接,也可以是可拆卸连接,或成一体;可以是机械连接,也可以是电连接;可以是直接相连,也可以通过中间媒介间接相连,可以是两个元件内部的连通或两个元件的相互作用关系。对于本领域的普通技术人员而言,可以根据具体情况理解上述术语在本发明中的具体含义。In the present invention, unless otherwise clearly specified and limited, terms such as "installation", "connection", "connection" and "fixation" should be understood in a broad sense, for example, it can be a fixed connection or a detachable connection , or integrated; it can be mechanically connected or electrically connected; it can be directly connected or indirectly connected through an intermediary, and it can be the internal communication of two components or the interaction relationship between two components. Those of ordinary skill in the art can understand the specific meanings of the above terms in the present invention according to specific situations.

此外,术语“第一”、“第二”仅用于描述目的,而不能理解为指示或暗示相对重要性或者隐含指明所指示的技术特征的数量。由此,限定有“第一”、“第二”的特征可以明示或者隐含地包括一个或者更多个该特征。在本发明的描述中,“多个”的含义是两个或两个以上,除非另有明确具体的限定。In addition, the terms "first" and "second" are used for descriptive purposes only, and cannot be interpreted as indicating or implying relative importance or implicitly specifying the quantity of indicated technical features. Thus, a feature defined as "first" and "second" may explicitly or implicitly include one or more of these features. In the description of the present invention, "plurality" means two or more, unless otherwise specifically defined.

除非另有定义,本文所使用的所有的技术和科学术语与属于本申请的技术领域的技术人员通常理解的含义相同。本文中在模板的说明书中所使用的术语只是为了描述具体的实施例的目的,不是旨在限制本发明。本文所使用的术语“及/或”包括一个或多个相关的所列项目的任意的和所有的组合。Unless otherwise defined, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the technical field to which this application belongs. The terminology used herein in the description of the template is only for the purpose of describing specific embodiments, and is not intended to limit the present invention. As used herein, the term "and/or" includes any and all combinations of one or more of the associated listed items.

实施例1Example 1

如图1所示,为本申请实施例中的一种芯片鉴别方法的流程图,本申请实施例提供的芯片鉴别方法包括以下步骤:As shown in Figure 1, it is a flowchart of a chip identification method in the embodiment of the present application. The chip identification method provided in the embodiment of the application includes the following steps:

步骤110,将固件导入芯片,所述固件对所述芯片进行验签。Step 110, import the firmware into the chip, and the firmware performs signature verification on the chip.

具体地,本申请提供的芯片鉴别方法的目的是实现芯片和固件的双向鉴别,因此需要先将固件导入至芯片内部,所述固件会通过前端对应的接口下载到芯片内部的前端存储器中。Specifically, the purpose of the chip identification method provided by the present application is to realize the two-way identification of the chip and firmware, so the firmware needs to be imported into the chip first, and the firmware will be downloaded to the front-end memory inside the chip through the corresponding front-end interface.

可以理解的是,在本实施例中,芯片中存储有芯片的签名及对应的公钥。具体地,每一款芯片都具有唯一标识,另外对于不同的芯片有着对应的固定常数,对芯片的唯一标识进行处理,即将芯片的唯一标识与固定常数进行拼接,再利用预设算法对拼接后的数据进行杂凑,将杂凑后得到的结果作为芯片的明文。再通过与所述公钥对应的私钥对所述芯片的明文进行加密,得到所述芯片的签名。在得到所述芯片的签名之后,将所述芯片的签名烧写至所述芯片内部的一次性可编程存储器中。可以理解的是,对于同一款芯片,签名和明文是一致的。It can be understood that, in this embodiment, the signature of the chip and the corresponding public key are stored in the chip. Specifically, each chip has a unique identifier, and there are corresponding fixed constants for different chips. The unique identifier of the chip is processed, that is, the unique identifier of the chip and the fixed constant are spliced, and then the spliced The data is hashed, and the hashed result is used as the plaintext of the chip. Then encrypt the plaintext of the chip with the private key corresponding to the public key to obtain the signature of the chip. After obtaining the signature of the chip, burn the signature of the chip into the one-time programmable memory inside the chip. It is understandable that for the same chip, the signature and plaintext are consistent.

进一步地,将固件导入至芯片内部后,首先固件验证芯片的合法性。所述固件调用预设算法和公钥对所述芯片的签名进行验签,将验签得到的结果与所述芯片的明文进行对比,对比的结果一致则代表验签通过。验签通过则代表芯片是合法的,固件下发到了正确的芯片中。进而使得芯片与固件之间相互的安全可以得到更好的保障,进一步提高芯片内部数据的防护。Further, after the firmware is imported into the chip, the firmware first verifies the legitimacy of the chip. The firmware calls the preset algorithm and the public key to verify the signature of the chip, and compares the result of the signature verification with the plaintext of the chip, and if the comparison results are consistent, it means that the signature verification is passed. Passing the signature verification means that the chip is legal and the firmware has been delivered to the correct chip. In turn, the mutual security between the chip and the firmware can be better guaranteed, and the protection of data inside the chip can be further improved.

步骤120,若验签不成功,则终止所述固件导入。Step 120, if the signature verification is not successful, then terminate the firmware import.

将固件导入至芯片内部后,首先固件验证芯片的合法性。所述固件调用预设算法和公钥对所述芯片的签名进行验签,将验签得到的结果与所述芯片的明文进行对比,若对比的结果不一致,则代表验签不成功,则终止所述固件的导入。After the firmware is imported into the chip, the firmware first verifies the legitimacy of the chip. The firmware calls the preset algorithm and the public key to verify the signature of the chip, and compares the result obtained by the verification with the plaintext of the chip. If the comparison results are inconsistent, it means that the signature verification is unsuccessful, and the process is terminated. The import of the firmware.

可以理解的是,先执行固件验证芯片的合法性,可以保证固件下发到正确的芯片中,当固件下发到错误的芯片中时,则会终止下发固件并丢弃固件,可有效避免固件下发到错误的芯片中,从而使得芯片的鲁棒性得到提高,进一步提高芯片内部数据的防护。It is understandable that the firmware is first executed to verify the legitimacy of the chip, which can ensure that the firmware is delivered to the correct chip. When the firmware is delivered to the wrong chip, the firmware will be terminated and discarded, which can effectively avoid firmware failure. Send it to the wrong chip, so that the robustness of the chip is improved, and the protection of the data inside the chip is further improved.

在一种可选的实施方式中,所述芯片鉴别方法还包括:In an optional implementation manner, the chip identification method further includes:

步骤130,将所述固件导入所述芯片,所述芯片对所述固件进行验签。Step 130, import the firmware into the chip, and the chip verifies the signature of the firmware.

具体地,当芯片的合法性验证通过后,再进行固件下发的合法性验证。可以理解的是,在本实施例中,所述固件中存储有所述固件的签名及对应的公钥。具体地,对所述固件中的数据进行处理,即调用预设算法对固件中的所有数据进行处理,处理后得到一段长度固定的摘要信息,将所述摘要信息作为所述固件的明文。再通过与所述公钥对应的私钥对所述固件的明文进行加密,得到固件的签名。可以理解的是,对于同一款固件,签名和明文是一致的。Specifically, after the verification of the legitimacy of the chip is passed, the verification of the legitimacy of the firmware delivery is performed. It can be understood that, in this embodiment, a signature of the firmware and a corresponding public key are stored in the firmware. Specifically, the data in the firmware is processed, that is, a preset algorithm is called to process all the data in the firmware, and after processing, a piece of summary information with a fixed length is obtained, and the summary information is used as the plaintext of the firmware. Then encrypt the plaintext of the firmware with the private key corresponding to the public key to obtain the signature of the firmware. It is understandable that for the same firmware, the signature and plaintext are consistent.

进一步地,芯片对固件进行验签,芯片调用预设算法和公钥对固件的签名进行验签,将验签得到的结果与固件的明文进行对比,对比的结果一致则代表验签通过。验签通过则代表固件是合法的,下发到芯片中的固件是安全的、正确的。Further, the chip verifies the signature of the firmware, and the chip calls the preset algorithm and public key to verify the signature of the firmware, and compares the result of the signature verification with the plaintext of the firmware, and if the comparison results are consistent, it means that the signature verification is passed. Passing the signature verification means that the firmware is legal, and the firmware delivered to the chip is safe and correct.

进一步地,若验签通过后,调用预设算法和密钥对固件进行加密,并将加密后的固件存储至芯片内部的前端存储器中,并下刷至芯片内部的后端存储器中。Further, if the signature verification is passed, the preset algorithm and key are called to encrypt the firmware, and the encrypted firmware is stored in the front-end memory inside the chip, and then flashed to the back-end memory inside the chip.

可以理解的是,当芯片与固件的芯片鉴别均通过验证时,才会将固件存储至芯片内部,使得芯片与固件之间相互的安全可以得到更好的保障,进一步提高芯片内部数据的防护。It is understandable that the firmware will be stored inside the chip only when the chip identification of the chip and the firmware pass the verification, so that the mutual security between the chip and the firmware can be better guaranteed, and the protection of the internal data of the chip can be further improved.

步骤140,若验签不成功,则终止所述固件导入。Step 140, if the signature verification is not successful, then terminate the firmware import.

将固件导入至芯片内部后,芯片对固件进行验签,芯片调用预设算法和公钥对固件的签名进行验签,将验签得到的结果与固件的明文进行对比,若对比的结果不一致,则代表验签不成功,则终止所述固件的导入。After the firmware is imported into the chip, the chip verifies the signature of the firmware, and the chip calls the preset algorithm and public key to verify the signature of the firmware, and compares the result of the signature verification with the plaintext of the firmware. If the comparison results are inconsistent, It means that the signature verification is unsuccessful, and the import of the firmware is terminated.

可以理解的是,通过验证芯片的合法性和固件下发的合法性,当验签不通过时,则会终止下发固件并丢弃固件,可有效避免固件下发到不正确的芯片中,也可有效避免不正确的固件存储至芯片内部,使得芯片与固件之间相互的安全可以得到更好的保障,进一步提高芯片内部数据的防护。It is understandable that by verifying the legitimacy of the chip and the legitimacy of the firmware delivery, when the verification fails, the firmware delivery will be terminated and the firmware will be discarded, which can effectively prevent the firmware from being delivered to the incorrect chip, and also It can effectively prevent incorrect firmware from being stored inside the chip, so that the mutual security between the chip and the firmware can be better guaranteed, and further improve the protection of the data inside the chip.

进一步地,本申请实施例中所采用的预设算法可以采用,SM2、SM3、SM4或哈希算法,具体采用的算法可根据实际情况而设定,本申请实施例对此不做限定。Further, the preset algorithm used in the embodiment of the present application can be SM2, SM3, SM4 or hash algorithm, and the specific algorithm used can be set according to the actual situation, which is not limited in the embodiment of the present application.

本申请实施例提供的芯片鉴别方法,通过将固件导入芯片,所述固件对所述芯片进行验签;若验签不成功,则终止所述固件导入。上述芯片鉴别方法通过在芯片端和固件端都实现基于预设算法的签名和验签功能,使得芯片与固件之间相互的安全可以得到更好的保障,从而进一步提高芯片内部数据的防护。In the chip identification method provided by the embodiment of the present application, by importing firmware into the chip, the firmware performs signature verification on the chip; if the signature verification is unsuccessful, the firmware import is terminated. The above-mentioned chip authentication method realizes signature and verification functions based on preset algorithms on both the chip side and the firmware side, so that the mutual security between the chip and the firmware can be better guaranteed, thereby further improving the protection of the internal data of the chip.

实施例2Example 2

如图2所示,为本申请实施例中的一种芯片鉴别装置200的结构示意图,其装置包括:As shown in Figure 2, it is a schematic structural diagram of a chip identification device 200 in the embodiment of the present application, and the device includes:

第一验签模块210,用于将固件导入芯片,所述固件对所述芯片进行验签;The first signature verification module 210 is configured to import firmware into the chip, and the firmware performs signature verification on the chip;

第一终止模块220,用于若验签不成功,则终止所述固件导入。The first termination module 220 is configured to terminate the firmware import if the signature verification is unsuccessful.

可选地,上述芯片鉴别装置还包括:Optionally, the above chip identification device also includes:

第一明文获得模块,用于对所述芯片的唯一标识进行处理,得到所述芯片的明文;The first plaintext obtaining module is configured to process the unique identification of the chip to obtain the plaintext of the chip;

第一签名获得模块,用于通过与所述公钥对应的私钥对所述芯片的明文进行加密,得到所述芯片的签名。The first signature obtaining module is configured to encrypt the plaintext of the chip with the private key corresponding to the public key to obtain the signature of the chip.

可选地,上述芯片鉴别装置还包括:Optionally, the above chip identification device also includes:

存储模块,用于将所述芯片的签名烧写至所述芯片内部的一次性可编程存储器中。The storage module is used for burning the signature of the chip into the one-time programmable memory inside the chip.

可选地,上述芯片鉴别装置还包括:Optionally, the above chip identification device also includes:

导入模块,用于将所述固件导入所述芯片;an import module, configured to import the firmware into the chip;

第一验签子模块,用于所述固件调用预设算法和所述公钥对所述芯片的签名进行验签。The first signature verification sub-module is used for the firmware to call a preset algorithm and the public key to verify the signature of the chip.

可选地,上述芯片鉴别装置还包括:Optionally, the above chip identification device also includes:

第二验签模块,用于将所述固件导入所述芯片,所述芯片对所述固件进行验签;The second signature verification module is used to import the firmware into the chip, and the chip performs signature verification on the firmware;

第二终止模块,用于若验签不成功,则终止所述固件导入。The second termination module is configured to terminate the firmware import if the signature verification is unsuccessful.

可选地,上述芯片鉴别装置还包括:Optionally, the above chip identification device also includes:

第二明文获得模块,用于对所述固件中的数据进行处理,得到所述固件的明文;The second plaintext obtaining module is configured to process the data in the firmware to obtain the plaintext of the firmware;

第二签名获得模块,用于通过与所述公钥对应的私钥对所述固件的明文进行加密,得到所述固件的签名。The second signature obtaining module is configured to encrypt the plaintext of the firmware with the private key corresponding to the public key to obtain the signature of the firmware.

本申请实施例提供的芯片鉴别装置,通过在芯片端和固件端都实现基于预设算法的签名和验签功能,使得芯片与固件之间相互的安全可以得到更好的保障,从而进一步提高芯片内部数据的防护。The chip authentication device provided by the embodiment of the present application realizes the signature and verification functions based on the preset algorithm on both the chip side and the firmware side, so that the mutual security between the chip and the firmware can be better guaranteed, thereby further improving the security of the chip. Protection of internal data.

在本申请所提供的几个实施例中,应该理解到,所揭露的装置和方法,也可以通过其它的方式实现。以上所描述的装置实施例仅仅是示意性的,例如,附图中的流程图和结构图显示了根据本发明的多个实施例的装置、方法和计算机程序产品的可能实现的体系架构、功能和操作。在这点上,流程图或框图中的每个方框可以代表一个模块、程序段或代码的一部分,所述模块、程序段或代码的一部分包含一个或多个用于实现规定的逻辑功能的可执行指令。也应当注意,在作为替换的实现方式中,方框中所标注的功能也可以以不同于附图中所标注的顺序发生。例如,两个连续的方框实际上可以基本并行地执行,它们有时也可以按相反的顺序执行,这依所涉及的功能而定。也要注意的是,结构图和/或流程图中的每个方框、以及结构图和/或流程图中的方框的组合,可以用执行规定的功能或动作的专用的基于硬件的系统来实现,或者可以用专用硬件与计算机指令的组合来实现。In the several embodiments provided in this application, it should be understood that the disclosed devices and methods may also be implemented in other ways. The device embodiments described above are only illustrative. For example, the flowcharts and structural diagrams in the accompanying drawings show the possible implementation architecture and functions of devices, methods and computer program products according to multiple embodiments of the present invention. and operation. In this regard, each block in a flowchart or block diagram may represent a module, program segment, or part of code that includes one or more Executable instructions. It should also be noted that, in alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks in succession may, in fact, be executed substantially concurrently, or they may sometimes be executed in the reverse order, depending upon the functionality involved. It is also to be noted that each block of the block diagrams and/or flow diagrams, and combinations of blocks in the block diagrams and/or flow diagrams, can be implemented by a dedicated hardware-based system that performs the specified function or action may be implemented, or may be implemented by a combination of special purpose hardware and computer instructions.

另外,在本发明各个实施例中的各功能模块或单元可以集成在一起形成一个独立的部分,也可以是各个模块单独存在,也可以两个或更多个模块集成形成一个独立的部分。In addition, each functional module or unit in each embodiment of the present invention can be integrated together to form an independent part, or each module can exist independently, or two or more modules can be integrated to form an independent part.

所述功能如果以软件功能模块的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是智能手机、个人计算机、服务器、或者网络设备等)执行本发明各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等各种可以存储程序代码的介质。If the functions are realized in the form of software function modules and sold or used as independent products, they can be stored in a computer-readable storage medium. Based on this understanding, the essence of the technical solution of the present invention or the part that contributes to the prior art or the part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium, including Several instructions are used to make a computer device (which may be a smart phone, a personal computer, a server, or a network device, etc.) execute all or part of the steps of the method described in each embodiment of the present invention. The aforementioned storage medium includes: U disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disk or optical disk and other media that can store program codes. .

以上所述,仅为本发明的具体实施方式,但本发明的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本发明揭露的技术范围内,可轻易想到变化或替换,都应涵盖在本发明的保护范围之内。The above is only a specific embodiment of the present invention, but the scope of protection of the present invention is not limited thereto. Anyone skilled in the art can easily think of changes or substitutions within the technical scope disclosed in the present invention. Should be covered within the protection scope of the present invention.

Claims (10)

1.一种芯片鉴别方法,其特征在于,所述方法包括:1. A chip identification method, characterized in that the method comprises: 将固件导入芯片,所述固件对所述芯片进行验签;Import firmware into the chip, and the firmware verifies the signature of the chip; 若验签不成功,则终止所述固件导入。If the signature verification is unsuccessful, the firmware import is terminated. 2.根据权利要求1所述的芯片鉴别方法,其特征在于,所述芯片中存储有所述芯片的签名及对应的公钥。2 . The chip authentication method according to claim 1 , wherein the chip stores a signature of the chip and a corresponding public key. 3 . 3.根据权利要求2所述的芯片鉴别方法,其特征在于,所述方法还包括:3. The chip identification method according to claim 2, wherein the method further comprises: 对所述芯片的唯一标识进行处理,得到所述芯片的明文;Processing the unique identification of the chip to obtain the plaintext of the chip; 通过与所述公钥对应的私钥对所述芯片的明文进行加密,得到所述芯片的签名。The plaintext of the chip is encrypted by the private key corresponding to the public key to obtain the signature of the chip. 4.根据权利要求3所述的芯片鉴别方法,其特征在于,所述通过与所述公钥对应的私钥对所述芯片的明文进行加密,得到所述芯片的签名之后,还包括:4. The chip authentication method according to claim 3, wherein the plaintext of the chip is encrypted by the private key corresponding to the public key, and after obtaining the signature of the chip, further comprising: 将所述芯片的签名烧写至所述芯片内部的一次性可编程存储器中。Burning the signature of the chip into the one-time programmable memory inside the chip. 5.根据权利要求2所述的芯片鉴别方法,其特征在于,所述将固件导入芯片,固件对芯片进行验签,包括:5. The chip identification method according to claim 2, characterized in that, said importing the firmware into the chip, and the firmware checking the chip includes: 将所述固件导入所述芯片;importing said firmware into said chip; 所述固件调用预设算法和所述公钥对所述芯片的签名进行验签。The firmware invokes a preset algorithm and the public key to verify the signature of the chip. 6.根据权利要求1所述的芯片鉴别方法,其特征在于,所述方法还包括:6. The chip identification method according to claim 1, wherein the method further comprises: 将所述固件导入所述芯片,所述芯片对所述固件进行验签;importing the firmware into the chip, and the chip verifies the firmware; 若验签不成功,则终止所述固件导入。If the signature verification is unsuccessful, the firmware import is terminated. 7.根据权利要求6所述的芯片鉴别方法,其特征在于,所述固件中存储有所述固件的签名及对应的公钥。7. The chip authentication method according to claim 6, wherein a signature of the firmware and a corresponding public key are stored in the firmware. 8.根据权利要求7所述的芯片鉴别方法,其特征在于,所述方法还包括:8. The chip identification method according to claim 7, wherein the method further comprises: 对所述固件中的数据进行处理,得到所述固件的明文;Processing the data in the firmware to obtain the plaintext of the firmware; 通过与所述公钥对应的私钥对所述固件的明文进行加密,得到所述固件的签名。Encrypting the plaintext of the firmware with the private key corresponding to the public key to obtain the signature of the firmware. 9.一种计算机设备,其特征在于,包括存储器和处理器,所述存储器存储有计算机程序,所述处理器执行所述计算机程序时实现权利要求1-8中任一项所述的芯片鉴别方法的步骤。9. A computer device, characterized in that it comprises a memory and a processor, the memory stores a computer program, and the processor implements the chip identification according to any one of claims 1-8 when executing the computer program method steps. 10.一种计算机可读存储介质,其特征在于,所述计算机可读存储介质存储有计算机程序,所述计算机程序被处理器执行时实现权利要求1-8中任一项所述的芯片鉴别方法的步骤。10. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program, and when the computer program is executed by a processor, the chip identification according to any one of claims 1-8 is realized method steps.
CN202211085789.6A 2022-09-06 2022-09-06 Chip identification method, computer equipment and readable storage medium Pending CN115438332A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211085789.6A CN115438332A (en) 2022-09-06 2022-09-06 Chip identification method, computer equipment and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211085789.6A CN115438332A (en) 2022-09-06 2022-09-06 Chip identification method, computer equipment and readable storage medium

Publications (1)

Publication Number Publication Date
CN115438332A true CN115438332A (en) 2022-12-06

Family

ID=84247654

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211085789.6A Pending CN115438332A (en) 2022-09-06 2022-09-06 Chip identification method, computer equipment and readable storage medium

Country Status (1)

Country Link
CN (1) CN115438332A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106056192A (en) * 2016-06-03 2016-10-26 深圳华视微电子有限公司 Verification method and system for smart card with anti-copy and verifiable function
CN107392805A (en) * 2017-07-03 2017-11-24 南方城墙信息安全科技有限公司 Electronics diploma read-write control system and method
CN110719166A (en) * 2019-10-15 2020-01-21 深圳市元征科技股份有限公司 Chip burning method, chip burning device, chip burning system and storage medium
CN111475815A (en) * 2020-04-08 2020-07-31 上海汉枫电子科技有限公司 Code protection method for chip
CN114296873A (en) * 2021-12-24 2022-04-08 海光信息技术股份有限公司 Virtual machine image protection method, related device, chip and electronic equipment

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106056192A (en) * 2016-06-03 2016-10-26 深圳华视微电子有限公司 Verification method and system for smart card with anti-copy and verifiable function
CN107392805A (en) * 2017-07-03 2017-11-24 南方城墙信息安全科技有限公司 Electronics diploma read-write control system and method
CN110719166A (en) * 2019-10-15 2020-01-21 深圳市元征科技股份有限公司 Chip burning method, chip burning device, chip burning system and storage medium
CN111475815A (en) * 2020-04-08 2020-07-31 上海汉枫电子科技有限公司 Code protection method for chip
CN114296873A (en) * 2021-12-24 2022-04-08 海光信息技术股份有限公司 Virtual machine image protection method, related device, chip and electronic equipment

Similar Documents

Publication Publication Date Title
CN110798315B (en) Data processing method and device based on block chain and terminal
CN110299996B (en) Authentication method, equipment and system
US9602497B2 (en) Trusted and unsupervised digital certificate generation using a security token
CN107483419B (en) Method, device and system for authenticating access terminal by server, server and computer readable storage medium
CN107196922B (en) Identity authentication method, user equipment and server
CN112862481B (en) Block chain digital asset key management method and system based on SIM card
WO2018050081A1 (en) Device identity authentication method and apparatus, electric device, and storage medium
CN109831311B (en) Server verification method, system, user terminal and readable storage medium
CN104753674B (en) A kind of verification method and equipment of application identity
US8397281B2 (en) Service assisted secret provisioning
CN106230813B (en) Method for authenticating, authentication device and terminal
CN103546289A (en) USB (universal serial bus) Key based secure data transmission method and system
CN101841525A (en) Secure access method, system and client
WO2015161689A1 (en) Data processing method based on negotiation key
US10439809B2 (en) Method and apparatus for managing application identifier
CN109361681B (en) Method, device and equipment for authenticating national secret certificate
CN109495268A (en) A kind of two dimension code authentication method, device and computer readable storage medium
WO2024212512A1 (en) Remote attestation method, apparatus and device, and readable storage medium
WO2023124958A1 (en) Key update method, server, client and storage medium
WO2015135398A1 (en) Negotiation key based data processing method
CN118540150A (en) Front-end and back-end data security interaction method, system, equipment and medium based on cryptographic algorithm
CN105491015A (en) Data communication and storage method
CN111970122B (en) Official APP identification method, mobile terminal and application server
CN105554759A (en) Authentication method and authentication system
CN112887983B (en) Device identity authentication methods, devices, equipment and media

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Country or region after: China

Address after: 410100 Hunan Province, Changsha City, East Fourth Road South Section, No. 128, Guoke Integrated Circuit Industrial Park, Building 9, 1701

Applicant after: Xinsheng Intelligent Technology (Hunan) Co.,Ltd.

Address before: Room 528, No. 18 Xinya Road, Wujin National High tech Industrial Development Zone, Changzhou City, Jiangsu Province

Applicant before: Jiangsu Xinsheng Intelligent Technology Co.,Ltd.

Country or region before: China

点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载