CN109284638B - Protection method and system for operating environment of security chip - Google Patents
Protection method and system for operating environment of security chip Download PDFInfo
- Publication number
- CN109284638B CN109284638B CN201811058445.XA CN201811058445A CN109284638B CN 109284638 B CN109284638 B CN 109284638B CN 201811058445 A CN201811058445 A CN 201811058445A CN 109284638 B CN109284638 B CN 109284638B
- Authority
- CN
- China
- Prior art keywords
- main controller
- fpga
- chip
- security
- fpga main
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/72—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
Landscapes
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Mathematical Physics (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a method and a system for protecting a safety chip operating environment, wherein the method comprises the following steps: the main processor calls and transmits data needing encryption and decryption and programs of encryption and decryption operations to the FPGA main controller through system communication; the FPGA main controller decomposes the program call into a series of subprocesses, and generates a corresponding command call sequence and a data packet for the operation related to the safety chip part; the FPGA main controller sends corresponding command calls and related data to the security chip, and the security chip feeds back the operation result to the FPGA main controller; the FPGA main controller completes program calling of the corresponding subprocess, collects the operation result from the security chip, and sends the final operation result to the main processor. According to the invention, the FPGA main controller sends the command call to the security chip, collects the operation result from the security chip, and sends the final operation result to the main processor, so that the security protection capability aiming at the security chip is greatly improved.
Description
Technical Field
The invention relates to the technical field of security chips, in particular to a method and a system for protecting a security chip operating environment.
Background
A security chip refers to an integrated circuit chip that implements one or more cryptographic algorithms, directly or indirectly using cryptographic techniques to protect keys and sensitive information. As the safety guarantee of the bottommost layer of the intelligent terminal, the application of the safety chip can effectively prevent hacker attack and cracking, improve the safety of the intelligent terminal and protect the personal information and application data safety of a user. At present, security chips are increasingly applied to intelligent terminals to provide reliable guarantee for financial payment and online identity authentication.
The security chip is a trusted platform module, is a device capable of independently generating and encrypting and decrypting a key, is internally provided with an independent processor and a storage unit, can store the key and characteristic data, provides encryption and security authentication services for a computer, is encrypted by the security chip, is stored in hardware, and cannot decrypt stolen data, so that the business privacy and the data security are protected.
In a conventional usage scenario of a security chip, as shown in fig. 1, the security chip is used as an external slave device of a system main processor, the main processor sends a command call to the security chip, the security chip obtains and interprets a related command, then executes corresponding encryption and decryption operations and security processing, and finally feeds back an operation result to the main processor.
The prior art structure of fig. 1 has the following problems:
for Relay Attack of the security chip, because an operating system and an application program on the main processor are possibly invaded by malicious software, command call received by the security chip is possibly an illegal command sent by the malicious software, after the security chip returns an encryption and decryption operation result to the main processor, the malicious software can use the result to perform further illegal operations such as impersonation authentication, malicious payment and the like, and the situation is a Relay Attack (Relay Attack) mode aiming at the traditional security chip.
The hardware defect of the main processor causes the deterioration of the safety protection environment of the safety chip. Due to the defects of the initial design of the main processor, such as the design methods of sharing operation components, sharing Cache, predicting branches and the like are greatly adopted in the micro-architecture design for the maximum requirement of high performance of an Intel chip and an ARM chip, so that a large number of information leakage side channels exist in the CPU and the whole processor system, the information leakage side channels are called 'cancers' in modern advanced processors and are extremely vulnerable to 'ghost' and 'fusing' type malicious software.
Security vulnerabilities of the operating system and applications running on the main processor cause the security protection environment of the security chip to deteriorate. Due to the huge code scale of the operating system, even though software maintenance personnel make great efforts, the upgrading of the operating system and the release of the patch become normal, malicious software can always work in falsely and acquire the system authority. The vulnerability and attack of system applications is also similar to operating systems.
The low hardware and software processing capability of the security chip leads to the failure to improve the security protection capability of the security chip. For a security chip, in order to cope with physical attacks such as a grinding plate and the like, semi-invasive attacks of laser and electromagnetic signal injection, non-invasive attacks such as differential current analysis and the like, a large number of protection designs are added on a CPU core, an encryption and decryption circuit, a storage module and a bus in the security chip, so that the system main frequency and the processing capacity of the security chip are all below a medium level, only a simple operating system and an application program can be operated, and the processing capacity and the protection capacity of software are weak.
That is to say, the running environment of the security chip in the prior art has the problem of insufficient security protection capability.
Accordingly, the prior art is yet to be improved and developed.
Disclosure of Invention
The invention aims to solve the technical problem that the safety protection method and the system for the running environment of the safety chip are provided aiming at the defects of the prior art, and aims to greatly improve the safety protection capability aiming at the safety chip by adding an FPGA main controller between a main processor and the safety chip, sending command calling to the safety chip through the FPGA main controller, collecting the operation result from the safety chip and sending the final operation result to the main processor.
The technical scheme adopted by the invention for solving the technical problem is as follows:
a protection method for a secure chip operating environment comprises the following steps:
the main processor calls and transmits data needing encryption and decryption and programs of encryption and decryption operations to the FPGA main controller through system communication;
the FPGA main controller decomposes the program call into a series of subprocesses, and generates a corresponding command call sequence and a data packet for the operation related to the safety chip part;
the FPGA main controller sends corresponding command calls and related data to the security chip, and the security chip feeds back the operation result to the FPGA main controller;
the FPGA main controller completes program calling of the corresponding subprocess, collects the operation result from the security chip, and sends the final operation result to the main processor.
The method for protecting the running environment of the security chip comprises the following steps that before the main processor transfers data needing encryption and decryption and program calls of the encryption and decryption operations to the FPGA main controller through system communication, the method further comprises the following steps:
an FPGA main controller for data processing is arranged between the main processor and the safety chip in advance.
The method for protecting the running environment of the security chip comprises the following steps that the main processor calls and transmits data needing encryption and decryption and programs of encryption and decryption operations to the FPGA main controller through system communication, and specifically comprises the following steps:
the main processor transmits data needing encryption and decryption to the FPGA main controller through system communication, and the FPGA main controller receives and caches related data;
and the main processor sends program call of encryption and decryption operation to the FPGA main controller.
The method for protecting the operating environment of the security chip includes that the FPGA main controller sends corresponding command calls and related data to the security chip, and the security chip feeds back the operation result to the FPGA main controller specifically includes:
the FPGA main controller sends corresponding command calling and related data to the security chip, and the security chip acquires and interprets the related commands;
the security chip executes corresponding encryption and decryption operation and security processing, and feeds back an operation result to the FPGA main controller.
According to the protection method for the running environment of the security chip, when an application program with a high security level of the security chip needs to be called, the application program is executed through the FPGA main controller.
According to the protection method for the running environment of the security chip, the configuration code file of the FPGA chip is encrypted and protected, and meanwhile, a scan chain in the FPGA chip is forbidden.
According to the protection method for the running environment of the security chip, the FPGA main controller and the main processor form a peer-to-peer distributed parallel processing relationship through system communication and program calling.
According to the method for protecting the running environment of the safety chip, the FPGA main controller adopts a soft core mode to realize the CPU core, the CPU core adopts a dual-core spiral structure design, in the dual-core spiral structure, two CPU cores with completely same logic functions execute the same instruction, and the execution result of the instruction is compared with the CPU state.
According to the protection method for the running environment of the safety chip, the FPGA main controller adopts a soft core mode to realize the CPU core, the CPU core adopts a three-core redundancy structure design, in the three-core redundancy structure, the three CPU cores with completely same logic functions execute the same instruction, and the execution result of the instruction is compared with the CPU state.
A protection system of a secure chip operating environment, wherein the protection system of the secure chip operating environment comprises:
the main processor is used for calling and transmitting data needing encryption and decryption and programs of encryption and decryption operations to the FPGA main controller through system communication;
the FPGA main controller is used for decomposing the program calling into a series of subprocesses, generating a corresponding command calling sequence and a data packet for the operation related to the safety chip part, sending the corresponding command calling and related data to the safety chip, and sending an operation result fed back by the safety chip to the main processor;
and the safety chip is used for acquiring and explaining related commands, executing corresponding encryption and decryption operation and safety processing, and feeding back an operation result to the FPGA main controller.
The invention discloses a method and a system for protecting a safety chip operating environment, wherein the method comprises the following steps: the main processor calls and transmits data needing encryption and decryption and programs of encryption and decryption operations to the FPGA main controller through system communication; the FPGA main controller decomposes the program call into a series of subprocesses, and generates a corresponding command call sequence and a data packet for the operation related to the safety chip part; the FPGA main controller sends corresponding command calls and related data to the security chip, and the security chip feeds back the operation result to the FPGA main controller; the FPGA main controller completes program calling of the corresponding subprocess, collects the operation result from the security chip, and sends the final operation result to the main processor. According to the invention, the FPGA main controller is additionally arranged between the main processor and the safety chip, the FPGA main controller is used for sending a command to the safety chip to call, and the operation result from the safety chip is collected and sent to the main processor, so that the safety protection capability aiming at the safety chip is greatly improved.
Drawings
FIG. 1 is a schematic diagram of a usage scenario of a conventional security chip;
FIG. 2 is a flow chart of a preferred embodiment of the protection method for the operating environment of the security chip of the present invention;
FIG. 3 is a flowchart of step S10 in the method for protecting the operating environment of the security chip according to the present invention;
FIG. 4 is a flowchart of step S30 in the method for protecting the operating environment of the security chip according to the present invention;
FIG. 5 is a schematic diagram of the protection system of the security chip operating environment according to the preferred embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer and clearer, the present invention is further described in detail below with reference to the accompanying drawings and examples. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
As shown in fig. 2, the method for protecting an operating environment of a security chip according to a preferred embodiment of the present invention includes the following steps:
and step S10, the main processor transfers the data to be encrypted and decrypted and the program call of the encryption and decryption operation to the FPGA main controller through system communication.
Specifically, an FPGA master controller for performing data processing is arranged between the main processor and the security chip in advance. The FPGA main controller is used as an independent processor, and the FPGA main controller and the main processor form a peer-to-peer distributed parallel processing relation through system communication and program calling without a main-slave division. The security chip is used as a slave device of the FPGA main controller, the FPGA main controller sends a command call to the security chip, the security chip acquires and interprets a related command, then executes corresponding encryption and decryption operation and security processing, and finally feeds back an operation result to the FPGA main controller.
Please refer to fig. 3, which is a flowchart of step S10 in the network handover control method according to the present invention.
As shown in fig. 3, the step S10 includes:
s11, the main processor transmits data to be encrypted and decrypted to the FPGA main controller through system communication, and the FPGA main controller receives and caches the related data;
and S12, the main processor sends program call of encryption and decryption operation to the FPGA main controller.
And step S20, the FPGA main controller decomposes the program call into a series of subprocesses, and generates a corresponding command call sequence and a data packet for the operation related to the safety chip part.
Specifically, the FPGA master parses and decomposes a program call from the main processor into a series of subprocesses, and for operations involving the secure chip portion, the FPGA master generates a corresponding command call sequence and data packets.
And step S30, the FPGA main controller sends corresponding command call and related data to the security chip, and the security chip feeds back the operation result to the FPGA main controller.
Please refer to fig. 4, which is a flowchart of step S30 in the network handover control method according to the present invention.
As shown in fig. 4, the step S30 includes:
s31, the FPGA main controller sends corresponding command call and related data to the security chip, and the security chip acquires and interprets the related command;
and S32, the security chip executes corresponding encryption and decryption operation and security processing, and feeds back the operation result to the FPGA main controller.
And step S40, the FPGA main controller completes the program call of the corresponding subprocess, collects the operation result from the security chip and sends the final operation result to the main processor.
Furthermore, when an application program with a high security level of the security chip needs to be called, the application program is executed by the FPGA main controller, and the influence caused by security holes on the main processor is avoided. For example, due to the shortcomings of the modern advanced CPU chips of Intel and ARM in microarchitectural design, the information-leaking side channel is a "cancer" that these chips cannot eliminate, and due to the large-scale application of these CPU main processors, it is impossible to completely replace these chips in a short time. The application with low safety protection requirements is continuously kept on the original main processor to be executed, and the high safety application is transferred to the FPGA main controller to be executed, so that the negative influence on safety protection caused by the existence of safety holes on the main processor can be effectively relieved.
Furthermore, the FPGA main controller can adopt a new design with stronger safety protection function to eliminate the safety threat caused by the information leakage side channel, the FPGA main controller can flexibly adopt a soft core mode to realize the CPU core, and adopts stricter time and space isolation in the micro-architecture design to effectively eliminate the information leakage side channel, thereby enhancing the safety protection capability of the FPGA main controller.
The FPGA main controller can adopt a CPU core dual-core spiral structure design, and the detection and protection capability of unknown malicious software is enhanced. The FPGA main controller can flexibly adopt a soft core mode to realize the CPU core, a dual-core spiral structure design can be adopted in the CPU core design, in the dual-core spiral structure, two CPU cores with completely same logic functions execute the same instruction, and the execution result of the instruction is compared with the CPU state. This implementation not only implements dual modular redundancy, but can also be used to detect unknown malware attacks. The attack of malicious software on the CPU program only modifies the instruction stream/data stream/system state of one of the CPUs, and modifies the instruction stream/data stream/system state of two of the CPUs at the same time, and it is difficult to implement the same modification result. Therefore, the CPU core adopts a dual-core spiral structure design, and the detection and protection capability of unknown malicious software can be effectively enhanced. Such a structure can be conveniently implemented in the form of a soft core on the FPGA master, whereas such modifications are not possible on the main processor.
The FPGA main controller can adopt a CPU core three-core redundancy structure design to enhance the detection and protection capability on unknown malicious software. The FPGA main controller can flexibly adopt a soft core mode to realize the CPU core, a three-core redundancy structure design can be adopted in the CPU core design, in the three-core redundancy structure, three CPU cores with completely same logic functions execute the same instruction, and the execution result of the instruction is compared with the CPU state. The execution mode not only realizes the function of triple modular redundancy, but also can be used for detecting the attack of unknown malicious software. The attack of malicious software on the CPU program only modifies the instruction stream/data stream/system state of one of the CPUs, and modifies the instruction stream/data stream/system state of three of the CPUs at the same time, and it is difficult to implement the same modification result. Therefore, the CPU core adopts a three-core redundancy structure design, and the detection and protection capability of unknown malicious software can be effectively enhanced. Such a structure can be conveniently implemented in the form of a soft core on the FPGA master, whereas such modifications are not possible on the main processor.
Furthermore, the FPGA master may employ a microkernel with higher security protection capability (the microkernel is a simplified version of a kernel providing a core function of an operating system, and is designed to increase portability in a small memory space and provide a modular design to enable a user to install different interfaces), thereby improving the security protection capability of the software system. Because the FPGA main controller mainly executes the application program with high security level, the program quantity and scale are relatively small, and the restriction on the operating system is less, so that the FPGA main controller can adopt the security microkernel with higher security level and smaller code scale, thereby further improving the security protection capability of the software system.
The CPU core and other functional modules in the FPGA main controller can flexibly modify the design of the CPU core and other functional modules and adjust the instruction set of the CPU core according to the safety protection requirement and the current most main hardware and software attack scene and threat, thereby enhancing the safety protection capability of the whole system.
In addition, for safety, the configuration code file of the FPGA chip needs to be encrypted for protection, and meanwhile, the scan chain in the FPGA chip is disabled (the scan chain is an implementation technology of testability design, which enables a tester to externally control and observe the signal value of the internal trigger of the circuit by implanting a shift register) is a basic requirement for the safe operation of the FPGA master chip.
The FPGA is only one implementation form of the circuit function, and after the circuit function of the FPGA main controller is adjusted and shaped through practical application, all circuit functions in the FPGA main controller can be converted into ASIC chips to be implemented, so that the performance of the chips is further improved, the power consumption is reduced, and the cost is saved.
As shown in fig. 5, based on the protection method for the operating environment of the security chip, the present invention further provides a protection system for the operating environment of the security chip, where the protection system for the operating environment of the security chip includes:
the main processor 101 is used for calling and transmitting data needing encryption and decryption and programs of encryption and decryption operations to the FPGA main controller 102 through system communication; the FPGA main controller 102 is used for decomposing the program call into a series of subprocesses, generating a corresponding command call sequence and data grouping for the operation related to the safety chip 103, sending the corresponding command call and related data to the safety chip 103, and sending the operation result fed back by the safety chip 103 to the main processor 101; and the security chip 103 is used for acquiring and interpreting related commands, executing corresponding encryption and decryption operations and security processing, and feeding back operation results to the FPGA main controller 102.
The FPGA main controller and the security chip framework provided by the invention form an enhanced security operation environment, greatly improve the security protection capability aiming at the security chip, and can effectively solve the problem of relay attack in the traditional scheme and the problem that the operation environment of the security chip is threatened by security due to malicious software attack of a main processor.
In summary, the present invention provides a method and a system for protecting an operating environment of a security chip, where the method includes: the main processor calls and transmits data needing encryption and decryption and programs of encryption and decryption operations to the FPGA main controller through system communication; the FPGA main controller decomposes the program call into a series of subprocesses, and generates a corresponding command call sequence and a data packet for the operation related to the safety chip part; the FPGA main controller sends corresponding command calls and related data to the security chip, and the security chip feeds back the operation result to the FPGA main controller; the FPGA main controller completes program calling of the corresponding subprocess, collects the operation result from the security chip, and sends the final operation result to the main processor. According to the invention, the FPGA main controller is additionally arranged between the main processor and the safety chip, the FPGA main controller is used for sending a command to the safety chip to call, and the operation result from the safety chip is collected and sent to the main processor, so that the safety protection capability aiming at the safety chip is greatly improved.
Of course, it will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be automatically performed by instructing relevant hardware (such as a processor, a controller, etc.) through a computer program, and the program can be stored in a computer-readable storage medium, and the program can include the processes of the embodiments of the methods described above when executed. The storage medium may be a memory, a magnetic disk, an optical disk, etc.
It is to be understood that the invention is not limited to the examples described above, but that modifications and variations may be effected thereto by those of ordinary skill in the art in light of the foregoing description, and that all such modifications and variations are intended to be within the scope of the invention as defined by the appended claims.
Claims (5)
1. A protection method for a secure chip operating environment is characterized by comprising the following steps:
the main processor calls and transmits data needing encryption and decryption and programs of encryption and decryption operations to the FPGA main controller through system communication;
the main processor calls and transmits the data needing encryption and decryption and the program of the encryption and decryption operation to the FPGA main controller through system communication, and the method specifically comprises the following steps:
the main processor transmits data needing encryption and decryption to the FPGA main controller through system communication, and the FPGA main controller receives the data needing encryption and decryption and caches the data;
the main processor sends program call of encryption and decryption operation to the FPGA main controller;
the FPGA main controller decomposes the program call into a series of subprocesses, and generates a corresponding command call sequence and a data packet for the operation related to the safety chip part;
the FPGA main controller sends corresponding command calling and data needing encryption and decryption to the security chip, and the security chip feeds back an operation result to the FPGA main controller;
the FPGA main controller sends corresponding command calling and data needing encryption and decryption to the security chip, and the security chip feeds back the operation result to the FPGA main controller specifically comprises the following steps:
the FPGA main controller sends corresponding command calling and data needing encryption and decryption to the security chip, and the security chip acquires and interprets related commands;
the security chip executes corresponding encryption and decryption operation and security processing, and feeds back an operation result to the FPGA main controller;
when an application program with high security level of the security chip needs to be called, the high security application is transferred to the FPGA main controller for execution through the execution of the FPGA main controller, so that the negative influence on security protection caused by security holes existing in the main processor is effectively relieved;
the FPGA main controller completes program calling of corresponding subprocesses, collects operation results from the security chip, and sends final operation results to the main processor;
carrying out encryption protection on a configuration code file of the FPGA chip, and forbidding a scan chain in the FPGA chip;
the FPGA main controller and the main processor form a peer-to-peer distributed parallel processing relationship through system communication and program calling;
the FPGA main controller realizes the CPU core by adopting a soft core mode, and effectively eliminates an information leakage side channel by adopting time and space isolation in the micro-architecture design; the FPGA main controller adopts a safe microkernel with high safety level and small code scale, so that the safety protection capability of the software system is improved;
the FPGA main controller is additionally arranged between the main processor and the safety chip, the FPGA main controller sends a command to the safety chip to call, the operation result from the safety chip is collected, the final operation result is sent to the main processor, and the safety protection capability of the safety chip is improved.
2. The method for protecting an operating environment of a security chip according to claim 1, wherein before the main processor transmits the data to be encrypted and decrypted and the program call of the encryption and decryption operation to the FPGA master controller through system communication, the method further comprises:
an FPGA main controller for data processing is arranged between the main processor and the safety chip in advance.
3. The method according to claim 1, wherein the FPGA main controller implements the CPU core by using a soft core, and the CPU core is designed by using a dual-core spiral structure, in the dual-core spiral structure, two CPU cores with identical logic functions execute the same instruction, and the execution result of the instruction is compared with the CPU state.
4. The method for protecting the operating environment of the security chip according to claim 1, wherein the FPGA master controller implements the CPU core by using a soft core, and the CPU core is designed by using a triple-core redundancy structure, in the triple-core redundancy structure, three CPU cores having completely the same logic function execute the same instruction, and the execution result of the instruction is compared with the CPU state.
5. A protection system for an operating environment of a security chip is characterized in that the protection system for the operating environment of the security chip comprises:
the main processor is used for calling and transmitting data needing encryption and decryption and programs of encryption and decryption operations to the FPGA main controller through system communication;
the main processor transmits data needing encryption and decryption to the FPGA main controller through system communication, and the FPGA main controller receives the data needing encryption and decryption and caches the data; the main processor sends program call of encryption and decryption operation to the FPGA main controller;
the FPGA main controller is used for decomposing the program calling into a series of subprocesses, generating a corresponding command calling sequence and a data packet for the operation related to the safety chip part, sending the corresponding command calling and the data needing encryption and decryption to the safety chip, and sending an operation result fed back by the safety chip to the main processor;
the FPGA main controller sends corresponding command calling and data needing encryption and decryption to the security chip, and the security chip acquires and interprets related commands; the security chip executes corresponding encryption and decryption operation and security processing, and feeds back an operation result to the FPGA main controller;
when an application program with high security level of the security chip needs to be called, the high security application is transferred to the FPGA main controller for execution through the execution of the FPGA main controller, so that the negative influence on security protection caused by security holes existing in the main processor is effectively relieved;
the security chip is used for acquiring and interpreting related commands, executing corresponding encryption and decryption operation and security processing, and feeding back an operation result to the FPGA main controller;
carrying out encryption protection on a configuration code file of the FPGA chip, and forbidding a scan chain in the FPGA chip;
the FPGA main controller and the main processor form a peer-to-peer distributed parallel processing relationship through system communication and program calling;
the FPGA main controller realizes the CPU core by adopting a soft core mode, and effectively eliminates an information leakage side channel by adopting time and space isolation in the micro-architecture design; the FPGA main controller adopts a safe microkernel with high safety level and small code scale, so that the safety protection capability of the software system is improved;
the FPGA main controller is additionally arranged between the main processor and the safety chip, the FPGA main controller sends a command to the safety chip to call, the operation result from the safety chip is collected, the final operation result is sent to the main processor, and the safety protection capability of the safety chip is improved.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811058445.XA CN109284638B (en) | 2018-09-11 | 2018-09-11 | Protection method and system for operating environment of security chip |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811058445.XA CN109284638B (en) | 2018-09-11 | 2018-09-11 | Protection method and system for operating environment of security chip |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109284638A CN109284638A (en) | 2019-01-29 |
| CN109284638B true CN109284638B (en) | 2020-08-04 |
Family
ID=65181224
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811058445.XA Active CN109284638B (en) | 2018-09-11 | 2018-09-11 | Protection method and system for operating environment of security chip |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109284638B (en) |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1219382C (en) * | 2000-09-05 | 2005-09-14 | 中兴通讯股份有限公司 | New scrambler |
| CN201665226U (en) * | 2009-11-02 | 2010-12-08 | 北京全路通信信号研究设计院 | Train control center main processing equipment |
| CN101854243B (en) * | 2010-04-30 | 2012-12-12 | 株洲南车时代电气股份有限公司 | Circuit system design encryption circuit and encryption method thereof |
| US8898480B2 (en) * | 2012-06-20 | 2014-11-25 | Microsoft Corporation | Managing use of a field programmable gate array with reprogammable cryptographic operations |
| CN102799819A (en) * | 2012-07-04 | 2012-11-28 | 北京京航计算通讯研究所 | Embedded software safety protection system |
| CN104298936B (en) * | 2014-10-31 | 2017-12-08 | 成都朗锐芯科技发展有限公司 | A kind of FPGA encryptions and parameter configuring system based on CPLD chips |
-
2018
- 2018-09-11 CN CN201811058445.XA patent/CN109284638B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN109284638A (en) | 2019-01-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11146572B2 (en) | Automated runtime detection of malware | |
| CN109255259B (en) | High-security encryption and decryption computing capability expansion method and system | |
| CN105409164B (en) | Rootkit detection by using hardware resources to detect inconsistencies in network traffic | |
| US8566934B2 (en) | Apparatus and method for enhancing security of data on a host computing device and a peripheral device | |
| US20170359333A1 (en) | Context based switching to a secure operating system environment | |
| US11550965B2 (en) | Analytics processing circuitry for mitigating attacks against computing systems | |
| KR102332467B1 (en) | Protecting integrity of log data | |
| US11403403B2 (en) | Secure processing engine for securing a computing system | |
| US10339307B2 (en) | Intrusion detection system in a device comprising a first operating system and a second operating system | |
| WO2018164503A1 (en) | Context awareness-based ransomware detection | |
| Deyannis et al. | Trustav: Practical and privacy preserving malware analysis in the cloud | |
| US8782809B2 (en) | Limiting information leakage and piracy due to virtual machine cloning | |
| Sravani et al. | Attacks on cryptosystems implemented via VLSI: A review | |
| CN109190407B (en) | High-performance encryption and decryption operation capability expansion method and system | |
| Kumar et al. | A comprehensive survey on hardware-assisted malware analysis and primitive techniques | |
| CN111859383B (en) | Software automatic segmentation method, system, storage medium, computer equipment and terminal | |
| Shila et al. | FIDES: Enhancing trust in reconfigurable based hardware systems | |
| CN109284638B (en) | Protection method and system for operating environment of security chip | |
| WO2023104013A1 (en) | Data integrity protection method and related apparatus | |
| Sun et al. | Analysis and prevention of information security of USB | |
| Shila et al. | Unraveling the security puzzle: A distributed framework to build trust in FPGAs | |
| US12118088B2 (en) | Moderator system for a security analytics framework | |
| CN107944260A (en) | A kind of Behavior blocking device and method of Malware | |
| CN202720652U (en) | Dual-computer system for information security protection | |
| Suciu et al. | DroidSentry: Efficient code integrity and control flow verification on TrustZone devices |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |