[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN110929254B - Safe and reliable CPU chip OTP data batch loading system and method - Google Patents

Safe and reliable CPU chip OTP data batch loading system and method Download PDF

Info

Publication number
CN110929254B
CN110929254B CN202010021727.3A CN202010021727A CN110929254B CN 110929254 B CN110929254 B CN 110929254B CN 202010021727 A CN202010021727 A CN 202010021727A CN 110929254 B CN110929254 B CN 110929254B
Authority
CN
China
Prior art keywords
loading
safe
data
interface
cpu
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010021727.3A
Other languages
Chinese (zh)
Other versions
CN110929254A (en
Inventor
秦放
黄橙
黄臻
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu 30javee Microelectronics Co ltd
Original Assignee
Chengdu 30javee Microelectronics Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu 30javee Microelectronics Co ltd filed Critical Chengdu 30javee Microelectronics Co ltd
Priority to CN202010021727.3A priority Critical patent/CN110929254B/en
Publication of CN110929254A publication Critical patent/CN110929254A/en
Application granted granted Critical
Publication of CN110929254B publication Critical patent/CN110929254B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Stored Programmes (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a safe and reliable CPU chip OTP data batch loading system and method, which is used for initializing and filling a safe SE part in a chip, wherein the system comprises a safe loading host, at least one safe SE loading plate and a multi-path CPU loading plate, the safe SE loading plate is connected with the safe loading host through a line concentration device, and the safe SE loading plate is also connected with the multi-path CPU loading plate through an internal I/O interface B; the ciphertext loading data is sent to the secure SE loading board through the secure loading host, the secure SE loading board finishes the OTP data batch loading of a plurality of secure and trusted CPU chips through the CPU loading board, and feeds back the loading condition of the secure SE loading board loading data to the loading host, so that the encryption protection of OTP important data is realized, the security, the stability and the high efficiency of the key data loading are ensured through role authentication and data integrity verification in the loading process, the cost is lower, and the data loading is easier to realize.

Description

Safe and reliable CPU chip OTP data batch loading system and method
Technical Field
The invention relates to the field of data batch loading, in particular to a safe and reliable CPU chip OTP data batch loading system and method.
Background
The Loongson safe trusted processor adopts a fusion architecture supporting general calculation, password calculation and trusted calculation, integrates physical realization of high-performance safe SE on the basis of the general Loongson processor, and provides a brand-new and flexible single-chip safe solution for users; when the chip is produced in batches, the initialization and verification of the Loongson safe and reliable processor are finished, and the initialization and filling of the safe SE part in the chip are also required; before the initialization filling of the safe SE part of chip can only be after the chip welds on the mainboard, through the SPI bus of customization on the mainboard, utilize outside debugging cable to carry out OTP data loading, this mode complex operation, inefficiency to be unsuitable for batch production, and the security can't guarantee.
Disclosure of Invention
In order to solve the problems, the invention provides a safe and reliable CPU chip OTP data batch loading system which is used for carrying out initialization filling on a safe SE part in a chip, and the safe and reliable CPU chip OTP data batch loading system comprises a safe loading host, at least one safe SE loading board and a plurality of CPU loading boards, wherein the safe SE loading board is connected with the safe loading host through a line concentration device, and is also connected with the plurality of CPU loading boards through an internal I/O interface B.
Further, the secure SE loading board comprises a loading processor, an I/O interface A and an I/O interface B, wherein the loading processor is connected with the line concentration device through the I/O interface A and connected with the multipath CPU loading board through the I/O interface B.
Further, the multi-path CPU loading board comprises a multi-path I/O interface C and a plurality of processors, wherein the I/O interface C is respectively connected with the I/O interface B and the processors.
Further, the HUB device is a USB-HUB HUB.
Further, the I/O interface a is a USB standard interface.
Furthermore, the I/O interface B and the I/O interface C are QSPI high-speed interfaces.
Further, the loading processor is an embedded processor.
Further, the secure SE loading board also includes an LED drive module.
The method for loading OTP data in batches by the safe trusted CPU chip OTP data batch loading system comprises the steps that a safe loading host distributes ciphertext data to be loaded in a safe carrier to a multi-path safe SE loading board subsystem, the safe SE loading board receives the ciphertext data to be loaded, after decryption by an SM4 algorithm, a QSPI high-speed interface is adopted to communicate with the CPU loading board, and loading data is written into OTPs of a plurality of safe trusted processors.
Furthermore, the security loading host realizes user identity authentication through authority configuration, after ciphertext loading data in the security carrier are read, the ciphertext loading data in the security carrier are deleted, and the reading condition is recorded, wherein the reading condition comprises reading time, time consumption, success/failure and file size; the safe loading host communicates with the safe SE loading boards through the USB interface and the special transmission protocol, ciphertext loading data are issued to each safe SE loading board, loading state information fed back by the safe SE loading boards is received, loading conditions are recorded, and log files are generated and stored.
The invention has the beneficial effects that: the method has the advantages of simple design, low cost and easy realization, meanwhile, the method relies on a manufacturer's data preparation system to encrypt and protect OTP important data, and the security, stability and high efficiency of key data loading are ensured by means of role authentication, data integrity verification in the loading process and the like; meanwhile, the loading plate is small in size, low in energy consumption and convenient to deploy on a production line of a sealing and testing factory, and has high practical value.
Drawings
FIG. 1 is a structural connection diagram of a secure trusted CPU chip OTP data bulk loading system;
FIG. 2 is a flow chart of a secure trusted CPU chip OTP data bulk loading method.
Detailed Description
For a clearer understanding of technical features, objects, and effects of the present invention, a specific embodiment of the present invention will be described with reference to the accompanying drawings.
The system comprises a safe loading host, at least one safe SE loading plate and a multi-path CPU loading plate, wherein the safe SE loading plate is connected with the safe loading host through a hub device, and the safe SE loading plate is also connected with the multi-path CPU loading plate through an internal I/O interface B.
The secure SE loading board comprises a loading processor, an I/O interface A and an I/O interface B, wherein the loading processor is connected with the line concentration device through the I/O interface A and connected with the multipath CPU loading board through the I/O interface B.
The multipath CPU loading board comprises multipath I/O interfaces C and a plurality of processors, wherein the I/O interfaces C are respectively connected with the I/O interfaces B and the processors.
The HUB device is a USB-HUB HUB, the I/O interface A is a USB standard interface, the I/O interface B and the I/O interface C are QSPI high-speed interfaces, the loading processor is an embedded processor, and the embedded processor is also connected with an online debugging interface JTAG.
The safe SE loading board also comprises an LED driving module, and the CPU loading board realizes parallel loading and testing of 12 safe trusted processors and safe SE initial loading data.
The method for loading OTP data in batches by the safe and reliable CPU chip OTP data batch loading system is realized by a management program of a safe loading host; the method comprises the following steps:
creating an administrator and an operator, and distributing different authorities, wherein the operator only has related operation authorities of log inquiry and normal loading flow;
reading a security authentication UsbKey and authenticating the identity of the user according to an authentication protocol;
after authentication is successful, the UsbKey ciphertext loaded data of the safety carrier is read, corresponding loaded data in the UsbKey is immediately deleted after reading, and the reading condition (reading time, reading time consumption, success/failure and file size reading) is recorded;
the method comprises the steps of communicating with a secure SE loading board through a USB interface and a special transmission protocol, transmitting ciphertext loading data to a multi-path secure SE loading board subsystem, and receiving loading state information fed back by the secure SE loading board, wherein the loading state information comprises loading progress and loading conditions of a CPU loading board;
displaying and recording the loading condition, generating a log file and storing the log file.
The secure loading host distributes the ciphertext data to be loaded in the secure carrier to a multi-channel secure SE loading board subsystem, the secure SE loading board receives the ciphertext data to be loaded, after decryption by an SM4 algorithm, the secure SE loading board communicates with the CPU loading board by adopting a QSPI high-speed interface, and the loading data is written into OTPs of a plurality of secure trusted processors.
According to the scheme, ciphertext loading data are sent to a secure SE loading plate through a secure loading host, OTP data of a secure trusted CPU chip are loaded in batches through a CPU loading plate connected with the secure SE loading plate through a QSPI high-speed interface, and the ciphertext loading data reading condition and the loading condition of the secure SE loading plate loading data in a secure carrier can be fed back, wherein the loading data are generated by decrypting the ciphertext loading data through the secure SE loading plate; the encryption protection of OTP important data is realized, and the security, stability and high efficiency of key data loading are ensured through role authentication and data integrity verification in the loading process, so that the cost is lower, and the data loading is easier to realize.
The foregoing has shown and described the basic principles and main features of the present invention and the advantages of the present invention. It will be understood by those skilled in the art that the present invention is not limited to the embodiments described above, and that the above embodiments and descriptions are merely illustrative of the principles of the present invention, and various changes and modifications may be made without departing from the spirit and scope of the invention, which is defined in the appended claims. The scope of the invention is defined by the appended claims.

Claims (7)

1. The OTP data batch loading system of the safe and reliable CPU chip is characterized by comprising a safe loading host, at least one safe SE loading plate and a plurality of paths of CPU loading plates, wherein the safe SE loading plate is connected with the safe loading host through a line concentration device, and the safe SE loading plate is also connected with the plurality of paths of CPU loading plates through an internal I/O interface B;
the safe SE loading board comprises a loading processor, an I/O interface A and an I/O interface B, wherein the loading processor is connected with the line concentration device through the I/O interface A and is connected with a multi-path CPU loading board through the I/O interface B, the safe SE loading board further comprises an LED driving module, and the CPU loading board realizes parallel loading and testing of 12 safe trusted processors and safe SE initial loading data;
the loading processor is an embedded processor, and the embedded processor is connected with an on-line debugging interface JTAG.
2. The system for loading OTP data on a safe and reliable CPU chip according to claim 1, wherein the multi-path CPU loading board comprises a multi-path I/O interface C and a plurality of processors, and the I/O interface C is respectively connected with the I/O interface B and the plurality of processors.
3. The secure trusted CPU chip OTP data bulk loading system of claim 1 wherein the HUB is a USB-HUB.
4. The secure trusted CPU chip OTP data bulk loading system of claim 1 wherein the I/O interface a is a USB standard interface.
5. The secure trusted CPU chip OTP data bulk loading system of claim 1 or 2 wherein both I/O interface B and I/O interface C are QSPI high speed interfaces.
6. The method for loading OTP data in batches by the safe and reliable CPU chip OTP data batch loading system according to any one of claims 1-5, wherein the safe loading host distributes ciphertext data to be loaded in a safe carrier to a multi-path safe SE loading board subsystem, the safe SE loading board receives the ciphertext data to be loaded, after decryption by SM4 algorithm, the safe SE loading board adopts QSPI high-speed interface to communicate with the CPU loading board, and the loading data is written into OTPs of a plurality of safe and reliable processors;
creating an administrator and an operator, and distributing different authorities, wherein the operator only has related operation authorities of log inquiry and normal loading flow; reading a security authentication UsbKey and authenticating the identity of the user according to an authentication protocol; after authentication is successful, the UsbKey ciphertext loading data of the safety carrier is read, corresponding loading data in the UsbKey is deleted immediately after reading, and reading conditions are recorded, wherein the reading conditions comprise reading time, time consumption, success/failure and file size.
7. The method for loading OTP data on a safe and reliable CPU chip in batch according to claim 6, wherein the safe loading host realizes user identity authentication through authority configuration, after ciphertext loading data in a safe carrier is read, the ciphertext loading data in the safe carrier is deleted, and the reading condition is recorded, wherein the reading condition comprises reading time, time consumption, success/failure of reading and file size of reading; the safe loading host communicates with the safe SE loading boards through the USB interface and the special transmission protocol, ciphertext loading data are issued to each safe SE loading board, loading state information fed back by the safe SE loading boards is received, loading conditions are recorded, and log files are generated and stored.
CN202010021727.3A 2020-01-09 2020-01-09 Safe and reliable CPU chip OTP data batch loading system and method Active CN110929254B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010021727.3A CN110929254B (en) 2020-01-09 2020-01-09 Safe and reliable CPU chip OTP data batch loading system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010021727.3A CN110929254B (en) 2020-01-09 2020-01-09 Safe and reliable CPU chip OTP data batch loading system and method

Publications (2)

Publication Number Publication Date
CN110929254A CN110929254A (en) 2020-03-27
CN110929254B true CN110929254B (en) 2023-08-22

Family

ID=69854710

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010021727.3A Active CN110929254B (en) 2020-01-09 2020-01-09 Safe and reliable CPU chip OTP data batch loading system and method

Country Status (1)

Country Link
CN (1) CN110929254B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114760276B (en) * 2022-06-13 2022-09-09 深圳市汇顶科技股份有限公司 Method and device for downloading data and secure element

Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005045688A1 (en) * 2003-10-06 2005-05-19 Cisco Technology, Inc. Port adapter for high-bandwidth bus
CN1896976A (en) * 2005-07-13 2007-01-17 英业达股份有限公司 On-line scaling system and method
WO2010105762A1 (en) * 2009-03-16 2010-09-23 Bobst Sa Loading station for plate elements, and machine for processing such elements
WO2011109780A2 (en) * 2010-03-05 2011-09-09 Maxlinear, Inc. Code download and firewall for embedded secure application
CN103412781A (en) * 2013-08-27 2013-11-27 信利光电股份有限公司 Burning method for one-time programmable (OTP) chips
CN106354530A (en) * 2016-08-24 2017-01-25 四川卫士通信息安全平台技术有限公司 Main board firmware rapid burning method and device based on Godson CPU
WO2017106855A1 (en) * 2015-12-18 2017-06-22 Noid Tech, Llc Control system, method and apparatus for utillity delivery subsystems
CN107665316A (en) * 2017-09-25 2018-02-06 四川卫士通信息安全平台技术有限公司 A kind of computer BIOS design method based on certification and credible measurement
CN107704251A (en) * 2017-09-26 2018-02-16 深圳市亿联智能有限公司 A kind of safe programming methods of OTP based on computer empowerment management
CN108388152A (en) * 2018-01-05 2018-08-10 郑州信大捷安信息技术股份有限公司 A kind of automated production equipment control system and control method for realizing that chip is filling
CN108491727A (en) * 2018-04-08 2018-09-04 成都三零嘉微电子有限公司 It is a kind of fusion general-purpose computations, trust computing, cryptographic calculations safe processor
CN109284114A (en) * 2017-07-20 2019-01-29 深圳市中兴微电子技术有限公司 The automatic method for burn-recording of programmable chip in embedded system
CN209086915U (en) * 2019-01-09 2019-07-09 泰瑞创通讯(成都)有限公司 C8051F SCM program burning device
CN110568345A (en) * 2019-09-27 2019-12-13 北京中电华大电子设计有限责任公司 automatic test equipment and control method thereof
CN211180820U (en) * 2020-01-09 2020-08-04 四川卫士通信息安全平台技术有限公司 Safe and credible CPU chip OTP data batch loading system

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070288765A1 (en) * 1999-12-22 2007-12-13 Kean Thomas A Method and Apparatus for Secure Configuration of a Field Programmable Gate Array
US7444575B2 (en) * 2000-09-21 2008-10-28 Inapac Technology, Inc. Architecture and method for testing of an integrated circuit device
DE10134981B4 (en) * 2001-07-16 2024-05-29 Frank Aatz Massively parallel coupled multiprocessor system
DE10358357A1 (en) * 2003-12-12 2005-07-21 Infineon Technologies Ag Temperature load detector for integrated semiconductor chip during soldering, has chip containing temperature sensor measuring magnitude
US20140101500A1 (en) * 2012-10-05 2014-04-10 Lsi Corporation Circuits and methods for functional testing of integrated circuit chips
US9734091B2 (en) * 2014-08-16 2017-08-15 Accenture Global Services Limited Remote load and update card emulation support
CN108768963B (en) * 2018-05-11 2021-02-02 北京握奇智能科技有限公司 Communication method and system of trusted application and secure element

Patent Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005045688A1 (en) * 2003-10-06 2005-05-19 Cisco Technology, Inc. Port adapter for high-bandwidth bus
CN1896976A (en) * 2005-07-13 2007-01-17 英业达股份有限公司 On-line scaling system and method
WO2010105762A1 (en) * 2009-03-16 2010-09-23 Bobst Sa Loading station for plate elements, and machine for processing such elements
WO2011109780A2 (en) * 2010-03-05 2011-09-09 Maxlinear, Inc. Code download and firewall for embedded secure application
CN103412781A (en) * 2013-08-27 2013-11-27 信利光电股份有限公司 Burning method for one-time programmable (OTP) chips
WO2017106855A1 (en) * 2015-12-18 2017-06-22 Noid Tech, Llc Control system, method and apparatus for utillity delivery subsystems
CN106354530A (en) * 2016-08-24 2017-01-25 四川卫士通信息安全平台技术有限公司 Main board firmware rapid burning method and device based on Godson CPU
CN109284114A (en) * 2017-07-20 2019-01-29 深圳市中兴微电子技术有限公司 The automatic method for burn-recording of programmable chip in embedded system
CN107665316A (en) * 2017-09-25 2018-02-06 四川卫士通信息安全平台技术有限公司 A kind of computer BIOS design method based on certification and credible measurement
CN107704251A (en) * 2017-09-26 2018-02-16 深圳市亿联智能有限公司 A kind of safe programming methods of OTP based on computer empowerment management
CN108388152A (en) * 2018-01-05 2018-08-10 郑州信大捷安信息技术股份有限公司 A kind of automated production equipment control system and control method for realizing that chip is filling
CN108491727A (en) * 2018-04-08 2018-09-04 成都三零嘉微电子有限公司 It is a kind of fusion general-purpose computations, trust computing, cryptographic calculations safe processor
CN209086915U (en) * 2019-01-09 2019-07-09 泰瑞创通讯(成都)有限公司 C8051F SCM program burning device
CN110568345A (en) * 2019-09-27 2019-12-13 北京中电华大电子设计有限责任公司 automatic test equipment and control method thereof
CN211180820U (en) * 2020-01-09 2020-08-04 四川卫士通信息安全平台技术有限公司 Safe and credible CPU chip OTP data batch loading system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于FPGA的片上ADC/DAC模块测试系统设计;赵锦添;《中国优秀硕士学位论文全文数据库 信息科技辑》(第02期);I135-680 *

Also Published As

Publication number Publication date
CN110929254A (en) 2020-03-27

Similar Documents

Publication Publication Date Title
US8528096B2 (en) Secure universal serial bus (USB) storage device and method
US7861015B2 (en) USB apparatus and control method therein
US7366916B2 (en) Method and apparatus for an encrypting keyboard
CN100498742C (en) Reliable U disc, method for realizing reliable U disc safety and its data communication with computer
CN112560058B (en) SSD partition encryption storage system based on intelligent password key and implementation method thereof
US20090254760A1 (en) Data security
CN104205044B (en) Data processing method and equipment
JP4242494B2 (en) Portable signal processor
CN103136485B (en) A kind of method realizing computer security and computer
US20200204991A1 (en) Memory device and managed memory system with wireless debug communication port and methods for operating the same
EP3198518B1 (en) Prevention of cable-swap security attack on storage devices
CN109190389A (en) A kind of solid state hard disk data guard method based on USB flash disk authentication
JP2009526472A (en) Data security including real-time key generation
US20210334416A1 (en) Storage device providing function of securely discarding data and operating method thereof
EP1775881A1 (en) Data management method, program thereof, and program recording medium
US8812857B1 (en) Smart card renewal
CN110929254B (en) Safe and reliable CPU chip OTP data batch loading system and method
CN105303093A (en) Token verification method for cryptographic smart token
CN101996285B (en) Electronic equipment
NO340355B1 (en) 2-factor authentication for network connected storage device
CN111797441A (en) Partition authority encryption management solid state disk based on fingerprint unlocking and method
EP1805572B1 (en) Data security
CN101127013A (en) Enciphered mobile storage apparatus and its data access method
CN103456340A (en) Safe movable hard disk and application method thereof
KR101070766B1 (en) Usb composite apparatus with memory function and hardware security module

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20211020

Address after: Floor 12 and 13, building 3, 333 Yunhua Road, high tech Zone, Chengdu, Sichuan 610000

Applicant after: CHENGDU 30JAVEE MICROELECTRONICS Co.,Ltd.

Address before: Building 2, 333 Yunhua Road, high tech Zone, Chengdu, Sichuan 610000

Applicant before: SICHUAN WEISHITONG INFORMATION SECURITY PLATFORM TECHNOLOGY Co.,Ltd.

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant