[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN112532391B - FPGA-ID-based digital product software and hardware collaborative encryption method - Google Patents

FPGA-ID-based digital product software and hardware collaborative encryption method Download PDF

Info

Publication number
CN112532391B
CN112532391B CN202011225690.2A CN202011225690A CN112532391B CN 112532391 B CN112532391 B CN 112532391B CN 202011225690 A CN202011225690 A CN 202011225690A CN 112532391 B CN112532391 B CN 112532391B
Authority
CN
China
Prior art keywords
fpga
key
digital product
encryption method
verification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011225690.2A
Other languages
Chinese (zh)
Other versions
CN112532391A (en
Inventor
赵晓迪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu Nts Software Co ltd
Original Assignee
Chengdu Nts Software Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu Nts Software Co ltd filed Critical Chengdu Nts Software Co ltd
Priority to CN202011225690.2A priority Critical patent/CN112532391B/en
Publication of CN112532391A publication Critical patent/CN112532391A/en
Application granted granted Critical
Publication of CN112532391B publication Critical patent/CN112532391B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/60Digital content management, e.g. content distribution
    • H04L2209/603Digital right managament [DRM]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a digital product soft and hard cooperative encryption method based on FPGA-ID, which adopts FPGA-ID as a unique data source for generating a key to ensure the uniqueness of a digital product decoding key; in the production link of the digital product, a generated secret key is stored in the product, and a generated algorithm is stored in the cloud end of a production system in the form of an executable file, so that the reliability of the encryption algorithm is ensured; the verification process of the key is integrated in the FPGA, and the verification module adopts an FPGA netlist form, so that the possibility of reverse cracking is avoided. The advantages of pure software encryption and hardware encryption are combined, the encryption flow and the realization complexity are greatly simplified on the premise of not reducing the cracking difficulty, the digital product carrying the FPGA + ARM architecture is protected from being copied by a copying board, and the intellectual property is effectively protected.

Description

FPGA-ID-based digital product software and hardware collaborative encryption method
Technical Field
The invention relates to an encryption technology of a digital product with an FPGA-ARM architecture, in particular to a software and hardware cooperative encryption method of a digital product based on an FPGA-ID.
Background
The existing digital product based on the FPGA-ARM framework generally adopts a pure software or hardware encryption mode when encrypting the product, and the single encryption mode cannot well ensure the safety of the digital product, has low confidentiality level, is easy to be cracked and is not beneficial to the protection of the digital product.
Disclosure of Invention
The invention aims to: aiming at the problem that the security of a digital product cannot be well ensured by a single encryption mode in the prior art, the FPGA-ID-based digital product software and hardware cooperative encryption method is provided, the advantages of pure software encryption and hardware encryption are combined, the intellectual property of the digital product is protected, and the copying of hardware and software of the digital product is effectively prevented.
In order to achieve the purpose, the invention adopts the technical scheme that:
a digital product soft and hard cooperative encryption method based on FPGA-ID is disclosed, wherein the digital product is based on FPGA-ARM architecture;
the production stage of the digital product comprises steps 1 to 4:
step 1, reading the FPGA-ID of the digital product;
step 2, uploading the FPGA-ID of the digital product to a cloud server;
step 3, the cloud server generates a secret key of the digital product according to the FPGA-ID;
step 4, storing the key in a memory of the digital product;
the operation stage of the digital product comprises the following steps 5 to 7:
step 5, configuring the key stored in the memory into an FPGA register of the digital product when the digital product is initialized and operated;
step 6, generating a key for verification through key generation operation consistent with the cloud server in the FPGA;
and 7, performing key verification by comparing the consistency of the key configured in the step 5 and the key generated in the step 6, and if the keys are consistent (namely the keys are correct), controlling the key functions of the equipment to normally run through hardware.
A digital product soft and hard cooperative encryption method based on FPGA-ID adopts FPGA-ID as a unique data source for generating a key, and guarantees the uniqueness of a digital product decoding key. The invention combines the advantages of pure software encryption and hardware encryption, greatly simplifies the encryption flow and the realization complexity on the premise of not reducing the cracking difficulty, protects the digital product carrying the FPGA + ARM architecture from being copied by a copying board, and effectively protects intellectual property.
Preferably, in step 6, the encryption process on the FPGA side is provided in a netlist.
Preferably, the key functions of the device in step 7 include channel switching and digital baseband link gain.
Preferably, in step 3: and cloud key generation software of the cloud server adopts an executable program mode.
Preferably, the step 1 comprises:
the FPGA part of the digital product is embedded with a section of function code for reading the FPGA-ID;
the embedded software accesses the FPGA-ID through a bus interface between the FPGA and the ARM;
and the production system acquires the FPGA-ID of the digital product through embedded software.
Preferably, in the step 4: the production system saves the key in the memory of the digital product in the form of a file.
Preferably, the step 5 comprises:
and the embedded software reads the key file stored in the generation stage and configures the key into the register address of the FPGA.
Preferably, the step 7 comprises:
and (3) carrying out key verification by using a key verification module of the FPGA, comparing the configured key value with the key value stored in the memory in the FPGA, and if the two values are the same, normally operating the key function of the hardware control equipment.
Preferably, the step 7 further comprises: if the two values are not the same, the critical function of the equipment is locked.
In summary, due to the adoption of the technical scheme, the invention has the beneficial effects that:
a digital product soft and hard cooperative encryption method based on FPGA-ID adopts FPGA-ID as a unique data source for generating a key, and guarantees the uniqueness of a digital product decoding key. The invention combines the advantages of pure software encryption and hardware encryption, greatly simplifies the encryption flow and the realization complexity on the premise of not reducing the cracking difficulty, protects the digital product carrying the FPGA + ARM architecture from being copied by a copying board, and effectively protects intellectual property rights.
In the production link of the digital product, the generated secret key is stored in the product, and the generated algorithm is stored in the cloud end of the production system in the form of an executable file, so that the reliability of the encryption algorithm is ensured.
The verification process of the key is integrated in the FPGA, and the verification module adopts an FPGA netlist form, so that the possibility of reverse cracking is avoided.
Drawings
FIG. 1 is a schematic flow chart of the steps of the present invention.
FIG. 2 is a flow chart illustrating steps of the generation phase of the present invention.
FIG. 3 is a flow chart illustrating the steps of the operational phase of the present invention.
Detailed Description
The present invention will be described in detail below with reference to the accompanying drawings.
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The invention provides a method for performing software and hardware cooperative encryption by mutually matching embedded software and corresponding built-in function modules of an FPGA.
According to the invention, the key generation original code is carried out through the unique chip identification number FPGA-ID in the FPGA, the unique key of the product is generated through the key generation software at the cloud end of the production system, and the encrypted product key verification process is provided in a netlist form in the FPGA, so that the encryption of the digital key function in the FPGA is realized.
The method generates the key through the cloud end when the product leaves a factory, and a series of possibilities related to key generation acquired at a product user side are isolated.
The invention carries out the verification process of the key in the FPGA. And the functional module is integrated in the product FPGA in a netlist mode, and because the difficulty of the FPGA design process is extremely high, the encryption and key verification method details can not be acquired reversely through the netlist.
Therefore, the possibility and the way of cracking the software and hardware collaborative encryption algorithm are eliminated no matter in the product production and delivery link or the product client use link.
As shown in FIG. 1, the method and flow of the FPGA-ID based soft and hard cooperative encryption algorithm are described in detail.
Step (1): in the production link of the product, the production system acquires the FPGA-ID identification number in the FPGA module in the product. The FPGA-ID is bound with the FPGA chips one by one, namely the ID number is unique, and the ID numbers corresponding to different FPGA chips adopted by the same product are different and unique.
Step (2), (3), and (4): the FPGA-ID number acquired by the production system is uploaded to a KEY generation software module at the cloud end, and the software generation module generates a unique KEY KEY by utilizing the FPGA-ID and a custom encryption algorithm, wherein the KEY also has uniqueness. And downloading the generated KEY KEY file to the local part of the product and storing the KEY KEY file in a memory of the product.
Step (5), (6), and (7): the FPGA of the product comprises a part of key verification modules in a netlist form, and the verification modules have a signal encryption function and a key comparison function, wherein the FPGA-ID reading function is consistent with the FPGA-ID encryption mode through a cloud terminal. When the product runs, the embedded software writes the KEY file in the memory into the register of the FPGA module, and simultaneously the KEY verification module in the FPGA starts KEY verification to generate the KEY FPGA And by comparing and checking with a KEY value configured in a register by embedded software, the checking result directly controls KEY functions of equipment, such as channel switch, digital baseband link gain and the like, through hardware.
Because the key verification module can be compiled into the functional version of the FPGA in a netlist form (binary format) in the FPGA, the decryption of the key verification algorithm on the FPGA side is basically impossible due to the unique form of the FPGA, and meanwhile, the hardware switch function directly controlled by the result of the key comparison cannot be avoided in a software decryption mode, so that the hardware downtime caused by the failure of the key verification cannot be avoided.
In this embodiment, the software and hardware cooperative encryption manner involves a key generation manner based on FPGA-ID, and there is no mandatory requirement for the key generation manner, and only uniqueness is required. Namely, the KEY generation algorithm only needs to meet the requirement that the FPGA-ID and the KEY are in one-to-one and unique correspondence.
The above description is intended to be illustrative of the preferred embodiment of the present invention and should not be taken as limiting the invention, but rather, the intention is to cover all modifications, equivalents, and alternatives falling within the spirit and scope of the invention.

Claims (9)

1. A digital product soft and hard cooperative encryption method based on FPGA-ID is characterized in that the digital product is based on an FPGA-ARM architecture;
the production stage of the digital product comprises steps 1 to 4:
step 1, reading the FPGA-ID of the digital product;
step 2, uploading the FPGA-ID of the digital product to a cloud server;
step 3, the cloud server generates a secret key of the digital product according to the FPGA-ID, the secret key generated by the digital product in a production link is stored in the digital product, and a production algorithm is stored in the cloud server in an executable file form;
step 4, storing the key in a memory of the digital product;
the operation stage of the digital product comprises the following steps 5 to 7:
step 5, configuring the key stored in the memory into an FPGA register of the digital product when the digital product is initialized and operated;
step 6, generating a key for verification through key generation operation consistent with the cloud server in the FPGA;
and 7, performing KEY verification by comparing the consistency of the KEY configured in the step 5 with the KEY generated in the step 6, if the KEYs are consistent, normally operating the KEY functions of the hardware control equipment, including a part of KEY verification modules in a netlist form in the FPGA of the digital product, starting KEY verification by the KEY verification modules to generate KEYFPA, and performing comparison and verification with a KEY value configured in a register by embedded software.
2. The FPGA-ID-based digital product soft and hard cooperative encryption method according to claim 1, wherein in the step 6, the encryption process on the FPGA side is provided in a netlist manner.
3. The FPGA-ID-based digital product soft and hard cooperative encryption method according to claim 1, wherein key functions of the device in the step 7 include channel switching and digital baseband link gain.
4. The FPGA-ID-based digital product soft and hard cooperative encryption method according to claim 1, wherein in the step 3: and cloud key generation software of the cloud server adopts an executable program mode.
5. The FPGA-ID-based digital product soft and hard cooperative encryption method according to claim 1, wherein the step 1 comprises:
the FPGA part of the digital product is embedded with a section of function code for reading the FPGA-ID; embedded type
Software accesses the FPGA-ID through a bus interface between the FPGA and the ARM; production system by embedding
And acquiring the FPGA-ID of the digital product by the embedded software.
6. The FPGA-ID-based digital product soft and hard cooperative encryption method according to claim 5, wherein in the step 4: the production system saves the key in the memory of the digital product in the form of a file.
7. The FPGA-ID-based digital product soft and hard cooperative encryption method according to claim 6, wherein the step 5 comprises the following steps:
and the embedded software reads the key file stored in the generation stage and configures the key into the register address of the FPGA.
8. The FPGA-ID-based digital product soft and hard cooperative encryption method according to claim 7, wherein the step 7 comprises:
and (3) carrying out key verification by using a key verification module of the FPGA, comparing the configured key value with the key value stored in the memory in the FPGA, and if the two values are the same, normally operating the key function of the hardware control equipment.
9. The FPGA-ID-based digital product soft and hard cooperative encryption method according to claim 8, wherein the step 7 further comprises: if the two values are not the same, the critical function of the equipment is locked.
CN202011225690.2A 2020-11-05 2020-11-05 FPGA-ID-based digital product software and hardware collaborative encryption method Active CN112532391B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011225690.2A CN112532391B (en) 2020-11-05 2020-11-05 FPGA-ID-based digital product software and hardware collaborative encryption method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011225690.2A CN112532391B (en) 2020-11-05 2020-11-05 FPGA-ID-based digital product software and hardware collaborative encryption method

Publications (2)

Publication Number Publication Date
CN112532391A CN112532391A (en) 2021-03-19
CN112532391B true CN112532391B (en) 2022-08-05

Family

ID=74979696

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011225690.2A Active CN112532391B (en) 2020-11-05 2020-11-05 FPGA-ID-based digital product software and hardware collaborative encryption method

Country Status (1)

Country Link
CN (1) CN112532391B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3699803A1 (en) * 2019-02-21 2020-08-26 Siemens Aktiengesellschaft Key management in an integrated circuit
CN113239370A (en) * 2021-04-29 2021-08-10 江苏无线电厂有限公司 Embedded software encryption design method based on SOC hardware identification code

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102945339A (en) * 2012-12-06 2013-02-27 大连奥林匹克电子城腾飞办公设备商行 Data protection system for computer
CN103427984A (en) * 2012-05-24 2013-12-04 三星电子株式会社 Apparatus for generating secure key using device ID and user authentication information
CN105376061A (en) * 2015-10-10 2016-03-02 广州慧睿思通信息科技有限公司 Decryption hardware platform based on FPGA
CN107958141A (en) * 2017-11-15 2018-04-24 广西师范大学 A kind of method for protecting software based on chip ID number
CN110555290A (en) * 2019-09-02 2019-12-10 积成电子股份有限公司 industrial control software copyright protection method and system based on FPGA
CN110765477A (en) * 2019-10-29 2020-02-07 四川九洲空管科技有限责任公司 Target program data anti-theft method used in ARM + FPGA architecture

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB0114317D0 (en) * 2001-06-13 2001-08-01 Kean Thomas A Method of protecting intellectual property cores on field programmable gate array
US20170277898A1 (en) * 2016-03-25 2017-09-28 Advanced Micro Devices, Inc. Key management for secure memory address spaces
CN107508791B (en) * 2017-07-12 2020-04-10 武汉精伦电气有限公司 Terminal identity verification method and system based on distributed key encryption
CN108875318A (en) * 2018-05-28 2018-11-23 哈尔滨工程大学 A kind of FPGA property right protection and remote update system and its method based on MCU
CN111259416A (en) * 2020-01-13 2020-06-09 湖北大学 Multi-algorithm security encryption authentication system and method based on FPGA

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103427984A (en) * 2012-05-24 2013-12-04 三星电子株式会社 Apparatus for generating secure key using device ID and user authentication information
CN102945339A (en) * 2012-12-06 2013-02-27 大连奥林匹克电子城腾飞办公设备商行 Data protection system for computer
CN105376061A (en) * 2015-10-10 2016-03-02 广州慧睿思通信息科技有限公司 Decryption hardware platform based on FPGA
CN107958141A (en) * 2017-11-15 2018-04-24 广西师范大学 A kind of method for protecting software based on chip ID number
CN110555290A (en) * 2019-09-02 2019-12-10 积成电子股份有限公司 industrial control software copyright protection method and system based on FPGA
CN110765477A (en) * 2019-10-29 2020-02-07 四川九洲空管科技有限责任公司 Target program data anti-theft method used in ARM + FPGA architecture

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
Flexible and low-cost HSM based on non-volatile FPGAs;Diogo Parrinha ET AL;《2017 International Conference on ReConFigurable Computing and FPGAs (ReConFig)》;20180205;全文 *
一种ARM+FPGA架构信号处理系统的软件防破解方案;李洪良等;《电子制作》;20160701;全文 *

Also Published As

Publication number Publication date
CN112532391A (en) 2021-03-19

Similar Documents

Publication Publication Date Title
US6625729B1 (en) Computer system having security features for authenticating different components
US6625730B1 (en) System for validating a bios program and memory coupled therewith by using a boot block program having a validation routine
US7073064B1 (en) Method and apparatus to provide enhanced computer protection
KR100792287B1 (en) Method for security and the security apparatus thereof
US20070015589A1 (en) Communication card, confidential information processing system, and confidential information transfer method and program
CN112532391B (en) FPGA-ID-based digital product software and hardware collaborative encryption method
CN109656750B (en) PUF-based bootloading for data recovery on secure flash devices
CN101494645B (en) Apparatus and method for authenticating a flash program
CN109977702B (en) FPGA equipment encryption authentication system based on DS2432 chip
KR20100120671A (en) Securing a smart card
KR102013983B1 (en) Method and server for authenticating an application integrity
CN101630265A (en) Upgrading device, terminal device, method and system for updating software
US8275129B2 (en) Data scrambling, descrambling, and data processing method, and controller and storage system using the same
US20210091945A1 (en) Key Processing Method and Apparatus
CN102982265B (en) Authentication method for storing basic input and output system (BIOS) setting
CN103370718B (en) Use the data guard method of distributed security key, equipment and system
CN112241523B (en) Method for authenticating startup identity of embedded computer
KR100943318B1 (en) Clip board security method
WO2019118031A1 (en) Virus immune computer system and method
CN115391843A (en) Credible digital identity CTID network card decoding algorithm
KR20210107681A (en) Circuit chip and its operation method
CA3101160C (en) Electric lock and control method thereof
CN112149167B (en) Data storage encryption method and device based on master-slave system
JPH10228374A (en) Computer card prevented from being duplicated
WO2007059701A1 (en) A system encrypting method adopting a multiple use supplementary single-chip microcomputer

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant