CN105825135A - Encryption chip, encryption system, encryption method and decryption method - Google Patents
Encryption chip, encryption system, encryption method and decryption method Download PDFInfo
- Publication number
- CN105825135A CN105825135A CN201610156859.0A CN201610156859A CN105825135A CN 105825135 A CN105825135 A CN 105825135A CN 201610156859 A CN201610156859 A CN 201610156859A CN 105825135 A CN105825135 A CN 105825135A
- Authority
- CN
- China
- Prior art keywords
- encryption
- random number
- module
- mcu
- chip
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/606—Protecting data by securing the transmission between two devices or processes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention is applicable to the field of encryption technology, and provides an encryption chip, an encryption system, an encryption method and a decryption method. The encryption chip comprises a random number generating module, a random number receiving module, an initial secret key storing module, a secret key generating module and a biologic feature information encryption module, wherein the random number generating module is used for generating the random number of the encryption chip; the random number receiving module is used for receiving a random number sent by an MCU (Microprogrammed Control Unit); the initial secret key storing module is used for storing an initial secret key shared by the encryption chip and the MCU; the secret key generating module is connected to the random number generating module, the random number receiving module and the initial secret key storing module, and is used for generating an encryption secret key according to the random number of the encryption chip, the random number of the MCU and the shared initial secret key; the biologic feature information encryption module is connected to the secret key generating module, and is used for encrypting unencrypted biologic feature information according to the generated encryption secret key and a previously configured encryption algorithm, so as to generate encrypted biologic feature information. By using the encryption chip, the encryption system, the encryption method and the decryption method, the reliability of the secret key is improved, and the safety of the encrypted biologic feature information is enhanced.
Description
Technical field
The invention belongs to encryption technology field, particularly relate to a kind of encryption chip, encryption system, encryption method and decryption method.
Background technology
Living things feature recognition chip, can gather biological information data, and for safety applications field, such as fingerprint recognition chip for the unblock of mobile phone.The biological information data collected often are uploaded to MCU and are used by this kind of chip.
But, current living things feature recognition chip, during encryption biological information data, the source that its key produces is single, and key reliability is low, is unfavorable for improving the safety of encryption biological information.As a example by fingerprint recognition chip in living things feature recognition chip, the input data of fingerprint recognition chip are derived only from MCU and are issued to the random number of living things feature recognition chip.Processing by this random number being carried out further data, carrying out AES encryption etc. including to it, finally give the key of the AES of encryption biological nature information data.And the key produced in this way, there is the deficiency in terms of following two, details are as follows:
On the one hand, key value is totally dependent on the random number that MCU issues, if attack device disguises oneself as, MCU issues random number, that key value is the most completely by attacking device decision, although attacking device not can determine that the concrete key value of generation, but it can allow same key repeat substantial amounts of use, key value or ciphertext are cracked and brings hidden danger.
On the other hand, the data processing method of the generating random number key that MCU issues is fixing in the dust by the data processing circuit in chip, if this circuit is cracked, the data message of that encryption just can crack completely.
Summary of the invention
The purpose of the embodiment of the present invention is to provide a kind of encryption chip, aiming to solve the problem that current living things feature recognition chip, during encryption biological information data, the source that its key produces is single, key reliability is low, the problem being unfavorable for improving the safety of encryption biological information.
The embodiment of the present invention is achieved in that a kind of encryption chip, connects MCU micro-control unit, and described encryption chip includes:
Random-number-generating module, for producing the random number of described encryption chip;
Random number receiver module, for receiving the random number that described MCU sends;
Initial key memory module, for storing the initial key that described encryption chip and described MCU share;
It is connected in described random-number-generating module, described random number receiver module, the key production module of described initial key memory module, for random number, the random number of described MCU and shared initial key according to described encryption chip, generates encryption key;
It is connected in the biological information encrypting module of key production module, for according to the encryption key generated and the AES being pre-configured with, unencrypted biological information being encrypted, generates encryption biological information.
Further, in described encryption chip, described random-number-generating module and described random number receiver module, connect described MCU by MCU interface module, described MCU interface module includes at least one in USB interface, serial line interface and parallel interface.
Further, in described encryption chip, the described AES being pre-configured with includes at least one in AES Advanced Encryption Standardalgorithm, AES_CCM algorithm, DES data encryption standard algorithm, and wherein, described AES_CCM algorithm is: qualification encryption mode based on AES encryption algorithm.
Further, in described encryption chip, described biological information encrypting module is for the encryption biological information generated to described MCU transmission.
Further, in described encryption chip, described initial key memory module is used for writing initial key.
Further, in described encryption chip, described initial key memory module, for according to described encryption chip different batches or different model, writes different initial keys.
The another object of the embodiment of the present invention is, it is provided that a kind of encryption system, and including above-mentioned encryption chip, described encryption system also includes:
Set up communication connection with described encryption chip, receive the MCU of described encryption biological information.
Further, in described encryption system, between described encryption chip and described MCU, using the Model Establishment communication connection set, the pattern of described setting includes at least one in serial communication mode, parallel communications pattern.
The another object of the embodiment of the present invention is, it is provided that a kind of encryption method based on above-mentioned encryption system, and described encryption method includes:
Described encryption chip obtains unencrypted biological information;
Described unencrypted biological information, according to the encryption key generated and the AES being pre-configured with, is encrypted by described encryption chip, generates encryption biological information;
The encryption biological information generated is sent to described MCU.
The another object of the embodiment of the present invention is, it is provided that a kind of decryption method based on above-mentioned encryption system, it is characterised in that described encryption method includes:
Described MCU receives the random number that described encryption chip sends;
Random number, the random number of described MCU and shared initial key according to described encryption chip, generates decruption key;
Described MCU uses the decipherment algorithm and decruption key being pre-configured with, and is decrypted encryption biological information.
In the present invention, key production module, for random number, the random number of described MCU and shared initial key according to described encryption chip, generate encryption key.Biological information encrypting module, for according to the encryption key generated and the AES being pre-configured with, being encrypted unencrypted biological information, generates encryption biological information.Therefore solving current living things feature recognition chip, during encryption biological information data, the source that its key produces is single, and key reliability is low, the problem being unfavorable for improving the safety of encryption biological information.It has the beneficial effects that following two aspects, and details are as follows:
On the one hand, encryption chip and the input with the key exchanged form key generation method of MCU thereof derive from 3 parts, and not merely it is decided by MCU, what accordingly even when attack device disguises oneself as, MCU sent out same many times counts to encryption chip at random, the most final key produced also will not be identical, because key value depends on the random number that encryption chip oneself produces the most simultaneously, and this random number is not dependent on MCU, therefore when same key is reused the most in a large number, key can be reduced or risk that ciphertext is cracked, improve the reliability of key.
On the other hand, the key value that encryption chip and the key exchanged form with MCU thereof produce additionally depends on storage initial key in memory, owing to the data in memorizer are difficult to be cracked, accordingly even when the digital circuit of key production module is cracked, key value also cannot be cracked.And when producing chip, different values can be solidified to memorizer, accordingly even when initial key imprudence is leaked out, can be with the new value of resolidification to memorizer, therefore the data process digital circuit that can avoid the occurrence of generation key is cracked, the situation that key just can directly be cracked, improves the safety of encryption biological information.
Accompanying drawing explanation
Fig. 1 is the structured flowchart of the encryption chip that the embodiment of the present invention provides;
Fig. 2 is the encryption system preferably structured flowchart that the embodiment of the present invention provides;
Fig. 3 is the encryption system preferably sample figure that the embodiment of the present invention provides;
The implementing procedure figure of the encryption method that Fig. 4 embodiment of the present invention provides;
The implementing procedure figure of the decryption method that Fig. 5 embodiment of the present invention provides.
Detailed description of the invention
In order to make the purpose of the present invention, technical scheme and advantage clearer, below in conjunction with drawings and Examples, the present invention is further elaborated.Should be appreciated that specific embodiment described herein, only in order to explain the present invention, is not intended to limit the present invention.
Embodiment one
Fig. 1 is the structured flowchart of the encryption chip that the embodiment of the present invention provides, and details are as follows:
Random-number-generating module, for producing the random number of described encryption chip;
Random number receiver module, for receiving the random number that described MCU sends;
Initial key memory module, for storing the initial key that described encryption chip and described MCU share;
It is connected in described random-number-generating module, described random number receiver module, the key production module of described initial key memory module, for random number, the random number of described MCU and shared initial key according to described encryption chip, generates encryption key;
It is connected in the biological information encrypting module of key production module, for according to the encryption key generated and the AES being pre-configured with, unencrypted biological information being encrypted, generates encryption biological information.
Encryption chip is: gathers biological information, and the characteristic information data gathered is encrypted and uploads to the chip of MCU.
Biological information includes: finger print information, iris information.
Described biological information encrypting module is additionally operable to judge whether external MCU, when being external to MCU, when receiving biological attribute data acquisition instruction or biological attribute data comparison instruction, obtain unencrypted biological attribute data, according to the encryption key generated and the AES being pre-configured with, unencrypted biological attribute data is encrypted, generates encryption biological information.
Wherein, unencrypted biological attribute data is encrypted, generates encryption biological information, particularly as follows:
Described biological information encrypting module is additionally operable to gather biological information, is encrypted the biological information collected, and generates encryption biological information.
Wherein, described random-number-generating module and described random number receiver module, connect described MCU by MCU interface module, described MCU interface module includes at least one in USB interface, serial line interface and parallel interface.
In the present invention, solving current living things feature recognition chip, during encryption biological information data, the source that its key produces is single, and key reliability is low, the problem being unfavorable for improving the safety of encryption biological information.It has the beneficial effects that following two aspects, and details are as follows:
On the one hand, encryption chip and the input with the key exchanged form key generation method of MCU thereof derive from 3 parts, and not merely it is decided by MCU, what accordingly even when attack device disguises oneself as, MCU sent out same many times counts to encryption chip at random, the most final key produced also will not be identical, because key value depends on the random number that encryption chip oneself produces the most simultaneously, and this random number is not dependent on MCU, therefore when same key is reused the most in a large number, key can be reduced or risk that ciphertext is cracked, improve the reliability of key.
On the other hand, the key value that encryption chip and the key exchanged form with MCU thereof produce additionally depends on storage initial key in memory, owing to the data in memorizer are difficult to be cracked, accordingly even when the digital circuit of key production module is cracked, key value also cannot be cracked.And when producing chip, different values can be solidified to memorizer, accordingly even when initial key imprudence is leaked out, can be with the new value of resolidification to memorizer, therefore the data process digital circuit that can avoid the occurrence of generation key is cracked, the situation that key just can directly be cracked, improves the safety of encryption biological information.
Embodiment two
Fig. 2 is the encryption system preferably structured flowchart that the embodiment of the present invention provides, and details are as follows:
Described encryption system, including above-mentioned encryption chip, described encryption system also includes:
Set up communication connection with described encryption chip, receive the MCU of described encryption biological information.
Embodiment three
Fig. 3 is the encryption system preferably sample figure that the embodiment of the present invention provides, and uses as a example by fingerprint recognition chip by encryption chip, its operation principle, and details are as follows:
MCU issues 64bit random number Mrand to fingerprint recognition chip by SPI interface.
Fingerprint recognition chip produces 64bit random number Srand, and MCU reads Srand by SPI interface.
In fingerprint recognition chip OTP, 128bit data TK of solidification are as key, and the 128bit data that Srand and Mrand combines are as in plain text, and by aes algorithm, to being encrypted in plain text, the 128bit ciphertext of generation is as the final key of cryptographic fingerprint data.
Fingerprint recognition chip utilizes AES_CCM algorithm, is encrypted using final key as double secret key finger print data.
Wherein, AES:AdvancedEncryptionStandard, Advanced Encryption Standard.
Wherein, AES_CCM: qualification encryption mode based on AES encryption algorithm.
MCU reads the finger print data of encryption by Serial Peripheral Interface (SPI) (SerialPeripheralInterface, SPI) interface.
After MCU gets the finger print data of encryption, produce final key by same key producing method, and the finger print data of encryption is decrypted.
Embodiment four
The implementing procedure figure of the encryption method that Fig. 4 embodiment of the present invention provides, details are as follows:
Step S401, described encryption chip obtains unencrypted biological information;
Step S402, described unencrypted biological information, according to the encryption key generated and the AES being pre-configured with, is encrypted by described encryption chip, generates encryption biological information;
Step S403, sends the encryption biological information generated to described MCU.
Embodiment five
The implementing procedure figure of the decryption method that Fig. 5 embodiment of the present invention provides, details are as follows:
Step S501, described MCU receives the random number that described encryption chip sends;
Step S502, according to random number, the random number of described MCU and the shared initial key of described encryption chip, generates decruption key;
Step S503, described MCU uses the decipherment algorithm and decruption key being pre-configured with, and is decrypted encryption biological information.
Through the above description of the embodiments, those skilled in the art is it can be understood that can add the mode of required common hardware by software to the present invention and realize.Described program can be stored in read/write memory medium, described storage medium, such as random access memory, flash memory, read only memory, programmable read only memory, electrically erasable programmable memorizer, depositor etc..This storage medium is positioned at memorizer, and processor reads the information in memorizer, performs the method described in each embodiment of the present invention in conjunction with its hardware.
The above; being only the detailed description of the invention of the present invention, but protection scope of the present invention is not limited thereto, any those familiar with the art is in the technical scope that the invention discloses; the change that can readily occur in or replacement, all should contain within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with scope of the claims.
Claims (10)
1. an encryption chip, connects MCU micro-control unit, it is characterised in that described encryption chip includes:
Random-number-generating module, for producing the random number of described encryption chip;
Random number receiver module, for receiving the random number that described MCU sends;
Initial key memory module, for storing the initial key that described encryption chip and described MCU share;
It is connected in described random-number-generating module, described random number receiver module, the key production module of described initial key memory module, for random number, the random number of described MCU and shared initial key according to described encryption chip, generates encryption key;
It is connected in the biological information encrypting module of key production module, for according to the encryption key generated and the AES being pre-configured with, unencrypted biological information being encrypted, generates encryption biological information.
2. encryption chip as claimed in claim 1, it is characterized in that, described random-number-generating module and described random number receiver module, connect described MCU by MCU interface module, and described MCU interface module includes at least one in USB interface, serial line interface and parallel interface.
3. encryption chip as claimed in claim 1, it is characterized in that, the described AES being pre-configured with includes at least one in AES Advanced Encryption Standardalgorithm, AES_CCM algorithm, DES data encryption standard algorithm, wherein, described AES_CCM algorithm is: qualification encryption mode based on AES encryption algorithm.
4. encryption chip as claimed in claim 1, it is characterised in that described biological information encrypting module is for the encryption biological information generated to described MCU transmission.
5. encryption chip as claimed in claim 1, it is characterised in that described initial key memory module is used for writing initial key.
6. encryption chip as claimed in claim 5, it is characterised in that described initial key memory module, for according to described encryption chip different batches or different model, writes different initial keys.
7. an encryption system, including the encryption chip described in claim 1 to 6 any one, it is characterised in that described encryption system also includes:
Set up communication connection with described encryption chip, receive the MCU of described encryption biological information.
8. encryption system as claimed in claim 7, it is characterised in that between described encryption chip and described MCU, uses the Model Establishment communication connection set, and the pattern of described setting includes at least one in serial communication mode, parallel communications pattern.
9. an encryption method based on encryption system described in claim 7, it is characterised in that described encryption method includes:
Described encryption chip obtains unencrypted biological information;
Described unencrypted biological information, according to the encryption key generated and the AES being pre-configured with, is encrypted by described encryption chip, generates encryption biological information;
The encryption biological information generated is sent to described MCU.
10. a decryption method based on encryption system described in claim 7, it is characterised in that described encryption method includes:
Described MCU receives the random number that described encryption chip sends;
Random number, the random number of described MCU and shared initial key according to described encryption chip, generates decruption key;
Described MCU uses the decipherment algorithm and decruption key being pre-configured with, and is decrypted encryption biological information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610156859.0A CN105825135A (en) | 2016-03-18 | 2016-03-18 | Encryption chip, encryption system, encryption method and decryption method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610156859.0A CN105825135A (en) | 2016-03-18 | 2016-03-18 | Encryption chip, encryption system, encryption method and decryption method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105825135A true CN105825135A (en) | 2016-08-03 |
Family
ID=56523571
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610156859.0A Pending CN105825135A (en) | 2016-03-18 | 2016-03-18 | Encryption chip, encryption system, encryption method and decryption method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105825135A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TWI666569B (en) * | 2017-04-19 | 2019-07-21 | 映智科技股份有限公司 | Bridge chip and fingerprint encryption method applied between fingerprint sensor and main control terminal, fingerprint detection and encryption circuit and method |
| CN111082939A (en) * | 2018-10-19 | 2020-04-28 | 华北电力大学扬中智能电气研究中心 | Finger vein information identification method and device |
| WO2020093290A1 (en) * | 2018-11-07 | 2020-05-14 | 华为技术有限公司 | Storage controller and file processing method, apparatus, and system |
| CN111502428A (en) * | 2020-04-21 | 2020-08-07 | 德施曼机电(中国)有限公司 | Intelligent lock based on pluggable key detection module |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7894601B2 (en) * | 2006-06-29 | 2011-02-22 | Incard S.A. | Method for key diversification on an IC card |
| CN102281261A (en) * | 2010-06-10 | 2011-12-14 | 杭州华三通信技术有限公司 | Data transmission method, system and apparatus |
| CN104253684A (en) * | 2014-09-23 | 2014-12-31 | 深圳市汇顶科技股份有限公司 | Encryption method and encryption device |
| CN104318201A (en) * | 2014-09-05 | 2015-01-28 | 大唐微电子技术有限公司 | Fingerprint processing method, chip and terminal |
| CN104639561A (en) * | 2015-02-27 | 2015-05-20 | 飞天诚信科技股份有限公司 | Method for safely obtaining secret key |
-
2016
- 2016-03-18 CN CN201610156859.0A patent/CN105825135A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7894601B2 (en) * | 2006-06-29 | 2011-02-22 | Incard S.A. | Method for key diversification on an IC card |
| CN102281261A (en) * | 2010-06-10 | 2011-12-14 | 杭州华三通信技术有限公司 | Data transmission method, system and apparatus |
| CN104318201A (en) * | 2014-09-05 | 2015-01-28 | 大唐微电子技术有限公司 | Fingerprint processing method, chip and terminal |
| CN104253684A (en) * | 2014-09-23 | 2014-12-31 | 深圳市汇顶科技股份有限公司 | Encryption method and encryption device |
| CN104639561A (en) * | 2015-02-27 | 2015-05-20 | 飞天诚信科技股份有限公司 | Method for safely obtaining secret key |
Non-Patent Citations (1)
| Title |
|---|
| 李晖等: "《对称密码学及其应用》", 30 April 2009, 西南交通大学出版社 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TWI666569B (en) * | 2017-04-19 | 2019-07-21 | 映智科技股份有限公司 | Bridge chip and fingerprint encryption method applied between fingerprint sensor and main control terminal, fingerprint detection and encryption circuit and method |
| CN111082939A (en) * | 2018-10-19 | 2020-04-28 | 华北电力大学扬中智能电气研究中心 | Finger vein information identification method and device |
| WO2020093290A1 (en) * | 2018-11-07 | 2020-05-14 | 华为技术有限公司 | Storage controller and file processing method, apparatus, and system |
| CN111502428A (en) * | 2020-04-21 | 2020-08-07 | 德施曼机电(中国)有限公司 | Intelligent lock based on pluggable key detection module |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106301774B (en) | Safety chip, its encryption key generation method and encryption method | |
| CN108197485B (en) | Terminal data encryption method and system and terminal data decryption method and system | |
| CN108011716B (en) | Cipher device and implementation method | |
| US20180293407A1 (en) | Secure data storage device with security function implemented in a data security bridge | |
| EP3197089A1 (en) | Secure information configuration method, secure authentication method and related chip | |
| CN103475463B (en) | Encryption implementation method and device | |
| CN110889123B (en) | Authentication method, key pair processing method, device and readable storage medium | |
| CN103345453B (en) | Based on supporting the method that the fixed disk data enciphering card of SATA interface is encrypted | |
| CN108734015A (en) | Storage device and access authority control method thereof | |
| CN110169102A (en) | The method and apparatus of secret protection | |
| CN105825135A (en) | Encryption chip, encryption system, encryption method and decryption method | |
| CN209803788U (en) | PCIE credible password card | |
| JP6285616B1 (en) | Secure execution environment communication | |
| CN110909338B (en) | Security authentication method and system based on security chip and security chip | |
| CN103986582A (en) | Data encryption transmission method, device and system based on dynamic encryption technology | |
| US11405202B2 (en) | Key processing method and apparatus | |
| US20230269078A1 (en) | Key sharing method, key sharing system, authenticating device, authentication target device, recording medium, and authentication method | |
| CN104318201A (en) | Fingerprint processing method, chip and terminal | |
| CN102867136A (en) | Second-generation identity card authentication system with fingerprint characteristics | |
| CN106326754B (en) | A kind of data transmission encryption device realized based on PCIE interface | |
| US20230289424A1 (en) | Security Chip-Based Security Authentication Method and System, Security Chip, and Readable Storage Medium | |
| CN109784104A (en) | SATA hard disc crypto module and its working method, system and its working method | |
| CN210515295U (en) | Security authentication system and information processing device based on security chip | |
| EP2911087A1 (en) | Method, device and apparatus for storing and reading data | |
| CN108021817A (en) | A kind of encryption and decryption memory access interface realizes system and method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160803 |
|
| RJ01 | Rejection of invention patent application after publication |