CN109284638A - A kind of means of defence and system of safety chip running environment - Google Patents

A kind of means of defence and system of safety chip running environment Download PDF

Info

Publication number
CN109284638A
CN109284638A CN201811058445.XA CN201811058445A CN109284638A CN 109284638 A CN109284638 A CN 109284638A CN 201811058445 A CN201811058445 A CN 201811058445A CN 109284638 A CN109284638 A CN 109284638A
Authority
CN
China
Prior art keywords
safety chip
main controller
fpga main
fpga
decryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811058445.XA
Other languages
Chinese (zh)
Other versions
CN109284638B (en
Inventor
罗禹铭
罗禹城
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wangyu Safety Technology (shenzhen) Co Ltd
Original Assignee
Wangyu Safety Technology (shenzhen) Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wangyu Safety Technology (shenzhen) Co Ltd filed Critical Wangyu Safety Technology (shenzhen) Co Ltd
Priority to CN201811058445.XA priority Critical patent/CN109284638B/en
Publication of CN109284638A publication Critical patent/CN109284638A/en
Application granted granted Critical
Publication of CN109284638B publication Critical patent/CN109284638B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/72Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Mathematical Physics (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses the means of defences and system of a kind of safety chip running environment, which comprises the routine call that the data for needing encryption and decryption and encryption and decryption operate is transferred to FPGA main controller by system communication by primary processor;Routine call is decomposed into serial subprocess by FPGA main controller, to the operation of safety chip part is related to, generates corresponding command calls sequence and data grouping;FPGA main controller sends corresponding command calls to safety chip and operation result is fed back to FPGA main controller by relevant data, safety chip;FPGA main controller completes the corresponding subprocess of routine call, while collecting the operation result from safety chip, and final operation result is sent to primary processor.The present invention sends command calls to safety chip by FPGA main controller, and collects the operation result from safety chip, and final operation result is sent to primary processor, greatly improves the security protection ability for safety chip.

Description

A kind of means of defence and system of safety chip running environment
Technical field
The present invention relates to the means of defence of safety chip technical field more particularly to a kind of safety chip running environment and it is System.
Background technique
Safety chip, which refers to, realizes one or more cryptographic algorithms, is directly or indirectly protected using cryptographic technique close The IC chip of key and sensitive information.As the bottom safety guarantee of intelligent terminal, the application of safety chip can be effective Ground prevents hacker attack and cracks, and improves the safety of intelligent terminal, protects userspersonal information and applies data safety.Mesh Before, safety chip is just increasingly being applied in intelligent terminal, provides reliable guarantee for financial payment, online identity certification.
Safety chip is exactly trusted console module, is the device that can independently carry out key generation, encryption and decryption, internal Possess independent processor and storage unit, key and characteristic can be stored, provides encryption and Security Authentication Service for computer, It is encrypted with safety chip, key is stored in hardware, and stolen data can not decrypt, to protect business privacy sum number According to safety.
The usage scenario of traditional safety chip, as shown in Figure 1, safety chip is as the external from setting of system primary processor It is standby, command calls are sent from primary processor to safety chip, safety chip obtains and explains related command, then executes corresponding Operation result, is finally fed back to primary processor by encryption and decryption operation and safe handling.
This existing structure in Fig. 1 has the following problems:
For the relay attack of safety chip, due on primary processor operating system and application program may be by Malware Invasion, the command calls that such safety chip is received may be illegal command transmitted by Malware, safety chip After encryption and decryption operation result is returned to primary processor, Malware can be done using these results and further assume another's name to recognize The illegal operations such as card, malice payment, relay attack (Relay Attack) mould of such case aiming at conventional security chip Formula.
The hardware deficiency of primary processor itself leads to the security protection environmental degradation of safety chip.Since primary processor exists Defect in initial design, such as Intel chip and ARM chip largely use in micro-architecture design to most seek high-performance The design methods such as arithmetic unit is shared, Cache is shared, branch prediction, so that existing in CPU and entire processor system a large amount of The side channel of information leakage exists, these information leakage side channels are referred to as " cancer " in modern advanced processor, easily by To the attack of the Malware of " ghost " and " fusing " type.
The security breaches of the operating system and application program that run on primary processor lead to the security protection ring of safety chip Border deteriorates.Operating system is huge due to its code size, although software maintenance staff has paid significant effort, operating system Upgrading and the publication of patch become normality, but Malware can always take advantage of a weak point, and obtain system permission.System application journey The weakness of sequence under fire the case where it is also similar with operating system.
Safety chip own hardware and software processing capability it is low, cause the security protection ability of safety chip that can not mention It rises.It is poor in order to cope with the physical attacks such as grinding, laser and the intrusive attack of electromagnetic signal injection half for safety chip Divide the attack of the non-intrusion types such as amperometry, is all added on the CPU core, encryption and decryption circuit, memory module and bus in safety chip A large amount of protection designs, the system dominant frequency and processing capacity for leading to safety chip are only capable of operation letter all in low middling level Single operating system and application program, the processing capacity and protective capacities of software are weaker.
That is, in the prior art there is the deficiency of security protection ability in safety chip running environment.
Therefore, the existing technology needs to be improved and developed.
Summary of the invention
The technical problem to be solved in the present invention is that the present invention provides a kind of safety chip fortune for prior art defect The means of defence and system of row environment, it is intended to by increasing FPGA main controller between primary processor and safety chip, pass through FPGA main controller sends command calls to safety chip, and collects the operation result from safety chip, by final operation knot Fruit is sent to primary processor, greatly improves the security protection ability for safety chip.
The technical proposal for solving the technical problem of the invention is as follows:
A kind of means of defence of safety chip running environment, wherein the means of defence of the safety chip running environment includes:
The routine call that the data for needing encryption and decryption and encryption and decryption operate is transferred to FPGA master by system communication by primary processor Control device;
Routine call is decomposed into serial subprocess by FPGA main controller, to the operation of safety chip part is related to, is generated corresponding Command calls sequence and data grouping;
FPGA main controller sends corresponding command calls to safety chip and relevant data, safety chip feed back operation result Give FPGA main controller;
FPGA main controller completes the corresponding subprocess of routine call, while collecting the operation result from safety chip, will be final Operation result be sent to primary processor.
The means of defence of the safety chip running environment, wherein the primary processor will be needed by system communication The routine call of data and the encryption and decryption operation of encryption and decryption is transferred to before FPGA main controller further include:
It is arranged one between the primary processor and the safety chip in advance for carrying out the FPGA main controller of data processing.
The means of defence of the safety chip running environment, wherein the primary processor will be needed by system communication The routine call of data and the encryption and decryption operation of encryption and decryption is transferred to FPGA main controller and specifically includes:
The data for needing encryption and decryption are transferred to FPGA main controller by system communication by primary processor, and FPGA main controller receives related Data are simultaneously cached;
Primary processor sends the routine call that encryption and decryption operates to FPGA main controller.
The means of defence of the safety chip running environment, wherein the FPGA main controller to safety chip send pair Operation result is fed back to FPGA main controller and specifically included by the command calls and relevant data answered, safety chip:
FPGA main controller sends corresponding command calls to safety chip and relevant data, safety chip obtain and explain correlation Order;
Safety chip executes corresponding encryption and decryption operation and safe handling, and operation result is fed back to FPGA main controller.
The means of defence of the safety chip running environment, wherein when the high safety grade for needing to call safety chip Application program when, executed by FPGA main controller.
The means of defence of the safety chip running environment, wherein added the configuration code file of fpga chip Privacy protection, while disabling the scan chain in fpga chip.
The means of defence of the safety chip running environment, wherein pass through between FPGA main controller and primary processor and be System communication constitutes the distributed variable-frequencypump relationship of equity with routine call.
The means of defence of the safety chip running environment, wherein FPGA main controller is realized by the way of soft core CPU core, and CPU core is designed using double-core helical structure, in double-core helical structure, two identical CPU of logic function Core executes identical instruction, and the implementing result and CPU state that instruct are compared.
The means of defence of the safety chip running environment, wherein FPGA main controller is realized by the way of soft core CPU core, and CPU core is designed using three core redundancy structures, in three core redundancy structures, three identical CPU of logic function Core executes identical instruction, and the implementing result and CPU state that instruct are compared.
A kind of guard system of safety chip running environment, wherein the guard system packet of the safety chip running environment It includes:
Primary processor, for being transferred to the routine call that the data for needing encryption and decryption and encryption and decryption operate by system communication FPGA main controller;
FPGA main controller, to the operation of safety chip part is related to, generates pair for routine call to be decomposed into serial subprocess The command calls sequence answered and data grouping send corresponding command calls and relevant data to safety chip, and will be safe The operation result of chip feedback is sent to primary processor;
Safety chip executes corresponding encryption and decryption operation and safe handling, by operation result for obtaining and explaining related command Feed back to FPGA main controller.
The invention discloses the means of defences and system of a kind of safety chip running environment, which comprises main process task The routine call that the data for needing encryption and decryption and encryption and decryption operate is transferred to FPGA main controller by system communication by device;FPGA master It controls device and routine call is decomposed into serial subprocess, to the operation of safety chip part is related to, generate corresponding command calls sequence Column and data grouping;FPGA main controller sends corresponding command calls and relevant data to safety chip, and safety chip will be transported It calculates result and feeds back to FPGA main controller;FPGA main controller completes the corresponding subprocess of routine call, while collecting from safe core Final operation result is sent to primary processor by the operation result of piece.The present invention by primary processor and safety chip it Between increase FPGA main controller, command calls are sent to safety chip by FPGA main controller, and collect the fortune from safety chip It calculates as a result, final operation result is sent to primary processor, greatly improves the security protection ability for safety chip.
Detailed description of the invention
Fig. 1 is the schematic illustration of the usage scenario of traditional safety chip;
Fig. 2 is the flow chart of the preferred embodiment of the means of defence of safety chip running environment of the present invention;
Fig. 3 is the flow chart of step S10 in the preferred embodiment of the means of defence of safety chip running environment of the present invention;
Fig. 4 is the flow chart of step S30 in the preferred embodiment of the means of defence of safety chip running environment of the present invention;
Fig. 5 is the structure principle chart of the preferred embodiment of the guard system of safety chip running environment of the present invention.
Specific embodiment
To make the objectives, technical solutions, and advantages of the present invention clearer and more explicit, right as follows in conjunction with drawings and embodiments The present invention is further described.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, and do not have to It is of the invention in limiting.
The means of defence of safety chip running environment described in present pre-ferred embodiments, as shown in Fig. 2, the safe core The means of defence of piece running environment the following steps are included:
Step S10, primary processor is transmitted the routine call of the data for needing encryption and decryption and encryption and decryption operation by system communication Give FPGA main controller.
Specifically, setting one is used to carry out data processing between the primary processor and the safety chip in advance FPGA main controller.For FPGA main controller as an independent processor, it passes through system communication and program between primary processor It calls, the distributed variable-frequencypump relationship of equity is constituted, without master-slave.Safety chip is as FPGA main controller from setting It is standby, command calls are sent from FPGA main controller to safety chip, safety chip obtains and explains related command, then executes correspondence Encryption and decryption operation and safe handling, operation result is finally fed back to FPGA main controller, in the present invention, FPGA main controller+peace Full chip constitutes an enhanced secure operating environment.
Detailed process is referring to Fig. 3, it is the flow chart of step S10 in network switching control method provided by the invention.
As shown in figure 3, the step S10 includes:
The data for needing encryption and decryption are transferred to FPGA main controller by system communication by S11, primary processor, and FPGA main controller receives Related data is simultaneously cached;
S12, primary processor send the routine call that encryption and decryption operates to FPGA main controller.
Step S20, routine call is decomposed into serial subprocess by FPGA main controller, to being related to the behaviour of safety chip part Make, generates corresponding command calls sequence and data grouping.
Specifically, FPGA main controller is parsed to the routine call for carrying out host processor and is decomposed into serial subprocess, For being related to the operation of safety chip part, FPGA main controller generates corresponding command calls sequence and data grouping.
Step S30, FPGA main controller sends corresponding command calls and relevant data to safety chip, and safety chip will Operation result feeds back to FPGA main controller.
Detailed process is referring to Fig. 4, it is the flow chart of step S30 in network switching control method provided by the invention.
As shown in figure 4, the step S30 includes:
S31, FPGA main controller send corresponding command calls to safety chip and relevant data, safety chip are obtained and explained Related command;
S32, safety chip execute corresponding encryption and decryption operation and safe handling, and operation result is fed back to FPGA main controller.
Step S40, FPGA main controller completes the corresponding subprocess of routine call, while collecting the operation from safety chip As a result, final operation result is sent to primary processor.
Further, it when needing to call the application program of high safety grade of safety chip, is executed by FPGA main controller, Evade influence caused by security breaches on primary processor.For example, since the modern times advanced cpu chip of Intel and ARM is in micro- frame The defects of structure design, information leakage side channel is that these chips are not eliminable " cancer ", and due to these CPU primary processors Large-scale application, by these chips in a short time completely replacement be impossible.Security protection is of less demanding It is executed on original primary processor using remaining in, and high safety application is transferred on FPGA main controller and is executed, it can be with Effectively there are the negative influences in the security protection caused by security breaches on alleviation primary processor.
Further, FPGA main controller can use the stronger new design of function of safety protection, eliminate information leakage side letter Security threat caused by road, FPGA main controller can neatly realize CPU core by the way of soft core, and set in micro-architecture Information leakage side channel is effectively eliminated using stringenter time and space isolation in meter, enhances the peace of FPGA main controller Full protection ability.
Wherein, FPGA main controller can be designed using CPU core double-core helical structure, enhance the detection to unknown malware And protective capacities.FPGA main controller can neatly realize CPU core by the way of soft core, and can adopt in CPU core design It is designed with double-core helical structure, in double-core helical structure, the identical CPU core of two logic functions executes identical finger It enables, and the implementing result and CPU state that instruct will do it and compare.This executive mode not only realizes the function of duplication redundancy, And it can be used to detect the attack of unknown Malware.Attack of the Malware to CPU program only can modify one of them Instruction stream/data flow/system mode of CPU, while instruction stream/data flow/system mode of two CPU is modified, and modify knot Fruit is identical to be difficult to realize.Therefore CPU core is designed using double-core helical structure, can effectively be enhanced to unknown malware Detection and protective capacities.Such structure can be conveniently realized in the form of soft core on FPGA main controller, and at main place Such modification can not be carried out on reason device.
Wherein, FPGA main controller can be designed using three core redundancy structure of CPU core, enhance the detection to unknown malware And protective capacities.FPGA main controller can neatly realize CPU core by the way of soft core, and can adopt in CPU core design It is designed with three core redundancy structures, in three core redundancy structures, the identical CPU core of three logic functions executes identical finger It enables, and the implementing result and CPU state that instruct will do it and compare.This executive mode not only realizes the function of triplication redundancy, And it can be used to detect the attack of unknown Malware.Attack of the Malware to CPU program only can modify one of them Instruction stream/data flow/system mode of CPU, while instruction stream/data flow/system mode of three CPU is modified, and modify knot Fruit is identical to be difficult to realize.Therefore CPU core is designed using three core redundancy structures, can effectively be enhanced to unknown malware Detection and protective capacities.Such structure can be conveniently realized in the form of soft core on FPGA main controller, and at main place Such modification can not be carried out on reason device.
Further, FPGA main controller can (micro-kernel be to provide operation using the higher micro-kernel of security protection ability The compact version of the kernel of system core function, it is designed to increase transplantability in the memory headroom of very little, provides modularization Design, so that the different interface of user installation), promote the security protection ability of software systems.Due to main on FPGA main controller The application program of high safety grade is executed, program quantity and scale are relatively small, and it is also less to the constraint of operating system, in this way It can be using security level be higher, the smaller safe micro-kernel of code size, to further promote software on FPGA main controller The security protection ability of system.
CPU core and other function module in FPGA main controller can be directed to the needs of security protection and combine currently most The design of CPU core and other function module is neatly modified in main hardware and software Attack Scenarios and threat, adjusts CPU core Instruction set, to enhance the security protection ability of whole system.
In addition, due to safety concerns, the configuration code file needs of fpga chip encrypt, while disabling FPGA (scan chain is a kind of realization technology of Testability Design to scan chain in chip, it is by implantation shift register, so that surveying Examination personnel can be externally controlled and observe the signal value of circuit internal trigger) it is the base that FPGA main controller chip secure is run This requirement.
FPGA is a kind of way of realization of circuit function, is adjusted in the circuit function of FPGA main controller by practical application After sizing, whole circuit functions in FPGA main controller can be converted to asic chip realization, to further promote chip Performance reduces power consumption and saves cost.
As shown in figure 5, the means of defence based on above-mentioned safety chip running environment, the present invention further correspondingly provide a kind of peace The guard system of full chip running environment, the guard system of the safety chip running environment include:
Primary processor 101, for being transmitted the routine call of the data for needing encryption and decryption and encryption and decryption operation by system communication To FPGA main controller 102;FPGA main controller 102, for routine call to be decomposed into serial subprocess, to being related to safety chip The operation of 103 parts generates corresponding command calls sequence and data grouping, sends corresponding order to safety chip 103 and adjusts With with relevant data, and the operation result that safety chip 103 is fed back is sent to primary processor 101;Safety chip 103 is used In obtaining and explaining related command, corresponding encryption and decryption operation and safe handling are executed, operation result is fed back into FPGA master control Device 102.
FPGA main controller+safety chip framework proposed by the present invention constitutes an enhanced secure operating environment, pole The earth improves the security protection ability for safety chip, can efficiently solve the relay attack that traditional scheme is faced and ask It inscribes and primary processor is since malware attacks lead to the problem of running environment of safety chip is by security threat.
In conclusion the present invention provides the means of defence and system of a kind of safety chip running environment, which comprises The routine call that the data for needing encryption and decryption and encryption and decryption operate is transferred to FPGA main controller by system communication by primary processor; Routine call is decomposed into serial subprocess by FPGA main controller, to the operation of safety chip part is related to, generates corresponding order Calling sequence and data grouping;FPGA main controller sends corresponding command calls and relevant data, safe core to safety chip Operation result is fed back to FPGA main controller by piece;FPGA main controller completes the corresponding subprocess of routine call, while collecting and coming from Final operation result is sent to primary processor by the operation result of safety chip.The present invention passes through in primary processor and safety Increase FPGA main controller between chip, command calls is sent to safety chip by FPGA main controller, and collect from safe core Final operation result is sent to primary processor by the operation result of piece, and the safety greatly improved for safety chip is prevented Shield ability.
Certainly, those of ordinary skill in the art will appreciate that realizing all or part of the process in above-described embodiment method, It is that related hardware (such as processor, controller etc.) can be instructed to be automatically performed by computer program, the program can It is stored in a computer-readable storage medium, described program may include the stream such as above-mentioned each method embodiment when being executed Journey.Wherein the storage medium can be memory, magnetic disk, CD etc..
It should be understood that the application of the present invention is not limited to the above for those of ordinary skills can With improvement or transformation based on the above description, all these modifications and variations all should belong to the guarantor of appended claims of the present invention Protect range.

Claims (10)

1. a kind of means of defence of safety chip running environment, which is characterized in that the protection side of the safety chip running environment Method includes:
The routine call that the data for needing encryption and decryption and encryption and decryption operate is transferred to FPGA master by system communication by primary processor Control device;
Routine call is decomposed into serial subprocess by FPGA main controller, to the operation of safety chip part is related to, is generated corresponding Command calls sequence and data grouping;
FPGA main controller sends corresponding command calls to safety chip and relevant data, safety chip feed back operation result Give FPGA main controller;
FPGA main controller completes the corresponding subprocess of routine call, while collecting the operation result from safety chip, will be final Operation result be sent to primary processor.
2. the means of defence of safety chip running environment according to claim 1, which is characterized in that the primary processor is logical It crosses system communication the routine call that the data for needing encryption and decryption and encryption and decryption operate is transferred to before FPGA main controller further include:
It is arranged one between the primary processor and the safety chip in advance for carrying out the FPGA main controller of data processing.
3. the means of defence of safety chip running environment according to claim 1 or 2, which is characterized in that the main process task The routine call that the data for needing encryption and decryption and encryption and decryption operate is transferred to FPGA master control implement body packet by system communication by device It includes:
The data for needing encryption and decryption are transferred to FPGA main controller by system communication by primary processor, and FPGA main controller receives related Data are simultaneously cached;
Primary processor sends the routine call that encryption and decryption operates to FPGA main controller.
4. the means of defence of safety chip running environment according to claim 1 or 2, which is characterized in that the FPGA master Control device sends corresponding command calls to safety chip and operation result is fed back to FPGA master control by relevant data, safety chip Implement body includes:
FPGA main controller sends corresponding command calls to safety chip and relevant data, safety chip obtain and explain correlation Order;
Safety chip executes corresponding encryption and decryption operation and safe handling, and operation result is fed back to FPGA main controller.
5. the means of defence of safety chip running environment according to claim 1, which is characterized in that safe when needing to call When the application program of the high safety grade of chip, executed by FPGA main controller.
6. the means of defence of safety chip running environment according to claim 1, which is characterized in that by matching for fpga chip It sets code file to encrypt, while disabling the scan chain in fpga chip.
7. the means of defence of safety chip running environment according to claim 1, which is characterized in that FPGA main controller and master The distributed variable-frequencypump relationship of equity is made up of between processor system communication and routine call.
8. the means of defence of safety chip running environment according to claim 7, which is characterized in that FPGA main controller uses The mode of soft core realizes CPU core, and CPU core designed using double-core helical structure, in double-core helical structure, two logic function The identical CPU core of energy executes identical instruction, and the implementing result and CPU state that instruct are compared.
9. the means of defence of safety chip running environment according to claim 7, which is characterized in that FPGA main controller uses The mode of soft core realizes CPU core, and CPU core designed using three core redundancy structures, in three core redundancy structures, three logic function The identical CPU core of energy executes identical instruction, and the implementing result and CPU state that instruct are compared.
10. a kind of guard system of safety chip running environment, which is characterized in that the protection system of the safety chip running environment System includes:
Primary processor, for being transferred to the routine call that the data for needing encryption and decryption and encryption and decryption operate by system communication FPGA main controller;
FPGA main controller, to the operation of safety chip part is related to, generates pair for routine call to be decomposed into serial subprocess The command calls sequence answered and data grouping send corresponding command calls and relevant data to safety chip, and will be safe The operation result of chip feedback is sent to primary processor;
Safety chip executes corresponding encryption and decryption operation and safe handling, by operation result for obtaining and explaining related command Feed back to FPGA main controller.
CN201811058445.XA 2018-09-11 2018-09-11 Protection method and system for operating environment of security chip Active CN109284638B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811058445.XA CN109284638B (en) 2018-09-11 2018-09-11 Protection method and system for operating environment of security chip

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811058445.XA CN109284638B (en) 2018-09-11 2018-09-11 Protection method and system for operating environment of security chip

Publications (2)

Publication Number Publication Date
CN109284638A true CN109284638A (en) 2019-01-29
CN109284638B CN109284638B (en) 2020-08-04

Family

ID=65181224

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811058445.XA Active CN109284638B (en) 2018-09-11 2018-09-11 Protection method and system for operating environment of security chip

Country Status (1)

Country Link
CN (1) CN109284638B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1342007A (en) * 2000-09-05 2002-03-27 深圳市中兴集成电路设计有限责任公司 New scrambler
CN101854243A (en) * 2010-04-30 2010-10-06 株洲南车时代电气股份有限公司 Circuit system design encryption circuit and encryption method thereof
CN201665226U (en) * 2009-11-02 2010-12-08 北京全路通信信号研究设计院 Train control center main processing equipment
CN102799819A (en) * 2012-07-04 2012-11-28 北京京航计算通讯研究所 Embedded software safety protection system
CN103544417A (en) * 2012-06-20 2014-01-29 微软公司 Managing use of a field programmable gate array with reprogrammable cryptographic operations
CN104298936A (en) * 2014-10-31 2015-01-21 成都朗锐芯科技发展有限公司 FPGA encryption and parameter configuration system based on CPLD chip

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1342007A (en) * 2000-09-05 2002-03-27 深圳市中兴集成电路设计有限责任公司 New scrambler
CN201665226U (en) * 2009-11-02 2010-12-08 北京全路通信信号研究设计院 Train control center main processing equipment
CN101854243A (en) * 2010-04-30 2010-10-06 株洲南车时代电气股份有限公司 Circuit system design encryption circuit and encryption method thereof
CN103544417A (en) * 2012-06-20 2014-01-29 微软公司 Managing use of a field programmable gate array with reprogrammable cryptographic operations
CN102799819A (en) * 2012-07-04 2012-11-28 北京京航计算通讯研究所 Embedded software safety protection system
CN104298936A (en) * 2014-10-31 2015-01-21 成都朗锐芯科技发展有限公司 FPGA encryption and parameter configuration system based on CPLD chip

Also Published As

Publication number Publication date
CN109284638B (en) 2020-08-04

Similar Documents

Publication Publication Date Title
Yuce et al. Fault attacks on secure embedded software: Threats, design, and evaluation
US20230128711A1 (en) Technologies for trusted i/o with a channel identifier filter and processor-based cryptographic engine
Zhang et al. VeriTrust: Verification for hardware trust
Krieg et al. Malicious LUT: A stealthy FPGA Trojan injected and triggered by the design flow
CN109255259B (en) High-security encryption and decryption computing capability expansion method and system
Benhani et al. The security of ARM TrustZone in a FPGA-based SoC
CN110210190A (en) A kind of Code obfuscation method based on secondary compilation
La et al. Denial-of-service on FPGA-based cloud infrastructures—attack and defense
Meng et al. Security-first architecture: deploying physically isolated active security processors for safeguarding the future of computing
Palumbo et al. A lightweight security checking module to protect microprocessors against hardware trojan horses
Kumar et al. A comprehensive survey on hardware-assisted malware analysis and primitive techniques
Hunt et al. Isolation and beyond: Challenges for system security
CN109190407B (en) High-performance encryption and decryption operation capability expansion method and system
Ye et al. HISA: Hardware isolation-based secure architecture for CPU-FPGA embedded systems
Rahimi et al. Trends and challenges in ensuring security for low-power and high-performance embedded SoCs
Qui et al. Voltjockey: Abusing the processor voltage to break arm trustzone
Mohd et al. Run-time monitoring and validation using reverse function (RMVRF) for hardware trojans detection
Ahmed et al. Multi-tenant cloud FPGA: A survey on security
Shila et al. FIDES: Enhancing trust in reconfigurable based hardware systems
Rosero-Montalvo et al. A survey of trusted computing solutions using FPGAS
CN109284638A (en) A kind of means of defence and system of safety chip running environment
Shila et al. Unraveling the security puzzle: A distributed framework to build trust in FPGAs
Farag et al. Smart employment of circuit redundancy to effectively counter trojans (SECRET) in third-party IP cores
Cheng et al. An attack-immune trusted architecture for supervisory aircraft hardware
Islam et al. SafeController: efficient and transparent control-flow integrity for RTL design

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant