CN113656845A - FPGA program volume production batch encryption method - Google Patents
FPGA program volume production batch encryption method Download PDFInfo
- Publication number
- CN113656845A CN113656845A CN202110948442.9A CN202110948442A CN113656845A CN 113656845 A CN113656845 A CN 113656845A CN 202110948442 A CN202110948442 A CN 202110948442A CN 113656845 A CN113656845 A CN 113656845A
- Authority
- CN
- China
- Prior art keywords
- encryption
- fpga chip
- unique identification
- fpga
- dna code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 39
- 238000004519 manufacturing process Methods 0.000 title claims abstract description 18
- 238000004891 communication Methods 0.000 claims description 7
- 230000006870 function Effects 0.000 description 17
- 238000010923 batch production Methods 0.000 description 2
- 230000007547 defect Effects 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- FFBHFFJDDLITSX-UHFFFAOYSA-N benzyl N-[2-hydroxy-4-(3-oxomorpholin-4-yl)phenyl]carbamate Chemical compound OC1=C(NC(=O)OCC2=CC=CC=C2)C=CC(=C1)N1CCOCC1=O FFBHFFJDDLITSX-UHFFFAOYSA-N 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/76—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in application-specific integrated circuits [ASIC] or field-programmable devices, e.g. field-programmable gate arrays [FPGA] or programmable logic devices [PLD]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Mathematical Physics (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a method for encrypting FPGA programs in mass production in batches, which comprises the following steps: step S1, an encryption program is run at the user terminal, and 2 AES128 encryption keys are agreed in advance, namely A and B; step S2, adding an encryption function module in the codes of the FPGA chip, reading the unique identification DNA code of the FPGA chip and sending the unique identification DNA code into the encryption function module; step S3, reading the encryption result, and decrypting the encryption result by using the AES128 encryption key A to obtain the unique identification DNA code of the FPGA chip; s4, after the unique identification DNA code of the FPGA chip is obtained, encrypting the unique identification DNA code of the FPGA chip by using an AES128 encryption key B; step S5, thereby realizing the encryption of the equipment, and when the encrypted equipment works normally, the starting key in the equipment initialization parameter is sent into the FPGA chip; and S6, decrypting through the AES128 encryption keys A and B, comparing with the DNA code of the FPGA chip, and judging the comparison result, thereby ensuring the safety of the FPGA chip program and realizing the batch encryption of the FPGA chip program.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a method for encrypting FPGA programs in mass production in batches.
Background
The FPGA is a field programmable logic device, is widely used for communication, medical treatment, industrial control and the like, and has irreplaceable functions in the field. However, the program of the FPGA is usually stored in a general-purpose memory chip outside the chip, and is very easy to be read and copied, thereby causing huge loss to the enterprise. In order to solve the problem, an FPGA chip manufacturer provides a set of encryption method to encrypt a program, but the method needs to generate a program file encrypted by different keys for each device, which is very unfavorable for enterprise batch production.
Disclosure of Invention
In view of the above, the present invention provides a bulk encryption method for generating an encrypted FPGA program.
The invention is realized by adopting the following method: an FPGA program volume production batch encryption method comprises the following steps:
step S1, an encryption program is run at the user terminal, and 2 AES128 encryption keys are agreed in advance, namely A and B;
step S2, adding an encryption function module in the codes of the FPGA chip, reading the unique identification DNA code of the FPGA chip and sending the unique identification DNA code into the encryption function module;
step S3, after the user terminal is connected with the device where the FPGA chip is located, reading the encryption result, and decrypting the encryption result by using the AES128 encryption key A to obtain the unique identification DNA code of the FPGA chip;
s4, after the unique identification DNA code of the FPGA chip is obtained, encrypting the unique identification DNA code of the FPGA chip by using an AES128 encryption key B;
step S5, thereby realizing the encryption of the equipment, and when the encrypted equipment works normally, the starting key in the equipment initialization parameter is sent into the FPGA chip;
and S6, adding a decryption function in the codes of the FPGA chip, decrypting through AES128 encryption keys A and B, comparing with the DNA codes of the FPGA chip, and judging a comparison result, so that the safety of the FPGA chip program is ensured, and the batch encryption of the FPGA chip program is realized.
Furthermore, an encryption program is run at the user terminal, and the same key is used in the encryption program and the key content is fixed to agree two AES128 encryption keys, namely A and B.
Further, the step S2 is further specifically: an encryption function module is added in the codes of the FPGA chip, the unique identification DNA code of the FPGA chip can be read, the unique identification DNA code of the FPGA chip is encrypted by an AES128 encryption key A, and the encryption result is stored and waits to be read by a user terminal.
Further, the step S3 is further specifically: the encryption function module is connected with the user terminal, reads the encrypted result from the user terminal, decrypts the encrypted result by using the AES128 encryption key A which is stipulated in advance, and the decrypted result is the unique identification DNA code of the FPGA chip, so that the communication interface can be prevented from being monitored.
Further, the step S4 is further specifically: and after the encryption program obtains the unique identification DNA code of the FPGA chip, encrypting the unique identification DNA code of the FPGA chip by using an AES128 encryption key B, taking the encryption result as an equipment starting key, and storing the encryption result in the initialization parameter for starting the equipment as the starting code of the equipment.
Further, the step S6 is further specifically: adding a decryption function in the codes of the FPGA chip, decrypting the starting key in the initialization parameters of the equipment by using AES128 encryption keys A and B, comparing the starting key with the unique identification DNA code of the FPGA chip, starting the equipment to execute when the comparison is consistent, and stopping the equipment when the comparison is inconsistent.
The invention has the beneficial effects that: the invention can automatically generate the encrypted FPGA program and meet the requirement of batch production; in the equipment using the FPGA chip device, the program can be safely protected and cannot be copied and cracked, and meanwhile, the requirement of realizing batch encryption in the production process can be met, and the production cost is reduced.
Drawings
FIG. 1 is a schematic flow chart of the method of the present invention.
Fig. 2 is a schematic flow chart of the production of the encryption.
Fig. 3 is a schematic diagram of the device using process.
Detailed Description
The invention is further described below with reference to the accompanying drawings.
Referring to fig. 1, the present invention provides an embodiment: an FPGA program volume production batch encryption method comprises the following steps:
step S1, an encryption program is run at the user terminal, and 2 AES128 encryption keys are agreed in advance, namely A and B;
step S2, adding an encryption function module in the codes of the FPGA chip, reading the unique identification DNA code of the FPGA chip and sending the unique identification DNA code into the encryption function module;
step S3, after the user terminal is connected with the device where the FPGA chip is located, reading the encryption result, and decrypting the encryption result by using the AES128 encryption key A to obtain the unique identification DNA code of the FPGA chip;
s4, after the unique identification DNA code of the FPGA chip is obtained, encrypting the unique identification DNA code of the FPGA chip by using an AES128 encryption key B;
step S5, thereby realizing the encryption of the equipment, and when the encrypted equipment works normally, the starting key in the equipment initialization parameter is sent into the FPGA chip;
and S6, adding a decryption function in the codes of the FPGA chip, decrypting through AES128 encryption keys A and B, comparing with the DNA codes of the FPGA chip, and judging a comparison result, so that the safety of the FPGA chip program is ensured, and the batch encryption of the FPGA chip program is realized.
The invention is further illustrated by the following specific examples:
the implementation method comprises the following steps:
a user terminal can be a PC or a singlechip and the like, and runs an encryption program, which is hereinafter referred to as an encryption tool. 2 AES128 encryption keys a and B need to be agreed upon in advance. The encryption tool and the two AES128 keys a and B on the encrypted device use the same key at the beginning of the encryption, and the key is fixed and unchangeable in content.
The encryption algorithm in the encryption keys A and B of the AES128 in the invention is standard AES128, but the encryption keys are just as if they are all gates, but the key of each gate is different. Encryption can be regarded as locking when the door is closed, and decryption can be regarded as unlocking when the door is opened. The same key is used for opening a specific door, and different keys are used for different doors.
An encryption function module is added in codes of the FPGA, the unique identification DNA codes of the FPGA chip can be read, the codes are encrypted by AES128 key A through AES128, and the encryption results are stored and wait to be read by an encryption tool. The reading function is the working content of the program code, which is a section of standard flow code, the process does not need to be explained, and the function of reading the DNA identification code of the FPGA chip is only required to know the section of code.
After the encryption tool is connected with the equipment where the FPGA chip is located, the encryption result is read, and the encryption result is decrypted by using the AES128 encryption key A which is agreed in advance to obtain the DNA code. This step is mainly for the communication interface to be monitored, and the plaintext transmission data is easy to be cracked.
After obtaining this DNA code, the encryption tool encrypts the DNA code with another AES128 encryption key B agreed in advance, and the encrypted result is used as a device start-up key and is stored in the device start-up initialization parameter.
This is the time when the device encryption process is complete.
And the encrypted equipment sends the starting key in the equipment initialization parameters to the FPGA when the equipment is started in normal work.
A decryption function module is added in the FPGA code, an AES128 encryption key B is used for decrypting a starting key in the equipment initialization parameters, the starting key is compared with the DNA code of the equipment, the comparison is consistent, the function program starts to be executed, and otherwise, the function program stops being executed. The initialization parameters are all the operating parameters of each device, because the invention patent is not specific to a specific device, the operating parameters of each device are different from type to content, and the encryption and decryption related parameters are only a part of the operating parameters.
The AES128 encryption algorithm is a standard flow, and the decryption flow is also an AES128 standard flow, which is not described in detail herein.
The device needing encryption is a non-specific device, and any device using an FPGA chip is within the description scope of the patent of the invention.
Production encryption process
As shown in fig. 2, this is a complete production encryption process, performing processes 1, 2, 3, 4, 5.
Process 1: and reading the unique identification DNA code of the FPGA and sending the unique identification DNA code into an encryption module.
And (2) a process: the encryption module performs AES128 encryption by using a pre-agreed key A and sends the result to the communication module to wait for the encryption tool to read.
And 3, process: the encryption tool is connected with the encrypted equipment, reads the encrypted result from the encryption tool and decrypts the encrypted result by using the preset secret key A, and the decrypted result is the DNA code of the encrypted equipment.
And 4, process: the encryption tool again performs AES128 encryption using the previously agreed-upon key B and returns the result to the encrypted device as the device's start code.
And (5) a process: the encrypted equipment writes the equipment starting code into the equipment starting parameter table and stores the equipment starting code.
The encryption process is ended and the encryption tool is disconnected.
As shown in fig. 3, this is a process of normal device start-up, and processes 6, 7, 8, and 9 are performed.
And 6, a process: and starting the equipment, and writing the starting parameters into the FPGA by the MCU, wherein the starting parameters comprise a starting code.
And (7) a process: the FPGA decryption code module decrypts the starting code by using a secret key B agreed in advance, and a decryption result is sent to the comparison module.
And (8) a process: and the comparison module acquires the unique DNA code of the FPGA from the DNA reading module and compares the unique DNA code with the result sent by the decryption module.
And a process 9: and (5) comparing the two codes to be consistent, and starting the function code module of the FPGA. This is the time when the decryption of the device is started.
In the device, the communication interfaces of the process 3 and the process 6 are the communication interfaces which are most easily listened to, so the encryption process is decrypted using AES128 encryption.
FPGA (field programmable Gate array) in the invention
FPGA (field Programmable Gate array) is a product of further development on the basis of Programmable devices such as PAL, GAL and the like. The circuit is a semi-custom circuit in the field of Application Specific Integrated Circuits (ASIC), not only overcomes the defects of the custom circuit, but also overcomes the defect that the number of gate circuits of the original programmable device is limited.
DNA
Each FPGA has a unique ID, i.e., Device DNA, which is equivalent to our ID card, written to the eFuse registers of the chip at the time of production of the FPGA chip, with non-modifiable properties because of the fusing technique used.
AES128
The Advanced Encryption Standard is an effective data Encryption algorithm, and can be subdivided due to the difference of key length, wherein the key length is 128 bits, and is called AES 128.
MCU
A Micro Control Unit (MCU), also called a Single Chip Microcomputer (Single Chip Microcomputer) or a Single Chip Microcomputer (MCU), is a Chip-level computer formed by appropriately reducing the frequency and specification of a Central Processing Unit (CPU) and integrating peripheral interfaces such as a memory, a counter (Timer), a USB, an a/D converter, a UART, a PLC, a DMA, etc., and even an LCD driving circuit on a Single Chip, and performing different combination control for different applications. Such as mobile phones, PC peripherals, remote controls, to automotive electronics, industrial stepper motors, robotic arm controls, etc., see the silhouette of the MCU.
The above description is only a preferred embodiment of the present invention, and all equivalent changes and modifications made in accordance with the claims of the present invention should be covered by the present invention.
Claims (6)
1. An FPGA program volume production batch encryption method is characterized by comprising the following steps:
step S1, an encryption program is run at the user terminal, and 2 AES128 encryption keys are agreed in advance, namely A and B;
step S2, adding an encryption function module in the codes of the FPGA chip, reading the unique identification DNA code of the FPGA chip and sending the unique identification DNA code into the encryption function module;
step S3, after the user terminal is connected with the device where the FPGA chip is located, reading the encryption result, and decrypting the encryption result by using the AES128 encryption key A to obtain the unique identification DNA code of the FPGA chip;
s4, after the unique identification DNA code of the FPGA chip is obtained, encrypting the unique identification DNA code of the FPGA chip by using an AES128 encryption key B;
step S5, thereby realizing the encryption of the equipment, and when the encrypted equipment works normally, the starting key in the equipment initialization parameter is sent into the FPGA chip;
step S6, adding a decryption function in the codes of the FPGA chip, decrypting through AES128 encryption keys A and B,
and comparing the FPGA chip with the DNA code of the FPGA chip, and judging the comparison result, thereby ensuring the safety of the FPGA chip program and realizing the batch encryption of the FPGA chip program.
2. The FPGA program volume production batch encryption method according to claim 1, characterized in that: and running an encryption program at the user terminal, wherein the same key is used in the encryption program, and the key content is fixedly agreed with two AES128 encryption keys, namely A and B.
3. The FPGA program volume production batch encryption method according to claim 1, characterized in that: the step S2 further includes: an encryption function module is added in the codes of the FPGA chip, the unique identification DNA code of the FPGA chip can be read, the unique identification DNA code of the FPGA chip is encrypted by an AES128 encryption key A, and the encryption result is stored and waits to be read by a user terminal.
4. The FPGA program volume production batch encryption method according to claim 1, characterized in that: the step S3 further includes: the encryption function module is connected with the user terminal, reads the encrypted result from the user terminal, decrypts the encrypted result by using the AES128 encryption key A which is stipulated in advance, and the decrypted result is the unique identification DNA code of the FPGA chip, so that the communication interface can be prevented from being monitored.
5. The FPGA program volume production batch encryption method according to claim 1, characterized in that: the step S4 further includes: and after the encryption program obtains the unique identification DNA code of the FPGA chip, encrypting the unique identification DNA code of the FPGA chip by using an AES128 encryption key B, taking the encryption result as an equipment starting key, and storing the encryption result in the initialization parameter for starting the equipment as the starting code of the equipment.
6. The FPGA program volume production batch encryption method according to claim 1, characterized in that: the step S6 further includes: adding a decryption function in the codes of the FPGA chip, decrypting the starting key in the initialization parameters of the equipment by using AES128 encryption keys A and B, comparing the starting key with the unique identification DNA code of the FPGA chip, starting the equipment to execute when the comparison is consistent, and stopping the equipment when the comparison is inconsistent.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110948442.9A CN113656845B (en) | 2021-08-18 | 2021-08-18 | FPGA program mass production batch encryption method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110948442.9A CN113656845B (en) | 2021-08-18 | 2021-08-18 | FPGA program mass production batch encryption method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113656845A true CN113656845A (en) | 2021-11-16 |
| CN113656845B CN113656845B (en) | 2024-04-12 |
Family
ID=78480914
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110948442.9A Active CN113656845B (en) | 2021-08-18 | 2021-08-18 | FPGA program mass production batch encryption method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113656845B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117349904A (en) * | 2023-12-04 | 2024-01-05 | 上海几何伙伴智能驾驶有限公司 | Method for realizing software encryption processing based on FPGA |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106100838A (en) * | 2016-08-16 | 2016-11-09 | 成都市和平科技有限责任公司 | A kind of Big Dipper data encryption system based on FPGA and method |
| CN107276756A (en) * | 2017-07-27 | 2017-10-20 | 深圳市金立通信设备有限公司 | A kind of method and server for obtaining root key |
| CN107491317A (en) * | 2017-10-10 | 2017-12-19 | 郑州云海信息技术有限公司 | A kind of symmetrical encryption and decryption method and systems of AES for accelerating platform based on isomery |
| KR101991775B1 (en) * | 2018-12-18 | 2019-06-21 | (주)엘에스시스텍 | Method for data encryption and decryption based on fpga |
| CN111475815A (en) * | 2020-04-08 | 2020-07-31 | 上海汉枫电子科技有限公司 | Code protection method for chip |
-
2021
- 2021-08-18 CN CN202110948442.9A patent/CN113656845B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106100838A (en) * | 2016-08-16 | 2016-11-09 | 成都市和平科技有限责任公司 | A kind of Big Dipper data encryption system based on FPGA and method |
| CN107276756A (en) * | 2017-07-27 | 2017-10-20 | 深圳市金立通信设备有限公司 | A kind of method and server for obtaining root key |
| CN107491317A (en) * | 2017-10-10 | 2017-12-19 | 郑州云海信息技术有限公司 | A kind of symmetrical encryption and decryption method and systems of AES for accelerating platform based on isomery |
| KR101991775B1 (en) * | 2018-12-18 | 2019-06-21 | (주)엘에스시스텍 | Method for data encryption and decryption based on fpga |
| CN111475815A (en) * | 2020-04-08 | 2020-07-31 | 上海汉枫电子科技有限公司 | Code protection method for chip |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117349904A (en) * | 2023-12-04 | 2024-01-05 | 上海几何伙伴智能驾驶有限公司 | Method for realizing software encryption processing based on FPGA |
| CN117349904B (en) * | 2023-12-04 | 2024-02-09 | 上海几何伙伴智能驾驶有限公司 | Method for realizing software encryption processing based on FPGA |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113656845B (en) | 2024-04-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US5949881A (en) | Apparatus and method for cryptographic companion imprinting | |
| CN101770386B (en) | Safe startup method for Linux embedded system | |
| CN100446018C (en) | Secure information storage method and information security apparatus thereof | |
| CN100390760C (en) | Semiconductor device and electronic apparatus | |
| US9680643B2 (en) | System and method for the secure transmission of data | |
| US20140282935A1 (en) | Techniques for securing use of one-time passwords | |
| US5940506A (en) | Method of using a hand-held device to protect information stored in a computer system | |
| WO2007067221A2 (en) | Methods and apparatus for the secure handling of data in a microcontroller | |
| CN102647278B (en) | Apparatus and method for authenticating flash program | |
| CN103378971B (en) | A kind of data encryption system and method | |
| TWI662474B (en) | Method and apparatus for performing firmware programming on microcontroller chip, and associated microcontroller chip | |
| CN101685425A (en) | Mobile storage device and method of encrypting same | |
| CN108718233B (en) | Encryption method, computer equipment and storage medium | |
| CN110825401A (en) | Method and device for setting input document by authentication firmware | |
| KR101635700B1 (en) | Programmable logic controller | |
| CN108155986A (en) | A kind of key programming system and method based on credible performing environment | |
| CN113656845A (en) | FPGA program volume production batch encryption method | |
| CN111901117A (en) | Safety authentication method and system based on JTAG interface | |
| CN105064805A (en) | Intelligent door lock control system | |
| US20150334095A1 (en) | System and method for securing data exchanges, portable user object and remote device for downloading data | |
| CN109075974B (en) | Binding authentication method of fingerprint algorithm library and fingerprint sensor and fingerprint identification system | |
| CN112468294A (en) | Access method and authentication equipment for vehicle-mounted TBOX | |
| KR20170105393A (en) | Method and system for authentication of a storage device | |
| US20050044408A1 (en) | Low pin count docking architecture for a trusted platform | |
| CN112291058A (en) | Communication method of management system and management system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |