CN113656845B - FPGA program mass production batch encryption method - Google Patents
FPGA program mass production batch encryption method Download PDFInfo
- Publication number
- CN113656845B CN113656845B CN202110948442.9A CN202110948442A CN113656845B CN 113656845 B CN113656845 B CN 113656845B CN 202110948442 A CN202110948442 A CN 202110948442A CN 113656845 B CN113656845 B CN 113656845B
- Authority
- CN
- China
- Prior art keywords
- encryption
- fpga chip
- unique identification
- fpga
- aes128
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 42
- 238000004519 manufacturing process Methods 0.000 title claims abstract description 17
- 230000006870 function Effects 0.000 description 17
- 238000004891 communication Methods 0.000 description 6
- 230000007547 defect Effects 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 238000010561 standard procedure Methods 0.000 description 2
- 238000010923 batch production Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- FFBHFFJDDLITSX-UHFFFAOYSA-N benzyl N-[2-hydroxy-4-(3-oxomorpholin-4-yl)phenyl]carbamate Chemical compound OC1=C(NC(=O)OCC2=CC=CC=C2)C=CC(=C1)N1CCOCC1=O FFBHFFJDDLITSX-UHFFFAOYSA-N 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/76—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in application-specific integrated circuits [ASIC] or field-programmable devices, e.g. field-programmable gate arrays [FPGA] or programmable logic devices [PLD]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Mathematical Physics (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a batch encryption method for FPGA program mass production, which comprises the following steps: step S1, running an encryption program on a user terminal, and agreeing 2 AES128 encryption keys in advance to be A and B; s2, adding an encryption function module into codes of the FPGA chip, reading a unique identification DNA code of the FPGA chip and sending the unique identification DNA code to the encryption function module; s3, reading an encryption result, and decrypting by using an AES128 encryption key A to obtain a unique identification DNA code of the FPGA chip; s4, after the unique identification DNA code of the FPGA chip is obtained, encrypting the unique identification DNA code of the FPGA chip by using an AES128 encryption key B; s5, encrypting the equipment, and sending a starting key in the equipment initialization parameter into the FPGA chip when the encrypted equipment works normally; and S6, decrypting through the AES128 encryption keys A and B, comparing with the DNA codes of the FPGA chip, and judging the comparison result, thereby ensuring the safety of the FPGA chip program and realizing the batch encryption of the FPGA chip program.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a mass production batch encryption method for FPGA programs.
Background
The FPGA is a field programmable logic device, is widely used for communication, medical treatment, industrial control and the like, and has an irreplaceable function in the field. However, the program of the FPGA is usually stored in a general-purpose memory chip outside the chip, so that the program is very easy to read and copy, and thus a huge loss is caused to enterprises. In order to solve the problem, the FPGA chip manufacturer provides a set of encryption method to encrypt the program, but the method needs to generate the program file encrypted by different keys for each device separately, which is very unfavorable for mass production of enterprises.
Disclosure of Invention
In view of the above, the present invention aims to provide an FPGA program mass production batch encryption method capable of generating an encrypted FPGA program.
The invention is realized by the following steps: an FPGA program mass production batch encryption method, the method comprising the steps of:
step S1, running an encryption program on a user terminal, and agreeing 2 AES128 encryption keys in advance to be A and B;
s2, adding an encryption function module into codes of the FPGA chip, reading a unique identification DNA code of the FPGA chip and sending the unique identification DNA code to the encryption function module;
s3, after the user terminal is connected with equipment where the FPGA chip is located, reading an encryption result, and decrypting by using an AES128 encryption key A to obtain a unique identification DNA code of the FPGA chip;
s4, after the unique identification DNA code of the FPGA chip is obtained, encrypting the unique identification DNA code of the FPGA chip by using an AES128 encryption key B;
s5, encrypting the equipment, and sending a starting key in the equipment initialization parameter into the FPGA chip when the encrypted equipment works normally;
and S6, adding a decryption function into codes of the FPGA chip, decrypting through AES128 encryption keys A and B, comparing with DNA codes of the FPGA chip, and judging a comparison result, thereby ensuring the safety of the FPGA chip program and realizing batch encryption of the FPGA chip program.
Further, an encryption program is run at the user terminal, the same key is used in the encryption program, and the content of the key is fixedly agreed with two AES128 encryption keys, namely a and B.
Further, the step S2 is further specifically: an encryption function module is added in codes of the FPGA chip, so that the unique identification DNA codes of the FPGA chip can be read, the unique identification DNA codes of the FPGA chip are encrypted by an AES128 encryption key A, and an encryption result is stored and is waited to be read by a user terminal.
Further, the step S3 is further specifically: the encryption function module is connected with the user terminal, reads the encrypted result from the user terminal, decrypts the encrypted result by using the AES128 encryption key A agreed in advance, and the decrypted result is the unique identification DNA code of the FPGA chip, so that the communication interface can be prevented from being monitored.
Further, the step S4 is further specifically: after the encryption program obtains the unique identification DNA code of the FPGA chip, the unique identification DNA code of the FPGA chip is encrypted by an AES128 encryption key B, the encryption result is used as a device starting key, and the encryption result is stored in an initialization parameter of device starting to be used as a device starting code.
Further, the step S6 is further specifically: and adding a decryption function into the code of the FPGA chip, decrypting the starting key in the initialization parameter of the equipment by using the AES128 encryption keys A and B, comparing with the unique identification DNA code of the FPGA chip, wherein the comparison is consistent, the equipment starts to execute, the comparison is inconsistent, and the equipment stops executing.
The invention has the beneficial effects that: the invention can automatically generate the encryption FPGA program and meet the requirement of batch production; in the equipment using the FPGA chip device, the program can be safely protected from being copied and cracked, and meanwhile, the batch encryption can be realized in the production process, so that the production cost is reduced.
Drawings
FIG. 1 is a schematic flow chart of the method of the present invention.
Fig. 2 is a schematic flow chart for producing encryption.
Fig. 3 is a schematic diagram of a device usage process.
Detailed Description
The invention is further described below with reference to the accompanying drawings.
Referring to fig. 1, the present invention provides an embodiment: an FPGA program mass production batch encryption method, the method comprising the steps of:
step S1, running an encryption program on a user terminal, and agreeing 2 AES128 encryption keys in advance to be A and B;
s2, adding an encryption function module into codes of the FPGA chip, reading a unique identification DNA code of the FPGA chip and sending the unique identification DNA code to the encryption function module;
s3, after the user terminal is connected with equipment where the FPGA chip is located, reading an encryption result, and decrypting by using an AES128 encryption key A to obtain a unique identification DNA code of the FPGA chip;
s4, after the unique identification DNA code of the FPGA chip is obtained, encrypting the unique identification DNA code of the FPGA chip by using an AES128 encryption key B;
s5, encrypting the equipment, and sending a starting key in the equipment initialization parameter into the FPGA chip when the encrypted equipment works normally;
and S6, adding a decryption function into codes of the FPGA chip, decrypting through AES128 encryption keys A and B, comparing with DNA codes of the FPGA chip, and judging a comparison result, thereby ensuring the safety of the FPGA chip program and realizing batch encryption of the FPGA chip program.
The invention is further illustrated by the following examples:
the implementation method comprises the following steps:
a tool capable of running an encryption program, a user terminal can be a PC or a singlechip, and the like, and an encryption program, hereinafter referred to as an encryption tool, is run. It is necessary to pre-approximate 2 AES128 encryption keys a and B. The encryption tool and the two AES128 keys a and B on the encrypted device use the same key at the beginning of encryption and the key is fixed in content and not modifiable.
The encryption algorithm in the encryption keys A and B of the AES128 in the invention is the standard AES128, but the encryption keys are all gates, but the keys of each gate are different. Encryption can be seen as locking the door, and decryption can be seen as unlocking the door. The encryption and decryption are carried out by opening a specific door by the same key, and different keys are used for different doors.
An encryption function module is added in the code of the FPGA, the unique identification DNA code of the FPGA chip can be read, the code is subjected to AES128 encryption by an AES128 key A, and an encryption result is stored and is waited to be read by an encryption tool. The reading function is the working content of the program code, which is a standard flow code, and the process is not explained, so long as the function of the code is known to read the DNA identification code of the FPGA chip.
After the encryption tool is connected with the equipment where the FPGA chip is located, the encryption result is read, and decryption is carried out by using an AES128 encryption key A agreed in advance, so that a DNA code is obtained. This step is mainly for the communication interface to be monitored, and the plaintext transfer data is easy to be broken.
After obtaining this DNA code, the encryption tool encrypts the DNA code with another AES128 encryption key B agreed in advance, and the encryption result is used as a device-boot key and stored in the device-boot initialization parameter.
The encryption process is completed by the device.
And sending the starting key in the equipment initialization parameter to the FPGA when the encrypted equipment is started in normal operation.
A decryption function module is added in the codes of the FPGA, the AES128 encryption key B is used for decrypting the starting key in the equipment initialization parameter, the starting key is compared with the DNA codes of the equipment, the comparison is consistent, the function program starts to execute, and otherwise, the execution of the function program is stopped. The initialization parameters are all the operating parameters of each device, since the present patent does not address a specific device, the operating parameters of each device are different from type to content, but the encryption/decryption related parameters are only a part of the operating parameters.
The AES128 encryption algorithm is a standard procedure, and the decryption procedure is also the AES128 standard procedure, which is not described in detail herein.
The device to be encrypted is a non-specific device, and any device using an FPGA chip is within the description scope of the patent.
Production encryption process
As shown in fig. 2, this is a complete production encryption process, which performs processes 1, 2, 3, 4, 5.
Process 1: the FPGA unique identification DNA code is read and sent to an encryption module.
Process 2: the encryption module performs AES128 encryption by using the previously agreed key a and sends the result to the communication module to be read by the encryption tool.
Process 3: the encryption tool is connected with the encrypted equipment, reads the encrypted result from the encrypted equipment, and decrypts the encrypted result by using a secret key A appointed in advance, wherein the decrypted result is the DNA code of the encrypted equipment.
Process 4: the encryption tool again performs AES128 encryption using the previously agreed key B and returns the result to the encrypted device as the device's boot code.
Process 5: the encrypted device writes the device start code into the device start parameter table and saves the device start code.
The encryption process ends and the encryption tool is disconnected.
As shown in fig. 3, this is a process in which the device is started up normally, and processes 6, 7, 8, 9 are performed.
Process 6: and starting the equipment, and writing the starting parameters into the FPGA by the MCU, wherein the starting parameters comprise a starting code.
Process 7: the FPGA decryption code module decrypts the starting code by using a secret key B agreed in advance, and the decryption result is sent to the comparison module.
Process 8: the comparison module obtains the unique DNA code of the FPGA from the DNA reading module and compares the results sent by the decryption module.
Process 9: and (5) the comparison is consistent, and the function code module of the FPGA is started. The decryption start of the device is completed.
In the device, the communication interfaces of process 3 and process 6 are the communication interfaces that are most easily listened to, so the encryption process is decrypted using AES128 encryption.
FPGA in the invention
FPGA (Field Programmable Gate Array) is a product of further development on the basis of programmable devices such as PAL, GAL, etc. The programmable device is used as a semi-custom circuit in the field of Application Specific Integrated Circuits (ASICs), which not only solves the defect of custom circuits, but also overcomes the defect of limited gate circuits of the original programmable device.
DNA
Each FPGA has a unique ID, i.e. Device DNA, which corresponds to our identification card, which is written into the eFuse registers of the chip already at the time of production of the FPGA chip, with non-modifiable properties, because of the use of blow-down technology.
AES128
Advanced Encryption Standard is an efficient data encryption algorithm, which can be subdivided by the difference in key length, which is 128 bits, called AES128.
MCU
The micro control unit (Microcontroller Unit; MCU), also called as single chip microcomputer (Single Chip Microcomputer) or single chip microcomputer, properly reduces the frequency and specification of the CPU (Central Process Unit; CPU), and integrates peripheral interfaces such as memory (Timer), USB, A/D conversion, UART, PLC, DMA and the like, and even LCD driving circuits on a single chip to form a chip-level computer for different application occasions to perform different combination control. Such as mobile phones, PC peripherals, remote controllers, to automotive electronics, industrial stepper motors, robotic arm control, etc., can see the shadow of the MCU.
The foregoing description is only of the preferred embodiments of the invention, and all changes and modifications that come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein.
Claims (4)
1. The FPGA program mass production batch encryption method is characterized by comprising the following steps of:
step S1, running an encryption program on a user terminal, and agreeing 2 AES128 encryption keys in advance to be A and B;
s2, adding an encryption function module into codes of the FPGA chip, reading a unique identification DNA code of the FPGA chip and sending the unique identification DNA code to the encryption function module;
s3, after the user terminal is connected with equipment where the FPGA chip is located, reading an encryption result, and decrypting by using an AES128 encryption key A to obtain a unique identification DNA code of the FPGA chip;
s4, after the unique identification DNA code of the FPGA chip is obtained, encrypting the unique identification DNA code of the FPGA chip by using an AES128 encryption key B;
s5, encrypting the equipment, and sending a starting key in the equipment initialization parameter into the FPGA chip when the encrypted equipment works normally;
s6, adding a decryption function into codes of the FPGA chip, decrypting through AES128 encryption keys A and B, comparing with a unique identification DNA code of the FPGA chip, judging a comparison result, and completing batch encryption of programs of the FPGA chip;
the step S4 is further specifically: after the encryption program obtains the unique identification DNA code of the FPGA chip, the unique identification DNA code of the FPGA chip is encrypted by an AES128 encryption key B, the encryption result is used as a device starting key, and the encryption result is stored in an initialization parameter of device starting and is used as a device starting key;
the step S6 is further specifically: and adding a decryption function into the code of the FPGA chip, decrypting the starting key in the initialization parameter of the equipment by using the AES128 encryption keys A and B, comparing with the unique identification DNA code of the FPGA chip, wherein the comparison is consistent, the equipment starts to execute, the comparison is inconsistent, and the equipment stops executing.
2. The method for mass production and batch encryption of the FPGA program according to claim 1, wherein the method comprises the following steps: an encryption program is run at the user terminal, the same key is used in the encryption program, and the content of the key is fixedly agreed with two AES128 encryption keys, namely A and B.
3. The method for mass production and batch encryption of the FPGA program according to claim 1, wherein the method comprises the following steps: the step S2 is further specifically: an encryption function module is added in codes of the FPGA chip, so that the unique identification DNA codes of the FPGA chip can be read, the unique identification DNA codes of the FPGA chip are encrypted by an AES128 encryption key A, and an encryption result is stored and is waited to be read by a user terminal.
4. The method for mass production and batch encryption of the FPGA program according to claim 1, wherein the method comprises the following steps: the step S3 is further specifically: the encryption function module is connected with the user terminal, reads the encrypted result from the user terminal, decrypts the encrypted result by using the AES128 encryption key A appointed in advance, and the decrypted result is the unique identification DNA code of the FPGA chip.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110948442.9A CN113656845B (en) | 2021-08-18 | 2021-08-18 | FPGA program mass production batch encryption method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110948442.9A CN113656845B (en) | 2021-08-18 | 2021-08-18 | FPGA program mass production batch encryption method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113656845A CN113656845A (en) | 2021-11-16 |
| CN113656845B true CN113656845B (en) | 2024-04-12 |
Family
ID=78480914
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110948442.9A Active CN113656845B (en) | 2021-08-18 | 2021-08-18 | FPGA program mass production batch encryption method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113656845B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117349904B (en) * | 2023-12-04 | 2024-02-09 | 上海几何伙伴智能驾驶有限公司 | Method for realizing software encryption processing based on FPGA |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106100838A (en) * | 2016-08-16 | 2016-11-09 | 成都市和平科技有限责任公司 | A kind of Big Dipper data encryption system based on FPGA and method |
| CN107276756A (en) * | 2017-07-27 | 2017-10-20 | 深圳市金立通信设备有限公司 | A kind of method and server for obtaining root key |
| CN107491317A (en) * | 2017-10-10 | 2017-12-19 | 郑州云海信息技术有限公司 | A kind of symmetrical encryption and decryption method and systems of AES for accelerating platform based on isomery |
| KR101991775B1 (en) * | 2018-12-18 | 2019-06-21 | (주)엘에스시스텍 | Method for data encryption and decryption based on fpga |
| CN111475815A (en) * | 2020-04-08 | 2020-07-31 | 上海汉枫电子科技有限公司 | Code protection method for chip |
-
2021
- 2021-08-18 CN CN202110948442.9A patent/CN113656845B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106100838A (en) * | 2016-08-16 | 2016-11-09 | 成都市和平科技有限责任公司 | A kind of Big Dipper data encryption system based on FPGA and method |
| CN107276756A (en) * | 2017-07-27 | 2017-10-20 | 深圳市金立通信设备有限公司 | A kind of method and server for obtaining root key |
| CN107491317A (en) * | 2017-10-10 | 2017-12-19 | 郑州云海信息技术有限公司 | A kind of symmetrical encryption and decryption method and systems of AES for accelerating platform based on isomery |
| KR101991775B1 (en) * | 2018-12-18 | 2019-06-21 | (주)엘에스시스텍 | Method for data encryption and decryption based on fpga |
| CN111475815A (en) * | 2020-04-08 | 2020-07-31 | 上海汉枫电子科技有限公司 | Code protection method for chip |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113656845A (en) | 2021-11-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100390760C (en) | Semiconductor device and electronic apparatus | |
| TWI405123B (en) | On-die cryptographic apparatus in a secure microprocessor | |
| CN101770386B (en) | Safe startup method for Linux embedded system | |
| US20110200189A1 (en) | Encoder and decoder apparatus and methods with key generation | |
| CN114218592A (en) | Sensitive data encryption and decryption method and device, computer equipment and storage medium | |
| CN102693190B (en) | Certification ferroelectric RAM (F-RAM) apparatus and method | |
| US5940506A (en) | Method of using a hand-held device to protect information stored in a computer system | |
| CN101494645B (en) | Apparatus and method for authenticating a flash program | |
| TWI662474B (en) | Method and apparatus for performing firmware programming on microcontroller chip, and associated microcontroller chip | |
| CN102799803A (en) | Secure removable media and method for managing the same | |
| CN113656845B (en) | FPGA program mass production batch encryption method | |
| CN101685425A (en) | Mobile storage device and method of encrypting same | |
| CN110825401A (en) | Method and device for setting input document by authentication firmware | |
| CN108155986A (en) | A kind of key programming system and method based on credible performing environment | |
| CN111901117A (en) | Safety authentication method and system based on JTAG interface | |
| CN114793159A (en) | Random encryption method applied to automobile ECU controller | |
| CN1588328A (en) | Data encrypting/de-encrypling method and its device | |
| JP2007072957A (en) | Read/write device and debugging system | |
| CN107070658B (en) | Improved method of system encryption authentication mechanism | |
| CN202694351U (en) | Programmer | |
| KR20170105393A (en) | Method and system for authentication of a storage device | |
| CN115718717A (en) | Bus system | |
| US20050044408A1 (en) | Low pin count docking architecture for a trusted platform | |
| CN201408507Y (en) | Encryption device for embedded-type equipment | |
| US7661011B2 (en) | Method and apparatus for a variable processing period in an integrated circuit |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |