WO2018233583A1 - Dispositif terminal et procédé de traitement de données - Google Patents

Dispositif terminal et procédé de traitement de données Download PDF

Info

Publication number
WO2018233583A1
WO2018233583A1 PCT/CN2018/091749 CN2018091749W WO2018233583A1 WO 2018233583 A1 WO2018233583 A1 WO 2018233583A1 CN 2018091749 W CN2018091749 W CN 2018091749W WO 2018233583 A1 WO2018233583 A1 WO 2018233583A1
Authority
WO
WIPO (PCT)
Prior art keywords
data block
count value
value
processor
mac
Prior art date
Application number
PCT/CN2018/091749
Other languages
English (en)
Chinese (zh)
Inventor
潘时林
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2018233583A1 publication Critical patent/WO2018233583A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3242Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/77Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in smart cards
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/72Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
    • H04M1/724User interfaces specially adapted for cordless or mobile telephones
    • H04M1/72403User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/72Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
    • H04M1/725Cordless telephones

Definitions

  • the present application relates to the field of computer technologies, and in particular, to a terminal device and a data processing method.
  • the SE chip is connected to a dedicated Secure Flash via a custom interface.
  • the dedicated Secure Flash is added to the terminal device, the cost of the terminal device is inevitably increased, and the layout complexity of the terminal device is high.
  • the application when the counter is an OTP, the application has data anti-return capability while maintaining the existing chip architecture. Add dedicated Secure Flash to the prior art.
  • the terminal device provided by the present application can reduce cost and layout complexity.
  • the counter is an NVM or other counter in the SE chip, it is equivalent to adding a small-capacity (for counting only) counter to the existing SE chip, and therefore, dedicated Secure Flash is added with respect to the prior art.
  • the terminal device provided by the present application can reduce cost and layout complexity.
  • the terminal device further includes: a transmitter, where the processor is configured to: when the first value of the target data block and the second value of the target data block are the same, determine that the target data block does not fall back; when the target data When the first value of the block is different from the second value of the target data block, the second count value is updated to obtain a third count value, and the third count value and the first MAC corresponding to the target data block are used to calculate the target data block.
  • the processor is configured to: when the first value of the target data block and the second value of the target data block are the same, determine that the target data block does not fall back; when the target data When the first value of the block is different from the second value of the target data block, the second count value is updated to obtain a third count value, and the third count value and the first MAC corresponding to the target data block are used to calculate the target data block.
  • the first algorithm having the same first value calculates the third value of the target data block; when the first value of the target data block is different from the third value of the target data block, determining that the target data block is rolled back, and triggering the transmitter to send the prompt Message, the prompt message is used to prompt the target data block to roll back.
  • the processor is further configured to: when the first value of the target data block and the third value of the target data block are the same, determine that the security chip is powered down.
  • the processor is specifically configured to: obtain a first count value according to the first value of the target data block and the first MAC corresponding to the target data block; determine whether the target data block occurs according to the first count value and the second count value. go back.
  • the terminal device further includes: a transmitter, where the processor is configured to: when the first count value and the second count value are the same, determine that the target data block does not roll back; when the first count value and the second count value When the difference is different, the second count value is updated to obtain a third count value; when the first count value and the third count value are not the same, it is determined that the target data block is rolled back, and the transmitter is triggered to send a prompt message, and the prompt message is used for Prompt that the target data block has rolled back.
  • a transmitter where the processor is configured to: when the first count value and the second count value are the same, determine that the target data block does not roll back; when the first count value and the second count value When the difference is different, the second count value is updated to obtain a third count value; when the first count value and the third count value are not the same, it is determined that the target data block is rolled back, and the transmitter is triggered to send a prompt message, and the prompt message is used for Prompt that the target
  • the processor is further configured to: when the first count value and the third count value are the same, determine that the security chip is powered off.
  • the terminal device can determine whether the security chip is powered off according to the first count value and the third count value, thereby improving the reliability of the terminal device.
  • the first memory adopts the secondary storage mode
  • the terminal device updates the third data block
  • the first value of each first data block corresponding to the second data block needs to be updated to a new one. a value and updating the second data block based on the new first value. Thereby improving the accuracy of the data in the terminal device.
  • the processor is further configured to: read the first value of the fourth data block to the second memory, where the fourth data block is any first data of the new first data block corresponding to the second data block And determining, according to the first value of the fourth data block and the first count value, a first MAC corresponding to the fourth data block, and storing the first MAC corresponding to the fourth data block to the second memory.
  • the first MAC of the fourth data block can be effectively obtained by this method.
  • the processor is further configured to: when the security chip is powered off, read the fifth value of each first data block corresponding to the fifth data block after the security chip is powered on, where the fifth data block For the actual data block corresponding to the new second data block, the fifth value is the actual value corresponding to the new first value; the fifth value corresponding to the first data block corresponding to the fifth data block corresponds to the fifth data block.
  • the fourth count value of each first data block starting from the sixth data block is updated once to obtain a new first count value, wherein
  • the sixth data block is a first data block corresponding to the fifth data block, and satisfies a condition: a fourth count value of each first data block starting from the sixth data block and each first before the sixth data block
  • the fourth count value of the data block is different; a first count value and a first MAC corresponding to each first data block starting from the sixth data block, and calculating a new one of each first data block starting from the sixth data block by using the same algorithm as calculating the first value a first value, and updating a fourth value of each first data block starting from the sixth data block to a new first value; updating
  • the security chip When the security chip is powered off, after the security chip is powered on, the accuracy of the data can be ensured by the method, thereby improving the reliability of the terminal device.
  • the present application provides a processor that is the processor of the first aspect or the alternative of the first aspect.
  • the corresponding content and effects will not be described here.
  • the present application provides a chip comprising the counter of the first aspect or the alternative of the first aspect and the processor of the first aspect or the alternative of the first aspect.
  • a chip comprising the counter of the first aspect or the alternative of the first aspect and the processor of the first aspect or the alternative of the first aspect.
  • the present application provides a data processing method, where the method is applied to a processor, the processor is included in a security chip, the security chip further includes: a second memory and a counter; the security chip is coupled to the first memory; the first memory For storing the M first data blocks, where each first data block is obtained by encrypting a plaintext data block and a first message authentication code MAC corresponding to the plaintext data block, where M is greater than or equal to 1.
  • the integer is used to count the number of updates of the M first data blocks to obtain a count value, and the counter value cannot be rolled back; the method includes:
  • the block is stored in the first memory; determining, according to the second data block and the second count value of the counter, whether the target data block is backed off; wherein the target data block is any one of the M first data blocks; the second count value is The processor determines whether the target data block is backed up, and the count value corresponding to the M first data blocks.
  • the application provides a terminal device, including: a security chip and a first memory coupled to the security chip, wherein the security chip includes: a processor, a second memory, and a non-volatile memory NVM; Counting the number of times of updating the encrypted data block to obtain a count value, and the count value of the NVM is not retractable; the processor is configured to: obtain the first corresponding to the plaintext data block by using the message authentication code MAC of the plaintext data block and the first count value of the NVM a value; the first count value is a count value corresponding to the plaintext data block when the processor calculates the first value; encrypting the first value and the plaintext data block to obtain an encrypted data block, and storing the encrypted data block in the first memory; The processor is further configured to determine, according to the encrypted data block and the second count value of the NVM, whether the encrypted data block is rolled back; wherein the second count value corresponds to the encrypted data block; and the second count value is the processor determines the encrypted data
  • the terminal device provided by the present application can reduce cost and layout complexity.
  • the processor is specifically configured to: calculate, by using the same algorithm as calculating the first value, a second value of the plaintext data block for the second count value and the MAC of the plaintext data block; and determining the plaintext according to the first value and the second value Whether the data block has rolled back.
  • the processor is further configured to: when the first value and the third value are the same, determine that the security chip is powered off.
  • the terminal device can determine whether the security chip is powered off according to the first value and the third value of the target data block, thereby improving the reliability of the terminal device.
  • the processor is specifically configured to: decrypt the first value, obtain a first count value of the MAC and NVM of the plaintext data block; and determine, according to the first count value and the second count value, whether the plaintext data block is rolled back.
  • the method further includes: a transmitter, and correspondingly, the processor is configured to: when the first count value and the second count value are the same, determine that the plaintext data block does not roll back; when the first count value and the second count When the values are different, the second count value is obtained by the third time; when the first count value and the third count value are different, it is determined that the plaintext data block is rolled back, and the sender is triggered to send the prompt message, and the prompt message is sent. Used to prompt the plaintext data block to roll back.
  • the processor is further configured to: when the first count value and the third count value are the same, determine that the security chip is powered off.
  • the terminal device can determine whether the security chip is powered off according to the first count value and the third count value, thereby improving the reliability of the terminal device.
  • the present application provides a processor, which is the processor in the fifth aspect or the optional aspect of the fifth aspect.
  • the corresponding content and effects will not be described here.
  • the present application provides a chip, comprising the non-volatile memory NVM in the fifth aspect or the alternative aspect of the fifth aspect, and the processor in the fifth aspect or the alternative aspect of the fifth aspect.
  • a chip comprising the non-volatile memory NVM in the fifth aspect or the alternative aspect of the fifth aspect, and the processor in the fifth aspect or the alternative aspect of the fifth aspect.
  • the present application provides a data processing method, where the method is applied to a processor, where the processor is included in a security chip, the security chip further includes: a second memory and a non-volatile memory NVM; and the security chip is coupled to the first memory NVM is used to count the number of updates of the encrypted data block to obtain a count value, and the count value of the NVM cannot be rolled back; the method includes:
  • the first value corresponding to the plaintext data block is obtained; the first count value is a count value corresponding to the plaintext data block when the processor calculates the first value; Encrypting a block of values and a plaintext block to obtain an encrypted block of data, and storing the block of encrypted data in the first memory; determining whether the block of the encrypted block is rolled back according to the second count value of the encrypted block and the NVM; wherein, the second count The value corresponds to the encrypted data block; the second count value is a count value corresponding to the encrypted data block when the processor determines whether the encrypted data block is rolled back.
  • the terminal device in the foregoing fifth aspect or the optional mode in the fifth aspect may be used to execute the data processing method, and the corresponding content and effect are the same, and details are not described herein again.
  • the present application provides a computer storage medium for storing computer software instructions for use in the terminal device, including a program for performing the fourth aspect described above.
  • the embodiment of the present application provides a computer storage medium for storing computer software instructions used by the terminal device, which includes a program designed to execute the foregoing eighth aspect.
  • the present application provides a computer program product comprising instructions which, when executed by a computer, cause the computer to perform the functions performed by the terminal device in the eighth aspect and the optional method described above.
  • the application provides a terminal device and a data processing method.
  • the first memory is configured to store M first data blocks, wherein each first data block is obtained by performing an encryption operation on the plaintext data block and the first MAC corresponding to the plaintext data block.
  • the counter is used to count the number of updates of the M first data blocks to obtain a count value, and the counter value of the counter cannot be rolled back.
  • the counter may be an OTP or a counter such as an NVM in the SE chip.
  • the application has data anti-return capability while maintaining the existing chip architecture. Add dedicated Secure Flash to the prior art.
  • the terminal device provided by the present application can reduce cost and layout complexity.
  • the counter is an NVM or other counter in the SE chip, it is equivalent to adding a small-capacity (for counting only) counter to the existing SE chip, and therefore, dedicated Secure Flash is added with respect to the prior art.
  • the terminal device provided by the present application can reduce cost and layout complexity.
  • FIG. 1 is a schematic structural diagram of a chip of a terminal device provided by the prior art
  • FIG. 2 is a schematic structural diagram of a terminal device according to an embodiment of the present disclosure
  • 3A is a schematic diagram of secondary storage of a first memory according to an embodiment of the present disclosure
  • FIG. 3B is a schematic diagram of secondary storage of a first memory according to another embodiment of the present application.
  • FIG. 5 is a flowchart of a data processing method according to an embodiment of the present application.
  • FIG. 6 is a schematic diagram of a terminal device according to an embodiment of the present disclosure.
  • FIG. 7 is a schematic diagram of a primary storage of a first memory according to an embodiment of the present disclosure.
  • FIG. 8 is a flowchart of a data processing method according to another embodiment of the present application.
  • an SE chip is integrated in an AP SOC of a terminal device to implement a mobile payment and multi-service public platform.
  • the SE chip includes an OTP, a ROM, and a RAM, and the system program, application, and application data are stored in an EMMB of eMMC/UFS (Non-Volatile Memory (NVM)).
  • EMMB Non-Volatile Memory
  • System programs, application and application data need to be read from the RPMB to run in internal RAM when the system is running.
  • the security level of SE is very high. For NVM data requirements, there are mainly the following:
  • the off-chip RPMB is a partition provided by an external UFS/eMMC storage device manufacturer, its anti-return capability is available, but the security level has not been checked and verified; and because of the cost, the off-chip RPMB anti-return capability does not have any eMMC/ UFS storage device manufacturers can actually achieve EAL4+ security protection level or above; therefore, relying on the anti-return of RPMB area can not achieve EAL4+ security protection level.
  • the application provides a terminal device and a data processing method.
  • the present application can be based on the chip architecture shown in FIG. 1 without adding dedicated Secure Flash, and there is no need for eMMC/UFS storage device manufacturers to increase security protection RPMB to meet EAL5+ certification requirements. That is, based on the current chip architecture shown in Figure 1, the SE chip can meet the security requirements and certification of the EAL5+ in the NVM.
  • the implementation principle of the present application is: implementing the data anti-backoff function by using the OTP in the SE chip.
  • the OTP bit is programmed one bit at a time, starting with 0 bits per bit, and can be written as 1 by programming, so the number of bits programmed to 1 will be more and more, and cannot be rolled back.
  • the count value of the OTP can be logically operated with the MAC corresponding to the plaintext data block. If the plaintext data block 1 is rolled back, the processor reads the MAC address corresponding to the back-off plaintext data block (plaintext data block 2) and the count value of the OTP corresponding to the plaintext data block 2 for logical operation. result.
  • the processor when the processor performs a logical operation on the current count value of the OTP and the MAC corresponding to the plaintext data block 2, the logical value of the MAC corresponding to the plaintext data block 2 and the OTP corresponding to the plaintext data block 2 must be logically operated.
  • the results obtained are different. That is, since the result corresponding to the plaintext data block 2 is calculated using the previous OTP count, when the plaintext data block 2 is updated to the plaintext data block 1, the current OTP count value must be increased, based on this.
  • the processor can determine that a data rollback has occurred in plaintext block 1.
  • FIG. 2 is a schematic structural diagram of a terminal device according to an embodiment of the present application.
  • the terminal device includes a security chip 21 and a first memory 22 coupled to the security chip 21, wherein the security chip 21 includes a processor 211, a second memory 212, and a counter 213.
  • the first memory 22 is configured to store M first data blocks, where each first data block is performed by using a plaintext data block and a first message authentication code (MAC) corresponding to the plaintext data block. Obtained by the encryption operation, M is an integer greater than or equal to 1.
  • the counter 213 is configured to count the number of updates of the M first data blocks to obtain a count value, and the count value of the counter 213 cannot be rolled back.
  • the processor 211 is configured to: perform a logical operation by using a first count value of the counter 213 and a first MAC corresponding to each first data block, to obtain M first values that are in one-to-one correspondence with the M first data blocks;
  • the first count value is a count value corresponding to the M first data blocks when the processor 211 performs a logic operation. Encrypting the M first values and the second MAC corresponding to the M first values to obtain a second data block, and storing the second data block in the first memory 22. Determining whether the target data block is backed off according to the second data block and the second count value of the counter 213; wherein the target data block is any one of the M first data blocks; the second count value is the processor 211 determining the target data. The count value corresponding to the M first data blocks when the block is rolled back.
  • the processor calculates the first MAC of the plaintext data block, and may adopt a MAC algorithm such as SHA256-hMAC or AES-CMAC in the prior art.
  • a MAC algorithm such as SHA256-hMAC or AES-CMAC in the prior art.
  • the second MAC that calculates the M first values in the present application may also adopt a MAC algorithm such as SHA256-hMAC or AES-CMAC in the prior art.
  • the M first value can be regarded as a whole and can be understood as a data block, and an existing MAC algorithm can be used for the data block. This application does not limit this.
  • the counter 213 is used to count the number of updates of the M first data blocks to obtain a count value. Therefore, after any one of the M first data blocks is updated, the count values corresponding to the M first data blocks are updated, for example, one of the first data blocks of the M first data blocks is updated. Then the corresponding count value is increased by 1. Therefore, the first count value is a count value corresponding to the M first data blocks when the processor 211 performs a logic operation. The first count value here must be the latest first count value obtained when the most recent logical operation is performed. Suppose there are two first data blocks. They are the first data block 1 and the first data block 2, respectively.
  • updating the first data block involved in the present application means storing a new first data block, and deleting the historical first data block corresponding to the new first data block.
  • the first value read by the processor 211 is actually the first MAC of the first data block B.
  • the first count value corresponding to the first data block B is calculated.
  • the second count value should be the count value obtained after the first count value corresponding to the first data block B is updated once.
  • the processor 211 calculates the second value by the second count value and the first MAC of the first data block B. Since the first value and the second value are not the same, it indicates that the target data block A may fall back. Considering that it is possible that the SE chip is powered down, the first value and the second value are different.
  • the second count value may be the previous first count value. Therefore, even if the target data block A does not fall back, in this case, the first value read by the processor 211 is the first MAC of the target data block A and the first count value corresponding to the target data block A (the The first count value is already the latest first count value) is calculated.
  • the processor 211 calculates the second value by the second count value (previous first count value) and the first MAC of the target data block A. Therefore, in this case, the first value and the second value may also be different, and the reason why the first value and the second value are different is not that the target data block A has been retracted. Instead, the SE chip is powered down.
  • the processor 211 determines whether the target data block is rolled back.
  • the processor 211 is specifically configured to: calculate, by using the same algorithm as the first value of the calculation target data block, a second value corresponding to the first value of the calculation target data block for the second count value and the first MAC corresponding to the target data block; according to the target data block A value and a second value of the target data block determine whether the target data block has rolled back.
  • the terminal device further includes: a transmitter; and correspondingly, the processor 211 is configured to: when the first value of the target data block and the second value of the target data block are the same, determine that the target data block does not fall back; When the first value of the target data block and the second value of the target data block are different, the second count value is updated to obtain a third count value, and the third count value and the first MAC corresponding to the target data block are used and calculated.
  • An algorithm in which the first value of the target data block is the same calculates a third value of the target data block; when the first value of the target data block is different from the third value of the target data block, determining that the target data block is rolled back and triggering the sending
  • the device sends a prompt message, and the prompt message is used to prompt the target data block to roll back.
  • the processor 211 is further configured to: when the first value of the target data block and the third value of the target data block are the same, determine that the security chip is powered off.
  • the addition of the second value also requires the addition algorithm
  • the calculation of the third value also requires the addition algorithm.
  • the calculation of the second value also requires an exclusive OR operation
  • the calculation of the third value also requires an exclusive OR operation.
  • the processor 211 determines whether the target data block has been rolled back, the processor 211 usually acquires the read. Taking the request, the processor 211 reads the target data block according to the read request. Then, the processor 211 determines whether the target data block has rolled back, and the transmitter transmits a read response. When the target data block has not rolled back, the read response is used to indicate that the read was successful. When the target data block is rolled back, the read response is the above-mentioned prompt message, and the prompt message is used to prompt the target data block to roll back.
  • the processor 211 targets the first MAC value corresponding to the target data block. Reading the data block to the second memory, and decrypting the target data block, obtaining a plaintext data block of the target data block and a first MAC of the target data block, and verifying whether the first MAC is correct; When the MAC is correct, the second data block corresponding to the target data block is read to the second memory, and the second data block is decrypted, the second MAC of the second data block is obtained, and the second MAC is verified to be correct; When the second MAC is verified to be correct, the processor 211 calculates the second value of the target data block by using the same algorithm as the first value of the calculation target data block for the second count value and the first MAC corresponding to the target data block.
  • the processor 211 is configured to: obtain a first count value according to the first value of the target data block and the first MAC corresponding to the target data block; and determine the target data according to the first count value and the second count value. Whether the block has rolled back.
  • the terminal device further includes: a transmitter.
  • the processor 211 is specifically configured to: when the first count value and the second count value are the same, determine that the target data block does not fall back; when the first count value and the second count value are not the same, update the second count value to obtain The third count value; when the first count value and the third count value are different, determining that the target data block is rolled back, and triggering the sender to send a prompt message, the prompt message is used to prompt the target data block to roll back.
  • the processor 211 is further configured to: when the first count value and the third count value are the same, determine that the security chip is powered off.
  • the processor 211 obtains the first count value according to the first value of the target data block and the first MAC corresponding to the target data block, and the algorithm used is the inverse of the addition algorithm.
  • the operation that is, the subtraction algorithm is used to calculate the first count value.
  • the processor 211 obtains the first count value according to the first value of the target data block and the first MAC corresponding to the target data block, and the algorithm used is the inverse of the multiplication operation.
  • the operation that is, the division operation is used to calculate the first count value.
  • the processor 211 determines whether the target data block has been rolled back, the processor 211 usually acquires the read. Taking the request, the processor 211 reads the target data block according to the read request. Then, the processor 211 determines whether the target data block has rolled back, and the transmitter transmits a read response. When the target data block has not rolled back, the read response is used to indicate that the read was successful. When the target data block is rolled back, the read response is the above-mentioned prompt message, and the prompt message is used to prompt the target data block to roll back.
  • the processor 211 reads the target data block to the second memory, and decrypts the target.
  • Data block obtaining a plaintext data block corresponding to the target data block and a first MAC of the target data block, and verifying whether the first MAC is correct; when verifying that the first MAC is correct, corresponding to the target data block Reading the second data block to the second memory, and decrypting the second data block, obtaining a first value corresponding to the second MAC and the target data block of the second data block, and verifying whether the second MAC is correct;
  • the processor 211 obtains the first count value according to the first value of the target data block and the first MAC corresponding to the target data block.
  • the above counter may be an OTP or an NVM.
  • the bit of the counter can be divided into a plurality of bit segments, and each bit segment constitutes a count value, that is, the counter can include a plurality of count values at the same time.
  • Each count value may correspond to at least one first data block.
  • the counter value of the counter is in one-to-one correspondence with the second data block.
  • FIG. 3B is a schematic diagram of secondary storage of a first memory provided by another embodiment of the present application. As shown in FIG. 3B, the bits of the timer are divided into 3 bit segments, each of which constitutes a calculated value.
  • the first memory stores M1 first data blocks and second data blocks corresponding to M1 first data blocks.
  • the first memory stores M2 first data blocks and second data blocks corresponding to M2 first data blocks.
  • the first memory stores M3 first data blocks and second data blocks corresponding to M3 first data blocks.
  • bit segment corresponding to each partition can be set according to the application write times. For example, bit segment 1 is used to store the application, and the update frequency of the application is relatively low, so the number of bits in bit segment 1 can be set less. It is assumed that the bit segment 2 is used to store application data, and the update frequency of the application data is very high. That is, the application data is updated more frequently, so the number of bits of the bit segment 2 can be set more. For example, the bit segment 2 can reach tens of thousands of bits, but the storage space can be smaller. Similarly, the number of bits in bit segment 3 can also be set.
  • the processor may implement application application calls by using a plurality of application programming interfaces (APIs) of the first memory to the multi-bit segment, or may be directly specified.
  • APIs application programming interfaces
  • the storage mode of the multi-bit segment makes the count value between different partitions unaffected, thereby reducing the complexity of the terminal device.
  • the present application provides a terminal device, including: a security chip and a first memory coupled to the security chip, wherein the security chip includes: a processor, a second memory, and a counter.
  • the first memory is configured to store M first data blocks, wherein each first data block is obtained by performing an encryption operation on the plaintext data block and the first MAC corresponding to the plaintext data block.
  • the counter is used to count the number of updates of the M first data blocks to obtain a count value, and the counter value of the counter cannot be rolled back.
  • the processor is configured to: perform a logical operation by using a first count value of the counter and a first MAC corresponding to each first data block, to obtain M first values corresponding to the M first data blocks; wherein, the first The count value is the count value corresponding to the M first data blocks when the processor performs a logical operation. Encrypting the M first values and the second MAC corresponding to the M first values to obtain a second data block, and storing the second data block in the first memory.
  • the counter may be an OTP or a counter such as an NVM in the SE chip.
  • the application has data anti-return capability while maintaining the existing chip architecture. Add dedicated Secure Flash to the prior art.
  • the terminal device provided by the present application can reduce cost and layout complexity.
  • the counter is an NVM or other counter in the SE chip, it is equivalent to adding a small-capacity (for counting only) counter to the existing SE chip, and therefore, dedicated Secure Flash is added with respect to the prior art.
  • the terminal device provided by the present application can reduce cost and layout complexity.
  • the processor 211 is further configured to: update the third data block to a new first data block, and update the first count value to obtain a new first count value; wherein the third data block is M Any one of the data blocks; respectively calculating, for each new first count value and the first MAC corresponding to each first data block corresponding to the second data block, using the same algorithm as calculating the first value a new first value of the data block, and updating the first value of each first data block to a new first value; the M new first value and the M new first corresponding to the second data block The new second MAC encryption corresponding to the value obtains a new second data block; and updates the second data block to a new second data block; the counter is further configured to update the first count value to the new first count value.
  • the third data block is the first updated data block of the first of the M first data blocks.
  • the manner of updating the first data block is similar to that of the foregoing processor 211, and details are not described herein again.
  • the M first data blocks are the first data block 1, the first data block 2, ... the first data block M, respectively. It is assumed that the first updated first data block is the first data block 1, and the first data block 1 is the third data block.
  • the processor updates the first data block 1 to the new first data block 1, the first count value needs to be updated once to obtain a new first count value. Since the first count value has changed, the first value of the new first data block 1, the first data block 2, ... the first data block M needs to be updated to the new first value.
  • the new first value is calculated using the new first count value.
  • the counter is further configured to update the first count value to the new first count value.
  • the processor 211 is further configured to: read the first value of the fourth data block to the second memory 212, where the fourth data block is any one of the new first data blocks corresponding to the second data block a first data block; determining a first MAC corresponding to the fourth data block according to the first value of the fourth data block and the first count value; storing the first MAC corresponding to the fourth data block to the second memory.
  • the processor 211 calculates a new first value by using the first MAC of the fourth data block, the first MAC needs to be obtained in the foregoing manner.
  • the processor 211 determines the first MAC corresponding to the fourth data block according to the first value of the fourth data block and the first count value, and the adopted algorithm is an inverse operation for calculating the first value. Assuming that the first value is calculated using an addition operation, the processor 211 can obtain the first MAC using a subtraction operation.
  • the processor 211 is in the process of calculating a new first value of each first data block corresponding to the second data block, or after updating the second data block to a new second data block, the counter will count the first
  • the SE chip may be powered down before the value is updated to the new first count value.
  • the present application provides a SE chip power down protection strategy.
  • the terminal device provided by the present application can ensure that the first count value of the first data block, the second data block, and the counter is accurate when the SE chip is powered off.
  • FIG. 4 is a schematic diagram of a storage area of a first memory according to an embodiment of the present disclosure.
  • the storage area of the first memory may include three parts: a common secure storage area, and an authentication secure storage using a count value. Area and program area. The main difference between the normal security storage area and the authentication security storage area that uses the count value is whether the anti-backoff function can achieve EAL5+ authentication.
  • a normal secure storage area can be used to store data blocks that are not critical to data fallback.
  • the authentication secure storage area using the count value is the area for secondary storage provided by the present application, and the area is used for storing the first data block and the second data block described above.
  • the present application provides different APIs for the three different regions described above.
  • Option 1 Provide a new API for the authenticated secure storage area that utilizes the count value.
  • Static configuration specifies an authenticated secure storage area that uses a common secure storage area and uses count values.
  • the present application further provides a processor, which is a processor in the foregoing SE chip, and the function of the processor is as described above, and the details are not described herein again.
  • the application also provides a chip including the above counter and the processor.
  • the functions of the counter and the functions of the processor are as described above, and the present application will not be repeated here.
  • the chip may be the above-mentioned SE chip, or may be an AP SOC, and the AP SOC includes the SE chip.
  • FIG. 5 is a flowchart of a data processing method according to an embodiment of the present application. As shown in FIG. 2 and FIG. 5, the method is applied to the processor 211.
  • the processor 211 is included in the security chip 21, and the security chip further includes: a second memory 212 and a counter 213; the security chip 21 and the A memory 22 is coupled to each other; the first memory 22 is configured to store M first data blocks, wherein each first data block is authenticated by a plaintext data block and a first message corresponding to the plaintext data block
  • the code MAC is obtained by performing an encryption operation, and M is an integer greater than or equal to 1.
  • the counter 213 is configured to count the number of updates of the M first data blocks to obtain a count value, and the counter value of the counter 213 is not available. Fallback; the method includes:
  • Step S501 performing a logical operation on the first count value of the counter and the first MAC corresponding to each first data block, respectively, to obtain M first values corresponding to the M first data blocks one by one; wherein, the first count The value is the count value corresponding to the M first data blocks when the processor performs a logical operation.
  • Step S502 Perform an encryption operation on the M first values and the second MAC corresponding to the M first values to obtain a second data block, and store the second data block in the first memory.
  • Step S503 determining, according to the second data block and the second count value of the counter, whether the target data block is rolled back; wherein the target data block is any one of the M first data blocks; and the second count value is the processor determining the target. The count value corresponding to the M first data blocks when the data block is rolled back.
  • FIG. 6 is a schematic diagram of a terminal device according to an embodiment of the present disclosure.
  • the terminal device includes: a security chip 61 and a first memory 62 coupled to the security chip, where
  • the security chip 61 includes a processor 611, a second memory 612, and a non-volatile memory NVM 613.
  • the NVM 613 is configured to count the number of updates of the encrypted data block to obtain a count value, and the count value of the NVM 613 cannot be returned.
  • the first memory may also store a plurality of encrypted data blocks, and the bits of the NVM may be divided into a plurality of bit segments, each of the bit segments constituting a count value, and each of the count values may correspond to at least one encrypted data block.
  • the terminal device further includes: a transmitter; the processor 611 is specifically configured to: when the first value and the second value are the same, determine that the plaintext data block does not roll back; when the first value and the When the second value is different, updating the second count value to obtain a third count value, and calculating, by using the same algorithm as calculating the first value, the clear text for the third count value and the MAC a third value of the data block; when the first value and the third value are different, determining that the plaintext data block is rolled back, and triggering the sender to send a prompt message, where the prompt message is used for prompting The plaintext data block is rolled back.
  • processor 611 is further configured to: when the first value and the third value are the same, determine that the security chip is powered off.
  • the terminal device further includes: a transmitter; the processor 611 is specifically configured to: when the first count value and the second count value are the same, determine that the plaintext data block does not roll back; when the first When the count value and the second count value are different, the second count value obtains a third count value a second time; when the first count value and the third count value are not the same, the clear text is determined
  • the data block is rolled back, and the sender is triggered to send a prompt message, where the prompt message is used to prompt that the plaintext data block is rolled back.
  • the processor 611 is further configured to: when the first count value and the third count value are the same, determine that the security chip is powered off.
  • the present application provides a terminal device including: a security chip and a first memory coupled to the security chip, wherein the security chip includes: a processor, a second memory, and a non-volatile memory
  • the NVM is configured to count the number of updates of the encrypted data block to obtain a count value, and the count value of the NVM is not backed off;
  • the processor is configured to: use the message authentication code MAC of the plaintext data block and the NVM a first count value, the first value corresponding to the plaintext data block is obtained; the first count value is a count value corresponding to the plaintext data block when the processor calculates the first value; Encrypting the encrypted data block with the value and the plaintext data block, and storing the encrypted data block to the first memory;
  • the processor is further configured to: according to the encrypted data block and the NVM a second count value, determining whether the encrypted data block has a rollback; wherein the second count value corresponds to the encrypted data block; and the second count value is determined by the processor to determine the
  • the present application further provides a processor, which is the processor shown in FIG. 6.
  • the function of the processor is as described above, and the details are not described herein again.
  • the application also provides a chip including the above NVM and the processor.
  • the functions of the NVM and the functions of the processor are as described above, and the application will not be repeated herein.
  • the chip may be the above-mentioned SE chip, or may be an AP SOC, and the AP SOC includes the SE chip.
  • FIG. 8 is a flowchart of a data processing method according to another embodiment of the present application.
  • the method is applied to the processor 611, and the processor 611 is included in the security chip 61.
  • the security chip 61 further includes: a second memory 612 and a non-volatile memory NVM 613;
  • the security chip 61 is coupled to the first memory 62.
  • the NVM 613 is configured to count the number of updates of the encrypted data block to obtain a count value, and the count value of the NVM 613 cannot be rolled back;
  • the method includes:
  • Step S801 Using the message authentication code MAC of the plaintext data block and the first count value of the NVM, obtaining a first value corresponding to the plaintext data block; the first count value is corresponding to the plaintext data block when the processor calculates the first value. Count value.
  • Step S802 encrypting the first value and the plaintext data block, obtaining an encrypted data block, and storing the encrypted data block to the first memory;
  • Step S803 determining, according to the second count value of the encrypted data block and the NVM, whether the encrypted data block is backed off; wherein the second count value corresponds to the encrypted data block; and the second count value is determining whether the encrypted data block is generated back.
  • the count value corresponding to the data block is encrypted.
  • the data processing method provided by the present application is executed by the processor shown in FIG. 6, and the corresponding content and effect are the same, and details are not described herein again.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Human Computer Interaction (AREA)
  • Power Engineering (AREA)
  • Mathematical Physics (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)
  • Telephone Function (AREA)

Abstract

La présente invention concerne un dispositif terminal et un procédé de traitement de données. Le dispositif comprend une puce sécurisée et une première mémoire, la puce sécurisée comprenant un processeur, une deuxième mémoire et un compteur. La première mémoire est utilisée pour stocker M premiers blocs de données, les premiers blocs de données étant obtenus en effectuant une opération de chiffrement sur un bloc de données en clair et un premier MAC du bloc de données en clair. Le compteur est utilisé pour compter le nombre de mises à jour des M premiers blocs de données pour obtenir une valeur de comptage, et la valeur de comptage du compteur ne peut pas revenir en arrière. Le processeur effectue une opération logique sur une première valeur de comptage du compteur et du premier MAC correspondant à chaque premier bloc de données, pour obtenir M premières valeurs numériques, et il effectue une opération de chiffrement sur les M premières valeurs numériques et un deuxième MAC correspondant pour obtenir un deuxième bloc de données, et stocke le deuxième bloc de données dans la première mémoire. Il est déterminé si un bloc de données cible est revenu en arrière en fonction du deuxième bloc et une deuxième valeur de comptage du compteur est déterminée. Le dispositif terminal peut réduire les coûts et la complexité d'une carte de déploiement.
PCT/CN2018/091749 2017-06-19 2018-06-19 Dispositif terminal et procédé de traitement de données WO2018233583A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201710464774.3A CN109150534B (zh) 2017-06-19 2017-06-19 终端设备及数据处理方法
CN201710464774.3 2017-06-19

Publications (1)

Publication Number Publication Date
WO2018233583A1 true WO2018233583A1 (fr) 2018-12-27

Family

ID=64735898

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/091749 WO2018233583A1 (fr) 2017-06-19 2018-06-19 Dispositif terminal et procédé de traitement de données

Country Status (2)

Country Link
CN (1) CN109150534B (fr)
WO (1) WO2018233583A1 (fr)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109885442B (zh) * 2019-02-13 2020-03-27 上海燧原智能科技有限公司 性能分析方法、装置、设备及存储介质

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1997016003A1 (fr) * 1995-10-25 1997-05-01 Siemens Aktiengesellschaft Puce de securite
CN1707464A (zh) * 2005-03-17 2005-12-14 联想(北京)有限公司 内嵌实时时钟的安全芯片以及校准其实时时钟方法
US20060050931A1 (en) * 2004-09-07 2006-03-09 Sony Corporation Biometric identification system
CN103839012A (zh) * 2012-11-23 2014-06-04 景幂机械(上海)有限公司 Flash加密存储装置
CN106127483A (zh) * 2016-06-30 2016-11-16 华为技术有限公司 移动支付方法、片上***及终端
CN106372540A (zh) * 2016-08-29 2017-02-01 北京中电华大电子设计有限责任公司 一种芯片安全信息的安全传输方法及电路

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140250290A1 (en) * 2013-03-01 2014-09-04 St-Ericsson Sa Method for Software Anti-Rollback Recovery
US10318271B2 (en) * 2015-01-05 2019-06-11 Irdeto Canada Corporation Updating software components in a program
US9792229B2 (en) * 2015-03-27 2017-10-17 Intel Corporation Protecting a memory
CN106406939A (zh) * 2016-09-05 2017-02-15 惠州Tcl移动通信有限公司 一种基于emmc芯片的移动终端防回滚方法及***

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1997016003A1 (fr) * 1995-10-25 1997-05-01 Siemens Aktiengesellschaft Puce de securite
US20060050931A1 (en) * 2004-09-07 2006-03-09 Sony Corporation Biometric identification system
CN1707464A (zh) * 2005-03-17 2005-12-14 联想(北京)有限公司 内嵌实时时钟的安全芯片以及校准其实时时钟方法
CN103839012A (zh) * 2012-11-23 2014-06-04 景幂机械(上海)有限公司 Flash加密存储装置
CN106127483A (zh) * 2016-06-30 2016-11-16 华为技术有限公司 移动支付方法、片上***及终端
CN106372540A (zh) * 2016-08-29 2017-02-01 北京中电华大电子设计有限责任公司 一种芯片安全信息的安全传输方法及电路

Also Published As

Publication number Publication date
CN109150534B (zh) 2021-10-01
CN109150534A (zh) 2019-01-04

Similar Documents

Publication Publication Date Title
US11574061B2 (en) Rollback resistant security
CN112042151B (zh) 使用单调计数器的机密密钥的安全分发
EP3274848B1 (fr) Protection améliorée contre l'attaque par rejeu pour une mémoire
EP3274850B1 (fr) Protection d'une mémoire
US10223289B2 (en) Secure handling of memory caches and cached software module identities for a method to isolate software modules by means of controlled encryption key management
KR100692348B1 (ko) 휴면 보호
TWI436280B (zh) 存取基本輸入輸出系統設定的認證方法
WO2020192406A1 (fr) Procédé et appareil de stockage et de vérification de données
US7945790B2 (en) Low-cost pseudo-random nonce value generation system and method
US20080320263A1 (en) Method, system, and apparatus for encrypting, integrity, and anti-replay protecting data in non-volatile memory in a fault tolerant manner
JP2007512787A (ja) トラステッド・モバイル・プラットフォーム・アーキテクチャ
US20210223968A1 (en) Memory system, information processing apparatus, and information processing system
KR20160111455A (ko) 보안 부트 동안 키 추출
CN110659506A (zh) 基于密钥刷新对存储器进行重放保护
CN109891425B (zh) 序列验证
US11468159B2 (en) Memory system
CN109891823B (zh) 用于凭证加密的方法、***以及非暂态计算机可读介质
US10354094B2 (en) Systems and methods for cache memory authentication
WO2018233583A1 (fr) Dispositif terminal et procédé de traitement de données
US11429722B2 (en) Data protection in a pre-operation system environment based on an embedded key of an embedded controller
US20220284088A1 (en) Authentication of write requests
US20140164787A1 (en) Control method and information processing apparatus
KR101765209B1 (ko) 안전 부팅 장치 및 방법

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18820069

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18820069

Country of ref document: EP

Kind code of ref document: A1