[go: up one dir, main page]

CN103347017A - Data processing method and system on chip - Google Patents

Data processing method and system on chip Download PDF

Info

Publication number
CN103347017A
CN103347017A CN 201310271795 CN201310271795A CN103347017A CN 103347017 A CN103347017 A CN 103347017A CN 201310271795 CN201310271795 CN 201310271795 CN 201310271795 A CN201310271795 A CN 201310271795A CN 103347017 A CN103347017 A CN 103347017A
Authority
CN
China
Prior art keywords
application program
data
encryption key
encryption
chip
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN 201310271795
Other languages
Chinese (zh)
Inventor
杨选
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN 201310271795 priority Critical patent/CN103347017A/en
Publication of CN103347017A publication Critical patent/CN103347017A/en
Withdrawn legal-status Critical Current

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

本发明实施例涉及一种数据处理方法和片上系统,该方法包括:对应用程序的嵌入数据进行加密,所述加密后得到所述应用程序的加密数据,当运行应用程序时,对应用程序的加密数据进行解密,所述解密后得到所述应用程序的解密数据,将应用程序的嵌入数据和应用程序的解密数据进行比较,当应用程序的嵌入数据和应用程序的解密数据相同时,继续运行应用程序,当应用程序的嵌入数据和应用程序的解密数据不同时,停止运行应用程序。因此,本发明增加了破解应用程序的难度,提供了对应用程序的保护力度。

Figure 201310271795

Embodiments of the present invention relate to a data processing method and a system-on-a-chip. The method includes: encrypting the embedded data of the application program, and obtaining the encrypted data of the application program after the encryption; when the application program is running, the application program Decrypt the encrypted data, obtain the decrypted data of the application program after the decryption, compare the embedded data of the application program with the decrypted data of the application program, and continue to run when the embedded data of the application program is the same as the decrypted data of the application program application, stop running the application when the embedded data of the application and the decrypted data of the application are different. Therefore, the present invention increases the difficulty of deciphering the application program and provides protection for the application program.

Figure 201310271795

Description

数据处理方法和片上系统Data processing method and system on chip

技术领域technical field

本发明涉及通信技术领域,尤其涉及一种数据处理方法和片上系统。The invention relates to the technical field of communication, in particular to a data processing method and a system on chip.

背景技术Background technique

随着通信技术的发展,嵌入式系统的应用越来越广,但是,针对嵌入式系统的应用(Application,APP)程序的安全防护手段却很少。因此,如何对嵌入式系统的APP程序进行加密,并防止其他产品设计者抄袭成为很重要的问题。With the development of communication technology, embedded systems are more and more widely used, but there are few security protection means for application (Application, APP) programs of embedded systems. Therefore, how to encrypt the APP program of the embedded system and prevent plagiarism by other product designers has become a very important issue.

目前,对嵌入式系统的APP程序采用的加密方法为:将APP程序明文保存在闪存(Flash Memory)中,外围保护芯片与APP程序内置相同的加密算法和密钥。当APP程序运行过程中,CPU定时向外围保护芯片发送随机数,保护芯片接收到随机数后,利用内置的加密算法和密钥对该随机数进行加密,并将加密后得到的加密结果返回CPU,由CPU将接收到的加密结果与自身计算的加密结果进行对比,如果两个加密结果匹配,则APP程序继续运行,否则该APP程序停止。At present, the encryption method adopted for the APP program of the embedded system is: save the APP program in plain text in the flash memory (Flash Memory), and the peripheral protection chip and the APP program have the same encryption algorithm and key built in. When the APP program is running, the CPU regularly sends random numbers to the peripheral protection chip. After the protection chip receives the random number, it encrypts the random number with the built-in encryption algorithm and key, and returns the encrypted result to the CPU. , the CPU compares the received encrypted result with the encrypted result calculated by itself, and if the two encrypted results match, the APP program continues to run, otherwise the APP program stops.

或者,通过一次性可编程(One Time Programmable,OTP)控制器在OTP存储器中烧写私有数据,该私有数据不可修改但是可以读取。在APP程序运行的过程中,APP程序会读取私有数据,然后计算出一个结果,并判断是否与预设的结果相等。如果是,那么APP程序可以继续运行,否则停止。Or, burn private data in the OTP memory through a one-time programmable (One Time Programmable, OTP) controller, which cannot be modified but can be read. During the running of the APP program, the APP program will read the private data, then calculate a result, and judge whether it is equal to the preset result. If yes, then the APP program can continue to run, otherwise stop.

但是,上述两种方法皆是将APP程序明文保存在FLASH中,使得APP程序很容易被破解和抄袭。而且,第一种方法中需要外围保护芯片,增加了产品的成本,而且外围保护芯片内部存储的加密算法和密钥容易被破解;第二种方法中私有数据是可以读取的,使得该私有数据很容易被抄袭。However, both of the above two methods save the plain text of the APP program in the FLASH, making the APP program easy to be cracked and copied. Moreover, in the first method, a peripheral protection chip is required, which increases the cost of the product, and the encryption algorithm and key stored inside the peripheral protection chip are easily cracked; in the second method, private data can be read, so that the private Data can be easily plagiarized.

发明内容Contents of the invention

本发明提供了一种数据处理方法和片上系统,以解决现有技术中将APP程序明文保存在FLASH中,使得APP程序很容易被破解和抄袭的问题。The invention provides a data processing method and an on-chip system to solve the problem in the prior art that the APP program is stored in plain text in FLASH, so that the APP program is easily cracked and plagiarized.

在第一方面,本发明提供了一种数据处理方法,所述方法包括:对应用程序的嵌入数据进行加密,得到所述应用程序的加密数据;当运行所述应用程序时,对所述应用程序的加密数据进行解密,得到所述应用程序的解密数据;将所述应用程序的嵌入数据和所述应用程序的解密数据进行比较,当所述应用程序的嵌入数据和所述应用程序的解密数据相同时,继续运行所述应用程序;当所述应用程序的嵌入数据和所述应用程序的解密数据不同时,停止运行所述应用程序。In a first aspect, the present invention provides a data processing method, the method comprising: encrypting the embedded data of the application program to obtain the encrypted data of the application program; Decrypt the encrypted data of the program to obtain the decrypted data of the application program; compare the embedded data of the application program with the decrypted data of the application program, when the embedded data of the application program and the decrypted data of the application program When the data are the same, continue to run the application; when the embedded data of the application is different from the decrypted data of the application, stop running the application.

在第一种可能的实现方式中,所述对应用程序的嵌入数据进行加密,包括:设置加密密钥和加密算法,并利用所述加密密钥和加密算法对所述应用程序的嵌入数据进行加密。In a first possible implementation manner, the encrypting the embedded data of the application includes: setting an encryption key and an encryption algorithm, and using the encryption key and the encryption algorithm to encrypt the embedded data of the application encryption.

结合第一方面的第一种可能的实现方式,在第二种可能的实现方式中,所述设置加密密钥,还包括:将所述加密密钥写入一次性可编程OTP存储模块中,并利用OTP控制模块锁定所述加密密钥,所述锁定后的加密密钥不能被读出和修改。With reference to the first possible implementation of the first aspect, in a second possible implementation, the setting the encryption key further includes: writing the encryption key into a one-time programmable OTP storage module, And using the OTP control module to lock the encryption key, the locked encryption key cannot be read and modified.

在第二方面,本发明提供了一种片上系统,所述片上系统包括:加解密模块,用于对应用程序的嵌入数据进行加密,所述加密后得到所述应用程序的加密数据;处理模块,用于当运行所述应用程序时,利用所述加解密模块对所述应用程序的加密数据进行解密,所述解密后得到所述应用程序的解密数据,并将所述应用程序的嵌入数据和所述应用程序的解密数据进行比较,当所述应用程序的嵌入数据和所述应用程序的解密数据相同时,继续运行所述应用程序;当所述应用程序的嵌入数据和所述应用程序的解密数据不同时,停止运行所述应用程序。In a second aspect, the present invention provides a system-on-a-chip, the system-on-a-chip includes: an encryption and decryption module for encrypting the embedded data of the application program, and obtaining the encrypted data of the application program after the encryption; a processing module , for when the application program is running, use the encryption and decryption module to decrypt the encrypted data of the application program, obtain the decrypted data of the application program after the decryption, and embed the embedded data of the application program Compared with the decrypted data of the application program, when the embedded data of the application program is the same as the decrypted data of the application program, continue to run the application program; When the decrypted data is different, stop running the application.

在第一种可能的实现方式中,所述处理模块还用于设置加密密钥和加密算法;以及,所述加解密模块利用所述加密密钥和加密算法对所述应用程序的嵌入数据进行加密。In a first possible implementation manner, the processing module is further configured to set an encryption key and an encryption algorithm; and, the encryption and decryption module uses the encryption key and the encryption algorithm to perform encryption.

结合第二方面的第一种可能的实现方式,在第二种可能的实现方式中,所述片上系统还包括:一次性可编程OTP存储模块和OTP控制模块;所述OTP存储模块用于写入所述加密密钥,并利用所述OTP控制模块锁定所述加密密钥,所述锁定后的加密密钥不能被读出和修改。In combination with the first possible implementation of the second aspect, in the second possible implementation, the system-on-chip further includes: a one-time programmable OTP storage module and an OTP control module; the OTP storage module is used to write Enter the encryption key, and use the OTP control module to lock the encryption key, the locked encryption key cannot be read and modified.

通过应用本发明公开的数据处理方法和片上系统,对应用程序的嵌入数据进行加密,所述加密后得到应用程序的加密数据,当运行应用程序时,对应用程序的加密数据进行解密,所述解密后得到应用程序的解密数据,并将应用程序的嵌入数据和应用程序的解密数据进行比较,当应用程序的嵌入数据和应用程序的解密数据相同时,继续运行该应用程序;当应用程序的嵌入数据和应用程序的解密数据不同时,停止运行该应用程序,从而增加了破解应用程序的难度,提供了对应用程序的保护力度。By applying the data processing method and the system-on-a-chip disclosed in the present invention, the embedded data of the application program is encrypted, the encrypted data of the application program is obtained after the encryption, and the encrypted data of the application program is decrypted when the application program is run. After decryption, the decrypted data of the application program is obtained, and the embedded data of the application program is compared with the decrypted data of the application program. When the embedded data of the application program is the same as the decrypted data of the application program, the application program continues to run; When the embedded data is different from the decrypted data of the application program, the application program is stopped, thereby increasing the difficulty of cracking the application program and providing protection for the application program.

附图说明Description of drawings

图1为本发明实施例一提供的数据处理方法的流程图;FIG. 1 is a flowchart of a data processing method provided in Embodiment 1 of the present invention;

图2为本发明实施例二提供的片上系统的示意图;FIG. 2 is a schematic diagram of a system-on-a-chip provided by Embodiment 2 of the present invention;

图3为本发明实施例三提供的片上系统的示意图。FIG. 3 is a schematic diagram of a system on chip provided by Embodiment 3 of the present invention.

具体实施方式Detailed ways

为使本发明实施例的目的、技术方案和优点更加清楚,下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。In order to make the purpose, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention. Obviously, the described embodiments It is a part of embodiments of the present invention, but not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of the present invention.

本发明公开了一种数据处理方法和片上系统,通过对应用程序的嵌入数据进行加密,所述加密后得到应用程序的加密数据,当运行应用程序时,对应用程序的加密数据进行解密,所述解密后得到应用程序的解密数据,并将应用程序的嵌入数据和应用程序的解密数据进行比较,当应用程序的嵌入数据和应用程序的解密数据相同时,继续运行该应用程序;当应用程序的嵌入数据和应用程序的解密数据不同时,停止运行该应用程序,从而增加了破解应用程序的难度,提供了对应用程序的保护力度。The invention discloses a data processing method and a system on a chip. By encrypting the embedded data of the application program, the encrypted data of the application program is obtained after the encryption, and when the application program is running, the encrypted data of the application program is decrypted, so that The decrypted data of the application program is obtained after the above decryption, and the embedded data of the application program is compared with the decrypted data of the application program. When the embedded data of the application program is the same as the decrypted data of the application program, the application program continues to run; when the application program When the embedded data of the application program is different from the decrypted data of the application program, the application program is stopped, thereby increasing the difficulty of cracking the application program and providing protection for the application program.

图1为本发明实施例一提供的数据处理方法的流程图。如图所示,本实施例具体包括以下步骤:FIG. 1 is a flowchart of a data processing method provided by Embodiment 1 of the present invention. As shown in the figure, this embodiment specifically includes the following steps:

步骤110,片上系统(System On Chip,SOC)对APP程序的嵌入数据进行加密,得到所述APP程序的加密数据。其中,APP程序不是随便安装的,是需要控制的,必须是校验通过的程序才能运行。APP嵌入数据的过程类似于签名,APP嵌入数据经过签名和加密之后,放在FLASH中。其运行的时候,进行解密,然后校验。校验就是把解密后的数据与APP嵌入的数据进行比较。Step 110, the System On Chip (SOC) encrypts the embedded data of the APP program to obtain the encrypted data of the APP program. Among them, the APP program is not installed casually, it needs to be controlled, and it must be a program that passes the verification before it can run. The process of APP embedding data is similar to signing. After APP embedding data is signed and encrypted, it is placed in FLASH. When it runs, it decrypts and then verifies. Verification is to compare the decrypted data with the data embedded in the APP.

该步骤110还包括,片上系统设置对APP程序的嵌入数据进行加密的加密密钥和加密算法,并利用其设置的加密密钥和加密算法对APP程序的嵌入数据进行加密。为了防止其他产品设计者抄袭APP程序,提供对该APP程序的保护力度,片上系统设置的加密密钥的密钥长度一般为128位(bit)或者128位(bit),加密算法强度达到AES-128ECB的级别。其中,AES-128ECB的级别的加密算法是公认的安全加密算法,很难破解,同样可以增加破解应用程序的难度。This step 110 also includes that the system on chip sets an encryption key and an encryption algorithm for encrypting the embedded data of the APP program, and encrypts the embedded data of the APP program by using the encryption key and encryption algorithm set therefor. In order to prevent other product designers from copying the APP program and provide protection for the APP program, the key length of the encryption key set by the system on chip is generally 128 bits (bit) or 128 bits (bit), and the encryption algorithm strength reaches AES- 128ECB level. Among them, the AES-128ECB-level encryption algorithm is a recognized security encryption algorithm, which is difficult to crack and can also increase the difficulty of cracking applications.

上述片上系统包括设置一次性可编程(One Time Programmable,OTP)存储模块和OTP控制模块。片上系统设置加密密钥的过程一般为:将加密密钥通过烧写的方式写入OTP存储模块中,并利用OTP控制模块锁定该加密密钥,使得锁定后的加密密钥不能被读出和修改。其中,OTP存储模块中会预留出长度为1位(bit)的锁定位,当OTP控制模块控制该锁定位为锁定状态时,OTP存储模块中保存的加密密钥被锁定,从而该加密密钥不能再被读出和修改,这也意味着片上系统之外的接口和CPU都无法改变锁定后的加密密钥。其中,硬件逻辑上完全可以实现锁定的功能。OTP有个特性为:当某1bit烧写为1,以后就固定为1。使用这个bit作为锁定位,控制密钥无法读出。The system-on-chip includes setting a one-time programmable (One Time Programmable, OTP) storage module and an OTP control module. The process of setting the encryption key by the system on chip is generally: write the encryption key into the OTP storage module by burning and writing, and use the OTP control module to lock the encryption key, so that the locked encryption key cannot be read and Revise. Wherein, in the OTP storage module, a lock bit with a length of 1 bit (bit) will be reserved. When the OTP control module controls the lock bit to be in a locked state, the encryption key stored in the OTP storage module is locked, so that the encryption key The key can no longer be read and modified, which also means that the interface and CPU outside the system-on-chip cannot change the locked encryption key. Among them, the locking function can be fully implemented in hardware logic. OTP has a feature: when a certain 1bit is programmed to 1, it will be fixed to 1 in the future. Using this bit as a lock bit, the control key cannot be read.

其中,锁定位的锁定状态可以是OTP控制模块控制锁定位为高电平时进入锁定状态,其中,只能是高电平时候,进入锁定状态。在烧写完密钥之后,然后确定密钥烧写正确,接着烧写锁定位,以后再也无法读出了。上述利用OTP控制模块的锁定控制作用,让片上系统之外的接口和CPU都无法篡改加密密钥,同时无法读取加密密钥,明显增加了破解加密密钥的难度。而且,OTP存储模块、OTP控制模块和加解密模块都是集成在片上系统中,特别是OTP存储模块保存的加密密钥,不容易为外界破解,而且硬件逻辑集成在片上系统中,成本的增加微乎其微。Wherein, the locked state of the locked bit can be that the OTP control module controls the locked bit to enter the locked state when it is at a high level, wherein the locked state can only be entered at a high level. After burning the key, make sure that the key is burned correctly, and then burn the lock bit, which can no longer be read out. The above-mentioned locking control function of the OTP control module makes it impossible for the interface and CPU other than the system on chip to tamper with the encryption key, and at the same time cannot read the encryption key, which obviously increases the difficulty of cracking the encryption key. Moreover, the OTP storage module, the OTP control module and the encryption and decryption module are all integrated in the system-on-chip, especially the encryption key stored in the OTP storage module, which is not easy to be cracked by the outside world, and the hardware logic is integrated in the system-on-chip, increasing the cost negligible.

另外,步骤110还包括:片上系统保存APP程序的加密数据,比如,将APP程序的加密数据保存至闪存(Flash)中。In addition, step 110 also includes: the system on chip saves the encrypted data of the APP program, for example, saves the encrypted data of the APP program in a flash memory (Flash).

步骤120,当运行APP程序时,片上系统对APP程序的加密数据进行解密,得到APP程序的解密数据。Step 120, when running the APP program, the system on chip decrypts the encrypted data of the APP program to obtain the decrypted data of the APP program.

步骤130,片上系统将APP程序的嵌入数据和APP程序的解密数据进行比较,当APP程序的嵌入数据和APP程序的解密数据相同时,继续运行APP程序;当APP程序的嵌入数据和APP程序的解密数据不同时,停止运行APP程序。Step 130, the system on chip compares the embedded data of the APP program with the decrypted data of the APP program, and when the embedded data of the APP program is the same as the decrypted data of the APP program, continue to run the APP program; when the embedded data of the APP program and the decrypted data of the APP program When the decrypted data is different, stop running the APP program.

因此,本发明实施例提供的数据处理方法,通过对应用程序的嵌入数据进行加密,所述加密后得到应用程序的加密数据,当运行应用程序时,对应用程序的加密数据进行解密,所述解密后得到应用程序的解密数据,并将应用程序的嵌入数据和应用程序的解密数据进行比较,当应用程序的嵌入数据和应用程序的解密数据相同时,继续运行该应用程序;当应用程序的嵌入数据和应用程序的解密数据不同时,停止运行该应用程序,从而增加了破解应用程序的难度,提供了对应用程序的保护力度。Therefore, in the data processing method provided by the embodiment of the present invention, by encrypting the embedded data of the application program, the encrypted data of the application program is obtained after the encryption, and when the application program is running, the encrypted data of the application program is decrypted. After decryption, the decrypted data of the application program is obtained, and the embedded data of the application program is compared with the decrypted data of the application program. When the embedded data of the application program is the same as the decrypted data of the application program, the application program continues to run; When the embedded data is different from the decrypted data of the application program, the application program is stopped, thereby increasing the difficulty of cracking the application program and providing protection for the application program.

图2为本发明实施例二提供的片上系统的示意图。该片上系统用于执行本发明实施例一提供的数据处理方法。如图所示,本实施例提供的片上系统具体包括:加解密模块21和处理模块22。FIG. 2 is a schematic diagram of a system on chip provided by Embodiment 2 of the present invention. The system on chip is used to execute the data processing method provided in Embodiment 1 of the present invention. As shown in the figure, the system on chip provided by this embodiment specifically includes: an encryption and decryption module 21 and a processing module 22 .

加解密模块用于对APP程序的嵌入数据进行加密,所述加密后得到APP程序的加密数据;处理模块用于当运行APP程序时,利用加解密模块对APP程序的加密数据进行解密,所述解密后得到APP程序的解密数据,并将APP程序的嵌入数据和APP程序的解密数据进行比较,当APP程序的嵌入数据和APP程序的解密数据相同时,继续运行APP程序;当APP程序的嵌入数据和APP程序的解密数据不同时,停止运行APP程序。The encryption and decryption module is used to encrypt the embedded data of the APP program, and the encrypted data of the APP program is obtained after the encryption; the processing module is used to decrypt the encrypted data of the APP program by using the encryption and decryption module when the APP program is running. After decryption, the decrypted data of the APP program is obtained, and the embedded data of the APP program is compared with the decrypted data of the APP program. When the embedded data of the APP program is the same as the decrypted data of the APP program, the APP program continues to run; when the embedded data of the APP program When the data and the decrypted data of the APP program are different, stop running the APP program.

在一个实施例中,处理模块12还用于设置加密密钥和加密算法;以及,加解密模块11利用加密密钥和加密算法对APP程序的嵌入数据进行加密。In one embodiment, the processing module 12 is further configured to set an encryption key and an encryption algorithm; and, the encryption and decryption module 11 uses the encryption key and the encryption algorithm to encrypt the embedded data of the APP program.

在另一个实施例中,本实施例提供的片上系统还包括OTP存储模块23和OTP控制模块24。In another embodiment, the system on chip provided by this embodiment further includes an OTP storage module 23 and an OTP control module 24 .

OTP存储模块23用于写入加密密钥,该加密密钥是对APP程序的嵌入数据进行加密时使用的密钥,并利用OTP控制模块24锁定加密密钥,该锁定后的加密密钥不能被读出和修改。其中,OTP控制模块还用于控制OTP存储模块23的锁定位,当OTP存储模块23的锁定位为锁定状态时,OTP存储模块23中的加密密钥被锁定,该锁定状态为高电平或低电平,这是根据实际情况确定的。The OTP storage module 23 is used to write the encryption key, which is the key used when encrypting the embedded data of the APP program, and utilizes the OTP control module 24 to lock the encryption key. The locked encryption key cannot be read and modified. Wherein, the OTP control module is also used to control the lock bit of the OTP storage module 23. When the lock bit of the OTP storage module 23 was in a locked state, the encryption key in the OTP storage module 23 was locked, and the locked state was a high level or Low level, which is determined according to the actual situation.

再一个实施例中,本实施例提供的片上系统还包括存储器25。该存储器25用于保存APP程序的加密数据。其中,存储器25也可以在片上系统之外,同样具体保存APP程序的加密数据的功能,比如,该存储器25为闪存(Flash)。In yet another embodiment, the system on chip provided by this embodiment further includes a memory 25 . The memory 25 is used to store encrypted data of the APP program. Wherein, the memory 25 can also be outside the system-on-chip, and also specifically store the encrypted data of the APP program, for example, the memory 25 is a flash memory (Flash).

因此,本发明实施例提供的片上系统,通过对应用程序的嵌入数据进行加密,所述加密后得到应用程序的加密数据,当运行应用程序时,对应用程序的加密数据进行解密,所述解密后得到应用程序的解密数据,并将应用程序的嵌入数据和应用程序的解密数据进行比较,当应用程序的嵌入数据和应用程序的解密数据相同时,继续运行该应用程序;当应用程序的嵌入数据和应用程序的解密数据不同时,停止运行该应用程序,从而增加了破解应用程序的难度,提供了对应用程序的保护力度。Therefore, the system-on-a-chip provided by the embodiment of the present invention encrypts the embedded data of the application program, obtains the encrypted data of the application program after the encryption, and decrypts the encrypted data of the application program when the application program is running. After obtaining the decrypted data of the application program, and comparing the embedded data of the application program with the decrypted data of the application program, when the embedded data of the application program is the same as the decrypted data of the application program, continue to run the application program; when the embedded program of the application program When the decrypted data of the data and the application program are different, the application program is stopped, thereby increasing the difficulty of cracking the application program and providing protection for the application program.

图3为本发明实施例三提供的片上系统的示意图。该片上系统用于执行本发明实施例一提供的数据处理方法。如图所示,本实施例提供的片上系统具体包括:系统端口31、处理器32和存储器33。系统总线34用于连接系统端口31、处理器32和存储器33。FIG. 3 is a schematic diagram of a system on chip provided by Embodiment 3 of the present invention. The system on chip is used to execute the data processing method provided in Embodiment 1 of the present invention. As shown in the figure, the system on chip provided by this embodiment specifically includes: a system port 31 , a processor 32 and a memory 33 . The system bus 34 is used to connect the system port 31 , the processor 32 and the memory 33 .

所述系统端口31可以和片上系统之外的存储器相连接,比如,闪存。The system port 31 may be connected to a memory other than the SoC, such as a flash memory.

存储器33可以是永久存储器,例如硬盘驱动器和闪存,存储器33中具有软件模块和设备驱动程序。软件模块能够执行本发明上述方法的各种功能模块;设备驱动程序可以是网络和接口驱动程序。The memory 33 can be a permanent memory, such as a hard disk drive and a flash memory, and has software modules and device drivers in the memory 33 . The software modules can execute various functional modules of the above method of the present invention; the device driver can be a network and interface driver.

在启动时,这些软件组件被加载到存储器33中,然后被处理器32访问并执行如图1所示的方法。At startup, these software components are loaded into the memory 33 and then accessed by the processor 32 to execute the method shown in FIG. 1 .

专业人员应该还可以进一步意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,能够以电子硬件、计算机软件或者二者的结合来实现,为了清楚地说明硬件和软件的可互换性,在上述说明中已经按照功能一般性地描述了各示例的组成及步骤。这些功能究竟以硬件还是软件方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本发明的范围。Professionals should further realize that the units and algorithm steps described in conjunction with the embodiments disclosed herein can be implemented by electronic hardware, computer software, or a combination of the two. In order to clearly illustrate the relationship between hardware and software Interchangeability. In the above description, the composition and steps of each example have been generally described according to their functions. Whether these functions are executed by hardware or software depends on the specific application and design constraints of the technical solution. Those skilled in the art may use different methods to implement the described functions for each specific application, but such implementation should not be regarded as exceeding the scope of the present invention.

结合本文中所公开的实施例描述的方法或算法的步骤可以用硬件、处理器执行的软件模块,或者二者的结合来实施。软件模块可以置于随机存储器(RAM)、内存、只读存储器(ROM)、电可编程ROM、电可擦除可编程ROM、寄存器、硬盘、可移动磁盘、CD-ROM、或技术领域内所公知的任意其它形式的存储介质中。The steps of the methods or algorithms described in connection with the embodiments disclosed herein may be implemented by hardware, software modules executed by a processor, or a combination of both. Software modules can be placed in random access memory (RAM), internal memory, read-only memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, removable disk, CD-ROM, or any other Any other known storage medium.

以上所述的具体实施方式,对本发明的目的、技术方案和有益效果进行了进一步详细说明,所应理解的是,以上所述仅为本发明的具体实施方式而已,并不用于限定本发明的保护范围,凡在本发明的精神和原则之内,所做的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。The specific embodiments described above have further described the purpose, technical solutions and beneficial effects of the present invention in detail. It should be understood that the above descriptions are only specific embodiments of the present invention and are not intended to limit the scope of the present invention. Protection scope, within the spirit and principles of the present invention, any modification, equivalent replacement, improvement, etc., shall be included in the protection scope of the present invention.

Claims (10)

1.一种数据处理方法,其特征在于,所述方法包括:1. A data processing method, characterized in that the method comprises: 对应用程序的嵌入数据进行加密,得到所述应用程序的加密数据;Encrypting the embedded data of the application program to obtain the encrypted data of the application program; 当运行所述应用程序时,对所述应用程序的加密数据进行解密,得到所述应用程序的解密数据;When the application program is running, decrypt the encrypted data of the application program to obtain the decrypted data of the application program; 将所述应用程序的嵌入数据和所述应用程序的解密数据进行比较,当所述应用程序的嵌入数据和所述应用程序的解密数据相同时,继续运行所述应用程序;当所述应用程序的嵌入数据和所述应用程序的解密数据不同时,停止运行所述应用程序。Comparing the embedded data of the application program with the decrypted data of the application program, when the embedded data of the application program is the same as the decrypted data of the application program, continuing to run the application program; When the embedded data of the application program is different from the decrypted data of the application program, the application program is stopped. 2.根据权利要求1所述的数据处理方法,其特征在于,所述对应用程序的嵌入数据进行加密,包括:2. The data processing method according to claim 1, wherein said encrypting the embedded data of the application program comprises: 设置加密密钥和加密算法,并利用所述加密密钥和加密算法对所述应用程序的嵌入数据进行加密。An encryption key and an encryption algorithm are set, and the embedded data of the application program is encrypted by using the encryption key and the encryption algorithm. 3.根据权利要求2所述的数据处理方法,其特征在于,所述设置加密密钥,还包括:3. The data processing method according to claim 2, wherein said setting an encryption key further comprises: 将所述加密密钥写入一次性可编程OTP存储模块中,并利用OTP控制模块锁定所述加密密钥,所述锁定后的加密密钥不能被读出和修改。Writing the encryption key into the one-time programmable OTP storage module, and using the OTP control module to lock the encryption key, the locked encryption key cannot be read and modified. 4.根据权利要求3所述的数据处理方法,其特征在于,所述利用OTP控制器锁定所述加密密钥,包括:4. The data processing method according to claim 3, wherein said utilizing the OTP controller to lock said encryption key comprises: 所述OTP控制模块控制所述OTP存储模块的锁定位,当所述锁定位为锁定状态时,所述加密密钥被锁定,所述锁定状态为高电平或低电平。The OTP control module controls the lock bit of the OTP storage module. When the lock bit is in a locked state, the encryption key is locked, and the locked state is a high level or a low level. 5.根据权利要求1至4任一项所述的数据处理方法,其特征在于,所述对应用程序的嵌入数据进行加密,所述加密后得到所述应用程序的加密数据,还包括:5. The data processing method according to any one of claims 1 to 4, wherein said encrypting the embedded data of the application program, and obtaining the encrypted data of the application program after said encryption further comprises: 保存所述加密数据。Save the encrypted data. 6.一种片上系统,其特征在于,所述片上系统包括:6. A system on a chip, characterized in that the system on a chip comprises: 加解密模块,用于对应用程序的嵌入数据进行加密,所述加密后得到所述应用程序的加密数据;An encryption and decryption module, configured to encrypt the embedded data of the application program, and obtain the encrypted data of the application program after the encryption; 处理模块,用于当运行所述应用程序时,利用所述加解密模块对所述应用程序的加密数据进行解密,所述解密后得到所述应用程序的解密数据,并将所述应用程序的嵌入数据和所述应用程序的解密数据进行比较,当所述应用程序的嵌入数据和所述应用程序的解密数据相同时,继续运行所述应用程序;当所述应用程序的嵌入数据和所述应用程序的解密数据不同时,停止运行所述应用程序。A processing module, configured to use the encryption and decryption module to decrypt the encrypted data of the application program when the application program is running, obtain the decrypted data of the application program after the decryption, and convert the encrypted data of the application program to comparing the embedded data with the decrypted data of the application program, and when the embedded data of the application program is the same as the decrypted data of the application program, continue to run the application program; When the decrypted data of the application program is different, the application program stops running. 7.根据权利要求6所述的片上系统,其特征在于,所述处理模块还用于设置加密密钥和加密算法;以及,所述加解密模块利用所述加密密钥和加密算法对所述应用程序的嵌入数据进行加密。7. The system-on-chip according to claim 6, wherein the processing module is also used to set an encryption key and an encryption algorithm; and, the encryption and decryption module uses the encryption key and the encryption algorithm to The application's embedded data is encrypted. 8.根据权利要求7所述的片上系统,其特征在于,所述片上系统还包括:一次性可编程OTP存储模块和OTP控制模块;8. system on chip according to claim 7, is characterized in that, described system on chip also comprises: one-time programmable OTP storage module and OTP control module; 所述OTP存储模块用于写入所述加密密钥,并利用所述OTP控制模块锁定所述加密密钥,所述锁定后的加密密钥不能被读出和修改。The OTP storage module is used for writing the encryption key, and the encryption key is locked by the OTP control module, and the locked encryption key cannot be read and modified. 9.根据权利要求8所述的片上系统,其特征在于,所述OTP控制模块还用于控制所述OTP存储模块的锁定位,当所述锁定位为锁定状态时,所述加密密钥被锁定,所述锁定状态为高电平或低电平。9. The system-on-chip according to claim 8, wherein the OTP control module is also used to control the lock bit of the OTP storage module, and when the lock bit is locked, the encryption key is locked locked, the locked state is high or low. 10.根据权利要求6至9任一项所述的片上系统,其特征在于,所述片上系统还包括:存储器;10. The system-on-chip according to any one of claims 6-9, wherein the system-on-chip further comprises: a memory; 所述存储器用于保存所述加密数据。The memory is used to save the encrypted data.
CN 201310271795 2013-06-27 2013-06-27 Data processing method and system on chip Withdrawn CN103347017A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 201310271795 CN103347017A (en) 2013-06-27 2013-06-27 Data processing method and system on chip

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 201310271795 CN103347017A (en) 2013-06-27 2013-06-27 Data processing method and system on chip

Publications (1)

Publication Number Publication Date
CN103347017A true CN103347017A (en) 2013-10-09

Family

ID=49281791

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 201310271795 Withdrawn CN103347017A (en) 2013-06-27 2013-06-27 Data processing method and system on chip

Country Status (1)

Country Link
CN (1) CN103347017A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104573572A (en) * 2013-10-25 2015-04-29 上海华力创通半导体有限公司 Method for encrypting read-write chip identifier
CN105354050A (en) * 2015-09-30 2016-02-24 深圳市九洲电器有限公司 Application software calling method for intelligent terminal
CN105955829A (en) * 2016-04-20 2016-09-21 青岛海信宽带多媒体技术有限公司 Order processing method, device and terminal
CN108280373A (en) * 2018-01-31 2018-07-13 上海集成电路研发中心有限公司 The method of read write chip identifier through encrypting
CN108388816A (en) * 2018-01-31 2018-08-10 上海集成电路研发中心有限公司 A kind of method of read write chip identifier through encrypting
CN113312307A (en) * 2021-06-25 2021-08-27 展讯通信(上海)有限公司 System on chip, data processing method thereof and central processing unit

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104573572A (en) * 2013-10-25 2015-04-29 上海华力创通半导体有限公司 Method for encrypting read-write chip identifier
CN104573572B (en) * 2013-10-25 2019-06-14 上海华力创通半导体有限公司 The method of read write chip identifier through encrypting
CN105354050A (en) * 2015-09-30 2016-02-24 深圳市九洲电器有限公司 Application software calling method for intelligent terminal
CN105354050B (en) * 2015-09-30 2019-05-17 深圳市九洲电器有限公司 A kind of application software call method of intelligent terminal
CN105955829A (en) * 2016-04-20 2016-09-21 青岛海信宽带多媒体技术有限公司 Order processing method, device and terminal
CN108280373A (en) * 2018-01-31 2018-07-13 上海集成电路研发中心有限公司 The method of read write chip identifier through encrypting
CN108388816A (en) * 2018-01-31 2018-08-10 上海集成电路研发中心有限公司 A kind of method of read write chip identifier through encrypting
CN113312307A (en) * 2021-06-25 2021-08-27 展讯通信(上海)有限公司 System on chip, data processing method thereof and central processing unit

Similar Documents

Publication Publication Date Title
JP5703391B2 (en) System and method for tamper resistant boot processing
CN104156659B (en) Embedded system secure start method
JP5607546B2 (en) Method and apparatus for controlling system access during a protected mode of operation
US8776211B1 (en) Processing commands according to authorization
CN103221957B (en) Secure software licensing and provisioning using a hardware-based security engine
KR102660863B1 (en) Secure signing of configuration settings
CN103150524B (en) A kind of safe storage chip, system and authentication method thereof
CN103347017A (en) Data processing method and system on chip
TW201802719A (en) Information authentication with security code verification
JP2016025616A (en) Method for protecting data stored in disk drive, and portable computer
WO2017133559A1 (en) Secure boot method and device
CN107430658A (en) Fail-safe software certification and checking
JP2017504267A (en) Key extraction during secure boot
TW201411405A (en) Protecting secure software in a multi-security-CPU system
JP2017033537A (en) Security device that indirectly accesses external non-volatile memory
EP2619707B1 (en) Verification and protection of genuine software installationv using hardware super key
US11615207B2 (en) Security processor configured to authenticate user and authorize user for user data and computing system including the same
CN108369626B (en) System and method for generating a key and non-transitory computer readable medium
CN113434853A (en) Method for burning firmware to storage device and controller
TW201530344A (en) Application program access protection method and application program access protection device
CN102456111A (en) Method and system for controlling permission of Linux operating system
KR102068485B1 (en) Nonvolatile memory module and method for operating thereof
CN104715208A (en) Platform integrity checking method based on TPM chip
CN103246832A (en) Microprocessor chip with anti-copy function and recording system thereof
CN104394467A (en) Method for downloading set-top box application program and set-top box

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C04 Withdrawal of patent application after publication (patent law 2001)
WW01 Invention patent application withdrawn after publication

Application publication date: 20131009