CN113496036B

CN113496036B - Security components and preloading methods

Info

Publication number: CN113496036B
Application number: CN202010263485.9A
Authority: CN
Inventors: 许树娜; 孙波
Original assignee: Alibaba Group Holding Ltd
Current assignee: Alibaba Group Holding Ltd
Priority date: 2020-04-07
Filing date: 2020-04-07
Publication date: 2025-09-12
Anticipated expiration: 2040-04-07
Also published as: CN113496036A

Abstract

The present disclosure provides a security component and a preloading method. The security component includes a memory, a plurality of registers and a preloading management device. The memory stores a plurality of items to be configured. The preloading management device is started after the security component is powered on, and includes: the random number generator, which is used to generate a random code, and the random code is used to indicate the corresponding configuration item of the plurality of items to be configured; the preloading controller, which is used to read the corresponding configuration item according to the random code and load the corresponding configuration item into the corresponding register of the plurality of registers. The security component provided by the embodiment of the present disclosure randomly loads the corresponding items to be configured into the corresponding register through the random code, so that the loading time of all items to be loaded is unpredictable, and the implementation of this step is performed immediately after the security component is powered on, and the startup of other components is after this step, thereby improving the security of the security component.

Description

Security component and preloading method

Technical Field

The present disclosure relates to the field of trusted computing, and in particular, to a security component and a preloading method.

Background

A security chip refers to an integrated circuit chip that implements one or more cryptographic algorithms, directly or indirectly using cryptographic techniques to protect root keys and sensitive information. The security chip typically has a separate microprocessor and memory unit where the root key and sensitive information are stored. At present, security chips are increasingly applied to intelligent terminals to provide reliable guarantee for financial payment and online identity authentication.

The normal start-up flow of the secure chip is shown in fig. 1, and includes a power-on reset release S110, a preload S120, a root key decryption S130, a key derivation S140, a release bus reset S150, and a release processor reset S160. The power-on reset release S110 resets each component to an initial state, the preload S120 loads the root key and the security configuration information stored in the security chip into the storage unit, the root key decryption S130 parses the root key from the security chip, the key derivation S140 derives an application key to be used in other links later, the bus reset S150 is released, and the processor reset S160 resets the bus and the processor to the initial state. The preloading S120 is an important process for starting the security chip, and the operation of other components of the chip must be performed after the preloading process is finished, so as to ensure that the operation environment of the whole chip is controlled by the security configuration of the security chip. On the basis, the whole preloading process needs to be ensured to be safe and controllable, and the root key and the security configuration information stored in the security chip cannot be acquired or tampered by physical attack on the security chip.

However, the prior art does not provide special protection for the preloading, so that if a physical attack is made on the secure chip during the preloading, the preloading process becomes unreliable, resulting in the subsequent running environment of the whole chip becoming unreliable, such as by electromagnetic radiation, so that certain security configuration steps are not performed, or the root key is tampered with.

Disclosure of Invention

Based on this, it is an object of the present disclosure to provide a security component for providing special protection measures for the preloading procedure of a system to improve the reliability of the preloading results.

In a first aspect, an embodiment of the present disclosure provides a security component, including a memory storing a plurality of items to be configured, a plurality of registers, and a preload management apparatus, the preload management apparatus being started after the security component is powered up, including:

The random number generator is used for generating a random code, and the random code is used for indicating corresponding configuration items of the plurality of items to be configured;

The preloading controller is used for reading the corresponding configuration items according to the random codes and loading the corresponding configuration items into corresponding registers of the registers.

Optionally, the pre-load management device includes a pre-load counter, the pre-load counter counts the load of the pre-load controller, the pre-load controller further maintains a pre-load state table, the pre-load state table includes a plurality of data items, each data item is used for representing whether the corresponding item to be configured is loaded into the corresponding register, the pre-load controller determines whether the plurality of items to be configured are loaded according to the pre-load state table and the count value of the pre-load counter, and accordingly judges whether the pre-load process is complete or not, and controls the security component to restart if the pre-load process is incomplete.

Optionally, the memory further stores a plurality of check words, and the preloading controller is further configured to read the plurality of check words to check, and determine whether to control the embedded system to be powered on again according to a check result.

Optionally, the random code is further used for indicating corresponding check words of the plurality of check words, and the preloading controller reads the corresponding check codes according to the random code to check.

Optionally, the random code further includes an identifier for characterizing verification or loading, and the preloading controller randomly performs verification or loading according to judgment of the random code.

Optionally, the check words are in one-to-one correspondence with the to-be-configured items, and the preloading controller checks whether the to-be-configured items are correct according to the check words.

Optionally, the plurality of check words and the plurality of items to be configured are stored in a scattered manner on the memory.

Optionally, the memory is a read-only memory.

Optionally, the read-only memory is a one-time programmable memory.

Optionally, the system further comprises a processing unit, wherein the plurality of registers are located inside the processing unit, and the processing unit completes system startup by using the plurality of items to be configured.

Optionally, the random number generator and the preloading controller are integrated in the processing unit.

Optionally, the plurality of items to be configured include a root password and security configuration information, the preloading controller loads the root password into a password register, loads the security configuration information into a control register, and the processing unit executes a password algorithm process and a program instruction for performing security configuration in a starting process.

Optionally, the security component is integrated as a system-on-chip.

Optionally, the safety component can be applied to a vehicle-mounted terminal, an intelligent home, a consumer electronic product, a robot controller, a programmable controller, a financial service terminal and a video conference terminal.

In a second aspect, embodiments of the present disclosure provide an embedded system comprising a security component as described in any one of the above.

In a third aspect, embodiments of the present disclosure provide a computer system comprising a security component as described in any one of the preceding claims.

In a fourth aspect, embodiments of the present disclosure provide a system on a chip comprising a security assembly as described in any one of the preceding claims.

In a fifth aspect, embodiments of the present disclosure provide a preloading method, which performs a preloading procedure after a system is powered up, the preloading procedure including the following steps repeatedly performed for the plurality of items to be configured:

acquiring a random code, wherein the random code is used for indicating corresponding configuration items of a plurality of items to be configured;

and reading the corresponding configuration items according to the random code, and loading the corresponding configuration items into corresponding registers of a plurality of registers.

Optionally, the preloading method further comprises

Counting the load operations;

Maintaining a preload state table comprising a plurality of data items, each data item being used to characterize whether the corresponding item to be configured has been loaded into a corresponding register;

And determining whether the plurality of items to be configured are loaded completely according to the pre-loading state table and the loading count value, and judging whether the pre-loading process is complete according to the loading completion.

Optionally, the preloading method further comprises the step of reading a plurality of prestored check words to check so as to judge whether the preloading process is normal or not.

Optionally, the random code is further used for indicating corresponding check words of the plurality of check words, and the preloading method further comprises reading the corresponding check codes according to the random code for checking.

Optionally, the random code further comprises an identifier for representing verification or loading, and the preloading method further comprises judging the random code and randomly executing verification or loading operation.

Optionally, the check words are in one-to-one correspondence with the to-be-configured items, and the preloading method further comprises checking whether the to-be-configured items are correct according to the check words.

Optionally, the plurality of items to be configured are stored in a read-only memory.

Alternatively, the preloading method is performed after power-up of the embedded system or the computer system.

The security component provided by the embodiment of the disclosure uses the random code to randomly load the corresponding items to be configured into the corresponding registers, so that the loading time of all the items to be loaded is unpredictable, the implementation of the step is performed immediately after the security component is powered on, and the components of other components are after the step, thereby improving the security of the security component. Further, the security component may be integrated in an embedded system, a computer system, or a system on a chip.

Drawings

The above and other objects, features and advantages of the present disclosure will become more apparent by describing embodiments thereof with reference to the following drawings in which:

FIG. 1 illustrates a typical boot flow for a security chip;

FIG. 2 shows a schematic diagram of an exemplary network architecture;

FIG. 3 shows a schematic diagram of a computer system including a security component of an embodiment of the present disclosure;

FIG. 4 illustrates a schematic diagram of an embedded system including a security component of an embodiment of the present disclosure;

FIGS. 5a and 5b show schematic diagrams of two ways of integration of a system-on-chip and a security chip of an embodiment of the present disclosure;

FIG. 6a is an exemplary block diagram of a security component provided by an embodiment of the present disclosure;

FIG. 6b is another exemplary block diagram of a security component provided by an embodiment of the present disclosure;

FIG. 7 is a schematic diagram of an embodiment of a preload management apparatus shown in FIG. 6 a;

FIG. 8 is a schematic diagram of another embodiment of the preload management apparatus shown in FIG. 6 a;

FIG. 9 illustrates a data structure diagram of an exemplary random code;

fig. 10a and 10b are flowcharts of a preloading method provided by embodiments of the present disclosure.

Detailed Description

The present disclosure is described below based on embodiments, but the present disclosure is not limited to only these embodiments. In the following detailed description of the present disclosure, certain specific details are set forth in detail. The present disclosure may be fully understood by one skilled in the art without a description of these details. Well-known methods, procedures, and flows have not been described in detail so as not to obscure the nature of the disclosure. The figures are not necessarily drawn to scale.

Fig. 2 shows a schematic diagram of a network architecture. As shown in fig. 2, various terminals 201 establish communication with a data center 203 through a network 203. The terminal 201 is a variety of electronic devices employing a computer system, such as a personal computer, a cellular phone, a notebook, a mobile terminal, and the like. The network 203 may be based on one or a combination of various communication technologies implemented by exchanging signals, including but not limited to wired technologies employing electrically and/or optically conductive cables, as well as wireless technologies employing infrared, radio frequency, and/or other forms. In different application scenarios, the network 203 may be the internet, a wide area network or a local area network, such as a private network of a company. The network 203 may also be a wired network or a wireless network.

The data center 203 has a large number of servers 140 for performing actual processing. Server 140 is a hardware entity that provides computing and storage capabilities to users or various application systems. The hardware and software resources of each server 140 may be integrated into a resource pool using virtualization techniques, and computing power, storage power, or virtual machine services may be provided to users or various application systems as needed based on the resource pool, where the servers 140 are referred to as cloud servers.

Access switch 130 is a switch used to allow server 140 access to a data center. An access switch 130 accesses a plurality of servers 140. The access switches 130 are typically located at the Top of the Rack, so they are also referred to as Top of Rack switches, which physically connect to the servers.

Each aggregation switch 120 connects multiple access switches 130 while providing other services such as firewall, intrusion detection, network analysis, etc.

Core switch 110 provides high speed forwarding of packets into and out of the data center and connectivity for aggregation switch 120. The network of the entire data center is divided into an L3 layer routing network and an L2 layer routing network, and the core switch 110 provides a flexible L3 layer routing network for the network of the entire data center in general.

Typically, the aggregation switch 120 is a demarcation point for L2 and L3 layer routing networks, below the aggregation switch 120 is an L2 network, above is an L3 network. Each group of aggregation switches manages one transport point (POD, point Of Delivery), within each of which is a separate VLAN network. The server migration within the POD does not have to modify the IP address and default gateway because one POD corresponds to one L2 broadcast domain.

Spanning tree Protocol (STP, spanning Tree Protocol) is typically used between the aggregation switch 120 and the access switch 130. STP makes only one aggregation layer switch 120 available for one VLAN network, and the other aggregation switches 120 are used when a failure occurs (dashed lines in the above figures). That is, at the level of the aggregation switch 120, no horizontal expansion is made, since only one is working even if multiple aggregation switches 120 are added.

The terminal 201 and the server 140 are general-purpose computer architectures in terms of basic hardware architecture, although the functions, external interfaces, operating systems, etc. of the specific terminal devices and servers are different, even very different. Fig. 3 illustrates such a general computer architecture. As shown in FIG. 3, computer system 10 may include one or more processors 12, and memory 14.

The memory 14 in the computer system 10 may be a main memory (referred to as main memory or internal memory for short). For storing instruction information and/or data information represented by data signals, such as data provided by the processor 12 (e.g., as a result of an operation), and may also be used to effect data exchange between the processor 12 and the external storage device 16 (otherwise known as secondary or external memory).

In some cases, the processor 12 may need to access the memory 14 to retrieve data in the memory 14 or to modify data in the memory 14. Because of the slower access speed of memory 14, computer system 10 further includes a cache memory 18 coupled to bus 11 for caching some of the program data or message data in memory 14 that may be repeatedly called for in order to mitigate speed gaps between processor 12 and memory 14. The cache memory 18 is implemented by a type of memory device such as a static random access memory (Static Random Access Memory, abbreviated as SRAM). The Cache memory 18 may have a multi-level structure, such as a three-level Cache structure having a first-level Cache (L1 Cache), a second-level Cache (L2 Cache), and a third-level Cache (L3 Cache), or may have a three-level or more Cache structure or other type of Cache structure. In some embodiments, a portion of cache memory 18 (e.g., a level one cache, or a level one cache and a level two cache) may be integrated within processor 12 or in the same system on a chip as processor 12.

Based on this, the processor 12 may include an instruction execution unit 121, a memory management unit 122, and the like. The memory management unit 122 is configured to translate the virtual addresses specified by the instructions into the physical addresses mapped by the virtual addresses, and the physical addresses specified by the write access request may be consistent with the physical addresses specified by the corresponding instructions.

The information interaction between memory 14 and cache 18 is typically organized in blocks. In some embodiments, the cache 18 and the memory 14 may be divided into data blocks in the same spatial size, and the data blocks may be the smallest unit of data exchange (including one or more data of a preset length) between the cache 18 and the memory 14. For simplicity and clarity of description, each data block in the cache memory 18 is referred to below as a cache block (which may be referred to as cacheline or a cache line) and different cache blocks have different cache block addresses, and each data block in the memory 14 is referred to below as a memory block and different memory blocks have different memory block addresses. The cache block address includes, for example, a physical address tag for locating the data block.

Due to space and resource constraints, the cache memory 18 cannot cache the entire contents of the memory 14, i.e., the size of the cache memory 18 is generally smaller than the memory 14, and each cache block address provided by the cache memory 18 cannot correspond to the entire memory block address provided by the memory 14. When the processor 12 needs to access the memory, it first accesses the cache memory 18 via the bus 11 to determine whether the content to be accessed is already stored in the cache memory 18, if so, the cache memory 18 hits, at which time the processor 12 directly calls the content to be accessed from the cache memory 18, and if the content to be accessed by the processor 12 is not in the cache memory 18, the processor 12 needs to access the memory 14 via the bus 11 to find the corresponding information in the memory 14. Because the access rate of the cache memory 18 is very fast, the efficiency of the processor 12 may be significantly improved when the cache memory 18 hits, thereby also improving the performance and efficiency of the overall computer system 10.

In addition, computer system 10 may also include input/output devices such as storage device 16, display device 13, audio device 14, mouse/keyboard 15, and the like. The storage device 16 is, for example, a hard disk, an optical disk, a flash memory, or the like coupled to the bus 11 through a corresponding interface for information access. A display device 13 is coupled to the bus 11, for example via a corresponding graphics card, for displaying in accordance with display signals provided by the bus 11.

Computer system 10 also typically includes a communication device 17, and thus may communicate with a network or other device in a variety of ways. The communication device 17 may comprise, for example, one or more communication modules, and the communication device 17 may comprise, as an example, a wireless communication module adapted for a particular wireless communication protocol. For example, the communication device 17 may include a WLAN module for implementing Wi-FiTM communications compliant with the 802.11 standards established by the Institute of Electrical and Electronics Engineers (IEEE), the communication device 17 may also include a WWAN module for implementing wireless wide area communications compliant with cellular or other wireless wide area protocols, the communication device 17 may also include a Bluetooth module or other communication module employing other protocols, or other custom type of communication module, and the communication device 17 may also be a port for serially transmitting data.

Of course, the architecture of different computer systems may vary depending on the motherboard, operating system, and instruction set architecture. For example, many computer systems are currently provided with an input/output control center connected between the bus 11 and the various input/output devices, and the input/output control center may be integrated within the processor 12 or independent of the processor 12.

Also shown is a safety assembly 19 for practicing an embodiment of the present disclosure. As shown therein, the security component 19 is integrated within the computer system 10 and communicates with other components via the bus 11, for example, the security component 19 may be coupled to the computer system 10 by a printed circuit board or various boards. The security component 19 may act as a trusted platform module, placing some important information and some security-critical operations on the security component 19. For example, the password generation operation is performed in the security component 19, such as generating a public key and a private key in one computer system 10 using a root key stored in the security component 19, then encrypting important data using the private key and issuing the public key, then transmitting the encrypted important data to another computer system 10, and obtaining a corresponding public key in the other computer system 10 and decrypting with the public key, thereby obtaining important data, and thus, all the password processing is performed in the security component 19, thereby improving security. For another example, the root password and the security configuration information may be placed in the security component 19, for example, to store the configuration information of the BIOS, read the configuration information after the security chip is started, and verify the configuration information of the BIOS during actual running with the configuration information, so as to determine whether the BIOS is started correctly. The specific structure and function of the security assembly 19 provided by embodiments of the present disclosure will be described in detail hereinafter.

The security component 19 provided by the embodiments of the present disclosure may also be applied in electronic devices of embedded systems, such as various consumer electronics, ioT devices, mobile terminals, smart homes, robotic controllers, vehicle terminals, industrial control devices, and the like. Fig. 4 shows a system architecture diagram of an embedded system 400.

Although embedded systems have a high degree of similarity in hardware architecture to computer systems, the features of the embedded system application make the embedded system significantly different in terms of hardware composition and implementation form from general-purpose computer systems.

First, in order to meet the requirements of the embedded system 400 in terms of speed, volume and power consumption, data that needs to be stored for a long period of time, such as an operating system, application software, and special data, a storage medium with a large capacity and a slow speed, such as a magnetic disk, is usually not used, and a random access Memory 402 or a Flash Memory (Flash Memory) 403 is often used, as shown in fig. 1.

In addition, in the embedded system 400, an a/D (analog/digital conversion) interface 405 and a serial interface 406 are required for measurement and control, which is rarely used in general-purpose computers. The a/D interface 405 mainly performs conversion of analog signals to digital signals and conversion of digital signals to analog signals required in the test. The embedded system 400 is often required to be tested when applied to industrial production. Since the single-chip microcomputer generates digital signals, the signals need to be converted into analog signals for testing, and thus, the a/D (analog/digital conversion) interface 405 is required to perform related conversion unlike a general-purpose computer. In addition, the industry often requires multiple embedded systems to be connected in series to perform the relevant function, and thus requires a serial interface 406 for connecting the multiple embedded systems in series, which is not required in general purpose computers.

In addition, as a basic processing unit, it is often necessary in industrial design to connect a plurality of embedded systems 400 into a network, and thus a network interface 407 to connect the embedded systems 400 into the network is required. This is also mostly not required in general purpose computers. In addition, some embedded systems 400 use external buses 404, depending on the application and the size. With the rapid expansion of the application fields of the embedded system 400, the embedded system 400 tends to be personalized, and the variety of buses is also increased according to the characteristics of the embedded system 400. In addition, in order to test the internal circuits of the embedded processor 401, the processor chip generally adopts a boundary scan test technology. To accommodate this test, debug interface 408 is employed.

As shown in the figures, the security assembly 19 communicates with other components via the bus 11, for example, the security assembly 19 is secured in the embedded system 400 by a welding process. The security component 19 acts as a trusted platform module that can provide a higher level of security than other components of the embedded system, thus placing some of the important information in the embedded system and some of the important operations of curing in the security chip. In addition to placing the root password and security configuration information in the security component 19 and the password generation operation in the security component 19 as described above, for example, operations such as payment verification may also be placed in the security component 19.

With the rapid development of very large scale integrated circuits (VERY LARGE SCALE Integration) and semiconductor processes, part or all of the above-mentioned embedded systems can be implemented on a single silicon chip, i.e., an embedded system on a chip (SoC).

Fig. 5a is a schematic diagram of an exemplary embedded system-on-chip (SoC). As depicted, system on chip 500 includes an Arithmetic Logic Unit (ALU) 501, registers 502, and a control unit 503. The arithmetic logic unit 501 completes the actual operation processing. The register 502 is used to store instructions during arithmetic processing, intermediate results during arithmetic processing, and the like. The control unit 503 controls access to the external RAM 511 and flash memory 512.

When executing an instruction to be executed, ALU 501 carries the instruction to be executed from RAM 511 or flash memory 512 into register 502 and receives the next fetch address or obtains the next fetch address by calculation according to a fetch algorithm, such as, for example, incrementing the address or decrementing the address according to the instruction length.

After fetching the instruction, the ALU 501 enters an instruction decode stage that decodes the fetched instruction in accordance with a predetermined instruction format to obtain operand fetch information required by the fetched instruction, in preparation for execution of the instruction. Operand fetch information refers to, for example, addresses in RAM 511 or flash 512, etc. After decoding, the ALU acquires the operand stored in the RAM 511 or the flash memory 512 according to the operand acquisition information, and performs processing.

The ALU 501, when executing some type of instruction (e.g., a memory access instruction), needs to access the RAM 511 or flash memory 512 to retrieve information stored therein or to provide data that needs to be written into the RAM 511 or flash memory 512.

After the access instruction is fetched by the ALU 501, the ALU 501 may decode the access instruction so that the source operands of the access instruction may be fetched. The ALU 501 may perform a corresponding operation on a source operand of the access instruction (e.g., an operation on a source operand stored in a register by an arithmetic logic unit) to obtain address information corresponding to the access instruction, and initiate a corresponding request, such as an address translation request, a write access request, and the like, according to the address information.

The source operands of the memory instructions typically include address operands. ALU 501 operates on the address operand to obtain the virtual address corresponding to the memory access instruction. The ALU 501 initiates an address translation request to the control unit 503 based on the virtual address, the address translation request including a virtual address corresponding to an address operand of the memory instruction. The control unit 503 responds to the address translation request and translates the virtual address in the address translation request to a physical address according to an entry matching the virtual address so that the ALU 501 can access the RAM 511 or flash memory 512 according to the translated physical address.

Depending on the functionality, the memory access instructions may include load instructions and store instructions. The execution of the load instruction typically does not require modification of the information in RAM 511 or flash 512, and ALU 501 only needs to read the data stored in RAM 511 or flash 512 or an external storage device based on the address operand of the load instruction.

Unlike load instructions, where the source operands of store instructions include not only address operands but also data information, the execution of store instructions typically requires modifications to RAM 511 or flash memory 512. The data information of the store instruction may point to write data, where the source of the write data may be the execution result of an instruction such as an operation instruction or a load instruction, or may be data in the register 502, or may be an immediate.

As shown, the security component 19 is located external to the system on chip 500 and is communicatively coupled to the register 502 and the control unit 503. The security component 19 may be used to increase the security of the system-on-chip. For example, the control unit 503 may be configured to control a start-up procedure of the system on chip 500, specifically, when the system on chip 500 is powered up, the control unit 503 delivers a flow control right to the security component 19, the security component 19 executes a curing program through an internal processor to load security configuration information into each register, and then the control unit 503 receives the flow control right to start up the system on chip under the security configuration information.

Fig. 5b is a schematic diagram of an exemplary embedded system-on-chip (SoC). As shown on the figure, the system on chip 510 has the same Arithmetic Logic Unit (ALU) 501, registers 502 and control unit 503 as in fig. 5 a. The difference is that in this example the security component 19 is integrated inside the system on chip 510.

In addition, the safety component can be used as an independent device and can be connected with the system through an external interface such as USB to realize safety protection. Such a security component or a system comprising such a security component may be used in application scenarios where there is a high demand for system security and a high demand for preload speed, such as financial payments, online identity authentication, copyright protection, tracking of consumable usage, device authentication, industrial control, video conferencing, medical services, game authentication, etc.

Fig. 6a is an exemplary block diagram of a security component provided by an embodiment of the present disclosure. As shown in the figure, the security component 60 includes a processing unit 601, a read only memory 602, a random access memory 603, a flash memory 604, an I/O interface 605, a clock circuit 621, a reset circuit 622, and a preload management apparatus 611. The clock circuit 621 and the reset circuit 622 are structures and functions in a general sense, and will not be described in detail here. Read only memory 602 typically stores fixed program code such as an Operating System (OS), kernel, device drivers, and random access memory 603 stores running program code and data to be used, and flash memory 604 typically stores application programs and data. The I/O interface 605 provides an input-output interface for communication with external devices.

The cryptographic algorithm module 612 is program instructions related to cryptographic techniques for implementing cryptographic generation, encryption, decryption, etc. The processing unit 601 may be a microprocessor, a microcontroller, a processor, an image processor, an acceleration unit, or the like, and after the operation of the preload management apparatus 611 is completed, the processing unit 601 may read and execute the above program instructions.

The preload management apparatus 611 is a hardware module for implementing the preload scheme of the embodiment of the present disclosure, and is used to implement loading of items to be configured into registers (not shown in the figure), for example, registers in the processing unit 601 or registers in a processing unit other than the secure component. The preload management apparatus 611 is started after the secure element 60 is powered up, and other components such as the processing unit 601, the rom 602, the ram 603, the flash memory 604, the I/O interface 605, the clock circuit 621, the reset circuit 622, etc. must be started after the operation of the preload management apparatus 611 is completed, so as to ensure that the running environment of the whole system is controlled by the secure configuration of the preload management apparatus 611.

The read-only memory 602 may be further classified into a programmable read-only memory (PROM), an erasable programmable read-only memory (EPROM), an electrically erasable programmable read-only memory (EEPROMEEPROM). The programmable read-only memory is a one-time programmable memory (One Time Programmable Memory) which can be written once and cannot be modified. The erasable programmable read-only memory can be repeatedly erased and written, so that the defect that the PROM can be written once is overcome, but an EPROM (erasable programmable read-only memory) is required to be erased by an EPROM (erasable programmable read-only memory). An eeprom can be erased and reprogrammed (rewritten) by an action higher than ordinary voltage.

Sensitive information and root keys as described in the background may be stored in read-only memory 602 and loaded into registers (not shown) after the security component is booted. To avoid tampering of sensitive information and root keys, the read-only memory 602 may also be a programmable read-only memory (PROM).

It should be noted that the structural diagram of the security assembly shown in fig. 6a is used as an exemplary description only, and is not intended to limit the actual structure of the security assembly. In the field of product design and manufacturing, designers may purposefully adjust the hardware and software architecture based on a number of influencing factors, such as specific purposes, manufacturing processes, and economic benefits, for example, the ram 603 and flash 604 may be adjusted to other memories for power consumption and price reasons, or the cryptographic algorithm module 612 may be eliminated without requiring cryptographic processing functionality.

Fig. 6b is another exemplary block diagram of a security component provided by an embodiment of the present disclosure. The difference with fig. 6a is that the preload management apparatus 611 is integrated inside the processing unit 601. The security component 60 is powered up and then starts the preload management apparatus 611, such as other components in the processing unit 601, the rom 602, the ram 603, the flash memory 604, the I/O interface 605, the clock circuit 621, the reset circuit 622, and other components must be started after the operation of the preload management apparatus 611 is completed, so as to ensure that the running environment of the whole system is controlled by the security configuration of the preload management apparatus 611.

Furthermore, the security component described above may be implemented as an embedded system or a system on chip, which when implemented as a system on chip may further be implemented as a security chip as described in the background.

In addition, when the above-mentioned security component is integrated in an embedded system or a computer system, the security component can be set to be started after the system is powered on and can be used as a starting point of system start.

FIG. 7 is a schematic diagram of an embodiment of the preload management apparatus shown in FIG. 6 a. As shown, read only memory 616 stores a plurality of items 1-n to be loaded. The ROM 616 and the ROM 602 of FIG. 6a may be the same or different. The preload management apparatus 611 is configured to read a plurality of items 1-n to be loaded, and store the items in a plurality of registers, respectively. According to different meanings of the items to be loaded, different registers in the security component 60 are used for storing the corresponding items to be loaded, for example, if the items to be loaded are root keys, the key registers are used, if the items to be loaded are a plurality of security configuration information, the plurality of security configuration information are stored in the corresponding control registers of the plurality of control registers, and the processing unit 601 can perform cryptographic algorithm processing according to program instructions stored in the memory and perform security configuration by using the security configuration information at system startup.

As shown in the figure, the preload management apparatus 611 includes a random number generator 612 and a preload controller 614. The random number generator 612 is used to generate a random code. The preload controller 614 determines the loading order of the plurality of items 1-n to be loaded based on the random code. More specifically, the random number generator 612 is capable of generating the same number of random codes as the number of items to be loaded, and the preload controller 614 maintains a correspondence rule of the random codes with the items to be loaded, and when the random codes are received, determines the corresponding items to be loaded according to the correspondence rule and stores them in the corresponding registers.

The timing of the operation of the random number generator 612 and the preload controller 614 is described in more detail below. First, the random number generator 612 is started to generate a first random code, the preloading controller 614 finds a to-be-loaded item corresponding to the first random code from the corresponding rule of the random code and the to-be-loaded item according to the first random code, loads the to-be-loaded item, the random number generator 612 continues to work to generate a second random code, the preloading controller 614 finds a to-be-loaded item corresponding to the second random code from the corresponding rule of the random code and the to-be-loaded item according to the second random code, loads the to-be-loaded item, and the like.

Based on the above, since the random number generator is uncontrollable in operation, the loading time of all the items to be loaded is unpredictable, so that the security of the loading process is improved.

As an alternative embodiment, as shown in the figure, the preload management apparatus 611 further includes a preload counter 613. The preload counter 613 is used to count the load of the preload controller 614, and the preload counter 613 increases the number of loads by 1 every time the preload controller 614 loads one to-be-loaded item into the register. The preload controller 614 judges in real time whether the number of loads of the preload counter 613 is equal to the number of items to be loaded, if the number of loads of the preload counter 613 is equal to the number of items to be loaded, gives control right to the next processing module, if the number of loads of the preload counter 613 is not equal to the number of items to be loaded, gives warning information, and sets the security component back to the initial state to repeat the power-on start process, or simply directly prompts that the system is abnormal.

As an alternative embodiment, as shown in the figure, the preload controller 614 also maintains a preload state table. The preload state table comprises a plurality of data items C0-Cn which are the same as the plurality of items to be loaded and correspond to each other. The current state of the corresponding to-be-loaded item is stored in each data item, for example, 0 is used for indicating that the corresponding to-be-loaded item is not loaded, 1 is used for indicating that the corresponding to-be-loaded item is loaded, and each time one to-be-loaded item is loaded by the pre-load management device 611, the numerical value of the corresponding data item of the pre-load state table is modified. The preload controller 614 looks at the values of the various data items of the preload state table in real time to determine if the preload process is complete, i.e., if all the items to be loaded have been loaded. When the preloading controller 614 determines that the preloading process is complete, control is given to the next processing module, if it determines that the preloading process is incomplete, an alarm message is given, and the security chip is set back to the initial state to repeat the power-on starting process, or to simply directly prompt that the system is abnormal.

As an alternative embodiment, the preload management apparatus 611 may use the preload state table and the preload counter 613 to collectively determine whether the preload process is complete. Specifically, the preload controller 614 determines in real time whether the number of loads of the preload counter 613 is equal to the number of items to be loaded, if the number of loads of the preload counter 613 is equal to the number of items to be loaded, continues to look at the values of the respective data items of the preload state table to determine whether the corresponding items to be loaded have all been loaded, if the number of loads is equal to the number of items to be loaded and it can be determined through the preload state table that the plurality of items to be loaded have all been loaded, passes control to the next processing module, if at least one of them is not satisfied, gives an alarm message, and sets the security component back to the initial state to repeat the power-on start process, or simply directly prompts that the system is abnormal.

As an alternative embodiment, the number of random codes generated by the random number generator 612 may be greater than the number of to-be-loaded items, and since the pre-load controller 614 maintains the rule corresponding to the random codes and to-be-loaded items, when the random code received by the pre-load controller 614 cannot find the to-be-loaded item corresponding to the random code in the rule, the pre-load controller 614 is in a sleep state to wait for the next random code.

Based on the above, the integrity of the preloading procedure is determined by using the preloading state table and the preloading counter together, so that the security component can be prevented from being skipped by physical attacks.

FIG. 8 is a schematic diagram of another embodiment of the preload management apparatus shown in FIG. 6 a. The preload management apparatus 711 is configured to read a plurality of to-be-loaded items 1-n and store the to-be-loaded items in a plurality of registers, respectively. According to different meanings of the items to be loaded, storing corresponding items to be loaded by adopting different registers, for example, if the items to be loaded are root keys, using a key register, and if the items to be loaded are a plurality of pieces of security configuration information, storing the plurality of pieces of security configuration information into corresponding control registers of a plurality of control registers.

As shown in the figure, the preload management apparatus 711 includes all the modules in fig. 7 and these modules have the same functions, and furthermore, the preload management apparatus 711 further includes a verification unit 615, and the verification unit 615 performs verification using a check word. The verification here has the following two meanings.

First, check the entry to be loaded with a check word to verify if it is corrupted or tampered with.

As shown in the figure, the rom 616 pre-stores a plurality of check words 1-n, and the check unit 615 reads one of the plurality of check words 1-n at a time and determines whether the check word matches the corresponding entry to be loaded, if so, continues the subsequent operation, and if not, sets the security component back to the initial state to repeat the start-up process, or simply directly determines that the system is abnormal.

Because of the effect of the random code, when the preload controller 614 randomly loads the items 1 to n to be loaded, and at a certain moment, the preload controller 614 loads the specific item K to be loaded, the check unit 615 reads the check word K corresponding to the item K to be loaded, calculates the theoretical check word according to the item K to be loaded, and then compares the theoretical check word with the check word K to determine whether the matching is performed.

In this case, the check words 1-n and the items 1-n to be loaded may be stored in a distributed manner, so that when the content of the items to be loaded is destroyed or tampered, it can be determined according to the check words that are not tampered or destroyed. For example. If one knows the approximate storage location of the root key on the security component and attacks it by means of electromagnetic radiation or the like, the root key can be verified from the check words, since the root key is stored in a decentralized manner with its associated check words, the corresponding check words being correct when the root key is destroyed.

And secondly, checking whether the system is normal or not by using the check word. The check unit 615 reads the check word randomly and judges whether the check word meets a specific rule, if not, the security component is set to return to the initial state, and the power-on is restarted or only alarm information is given.

Fig. 9 shows a data structure diagram of an exemplary random code. As illustrated, the random code 90 is three items of 8bits data. Flag occupies 1 bit, and when the value is 0, it indicates reading check words, and when the value is 1, it indicates reading the item to be loaded. Check Word Index indicates the Check Word sequence number to be read. The Content Index indicates the sequence number of the item to be loaded to be read.

Fig. 10a and 10b are flowcharts of a preloading method provided by embodiments of the present disclosure. Wherein S110 is the same as S110 in fig. 1, and a detailed description thereof will be omitted. In addition, the random code of the present embodiment adopts the data structure shown in fig. 9. In fig. 10a, the following steps are included.

Step S121 acquires a random code.

Step S122 determines whether the highest bit of the random code is 1. If 1, step S124 is performed, otherwise step S123 is performed. The highest bit of the random code is 1, which represents reading the item to be loaded, and the highest bit of the random code is 0, which represents reading the check word.

Step S123 acquires a Check Word from the position indicated by Check Word Index.

Step S124 obtains the item to be loaded from the location indicated by the Content Index.

Step S125 stores the item to be loaded to the corresponding control register or key register.

Step S126 updates the preload state table and the preload counter. I.e. updating the data item corresponding to the currently read item to be loaded in the preload state table.

Wherein steps S121 to S126 are repeatedly performed, typically the number of repetitions is greater than or equal to the number n of the plurality of items to be loaded.

Step S127 judges that the check word is correct, if so, the execution continues at step S121, otherwise, the preloading is abnormal, the process is abnormal, and the system can be controlled to restart.

In fig. 10b, the following steps are included.

Step S130 determines whether the preload state table matches the load count of the preload counter. If yes, step S131 is executed, otherwise, the pre-loading exception is indicated, the process is ended abnormally, and the system can be controlled to restart.

Step S131, the preloading state table and the loading times of the preloading counter are both indicative of the end of the preloading procedure. If yes, continuing the subsequent step of system starting, if not, otherwise, indicating that the preloading is abnormal, ending the process abnormally, and controlling the system to restart.

Of course, the preloading method provided by the embodiments of the present disclosure does not limit the necessity of employing the data structure described in fig. 9. When the random code adopts other data structures, the flow of the preloading method is changed. For example, if the random code contains only two entries, the first entry indicates the corresponding entry to be loaded, i.e. indicates the position of one entry to be loaded, and the second entry indicates the corresponding check word, i.e. indicates the position of one check word. When the preloading process starts, a random code is acquired, then the position of a corresponding item to be loaded is acquired from a first item of the random code, the corresponding item to be loaded is acquired and stored in a register according to the position, a preloading counter is updated, then the position of a corresponding check word is acquired from a second item of the random code, then the corresponding check word is acquired from the position of the corresponding check word for verification, and when the verification fails, the process is abnormally ended. The steps are executed for a plurality of times (the number of times of execution can be equal to the number of items to be loaded or check words), and then the preload state table and the preload counter are judged to determine whether the security chip is normal.

It should be appreciated that the preloading method described above is typically implemented in hardware, but in theory could also be implemented in software, if implemented in software, that it could be integrated in the boot firmware that is enabled prior to the operating system to improve system security.

Commercial value of embodiments of the present disclosure

Currently, various intelligent devices face serious security challenges. The safety component provided by the embodiment of the disclosure can be used as an independent device for providing safety protection for the intelligent equipment, and can be integrated in the intelligent equipment for providing safety protection for the intelligent equipment. The security component provided by the formula embodiment has universality and can be implemented in various systems including computer systems and embedded systems. Meanwhile, the security component of the embodiment of the present disclosure may be used in various electronic products, for example, in vehicle-mounted terminals, smart home, consumer electronic products, programmable controllers (Programmable Logic Controller), robot controllers, game terminals, financial service terminals, video conference terminals, medical service terminals, and the like. By means of the safety assembly, the safety performance of various electronic products can be significantly improved, and because the cost of the components required for the safety assembly is relatively limited, in particular, the possibility of multiplexing parts already equipped in the existing system exists, the cost of the electronic products to be increased is relatively limited as a whole.

Those skilled in the art will appreciate that the present disclosure may be implemented as a system, method, and computer program product. Accordingly, the present disclosure may be embodied in the form of hardware entirely, software (including firmware, resident software, micro-code), or in a combination of software and hardware. Furthermore, in some embodiments, the present disclosure may also be embodied in the form of a computer program product in one or more computer-readable media having computer-readable program code embodied therein.

Any combination of one or more computer readable media may be employed. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. The computer readable storage medium is, for example but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the above. More specific examples of a computer-readable storage medium include an electrical connection, by way of one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical memory, a magnetic memory, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with a processing unit, apparatus, or device.

The computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, either in baseband or as part of a notch. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any other suitable combination. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction system, apparatus, or device.

Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., and any suitable combination of the foregoing.

Computer program code for carrying out embodiments of the present disclosure may be written in one or more programming languages or combinations. The programming languages include object oriented programming languages such as JAVA, c++, and may also include conventional procedural programming languages such as C. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computer (for example, through the Internet using an Internet service provider).

The foregoing is merely a preferred embodiment of the present disclosure, and is not intended to limit the present disclosure, so that various modifications and changes may be made to the present disclosure by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present disclosure should be included in the protection scope of the present disclosure.

Claims

1. A security component comprising a memory, a plurality of registers, and a preload management device, the memory storing a plurality of items to be configured, the preload management device being booted upon power-up of the security component, comprising:

A random number generator for generating a random code for indicating the respective configuration items of the plurality of items to be configured;

And the preloading controller is used for reading the corresponding configuration items according to the random codes and loading the corresponding configuration items into corresponding registers of the registers.

2. A security component according to claim 1, the preload management apparatus comprising a preload counter which counts the loads of the preload controller, the preload controller further maintaining a preload state table comprising a plurality of data items each for characterising whether the respective item to be configured has been loaded into a respective register, the preload controller determining whether the plurality of items to be configured have been loaded in dependence upon the preload state table and the count value of the preload counter and determining therefrom whether a preload process is complete and controlling the security component to restart in the event that the preload process is incomplete.

3. The security component of claim 1, the memory further storing a plurality of check words, the preload controller further configured to read the plurality of check words for verification and determine whether the security component needs to be controlled to restart based on a result of the verification.

4. A security component according to claim 3, the random code further for indicating a respective check word of the plurality of check words, the preload controller reading the respective check code for verification in accordance with the random code.

5. The security component of claim 4, the random code further comprising an identification for characterizing a check or a load, the preload controller to randomly perform the check or load operation based on the determination of the random code.

6. The security component of claim 3, the plurality of check words corresponding one-to-one to the plurality of items to be configured, the preload controller checking whether the plurality of items to be configured are correct based on the plurality of check words.

7. The security component of claim 3, the plurality of check words and the plurality of items to be configured are stored scattered on the memory.

8. The security component of claim 1, the memory being a read-only memory.

9. The security component of claim 8, the read-only memory being one-time programmable memory.

10. The security component of claim 1, further comprising a processing unit, the plurality of registers being located internal to the processing unit, the processing unit completing a system boot with the plurality of items to be configured.

11. A security assembly according to any one of claims 1 to 10, wherein the preload management apparatus is integrated in a processing unit.

12. The security component of claim 10, the plurality of items to be configured comprising a root password and security configuration information, the preload controller loading the root password into a password register, loading the security configuration information into a control register, the processing unit executing, during startup, cryptographic algorithm processing and program instructions for security configuration.

13. The security component of claim 1, the security component being a system-on-chip.

14. The security component according to any one of claims 1 to 10 or 12 to 13, applied to a vehicle terminal, smart home, consumer electronics, robotic controller, programmable controller, financial services terminal or video conferencing terminal.

15. An embedded system comprising the security component of any one of claims 1 to 13.

16. A computer system comprising a security component as claimed in any one of claims 1 to 13.

17. A system on a chip comprising a security assembly as claimed in any one of claims 1 to 13.

18. A method of preloading, the preloading procedure being performed after a system is powered up, the preloading procedure comprising the following steps, which are repeatedly performed for a plurality of items to be configured:

Acquiring a random code, wherein the random code is used for indicating corresponding configuration items of the plurality of items to be configured;

19. The preloading method of claim 18, further comprising

Counting the load operations;

and determining whether the plurality of items to be configured are loaded completely according to the preloading state table and the loading count value, and judging whether the preloading process is complete according to the loading completion.

20. The method of preloading according to claim 18, further comprising reading a plurality of check words pre-stored for checking to determine if the preloading procedure is normal.

21. The method of preloading of claim 20, said random code further being used for indicating respective ones of said plurality of check words, said method further comprising reading said respective check codes for verification in accordance with said random code.

22. The method of preloading according to claim 21, wherein the random code further comprises an identification for characterizing verification or loading, the method further comprising determining the random code to randomly perform verification or loading operations.

23. The method of preloading according to claim 22, wherein the plurality of check words correspond to the plurality of items to be configured one by one, the method further comprising checking whether the plurality of items to be configured are correct based on the plurality of check words.

24. The method of preloading of claim 18, the plurality of items to be configured being stored in a read-only memory.