CN118278058B

CN118278058B - Anti-attack chip

Info

Publication number: CN118278058B
Application number: CN202410702708.5A
Authority: CN
Inventors: 苏振宇; 何伟
Original assignee: Suzhou Metabrain Intelligent Technology Co Ltd
Current assignee: Suzhou Metabrain Intelligent Technology Co Ltd
Priority date: 2024-05-31
Filing date: 2024-05-31
Publication date: 2024-08-16
Anticipated expiration: 2044-05-31
Also published as: CN118278058A

Abstract

The application relates to the technical field of chips, in particular to an anti-attack chip. The anti-attack chip comprises: the device comprises a parameter detection component, a detection result processing component and a chip functional component, wherein the parameter detection component detects the parameter attribute of an input parameter and generates a parameter detection result; and the detection result processing component transmits the input parameters to the chip functional component when the parameter detection results represent that the input parameters are normal parameters. Therefore, the situations that an attacker utilizes the anti-attack chip to provide a logic interface for external operation, and the buffer area of the anti-attack chip overflows, the address space crosses the boundary and the like are caused by inputting malicious instructions, illegal data and the like are avoided, so that the purposes of covering key data in the anti-attack chip and injecting illegal data are achieved, and the usability of the anti-attack chip is affected. Therefore, the anti-attack chip provided by the embodiment of the application ensures the security of the anti-attack chip.

Description

Anti-attack chip

Technical Field

The invention relates to the technical field of chips, in particular to an anti-attack chip.

Background

An Integrated Circuit (IC) is a chip made by placing a large number of microelectronic components such as transistors, resistors, capacitors and the like on a plastic substrate through photolithography and other processes, and is generally composed of a processing unit, a volatile memory RAM, a nonvolatile memory ROM/EEPROM/Flash, an I/O interface and other circuit modules, and is connected with other external modules through leading out metal PIN PINs as physical interfaces. According to different functions and application scenes, some chips also comprise a password operation module, a random number generator and other security modules, and a software interface is provided as a logic interface for operating the chip.

As IC technology continues to develop, attack means on ICs also have a tendency to diversify. The most common attack means at present are: the logic injection attack, namely an attacker utilizes the IC chip to provide a logic interface for external operation, and the situations of overflow of a chip buffer area, out-of-range address space and the like are caused by inputting malicious instructions, illegal data and the like, so that the purposes of covering key data in the chip and injecting the illegal data are achieved, and the usability of the chip is affected.

Therefore, how to prevent the logic injection attack on the chip becomes a problem to be solved.

Disclosure of Invention

In view of this, the present invention provides an anti-attack chip to solve the problem of how to prevent the chip from performing logic injection attack.

In a first aspect, the present invention provides an anti-attack chip, the anti-attack chip comprising: the device comprises a parameter detection component, a detection result processing component and a chip functional component, wherein the input end of the parameter detection component is connected with a parameter input end, the output end of the parameter detection component is connected with the input end of the detection result processing component, and the output of the detection result processing component is connected with the chip functional component, wherein:

The parameter detection component is used for detecting the parameter attribute of the input parameter and generating a parameter detection result; the parameter attribute comprises at least one of the number of parameters, the type of parameters and the access address corresponding to the input parameters;

And the detection result processing component is used for transmitting the input parameters to the chip functional component when the parameter detection result represents that the input parameters are normal parameters.

The anti-attack chip and the parameter detection component are used for detecting the parameter attribute of the input parameter and generating a parameter detection result; the parameter attribute comprises at least one of the parameter number, the parameter type and the access address corresponding to the input parameter, so that the detection of the at least one of the parameter number, the parameter type and the access address corresponding to the input parameter is realized. And the detection result processing component is used for transmitting the input parameters to the chip functional component when the parameter detection result represents that the input parameters are normal parameters. Therefore, the situations that an attacker utilizes the anti-attack chip to provide a logic interface for external operation, and the buffer area of the anti-attack chip overflows, the address space crosses the boundary and the like are caused by inputting malicious instructions, illegal data and the like are avoided, so that the purposes of covering key data in the anti-attack chip and injecting illegal data are achieved, and the usability of the anti-attack chip is affected. Therefore, the anti-attack chip provided by the embodiment of the application ensures the security of the anti-attack chip.

In an alternative embodiment, the parameter detecting component includes at least one of a parameter number detecting unit, a parameter type detecting unit, and a parameter access address detecting unit, where the parameter number detecting unit, the parameter type detecting unit, and the parameter access address detecting unit are all connected to the detection result processing component, and where:

The parameter quantity detection unit is used for detecting the parameter quantity corresponding to the input parameter and generating a first parameter detection result;

The parameter type detection unit is used for detecting the parameter type corresponding to the input parameter and generating a second parameter detection result;

The parameter access address detection unit is used for detecting an access address corresponding to an input parameter and generating a third parameter detection result;

The detection result processing component is used for transmitting the input parameters to the chip functional component when the first parameter detection result, the second parameter detection result and/or the third parameter detection result represents that the input parameters are normal parameters.

The anti-attack chip provided by the embodiment of the application is provided with a parameter quantity detection unit, a parameter quantity detection unit and a parameter quantity detection unit, wherein the parameter quantity detection unit is used for detecting the parameter quantity corresponding to an input parameter to generate a first parameter detection result; the parameter type detection unit is used for detecting the parameter type corresponding to the input parameter and generating a second parameter detection result; the parameter access address detection unit is used for detecting an access address corresponding to an input parameter and generating a third parameter detection result; the detection result processing component is used for transmitting the input parameters to the chip functional component when the first parameter detection result, the second parameter detection result and/or the third parameter detection result represent that the input parameters are normal parameters, so that the safety of the anti-attack chip is ensured.

In an alternative embodiment, the parameter number detecting unit is configured to count the input parameters to obtain the parameter number corresponding to the input parameters; comparing the parameter number with a preset parameter number threshold value to generate a first comparison result; and transmitting the first comparison result as a first parameter detection result to a detection result processing component.

The anti-attack chip provided by the embodiment of the application is provided with a parameter quantity detection unit which is used for counting input parameters to obtain the parameter quantity corresponding to the input parameters; and comparing the parameter quantity with a preset parameter quantity threshold value to generate a first comparison result, so that the accuracy of the generated first comparison result is ensured. And the first comparison result is used as a first parameter detection result to be transmitted to the detection result processing component, so that the accuracy of the detection result processing component for obtaining the first parameter detection result is ensured.

In an optional implementation manner, the detection result processing component is configured to determine that the first parameter detection result represents that the input parameter is a normal parameter if the first comparison result is that the parameter number is equal to a preset parameter number threshold; if the first comparison result is that the parameter number is not equal to the preset parameter number threshold, determining that the first parameter detection result represents that the input parameter is an abnormal parameter.

The anti-attack chip provided by the embodiment of the application is provided with a detection result processing component, wherein the detection result processing component is used for determining that the first parameter detection result represents that the input parameter is a normal parameter if the first comparison result is that the parameter number is equal to a preset parameter number threshold value; if the first comparison result is that the parameter number is not equal to the preset parameter number threshold, determining that the first parameter detection result represents that the input parameter is an abnormal parameter, thereby ensuring the accuracy of the result of determining whether the input parameter is a normal parameter according to the parameter number corresponding to the input parameter, and further ensuring the safety of the anti-attack chip.

In an alternative embodiment, the parameter detection component comprises: the device comprises a counter, a first equal judging device, wherein the input end of the counter is connected with a parameter input end, the output end of the counter is connected with the first input end of the first equal judging device, the second input end of the first equal judging device is connected with a preset parameter quantity threshold value, and the output end of the first equal judging device is connected with a detection result processing component, wherein:

the counter is used for counting the input parameters to obtain the parameter quantity corresponding to the input parameters;

the first judgment device is used for comparing the parameter quantity with a preset parameter quantity threshold value and transmitting a first comparison result to the detection result processing component;

and the detection result processing component is used for determining a first parameter detection result according to the first comparison result.

The anti-attack chip and the counter provided by the embodiment of the application are used for counting the input parameters to obtain the parameter number corresponding to the input parameters, so that the accuracy of the determined parameter number corresponding to the input parameters is ensured. The first judgment device is used for comparing the parameter quantity with a preset parameter quantity threshold value and transmitting a first comparison result to the detection result processing component, so that the accuracy of the obtained first comparison result is ensured. And the detection result processing component is used for determining a first parameter detection result according to the first comparison result, so that the accuracy of the determined first parameter detection result is ensured.

In an alternative embodiment, the parameter detecting component further includes a first inverter, an input end of the first inverter is connected to an output end of the first equalizer, and an output end of the first inverter is connected to the detection result processing component: wherein:

The first equalizer is used for comparing the parameter number with a preset parameter number threshold value, and outputting a first signal with high level to the first inverter if the parameter number is equal to the preset parameter number threshold value; if the parameter number is not equal to the preset parameter number threshold, outputting a first signal with a low level to the first inverter;

the first inverter is used for carrying out reverse processing on the first signal output by the first equalizer and transmitting the first signal subjected to the reverse processing to the detection result processing component;

The detection result processing component is used for detecting the first signal after the reverse processing transmitted by the first inverter, and if the first signal after the reverse processing is at a low level, determining that the first parameter detection result represents that the input parameter is a normal parameter; if the first signal after the reverse processing is at a high level, determining that the first parameter detection result represents that the input parameter is an abnormal parameter.

The anti-attack chip provided by the embodiment of the application ensures the accuracy of the result of whether the input parameters are normal parameters or not according to the parameter quantity of the input parameters, thereby ensuring the safety of the anti-attack chip. Therefore, the situations that an attacker utilizes the anti-attack chip to provide a logic interface for external operation, and the buffer area of the anti-attack chip overflows, the address space crosses the boundary and the like are caused by inputting malicious instructions, illegal data and the like are avoided, so that the purposes of covering key data in the anti-attack chip and injecting illegal data are achieved, and the usability of the anti-attack chip is affected.

In an alternative embodiment, the parameter type detection unit is configured to compare a parameter type of the input parameter with a preset parameter type, and generate a second comparison result; and taking the second comparison result as a second parameter detection result.

The anti-attack chip and the parameter type detection unit are used for comparing the parameter type of the input parameter with a preset parameter type to generate a second comparison result; and the second comparison result is used as a second parameter detection result, so that the accuracy of the generated second comparison result is ensured.

In an optional implementation manner, the detection result processing component is configured to determine that the second parameter detection result represents that the input parameter is a normal parameter if the second comparison result is that the parameter type of the input parameter is consistent with the preset parameter type; if the second comparison result is that the parameter type of at least one input parameter is inconsistent with the preset parameter type, determining that the second parameter detection result represents that the input parameter is an abnormal parameter.

The anti-attack chip provided by the embodiment of the application is characterized in that the detection result processing component is used for determining that the second parameter detection result represents that the input parameter is a normal parameter if the second comparison result is that the parameter type of the input parameter is consistent with the preset parameter type; if the second comparison result is that the parameter type of at least one input parameter is inconsistent with the preset parameter type, determining that the input parameter represented by the second parameter detection result is an abnormal parameter ensures the accuracy of whether the input parameter determined according to the parameter type corresponding to the input parameter is a normal parameter.

In an alternative embodiment, the parameter type detection unit includes: the first input end of the second equal judging device is connected with the parameter input end, the second input end of the second equal judging device is connected with the preset parameter type, and the output end of the second equal judging device is connected with the detection result processing component, wherein:

the second judging device is used for comparing the parameter type of the input parameter with a preset parameter type and transmitting a second comparison result to the detection result processing component;

and the detection result processing component is used for determining a second parameter detection result according to the second comparison result.

The anti-attack chip and the second judging device provided by the embodiment of the application are used for comparing the parameter type of the input parameter with the preset parameter type and transmitting the second comparison result to the detection result processing component, so that the accuracy of the second comparison result is ensured. The detection result processing component is used for determining a second parameter detection result according to the second comparison result, so that the accuracy of determining the second parameter detection result is ensured, and the safety of the anti-attack chip can be ensured according to the second parameter detection result.

In an alternative embodiment, the parameter type detecting unit further includes a second inverter, where an input end of the second inverter is connected to an output end of the second comparator, and an output end of the second inverter is connected to the detection result processing component: wherein:

The second judging device is used for comparing the parameter type of the input parameter with the preset parameter type, and outputting a high-level second signal to the second inverter if the parameter type of the input parameter is consistent with the preset parameter type; if the parameter type of at least one input parameter is inconsistent with the preset parameter type, outputting a low-level second signal to the second inverter;

the second inverter is used for carrying out reverse processing on the second signal output by the second equalizer and transmitting the second signal subjected to the reverse processing to the detection result processing component;

the detection result processing component is used for detecting the second signal which is transmitted by the second inverter and is subjected to reverse processing, and if the second signal which is subjected to reverse processing is of a low level, the detection result of the second parameter is determined to represent that the input parameter is a normal parameter; if the second signal after the reverse processing is at a high level, determining that the second parameter detection result represents that the input parameter is an abnormal parameter.

The anti-attack chip provided by the embodiment of the application ensures the accuracy of the result of determining whether the input parameters are normal parameters according to the parameter types of the input parameters, thereby ensuring the safety of the anti-attack chip. Therefore, the situations that an attacker utilizes the anti-attack chip to provide a logic interface for external operation, and the buffer area of the anti-attack chip overflows, the address space crosses the boundary and the like are caused by inputting malicious instructions, illegal data and the like are avoided, so that the purposes of covering key data in the anti-attack chip and injecting illegal data are achieved, and the usability of the anti-attack chip is affected.

In an alternative embodiment, the parameter access address detection unit is configured to compare an access address corresponding to an input parameter with a preset start address and a preset end address, generate a third comparison result, and transmit the third comparison result to the detection result processing component.

The attack prevention chip and the parameter access address detection unit are used for comparing the access address corresponding to the input parameter with the preset starting address and the preset ending address to generate a third comparison result, and transmitting the third comparison result to the detection result processing component, so that the access address corresponding to the input parameter is detected, and the accuracy of the third comparison result is ensured.

In an optional implementation manner, the detection result processing component is configured to determine that the third parameter detection result represents that the input parameter is a normal parameter if the third comparison result is that the access address is greater than the preset start address and less than the preset end address; if the third comparison result is that the access address is smaller than the preset starting address and/or larger than the preset ending address, determining that the third parameter detection result represents that the input parameter is an abnormal parameter.

The anti-attack chip provided by the embodiment of the application is characterized in that the detection result processing component is used for determining that the third parameter detection result represents that the input parameter is a normal parameter if the third comparison result is that the access address is larger than the preset starting address and smaller than the preset ending address; if the third comparison result is that the access address is smaller than the preset starting address and/or larger than the preset ending address, determining that the input parameter is the abnormal parameter according to the third parameter detection result, and ensuring the accuracy of whether the input parameter determined according to the access address corresponding to the input parameter is the normal parameter.

In an alternative embodiment, the parameter access address detection unit includes a parameter access address input terminal, a first comparator and a second comparator, wherein the parameter access address input terminal is connected to a first input terminal of the first comparator and a second input terminal of the second comparator, respectively, the second input terminal of the first comparator is connected to a preset start address, the first input terminal of the second comparator is connected to a preset end address, and the output terminals of the first comparator and the second comparator are both connected to the detection result processing component, wherein:

the first comparator is used for comparing the access address corresponding to the input parameter with a preset initial address, and outputting a low-level third signal if the access address is larger than the preset initial address; if the access address is smaller than the preset initial address, outputting a high-level third signal;

the second comparator is used for comparing the access address corresponding to the input parameter with a preset termination address; if the access address is greater than the preset termination address, outputting a high-level fourth signal; if the access address is smaller than the preset termination address, outputting a fourth signal with low level;

The detection result processing component is used for detecting a third signal and a fourth signal, and if the third signal and the fourth signal are both in a low level, determining that the input parameters represented by the third parameter detection result are normal parameters; if the third signal is high level and/or the fourth signal is high level, determining that the third parameter detection result represents that the input parameter is an abnormal parameter.

The anti-attack chip provided by the embodiment of the application ensures the accuracy of whether the input parameters are normal parameters or not according to the parameter access addresses corresponding to the input parameters. Therefore, the situations that an attacker utilizes the anti-attack chip to provide a logic interface for external operation, and the buffer area of the anti-attack chip overflows, the address space crosses the boundary and the like are caused by inputting malicious instructions, illegal data and the like are avoided, so that the purposes of covering key data in the anti-attack chip and injecting illegal data are achieved, and the usability of the anti-attack chip is affected. Therefore, the anti-attack chip provided by the embodiment of the application ensures the security of the anti-attack chip.

In an alternative embodiment, the detection result processing component includes: the input end of the OR gate is connected with the parameter quantity detection unit and/or the parameter type detection unit and/or the output end of the parameter access address detection unit, and the output end of the OR gate is connected with the chip functional component, wherein:

and the OR gate is used for transmitting the input parameters to the chip functional component when the first parameter detection result and/or the second parameter detection result and/or the third parameter detection result represents that the input parameters are normal parameters.

The anti-attack chip or the door provided by the embodiment of the application is used for transmitting the input parameter to the chip functional component when the first parameter detection result and/or the second parameter detection result and/or the third parameter detection result represent that the input parameter is a normal parameter, thereby ensuring that the input parameter is transmitted to the chip functional component when the input parameter is the normal parameter and ensuring the safety of the anti-attack chip.

In an alternative embodiment, the detection result processing component further includes: the input end of the third inverter is connected with the output end of the OR gate, the output end of the third inverter is connected with the enabling component, and the enabling component is connected with the chip functional component, wherein:

the or gate is used for outputting a low-level target signal to the third inverter when the first signal corresponding to the first parameter detection result is low level, and/or the second signal corresponding to the second parameter detection result is low level, and/or the third signal corresponding to the third parameter detection result and the fourth signal are low level;

a third inverter for performing inverse processing on the target signal;

and the enabling component is used for enabling the chip functional component when the target signal after the reverse processing is at a high level.

The anti-attack chip provided by the embodiment of the application realizes that the input parameters are transmitted to the chip functional component when the input parameters are normal parameters, and ensures the safety of the anti-attack chip. Therefore, the situations that an attacker utilizes the anti-attack chip to provide a logic interface for external operation, and the buffer area of the anti-attack chip overflows, the address space crosses the boundary and the like are caused by inputting malicious instructions, illegal data and the like are avoided, so that the purposes of covering key data in the anti-attack chip and injecting illegal data are achieved, and the usability of the anti-attack chip is affected. Therefore, the anti-attack chip provided by the embodiment of the application ensures the security of the anti-attack chip.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are needed in the description of the embodiments or the prior art will be briefly described, and it is obvious that the drawings in the description below are some embodiments of the present invention, and other drawings can be obtained according to the drawings without inventive effort for a person skilled in the art.

FIG. 1 is a schematic diagram of an anti-attack chip according to an embodiment of the present invention;

FIG. 2 is a schematic diagram of another anti-attack chip according to an embodiment of the present invention;

Fig. 3 is a schematic structural diagram of a parameter number detection unit in an anti-attack chip according to an embodiment of the present invention;

FIG. 4 is a schematic diagram of the structure of a parameter type detection unit in an anti-attack chip according to an embodiment of the present invention;

FIG. 5 is a schematic diagram of the structure of a parameter access address detection unit in an anti-attack chip according to an embodiment of the present invention;

FIG. 6 is a schematic diagram of a structure in a further anti-attack chip according to an embodiment of the present invention;

FIG. 7 is a schematic diagram of a structure of a further anti-attack chip according to an embodiment of the present invention;

FIG. 8 is a schematic diagram of a memory access control map according to an embodiment of the present invention;

Fig. 9 is a schematic diagram of the structure of another anti-attack chip according to an embodiment of the present invention.

Detailed Description

For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments of the present invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.

The numbering of the components itself, e.g. "first", "second", etc., is used herein merely to distinguish between the described objects and does not have any sequential or technical meaning. The term "coupled" as used herein includes both direct and indirect coupling (coupling), unless stated otherwise. In the description of the present invention, it should be understood that the terms "upper", "lower", "front", "rear", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outer", "clockwise", "counterclockwise", etc. indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings, are merely for convenience in describing the present invention and simplifying the description, and do not indicate or imply that the device or element in question must have a specific orientation, be configured and operated in a specific orientation, and thus should not be construed as limiting the present invention.

In the present invention, unless expressly stated or limited otherwise, a first feature "up" or "down" a second feature may be the first and second features in direct contact, or the first and second features in indirect contact via an intervening medium. Moreover, a first feature being "above," "over" and "on" a second feature may be a first feature being directly above or obliquely above the second feature, or simply indicating that the first feature is level higher than the second feature. The first feature being "under", "below" and "beneath" the second feature may be the first feature being directly under or obliquely below the second feature, or simply indicating that the first feature is less level than the second feature.

The embodiment of the application provides an anti-attack chip, as shown in fig. 1, the anti-attack chip comprises: the device comprises a parameter detection component, a detection result processing component and a chip functional component, wherein the input end of the parameter detection component is connected with a parameter input end, the output end of the parameter detection component is connected with the input end of the detection result processing component, and the output of the detection result processing component is connected with the chip functional component, wherein:

Specifically, the parameter detection component may count input parameters input into the anti-attack chip, so as to obtain the number of parameters corresponding to the input parameters. And then, identifying the input parameters, determining the parameter types corresponding to the input parameters, and determining the access addresses corresponding to the input parameters.

Then, the parameter detection component detects at least one of the number of parameters, the type of parameters and the access address corresponding to the input parameters, generates a parameter detection result, and transmits the parameter detection result to the detection result processing component.

The detection result processing component identifies the parameter detection result, and when the parameter detection result represents that the input parameter is a normal parameter, the input parameter is transmitted to the chip functional component.

In an alternative embodiment of the present application, as shown in fig. 2, the parameter detecting component includes at least one of a parameter number detecting unit, a parameter type detecting unit, and a parameter access address detecting unit, where the parameter number detecting unit, the parameter type detecting unit, and the parameter access address detecting unit are all connected to the detection result processing component, and in this way:

Specifically, the parameter number detection unit may detect the number of parameters corresponding to the input parameter, and generate a first parameter detection result;

The parameter type detection unit can detect the parameter type corresponding to the input parameter to generate a second parameter detection result;

the parameter access address detection unit can detect an access address corresponding to an input parameter to generate a third parameter detection result;

And the detection result processing component transmits the input parameters to the chip functional component when the first parameter detection result and/or the second parameter detection result and/or the third parameter detection result represents that the input parameters are normal parameters.

In an optional embodiment of the present application, a parameter number detecting unit is configured to count an input parameter to obtain a parameter number corresponding to the input parameter; comparing the parameter number with a preset parameter number threshold value to generate a first comparison result; and transmitting the first comparison result as a first parameter detection result to a detection result processing component.

Specifically, the parameter number detection unit counts the input parameters to obtain the parameter number corresponding to the input parameters. And then comparing the parameter number with a preset parameter number threshold value to generate a first comparison result. The parameter quantity detection unit transmits the first comparison result as a first parameter detection result to the detection result processing component.

The preset parameter number threshold may be set according to a preset condition, and the embodiment of the present application does not specifically limit the preset parameter number threshold.

In an optional embodiment of the present application, the detection result processing component is configured to determine that the first parameter detection result represents that the input parameter is a normal parameter if the first comparison result is that the parameter number is equal to a preset parameter number threshold; if the first comparison result is that the parameter number is not equal to the preset parameter number threshold, determining that the first parameter detection result represents that the input parameter is an abnormal parameter.

In an alternative embodiment of the present application, as shown in fig. 3, the parameter detecting assembly includes: the device comprises a counter, a first equal judging device, wherein the input end of the counter is connected with a parameter input end, the output end of the counter is connected with the first input end of the first equal judging device, the second input end of the first equal judging device is connected with a preset parameter quantity threshold value, and the output end of the first equal judging device is connected with a detection result processing component, wherein:

Specifically, the counter may count the input parameters to obtain the number of parameters corresponding to the input parameters. And adding 1 to the counter every time an input parameter is input, so as to obtain the parameter number corresponding to the input parameter.

Then, the first judging device compares the parameter quantity corresponding to the input parameter with a preset parameter quantity threshold value, and transmits a first comparison result to the detection result processing component.

The detection result processing component identifies the first comparison result and determines a first parameter detection result. If the parameter number is equal to a preset parameter number threshold, determining that the first parameter detection result represents that the input parameter is a normal parameter; and if the parameter number is not equal to the preset parameter number threshold, determining that the first parameter detection result represents that the input parameter is an abnormal parameter.

In an alternative embodiment of the present application, as shown in fig. 3, the parameter detecting component further includes a first inverter, an input end of the first inverter is connected to an output end of the first comparator, and an output end of the first inverter is connected to the detection result processing component: wherein:

Specifically, the counter may count the input parameters to obtain the number of parameters corresponding to the input parameters. The first equalizer is used for comparing the parameter number with a preset parameter number threshold value, and outputting a first signal with high level to the first inverter if the parameter number is equal to the preset parameter number threshold value; if the parameter number is not equal to the preset parameter number threshold, outputting a first signal with a low level to the first inverter; the first inverter is used for carrying out reverse processing on the first signal output by the first equalizer and transmitting the first signal after the reverse processing to the detection result processing component.

The anti-attack chip and the counter provided by the embodiment of the application are used for counting the input parameters to obtain the parameter number corresponding to the input parameters, and ensure the accuracy of the obtained parameter number corresponding to the input parameters. The first equalizer is used for comparing the parameter number with a preset parameter number threshold value, and outputting a first signal with high level to the first inverter if the parameter number is equal to the preset parameter number threshold value; if the parameter number is not equal to the preset parameter number threshold, outputting a first signal with a low level to the first inverter; the first inverter is used for carrying out reverse processing on the first signal output by the first equalizer and transmitting the first signal subjected to the reverse processing to the detection result processing component; the detection result processing component is used for detecting the first signal after the reverse processing transmitted by the first inverter, and if the first signal after the reverse processing is at a low level, determining that the first parameter detection result represents that the input parameter is a normal parameter; if the first signal after the reverse processing is at a high level, determining that the first parameter detection result represents that the input parameter is an abnormal parameter. The accuracy of the result of whether the input parameters are normal parameters or not according to the parameter quantity of the input parameters is ensured, and the safety of the anti-attack chip can be further ensured. Therefore, the situations that an attacker utilizes the anti-attack chip to provide a logic interface for external operation, and the buffer area of the anti-attack chip overflows, the address space crosses the boundary and the like are caused by inputting malicious instructions, illegal data and the like are avoided, so that the purposes of covering key data in the anti-attack chip and injecting illegal data are achieved, and the usability of the anti-attack chip is affected.

In an optional embodiment of the present application, a parameter type detection unit is configured to compare a parameter type of an input parameter with a preset parameter type, and generate a second comparison result; and taking the second comparison result as a second parameter detection result.

Specifically, the parameter type detection unit may identify an input parameter, and determine a parameter type corresponding to the input parameter. And comparing the parameter type corresponding to the input parameter with a preset parameter type to generate a second comparison result, and taking the second comparison result as a second parameter detection result.

In an optional embodiment of the present application, the detection result processing component is configured to determine that the second parameter detection result characterizes the input parameter as a normal parameter if the second comparison result is that the parameter type of the input parameter is consistent with the preset parameter type; if the second comparison result is that the parameter type of at least one input parameter is inconsistent with the preset parameter type, determining that the second parameter detection result represents that the input parameter is an abnormal parameter.

Specifically, the detection result processing component can identify a second comparison result, and if the second comparison result is that the parameter type of the input parameter is consistent with the preset parameter type, the second parameter detection result is determined to represent that the input parameter is a normal parameter; if the second comparison result is that the parameter type of at least one input parameter is inconsistent with the preset parameter type, determining that the second parameter detection result represents that the input parameter is an abnormal parameter.

In an alternative embodiment of the present application, as shown in fig. 4, the parameter type detecting unit includes: the first input end of the second equal judging device is connected with the parameter input end, the second input end of the second equal judging device is connected with the preset parameter type, and the output end of the second equal judging device is connected with the detection result processing component, wherein:

In an alternative embodiment of the present application, as shown in fig. 4, the parameter type detecting unit further includes a second inverter, where an input end of the second inverter is connected to an output end of the second comparator, and an output end of the second inverter is connected to the detection result processing component: wherein:

Specifically, the second judging device compares the received parameter type of the input parameter with a preset parameter type, and if the parameter type of the input parameter is consistent with the preset parameter type, the second judging device outputs a second signal with high level to the second inverter; and if the parameter type of at least one input parameter is inconsistent with the preset parameter type, outputting a low-level second signal to the second inverter.

The second inverter performs inverse processing on the second signal output by the second equalizer, that is, if the second signal is at a high level, the second signal is converted into a low level, and if the second signal is at a low level, the second signal is converted into a high level, and then the second signal after the inverse processing is transmitted to the detection result processing component.

The detection result processing component detects the second signal which is transmitted by the second inverter and is subjected to the reverse processing, and if the second signal which is subjected to the reverse processing is of a low level, the detection result of the second parameter is determined to represent that the input parameter is a normal parameter; if the second signal after the reverse processing is at a high level, determining that the second parameter detection result represents that the input parameter is an abnormal parameter.

In an optional embodiment of the present application, the parameter access address detection unit is configured to compare an access address corresponding to an input parameter with a preset start address and a preset end address, generate a third comparison result, and transmit the third comparison result to the detection result processing component.

Specifically, the parameter access address detection unit may identify an input parameter, determine an access address corresponding to the input parameter, then compare the access address corresponding to the input parameter with a preset start address and a preset end address, detect whether the access address corresponding to the input parameter falls within a preset address range, generate a third comparison result, and transmit the third comparison result to the detection result processing component.

In an optional embodiment of the present application, the detection result processing component is configured to determine that the third parameter detection result represents that the input parameter is a normal parameter if the third comparison result is that the access address is greater than the preset start address and less than the preset end address; if the third comparison result is that the access address is smaller than the preset starting address and/or larger than the preset ending address, determining that the third parameter detection result represents that the input parameter is an abnormal parameter.

Specifically, the detection result processing component may identify a third comparison result, and if the third comparison result is that the access address is greater than the preset starting address and less than the preset ending address, determine that the access address corresponding to the input parameter falls within the preset address range, and further determine that the third parameter detection result represents that the input parameter is a normal parameter; if the access address is smaller than the preset starting address and/or larger than the preset ending address as the third comparison result, determining that the access address corresponding to the input parameter does not fall into the preset address range, and further determining that the third parameter detection result represents that the input parameter is an abnormal parameter.

In an alternative embodiment of the present application, as shown in fig. 5, the parameter access address detection unit includes a parameter access address input end, a first comparator, and a second comparator, where the parameter access address input end is connected to a first input end of the first comparator and a second input end of the second comparator, the second input end of the first comparator is connected to a preset start address, the first input end of the second comparator is connected to a preset end address, and output ends of the first comparator and the second comparator are both connected to the detection result processing component, where:

Specifically, the first comparator may compare the access address corresponding to the input parameter with a preset start address, and if the start address in the access address is greater than the preset start address, output a low-level third signal; if the initial address in the access address is smaller than the preset initial address, outputting a high-level third signal.

The second comparator can compare the access address corresponding to the input parameter with a preset termination address; outputting a high-level fourth signal if the termination address in the access address is greater than the preset termination address; if the access address is smaller than the preset termination address, outputting a fourth signal with a low level.

The detection result processing component can detect a third signal and a fourth signal, if the third signal and the fourth signal are both in low level, the access address corresponding to the input parameter is determined to fall into a preset address range, and then the detection result of the third parameter is determined to represent that the input parameter is a normal parameter; if the third signal is at a high level and/or the fourth signal is at a high level, determining that the access address corresponding to the input parameter does not fall into a preset address range, and further determining that the third parameter detection result represents that the input parameter is an abnormal parameter.

In an alternative embodiment of the present application, as shown in fig. 6, the detection result processing unit includes: the input end of the OR gate is connected with the parameter quantity detection unit and/or the parameter type detection unit and/or the output end of the parameter access address detection unit, and the output end of the OR gate is connected with the chip functional component, wherein:

Specifically, the or gate may determine that the input parameter is a normal parameter when the signal corresponding to the first parameter detection result is at a low level and/or the signal corresponding to the second parameter detection result is at a low level and/or the signal corresponding to the third parameter detection result is at a low level, and transmit the input parameter to the chip function component.

In an alternative embodiment of the present application, as shown in fig. 6, the detection result processing component further includes: the input end of the third inverter is connected with the output end of the OR gate, the output end of the third inverter is connected with the enabling component, and the enabling component is connected with the chip functional component, wherein:

a third inverter for performing inverse processing on the target signal;

Specifically, the or gate may output the low-level target signal to the third inverter when the first signal corresponding to the first parameter detection result is at a low level, and/or the second signal corresponding to the second parameter detection result is at a low level, and/or the third signal corresponding to the third parameter detection result and the fourth signal are at a low level. If one of the first signal, the second signal, the third signal and the fourth signal is a high level signal, a high level target signal is output to the third inverter.

The third inverter may perform inverse processing on the target signal. That is, the target signal is converted to a high level when the target signal is at a low level, and the target signal is converted to a low level when the target signal is at a high level.

The enabling component may enable the chip function component when the reverse processed target signal is at a high level.

In order to better describe the anti-attack chip provided by the embodiment of the present application, as shown in fig. 7, the embodiment of the present application provides a specific implementation manner of the anti-attack chip.

The anti-attack chip comprises a first judging device, a second judging device, a third judging device, a fourth judging device, a counter, a first inverter, a second inverter, a third inverter, a fourth inverter, a fifth inverter, a sixth inverter, a first comparator, a second comparator, an OR gate and a parameter table.

(1) A first judgment device, a second judgment device third and fourth judges the equalizer: the first, second, third and fourth judges compare the input ends 1, 2, when the input end 1=the value of the input end 2, the judges output high level; when the input terminal 1 is equal to the value of the input terminal 2, the comparator outputs a low level.

(2) Parameter table: specific parameters of the IO instruction are stored, wherein the specific parameters comprise a preset parameter quantity threshold (IO_number), a storage space (IO_para_1, IO_para_2, …) occupied by specific parameter types, and a starting address and a terminating address of the IO storage space. The parameter table is defined by an administrator or designer and stored in a nonvolatile memory space (ROM) of the chip. For example, the number of preset parameters of an IO instruction is 3, the parameter types are char type (character type, 8bit occupied), sh or gate t type (short integer, 16bit occupied) int type (integer, 32bit occupied), the memory area address range allowed to be accessed externally is 0x 00001111-0 x00110000, and the set parameter table is: the threshold value of the preset parameter number=3, the first preset parameter type=8bit, the second preset parameter type=16bit, the third preset parameter type=32bit, the start address 1=0x00001111, and the end address=0x00110000.

(3) A counter: the function is to count the input parameters actually input to the outside, for example, if the input parameters are 2, the output count value is 2.

(4) Or gate: an or gate having 7 inputs outputs '0' only when 7 inputs are low, and outputs '1' otherwise.

The circuit has the function of judging the legitimacy of the IO instruction according to the IO instruction input from the outside, outputting a read-write enabling signal to be in a high level if the IO instruction is the legal IO instruction, and allowing the open storage area to be read and written; if an illegal IO instruction is input, a read-write enabling signal is output to be in a low level, and the open memory area is not allowed to be read and written, specifically:

(1) When the chip is in power-on reset, RSTn= '0', and after the signal passes through the first inverter, the OR gate and the sixth inverter component, the read-write enabling signal= '0' is enabled. After the chip finishes the reset state, the first inverter outputs '0', and at the moment, legitimacy judgment is carried out on the IO instruction which is actually input externally.

(2) The counter counts the number of IO instructions actually input from the outside, compares the number with a preset parameter number threshold in the parameter table, and if the comparison is consistent, the second inverter outputs '0'; if the comparison is inconsistent, the second inverter outputs '1', and the signal passes through the or gate and the sixth inverter, so that the read-write enabling signal= '0'.

(3) The second judging device compares the parameter type of the 1 st input parameter of the IO instruction input externally with the first preset parameter type in the memory table, if the parameter type of the input parameter input externally is char (8 bit), the comparison is passed, and the third inverter outputs '0'; if the parameter type of the input parameter inputted from the outside is not 8bit char type (for example, a 16bit or other error type is inputted), the comparison fails, the third inverter outputs '1', and the signal passes through the or gate and the sixth inverter, and then the read/write enable signal= '0'. Similarly, the third and fourth comparators determine the validity of the parameter types of the 2 nd and 3 rd input parameters of the externally input IO command, respectively, and when the comparison is identical, the fourth and fifth inverters output '0', and when the comparison is inconsistent, the read/write enable signal= '0'.

(4) The first comparator and the second comparator compare the memory area initial address and the end address in the memory table according to the access address of the memory area address to be accessed input from the outside, and if the initial address < the access address < the end address, the first comparator and the second comparator both output '0'; if the access address is < the start address, the first comparator outputs '1', and the read/write enable signal= '0' is generated after the signal passes through the or gate and the sixth inverter; if the access address > the termination address, the second comparator outputs '1', and the read/write enable signal= '0' is also enabled. That is, the first comparator and the second comparator can output '0' only when the access address is within the address interval 0x 00001111-0 x 00110000; if the access address is outside the range of addresses for which access is permitted, the read/write enable signal= '0'.

In summary, only when the parameter number, participation type, access address to be accessed and parameter table of the input parameters of the externally input IO instruction are completely matched, the read-write enabling signal= '1' is output; if any one or more of the parameter number, participation type, access address to be accessed and parameter table of the input IO instruction input parameters are not matched, a read-write enabling signal= '0' is output. The read/write enable signal functions to enable control of the read/write of the opened memory area, as shown in fig. 8.

In fig. 8, the address range of the memory area that is opened, i.e., the memory area that is allowed to be accessed externally is 0x00001111 to 0x00110000, and when the read/write enable signal= '1', the memory area is allowed to be read, written, etc. externally; when the read-write enable signal= '0', the external pair cannot perform operations such as reading, writing, and the like on the memory area. By the method, malicious operations of illegal personnel on the storage area can be prevented, and attacks such as data out-of-range and buffer overflow are prevented.

In an alternative implementation manner of the present application, as shown in fig. 9, the anti-attack chip provided by the embodiment of the present application may further include an algorithm detection component, where the algorithm detection component may be connected to the detection result processing component, and the method includes:

The algorithm detection component can detect the category of the current cryptographic algorithm in the anti-attack chip and the category under each category, and then transmits the detection result to the detection result processing component.

And the detection result processing component is used for processing the current cryptographic algorithm according to the detection result of the algorithm detection component on the current cryptographic algorithm.

In an alternative embodiment of the present application, as shown in fig. 9, the algorithm detecting component may include a class judging sub-component, a symmetric cryptographic algorithm judging sub-component, and a hash cryptographic algorithm judging sub-component, where the class judging sub-component is connected to the symmetric cryptographic algorithm judging sub-component and the hash cryptographic algorithm judging sub-component, respectively, and the symmetric cryptographic algorithm judging sub-component and the hash cryptographic algorithm judging sub-component are connected to the detection result processing component, where:

The class judging sub-component is used for detecting whether the current cryptographic algorithm is a symmetric cryptographic algorithm class or a hash cryptographic algorithm class, and if the current cryptographic algorithm is the symmetric cryptographic algorithm class, the current cryptographic algorithm is input to the symmetric cryptographic algorithm judging sub-component; if the current cryptographic algorithm is a hash cryptographic algorithm type, the current cryptographic algorithm is input to the hash cryptographic algorithm judgment sub-component.

The symmetric cryptographic algorithm judging sub-component is used for detecting whether the current cryptographic algorithm is a first type symmetric cryptographic algorithm or not, and if the current cryptographic algorithm is the first type symmetric cryptographic algorithm, transmitting a detection result of the current cryptographic algorithm being the first type symmetric cryptographic algorithm to the detection result processing component; wherein the security of the first type of symmetric cryptographic algorithm does not meet the requirements.

The symmetric cryptographic algorithm judging sub-assembly is further used for detecting whether the current cryptographic algorithm is a second type symmetric cryptographic algorithm, if the current cryptographic algorithm is the second type symmetric cryptographic algorithm, detecting whether the mode of the current cryptographic algorithm is a first preset mode, and if the current cryptographic algorithm is the first preset mode of the first preset mode, transmitting the result to the detection result processing assembly.

The hash cipher algorithm judging sub-component is used for detecting whether the current cipher algorithm is a first type hash cipher algorithm or not, and if the current cipher algorithm is the first type hash cipher algorithm, the detection result of the current cipher algorithm which is the first type hash cipher algorithm is transmitted to the detection result processing component; wherein the security of the first type of hash cryptographic algorithm does not meet the requirements.

The detection result processing component is used for shielding the current cryptographic algorithm which is the first type symmetric cryptographic algorithm if the detection result that the current cryptographic algorithm is the first type symmetric cryptographic algorithm is received;

The detection result processing component is further used for performing mode conversion processing on the current cryptographic algorithm of the second type symmetric cryptographic algorithm in the first preset mode if a detection result of the second type symmetric cryptographic algorithm in the first preset mode is received, so that the security level of the current cryptographic algorithm is improved;

And the detection result processing component is further used for shielding the current cryptographic algorithm which is the first type hash cryptographic algorithm if the detection result that the current cryptographic algorithm is the first type hash cryptographic algorithm is received.

Specifically, the class judgment sub-component can identify the current cryptographic algorithm, determine the algorithm feature corresponding to the current cryptographic algorithm, and then detect whether the current cryptographic algorithm is a symmetric cryptographic algorithm class or a hash cryptographic algorithm class according to the algorithm feature corresponding to the current cryptographic algorithm.

The algorithm characteristics of the symmetric cryptographic algorithm are as follows: symmetric cryptographic algorithms are used to encrypt and decrypt data, typically with reversibility; the algorithm characteristics of the hash cipher algorithm are as follows: hash cryptographic algorithms are used to generate digests or hash values of data, which are typically irreversible. Thus, the category judgment sub-component can make a preliminary judgment according to the action and nature of the algorithm.

Specifically, the symmetric cryptographic algorithm judgment sub-component may encrypt the first plaintext data corresponding to the current cryptographic algorithm by using a first type symmetric cryptographic algorithm, so as to generate first to-be-detected data. And comparing the first to-be-detected data with a first ciphertext corresponding to the current cryptographic algorithm, so as to detect whether the current cryptographic algorithm is a first type symmetric cryptographic algorithm. By way of example, the first type of symmetric cryptographic algorithm may be a DES algorithm, an RC4 algorithm, or the like.

The symmetric cryptographic algorithm judging sub-component can also encrypt the second plaintext data corresponding to the current cryptographic algorithm by utilizing a second type symmetric cryptographic algorithm in a first preset mode to generate second data to be detected. And comparing the second to-be-detected data with a second ciphertext corresponding to the current cryptographic algorithm, so as to detect whether the current cryptographic algorithm is a second type symmetric cryptographic algorithm in the first preset mode. By way of example, the second type symmetric cryptographic algorithm of the first preset mode may be an AES algorithm, SM4 algorithm, or the like.

The hash cipher algorithm judging sub-component can encrypt the first input data corresponding to the current cipher algorithm by utilizing the first type hash cipher algorithm to generate third to-be-detected data. And comparing the third data to be detected with the first output data corresponding to the current cryptographic algorithm, thereby detecting whether the current cryptographic algorithm is a first type hash cryptographic algorithm. By way of example, the first type of hash cryptographic algorithm may be an MD5 algorithm, an SHA-1 algorithm, or the like.

In particular, the detection result processing component may perform a delete operation for a current cryptographic algorithm of the first type symmetric cryptographic algorithm, a current cryptographic algorithm of the first type hash cryptographic algorithm, or mask using a tri-state buffer.

For the current cryptographic algorithm of the second type symmetric cryptographic algorithm which is the first preset mode, the mode of the current cryptographic algorithm can be converted by using a preset algorithm mode conversion method. The preset algorithm mode conversion method can be any one of greedy algorithm rotation state planning, bubbling sequencing, inserting and sequencing, depth-first search, breadth-first search and sequential search, and binary search, and the preset algorithm mode conversion method is not particularly limited in the embodiment of the application.

The greedy algorithm in the greedy algorithm rotating state planning method is an algorithm for selecting an optimal solution in each step, and the dynamic planning is an algorithm for decomposing a problem into sub-problems and obtaining an optimal solution of an original problem by solving the optimal solution of the sub-problems. Therefore, the process of selecting the optimal solution at each step in the greedy algorithm can be converted into a sub-problem solving process in dynamic planning.

Bubbling ordering-insertion ordering in the bubbling ordering-ordering method is an algorithm for ordering an array by exchanging neighboring elements, and insertion ordering is an algorithm for ordering an array by inserting elements into an ordered array. Thus, the exchange process of adjacent elements in the bubbling ordering can be converted into the insertion process of elements in the insertion ordering.

The depth-first search to breadth-first search method is an algorithm for searching along the depth direction of the node from the initial node, and the breadth-first search is an algorithm for searching along the breadth direction of the node from the initial node. Therefore, the search process along the node depth direction in the depth-first search can be converted into the search process along the node breadth direction in the breadth-first search.

The sequential search-to-binary search method is an algorithm for searching the target element by comparing the elements one by one, and binary search is an algorithm for searching the target element by dividing the array into two parts and comparing the size of the intermediate element with that of the target element. Thus, the process of comparing elements one by one in a sequential lookup can be converted into a process of comparing intermediate elements to target element sizes in a binary lookup.

According to the anti-attack chip provided by the embodiment of the application, the current cryptographic algorithm in the anti-attack chip is detected, then the current cryptographic algorithm with the security level not meeting the requirement is shielded, and the current cryptographic algorithm with the security level slightly weaker is subjected to mode conversion, so that the security of the current cryptographic algorithm is improved. And further, the risk that an attacker can easily decrypt the ciphertext to obtain sensitive information such as plaintext after cracking the current cryptographic algorithm which does not meet the security level requirement is avoided. The application can ensure the safety of the anti-attack chip and avoid information leakage.

Although embodiments of the present invention have been described in connection with the accompanying drawings, modifications and variations may be made by those skilled in the art without departing from the spirit and scope of the invention, and such modifications and variations are within the scope of the invention as defined by the appended claims.

Claims

1. An anti-attack chip, the anti-attack chip comprising: the device comprises a parameter detection component, a detection result processing component and a chip functional component, wherein the input end of the parameter detection component is connected with a parameter input end, the output end of the parameter detection component is connected with the input end of the detection result processing component, and the output of the detection result processing component is connected with the chip functional component, wherein:

The parameter detection component is used for detecting the parameter attribute of the input parameter and generating a parameter detection result; the parameter attribute comprises the parameter quantity, the parameter type and the access address corresponding to the input parameters;

The detection result processing component is used for transmitting the input parameters to the chip functional component when the parameter detection result represents that the input parameters are normal parameters;

the parameter detection component comprises a parameter quantity detection unit, a parameter type detection unit and a parameter access address detection unit, wherein the parameter quantity detection unit, the parameter type detection unit and the parameter access address detection unit are all connected with the detection result processing component, and the parameter type detection unit, the parameter access address detection unit and the parameter access address detection unit are all connected with the detection result processing component, wherein:

The parameter quantity detection unit is used for detecting the parameter quantity corresponding to the input parameter to generate a first parameter detection result;

The parameter access address detection unit is used for detecting the access address corresponding to the input parameter and generating a third parameter detection result;

the detection result processing component is configured to transmit the input parameter to the chip functional component when the first parameter detection result, the second parameter detection result, and the third parameter detection result are both indicative of the input parameter being a normal parameter.

2. The chip of claim 1, wherein the parameter number detecting unit is configured to count the input parameters to obtain the parameter number corresponding to the input parameters; comparing the parameter number with a preset parameter number threshold value to generate a first comparison result; and transmitting the first comparison result as the first parameter detection result to the detection result processing component.

3. The chip of claim 2, wherein the detection result processing component is configured to determine that the first parameter detection result characterizes the input parameter as a normal parameter if the first comparison result indicates that the parameter number is equal to the preset parameter number threshold; and if the first comparison result is that the parameter quantity is not equal to the preset parameter quantity threshold, determining that the first parameter detection result represents that the input parameter is an abnormal parameter.

4. The chip of claim 3, wherein the parameter detection component comprises: the device comprises a counter, a first judging device, wherein the input end of the counter is connected with a parameter input end, the output end of the counter is connected with the first input end of the first judging device, the second input end of the first judging device is connected with a preset parameter quantity threshold value, and the output end of the first judging device is connected with a detection result processing component, wherein:

The first equalizer is configured to compare the parameter number with the preset parameter number threshold, and transmit the first comparison result to the detection result processing component;

The detection result processing component is used for determining the first parameter detection result according to the first comparison result.

5. The chip of claim 4, wherein the parameter detecting component further comprises a first inverter, an input end of the first inverter is connected to an output end of the first equalizer, and an output end of the first inverter is connected to the detection result processing component: wherein:

the first equalizer is configured to compare the number of parameters with the preset number of parameters threshold, and if the number of parameters is equal to the preset number of parameters threshold, output a first signal with a high level to the first inverter; outputting the first signal with low level to the first inverter if the parameter number is not equal to the preset parameter number threshold;

The first inverter is used for carrying out reverse processing on the first signal output by the first equalizer and transmitting the first signal subjected to reverse processing to the detection result processing component;

The detection result processing component is configured to detect the first signal after the reverse processing transmitted by the first inverter, and if the first signal after the reverse processing is at a low level, determine that the first parameter detection result represents that the input parameter is a normal parameter; and if the first signal after the reverse processing is at a high level, determining that the first parameter detection result represents that the input parameter is an abnormal parameter.

6. The chip of claim 1, wherein the parameter type detection unit is configured to compare the parameter type of the input parameter with a preset parameter type to generate a second comparison result; and taking the second comparison result as the second parameter detection result.

7. The chip of claim 6, wherein the detection result processing component is configured to determine that the second parameter detection result indicates that the input parameter is a normal parameter if the second comparison result indicates that the parameter type of the input parameter is consistent with the preset parameter type; and if the second comparison result is that the parameter type of at least one input parameter is inconsistent with the preset parameter type, determining that the second parameter detection result represents that the input parameter is an abnormal parameter.

8. The attack prevention chip according to claim 7, wherein the parameter type detection unit comprises: the first input end of the second equal judging device is connected with the parameter input end, the second input end of the second equal judging device is connected with the preset parameter type, and the output end of the second equal judging device is connected with the detection result processing component, wherein:

The second equalizer is configured to compare the parameter type of the input parameter with the preset parameter type, and transmit the second comparison result to the detection result processing component;

and the detection result processing component is used for determining the second parameter detection result according to the second comparison result.

9. The chip of claim 8, wherein the parameter type detecting unit further comprises a second inverter, wherein an input end of the second inverter is connected to an output end of the second equalizer, and an output end of the second inverter is connected to the detection result processing component: wherein:

The second equalizer is configured to compare the parameter type of the input parameter with the preset parameter type, and if the parameter type of the input parameter is consistent with the preset parameter type, output a second signal with a high level to the second inverter; outputting the second signal at a low level to the second inverter if the parameter type of at least one of the input parameters is inconsistent with the preset parameter type;

The second inverter is configured to perform inverse processing on the second signal output by the second equalizer, and transmit the second signal after the inverse processing to the detection result processing component;

The detection result processing component is configured to detect the second signal after the reverse processing transmitted by the second inverter, and if the second signal after the reverse processing is at a low level, determine that the second parameter detection result represents that the input parameter is a normal parameter; and if the second signal after the reverse processing is at a high level, determining that the second parameter detection result represents that the input parameter is an abnormal parameter.

10. The chip of claim 1, wherein the parameter access address detection unit is configured to compare the access address corresponding to the input parameter with a preset start address and a preset end address, generate a third comparison result, and transmit the third comparison result to the detection result processing component.

11. The chip of claim 10, wherein the detection result processing component is configured to determine that the third parameter detection result indicates that the input parameter is a normal parameter if the third comparison result indicates that the access address is greater than the preset start address and less than the preset end address; and if the third comparison result is that the access address is smaller than the preset starting address and/or larger than the preset ending address, determining that the third parameter detection result represents that the input parameter is an abnormal parameter.

12. The chip of claim 11, wherein the parameter access address detection unit includes a parameter access address input terminal, a first comparator, and a second comparator, wherein the parameter access address input terminal is connected to a first input terminal of the first comparator and a second input terminal of the second comparator, respectively, the second input terminal of the first comparator is connected to the preset start address, the first input terminal of the second comparator is connected to the preset end address, and the output terminals of the first comparator and the second comparator are connected to the detection result processing component, wherein:

The first comparator is configured to compare the access address corresponding to the input parameter with the preset start address, and if the access address is greater than the preset start address, output a low-level third signal; outputting the third signal with high level if the access address is smaller than the preset initial address;

The second comparator is used for comparing the access address corresponding to the input parameter with the preset termination address; outputting a high-level fourth signal if the access address is greater than the preset termination address; outputting the fourth signal with low level if the access address is smaller than the preset termination address;

the detection result processing component is configured to detect the third signal and the fourth signal, and if the third signal and the fourth signal are both at a low level, determine that the third parameter detection result represents that the input parameter is a normal parameter; and if the third signal is at a high level and/or the fourth signal is at a high level, determining that the third parameter detection result represents that the input parameter is an abnormal parameter.

13. The chip of claim 1, wherein the detection result processing component comprises: the input end of the OR gate is connected with the parameter quantity detection unit and/or the parameter type detection unit and/or the output end of the parameter access address detection unit, and the output end of the OR gate is connected with the chip functional component, wherein:

And the OR gate is used for transmitting the input parameter to the chip functional component when the first parameter detection result and/or the second parameter detection result and/or the third parameter detection result represents that the input parameter is a normal parameter.

14. The anti-attack chip of claim 13, wherein the detection result processing component further comprises: the input end of the third inverter is connected with the output end of the OR gate, the output end of the third inverter is connected with the enabling component, and the enabling component is connected with the chip functional component, wherein:

The or gate is configured to output a low-level target signal to the third inverter when the first signal corresponding to the first parameter detection result is at a low level, and/or the second signal corresponding to the second parameter detection result is at a low level, and/or the third signal corresponding to the third parameter detection result and the fourth signal are at a low level;

the third inverter is used for carrying out reverse processing on the target signal;