[go: up one dir, main page]

CN218068848U - Embedded software encryption protection system based on CPLD - Google Patents

Embedded software encryption protection system based on CPLD Download PDF

Info

Publication number
CN218068848U
CN218068848U CN202221806647.XU CN202221806647U CN218068848U CN 218068848 U CN218068848 U CN 218068848U CN 202221806647 U CN202221806647 U CN 202221806647U CN 218068848 U CN218068848 U CN 218068848U
Authority
CN
China
Prior art keywords
cpld
registration
interface
encryption
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202221806647.XU
Other languages
Chinese (zh)
Inventor
霍东
陈胜兰
韩方圆
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sichuan Rongyuzheng Information Technology Co ltd
Original Assignee
Sichuan Rongyuzheng Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sichuan Rongyuzheng Information Technology Co ltd filed Critical Sichuan Rongyuzheng Information Technology Co ltd
Priority to CN202221806647.XU priority Critical patent/CN218068848U/en
Application granted granted Critical
Publication of CN218068848U publication Critical patent/CN218068848U/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The utility model relates to an embedded treater, control, safety protection, password technical field, concretely relates to embedded software encryption protection system based on CPLD, including CPLD body and encryption subassembly, the encryption subassembly includes registration authorization encryption server, CPU, external FLASH, registration interface, authentication interface, loading interface and burns record interface; encrypting the software binary file by a special encryption algorithm, registering by an ID (unique identification code of a chip), decrypting the software binary file by a starting process, and authenticating the ID by an operating process; the embedded software is guaranteed to be unusable when decryption fails or authentication fails, and malicious copying and transplanting are prevented, so that the problem that the measures have certain defects and are not suitable for embedded software with secret storage is solved.

Description

Embedded software encryption protection system based on CPLD
Technical Field
The utility model relates to an embedded treater, control, safety protection, password technical field especially relate to an embedded software encryption protection system based on CPLD.
Background
Usually, in an embedded system (ARM, DSP, single chip, etc.), embedded software is stored in a memory, and if the stored embedded software is not encrypted, it is very easy to acquire and crack, which results in the core design and key technology being stolen, thus threatening the legitimate rights and interests of software developers.
Currently, to prevent unauthorized access or copying of embedded software, the security protection methods generally adopted include the following ways: 1. polishing the chip and hiding the model information of the chip; 2. the copy is prevented by a mechanical method, and a reinforcing device and the like are adopted for physical protection; 3. storing embedded software by using a mask ROM; 4. encrypting by using an encryption chip; 5. and encrypting the embedded software by using the device unique identification number of the embedded chip as an operation password.
Mode 1 is too simple and does not work for the decryptor familiar with the chip; the mode 2 is simple, but is easy to crack and the use scene is limited; mode 3 is relatively high in price and cannot support subsequent software code upgrading; the method 4 needs to add extra cost, is relatively complex in encryption and is not beneficial to software upgrading; mode 5 is less secure; these measures have certain drawbacks and are not suitable for embedded software for secure storage.
SUMMERY OF THE UTILITY MODEL
An object of the utility model is to provide an embedded software encryption protection system based on CPLD has solved these measures and has all had certain defect, is unsuitable for the problem of the embedded software of secret storage.
In order to achieve the above object, the present invention provides an embedded software encryption protection system based on CPLD, which includes a CPLD body and an encryption module, wherein the CPLD body provides a key for starting a decryption binary file for software startup, and chip ID and registration ID information required for starting an authentication process, by using a stored key, registration ID information and extracted self ID; the encryption component comprises a registration authorization encryption server, a CPU, an external FLASH, a registration interface, an authentication interface, a loading interface and a burning interface; the registration authorization encryption server is connected with the CPLD body through the registration interface, the CPU is connected with the CPLD body through the authentication interface, and the CPU is connected with the external FLASH through the loading interface; the external FLASH is connected with the registration authorization encryption server through the burning interface; the registration authorization encryption server runs registration authorization software and binary file encryption software to generate registration authorization information, a ciphertext binary file and a secret key; the CPU obtains the started ciphertext binary file from the external FLASH through the loading interface, and obtains authentication information and a secret key from the CPLD body through the authentication interface; the registration authorization encryption server sends registration authorization information and a secret key to the CPLD for storage through the registration interface; and burning the ciphertext binary file into the FLASH through the burning interface.
The CPLD body comprises a registration information management module and a built-in FLASH, wherein the registration information management module stores registration information and a secret key into the built-in FLASH and reads the registration information and the secret key when the CPLD is started.
The CPLD body also comprises an ID extraction module, and the ID extraction module extracts the ID information of the CPLD body.
Wherein the CPU comprises an authentication management and decryption module; the authentication management is used for starting up authentication; the decryption module is used for decrypting the ciphertext binary file.
The CPU also comprises a starting control, wherein the starting control is used for judging the authentication and decryption states and controlling the starting of the CPU software.
The utility model discloses an embedded software encryption protection system based on CPLD, including CPLD body and encryption subassembly, the CPLD body utilizes the secret key of storage, registration ID information and self ID of extraction, for software start provides the secret key that starts the decryption binary file, and starts chip ID and registration ID information that authentication process needs; the encryption component comprises a registration authorization encryption server, a CPU, an external FLASH, a registration interface, an authentication interface, a loading interface and a burning interface; the registration authorization encryption server is connected with the CPLD body through the registration interface, the CPU is connected with the CPLD body through the authentication interface, and the CPU is connected with the external FLASH through the loading interface; the external FLASH is connected with the registration authorization encryption server through the burning interface; the registration authorization encryption server runs registration authorization software and binary file encryption software to generate registration authorization information, a ciphertext binary file and a secret key; the CPU acquires the started ciphertext binary file from the external FLASH through the loading interface, and acquires authentication information and a secret key from the CPLD body through the authentication interface; the registration authorization encryption server sends registration authorization information and a secret key to a CPLD (complex programmable logic device) for storage through the registration interface; burning the ciphertext binary file into the FLASH through a burning interface; encrypting the software binary file by a special encryption algorithm, registering by an ID (unique identification code of a chip), decrypting the software binary file in a starting process, and authenticating the ID in an operating process; the embedded software is guaranteed to be unusable when decryption fails or authentication fails, and malicious copying and transplanting are prevented, so that the problem that the measures have certain defects and are not suitable for embedded software with secret storage is solved.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below.
Fig. 1 is a hardware connection diagram of a first embodiment of the present invention.
Fig. 2-4 are circuit diagrams of the CPU and FLASH modules according to the first embodiment of the present invention.
Fig. 5 is a circuit diagram of a CPLD module according to a first embodiment of the present invention.
Fig. 6 is a block diagram of the encryption flow of the registration authorization of the first embodiment of the present invention.
Fig. 7 is a block diagram illustrating the process of the power-on authentication according to the first embodiment of the present invention.
Fig. 8 is a block diagram of the decryption start flow according to the first embodiment of the present invention.
101-CPLD body, 102-registration authorization encryption server, 103-CPU, 104-external FLASH, 105-registration interface, 106-authentication interface, 107-loading interface, 108-burning interface, 109-registration information management module, 110-internal FLASH, 111-ID extraction module, 112-authentication management, 113-decryption module and 114-start control.
Detailed Description
Reference will now be made in detail to the embodiments of the present invention, examples of which are illustrated in the accompanying drawings, which are described below by way of example with reference to the accompanying drawings, and which are intended to illustrate the present invention and are not to be construed as limiting the same.
The first embodiment of the present application is:
referring to fig. 1-8, fig. 1 is a hardware connection diagram of a first embodiment of the present invention; fig. 2-4 are circuit diagrams of the CPU103 and FLASH module of the first embodiment of the present invention; fig. 5 is a circuit diagram of a CPLD module according to a first embodiment of the present invention; fig. 6 is a block diagram of the encryption flow of the registration authorization of the first embodiment of the present invention; fig. 7 is a block diagram illustrating the process of the power-on authentication according to the first embodiment of the present invention; fig. 8 is a block diagram of the decryption start flow according to the first embodiment of the present invention; the utility model provides an embedded software encryption protection system based on CPLD, including CPLD body 101 and encryption subassembly, the encryption subassembly includes registration authorization encryption server 102, CPU103, external FLASH104, registration interface 105, authentication interface 106, loading interface 107 and burns record interface 108; the CPLD body 101 includes a registration information management module 109, a built-in FLASH110, and an ID extraction module 111, and the CPU103 includes an authentication management 112, a decryption module 113, and a start control 114; the CPU103 model is AT91RM9200; the external FLASH104 is S29GL256N90TFIR10.
In this embodiment, the CPLD body 101 provides a key for starting decryption of the binary file, and chip ID and registration ID information required for starting the authentication process for software start by using the stored key, the registration ID information, and the extracted self ID.
The registration authorization encryption server 102 is connected to the CPLD body 101 through the registration interface 105, the CPU103 is connected to the CPLD body 101 through the authentication interface 106, and the CPU103 is connected to the external FLASH104 through the loading interface 107; the external FLASH104 is connected with the registration authorization encryption server 102 through the burning interface 108; the registration authorization encryption server 102 runs registration authorization software and binary file encryption software to generate registration authorization information, a ciphertext binary file and a secret key; the CPU103 obtains the started ciphertext binary file from the external FLASH104 through the loading interface 107, and obtains the authentication information and the key from the CPLD body 101 through the authentication interface 106; the registration authorization encryption server 102 sends the registration authorization information and the key to the CPLD for storage through the registration interface 105; burning the ciphertext binary file into the FLASH through the burning interface 108; encrypting the software binary file by a special encryption algorithm, registering by an ID (unique identification code of a chip), decrypting the software binary file in a starting process, and authenticating the ID in an operating process; the embedded software is ensured not to be used when decryption fails or authentication fails, and malicious copying and transplantation are prevented, so that the problem that the measures have certain defects and are not suitable for the embedded software for secret storage is solved.
Next, the registration information management module 109 stores the registration information and the secret key in the built-in FLASH110, and reads the registration information and the secret key when the FLASH is turned on.
Again, the ID extraction module 111 is configured to extract ID information of the CPLD body 101.
Then, the authentication management 112 is used for boot authentication; the decryption module 113 is configured to decrypt the ciphertext binary file.
Finally, the start control 114 is used to determine the authentication and decryption states and control the CPU103 to start software.
When the embedded software encryption protection system based on the CPLD is used for secrecy, the CPU103 is connected with the external FLASH104 and the CPLD body 101 through an address bus (CPU 103_ a), a data bus (CPU 103_ D), a read-write signal (noewe) and a chip select signal (CS), and the read-write signal and the chip select signal are mainly used for control to realize the operation on the external FLASH104 or the CPLD body 101; the CPLD body 101 can be LC4256V-75T100I of Lattice company; in addition, in order to ensure security, the registration authorization encryption server 102 adopts special person management and registration authorization, and strict key management and control. The registration authorization encryption server 102 is configured to extract ID (Identity document) information of the CPLD body 101, control implementation of registration and authorization processes, and encrypt a binary file to generate a ciphertext binary file; based on the hardware module, the embedded software encryption protection system based on the CPLD comprises 3 parts of registration authorization encryption, startup authentication and startup decryption:
1. registration authorization encryption
The encryption software and the key of the registration authentication encryption server perform encryption operation on the binary file embedded in the software to generate a ciphertext binary file, and the ciphertext binary file is burned into the external FLASH104 (model S29GL256N 90) of the CPU 103.
The registration authentication encryption server obtains the ID information of the CPLD body 101 by running registration information generation software, and writes the ID information and a key generated by the encryption software into the built-in FLASH110 of the CPLD body 101 through registration management.
2. Boot authentication
After the CPLD is started, ID information authentication is started, ID information registered in the built-in FLASH in the CPLD body 101 is acquired through the authentication interface 106, meanwhile, the ID information of the current CPLD body 101 is acquired, ID information consistency comparison is carried out, if the information is inconsistent, the authentication fails, and the starting process is stopped; if the information is consistent, the authentication is successful, and the boot program is started.
3. Initiating decryption
After the computer is started, the CPU103 reads the ciphertext binary file from the external FLASH104, waits for the start authentication result, exits the start program if the authentication fails, starts to read the key from the CPLD body 101 if the authentication succeeds, decrypts the ciphertext binary file, determines whether the key is correct through the plaintext binary file after the decryption is completed, and stops the start program if the key is incorrect. If the result is correct, a bootstrap program is operated, and the CPU103 software is started.
While the invention has been described with reference to a preferred embodiment, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention.

Claims (5)

1. An embedded software encryption protection system based on a CPLD comprises a CPLD body, wherein the CPLD body provides a key for starting and decrypting a binary file for software starting and chip ID and registration ID information required by starting an authentication process by using a stored key, registration ID information and an extracted self ID; it is characterized in that the preparation method is characterized in that,
also included is an encryption component;
the encryption component comprises a registration authorization encryption server, a CPU, an external FLASH, a registration interface, an authentication interface, a loading interface and a burning interface; the registration authorization encryption server is connected with the CPLD body through the registration interface, the CPU is connected with the CPLD body through the authentication interface, and the CPU is connected with the external FLASH through the loading interface; the external FLASH is connected with the registration authorization encryption server through the burning interface; the registration authorization encryption server runs registration authorization software and binary file encryption software to generate registration authorization information, a ciphertext binary file and a secret key; the CPU acquires the started ciphertext binary file from the external FLASH through the loading interface, and acquires authentication information and a secret key from the CPLD body through the authentication interface; the registration authorization encryption server sends registration authorization information and a secret key to a CPLD (complex programmable logic device) for storage through the registration interface; and burning the ciphertext binary file into the FLASH through the burning interface.
2. The CPLD-based embedded software encryption protection system according to claim 1,
the CPLD body comprises a registration information management module and a built-in FLASH, wherein the registration information management module stores registration information and a secret key into the built-in FLASH and reads the registration information and the secret key when the CPLD is started.
3. The CPLD-based embedded software encryption protection system of claim 2,
the CPLD body also comprises an ID extraction module, and the ID extraction module extracts the ID information of the CPLD body.
4. The CPLD-based embedded software encryption protection system according to claim 3,
the CPU comprises an authentication management and decryption module; the authentication management is used for starting up authentication; the decryption module is used for decrypting the ciphertext binary file.
5. The CPLD-based embedded software encryption protection system according to claim 4,
the CPU also comprises a starting control, wherein the starting control is used for judging the authentication and decryption states and controlling the starting of the CPU software.
CN202221806647.XU 2022-07-13 2022-07-13 Embedded software encryption protection system based on CPLD Active CN218068848U (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202221806647.XU CN218068848U (en) 2022-07-13 2022-07-13 Embedded software encryption protection system based on CPLD

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202221806647.XU CN218068848U (en) 2022-07-13 2022-07-13 Embedded software encryption protection system based on CPLD

Publications (1)

Publication Number Publication Date
CN218068848U true CN218068848U (en) 2022-12-16

Family

ID=84399742

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202221806647.XU Active CN218068848U (en) 2022-07-13 2022-07-13 Embedded software encryption protection system based on CPLD

Country Status (1)

Country Link
CN (1) CN218068848U (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116755727A (en) * 2023-08-21 2023-09-15 湖南博匠信息科技有限公司 Intelligent upgrading method and system for firmware of embedded device

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116755727A (en) * 2023-08-21 2023-09-15 湖南博匠信息科技有限公司 Intelligent upgrading method and system for firmware of embedded device
CN116755727B (en) * 2023-08-21 2023-11-03 湖南博匠信息科技有限公司 Intelligent upgrading method and system for firmware of embedded device

Similar Documents

Publication Publication Date Title
US6606707B1 (en) Semiconductor memory card
CN107508679B (en) Binding and authentication method for intelligent terminal main control chip and encryption chip
CN110851886B (en) storage device
TWI379571B (en) Method and system for command authentication to achieve a secure interface
JP2009516871A (en) Secure data cartridge
CN109344598A (en) The binding of equipment room and authority control method, device, equipment and storage medium
TW201248637A (en) Secure removable media and the method for managing secure removable media
CN114785503B (en) Cipher card, root key protection method thereof and computer readable storage medium
JP2006527433A (en) Verification method based on private space of USB flash memory disk storage medium
CN102163267A (en) Solid state disk as well as method and device for secure access control thereof
CN110795776A (en) Safety hard disk
WO2019237304A1 (en) Key processing method and device
CN105005721A (en) Computer authorization starting control system and method based on computer starting key
JP2009253783A (en) Mobile terminal, data protection method and program for data protection
CN218068848U (en) Embedded software encryption protection system based on CPLD
CN112243154B (en) Set top box safe starting method, equipment and medium
CN112468294A (en) Access method and authentication equipment for vehicle-mounted TBOX
CN105608775A (en) Authentication method, terminal, access control card and SAM card
CN101673248A (en) Storage system, controller and data protection method
JP2003256060A (en) Program use authentication method
CN103838997A (en) Single-chip microcomputer password verification method and device
WO2015154469A1 (en) Database operation method and device
JP4561213B2 (en) Hard disk security management system and method thereof
US12204616B2 (en) Method and intelligent apparatus for calling permission verification of protected intelligent application
JPH10301854A (en) Chip card and method for importing information on the same

Legal Events

Date Code Title Description
GR01 Patent grant
GR01 Patent grant