A secure chip and a control method, device and medium thereof

By using the controller and memory overlay circuitry of the security chip to quickly self-destruct when an insecure environment is detected, the problem of slow self-destruction speed leading to information leakage in existing technologies is solved, thus achieving secure protection of encrypted data.

CN115795567BActive Publication Date: 2026-07-03JIANGSU XINSHENG INTELLIGENT TECH CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
JIANGSU XINSHENG INTELLIGENT TECH CO LTD
Filing Date
2022-11-21
Publication Date
2026-07-03

AI Technical Summary

Technical Problem

Existing smart chips have slow self-destruction speeds in insecure environments, which may lead to information leakage and make it impossible to prevent information leakage in a timely manner.

Method used

A security chip is provided, including a controller, a security monitoring device, and a memory overlay circuit. When the security monitoring device detects an unsafe environment, it generates a self-destruct signal and controls the memory overlay circuit to overwrite the data in the non-volatile memory device, thereby achieving rapid self-destruction.

Benefits of technology

It enables rapid self-destruction of the chip in insecure environments, ensuring that encrypted data cannot be read, improving self-destruction efficiency and preventing information leakage.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN115795567B_ABST
    Figure CN115795567B_ABST
Patent Text Reader

Abstract

The application discloses a security chip and a control method, device and medium thereof, comprising a controller, a security monitoring device and a memory covering circuit. The security monitoring device is connected with the controller and is used for generating a self-destruction signal and sending the self-destruction signal to the controller when it is monitored that the security state of the chip meets a preset condition; the controller is connected with the memory covering circuit, the memory covering circuit is connected with a non-volatile memory device of the chip, the non-volatile memory device is a device used for storing chip configuration information and key information, and when the self-destruction signal is detected, the memory covering circuit is controlled to cover the data in the non-volatile memory device, so that the encrypted data in the chip cannot be read. The application judges whether the chip is in a safe environment through the security monitoring device, and controls the memory covering circuit to cover the chip configuration information and the key information in the non-volatile memory device. The programming of the memory covering circuit does not need preparation time, so that the self-destruction efficiency of the chip is improved.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application relates to the field of information security, and in particular to a security chip and its control method, device, and medium. Background Technology

[0002] With the development of embedded technology, the information security of smart devices has gradually gained attention. Especially in sectors such as government, transportation, energy, healthcare, and communications, the leakage of critical information can lead to enormous losses. The foundation of information security is chip security. Currently, data in smart chips is mostly encrypted using passwords, but intruders can decrypt the data based on key information and chip information. Therefore, to prevent information leakage, it is necessary for the chips in smart devices to self-destruct promptly in insecure environments (e.g., when a risk of information leakage is detected).

[0003] Current chip self-destruction technologies mostly destroy chips through high voltage current or mechanical high voltage. However, this method requires additional physical devices to be attached to the chip. Since the high voltage or mechanical high voltage provided by the physical devices requires a certain preparation time, the self-destruction speed is slow, and information leakage may occur due to untimely self-destruction.

[0004] Therefore, how to provide a more efficient self-destructing security chip that can quickly self-destruct in unsafe environments is a problem that urgently needs to be solved by those skilled in the art. Summary of the Invention

[0005] The purpose of this application is to provide a security chip and its control method, device, and medium to ensure that the chip can quickly self-destruct in an unsafe environment.

[0006] To address the aforementioned technical problems, this application provides a security chip, comprising:

[0007] Controller, safety monitoring device, memory overlay circuit;

[0008] The security monitoring device is connected to the controller and is used to generate a self-destruct signal and send the self-destruct signal to the controller when the security status of the chip meets the preset conditions.

[0009] The controller is connected to a memory overlay circuit, which is connected to the chip's non-volatile memory device. The non-volatile memory device is used to store the chip's configuration information and key information. When the self-destruct signal is detected, the controller controls the memory overlay circuit to overwrite the data in the non-volatile memory device.

[0010] Preferably, it also includes a self-destruct information burning circuit;

[0011] The first terminal of the self-destruct information writing circuit is connected to the controller, and the second terminal of the self-destruct information writing circuit is connected to the non-volatile memory device.

[0012] Upon detecting the self-destruct completion command sent by the controller, the self-destruct flag of the chip is set to 1.

[0013] To address the aforementioned technical problems, this application also provides a security chip control method, applied to a security chip including a controller, a security monitoring device, and a memory overlay circuit, wherein the security monitoring device is connected to the controller, the controller is connected to the memory overlay circuit, and the memory overlay circuit is connected to the chip's non-volatile memory device, the method comprising:

[0014] Determine whether a self-destruct signal is detected. The self-destruct signal is a signal generated by the security detection device when it detects that the security status of the chip meets preset conditions.

[0015] If the self-destruct signal is detected, the memory overwrite circuit is controlled to overwrite the data in the non-volatile memory device.

[0016] Preferably, after the step of controlling the memory overlay circuit to overlay the data in the non-volatile memory device, the method further includes:

[0017] Delete the key management data from the flash file system of the chip.

[0018] Preferably, after the step of deleting the key management data in the flash file system of the chip, the method further includes:

[0019] Erase the flash memory translation table entries of the chip.

[0020] Preferably, it further includes: upon receiving a chip restart command, determining whether the chip's self-destruct flag is at a high level;

[0021] If the self-destruct flag is high, the restart process will be terminated.

[0022] Preferably, after the step of detecting a self-destruct signal, the method further includes:

[0023] Determine whether the chip is in normal operating mode;

[0024] If not in the normal operating mode, the step of controlling the memory overlay circuit to overlay the data in the non-volatile memory device is performed.

[0025] To address the aforementioned technical problems, this application also provides a security chip control device applied to a security chip including a controller, a security monitoring device, and a memory overlay circuit, wherein the security monitoring device is connected to the controller, the controller is connected to the memory overlay circuit, and the memory overlay circuit is connected to the chip's non-volatile memory device, and the method includes:

[0026] The judgment unit is used to determine whether a self-destruct signal is detected. The self-destruct signal is a signal generated by the security detection device when it detects that the security status of the chip meets preset conditions.

[0027] An overlay unit is configured to control the memory overlay circuit to overlay the data in the non-volatile memory device if the self-destruct signal is detected.

[0028] To address the aforementioned technical problems, this application also provides a security chip control device, including a memory for storing computer programs;

[0029] A processor is used to implement the steps of the security chip control method when executing the computer program.

[0030] To address the aforementioned technical problems, this application also provides a computer-readable storage medium storing a computer program, which, when executed by a processor, implements the steps of the security chip control method described above.

[0031] This application provides a security chip, including: a controller, a security monitoring device, and a memory overlay circuit. The security monitoring device is connected to the controller and generates a self-destruct signal and sends it to the controller when the chip's security status is detected to meet preset conditions. The controller is connected to the memory overlay circuit, which is connected to the chip's non-volatile memory device. The non-volatile memory device is used to store chip configuration information and key information. When the self-destruct signal is detected, the memory overlay circuit overwrites the data in the non-volatile memory device, thereby ensuring that the encrypted data in the chip cannot be read. Therefore, the technical solution provided in this application, by using a security monitoring device to determine whether the chip is in a secure environment and controlling the memory overlay circuit to overwrite the chip configuration information and key information in the non-volatile memory device, and by eliminating the need for preparation time during the memory overlay circuit's programming, improves the chip's self-destruct efficiency.

[0032] In addition, this application also provides a security chip control method, apparatus, and medium, which are applied to the above-mentioned security chip and have the same effect. Attached Figure Description

[0033] To more clearly illustrate the embodiments of this application, the accompanying drawings used in the embodiments will be briefly introduced below. Obviously, the drawings described below are only some embodiments of this application. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.

[0034] Figure 1 This is a structural diagram of a security chip provided in an embodiment of this application;

[0035] Figure 2 A flowchart illustrating a control method for a security chip provided in an embodiment of this application;

[0036] Figure 3 This is a structural diagram of a security chip control device provided in an embodiment of this application;

[0037] Figure 4 This is a structural diagram of another security chip control device provided in an embodiment of this application;

[0038] The attached diagram is labeled as follows: 1 is the controller, 2 is the safety monitoring device, and 3 is the memory overlay circuit. Detailed Implementation

[0039] The technical solutions of the embodiments of this application will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of this application, and not all embodiments. Based on the embodiments of this application, all other embodiments obtained by those of ordinary skill in the art without creative effort are within the protection scope of this application.

[0040] The core of this application is to provide a security chip and its control method, device, and medium to ensure that the chip can quickly self-destruct in an unsafe environment.

[0041] With the development of information technology, information security has become increasingly important. The foundation of information security is chip security. Chips in smart devices used in daily life (e.g., automotive chips, computer chips) often store large amounts of user personal data and manufacturer data. If this data is leaked, it could cause significant losses to manufacturers and users. To address this issue, this application provides a secure chip and a secure chip control method. By controlling the secure chip to rapidly self-destruct in insecure environments (e.g., under external attack or upon receiving a self-destruct command), the method aims to protect the data security within the chip. The secure chip includes: a controller, a security monitoring device, and a memory overlay circuit. The security monitoring device is connected to the controller and generates a self-destruct signal and sends it to the controller when the chip's security status meets preset conditions. The controller is connected to the memory overlay circuit, which is connected to the chip's non-volatile memory device. The non-volatile memory device stores chip configuration information and key information. When the self-destruct signal is detected, the memory overlay circuit overwrites the data in the non-volatile memory device, thereby ensuring that the encrypted data in the chip cannot be read. Therefore, the technical solution provided in this application determines whether the chip is in a secure environment through a security monitoring device and controls the memory overlay circuit to overwrite the chip configuration information and key information in the non-volatile memory device. The writing of the memory overlay circuit does not require preparation time, thereby improving the chip self-destruct efficiency.

[0042] To enable those skilled in the art to better understand the present application, the present application will be further described in detail below with reference to the accompanying drawings and specific embodiments.

[0043] Figure 1 This is a structural diagram of a security chip provided in an embodiment of this application, such as... Figure 1 As shown, the security chip includes:

[0044] Controller 1, safety monitoring device 2, memory overlay circuit 3;

[0045] The safety monitoring device 2 is connected to the controller 1 and is used to generate a self-destruct signal and send the self-destruct signal to the controller 1 when the safety status of the chip is detected to meet the preset conditions.

[0046] The controller 1 is connected to the memory overlay circuit 3, which is connected to the chip's non-volatile memory device. The non-volatile memory device is used to store chip configuration information and key information. When a self-destruct signal is detected, the controller memory overlay circuit 3 overwrites the data in the non-volatile memory device.

[0047] In specific implementations, controller 1 can be an additionally configured microprocessor or the chip to be protected itself. In this embodiment, the chip to be protected is selected as controller 1 to implement the control function, thereby reducing the hardware cost of the security chip. It is understood that the memory overlay circuit 3 provided in this embodiment is a circuit connected to the chip to be protected, and the chip mentioned in this embodiment is the chip to be protected. When the chip to be protected is selected as controller 1, the security chip only includes the chip to be protected, the security detection circuit, and the memory overlay circuit 3.

[0048] Security detection devices monitor whether the security status of a chip meets preset conditions. If the preset conditions are met, it indicates that the chip is in a secure environment and there is no risk of information leakage. When the preset conditions are not met, it indicates that the chip is in an insecure environment and may be subject to external attacks, requiring the chip to trigger a self-destruct operation. Common chip attack methods include three categories: side-channel attacks, fault injection attacks, and physical attacks.

[0049] Physical attacks specifically involve removing the chip package, making electrical contact with the internal circuitry, and combining this with other attack methods to obtain sensitive information stored within the chip. Common physical attack methods include temperature attacks, voltage attacks, and laser attacks. Fault injection attacks specifically involve using faults (voltage, clock, etc.) to cause circuit anomalies, analyzing the sensitive information inside the chip based on the anomaly information; or directly using the circuit anomalies to change program operation. Side-channel attacks specifically involve using the device interface to analyze the chip's electromagnetic and power consumption. Common side-channel attacks include power consumption side-channel attacks and electromagnetic side-channel attacks. To monitor whether the chip is subjected to the above attacks, the security monitoring device 2 includes at least a temperature detection circuit, a voltage detection circuit, a chip package detection circuit, and a side-channel attack detection unit. It should be noted that the technical solution provided in this embodiment is mainly used to solve the problem of controlling the chip to self-destruct rapidly after detecting a self-destruct signal; therefore, the detection of unsafe environments will not be elaborated here.

[0050] It is understandable that, in addition to generating a self-destruct signal when attacked by external forces, a self-destruct signal can also be generated when a user's self-destruct command is received (e.g., when the self-destruct button is detected to be pressed).

[0051] In practical implementation, chips typically integrate one-time programmable (OTP) non-volatile memory devices. These memory devices store key information such as the chip's key and key verification bit, as well as chip configuration information such as sensitive chip information, analog IP checksums, chip serial number, ROM boot configuration information, and chip firmware configuration information. If this information is lost, external systems will be unable to access or parse the data in the chip. Therefore, to ensure the security of the data in the chip, it is necessary to overwrite the data in the non-volatile memory device. Specifically, when controller 1 detects a self-destruct signal, it controls the memory overwrite circuit 3 to write all data in the key area, key verification bit area, and sensitive chip area of ​​the one-time programmable memory device to 1, thereby overwriting the data.

[0052] This embodiment provides a security chip, including: a controller, a security monitoring device, and a memory overlay circuit. The security monitoring device is connected to the controller and generates a self-destruct signal and sends it to the controller when the chip's security status meets preset conditions. The controller is connected to the memory overlay circuit, which is connected to the chip's non-volatile memory device. The non-volatile memory device is used to store chip configuration information and key information. When the self-destruct signal is detected, the memory overlay circuit overwrites the data in the non-volatile memory device, thereby ensuring that the encrypted data in the chip cannot be read. Therefore, the technical solution provided in this application determines whether the chip is in a secure environment through the security monitoring device and controls the memory overlay circuit to overwrite the chip configuration information and key information in the non-volatile memory device. The memory overlay circuit requires no preparation time for programming, thereby improving the chip's self-destruct efficiency.

[0053] In practical implementation, after the security chip self-destructs, to further improve chip security, it is necessary to determine the chip's status to ascertain whether the self-destruction was successful. However, the self-destruction process primarily involves overwriting the data within the chip, making it difficult for users to quickly and easily determine whether the self-destruction was successful. To address this issue, based on the aforementioned embodiment, the security chip further includes a self-destruct information writing circuit. The first terminal of the self-destruct information writing circuit is connected to controller 1, and the second terminal is connected to a non-volatile memory device. Upon detecting a self-destruct completion command sent by controller 1, the chip's self-destruct flag is set to 1. The chip's self-destruct flag is a byte set in the OTP storage device.

[0054] In this embodiment, a self-destruct information writing circuit is set in the security chip, and the self-destruction completion information is written into the security chip's OTP storage device through the self-destruct writing circuit so that the user can view it later.

[0055] Figure 2This is a flowchart illustrating a security chip control method provided in an embodiment of this application. The method is applied to a security chip including a controller, a security monitoring device, and a memory overlay circuit. The security monitoring device is connected to the controller, the controller is connected to the memory overlay circuit, and the memory overlay circuit is connected to the chip's non-volatile memory device. Figure 2 As shown, the method includes:

[0056] S10: Determine whether a self-destruct signal is detected. The self-destruct signal is a signal generated by the safety detection device when it detects that the safety status of the chip meets preset conditions.

[0057] S11: If a self-destruct signal is detected, the memory overwrite circuit is controlled to overwrite the data in the non-volatile memory device.

[0058] In practice, when the controller detects a self-destruct signal, it controls the memory overwrite circuit to overwrite the data in the non-volatile memory settings, burning all the data in the key area, key verification bit area, chip sensitive area, and other areas of the one-time programmable storage device to 1, so as to achieve data overwrite.

[0059] This embodiment provides a secure chip control method, including: determining whether a self-destruct signal is detected, wherein the self-destruct signal is a signal generated by a security detection device when it detects that the chip's security status meets preset conditions. If a self-destruct signal is detected, the memory overlay circuit is controlled to overwrite the data in the non-volatile memory device, thereby ensuring that the encrypted data in the chip cannot be read. Therefore, the technical solution provided in this application, by using a security monitoring device to determine whether the chip is in a secure environment and controlling the memory overlay circuit to overwrite the chip configuration information and key information in the non-volatile memory device, eliminates the need for preparation time during the memory overlay circuit's programming, thus improving the chip's self-destruct efficiency.

[0060] In practice, after deleting the chip configuration information and key information from the chip to be protected, incomplete deletion may lead to information leakage. To further improve the security of the chip to be protected, based on the above embodiment, after the step of controlling the memory overlay circuit to overwrite the data in the non-volatile memory device, the method further includes: deleting the key management data in the chip's flash file system. In practice, deleting the key management data in the flash file system of the chip to be protected causes the chip key management system to malfunction, making it impossible for an intruder to recover the data keys and key management system after resetting the chip.

[0061] As a preferred embodiment, in order to improve the security of the security chip, the Faster-Than-Light (FTL) entries of the chip can also be erased, so that the data cannot be mapped normally by damaging the FTL entries.

[0062] Furthermore, to prevent intruders from recovering the aforementioned key information and key management system, after the chip self-destruction task is completed, a watchdog timer is triggered to perform a full chip soft reset, causing the protected chip to be reset and restarted. Based on the above embodiment, the method further includes: upon receiving a chip restart command, determining whether the chip's self-destruct flag is high; if the self-destruct flag is high, terminating the restart process; if the self-destruct flag is not high, continuing to execute the restart command.

[0063] During the reset and restart process of the protected chip, the ROM is loaded. At this time, the ROM can be used to check whether the self-destruct flag of the protected chip is high. If it is high, the restart process is terminated. Specifically, the ROM obtains the self-destruct flag stored in the eFuse register through the eFuse controller. If the self-destruct flag is low at this time, the restart command is executed to control the chip to restart.

[0064] In practical implementation, to further enhance the security of chip data, a self-destruct button is typically provided for the security chip, allowing users to control the chip to self-destruct in a timely manner. However, the self-destruct button may be accidentally pressed, and the security chip may also self-destruct due to misjudgment by the security detection device during normal operation. To address this issue, after detecting the self-destruct signal, the process also includes: determining whether the chip is in normal operating mode; if not in normal operating mode, then executing the step of controlling the memory overwrite circuit to overwrite the data in the non-volatile memory device.

[0065] In practice, the security chip has two operating modes: a normal operating mode and a self-destruct mode. Normally, the security chip operates in the normal operating mode, in which case even if the controller detects a self-destruct signal from the security monitoring device, it will not initiate the self-destruct process. Only when the security chip is operating in self-destruct mode will the controller control the memory overwrite circuitry to overwrite the data in the non-volatile memory device.

[0066] The security chip control method has been described in detail in the above embodiments. This application also provides embodiments corresponding to the security chip control device. It should be noted that this application describes the embodiments of the device part from two perspectives: one is based on the functional module, and the other is based on the hardware.

[0067] Figure 3 This is a structural diagram of a security chip control device provided in an embodiment of this application. The device is applied to a security chip including a controller, a security monitoring device, and a memory overlay circuit. The security monitoring device is connected to the controller, the controller is connected to the memory overlay circuit, and the memory overlay circuit is connected to the chip's non-volatile memory device. Figure 3 As shown, the device includes:

[0068] Judgment unit 10 is used to determine whether a self-destruct signal is detected. The self-destruct signal is a signal generated by the safety detection device when it detects that the safety status of the chip meets preset conditions.

[0069] Covering unit 11 is used to control the memory covering circuit to cover the data in the non-volatile memory device if a self-destruct signal is detected.

[0070] Since the embodiments of the apparatus and the embodiments of the method correspond to each other, please refer to the description of the embodiments of the method for the embodiments of the apparatus, which will not be repeated here.

[0071] This embodiment provides a security chip control device applied to the security chip described in the above embodiment. The device includes: determining whether a self-destruct signal is detected; the self-destruct signal is a signal generated by the security detection device when it detects that the chip's security status meets preset conditions. If a self-destruct signal is detected, the device controls a memory overlay circuit to overwrite the data in the non-volatile memory device, thereby ensuring that the encrypted data in the chip cannot be read. Therefore, the technical solution provided in this application, by using a security monitoring device to determine whether the chip is in a secure environment and controlling the memory overlay circuit to overwrite the chip configuration information and key information in the non-volatile memory device, improves the chip's self-destruct efficiency by eliminating the need for preparation time during the memory overlay circuit's programming.

[0072] Figure 4 A structural diagram of another security chip control device provided in the embodiments of this application is shown below. Figure 4 As shown, the security chip control device includes: a memory 20 for storing computer programs;

[0073] The processor 21 is used to implement the steps of the security chip control method as described in the above embodiments when executing a computer program.

[0074] The terminal devices provided in this embodiment may include, but are not limited to, smartphones, tablets, laptops, or desktop computers.

[0075] The processor 21 may include one or more processing cores, such as a quad-core processor or an octa-core processor. The processor 21 may be implemented using at least one of the following hardware forms: Digital Signal Processor (DSP), Field-Programmable Gate Array (FPGA), or Programmable Logic Array (PLA). The processor 21 may also include a main processor and a coprocessor. The main processor, also known as the Central Processing Unit (CPU), is used to process data in the wake-up state; the coprocessor is a low-power processor used to process data in the standby state. In some embodiments, the processor 21 may integrate a Graphics Processing Unit (GPU), which is responsible for rendering and drawing the content to be displayed on the screen. In some embodiments, the processor 21 may also include an Artificial Intelligence (AI) processor, which is used to handle computational operations related to machine learning.

[0076] The memory 20 may include one or more computer-readable storage media, which may be non-transitory. The memory 20 may also include high-speed random access memory and non-volatile memory, such as one or more disk storage devices or flash memory devices. In this embodiment, the memory 20 is used to store at least the following computer program 201, which, after being loaded and executed by the processor 21, is capable of implementing the relevant steps of the security chip control method disclosed in any of the foregoing embodiments. In addition, the resources stored in the memory 20 may also include an operating system 202 and data 203, and the storage method may be temporary or permanent storage. The operating system 202 may include Windows, Unix, Linux, etc. The data 203 may include, but is not limited to, key information, chip configuration information, etc.

[0077] In some embodiments, the security chip control device may further include a display screen 22, an input / output interface 23, a communication interface 24, a power supply 25, and a communication bus 26.

[0078] Those skilled in the art will understand that Figure 4 The structure shown does not constitute a limitation on the security chip control device and may include more or fewer components than shown.

[0079] The security chip control device provided in this application includes a memory and a processor. When the processor executes a program stored in the memory, it can implement the following method:

[0080] Determine whether a self-destruct signal has been detected. The self-destruct signal is a signal generated by the safety detection device when it detects that the safety status of the chip meets preset conditions.

[0081] If a self-destruct signal is detected, the control memory overwrite circuitry overwrites the data in the non-volatile memory device.

[0082] Finally, this application also provides an embodiment corresponding to a computer-readable storage medium. The computer-readable storage medium stores a computer program, which, when executed by a processor, implements the steps described in the above method embodiments.

[0083] It is understood that if the methods in the above embodiments are implemented as software functional units and sold or used as independent products, they can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of this application, in essence, or the part that contributes to the prior art, or all or part of the technical solution, can be embodied in the form of a software product. This computer software product is stored in a storage medium and executes all or part of the steps of the methods described in the various embodiments of this application. The aforementioned storage medium includes various media capable of storing program code, such as USB flash drives, portable hard drives, read-only memory (ROM), random access memory (RAM), magnetic disks, or optical disks.

[0084] The security chip, its control method, apparatus, and medium provided in this application have been described in detail above. The various embodiments in the specification are described in a progressive manner, with each embodiment focusing on its differences from other embodiments. Similar or identical parts between embodiments can be referred to interchangeably. For the apparatus disclosed in the embodiments, since it corresponds to the method disclosed in the embodiments, the description is relatively simple; relevant parts can be referred to in the method section. It should be noted that those skilled in the art can make several improvements and modifications to this application without departing from the principles of this application, and these improvements and modifications also fall within the protection scope of the claims of this application.

[0085] It should also be noted that, in this specification, relational terms such as "first" and "second" are used only to distinguish one entity or operation from another, and do not necessarily require or imply any such actual relationship or order between these entities or operations. Furthermore, the terms "comprising," "including," or any other variations thereof are intended to cover non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements includes not only those elements but also other elements not expressly listed, or elements inherent to such a process, method, article, or apparatus. Without further limitations, an element defined by the phrase "comprising one..." does not exclude the presence of other identical elements in the process, method, article, or apparatus that includes said element.

Claims

1. A secure chip, characterized by include: Controller, safety monitoring device, memory overlay circuit; The controller is the chip itself that needs to be protected; The security monitoring device is connected to the controller and is used to monitor whether the security status of the chip meets preset conditions. If the preset conditions are met, it indicates that the chip is in a secure environment. If the preset conditions are not met, it indicates that the chip is in a non-secure environment, and a self-destruct signal is generated and sent to the controller. The attack methods that the chip is subjected to in a non-secure environment include side-channel attacks, fault injection attacks, and physical attacks. The security monitoring device includes at least a temperature detection circuit, a voltage detection circuit, a chip packaging detection circuit, and a side-channel attack detection unit. The controller is connected to a memory overlay circuit, which is connected to the chip's non-volatile memory device. The non-volatile memory device is used to store the chip's configuration information and key information. When the self-destruct signal is detected, the controller controls the memory overlay circuit to overwrite the data in the non-volatile memory device. Specifically, the memory overlay circuit writes all the data in the key area, key check bit area, and chip sensitive area of ​​the non-volatile memory device to 1 to achieve data overlay.

2. The security chip according to claim 1, characterized in that It also includes a self-destruct information burning circuit; The first terminal of the self-destruct information writing circuit is connected to the controller, and the second terminal of the self-destruct information writing circuit is connected to the non-volatile memory device. Upon detecting the self-destruct completion command sent by the controller, the self-destruct flag of the chip is set to 1.

3. A secure chip control method characterized by, An application is made to a security chip comprising a controller, a security monitoring device, and a memory overlay circuit, wherein the controller is the chip itself to be protected; the security monitoring device is connected to the controller, the controller is connected to the memory overlay circuit, and the memory overlay circuit is connected to the chip's non-volatile memory device; the security monitoring device monitors whether the chip's security status meets preset conditions; if the preset conditions are met, it indicates that the chip is in a secure environment; if the preset conditions are not met, it indicates that the chip is in an insecure environment, generates a self-destruct signal, and sends the self-destruct signal to the controller; the attack methods suffered by the chip in an insecure environment include side-channel attacks, fault injection attacks, and physical attacks; the security monitoring device includes at least a temperature detection circuit, a voltage detection circuit, a chip packaging detection circuit, and a side-channel attack detection unit; the method includes: Determine whether a self-destruct signal is detected. The self-destruct signal is a signal generated by the safety monitoring device when it detects that the safety status of the chip does not meet preset conditions. If the self-destruct signal is detected, the memory overwrite circuit is controlled to overwrite the data in the non-volatile memory device; wherein, the memory overwrite circuit writes all the data in the key area, key check bit area and chip sensitive area of ​​the non-volatile memory device to 1, so as to achieve data overwrite.

4. The secure chip control method according to claim 3, characterized by, After the step of controlling the memory overlay circuit to overlay the data in the non-volatile memory device, the method further includes: Delete the key management data from the flash file system of the chip.

5. The secure chip control method according to claim 4, characterized by, After the step of deleting the key management data in the flash file system of the chip, the method further includes: Erase the flash memory translation table entries of the chip.

6. The secure chip control method according to claim 3, characterized by, Also includes: Upon receiving a chip restart command, determine whether the chip's self-destruct flag is at a high level. If the self-destruct flag is high, the restart process will be terminated.

7. The secure chip control method according to claim 3, characterized by, After the self-destruct signal is detected, the following steps are also included: Determine whether the chip is in normal operating mode; If not in the normal operating mode, the step of controlling the memory overlay circuit to overlay the data in the non-volatile memory device is performed.

8. A secure chip control apparatus characterized by comprising: This invention relates to a security chip comprising a controller, a security monitoring device, and a memory overlay circuit. The controller is the chip itself to be protected. The security monitoring device is connected to the controller, the controller is connected to the memory overlay circuit, and the memory overlay circuit is connected to the chip's non-volatile memory device. The security monitoring device monitors whether the chip's security status meets preset conditions. If the preset conditions are met, the chip is in a secure environment; if the preset conditions are not met, the chip is in an insecure environment, generating a self-destruct signal and sending it to the controller. Attacks on the chip in an insecure environment include side-channel attacks, fault injection attacks, and physical attacks. The security monitoring device includes at least a temperature detection circuit, a voltage detection circuit, a chip packaging detection circuit, and a side-channel attack detection unit. The judgment unit is used to determine whether a self-destruct signal is detected. The self-destruct signal is a signal generated by the security monitoring device when it detects that the security status of the chip does not meet the preset conditions. The overlay unit is used to control the memory overlay circuit to overwrite the data in the non-volatile memory device if the self-destruct signal is detected; wherein the memory overlay circuit writes all the data in the key area, key check bit area and chip sensitive area in the non-volatile memory device to 1, so as to achieve data overlay.

9. A secure chip control apparatus characterized by comprising: Includes memory used to store computer programs; A processor for executing the computer program to implement the steps of the security chip control method as described in any one of claims 3 to 7.

10. A computer-readable storage medium, characterized in that, The computer-readable storage medium stores a computer program that, when executed by a processor, implements the steps of the security chip control method as described in any one of claims 3 to 7.