A secure architecture for a chip and a method of execution
By introducing components such as power circuits, monitoring channels, watchdog timers, and encryption/decryption units into the SoC chip, data security protection is achieved, solving the problem of the single security mode of existing SoC chips and enhancing data security.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- CHANGSHA FANGWEI TECH CO LTD
- Filing Date
- 2022-12-31
- Publication Date
- 2026-06-23
Smart Images

Figure CN115982790B_ABST
Abstract
Description
Technical Field
[0001] This application relates to the field of chip encryption technology, specifically to a chip security architecture and execution method. Background Technology
[0002] A System-on-a-Chip (SoC) refers to an entire electronic system integrated onto a single chip. Chips manufactured using SoC technology offer advantages such as application-oriented design, versatility, low power consumption, and low cost, making them suitable for various fields including wireless sensor networks.
[0003] With the development of information technology, information security has received increasing attention. Chips manufactured using SoC technology, while processing massive amounts of information, also face various data security risks. This is particularly true for chips used in security applications or as nodes in wireless sensor networks, where information security is paramount. Currently, chips manufactured using SoC technology typically only offer data encryption and decryption functions for information security, with relatively simple security mode settings, failing to guarantee data security from a technical perspective. Summary of the Invention
[0004] In view of the above problems, this application provides a chip security architecture and execution method to solve the problem that existing chips usually only have encryption and decryption functions for information protection, resulting in a relatively simple security mode setting.
[0005] To achieve the above objectives, the inventors provide a chip security architecture, including a power supply circuit, a monitoring channel, a watchdog timer, a security monitoring state machine, a destruction unit, a plaintext data channel, a self-programming unit, encryption / decryption components, and a memory.
[0006] The power supply circuit is connected to the monitoring channel, the security monitoring state machine, the plaintext data channel, the self-programming unit, the encryption / decryption component, and the memory; the power supply circuit is used to supply power to the monitoring channel, the security monitoring state machine, the plaintext data channel, the self-programming unit, the encryption / decryption component, and the memory.
[0007] The security monitoring state machine is connected to the monitoring channel and the destruction unit. The destruction unit is connected to the memory. The security monitoring state machine is used to verify abnormal behavior through the monitoring channel. When an abnormal channel reception or channel indication for destruction occurs, the destruction unit performs a destruction action on the memory.
[0008] The plaintext data channel and the self-programming unit are connected to the encryption / decryption component, which is connected to the memory. The encryption / decryption component is used to encrypt the plaintext data received by the plaintext data channel or the plaintext data programmed by the self-programming unit and store it in the memory.
[0009] In some embodiments, the monitoring channel includes a SOC monitoring channel, the security monitoring state machine includes a SOC security monitoring state machine, and the watchdog includes an HV watchdog.
[0010] The destruction unit includes a monitoring high voltage and an NVW destruction switch. The monitoring high voltage is connected to the power supply port of the memory through the NVW destruction switch, and the control terminal of the NVW destruction switch is connected to the SOC security monitoring state machine.
[0011] The SOC monitoring channel is connected to the SOC security monitoring state machine, and the HV watchdog is connected to the SOC security monitoring state machine;
[0012] The SOC security monitoring state machine is used to control the NVW destruction switch to be turned on when abnormal behavior is verified through the SOC monitoring channel, when channel reception is abnormal or channel indication is destroyed, or when the HV watchdog timer overflows, so as to monitor the high voltage destruction of the memory.
[0013] In some embodiments, a voltage converter is also included, and the destruction unit further includes a SOC destruction switch;
[0014] The power supply circuit includes a chip power supply that is connected to one end of the plaintext data channel, the self-programming unit, the encryption / decryption component, the memory, and the SOC destruction switch via the voltage converter.
[0015] The other end of the SOC destruction switch is grounded;
[0016] The aforementioned SOC security monitoring state machine is also used to control the SOC destruction switch to turn on and destroy the voltage converter when a channel reception anomaly occurs, a channel indication is destroyed, or the HV watchdog timer overflows.
[0017] In some embodiments, the monitoring channel includes an NVM monitoring channel, the security monitoring state machine includes an NVM security monitoring state machine, and the watchdog also includes a CV watchdog.
[0018] The NVM monitoring channel is connected to the NVM security monitoring state machine, and the CV watchdog is connected to the NVM security monitoring state machine;
[0019] The NVM security monitoring state machine is connected to the data port of the memory; the NVM security monitoring state machine is used to perform NVM data deletion on the memory when abnormal behavior is verified through the NVM monitoring channel, when channel reception is abnormal or channel indication is destroyed, or when the CV watchdog timer overflows.
[0020] In some embodiments, the encryption / decryption unit is used to encrypt the received plaintext data using a key, then obtain an encrypted file through bit modulation, and store it in a memory.
[0021] Another technical solution is also provided: a method for implementing a secure architecture for a chip, comprising the following steps:
[0022] Determine whether the chip is currently in a safe behavior mode;
[0023] If it is a security behavior mode, then determine whether it is an external monitoring mode;
[0024] In external monitoring mode, data is collected through the monitoring channel;
[0025] If not in external monitoring mode, the watchdog timer counts periodically;
[0026] The safety monitoring state machine verifies abnormal behavior.
[0027] When the channel reception is abnormal, the channel indication is destroyed, or the watchdog counter overflows, the security monitoring state machine will perform a destruction action.
[0028] If the chip is not currently in secure behavior mode, then determine whether it is in encrypted behavior mode.
[0029] If it is in encryption mode, then the encryption / decryption components are activated, and it is determined whether it is in external programming mode;
[0030] If it is in external programming mode, plaintext data is received through the plaintext data channel;
[0031] If not in external programming mode, then program plaintext data yourself;
[0032] The encryption / decryption unit encrypts the plaintext data and stores it in the memory;
[0033] If not in encrypted mode, then execute in insecure mode.
[0034] In some embodiments, the step "determine whether the chip is currently in a security behavior mode; if it is in a security behavior mode, determine whether it is in an external monitoring mode; if it is in an external monitoring mode, collect data through the monitoring channel; if it is not in an external monitoring mode, the watchdog timer counts; the security monitoring state machine verifies abnormal behavior; when the channel collection is abnormal, the channel indication is destroyed, or the watchdog count overflows, the security monitoring state machine performs a destruction action" specifically includes the following steps:
[0035] Determine whether the chip is currently in SOC security behavior mode;
[0036] If it is in SOC security behavior mode, then determine whether it is in external monitoring mode;
[0037] In external monitoring mode, data is collected through the SOC monitoring channel;
[0038] If not in external monitoring mode, the HV watchdog timer counts periodically.
[0039] The SOC security monitoring state machine verifies abnormal behavior.
[0040] When the channel reception is abnormal, the channel indicator is destroyed, or the HV watchdog count overflows, the SOC security monitoring state machine controls the NVW destruction switch to turn on, so as to monitor the high voltage destruction of the memory.
[0041] In some embodiments, the following steps are also included:
[0042] When the channel reception is abnormal, the channel indicator is destroyed, or the HV watchdog count overflows, the SOC security monitoring state machine controls the SOC destruction switch to turn on, destroying the voltage converter.
[0043] In some embodiments, the step "determine whether the chip is currently in a security behavior mode; if it is in a security behavior mode, determine whether it is in an external monitoring mode; if it is in an external monitoring mode, collect data through the monitoring channel; if it is not in an external monitoring mode, the watchdog timer counts; the security monitoring state machine verifies abnormal behavior; when the channel collection is abnormal, the channel indication is destroyed, or the watchdog count overflows, the security monitoring state machine performs a destruction action" specifically includes the following steps:
[0044] Determine if the chip is currently in NVM safe behavior mode;
[0045] If it is NVM security behavior mode, then determine whether it is external monitoring mode;
[0046] In external monitoring mode, data is collected through the NVM monitoring channel;
[0047] If not in external monitoring mode, the CV watchdog timer counts periodically.
[0048] The NVM security monitoring state machine verifies abnormal behavior.
[0049] When the channel reception is abnormal, the channel indication is destroyed, or the CV watchdog count overflows, the NVM machine performs NVM data deletion on the memory.
[0050] In some embodiments, the step "encrypting the plaintext data and storing it in the memory" specifically includes the following steps:
[0051] The encryption and decryption components encrypt plaintext data using a key, then obtain an encrypted file through bit modulation, and finally store the encrypted file in the memory.
[0052] Unlike existing technologies, the above technical solution incorporates a security behavior mode and an encryption behavior mode. In security behavior mode, if it's an external monitoring mode, data is received through a monitoring channel; otherwise, a watchdog timer performs periodic counting. The security monitoring status is verified for abnormal behavior through the monitoring channel and watchdog timer. When channel reception is abnormal, the channel indicator is destroyed, or the watchdog timer overflows, the security monitoring state machine executes a destruction action through a destruction unit. If it's not in security behavior mode but in encryption behavior mode, the encryption / decryption unit is activated. In external programming mode, plaintext data is received through a plaintext data channel; otherwise, self-programming data is generated through a self-programming unit. The encryption / decryption unit encrypts the plaintext data and stores it in memory. By using the encryption / decryption unit to encrypt and decrypt plaintext data, and by executing a destruction action when the channel reception is abnormal, the channel indicator is destroyed, or the watchdog timer overflows in security behavior mode, data leakage can be prevented, ensuring information security.
[0053] The above description of the invention is merely an overview of the technical solution of this application. In order to enable those skilled in the art to better understand the technical solution of this application and to implement it based on the description and drawings, and to make the above-mentioned objectives and other objectives, features and advantages of this application easier to understand, the following description is provided in conjunction with the specific embodiments and drawings of this application. Attached Figure Description
[0054] The accompanying drawings are only used to illustrate the principles, implementation methods, applications, features, and effects of specific embodiments of this application and other related content, and should not be considered as limitations on this application.
[0055] In the accompanying drawings of the instruction manual:
[0056] Figure 1 A schematic diagram of the security architecture of the chip described in a specific implementation embodiment;
[0057] Figure 2 This is a schematic diagram of another security architecture for the chip described in a specific implementation.
[0058] Figure 3 A schematic diagram of a framework for the encryption / decryption component described in a specific implementation;
[0059] Figure 4 This is a schematic diagram illustrating the encryption process of the encryption / decryption component described in the specific implementation embodiment;
[0060] Figure 5 This is a schematic diagram illustrating the decryption process of the encryption / decryption component described in a specific embodiment;
[0061] Figure 6 This is a schematic diagram of the bit modulation process of the encryption / decryption component described in the specific implementation embodiment;
[0062] Figure 7 A schematic diagram of the security architecture of the chip described in a specific implementation;
[0063] Figure 8 This is a schematic diagram of another framework for the security architecture of the chip described in a specific implementation.
[0064] Figure 9 This is a flowchart illustrating the security architecture execution method of the chip described in a specific implementation.
[0065] Figure 10 This is another flowchart illustrating the security architecture execution method of the chip described in a specific implementation.
[0066] The reference numerals used in the above figures are explained as follows:
[0067] 110. Power supply circuit; 111. Chip power supply; 112. Voltage converter; 120. Monitoring channel; 121. SOC monitoring channel; 122. NVM monitoring channel; 130. Watchdog timer; 131. HV watchdog timer; 132. CV watchdog timer; 140. Security monitoring state machine; 141. SOC security monitoring state machine; 142. NVM security monitoring state machine; 150. Destruction unit; 151. Monitoring high voltage; 152. NVM destruction switch; 154. SOC destruction switch; 160. Plaintext data channel; 170. Self-programming unit; 180. Encryption / decryption component; 190. Memory. Detailed Implementation
[0068] To illustrate the possible application scenarios, technical principles, implementable specific solutions, and achievable objectives and effects of this application in detail, the following description, in conjunction with the listed specific embodiments and accompanying drawings, provides a detailed explanation. The embodiments described herein are merely illustrative of the technical solutions of this application and are therefore intended to limit the scope of protection of this application.
[0069] In this document, the term "embodiment" means that a specific feature, structure, or characteristic described in connection with an embodiment may be included in at least one embodiment of this application. The term "embodiment" appearing in various places throughout the specification does not necessarily refer to the same embodiment, nor does it specifically limit its independence or connection with other embodiments. In principle, in this application, as long as there are no technical contradictions or conflicts, the technical features mentioned in each embodiment can be combined in any way to form corresponding implementable technical solutions.
[0070] Unless otherwise defined, the technical terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application pertains; the use of related terms herein is merely for the purpose of describing particular embodiments and is not intended to limit this application.
[0071] In the description of this application, the term "and / or" is used to describe the logical relationship between objects, indicating that three relationships can exist. For example, A and / or B means: A exists, B exists, and A and B exist simultaneously. Additionally, the character " / " in this document generally indicates that the preceding and following objects have an "or" logical relationship.
[0072] In this application, terms such as “first” and “second” are used only to distinguish one entity or operation from another, and do not necessarily require or imply any actual quantity, hierarchy or order relationship between these entities or operations.
[0073] Unless otherwise specified, the use of terms such as “comprising,” “including,” “having,” or other similar expressions in this application is intended to cover non-exclusive inclusion, which does not exclude the presence of additional elements in a process, method, or product that includes the stated elements, such that a process, method, or product that includes a list of elements may include not only those defined elements but also other elements not expressly listed, or elements inherent to such a process, method, or product.
[0074] Similar to the understanding in the Examination Guidelines, in this application, expressions such as "greater than," "less than," and "exceeding" are understood to exclude the stated number; expressions such as "above," "below," and "within" are understood to include the stated number. Furthermore, in the description of the embodiments in this application, "multiple" means two or more (including two), and similar expressions related to "multiple" are also understood in this way, such as "multiple groups" and "multiple times," unless otherwise explicitly specified.
[0075] In the description of the embodiments of this application, the space-related expressions used, such as "center," "longitudinal," "lateral," "length," "width," "thickness," "upper," "lower," "front," "rear," "left," "right," "vertical," "horizontal," "vertical," "top," "bottom," "inner," "outer," "clockwise," "counterclockwise," "axial," "radial," and "circumferential," indicate the orientation or positional relationship based on the orientation or positional relationship shown in the specific embodiments or drawings. They are only for the purpose of describing the specific embodiments of this application or for the reader's understanding, and do not indicate or imply that the device or component referred to must have a specific position, a specific orientation, or be constructed or operated in a specific orientation. Therefore, they should not be construed as limitations on the embodiments of this application.
[0076] Unless otherwise expressly specified or limited, the terms "installation," "connection," "linking," "fixing," and "setting," as used in the description of the embodiments of this application, should be interpreted broadly. For example, "connection" can be a fixed connection, a detachable connection, or an integral setting; it can be a mechanical connection, an electrical connection, or a communication connection; it can be a direct connection or an indirect connection through an intermediate medium; it can be the internal connection of two components or the interaction between two components. For those skilled in the art to which this application pertains, the specific meaning of the above terms in the embodiments of this application can be understood according to the specific circumstances.
[0077] Please see Figure 1 This embodiment provides a security architecture for a chip, including a power supply circuit 110, a monitoring channel 120, a watchdog timer 130, a security monitoring state machine 140, a destruction unit 150, a plaintext data channel 160, a self-programming unit 170, an encryption / decryption component 180, and a memory 190.
[0078] The power supply circuit 110 is connected to the monitoring channel 120, the security monitoring state machine 140, the plaintext data channel 160, the self-programming unit 170, the encryption / decryption component 180, and the memory 190; the power supply circuit 110 is used to supply power to the monitoring channel 120, the security monitoring state machine 140, the plaintext data channel 160, the self-programming unit 170, the encryption / decryption component 180, and the memory 190.
[0079] The security monitoring state machine 140 is connected to the monitoring channel 120 and the destruction unit 150. The destruction unit 150 is connected to the memory 190. The security monitoring state machine is used to verify abnormal behavior through the monitoring channel 120. When an abnormal channel reception or channel indication for destruction occurs, the destruction unit 150 performs a destruction action on the memory 190.
[0080] The plaintext data channel 160 and the self-programming unit 170 are connected to the encryption / decryption component 180. The encryption / decryption component 180 is connected to the memory 190. The encryption / decryption component 180 is used to encrypt the plaintext data received by the plaintext data channel 160 or the plaintext data self-programmed by the self-programming unit 170 and store it in the memory 190.
[0081] The chip includes a security behavior mode and an encryption behavior mode. When in security behavior mode, if it is an external monitoring mode, data is received through monitoring channel 120. If it is not an external monitoring mode, a watchdog timer 130 is used for timed counting. The security monitoring status is verified for abnormal behavior through monitoring channel 120 and watchdog timer 130. When the channel reception is abnormal, the channel indicator is destroyed, or the watchdog timer 130 overflows, the security monitoring state machine 140 executes a destruction action through the destruction unit 150. If it is not in security behavior mode but in encryption behavior mode, the encryption / decryption unit 180 is activated. If it is in external programming mode, plaintext data is received through plaintext data channel 160. If it is not in external programming mode, self-programming data is self-programmed through self-programming unit 170. The encryption / decryption unit 180 encrypts the plaintext data and stores it in memory 190. The encryption / decryption component 180 enables encryption and decryption of plaintext data. In the secure behavior mode, when the channel reception is abnormal, the channel indicator is destroyed, or the watchdog timer 130 overflows, a destruction action is performed to prevent data leakage and ensure information security.
[0082] Please see Figure 2 , Figure 2 The monitoring channel 120 is the internal working logic area of the chip. In some embodiments, the monitoring channel 120 includes the SOC monitoring channel 121, the security monitoring state machine 140 includes the SOC security monitoring state machine 141, and the watchdog 130 includes the HV watchdog 131; HV is the IO voltage domain.
[0083] The destruction unit 150 includes a monitoring high voltage 151 and an NVW destruction switch. The monitoring high voltage 151 is connected to the power supply port of the memory 190 through the NVW destruction switch, and the control terminal of the NVW destruction switch is connected to the SOC safety monitoring state machine 141.
[0084] The SOC monitoring channel 121 is connected to the SOC security monitoring state machine 141, and the HV watchdog 131 is connected to the SOC security monitoring state machine 141;
[0085] The SOC security monitoring state machine 141 is used to control the NVW destruction switch to be turned on when abnormal behavior is verified through the SOC monitoring channel 121, when channel reception is abnormal or channel indication is destroyed, or when the HV watchdog 131 timer overflows, so that the monitoring high voltage 151 destroys the memory 190.
[0086] The chip's security behavior mode includes a SOC security behavior mode. When the chip is in SOC security behavior mode, if it is in external monitoring mode, data is received through SOC monitoring channel 121. If it is not in external monitoring mode, timed counting is performed through HV watchdog 131. The SOC security monitoring status is checked for abnormal behavior. When a channel reception abnormality occurs or the channel indicator is destroyed, or when the HV watchdog 131 timer overflows, the NVW destruction switch is controlled to be turned on, so that the monitoring high voltage 151 destroys the memory 190, ensuring that the data stored in the memory 190 is not leaked.
[0087] Please see Figure 2 In some embodiments, a voltage converter 112 is also included, and the destruction unit 150 further includes a SOC destruction switch 154; the power supply circuit 110 may include the voltage converter 112.
[0088] The power supply circuit 110 includes a chip power supply 111 connected to one end of the plaintext data channel 160, the self-programming unit 170, the encryption / decryption unit 180, the memory 190, and the SOC destruction switch 154 via the voltage converter 112.
[0089] The other end of the SOC destruction switch 154 is grounded;
[0090] The SOC security monitoring state machine 141 is also used to control the SOC destruction switch 154 to turn on and destroy the voltage converter 112 when a channel reception abnormality occurs, a channel indication is destroyed, or the HV watchdog 131 timer overflows.
[0091] By directly powering the SOC monitoring channel 121, HV watchdog 131, and SOC security monitoring state machine 141 through the power supply circuit 110, while other components are powered by the power supply circuit 110 through the voltage converter 112; when in SOC security behavior mode, when the SOC security monitoring state machine 141 verifies abnormal behavior, when a channel reception abnormality occurs or the channel indication is destroyed, or when the HV watchdog 131 timer overflows, the SOC destruction switch 154 is controlled, causing the voltage converter 112 to burn out, further preventing data leakage.
[0092] Please see Figure 2 In some embodiments, the monitoring channel 120 includes an NVM monitoring channel 122, the security monitoring state machine 140 includes an NVM security monitoring state machine 142, and the watchdog 130 further includes a CV watchdog 132; CV is the core voltage domain.
[0093] The NVM monitoring channel 122 is connected to the NVM security monitoring state machine 142, and the CV watchdog 132 is connected to the NVM security monitoring state machine 142;
[0094] The NVM security monitoring state machine 142 is connected to the data port of the memory 190; the NVM security monitoring state machine 142 is used to perform NVM data deletion on the memory 190 when abnormal behavior is verified through the NVM monitoring channel 122, when channel reception is abnormal or channel indication is destroyed, or when the CV watchdog 132 timer overflows.
[0095] The chip's security behavior mode also includes an NVM security behavior mode. When the chip is in NVM security behavior mode, if it is in external monitoring mode, data is received through NVM monitoring channel 122. If it is not in external monitoring mode, the CV watchdog 132 starts timing and counting, and the NVM security monitoring state machine 142 verifies abnormal behavior. When a channel reception abnormality occurs or the channel indication is destroyed, or when the CV watchdog 132 timer overflows, NVM data deletion is performed on the memory 190 to avoid data leakage of the memory 190.
[0096] In some embodiments, the encryption / decryption unit 180 is used to encrypt the received plaintext data using a key, then obtain an encrypted file through bit modulation, and store it in the memory 190.
[0097] Please see Figure 3 The encryption / decryption component 180 includes a key, bitwise encryption, bitwise decryption, an algorithm, bitwise modulation, and bitwise demodulation. Wherein: the bit width of the plaintext data is K, and the key bit width is also K; the encryption and decryption processes are implemented using bitwise operations; for example... Figure 4 The encryption and decryption process shown is as follows: Figure 5 The encryption / decryption process is as follows: For example, 8-bit plaintext or encrypted data is XORed, where D is the plaintext, SK represents the key, and E is the ciphertext. Bit modulation occurs after the bitwise encryption, using 0-K bit modulation. For example... Figure 6 The bit-matching modulation process shown involves swapping D7 and D0, D6 and D1, D5 and D2, and D4 and D3.
[0098] In some embodiments, memory 190 is a non-volatile memory 190.
[0099] Please see Figure 2In some embodiments, a security architecture chip includes a power supply, a SOC monitoring channel 121, an HV watchdog 131, a SOC security monitoring state machine 141, a voltage converter 112, a SOC destruction switch 154, an NVM destruction switch 152, a monitoring high voltage 151, a plaintext data channel 160, a self-programming unit 170, an encryption / decryption unit 180, an NVM monitoring channel 122, a CV watchdog 132, an NVM security monitoring state machine 142, and a non-volatile memory 190.
[0100] in:
[0101] SOC monitoring channel 121, HV watchdog 131, and SOC security monitoring state machine 141 are powered by power supply circuit 110; NVM destruction switch 152 is powered by monitoring high voltage 151; others are powered by voltage converter 112.
[0102] The non-volatile memory 190 includes a power supply port and a data port. The NVM destroy switch 152 operates on the power supply port, and the encryption / decryption unit 180 and the NVM security monitoring state machine 142 operate on the data port.
[0103] When the SOC security monitoring state machine issues a destruction command, it will simultaneously turn on the NVM destruction switch 152 and the SOC destruction switch 154. After the NVM destruction switch 152 is turned on, the non-volatile memory 190 will be destroyed; after the SOC destruction switch 154 is turned on, the voltage converter 112 will be destroyed.
[0104] like Figure 7-8 As shown, the chip's security architecture consists of three parts: NVM encryption behavior mode, NVM security behavior mode, and SOC security behavior mode. The NVM encryption behavior mode includes two types: external programming mode and self-programming mode. The NVM security behavior mode includes two types: external monitoring mode (channel monitoring) and internal monitoring mode (watchdog 130 monitoring). The SOC security behavior mode includes two types: external monitoring mode (channel monitoring) and internal monitoring mode (watchdog 130 monitoring).
[0105] Please see Figure 9 A method for implementing a secure architecture for a chip, applied to the secure architecture of the chip in the above embodiments, includes the following steps:
[0106] Step S910: Determine whether the chip is currently in a safe behavior mode;
[0107] If it is a safe behavior mode, then proceed to step S920: determine whether it is an external monitoring mode;
[0108] If it is in external monitoring mode, then execute step S931: collect data through the monitoring channel;
[0109] If it is not in external monitoring mode, then execute step S932: watchdog timer counting;
[0110] Step S940: The safety monitoring state machine verifies abnormal behavior;
[0111] Step S950: When the channel reception is abnormal, the channel indication is destroyed, or the watchdog counter overflows, the security monitoring state machine performs a destruction action.
[0112] If the chip is not currently in secure behavior mode, then step S960 is executed: determine whether it is in encrypted behavior mode;
[0113] If it is in encryption mode, then execute step S970: start the encryption / decryption unit and determine whether it is in external programming mode;
[0114] If it is an external programming mode, then execute step S981: receive plaintext data through the plaintext data channel;
[0115] If it is not in external programming mode, then proceed to step S982: self-programming plaintext data;
[0116] Step S990: The encryption / decryption unit encrypts the plaintext data and then stores it in the memory;
[0117] If not in encrypted behavior mode, proceed to step S9100: execute in insecure mode.
[0118] The chip includes a security behavior mode and an encryption behavior mode. In security behavior mode, if it's an external monitoring mode, data is received through a monitoring channel; otherwise, a watchdog timer performs periodic counting. The security monitoring status is verified for abnormal behavior through the monitoring channel and watchdog timer. When a channel reception error occurs, the channel indicator is destroyed, or the watchdog timer overflows, the security monitoring state machine executes a destruction action through the destruction unit. If it's not in security behavior mode but in encryption behavior mode, the encryption / decryption unit is activated. If it's in external programming mode, plaintext data is received through a plaintext data channel; otherwise, it's programmed using a self-programming unit. The encryption / decryption unit encrypts the plaintext data and stores it in memory. The encryption / decryption unit enables encryption and decryption of plaintext data. Furthermore, in security behavior mode, the destruction action in case of channel reception error, channel indicator destruction, or watchdog timer overflow prevents data leakage and ensures information security.
[0119] In some embodiments, the step "determine whether the chip is currently in a security behavior mode; if it is in a security behavior mode, determine whether it is in an external monitoring mode; if it is in an external monitoring mode, collect data through the monitoring channel; if it is not in an external monitoring mode, the watchdog timer counts; the security monitoring state machine verifies abnormal behavior; when the channel collection is abnormal, the channel indication is destroyed, or the watchdog count overflows, the security monitoring state machine performs a destruction action" specifically includes the following steps:
[0120] Determine whether the chip is currently in SOC security behavior mode;
[0121] If it is in SOC security behavior mode, then determine whether it is in external monitoring mode;
[0122] In external monitoring mode, data is collected through the SOC monitoring channel;
[0123] If not in external monitoring mode, the HV watchdog timer counts periodically.
[0124] The SOC security monitoring state machine verifies abnormal behavior.
[0125] When the channel reception is abnormal, the channel indicator is destroyed, or the HV watchdog count overflows, the SOC security monitoring state machine controls the NVW destruction switch to turn on, so as to monitor the high voltage destruction of the memory.
[0126] The chip's security behavior mode includes a SOC security behavior mode. When the chip is in SOC security behavior mode, if it is in external monitoring mode, it receives data through the SOC monitoring channel. If it is not in external monitoring mode, it uses the HV watchdog timer for timing and counting. The SOC security monitoring status verifies abnormal behavior. When a channel reception abnormality occurs, the channel indicator is destroyed, or the HV watchdog timer overflows, the NVW destruction switch is turned on to monitor the high voltage and destroy the memory, ensuring that the data stored in the memory is not leaked.
[0127] In some embodiments, the following steps are also included:
[0128] When the channel reception is abnormal, the channel indicator is destroyed, or the HV watchdog count overflows, the SOC security monitoring state machine controls the SOC destruction switch to turn on, destroying the voltage converter.
[0129] By directly powering the SOC monitoring channel, HV watchdog, and SOC security monitoring state machine through the power supply circuit, while other components are powered by the power supply circuit through a voltage converter; when in SOC security behavior mode, when the SOC security monitoring state machine verifies abnormal behavior, when a channel reception abnormality occurs or the channel indication is destroyed, or when the HV watchdog timer overflows, the SOC destruction switch is controlled, causing the voltage converter to burn out, further preventing data leakage.
[0130] In some embodiments, the step "determine whether the chip is currently in a security behavior mode; if it is in a security behavior mode, determine whether it is in an external monitoring mode; if it is in an external monitoring mode, collect data through the monitoring channel; if it is not in an external monitoring mode, the watchdog timer counts; the security monitoring state machine verifies abnormal behavior; when the channel collection is abnormal, the channel indication is destroyed, or the watchdog count overflows, the security monitoring state machine performs a destruction action" specifically includes the following steps:
[0131] Determine if the chip is currently in NVM safe behavior mode;
[0132] If it is NVM security behavior mode, then determine whether it is external monitoring mode;
[0133] In external monitoring mode, data is collected through the NVM monitoring channel;
[0134] If not in external monitoring mode, the CV watchdog timer counts periodically.
[0135] The NVM security monitoring state machine verifies abnormal behavior.
[0136] When the channel reception is abnormal, the channel indication is destroyed, or the CV watchdog count overflows, the NVM machine performs NVM data deletion on the memory.
[0137] The chip's security behavior mode also includes an NVM security behavior mode. When the chip is in NVM security behavior mode, if it is in external monitoring mode, data is received through the NVM monitoring channel. If it is not in external monitoring mode, the CV watchdog starts timing and counting, and the NVM security monitoring state machine verifies abnormal behavior. When a channel reception abnormality occurs, the channel indicator is destroyed, or the CV watchdog timer overflows, NVM data deletion is performed on the memory to avoid data leakage in the memory.
[0138] In some embodiments, the step "encrypting the plaintext data and storing it in the memory" specifically includes the following steps:
[0139] The encryption and decryption components encrypt plaintext data using a key, then obtain an encrypted file through bit modulation, and finally store the encrypted file in the memory.
[0140] The encryption / decryption components include a key, bitwise encryption, bitwise decryption, an algorithm, bitwise modulation, and bitwise demodulation. Specifically: if the plaintext data has a bit width of K, then the key bit width is also K. Encryption and decryption are implemented using bitwise operations; for example, 8-bit plaintext or encrypted data uses an XOR operation. Bitwise modulation occurs after bitwise encryption, using 0-K bitwise modulation.
[0141] Please see Figure 10 In some embodiments, a chip security architecture implementation method includes the following steps:
[0142] S01: Start;
[0143] S02: Determine if it is in SOC security behavior mode; if yes, proceed to S03; otherwise, proceed to S10.
[0144] S03: Determine if it is in external monitoring mode; if yes, proceed to S04; otherwise, proceed to S06.
[0145] S04: Data is collected through the SOC monitoring channel;
[0146] S05: Until an anomaly is received or the channel indication is destroyed;
[0147] S06:HV Watchdog Timer Counting;
[0148] S07:HV Watchdog Overflow;
[0149] S08: Verify abnormal behavior, including: abnormal channel reception, destruction of channel indication, and HV watchdog overflow.
[0150] S09: Execution circuit destruction, i.e., SOC destruction, including voltage converter destruction and memory destruction;
[0151] S10: Determine if it is the NVM security behavior mode; if yes, proceed to S11; otherwise, proceed to S18.
[0152] S11: Determine if it is in external monitoring mode; if yes, proceed to S12; otherwise, proceed to S14.
[0153] S12: NVM monitoring channel receives data;
[0154] S13: Until an anomaly is received or the channel indication is destroyed;
[0155] S14: CV watchdog timer count;
[0156] S15: CV watchdog overflow;
[0157] S16: Verify abnormal behavior, including three behaviors: abnormal channel reception, destruction of channel indication, and overflow of CV watchdog.
[0158] S17: Perform NVM data deletion;
[0159] S18: Determine if it is NVM encryption behavior mode; if yes, proceed to S19; otherwise, proceed to S24.
[0160] S19: Activate encryption / decryption components;
[0161] S20: Determine if it is an external programming mode; if yes, proceed to S21; otherwise, proceed to S22.
[0162] S21: Plaintext data channel receives plaintext;
[0163] S22: The self-programming unit performs self-programming plaintext;
[0164] S23: The encryption / decryption unit performs data encryption and writes it to non-volatile memory;
[0165] S24: Disable encryption / decryption components and execute in insecure mode.
[0166] Finally, it should be noted that although the above embodiments have been described in the text and drawings of this application, this should not limit the scope of patent protection of this application. Any technical solutions that are based on the essential concept of this application and utilize the content described in the text and drawings of this application, resulting in equivalent structural or procedural substitutions or modifications, as well as the direct or indirect application of the technical solutions of the above embodiments to other related technical fields, are all included within the scope of patent protection of this application.
Claims
1. A method for executing a secure architecture for a chip, characterized in that, Includes the following steps: Determine whether the chip is currently in a safe behavior mode; If it is a security behavior mode, then determine whether it is an external monitoring mode; In external monitoring mode, data is collected through the monitoring channel; If not in external monitoring mode, the watchdog timer counts periodically; The safety monitoring state machine verifies abnormal behavior. When the channel reception is abnormal, the channel indication is destroyed, or the watchdog counter overflows, the security monitoring state machine will perform a destruction action. If the chip is not currently in secure behavior mode, then determine whether it is in encrypted behavior mode. If it is in encryption mode, then the encryption / decryption components are activated, and it is determined whether it is in external programming mode; If it is in external programming mode, plaintext data is received through the plaintext data channel; If not in external programming mode, then program plaintext data yourself; The encryption / decryption unit encrypts the plaintext data and stores it in the memory; If not in encrypted mode, then execute in insecure mode.
2. The chip security architecture execution method according to claim 1, characterized in that, The steps described are: "Determine if the chip is currently in a secure behavior mode; if in a secure behavior mode, determine if it is in an external monitoring mode; if in an external monitoring mode, collect data through the monitoring channel; if not in an external monitoring mode, the watchdog timer counts; the security monitoring state machine verifies abnormal behavior; when the channel collection is abnormal, the channel indication is destroyed, or the watchdog count overflows, the security monitoring state machine performs a destruction action." Specifically, these steps include: Determine whether the chip is currently in SOC security behavior mode; If it is in SOC security behavior mode, then determine whether it is in external monitoring mode; In external monitoring mode, data is collected through the SOC monitoring channel; If not in external monitoring mode, the HV watchdog timer counts periodically. The SOC security monitoring state machine verifies abnormal behavior. When the channel reception is abnormal, the channel indicator is destroyed, or the HV watchdog count overflows, the SOC security monitoring state machine controls the NVW destruction switch to turn on, so as to monitor the high voltage destruction of the memory.
3. The chip security architecture execution method according to claim 2, characterized in that, It also includes the following steps: When the channel reception is abnormal, the channel indicator is destroyed, or the HV watchdog count overflows, the SOC security monitoring state machine controls the SOC destruction switch to turn on, destroying the voltage converter.
4. The secure architecture execution method for the chip according to claim 1, characterized in that, The steps described are: "Determine if the chip is currently in a secure behavior mode; if in a secure behavior mode, determine if it is in an external monitoring mode; if in an external monitoring mode, collect data through the monitoring channel; if not in an external monitoring mode, the watchdog timer counts; the security monitoring state machine verifies abnormal behavior; when the channel collection is abnormal, the channel indication is destroyed, or the watchdog count overflows, the security monitoring state machine performs a destruction action." Specifically, these steps include: Determine if the chip is currently in NVM safe behavior mode; If it is NVM security behavior mode, then determine whether it is external monitoring mode; In external monitoring mode, data is collected through the NVM monitoring channel; If not in external monitoring mode, the CV watchdog timer counts periodically. The NVM security monitoring state machine verifies abnormal behavior. When the channel reception is abnormal, the channel indication is destroyed, or the CV watchdog count overflows, the NVM machine performs NVM data deletion on the memory.
5. The chip security architecture execution method according to claim 1, characterized in that, The step "encrypting the plaintext data and storing it in the memory" specifically includes the following steps: The encryption and decryption components encrypt plaintext data using a key, then obtain an encrypted file through bit modulation, and finally store the encrypted file in the memory.
6. A security architecture for a chip, characterized in that, The security architecture execution method for the chip as described in any one of claims 1-5 includes a power supply circuit, a monitoring channel, a watchdog timer, a security monitoring state machine, a destruction unit, a plaintext data channel, a self-programming unit, an encryption / decryption component, and a memory. The power supply circuit is connected to the monitoring channel, the security monitoring state machine, the plaintext data channel, the self-programming unit, the encryption / decryption component, and the memory; the power supply circuit is used to supply power to the monitoring channel, the security monitoring state machine, the plaintext data channel, the self-programming unit, the encryption / decryption component, and the memory. The security monitoring state machine is connected to the monitoring channel and the destruction unit. The destruction unit is connected to the memory. The security monitoring state machine is used to verify abnormal behavior through the monitoring channel. When an abnormal channel reception or channel indication for destruction occurs, the destruction unit performs a destruction action on the memory. The plaintext data channel and the self-programming unit are connected to the encryption / decryption component, which is connected to the memory. The encryption / decryption component is used to encrypt the plaintext data received by the plaintext data channel or the plaintext data programmed by the self-programming unit and store it in the memory.
7. The security architecture of the chip according to claim 6, characterized in that, The monitoring channel includes a SOC monitoring channel, the security monitoring state machine includes a SOC security monitoring state machine, and the watchdog includes an HV watchdog. The destruction unit includes a monitoring high voltage and an NVW destruction switch. The monitoring high voltage is connected to the power supply port of the memory through the NVW destruction switch, and the control terminal of the NVW destruction switch is connected to the SOC security monitoring state machine. The SOC monitoring channel is connected to the SOC security monitoring state machine, and the HV watchdog is connected to the SOC security monitoring state machine; The SOC security monitoring state machine is used to control the NVW destruction switch to be turned on when abnormal behavior is verified through the SOC monitoring channel, when channel reception is abnormal or channel indication is destroyed, or when the HV watchdog timer overflows, so as to monitor the high voltage destruction of the memory.
8. The security architecture of the chip according to claim 7, characterized in that, It also includes a voltage converter, and the destruction unit further includes a SOC destruction switch; The power supply circuit includes a chip power supply that is connected to one end of the plaintext data channel, the self-programming unit, the encryption / decryption component, the memory, and the SOC destruction switch via the voltage converter. The other end of the SOC destruction switch is grounded; The aforementioned SOC security monitoring state machine is also used to control the SOC destruction switch to turn on and destroy the voltage converter when a channel reception anomaly occurs, a channel indication is destroyed, or the HV watchdog timer overflows.
9. The security architecture of the chip according to claim 6, characterized in that, The monitoring channel includes an NVM monitoring channel, the security monitoring state machine includes an NVM security monitoring state machine, and the watchdog also includes a CV watchdog. The NVM monitoring channel is connected to the NVM security monitoring state machine, and the CV watchdog is connected to the NVM security monitoring state machine; The NVM security monitoring state machine is connected to the data port of the memory; the NVM security monitoring state machine is used to perform NVM data deletion on the memory when abnormal behavior is verified through the NVM monitoring channel, when channel reception is abnormal or channel indication is destroyed, or when the CV watchdog timer overflows.
10. The security architecture of the chip according to claim 6, characterized in that, The encryption / decryption unit is used to encrypt the received plaintext data using a key, then obtain an encrypted file through bit modulation, and store it in the memory.