A mobile phone mainboard data encryption security protection system
By building a full-link security protection system on the mobile phone motherboard, using physically unclonable functional modules to generate the device's native entropy value, and combining key derivation and hardware binding verification, the problems of insecure root key storage and weak device binding are solved, thereby improving the security protection capabilities of the mobile phone motherboard.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- SHENZHEN ALONG COMM TECH CO LTD
- Filing Date
- 2026-02-27
- Publication Date
- 2026-06-05
AI Technical Summary
In existing technologies, the root key storage of mobile phone motherboard data is insecure and easily extracted by physical detection or software. The protection scheme is not firmly bound to the device hardware and can be easily bypassed by firmware cloning, rendering the encryption protection ineffective.
The device's native entropy value is generated using a physically unclonable functional module. Combined with a security key derivation module, a dynamic key management module, and a hardware binding verification module, a full-link security protection system is constructed. The root key is generated through a key derivation function, and dynamic key management and hardware binding verification are implemented to ensure that the encryption engine is deeply bound to the device.
It achieves secure storage of the root key and deep binding with the device hardware, preventing the key from being physically probed or extracted by software, enhancing the defense against firmware cloning attacks, limiting the impact of key leakage, and improving the overall security protection of the mobile phone motherboard.
Smart Images

Figure CN122153977A_ABST
Abstract
Description
Technical Field
[0001] This invention belongs to the field of data security and encryption technology, and specifically relates to a security protection system for encrypting mobile phone motherboard data. Background Technology
[0002] In the field of mobile communication and smart terminal technology, data security and privacy protection are of paramount importance. As smartphones increasingly carry more personal information, financial data, and trade secrets, encrypting and protecting sensitive data on the phone's motherboard hardware and storage has become a key technological aspect of ensuring the overall security of the device.
[0003] Hardware-level security systems for mobile phone motherboard data aim to protect critical data stored in non-volatile memory such as flash memory through encryption, preventing unauthorized access or malicious theft. These systems typically rely on a root key for data encryption and decryption.
[0004] In existing technologies, root keys used for data encryption are often stored statically in general-purpose storage media such as flash memory. This storage method exposes them to various attack methods, including physical probing and software extraction, posing security risks. Current protection schemes lack sufficient binding capability for device uniqueness, relying primarily on software-level digital certificates for authentication. This makes it difficult to effectively prevent attackers from cloning the entire firmware containing the key to another hardware device, thus bypassing software-based protection mechanisms. These security vulnerabilities render the encryption protection of the mobile phone motherboard ineffective against targeted physical or advanced software attacks, posing a significant risk of theft of critical user data. An enhanced security protection scheme is needed that can achieve secure root key storage and deep binding with device hardware. Summary of the Invention
[0005] The purpose of this invention is to provide a secure protection system for encrypting mobile phone motherboard data, in order to solve the problems in the prior art where root key storage is insecure and easily extracted by physical detection or software, and the protection scheme is not firmly bound to the device hardware and is easily bypassed by firmware cloning.
[0006] This invention provides a security protection system for encrypting mobile phone motherboard data, comprising: The physically unclonable functional module is integrated into the system-on-a-chip on the mobile phone motherboard. It is used to generate and output the device's native entropy value based on the physical differences introduced during the chip manufacturing process. The security key derivation module is electrically connected to the physically unclonable functional module and is used to receive the device's native entropy value and generate a root key based on the device's native entropy value through a key derivation function. The dynamic key management module, which is communicatively connected to the security key derivation module, is used to manage the lifecycle of the working key required for data encryption. The hardware binding verification module works in conjunction with the physical non-clonable function module to perform real-time verification of device legitimacy each time a data access request is initiated. The encryption engine module, integrated within the system-on-a-chip, is an independent hardware encryption coprocessor that is directly connected to the dynamic key management module and the hardware binding verification module to perform high-speed encryption and decryption operations.
[0007] Preferably, the physically unclonable functional module includes an excitation response circuit array composed of a large number of ring oscillator units. When a start command is received, the physically unclonable functional module applies a standard voltage excitation to the excitation response circuit array, synchronously collects the oscillation counts of all ring oscillator units within a preset sampling period, and concatenates and hashes the collected oscillation count sequence to generate the device's native entropy value.
[0008] Preferably, the key derivation function adopts a hash-based message authentication code algorithm. The input parameters include the device's native entropy value, the salt value fixed by the system, and the iteration count parameter. The security key derivation module executes the message authentication code algorithm and outputs the root key with a length of 256 bits after a specified number of iterations. After the root key is generated, it exists only in the volatile static random access memory of the system-on-a-chip, and this volatile static random access memory area is marked as a secure area by the hardware access control unit.
[0009] Preferably, the dynamic key management module includes a key hierarchy structure and a rotation mechanism. The key hierarchy structure defines the root key as a level 0 key, which is only used to derive the level 1 storage master key. The storage master key is a level 1 key, which is used to encrypt and protect the level 2 data encryption key. The data encryption key is a level 2 key, which is directly used to perform symmetric encryption operations on user data. The rotation mechanism stipulates that the validity period of the data encryption key is one encryption / decryption session, and it is destroyed immediately after each encryption or decryption operation is completed. The validity period of the storage master key is synchronized with the device power-on cycle.
[0010] Preferably, the verification process of the hardware binding verification module includes a challenge generation step, a response calculation step, and a comparison verification step. In the challenge generation step, the hardware binding verification module generates a random number as a challenge code. In the response calculation step, the hardware binding verification module sends the challenge code to the physical non-cloning function module. The physical non-cloning function module combines the challenge code with the device's native entropy value and generates a dynamic response code through hash operation again. In the comparison verification step, the hardware binding verification module compares the received dynamic response code with a pre-generated reference response code.
[0011] Preferably, the operation of the encryption engine module is directly controlled by the verification result output by the hardware binding verification module. The encryption engine module is enabled only when the hardware binding verification module outputs a verification pass signal, and receives the currently valid data encryption key provided by the dynamic key management module to decrypt the ciphertext data from the flash memory, or encrypt the plaintext data from the application processor and write it to the flash memory.
[0012] Preferably, the security key derivation module sends two start commands to the physical unclonable function module each time it derives the root key, collects two sets of the device's native entropy values, and performs an XOR operation on these two sets of entropy values as the final entropy source input.
[0013] Preferably, in the key hierarchy structure of the dynamic key management module, the process of deriving the storage master key from the root key introduces a binding factor associated with the device serial number. The device serial number is a globally unique identifier burned into the fuse array of the system-on-a-chip. The binding factor is obtained by hashing the device serial number. When the security key derivation module calculates the storage master key, it uses the binding factor as an additional input parameter of the key derivation function.
[0014] Preferably, the challenge response protocol of the hardware binding verification module adopts an anti-replay attack design. The hardware binding verification module internally maintains a monotonically increasing counter. The value of the counter is automatically incremented by 1 each time the challenge code is generated, and the current value of the counter is used as part of the challenge code. In the comparison and verification step, the hardware binding verification module will simultaneously verify the logical continuity between the historical counter value contained in the initial challenge code obtained from the decryption of the protected partition and the current counter value.
[0015] Preferably, an encrypted data path is provided between the encryption engine module and the flash memory controller of the mobile phone motherboard. The encrypted data path is a physically isolated bus used to transmit ciphertext data, while the plaintext data path connects the encryption engine module and the application processor. The encryption engine module includes a direct memory access controller, which is configured to directly obtain the ciphertext block through the encryption data path when performing the operation of reading ciphertext from flash memory and decrypting it, and to directly write the decrypted plaintext into a designated secure buffer in the system memory through the plaintext data path.
[0016] Compared with the prior art, the beneficial effects of the present invention are as follows: 1. This invention eliminates the risk of storing keys statically in general-purpose flash memory by using a physically unclonable functional module to generate the device's native entropy source and derive the root key from it. The root key is generated based on the inherent, unclonable physical randomness of the chip manufacturing process and exists only in volatile memory, making it impossible for attackers to obtain the key by physically probing the flash memory or analyzing the firmware image, thus achieving inherent security in key storage.
[0017] 2. This invention constructs a dynamic challenge response mechanism based on the uniqueness of device hardware through a hardware-bound verification module, and forcibly associates the encryption engine's enablement with it. This ensures that the encryption function is deeply bound to the specific mobile phone motherboard hardware. Even if an attacker clones the entire flash memory firmware, the physical unclonable nature of the system-on-a-chip's internal structure prevents dynamic verification from passing on new hardware, causing the encryption engine to lock. This defends against firmware cloning attacks and enhances the system's anti-portability capabilities.
[0018] 3. This invention achieves hierarchical key management and session-level rotation through a dynamic key management module. The root key is only used to derive higher-level keys, and the working key has a short lifespan and changes dynamically. This design limits the scope of damage that a single key leak could cause, minimizing the attack surface. Combined with a verification protocol resistant to replay attacks and physically isolated encrypted data paths, a full-link, multi-layered security protection system is constructed, encompassing key generation, storage, use, and verification, thereby improving the overall security strength and reliability of the mobile phone motherboard against complex physical and software attacks. Attached Figure Description
[0019] Figure 1 This is a schematic diagram of the overall technical solution architecture of the present invention; Figure 2 This is a schematic diagram of the core principle framework of hardware binding verification based on physical unclonable functionality and dynamic challenge response in this invention; Figure 3 This is a logical flowchart of the hierarchical derivation and dynamic management of security keys in this invention; Figure 4 This is a schematic diagram illustrating the controlled data flow and interaction relationship between the encryption engine and other key modules of the system in this invention; Figure 5 This is a schematic diagram of the state transition and control logic of the hierarchical security state machine in this invention. Detailed Implementation
[0020] Example 1: The present invention provides a security protection system for encrypting mobile phone motherboard data, the overall architecture of which is shown in the attached figure. Figure 1As shown, this system uses a system-on-a-chip integrated into the mobile phone's motherboard as its core, comprising a physically unclonable functional module, a secure key derivation module, a dynamic key management module, a hardware binding verification module, and an encryption engine module. This constructs a full-link security mechanism from key generation, storage, and use to device legitimacy verification. The modules communicate with each other via a dedicated internal bus and security control signals, ensuring that all sensitive operations are completed within a controlled hardware environment and preventing unauthorized external access.
[0021] The physically unclonable functional module, serving as the entropy source foundation of the entire security system, is fully integrated within the silicon-based structure of the system-on-a-chip. This physically unclonable functional module includes an excitation-response circuit array, which consists of no fewer than 1024 micrometer- or nanometer-sized ring oscillator units. Each ring oscillator unit forms a closed loop by connecting an odd number of inverters end-to-end, and its oscillation frequency is determined by uncontrollable physical factors introduced during the manufacturing process, such as transistor threshold voltage deviations, differences in metal interconnect resistance, and fluctuations in local doping concentration.
[0022] Because these microscopic differences are solidified during wafer fabrication and cannot be precisely replicated, each ring oscillator unit exhibits unique oscillation characteristics under the same operating conditions. To enhance the sensitivity of the entropy source to environmental disturbances, the excitation-response circuit array employs a non-uniform layout strategy: in the core logic region of the chip, the density of ring oscillator units is set to no less than 80 per square millimeter; while in the chip edge region, the density is reduced to no more than 30 per square millimeter. This design makes the units in the core region more sensitive to temperature gradients and power supply noise, thereby generating richer dynamic response differences under different operating conditions and enhancing the randomness of the entropy source.
[0023] After the security key derivation module issues a start command, the physically unclonable function module applies a standard voltage excitation to the entire excitation response circuit array. This standard voltage has an amplitude of 1.2 volts and a duration of 100 microseconds. During this period, a high-precision counter inside the module synchronously collects the number of oscillations of each ring oscillator unit within a preset sampling period. The sampling period is set to 50 microseconds, which is sufficient to cover the statistical distribution range of oscillation frequencies under typical process variations. After the collection is completed, all oscillation counts are concatenated into an original bit sequence in unit number order, with a length of 1024 × 16 bits.
[0024] The original sequence is input into a hash unit conforming to the SHA-384 standard, and after a single hash operation, a 384-bit intermediate entropy value is output. To eliminate the influence of transient electromagnetic interference or thermal noise that may occur during a single sampling, the physically unclonable module performs two independent acquisition and hashing processes in each key derivation request, obtaining the first intermediate entropy value for each process. With the second intermediate entropy value The final device native entropy value. By and This is obtained by performing a bit-by-bit XOR operation, i.e.: ; This XOR operation effectively cancels out common-mode noise that may exist between the two samples, while preserving the inherent differences determined by the physical non-cloning property, thus outputting a device native entropy value with high signal-to-noise ratio and high randomness. This device native entropy value is only temporarily stored in a temporary register inside the physical non-cloning functional module and is not exposed externally or written to any non-volatile storage medium.
[0025] The secure key derivation module and the physically unclonable functional module are electrically connected via a dedicated secure channel inside the chip, and are used to receive the native entropy value of the aforementioned device. The core function of this security key derivation module is based on... Combined with other fixed parameters, a 256-bit root key is generated through a key derivation function. The key derivation function employs a hash-based message authentication code (HMAC) structure, and its implementation follows the PBKDF2 algorithm framework defined in RFC 2898. Input parameters include: the master key material is the device's native entropy value. (384 bits), salt value A fixed string, 128 bits long, is burned into the system-on-a-chip read-only memory region during the chip manufacturing stage; iteration count parameter. Hardcoded to be calculated 10,000 times, this salt value has undergone security assessment and can be calculated within a reasonable time while effectively resisting brute-force attacks. The key derivation process can be described as follows: ; HMAC-SHA256, as a pseudo-random function, is used for... and After 10,000 rounds of iterative mixing, the first 256 bits are selected as the root key. After generation It is immediately loaded into a dedicated volatile static random access memory (SRAM) region inside the system-on-a-chip. This dedicated SRAM region is strictly protected by a hardware access control unit: the address space is marked as a "secure domain," and any read / write requests from the application processor, debug interface, direct memory access controller, or general-purpose peripherals are automatically rejected.
[0026] Only the security key derivation module, dynamic key management module, and hardware binding verification module, authorized by a specific security state machine, can access this dedicated volatile static random access memory area via the internal security bus. This dedicated volatile static random access memory area has a power-off self-destruct feature—once the system-on-a-chip supply voltage is detected to be less than 0.8 volts, or a fault lockout status signal is received, the stored content will be cleared within 10 nanoseconds.
[0027] The dynamic key management module is responsible for building and maintaining a three-tiered key hierarchy, as shown in the attached diagram. Figure 3 As shown. This three-layer key hierarchy defines the root key. This is a level 0 key, used only to derive the level 1 storage master key. ; Data encryption key used for encryption protection layer 2 ; This key is then directly used to perform symmetric encryption operations on user data. This layered design achieves isolation of key usage and risk. During each cold start of the device, the dynamic key management module first sends a command to the security key derivation module, triggering a new round of root key generation process.
[0028] Module Startup The derivation process. This process not only uses As part of the master key material, a binding factor that is deeply bound to the unique identifier of the device hardware is also introduced. Device serial number This is a globally unique 64-bit identifier, programmed into the fuse array of the system-on-a-chip and cannot be modified. (Binding factor) Through the Obtained by performing a SHA-256 hash operation, i.e. In derivatives At that time, the security key derivation module will As an additional input parameter, with They jointly participate in HMAC operations, specifically in the form of , A fixed context label is used to distinguish derived keys for different purposes. This mechanism ensures that even if two devices happen to have similar physical entropy sources, the derived keys will still be distinguishable. Still because They are different and completely different, thus strengthening the binding strength between the key and the device.
[0029] Data encryption key The lifecycle is strictly limited to a single encryption / decryption session. Each time the application processor initiates a data read / write request, the dynamic key management module generates a new 128-bit key. . The generation uses the output of a True Random Number Generator (TRNG) and is used immediately. It is encrypted using AES-256, and the encrypted key... The data is temporarily stored in secure memory. After the encryption engine module completes the encryption / decryption operation, regardless of success or failure, the dynamic key management module immediately executes... The destruction process: First, clear the plaintext. Rewrite The storage location is determined, and the relevant memory pointer is released. The validity period is synchronized with the device's power-on cycle—remaining valid during normal device operation, but discarded and re-derived upon the next cold start. This session-level rotation mechanism ensures that even if an attacker gains access to a particular device through a side-channel attack, they can still benefit from this. It also cannot be used to decrypt historical or future data, thus compressing the window of danger of key leakage.
[0030] The hardware binding verification module is attached. Figure 2 As shown, the hardware legitimacy of the current device is verified before each data access. This hardware binding verification module runs on top of a challenge-response protocol to resist replay attacks. When the protocol starts, a 64-bit monotonically increasing counter inside the module... Automatically increments by 1, initial value is 0. Challenge code From the current counter value With 32-bit true random numbers It is pieced together, that is This design ensures that each challenge code is globally unique and has a strict time sequence. It is sent to the Physically Unclonable Functional Module, which combines it with the device's native entropy value E (e.g., by concatenation and hashing) to generate a dynamic response code. .
[0031] The hardware-based verification module needs to calculate the expected response code locally for comparison. The initial pairing of reference response codes is established during device initialization: the module generates the initial challenge code. Obtain the corresponding initial response code and using a dedicated verification key right AES-256-GCM encryption is applied, and the ciphertext is stored in a specific protected partition of the flash memory. It itself has a root key Derivation, i.e. , This is a fixed derived tag string. In each subsequent validation, the module uses... Decrypt the specific protected partition and recover it. .because The module can infer the implicit meaning from it. While information cannot be directly reconstructed from E, the response logic can be reconstructed deterministically through a hash function. Combined with the current... The module calculates the expected response code locally. The computational logic is completely consistent with the physically unclonable functional module.
[0032] The comparison verification includes a double check: comparing dynamic response codes. Compared with the expected response code Are they completely consistent? Verification from Historical counter values extracted from the data Is it less than the current counter value? ,and The threshold value is set to ≤1000 to prevent counter rollback or skipped replays. The hardware-bound verification module outputs a "verification passed" signal only if both checks pass; otherwise, it is judged as an illegal device or a replay attack, and outputs a "verification failed" signal.
[0033] The encryption engine module, as an independent hardware encryption coprocessor, is integrated into the system-on-a-chip (SoC), as shown in the attached diagram. Figure 4 As shown. It includes dedicated circuitry supporting the Advanced Encryption Standard (AES), operating in a fixed Galois / counter mode (GCM), providing authentication encryption capabilities with a 128-bit key length. The operation of this encryption engine module is entirely controlled by the output signals of the hardware-bound verification module. The encryption engine module is enabled only when a "verification passed" signal is received, allowing it to receive current key signals from the dynamic key management module. And perform encryption and decryption operations.
[0034] To ensure data security, a physically isolated encrypted data path exists between the encryption engine module and the flash memory controller. This encrypted data path is a dedicated point-to-point bus, not shared with the application processor, with a bandwidth of 64 bits and an operating frequency of 200 MHz. During a read operation, the flash memory controller directly transmits the ciphertext data block to the input buffer of the encryption engine module through this encrypted data path; the decrypted plaintext is written to a pre-allocated secure buffer in system memory through a separate plaintext data path. The entire process is scheduled by the direct memory access controller within the encryption engine module, without the intervention of the application processor kernel, thus avoiding the risk of plaintext exposure on the general-purpose system bus. Similarly, during a write operation, plaintext is sent from the secure buffer to the encryption engine via the plaintext path, encrypted, and then written back to flash memory via the encrypted path. All data transmissions on all paths are monitored by a hardware firewall, and any abnormal access attempts will trigger a security alert.
[0035] The entire system operates under a layered safe state machine model, and its state transition logic is shown in the attached figure. Figure 5As shown. The system defines three security states: trust initialization state, secure operation state, and fault lockout state. After power-on reset, the device automatically enters the trust initialization state. In this state, the security key derivation module generates... Dynamic key management module derived and The hardware binding verification module executes the initial challenge response process and generates... and use The encrypted data is then written to the protected flash memory partition. If all steps are completed successfully without any verification errors, the state machine transitions to a secure operating state.
[0036] In secure operation, the system can respond normally to data access requests from the application processor. Before each request, the hardware binding verification module performs a complete verification process. If the verification passes, the encryption engine module performs encryption and decryption; if the verification fails, or the encryption engine module detects a cryptographic anomaly during operation, the state machine immediately transitions to a fault-locked state. In the fault-locked state, the system performs the following mandatory measures: erasing all volatile keys in the dynamic key management module. The system permanently disables the encryption engine module's enable signal, preventing it from being activated again; it sends a high-priority interrupt to the system security controller, notifying the upper-layer operating system to enter restricted mode. In this mode, the device retains only basic telephone communication functions; all functions involving user data storage and access are disabled until the device is returned to the factory for security restoration.
[0037] In summary, this embodiment deeply integrates physical unclonable functionality, dynamic key hierarchical management, hardware-bound verification, and an isolated encryption engine to construct a defense-in-depth system from the hardware layer to the system top layer. Keys are never stored in plaintext on non-volatile media; encryption functions are strongly bound to the physical characteristics of the device; working keys are rotated at the session level; data paths are isolated throughout; and an automatic fault-locking mechanism is in place. Therefore, it provides a high level of security against various threats such as physical probing, firmware cloning, replay attacks, and side-channel analysis.
[0038] Example 2: Based on Example 1, this example enhances the excitation response mechanism of the physically unclonable functional module to further improve the entropy source's resistance to environmental interference and long-term stability. The ring oscillator unit in the excitation response circuit array is replaced with a differential ring oscillator structure. Each differential unit consists of two sets of symmetrical ring oscillators, one set serving as the main oscillation path and the other as the reference path. Both share the same power supply and ground lines, but the inverter sizes differ slightly. Under standard voltage excitation, the oscillation frequency difference between the main path and the reference path is... It is used as an effective response signal, rather than the absolute frequency of a single path.
[0039] Since the influence of environmental factors on the two sets of paths is highly correlated, and the frequency shift caused by manufacturing process deviations manifests as a difference, therefore Sensitivity to environmental disturbances decreases, while dependence on physical non-cloning properties increases. During acquisition, the module synchronously records the data of each differential unit. The value is calculated and quantized into an 8-bit integer, then concatenated and hashed to generate the device's native entropy value. This design ensures that the system can stably output a high entropy value even under harsh operating conditions such as high temperature (85℃) or low voltage (0.9V), guaranteeing the reliability of key derivation.
[0040] The dynamic key management module introduces a key health monitoring mechanism. This mechanism monitors key health every time... After use, its encryption performance is statistically analyzed: encryption throughput, power consumption fluctuations, and electromagnetic radiation characteristics are recorded and compared with a preset normal behavior baseline. If any indicator deviates from the baseline by more than 15% in three consecutive operations, it is judged as... It may have been partially leaked by side-channel information, triggering immediately. The premature destruction and generation of new ones This information is used for subsequent operations. The event is logged to the security log and reported as a risk factor during the next verification, allowing the hardware-bound verification module to adjust its verification strategy. This mechanism provides proactive protection for key usage, overcoming the shortcomings of traditional passive rotation strategies.
[0041] The challenge generation logic of the hardware-bound verification module has also been extended, except for the counter. With random numbers In addition, challenge code It also embeds the current system timestamp. (In milliseconds, using the lower 32 bits) and the time interval between the last successful verification. Physically unclonable functional modules are generated. At that time, and Include hash input, i.e. Local computing At that time, the module synchronously obtains the current and This design ensures the spatiotemporal consistency of response computation. It effectively identifies clock tampering or delayed replay attacks, further strengthening the security boundaries of the verification protocol.
[0042] The encryption engine module adds integrity checks to the ciphertext format. Before decryption, the module first verifies whether the version number, key identifier, and padding pattern in the ciphertext header conform to preset specifications. If they do not conform, the operation is immediately aborted and an error is reported to prevent format obfuscation attacks. All encryption operations are appended with a 128-bit authentication tag, which is automatically generated by the GCM mode and stored along with the ciphertext. Decryption must verify that the tag matches; otherwise, plaintext is rejected. This double-checking mechanism ensures the confidentiality and integrity of the data.
[0043] Through the above enhancement measures, this embodiment maintains the advantages of the original architecture while further improving the system's robustness and adaptive protection capabilities in complex attack scenarios, making it suitable for application scenarios with high security requirements such as financial payments and government communications.
[0044] It should be noted that, in this document, relational terms such as "first" and "second" are used only to distinguish one entity or operation from another, and do not necessarily require or imply any such actual relationship or order between these entities or operations. Furthermore, the terms "comprising," "including," or any other variations thereof are intended to cover non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements includes not only those elements but also other elements not expressly listed, or elements inherent to such process, method, article, or apparatus.
[0045] Although embodiments of the invention have been shown and described, it will be understood by those skilled in the art that various changes, modifications, substitutions and alterations can be made to these embodiments without departing from the principles and spirit of the invention, the scope of which is defined by the appended claims and their equivalents.
Claims
1. A security protection system for encrypting mobile phone motherboard data, characterized in that, include: The physically unclonable functional module is integrated into the system-on-a-chip on the mobile phone motherboard. It is used to generate and output the device's native entropy value based on the physical differences introduced during the chip manufacturing process. The security key derivation module is electrically connected to the physically unclonable functional module and is used to receive the device's native entropy value and generate a root key based on the device's native entropy value through a key derivation function. The dynamic key management module, which is communicatively connected to the security key derivation module, is used to manage the lifecycle of the working key required for data encryption. The hardware binding verification module works in conjunction with the physical non-clonable function module to perform real-time verification of device legitimacy each time a data access request is initiated. The encryption engine module, integrated within the system-on-a-chip, is an independent hardware encryption coprocessor that is directly connected to the dynamic key management module and the hardware binding verification module to perform high-speed encryption and decryption operations.
2. The security protection system for encrypting mobile phone motherboard data according to claim 1, characterized in that, The physically unclonable functional module includes an excitation response circuit array composed of a large number of ring oscillator units. When a start command is received, the physically unclonable functional module applies a standard voltage excitation to the excitation response circuit array, synchronously collects the oscillation counts of all ring oscillator units within a preset sampling period, and concatenates and hashes the collected oscillation count sequence to generate the device's native entropy value.
3. A security protection system for encrypting mobile phone motherboard data according to claim 2, characterized in that, The key derivation function employs a hash-based message authentication code algorithm. The input parameters include the device's native entropy value, a salt value fixed by the system, and an iteration count parameter. The security key derivation module executes the message authentication code algorithm and outputs a 256-bit root key after a specified number of iterations. After generation, the root key exists only in the volatile static random access memory of the system-on-a-chip, and this volatile static random access memory area is marked as a secure area by the hardware access control unit.
4. A security protection system for encrypting mobile phone motherboard data according to claim 3, characterized in that, The dynamic key management module includes a key hierarchy structure and a rotation mechanism. The key hierarchy structure defines the root key as a level 0 key, which is only used to derive the level 1 storage master key. The storage master key is a level 1 key, which is used to encrypt and protect the level 2 data encryption key. The data encryption key is a level 2 key, which is directly used to perform symmetric encryption operations on user data. The rotation mechanism stipulates that the validity period of the data encryption key is one encryption / decryption session, and it is destroyed immediately after each encryption or decryption operation is completed. The validity period of the storage master key is synchronized with the device power-on cycle.
5. A security protection system for encrypting mobile phone motherboard data according to claim 4, characterized in that, The verification process of the hardware binding verification module includes a challenge generation step, a response calculation step, and a comparison verification step. In the challenge generation step, the hardware binding verification module generates a random number as a challenge code. In the response calculation step, the hardware binding verification module sends the challenge code to the physical non-cloning function module. The physical non-cloning function module combines the challenge code with the device's native entropy value and generates a dynamic response code through hash operation. In the comparison verification step, the hardware binding verification module compares the received dynamic response code with a pre-generated reference response code.
6. A security protection system for encrypting mobile phone motherboard data according to claim 5, characterized in that, The operation of the encryption engine module is directly controlled by the verification result output by the hardware binding verification module. The encryption engine module is enabled only when the hardware binding verification module outputs a verification pass signal, and receives the currently valid data encryption key provided by the dynamic key management module to decrypt the ciphertext data from the flash memory, or encrypt the plaintext data from the application processor and write it to the flash memory.
7. A security protection system for encrypting mobile phone motherboard data according to claim 6, characterized in that, Each time the security key derivation module derives the root key, it sends two start commands to the physical unclonable function module, collects two sets of the device's native entropy values, and performs an XOR operation on these two sets of entropy values as the final entropy source input.
8. A security protection system for encrypting mobile phone motherboard data according to claim 7, characterized in that, In the key hierarchy structure of the dynamic key management module, the process of deriving the storage master key from the root key introduces a binding factor associated with the device serial number. The device serial number is a globally unique identifier burned into the fuse array of the system-on-a-chip. The binding factor is obtained by hashing the device serial number. When the security key derivation module calculates the storage master key, it uses the binding factor as an additional input parameter of the key derivation function.
9. A security protection system for encrypting mobile phone motherboard data according to claim 8, characterized in that, The challenge response protocol of the hardware binding verification module adopts an anti-replay attack design. The hardware binding verification module maintains a monotonically increasing counter. The value of the counter is automatically incremented by 1 each time the challenge code is generated, and the current value of the counter is used as part of the challenge code. In the comparison and verification step, the hardware binding verification module will simultaneously verify the logical continuity between the historical counter value contained in the initial challenge code obtained from the decryption of the protected partition and the current counter value.
10. A security protection system for encrypting mobile phone motherboard data according to claim 9, characterized in that, An encrypted data path is provided between the encryption engine module and the flash memory controller of the mobile phone motherboard. The encrypted data path is a physically isolated bus used to transmit ciphertext data, while the plaintext data path connects the encryption engine module and the application processor. The encryption engine module includes a direct memory access controller, which is configured to directly obtain the ciphertext block through the encryption data path when performing the operation of reading ciphertext from flash memory and decrypting it, and to directly write the decrypted plaintext into a designated secure buffer in the system memory through the plaintext data path.