[go: up one dir, main page]

TWI384382B - Embedded protection device for protecting software content and its protection method - Google Patents

Embedded protection device for protecting software content and its protection method Download PDF

Info

Publication number
TWI384382B
TWI384382B TW98104612A TW98104612A TWI384382B TW I384382 B TWI384382 B TW I384382B TW 98104612 A TW98104612 A TW 98104612A TW 98104612 A TW98104612 A TW 98104612A TW I384382 B TWI384382 B TW I384382B
Authority
TW
Taiwan
Prior art keywords
random
random number
private key
module
virtual
Prior art date
Application number
TW98104612A
Other languages
Chinese (zh)
Other versions
TW201030556A (en
Original Assignee
Univ Nat Chiao Tung
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Univ Nat Chiao Tung filed Critical Univ Nat Chiao Tung
Priority to TW98104612A priority Critical patent/TWI384382B/en
Publication of TW201030556A publication Critical patent/TW201030556A/en
Application granted granted Critical
Publication of TWI384382B publication Critical patent/TWI384382B/en

Links

Landscapes

  • Storage Device Security (AREA)

Description

保護軟體內容之嵌入式保護裝置及其保護方法Embedded protection device for protecting software content and protection method thereof

本發明係有關一種保護技術,特別是關於一種保護軟體內容之嵌入式保護裝置及其保護方法。The invention relates to a protection technology, in particular to an embedded protection device for protecting software content and a protection method thereof.

於此一資訊科技發達的時代,舉凡資訊、通訊網路與消費性電子產品均為現代人進行訊息交流及資料處理作業所不可缺少之輔助工具。有鑑於此,相關產品製造商對此一龐大的消費商機,莫不傾力進行研發設計,期能製造出符合消費者需求之資訊設備,藉以於該項產品領域中獲得大多數消費者之青睞,而居於領導地位,進而提高企業本身的競爭力,因此,遂使相關產品製造商間之競爭更形激烈。In this era of advanced information technology, information, communication networks and consumer electronics are indispensable tools for modern people to exchange information and process data. In view of this, related product manufacturers are not eager to carry out research and development design for this huge consumer business opportunity, and can produce information equipment that meets the needs of consumers, so that most consumers will be favored in this product field. Being in a leading position, and thus improving the competitiveness of the company itself, has made the competition among manufacturers of related products more intense.

此些產品製造商除投入產品競爭外,彼此間亦有一共同的的信念,亦即產品若欲具有競爭力,則產品所附加之功能就必須愈接近人性化,使大多數消費者所能接受,而當中的關鍵即在於資訊設備內部所含之嵌入式軟體,此軟體系寫入於硬體內部(稱之為韌體),用以負責硬體驅動、程序控制及介面處理,是故,一套功能完整的嵌入式軟體可提升資訊設備的價值與競爭優勢,亦可能因此提高該軟體被人所盜拷的機率,而令合法擁有該軟體製造商遭受龐大的利益損失,進而阻礙了日後其他嵌入式軟體的發展。In addition to investing in product competition, these product manufacturers share a common belief that if the product is to be competitive, the added function of the product must be more humanized, so that most consumers can accept it. The key to this is the embedded software contained inside the information device. This soft system is written inside the hardware (called firmware), which is responsible for hardware drive, program control and interface processing. A full-featured embedded software can enhance the value and competitive advantage of information devices, and may also increase the chances of the software being copied. This will cause the legitimate software manufacturer to suffer huge losses of profits, which will hinder the future. The development of other embedded software.

而過去的軟體或韌體保護方式,大部分是藉由加密技術、序號保護、軟體發送授權,通常在軟體產品開發過程中的安全顧慮,主要包括開發時期研發人員的不適當存取、開發完成後軟體遭盜版的行為、軟體發送授權的安全性,以及軟體流通後的使用狀況等,都有極大可能讓軟體的保護方式被破解。另一方面,就韌體而言,保護機制就更加薄弱,幾乎只要取得硬體及韌體程式,不需要任何授權即可使用。In the past, most of the software or firmware protection methods were encrypted by encryption technology, serial number protection, software delivery authorization, and security concerns in the development of software products, including improper access and development of developers during the development period. The pirated behavior of the software, the security of the software distribution authorization, and the use of the software after circulation, etc., are likely to cause the software protection method to be cracked. On the other hand, in terms of firmware, the protection mechanism is even weaker, and almost all hardware and firmware programs can be used without any authorization.

雖然為了解決上述問題,有的專利曾提出一種保密器,此種保密器僅利用線性回饋位移暫存器來產生虛擬隨機亂數,但此種設計有一個缺點,因為它具有週期性,所以在每幾個週期之後,會不斷產生一樣的一串亂數。這種方式仍有疑遭人破解之風險。Although in order to solve the above problems, some patents have proposed a security device that uses only a linear feedback displacement register to generate a virtual random random number, but this design has a disadvantage because it has periodicity, so After every few cycles, the same number of random numbers will continue to be generated. This way there is still the risk of being suspected of being cracked.

因此,本發明係在針對上述之困擾,提出一種保護軟體內容之嵌入式保護裝置及其保護方法,其係可改善習知缺點。Accordingly, the present invention has been made in view of the above-mentioned problems, and provides an embedded protection device for protecting software content and a protection method thereof, which can improve the conventional disadvantages.

本發明之主要目的,在於提供一種保護軟體內容之嵌入式保護裝置及其保護方法,其係將羅納德.李維斯特、阿迪.薩莫爾和倫納德.阿德曼(RSA)演算法,利用硬體協同加解密的方式來實現,進而使嵌入式韌體受到更好的安全保護機制。The main object of the present invention is to provide an embedded protection device for protecting software content and a protection method thereof, which is to be Ronald. Levist, Adi. Samuel and Leonard. The Adelman (RSA) algorithm is implemented by hardware cooperative encryption and decryption, which makes the embedded firmware better protected by security.

為達上述目的,本發明提供一種保護軟體內容之嵌入式保護裝置,包含一隨機亂數產生模組,其係根據韌體程式在處理器執行時所傳送之授權碼,藉以連續產生一虛擬隨機亂數;一隨機公私鑰產生模組,其係連接隨機亂數產生模組,並利用接收之虛擬隨機亂數對授權碼藉由RSA演算法產生公鑰及私鑰,隨機公私鑰產生模組連接一隨機存取記憶體模組,此記憶體模組可儲存接收之授權碼,及其對應的虛擬隨機亂數、公鑰、私鑰。上述三模組皆連接到一加解密模組,此加解密模組利用接收之虛擬隨機亂數、公鑰、私鑰,對隨機存取記憶體模組中所存的授權碼、虛擬隨機亂數、公鑰、私鑰進行加密,形成加密資料後,傳送給韌體程式,而在執行授權檢查時,加解密模組則接收該韌體程式傳送之加密資料,以進行解密,並將解碼出來之結果數值輸出至隨機存取記憶體模組後,與其中所儲存的授權碼、虛擬隨機亂數、公鑰、私鑰進行比對,以控制該韌體程式之執行狀態;最後尚有一輸出入介面模組,其係連接處理器、加解密模組與隨機存取記憶體模組,並作為上述模組和處理器互相傳遞資料的介面。To achieve the above objective, the present invention provides an embedded protection device for protecting software content, including a random random number generation module, which continuously generates a virtual random according to an authorization code transmitted by a firmware program when executed by a processor. Random number; a random public-private key generation module, which is connected to a random random number generation module, and uses the received virtual random random number pair authorization code to generate a public key and a private key by using an RSA algorithm, and a random public-private key generation module Connected to a random access memory module, the memory module can store the received authorization code, and its corresponding virtual random number, public key, private key. The above three modules are all connected to an encryption and decryption module, and the encryption and decryption module uses the received virtual random random number, public key and private key to store the authorization code and virtual random random number in the random access memory module. The public key and the private key are encrypted, and the encrypted data is formed and transmitted to the firmware program. When the authorization check is performed, the encryption and decryption module receives the encrypted data transmitted by the firmware program to decrypt and decode the data. After the result is output to the random access memory module, it is compared with the authorization code, virtual random number, public key and private key stored therein to control the execution state of the firmware program; finally, there is an output. The interface module is connected to the processor, the encryption and decryption module and the random access memory module, and serves as an interface for transferring data between the module and the processor.

本發明亦提供一種保護軟體內容之保護方法,首先根據韌體程式所傳送之授權碼,藉以連續產生一虛擬隨機亂數,接著執行一加密流程,其係首先利用虛擬隨機亂數對授權碼藉由RSA演算法產生公鑰及私鑰,接著儲存授權碼及其對應之虛擬隨機亂數、私鑰與公鑰,之後對授權碼及其對應之虛擬隨機亂數、公鑰及私鑰進行加密,形成一加密資料後,傳給韌體程式,至此加密流程結束。再來則執行一授權流程,其係首先接收韌體程式傳送之加密資料,並進行解密,將解碼出來之結果數值與該授權碼及其對應之虛擬隨機亂數、公鑰及私鑰進行比對,以得到一比對結果,接著判斷該比對結果是否可進行授權,若是,則執行該韌體程式,且重複進行上述之加密流程;若否,則無法執行該韌體程式。The invention also provides a method for protecting the content of the software. Firstly, according to the authorization code transmitted by the firmware program, a virtual random random number is continuously generated, and then an encryption process is executed, which firstly uses the virtual random random number to authorize the authorization code. The public key and the private key are generated by the RSA algorithm, and then the authorization code and its corresponding virtual random random number, private key and public key are stored, and then the authorization code and its corresponding virtual random random number, public key and private key are encrypted. After forming an encrypted data, it is passed to the firmware program, and the encryption process ends. Then, an authorization process is executed, which first receives the encrypted data transmitted by the firmware program, and decrypts, and compares the decoded result value with the authorization code and its corresponding virtual random random number, public key and private key. To obtain a comparison result, it is then determined whether the comparison result can be authorized, and if so, the firmware program is executed, and the encryption process described above is repeated; if not, the firmware program cannot be executed.

茲為使貴審查委員對本發明之結構特徵及所達成之功效更有進一步之瞭解與認識,謹佐以較佳之實施例圖及配合詳細之說明,說明如後:In order to give the review board members a better understanding and understanding of the structural features and the efficacies of the present invention, please refer to the preferred embodiment diagrams and the detailed descriptions as follows:

請參閱第1圖,當欲使用記憶體24中的嵌入式軟體,即韌體程式時,可將此記憶體24載入一處理器22中,以執行該韌體程式,此記憶體24可為電可擦除可編程唯讀記憶體(EEPROM)或快閃記憶體(Flash)。而本發明之嵌入式保護裝置10係在一處理器22執行韌體程式時執行授權檢查,其安裝位置係可內建於處理器22中,或整合於處理器22之匯流排上,處理器22可為中央處理器(CPU)或數位訊號處理器(DSP)。此保護裝置10包含一隨機亂數產生模組12,其係根據韌體程式在處理器22執行時所傳送之授權碼,藉以連續產生一不具週期性之虛擬隨機亂數;一隨機公私鑰產生模組14,其係連接隨機亂數產生模組12,並接收虛擬隨機亂數,該隨機公私鑰產生模組14會先檢查此虛擬隨機亂數是否為質數,若否,則繼續選擇下一個參數;若是,則利用此質數藉由羅納德.李維斯特、阿迪:薩莫爾和倫納德.阿德曼(RSA)演算法對授權碼產生公鑰及私鑰,隨機公私鑰產生模組14連接一隨機存取記憶體模組18,此記憶體模組18可儲存接收之授權碼,及其對應的虛擬隨機亂數、公鑰、私鑰。上述三模組12、14、18皆連接到一加解密模組16,此加解密模組16利用接收之虛擬隨機亂數、公鑰、私鑰,對隨機存取記憶體模組18中所存的授權碼、虛擬隨機亂數、公鑰、私鑰進行加密,形成加密資料後,傳送給韌體程式,而在執行授權檢查時,加解密模組16則接收該韌體程式傳送之加密資料,以進行解密,並將解碼出來之結果數值輸出至隨機存取記憶體模組18後,與其中所儲存的授權碼、虛擬隨機亂數、公鑰、私鑰進行比對,以控制該韌體程式之執行狀態,同時將比對結果透過輸出入介面模組20回傳至韌體程式進行授權顯示;最後尚有一輸出入介面模組20,其係連接處理器22、加解密模組16與隨機存取記憶體模組18,並作為上述模組12、14、16、18、20和處理器22互相傳遞資料的介面。Referring to FIG. 1 , when the embedded software in the memory 24 is used, that is, the firmware program, the memory 24 can be loaded into a processor 22 to execute the firmware program. It is electrically erasable programmable read only memory (EEPROM) or flash memory (Flash). The embedded protection device 10 of the present invention performs an authorization check when the processor 22 executes the firmware program, and the installation location thereof may be built in the processor 22 or integrated on the bus of the processor 22, the processor. 22 can be a central processing unit (CPU) or a digital signal processor (DSP). The protection device 10 includes a random random number generation module 12, which is based on an authorization code transmitted by the firmware program when executed by the processor 22, to continuously generate a non-periodic virtual random number; a random public and private key generation The module 14 is connected to the random random number generating module 12 and receives the virtual random random number. The random public and private key generating module 14 first checks whether the virtual random random number is a prime number, and if not, continues to select the next one. Parameters; if so, use this prime number by Ronald. Levist, Adi: Samuel and Leonard. The Adelman (RSA) algorithm generates a public key and a private key for the authorization code, and the random public and private key generation module 14 is connected to a random access memory module 18, and the memory module 18 can store the received authorization code, and Its corresponding virtual random random number, public key, private key. The three modules 12, 14, and 18 are all connected to an encryption and decryption module 16, and the encryption and decryption module 16 uses the received random random number, public key, and private key to store the random access memory module 18. The authorization code, the virtual random number, the public key, and the private key are encrypted, and the encrypted data is formed and transmitted to the firmware program. When the authorization check is performed, the encryption and decryption module 16 receives the encrypted data transmitted by the firmware. To perform decryption, and output the decoded result value to the random access memory module 18, and compare with the stored authorization code, virtual random random number, public key, and private key to control the toughness. The execution status of the program, and the comparison result is transmitted back to the firmware program through the output interface module 20 for authorization display; finally, there is an input/output interface module 20, which is connected to the processor 22 and the encryption and decryption module 16 And the random access memory module 18, and as an interface for transferring data between the modules 12, 14, 16, 18, 20 and the processor 22.

在軟體部分,當韌體程式執行時,輸出入介面模組20可隨機插入檢查點,以作為提供軟硬體協定資料溝通時之隨機取樣依據,並配合隨機亂數產生模組12取得當下所產生的虛擬隨機亂數,分別把此亂數當作分時快速傅立業轉換演算法中運算的中間係數、檢查後結果擺放位置參數、檢查後結果擺放位置延遲參數,此三種參數的解釋說明如下:In the software part, when the firmware program is executed, the input/output interface module 20 can randomly insert a checkpoint as a random sampling basis for providing data communication between the hardware and software protocols, and cooperate with the random random number generation module 12 to obtain the current location. The generated virtual random number is used as the intermediate coefficient of the operation in the time-sharing fast Fourier conversion algorithm, the placement position parameter after the inspection, and the position delay parameter after the inspection. The interpretation of these three parameters described as follows:

(1)快速傅立業轉換演算法中運算的中間係數:利用軟體回傳的隨機檢查點,作為取樣時間,取出當下亂數產生模組12所產生之虛擬隨機亂數,作為在快速傅立業轉換演算法中,運算所需之八個係數,每一個係數為一個位元共八位元,並將此八位元放置於回傳給軟體溝通協定的位元組當中。(1) The intermediate coefficient of the operation in the fast Fourier transform algorithm: using the random checkpoint of the software backhaul, as the sampling time, the virtual random random number generated by the current random number generating module 12 is taken out as the fast Fourier transform In the algorithm, the eight coefficients required for the operation, each coefficient is one bit and a total of eight bits, and the octet is placed in the byte that is passed back to the software communication protocol.

(2)檢查後結果擺放位置參數:利用軟體回傳的隨機檢查點,作為取樣時間,取出當下亂數產生模組12所產生之虛擬隨機亂數,作為在快速傅立業轉換演算法中,運算結果八個位置中其中一個,將此位置用八個位元表示,並將此八位元放置於回傳給軟體溝通協定的位元組當中。(2) Post-inspection placement position parameter: Using the random checkpoint returned by the software, as the sampling time, the virtual random chaotic number generated by the current random number generating module 12 is taken out, as in the fast Fourier transform algorithm. One of the eight positions of the result of the operation, this position is represented by eight bits, and the octet is placed in the byte that is passed back to the software communication protocol.

(3)檢查後結果擺放位置延遲參數:利用軟體回傳的隨機檢查點,作為取樣時間,取出當下亂數產生模組12所產生之虛擬隨機亂數,作為決定上述回傳檢查後結果擺放位置參數,在整個回傳給軟體的溝通協定當中的第幾個位元組,用八位元表示,並將此八位元放置於回傳給軟體溝通協定的位元組當中。(3) Post-check result placement position delay parameter: Using the random check point of the software back-transmission, as the sampling time, the virtual random random number generated by the current random number generating module 12 is taken out as a result of determining the result of the above-mentioned back-transfer check. The positional parameter, the first byte in the communication protocol that is passed back to the software, is represented by an octet and placed in the byte that is passed back to the software communication protocol.

本發明之隨機亂數產生模組12包含了重置裝置26、計數控制模組28與線性回饋位移暫存模組30。計數控制模組28可計算當啟用重置裝置26時所經過的時脈數以輸出一控制訊號,而線性回饋位移暫存模組30可接收該控制訊號作為延遲給值的依據,並根據控制訊號與授權碼以連續產生不具週期性之虛擬隨機亂數。在此設計中,亂數的產生是為了要給後面做質數檢查,若每次檢查都從頭開始,則每次取到的質數都會一樣,因此利用一個計數控制模組28控制亂數的週期性,讓之後做質數檢查時不會從頭開始檢查,這樣每次取到的質數都將會不一樣。The random random number generating module 12 of the present invention comprises a resetting device 26, a counting control module 28 and a linear feedback displacement temporary storage module 30. The counting control module 28 can calculate the number of clocks elapsed when the resetting device 26 is enabled to output a control signal, and the linear feedback displacement temporary storage module 30 can receive the control signal as a basis for delaying the value, and according to the control The signal and the authorization code continuously generate a virtual random number without periodicity. In this design, the random number is generated in order to perform the prime check on the back. If each check starts from the beginning, the prime number obtained each time will be the same, so a count control module 28 is used to control the periodicity of the random number. So that you don't check from the beginning when you do the quality check, so the prime number will be different each time.

以下介紹本發明之保護裝置的作動過程,請同時參閱第1圖與第2圖,首先如步驟S10所示,隨機亂數產生模組12根據韌體程式所傳送之授權碼,藉以連續產生一不具週期性之虛擬隨機亂數。接著執行一加密流程,其係首先如步驟S12所示,隨機公私鑰產生模組14接收此隨機虛擬亂數,並先檢查此虛擬隨機亂數是否為質數,若否,則如步驟S14所示,回至步驟S12,以繼續選擇接收下一個參數;若是,則如步驟S16所示,利用此質數藉由RSA演算法對授權碼產生公鑰及私鑰。執行完步驟S16後,接著如步驟S18所示,隨機存取記憶體模組18儲存接收之授權碼及其對應之虛擬隨機亂數、私鑰與公鑰。之後如步驟S20所示,由於虛擬隨機亂數、私鑰與公鑰都是連續產生的,因此加解密模組16可利用此時所產生的虛擬隨機亂數、私鑰與公鑰對隨機存取記憶體模組18儲存的授權碼及其對應之虛擬隨機亂數、公鑰及私鑰進行加密,形成一加密資料後,傳給韌體程式,至此加密流程結束。再來執行一授權流程,其係首先如步驟S22所示,加解密模組16接收韌體程式傳送之加密資料,並進行解密,將解碼出來之結果數值傳輸至隨機存取記憶體模組18,並與其中所儲存的授權碼及其對應之虛擬隨機亂數、公鑰及私鑰進行比對,以得到一比對結果,同時將比對結果透過輸出入介面模組20回傳至韌體程式進行授權顯示。接著如步驟S24所示,藉由該比對結果判斷是否可進行授權,若是,則如步驟S26所示,執行韌體程式,且重複進行上述加密流程;若否,則如步驟S28所示,無法執行韌體程式。The following describes the operation process of the protection device of the present invention. Please refer to FIG. 1 and FIG. 2 simultaneously. First, as shown in step S10, the random random number generation module 12 continuously generates one according to the authorization code transmitted by the firmware program. A virtual random random number that does not have periodicity. Then, an encryption process is performed. First, as shown in step S12, the random public and private key generation module 14 receives the random virtual random number, and first checks whether the virtual random random number is a prime number. If not, as shown in step S14. Going back to step S12, the selection continues to receive the next parameter; if so, as shown in step S16, the public key and the private key are generated for the authorization code by the RSA algorithm using the prime number. After the step S16 is performed, the random access memory module 18 stores the received authorization code and its corresponding virtual random random number, private key and public key, as shown in step S18. Then, as shown in step S20, since the virtual random random number, the private key and the public key are continuously generated, the encryption and decryption module 16 can use the virtual random random number, the private key and the public key pair generated at this time to be randomly stored. The authorization code stored in the memory module 18 and its corresponding virtual random number, public key and private key are encrypted to form an encrypted data, which is then transmitted to the firmware program, and the encryption process ends. Then, an authorization process is performed. First, as shown in step S22, the encryption and decryption module 16 receives the encrypted data transmitted by the firmware program, decrypts the data, and transmits the decoded result value to the random access memory module 18. And comparing with the authorization code stored therein and its corresponding virtual random random number, public key and private key to obtain a comparison result, and the comparison result is transmitted back to the toughness through the output interface module 20 The program is authorized to display. Then, as shown in step S24, it is determined whether the authorization is possible by the comparison result. If yes, the firmware program is executed as shown in step S26, and the encryption process is repeated; if not, as shown in step S28. Unable to execute firmware.

當比對結果的判斷為可進行授權時,會重複進行加密流程,不過在執行當中,由於已經不是第一次執行此流程,因此隨機存取記憶體模組18此時已經內存有授權碼,不需要再次接收,除此之外,其餘的流程皆相同。When the comparison result is judged to be authorized, the encryption process is repeated, but during execution, since the process is not executed for the first time, the random access memory module 18 has an authorization code stored therein. No need to receive again, except the rest of the process is the same.

當進行完授權流程後,若下一次還要執行韌體程式時,就會直接再一次執行授權流程,而不會從加密流程開始執行。After the authorization process is completed, if the firmware is to be executed next time, the authorization process will be executed directly without starting from the encryption process.

上述的隨機亂數產生模組12產生虛擬隨機亂數的方式如第3圖所示,並請同時參閱第1圖,首先如步驟S102所示,啟用重置裝置26。接著如步驟S104所示,計數控制模組28可計算當啟用重置裝置26時所經過的時脈數以輸出一控制訊號。再來如步驟S106所示,線性回饋位移暫存模組30可接收該控制訊號作為延遲給值的依據,並根據控制訊號與授權碼以連續產生不具週期性之虛擬隨機亂數。The manner in which the random random number generation module 12 generates the virtual random random number is as shown in FIG. 3, and please refer to FIG. 1 at the same time. First, as shown in step S102, the reset device 26 is enabled. Then, as shown in step S104, the counting control module 28 can calculate the number of clocks elapsed when the resetting device 26 is enabled to output a control signal. Then, as shown in step S106, the linear feedback displacement temporary storage module 30 can receive the control signal as a basis for delaying the value, and continuously generate a virtual random random number without periodicity according to the control signal and the authorization code.

綜上所述,本發明係將RSA演算法,利用硬體協同加解密的方式來實現,進而使嵌入式韌體受到更好的安全保護機制,是一相當實用的發明。In summary, the present invention is a relatively practical invention in which the RSA algorithm is implemented by means of hardware cooperative encryption and decryption, thereby making the embedded firmware better protected by a security mechanism.

以上所述者,僅為本發明一較佳實施例而已,並非用來限定本發明實施之範圍,故舉凡依本發明申請專利範圍所述之形狀、構造、特徵及精神所為之均等變化與修飾,均應包括於本發明之申請專利範圍內。The above is only a preferred embodiment of the present invention, and is not intended to limit the scope of the present invention, so that the shapes, structures, features, and spirits described in the claims of the present invention are equally varied and modified. All should be included in the scope of the patent application of the present invention.

10...嵌入式保護裝置10. . . Embedded protection device

12...隨機亂數產生模組12. . . Random random number generation module

14...隨機公私鑰產生模組14. . . Random public and private key generation module

16...加解密模組16. . . Add and decrypt module

18...隨機存取記憶體模組18. . . Random access memory module

20...輸出入介面模組20. . . Input and output interface module

22...處理器twenty two. . . processor

24...記憶體twenty four. . . Memory

26...重置裝置26. . . Reset device

28...計數控制模組28. . . Counting control module

30...線性回饋位移暫存模組30. . . Linear feedback displacement temporary storage module

第1圖為本發明之裝置架構示意圖。Figure 1 is a schematic diagram of the architecture of the device of the present invention.

第2圖為本發明之方法流程示意圖。Figure 2 is a schematic flow chart of the method of the present invention.

第3圖為本發明之產生虛擬隨機亂數之方法流程示意圖。FIG. 3 is a schematic flow chart of a method for generating a virtual random random number according to the present invention.

10...嵌入式保護裝置10. . . Embedded protection device

12...隨機亂數產生模組12. . . Random random number generation module

14...隨機公私鑰產生模組14. . . Random public and private key generation module

16...加解密模組16. . . Add and decrypt module

18...隨機存取記憶體模組18. . . Random access memory module

20...輸出入介面模組20. . . Input and output interface module

22...處理器twenty two. . . processor

24...記憶體twenty four. . . Memory

26...重置裝置26. . . Reset device

28...計數控制模組28. . . Counting control module

30...線性回饋位移暫存模組30. . . Linear feedback displacement temporary storage module

Claims (16)

一種保護軟體內容之嵌入式保護裝置,其係在一處理器執行韌體程式時執行授權檢查,該嵌入式保護裝置包含:一隨機亂數產生模組,其係根據該韌體程式執行時所傳送之授權碼,藉以連續產生一虛擬隨機亂數;一隨機公私鑰產生模組,其係連接該隨機亂數產生模組,並利用接收之該虛擬隨機亂數對該授權碼產生公鑰及私鑰;一隨機存取記憶體模組,其係連接該隨機公私鑰產生模組,並儲存接收之該授權碼,及其對應的該虛擬隨機亂數、該公鑰、該私鑰;一加解密模組,其係連接該隨機亂數產生模組、該隨機存取記憶體模組與該隨機公私鑰產生模組,該加解密模組利用接收之該虛擬隨機亂數、該公鑰、該私鑰,對該隨機存取記憶體模組中所存的該授權碼、該虛擬隨機亂數、該公鑰、該私鑰進行加密,形成該加密資料後,傳送給該韌體程式,在執行授權檢查時,該加解密模組接收該韌體程式傳送之該加密資料,以進行解密,並將解碼出來之結果數值輸出至該隨機存取記憶體模組後,與其中所儲存的該授權碼、該虛擬隨機亂數、該公鑰、該私鑰進行比對,以控制該韌體程式之執行狀態;以及一輸出入介面模組,其係連接該處理器、該加解密模組與該隨機存取記憶體模組,並作為上述模組和該處理器互相傳遞資料的介面。An embedded protection device for protecting software content, which performs an authorization check when a processor executes a firmware program, the embedded protection device comprising: a random random number generation module, which is executed according to the firmware program Transmitting an authorization code to continuously generate a virtual random random number; a random public-private key generation module connecting the random random number generation module, and generating a public key for the authorization code by using the virtual random random number received a private key; a random access memory module connected to the random public and private key generation module, and storing the received authorization code, and the corresponding virtual random number, the public key, and the private key; The encryption and decryption module is connected to the random random number generation module, the random access memory module and the random public and private key generation module, and the encryption and decryption module utilizes the virtual random random number received, the public key The private key, the authorization code stored in the random access memory module, the virtual random number, the public key, and the private key are encrypted to form the encrypted data, and then transmitted to the firmware program. Executing When the check is performed, the encryption and decryption module receives the encrypted data transmitted by the firmware program for decryption, and outputs the decoded result value to the random access memory module, and the authorized identifier stored therein a code, the virtual random number, the public key, and the private key are compared to control an execution state of the firmware program; and an input/output interface module is connected to the processor, the encryption and decryption module, and The random access memory module is used as an interface between the module and the processor to transfer data to each other. 如申請專利範圍第1項所述之保護軟體內容之嵌入式保護裝置,其中該韌體程式執行時,該輸出入介面模組可隨機插入檢查點,以作為提供軟硬體協定資料溝通時之隨機取樣依據,並配合隨機亂數產生模組取得當下所產生的虛擬隨機亂數。The embedded protection device for protecting the software content according to the first aspect of the patent application, wherein when the firmware program is executed, the input/output interface module can be randomly inserted into the checkpoint to provide communication between the software and hardware protocols. Random sampling basis, and with the random random number generation module to obtain the virtual random random number generated at the moment. 如申請專利範圍第1項所述之保護軟體內容之嵌入式保護裝置,其中該隨機存取記憶體模組中的資料完成比對後,更可將比對結果透過該輸出入介面模組回傳至該韌體程式進行授權顯示。The embedded protection device for protecting the software content according to the first aspect of the patent application, wherein after the data in the random access memory module is compared, the comparison result can be returned through the input/output interface module. Passed to the firmware program for authorization display. 如申請專利範圍第1項所述之保護軟體內容之嵌入式保護裝置,其中該虛擬隨機亂數為質數時,該隨機公私鑰產生模組係利用該質數產生該公鑰及該私鑰。The embedded protection device for protecting the software content according to the first aspect of the patent application, wherein the random public private key generation module generates the public key and the private key by using the prime number when the virtual random random number is a prime number. 如申請專利範圍第1項所述之保護軟體內容之嵌入式保護裝置,其中該虛擬隨機亂數不具週期性。The embedded protection device for protecting software content according to claim 1, wherein the virtual random random number is not periodic. 如申請專利範圍第1項所述之保護軟體內容之嵌入式保護裝置,其中該虛擬隨機亂數藉由羅納德‧李維斯特、阿迪‧薩莫爾和倫納德‧阿德曼(RSA)演算法對該授權碼產生該公鑰及該私鑰。An embedded protection device for protecting software content as described in claim 1 of the patent scope, wherein the virtual random number is by Ronald Levist, Adi Samuel and Leonard Adelman (RSA) The algorithm generates the public key and the private key for the authorization code. 如申請專利範圍第1項所述之保護軟體內容之嵌入式保護裝置,其中該隨機亂數產生模組包含:一重置裝置;一計數控制模組,其係根據啟用該重置裝置時所經過的時脈數以輸出一控制訊號;以及一線性回饋位移暫存模組,其係根據該控制訊號與該授權碼以連續產生不具週期性之該虛擬隨機亂數。The embedded protection device for protecting the software content according to the first aspect of the invention, wherein the random random number generation module comprises: a reset device; and a count control module, which is based on when the reset device is activated The passing clock number outputs a control signal; and a linear feedback displacement temporary storage module is configured to continuously generate the virtual random random number without periodicity according to the control signal and the authorization code. 如申請專利範圍第1項所述之保護軟體內容之嵌入式保護裝置,其中該處理器係為中央處理器(CPU)或數位訊號處理器(DSP)。An embedded protection device for protecting software content as described in claim 1, wherein the processor is a central processing unit (CPU) or a digital signal processor (DSP). 如申請專利範圍第1項所述之保護軟體內容之嵌入式保護裝置,其中該嵌入式保護裝置係內建於該處理器中。The embedded protection device for protecting software content according to claim 1, wherein the embedded protection device is built in the processor. 如申請專利範圍第1項所述之保護軟體內容之嵌入式保護裝置,其中該嵌入式保護裝置係整合於該處理器之匯流排上。An embedded protection device for protecting software content according to claim 1, wherein the embedded protection device is integrated on a busbar of the processor. 一種保護軟體內容之保護方法,其係包含下列步驟:根據韌體程式所傳送之授權碼,藉以連續產生一虛擬隨機亂數;執行一加密流程,其係包含下列步驟:利用該虛擬隨機亂數對該授權碼產生公鑰及私鑰;儲存該授權碼及其對應之該虛擬隨機亂數、該私鑰與該公鑰;以及對該授權碼及其對應之該虛擬隨機亂數、該公鑰及該私鑰進行加密,形成一加密資料後,傳給該韌體程式;以及執行一授權流程,其係包含下列步驟:接收該韌體程式傳送之該加密資料,並進行解密,將解碼出來之結果數值與該授權碼及其對應之該虛擬隨機亂數、該公鑰及該私鑰進行比對,以得到一比對結果;以及藉由該比對結果判斷是否可進行授權,若是,則執行該韌體程式,且重複進行該加密流程;若否,則無法執行該韌體程式。A method for protecting software content, comprising the steps of: continuously generating a virtual random random number according to an authorization code transmitted by a firmware program; and performing an encryption process, the method comprising the steps of: utilizing the virtual random random number Generating a public key and a private key for the authorization code; storing the authorization code and the corresponding virtual random number, the private key and the public key; and the authorization code and the corresponding virtual random number, the public The key and the private key are encrypted to form an encrypted data, and then transmitted to the firmware program; and an authorization process is executed, which includes the following steps: receiving the encrypted data transmitted by the firmware program, decrypting, and decoding The result value is compared with the authorization code and the corresponding virtual random number, the public key and the private key to obtain a comparison result; and the comparison result is used to determine whether authorization is possible, and if , the firmware is executed, and the encryption process is repeated; if not, the firmware cannot be executed. 如申請專利範圍第11項所述之保護軟體內容之保護方法,其中該授權流程執行完成之後,更包含一步驟,其係再一次進行該授權流程。For example, in the protection method of the protection software content described in claim 11, wherein the authorization process is completed, the method further includes a step, and the authorization process is performed again. 如申請專利範圍第11項所述之保護軟體內容之保護方法,其中產生該虛擬隨機亂數之步驟包含下列步驟:根據重置時所經過的時脈數以輸出一控制訊號;以及根據該控制訊號與該授權碼以連續產生不具週期性之該虛擬隨機亂數。The method for protecting the content of the protection software according to claim 11, wherein the step of generating the virtual random number includes the following steps: outputting a control signal according to the number of clocks passing through the reset; and according to the control The signal and the authorization code continuously generate the virtual random number without periodicity. 如申請專利範圍第11項所述之保護軟體內容之保護方法,其中該虛擬隨機亂數為質數時,係利用該質數產生該公鑰及該私鑰。For example, in the protection method of the protection software content described in claim 11, wherein the virtual random random number is a prime number, the public key and the private key are generated by using the prime number. 如申請專利範圍第11項所述之保護軟體內容之保護方法,其中該虛擬隨機亂數不具週期性。The method for protecting the content of the protected software as described in claim 11 wherein the virtual random number is not periodic. 如申請專利範圍第11項所述之保護軟體內容之保護方法,其中該虛擬隨機亂數藉由羅納德‧李維斯特、阿迪‧薩莫爾和倫納德‧阿德曼(RSA)演算法對該授權碼產生該公鑰及該私鑰。The method for protecting the content of the protected software as described in claim 11, wherein the virtual random number is algorithmized by Ronald Levist, Adi Samuel and Leonard Adelman (RSA) algorithm The public key and the private key are generated for the authorization code.
TW98104612A 2009-02-13 2009-02-13 Embedded protection device for protecting software content and its protection method TWI384382B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW98104612A TWI384382B (en) 2009-02-13 2009-02-13 Embedded protection device for protecting software content and its protection method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW98104612A TWI384382B (en) 2009-02-13 2009-02-13 Embedded protection device for protecting software content and its protection method

Publications (2)

Publication Number Publication Date
TW201030556A TW201030556A (en) 2010-08-16
TWI384382B true TWI384382B (en) 2013-02-01

Family

ID=44854293

Family Applications (1)

Application Number Title Priority Date Filing Date
TW98104612A TWI384382B (en) 2009-02-13 2009-02-13 Embedded protection device for protecting software content and its protection method

Country Status (1)

Country Link
TW (1) TWI384382B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6282651B1 (en) * 1997-07-17 2001-08-28 Vincent Ashe Security system protecting data with an encryption key
TW200629068A (en) * 2004-09-10 2006-08-16 Ibm An integrated circuit chip for encryption and decryption having a secure mechanism for programming ON-chip hardware
TW200822068A (en) * 2006-09-19 2008-05-16 Mediatek Inc Methods and apparatuses for securing firmware image distribution and obtaining firmware image from encrypted data

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6282651B1 (en) * 1997-07-17 2001-08-28 Vincent Ashe Security system protecting data with an encryption key
TW200629068A (en) * 2004-09-10 2006-08-16 Ibm An integrated circuit chip for encryption and decryption having a secure mechanism for programming ON-chip hardware
TW200822068A (en) * 2006-09-19 2008-05-16 Mediatek Inc Methods and apparatuses for securing firmware image distribution and obtaining firmware image from encrypted data

Also Published As

Publication number Publication date
TW201030556A (en) 2010-08-16

Similar Documents

Publication Publication Date Title
US10216964B2 (en) Semiconductor integrated circuit and system
US8732468B2 (en) Protecting hardware circuit design by secret sharing
ES2273005T3 (en) METHOD FOR THE SECURE EXCHANGE OF DATA BETWEEN TWO DEVICES.
CN103988461B (en) Apparatus and method for decrypting data
Gebotys et al. A framework for security on NoC technologies
EP3264316B1 (en) Using secure key storage to bind a white-box implementation to one platform
CN110089075B (en) Pseudo-random generation of matrices for computing fuzzy extractors and method for verification
TW201723920A (en) Hardware enforced one-way cryptography
US20160261403A1 (en) Side channel analysis resistant architecture
JP5426540B2 (en) Method for performing authentication using decoding of error correction code based on public matrix
JP2007520951A (en) Power analysis attack protection
WO2019129772A1 (en) Whitebox computation of keyed message authentication codes
US20070180536A1 (en) Processor, memory, computer system, system LSI, and method of authentication
ES2328983T5 (en) Procedure and device for agreeing a common key between a first communication device and a second communication device
CN112069551A (en) Electronic circuit
JP4574994B2 (en) Microcomputer with external memory
KR101310232B1 (en) Method for sharing bus key and apparatus therefor
US9076002B2 (en) Stored authorization status for cryptographic operations
TWI384382B (en) Embedded protection device for protecting software content and its protection method
US8266446B2 (en) Software protection against fault attacks
JP2005045760A (en) Cryptographic processing method and apparatus
US10798108B2 (en) Apparatus and method for a multi-entity secure software transfer
TWI249666B (en) Device using parity check bit to carry out data encryption protection and method thereof
TW200925862A (en) Anti-attacking method for private key, controller and storage device executing the same
JP6356687B2 (en) Control method and device for controlling code authenticity by applying bijective algorithm to messages

Legal Events

Date Code Title Description
MM4A Annulment or lapse of patent due to non-payment of fees