[go: up one dir, main page]

TWI876643B - Method of operating secure programming system, computer readable recording medium and secure programming system using the same - Google Patents

Method of operating secure programming system, computer readable recording medium and secure programming system using the same Download PDF

Info

Publication number
TWI876643B
TWI876643B TW112141865A TW112141865A TWI876643B TW I876643 B TWI876643 B TW I876643B TW 112141865 A TW112141865 A TW 112141865A TW 112141865 A TW112141865 A TW 112141865A TW I876643 B TWI876643 B TW I876643B
Authority
TW
Taiwan
Prior art keywords
programmer
oem
programmable device
verification code
certificate
Prior art date
Application number
TW112141865A
Other languages
Chinese (zh)
Other versions
TW202503516A (en
Inventor
康銘輝
Original Assignee
岱鐠科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 岱鐠科技股份有限公司 filed Critical 岱鐠科技股份有限公司
Priority to US18/397,606 priority Critical patent/US20250023733A1/en
Priority to US18/397,674 priority patent/US20250023722A1/en
Priority to US18/767,037 priority patent/US20250023746A1/en
Publication of TW202503516A publication Critical patent/TW202503516A/en
Application granted granted Critical
Publication of TWI876643B publication Critical patent/TWI876643B/en

Links

Images

Landscapes

  • Storage Device Security (AREA)
  • Programmable Controllers (AREA)

Abstract

A method is disclosed. The method comprises: retrieving a payload from a work control packet; calculating a first verification code from the payload; after the payload is burned into a programmable device, reading the burned payload to calculate a second verification code; of the first verification code and the second verification code are verified successfully, performing a burning task; generating an OEM certificate signing request according to an identifiable information and a programmable device public key; if the OEM certificate signing request is verified successfully, generating an OEM device certificate; signing the OEM device certificate with an OEM private key; verifying the OEM device certificate by an OEM public key; if the OEM device certificate and the OEM public key are verified successfully, generating a third verification code from the OEM device certificate; burning the OEM device certificate into the programmable device; calculating a fourth verification code from the burned OEM device certificate; verifying the third verification code and the fourth verification code; classifying the programmable devices according to the verification results.

Description

操作安全程式設計系統的方法及其適用之電腦可讀取紀錄媒體及安全程式設計系統Method for operating a secure programming system, computer-readable recording medium and secure programming system applicable thereto

本案屬於安全程式設計系統的技術領域,尤指一種操作安全程式設計系統的方法及其適用之電腦可讀取紀錄媒體及安全程式設計系統。This case belongs to the technical field of secure programming systems, and in particular refers to a method for operating a secure programming system and a computer-readable recording medium and secure programming system applicable thereto.

在現有的燒錄作業及流程中,除了燒錄的資料皆為明文而未經加密保護外,當燒錄此資料於積體電路中,因積體電路同樣未有任何加密保護或身分驗證程序,以致於未經授權的裝置可對該積體電路進行操作或控制,更甚者,亦可能讓未經認證的人員對於積體電路內的燒錄資料進行分析、竄改、洩漏及剽竊等。In the existing burning operation and process, in addition to the fact that the burned data is all in plain text and not encrypted, when burning this data into the integrated circuit, because the integrated circuit also does not have any encryption protection or identity verification process, unauthorized devices can operate or control the integrated circuit. What's worse, it may also allow unauthorized personnel to analyze, tamper, leak and plagiarize the burned data in the integrated circuit.

因此,如何發展一種操作安全程式設計系統的方法及其適用之電腦可讀取紀錄媒體及安全程式設計系統,實為本領域急需面對的課題。Therefore, how to develop a method for operating a secure programming system and a computer-readable recording medium and secure programming system applicable thereto is an urgent issue to be addressed in this field.

本案為一種操作安全程式設計系統的方法及其適用之電腦可讀取紀錄媒體及安全程式設計系統,該方法可在燒錄流程中確保燒錄資料僅由持有對應的配對公鑰或私鑰和通過及時身分驗證的裝置進行讀取,以避免燒錄資料遭受竄改、損壞、洩漏及剽竊。此外,本案的方法更僅能讓通過身分驗證的裝置對經過安全燒錄的積體電路內的韌體程式進行操作/控制。This case is a method for operating a secure programming system and a computer-readable recording medium and secure programming system applicable thereto. The method can ensure that the burned data can only be read by a device that holds a corresponding paired public key or private key and has passed timely identity verification during the burning process, so as to prevent the burned data from being tampered with, damaged, leaked, and plagiarized. In addition, the method of this case allows only devices that have passed identity verification to operate/control the firmware program in the securely burned integrated circuit.

為達上述目的,本案之一實施態樣為提供一種操作安全程式設計系統的方法,安全程式設計系統包含編程器、程式設計單元、認證模組及安全性模組,方法包含:S1. 編程器利用安全控制單元金鑰將已加密的工作控制封包解密,以取出有效負載;S2. 編程器產生由有效負載所計算出的第一驗證碼; S3. 編程器將有效負載燒錄到可編程裝置; S4.在有效負載被燒錄到可編程裝置後,由編程器將已燒錄的有效負載進行讀取,以計算第二驗證碼; S5.編程器驗證第一驗證碼及第二驗證碼,並當驗證成功時,執行燒錄作業; S6.於燒錄作業執行時,程式設計單元利用可編程裝置中的可辨識資訊與可編程裝置公開金鑰產生OEM證書簽署要求; S7. 認證模組利用雜湊值驗證OEM證書簽署要求,並於驗證成功時產生OEM裝置證書;S8.安全性模組由OEM私密金鑰簽署OEM裝置證書;S9.程式設計單元利用OEM公開金鑰驗證OEM裝置證書; S10.於步驟S9的驗證結果正確時,編程器產生由OEM裝置證書所計算出的第三驗證碼; S11.編程器燒錄OEM裝置證書到可編程裝置; S12.由編程器將已燒錄的OEM裝置證書讀取出來,以計算第四驗證碼; S13.編程器驗證第三驗證碼及第四驗證碼;以及S14.程式設計單元依照步驟S13的驗證結果分類可編程裝置,其中當驗證結果為成功時,將可編程裝置分類到定義為良好的第一輸出容器。To achieve the above-mentioned object, one embodiment of the present invention provides a method for operating a secure programming system, wherein the secure programming system includes a programmer, a programming unit, an authentication module, and a security module, and the method includes: S1. The programmer uses a security control unit key to decrypt an encrypted work control packet to extract a payload; S2. The programmer generates a first verification code calculated from the payload; S3. The programmer burns the payload into a programmable device; S4. After the payload is burned into the programmable device, the programmer reads the burned payload to calculate a second verification code; S5. The programmer verifies the first verification code and the second verification code, and when the verification is successful, performs a burning operation; S6. When the burning operation is executed, the programming unit generates an OEM certificate signing request using the identifiable information in the programmable device and the programmable device public key; S7. The authentication module verifies the OEM certificate signing request using the hash value, and generates an OEM device certificate when the verification is successful; S8. The security module signs the OEM device certificate using the OEM private key; S9. The programming unit verifies the OEM device certificate using the OEM public key; S10. When the verification result of step S9 is correct, the programmer generates a third verification code calculated from the OEM device certificate; S11. The programmer burns the OEM device certificate to the programmable device; S12. The programmer reads the burned OEM device certificate to calculate the fourth verification code; S13. The programmer verifies the third verification code and the fourth verification code; and S14. The programming unit classifies the programmable device according to the verification result of step S13, wherein when the verification result is successful, the programmable device is classified into a first output container defined as good.

為達上述目的,本案之另一實施態樣為提供一種電腦可讀取紀錄媒體,儲存至少一指令的序列,至少一指令的序列被至少一處理器執行,且電腦可讀取紀錄媒體應用於安全程式設計系統中,安全程式設計系統包含編程器、程式設計單元、認證模組及安全性模組,至少一指令的序列包含下列: S1.編程器利用安全控制單元金鑰將已加密的工作控制封包解密,以取出有效負載;S2.編程器產生由有效負載所計算出的第一驗證碼;S3.編程器將有效負載燒錄到可編程裝置; S4.在有效負載被燒錄到可編程裝置後,由編程器將已燒錄的有效負載進行讀取,以計算第二驗證碼; S5.編程器驗證第一驗證碼及第二驗證碼,並當驗證成功時,執行燒錄作業; S6.於燒錄作業執行時,程式設計單元利用可編程裝置中的可辨識資訊與可編程裝置公開金鑰產生OEM證書簽署要求; S7.認證模組利用雜湊值驗證OEM證書簽署要求,並於驗證成功時產生OEM裝置證書;S8.安全性模組由OEM私密金鑰簽署OEM裝置證書;S9.程式設計單元利用OEM公開金鑰驗證OEM裝置證書; S10.於步驟S9的驗證結果正確時,產生由OEM裝置證書所計算出的第三驗證碼;S11.編程器燒錄OEM裝置證書到可編程裝置;S12.由編程器將已燒錄的OEM裝置證書進行讀取,以計算第四驗證碼;S13.編程器驗證第三驗證碼及第四驗證碼;以及S14.程式設計單元依照步驟S13的驗證結果分類可編程裝置,其中當驗證結果為成功時,將可編程裝置分類到定義為良好的第輸出容器。To achieve the above-mentioned purpose, another embodiment of the present invention is to provide a computer-readable recording medium, storing at least one sequence of instructions, the at least one sequence of instructions being executed by at least one processor, and the computer-readable recording medium being applied to a secure programming system, the secure programming system comprising a programmer, a programming unit, an authentication module and a security module, the at least one sequence of instructions comprising the following: S1. The programmer decrypts the encrypted work control packet using a security control unit key to extract a payload; S2. The programmer generates a first verification code calculated from the payload; S3. The programmer burns the payload into a programmable device; S4. After the payload is burned into the programmable device, the programmer reads the burned payload to calculate the second verification code; S5. The programmer verifies the first verification code and the second verification code, and when the verification succeeds, executes the burning operation; S6. When the burning operation is executed, the programming unit generates an OEM certificate signing request using the identifiable information in the programmable device and the programmable device public key; S7. The authentication module verifies the OEM certificate signing request using the hash value, and generates an OEM device certificate when the verification succeeds; S8. The security module signs the OEM device certificate using the OEM private key; S9. The programming unit verifies the OEM device certificate using the OEM public key; S10. When the verification result of step S9 is correct, a third verification code calculated by the OEM device certificate is generated; S11. The programmer burns the OEM device certificate to the programmable device; S12. The programmer reads the burned OEM device certificate to calculate the fourth verification code; S13. The programmer verifies the third verification code and the fourth verification code; and S14. The programming unit classifies the programmable device according to the verification result of step S13, wherein when the verification result is successful, the programmable device is classified into the first output container defined as good.

為達上述目的,本案之又一實施態樣為提供一種安全程式設計系統,包含:編程器,利用安全控制單元金鑰將已加密的工作控制封包解密,以取出有效負載,且產生由有效負載所計算出的第一驗證碼,並將有效負載燒錄到可編程裝置,且在有效負載被燒錄到可編程裝置後,由編程器將已燒錄的有效負載進行讀取,以計算第二驗證碼,並驗證第一驗證碼及第二驗證碼,並當驗證成功時,執行燒錄作業,並於燒錄作業執行時,讀取可編程裝置中的可辨識資訊與可編程裝置公開金鑰,並傳送給程式設計單元,使程式設計單元產生OEM證書簽署要求;認證模組,連接到安全性模組,認證模組利用雜湊值驗證OEM證書簽署要求,並於驗證成功時產生OEM裝置證書並傳送至安全性模組,其中安全性模組被設定為對OEM裝置證書進行簽署,以產生簽署OEM裝置證書;以及程式設計單元,連接到編程器,用以利用OEM公開金鑰驗證OEM裝置證書,並於驗證成功時將OEM裝置證書傳送到編程器,其中編程器被設定為將OEM裝置證書與有效負載編程到可編程裝置;其中於程式設計單元利用OEM公開金鑰驗證OEM裝置證書成功時,編程器產生由OEM裝置證書所計算出的第三驗證碼,且編程器燒錄OEM裝置證書到可編程裝置,且編程器由已燒錄的OEM裝置證書進行讀取,以計算第四驗證碼,並驗證第三驗證碼及第四驗證碼,程式設計單元依照第三驗證碼及第四驗證碼的驗證結果分類可編程裝置,其中當驗證結果為成功時,將可編程裝置分類到定義為良好的第一輸出容器。To achieve the above-mentioned purpose, another embodiment of the present invention is to provide a secure programming system, including: a programmer, using a security control unit key to decrypt an encrypted work control packet to extract a payload, and generate a first verification code calculated by the payload, and burn the payload to a programmable device, and after the payload is burned to the programmable device, the programmer reads the burned payload to calculate a second verification code and verify the first verification code. The programmable device is configured to receive the OEM certificate and the second verification code, and when the verification succeeds, the programmable device is configured to perform a burning operation, and when the burning operation is performed, the identifiable information and the programmable device public key in the programmable device are read and transmitted to the programming unit, so that the programming unit generates an OEM certificate signing request; the authentication module is connected to the security module, the authentication module uses the hash value to verify the OEM certificate signing request, and when the verification succeeds, the OEM device certificate is generated and transmitted to the security module, wherein the security module The module is configured to sign the OEM device certificate to generate a signed OEM device certificate; and the programming unit is connected to the programmer to verify the OEM device certificate using the OEM public key and transmit the OEM device certificate to the programmer when the verification is successful, wherein the programmer is configured to program the OEM device certificate and the valid load into the programmable device; wherein when the programming unit successfully verifies the OEM device certificate using the OEM public key, the programmer The programmer generates a third verification code calculated by the OEM device certificate, and the programmer burns the OEM device certificate to the programmable device, and the programmer reads the burned OEM device certificate to calculate a fourth verification code, and verifies the third verification code and the fourth verification code, and the programming unit classifies the programmable device according to the verification results of the third verification code and the fourth verification code, wherein when the verification result is successful, the programmable device is classified into a first output container defined as good.

體現本案特徵與優點的一些典型實施例將在後段的說明中詳細敘述。應理解的是本案能夠在不同的態樣上具有各種的變化,其皆不脫離本案的範圍,且其中的說明及圖示在本質上當作說明之用,而非架構於限制本案。Some typical embodiments that embody the features and advantages of the present invention will be described in detail in the following description. It should be understood that the present invention can have various variations in different aspects without departing from the scope of the present invention, and the descriptions and diagrams therein are essentially for illustrative purposes, rather than for limiting the present invention.

請參閱第1A、1B圖及第2圖,其中第1A、1B圖為本案較佳實施例之操作安全程式設計系統的方法的步驟流程圖,第2圖為第1A、1B圖所示之方法所操作的安全程式設計系統的結構示意圖。如第1A、1B圖及第2圖所示,本案之方法可應用於安全程式設計系統1中,其中安全程式設計系統1可與原始設備製造商(OEM)裝置9相通信,安全程式設計系統1可以個別加密資料及代碼的目標有效負載,並接著將資訊編程進每一個可編程裝置8,其中可編程裝置8可以包括積體電路、記憶體晶片、電路板或電子裝置,例如智慧型電話、媒體播放器、或其他消費及工業電子裝置等,且可編程裝置8包含安全儲存單元80。安全程式設計系統1可以建立定製的有效負載封包,該定製的有效負載封包僅可由具有正確安全金鑰的系統或裝置解密。Please refer to Figures 1A, 1B and 2, wherein Figures 1A and 1B are step flow charts of the method for operating a security programming system of a preferred embodiment of the present invention, and Figure 2 is a structural schematic diagram of the security programming system operated by the method shown in Figures 1A and 1B. As shown in FIGS. 1A, 1B and 2, the method of the present invention may be applied to a secure programming system 1, wherein the secure programming system 1 may communicate with an original equipment manufacturer (OEM) device 9, the secure programming system 1 may individually encrypt a target payload of data and code, and then program the information into each programmable device 8, wherein the programmable device 8 may include an integrated circuit, a memory chip, a circuit board, or an electronic device, such as a smart phone, a media player, or other consumer and industrial electronic devices, and the programmable device 8 includes a secure storage unit 80. The secure programming system 1 may create a customized payload package that can only be decrypted by a system or device with the correct security key.

安全程式設計系統1包含編程器2、認證模組3、程式設計單元4、安全性模組(Hardware Security Module; HSM) 5及安全控制單元6。編程器2可以是用於實體編程可編程裝置8的電機系統。認證模組3可以認證可編程裝置8中之一者的一或更多個屬性。認證模組3連接到安全性模組5。安全控制單元6用於處理安全資訊的計算裝置,且可以包括特定密碼技術及計算硬體,以促進密碼資訊的處理。舉例而言,安全控制單元6可以包括量子電腦、平行計算電路系統、配置為處理安全資訊的現場可編程閘陣列(FPGA)、共處理器、陣列邏輯單元、微處理器、或其組合。此外,安全控制單元6可以是特別配置為防止在處理安全資訊的輸入、中間、或最終階段處未授權地存取安全資訊的安全裝置。The secure programming system 1 includes a programmer 2, an authentication module 3, a programming unit 4, a security module (Hardware Security Module; HSM) 5 and a security control unit 6. The programmer 2 can be an electric machine system for physically programming a programmable device 8. The authentication module 3 can authenticate one or more properties of one of the programmable devices 8. The authentication module 3 is connected to the security module 5. The security control unit 6 is a computing device for processing secure information, and may include specific cryptographic techniques and computing hardware to facilitate the processing of cryptographic information. For example, the security control unit 6 may include a quantum computer, a parallel computing circuit system, a field programmable gate array (FPGA) configured to process secure information, a co-processor, an array logic unit, a microprocessor, or a combination thereof. In addition, the security control unit 6 may be a security device specially configured to prevent unauthorized access to security information at the input, intermediate, or final stages of processing the security information.

本實施例的方法包含步驟如下。The method of this embodiment comprises the following steps.

步驟S1,編程器2利用安全控制單元金鑰將已加密的工作控制封包解密,以取出有效負載。於一些實施例中,可由編程器2利用安全控制單元金鑰將已加密的工作控制封包解密,以取出有效負載。In step S1, the programmer 2 uses the security control unit key to decrypt the encrypted work control packet to extract the payload. In some embodiments, the programmer 2 can use the security control unit key to decrypt the encrypted work control packet to extract the payload.

於一些實施例中,步驟S1實際上可包含下列步驟。In some embodiments, step S1 may actually include the following steps.

首先,安全控制單元6於安全性模組5中利用非對稱式加密演算法產生相互匹配的安全性模組公鑰(HSM Pb.key)及安全性模組私鑰(HSM Pr.key),同時設定對應安全性模組公鑰可使用的生產計數,安全性模組公鑰可被安全控制單元6輸出,以提供給原始設備製造商裝置9,而安全性模組私鑰則被保存於安全性模組5內。First, the security control unit 6 generates a matching security module public key (HSM Pb.key) and a security module private key (HSM Pr.key) in the security module 5 using an asymmetric encryption algorithm, and sets a production count that can be used for the corresponding security module public key. The security module public key can be output by the security control unit 6 to be provided to the original equipment manufacturer device 9, while the security module private key is stored in the security module 5.

接著,程式設計單元4從一個或一個以上的編程器2取出專屬序號,並將一個或一個以上的專屬序號整合成識別列表傳送給原始設備製造商裝置9。Next, the programming unit 4 takes out the unique serial number from one or more programmers 2, and integrates the one or more unique serial numbers into an identification list and transmits it to the OEM device 9.

接著,原始設備製造商裝置9利用非對稱式加密演算法產生相互匹配的OEM公開金鑰及OEM私密金鑰。Next, the OEM device 9 generates a matching OEM public key and OEM private key using an asymmetric encryption algorithm.

接著,原始設備製造商裝置9將編程器2的識別列表與有效負載放入工作控制封包,並透過安全控制單元6隨機產生的安全控制單元金鑰對工作控制封包加密,也載入安全性模組公鑰而分別對安全控制單元金鑰及OEM私密金鑰加密,最後將已加密的工作控制封包、已加密的安全控制單元金鑰、已加密的OEM私密金鑰、OEM公開金鑰、認證列表及安全性模組公鑰傳送給程式設計單元4。Next, the OEM device 9 puts the identification list and valid load of the programmer 2 into the work control packet, and encrypts the work control packet through the security control unit key randomly generated by the security control unit 6. It also loads the security module public key and encrypts the security control unit key and the OEM private key respectively. Finally, the encrypted work control packet, the encrypted security control unit key, the encrypted OEM private key, the OEM public key, the authentication list and the security module public key are transmitted to the programming unit 4.

接著,程式設計單元4藉由編程器2讀取可編程裝置8的裝置識別碼,並依據認證列表對裝置識別碼進行驗證。Next, the programming unit 4 reads the device identification code of the programmable device 8 through the programmer 2 and verifies the device identification code according to the authentication list.

然後,當依據認證列表對裝置識別碼進行驗證而成功驗證時,程式設計單元4便將安全性模組公鑰傳送至安全性模組5,並要求安全性模組5提供對應的可使用的生產計數,而安全性模組5便將可使用的生產計數傳回給程式設計單元4。Then, when the device identification code is successfully verified according to the authentication list, the programming unit 4 transmits the security module public key to the security module 5 and requests the security module 5 to provide the corresponding usable production count, and the security module 5 returns the usable production count to the programming unit 4.

然後,程式設計單元4基於可使用的生產計數來判斷是否繼續執行燒錄作業。若可使用的生產計數為0,即終止燒錄作業;反之,若可使用的生產計數非為0,則程式設計單元4先扣除1次以上作為預扣生產計數,但當預扣生產計數超過可使用的生產計數時,程式設計單元4則以可使用的生產計數的上限值來做為預扣生產計數,並將預扣生產計數儲存於程式設計單元4,同時程式設計單元4將扣完預扣生產計數的剩餘可使用生產計數傳送至安全性模組5儲存。換言之,即程式設計單元4被設定為確認儲存的生產計數,並在編程器2的燒錄次數少於生產計數時,驅動編程器2執行燒錄作業,反之,當編程器2的燒錄次數多於生產計數時,程式設計單元4雖同樣驅動編程器2執行燒錄作業,但編程器2的燒錄次數最多只會到達可使用的生產計數的上限值Then, the programming unit 4 determines whether to continue the burning operation based on the available production count. If the available production count is 0, the burning operation is terminated; on the contrary, if the available production count is not 0, the programming unit 4 first deducts more than one time as the pre-withheld production count, but when the pre-withheld production count exceeds the available production count, the programming unit 4 uses the upper limit of the available production count as the pre-withheld production count, and stores the pre-withheld production count in the programming unit 4. At the same time, the programming unit 4 transmits the remaining available production count after deducting the pre-withheld production count to the security module 5 for storage. In other words, the programming unit 4 is set to confirm the stored production count, and drive the programmer 2 to perform the burning operation when the number of burn times of the programmer 2 is less than the production count. On the contrary, when the number of burn times of the programmer 2 is more than the production count, the programming unit 4 will still drive the programmer 2 to perform the burning operation, but the number of burn times of the programmer 2 will only reach the upper limit of the available production count.

然後,程式設計單元4將加密的工作控制封包傳送至編程器2並儲存於編程器2的隨機存取記憶體(未圖示),接著隨即抹除程式設計單元4裡已加密的工作控制封包。Then, the programming unit 4 transmits the encrypted work control packet to the programmer 2 and stores it in the random access memory (not shown) of the programmer 2, and then immediately erases the encrypted work control packet in the programming unit 4.

然後,程式設計單元4將已加密的安全控制單元金鑰、已加密的OEM私密金鑰連同安全性模組公鑰傳送至安全性模組5解密。安全性模組5將解密後的OEM私密金鑰進行儲存。然後,程式設計單元4收到安全性模組5回傳已解密的安全控制單元金鑰後,再將其傳送給編程器2的隨機存取記憶體解密已加密的工作控制封包。最後,編程器2從已解密的工作控制封包先取出有效負載,再取出編程器2的識別列表並與自身的序號匹配,若自身的序號未包含在識別列表內,則中止燒錄作業,若自身序號包含在識別列表內,則繼續燒錄作業。Then, the programming unit 4 transmits the encrypted security control unit key, the encrypted OEM private key and the security module public key to the security module 5 for decryption. The security module 5 stores the decrypted OEM private key. Then, after receiving the decrypted security control unit key sent back by the security module 5, the programming unit 4 transmits it to the random access memory of the programmer 2 to decrypt the encrypted work control packet. Finally, the programmer 2 first takes out the effective load from the decrypted work control packet, and then takes out the identification list of the programmer 2 and matches it with its own serial number. If its own serial number is not included in the identification list, the burning operation is terminated. If its own serial number is included in the identification list, the burning operation continues.

在步驟S1之後,本案的方法更包含:步驟S2,編程器2產生由有效負載所計算出的第一驗證碼。更進一步說明,編程器2先利用暫存於隨機存取記憶體中已解密的工作控制封包中的有效負載計算第一驗證碼,並將第一驗證碼暫存於隨機存取記憶體。After step S1, the method of the present invention further comprises: step S2, the programmer 2 generates a first verification code calculated from the effective load. To further explain, the programmer 2 first calculates the first verification code using the effective load in the decrypted work control packet temporarily stored in the random access memory, and temporarily stores the first verification code in the random access memory.

步驟S3,編程器2將有效負載燒錄到可編程裝置8。In step S3, the programmer 2 burns the valid load into the programmable device 8.

步驟S4,編程器2在有效負載被燒錄到可編程裝置8後,由編程器2依據已燒錄的有效負載計算第二驗證碼。In step S4, after the effective load is burned into the programmable device 8, the programmer 2 calculates the second verification code according to the burned effective load.

步驟S5,編程器2驗證第一驗證碼及第二驗證碼,並當驗證成功時,執行燒錄作業。在步驟S4及S5中,編程器2會將已燒錄進可編程裝置8的有效負載進行讀取,以計算第二驗證碼,並與暫存於隨機存取記憶體中的第一驗證碼進行驗證,且編程器2將驗證結果傳至程式設計單元4,而編程器2隨即將讀取出的有效負載及第二驗證碼進行抹除。In step S5, the programmer 2 verifies the first verification code and the second verification code, and when the verification succeeds, performs the burning operation. In steps S4 and S5, the programmer 2 reads the effective load that has been burned into the programmable device 8 to calculate the second verification code, and verifies it with the first verification code temporarily stored in the random access memory, and the programmer 2 transmits the verification result to the programming unit 4, and the programmer 2 immediately erases the read effective load and the second verification code.

步驟S6,程式設計單元4於燒錄作業執行時,利用可編程裝置8中的可辨識資訊與可編程裝置公開金鑰產生OEM證書簽署要求。In step S6, when the burning operation is executed, the programming unit 4 uses the identifiable information in the programmable device 8 and the programmable device public key to generate an OEM certificate signing request.

於一些實施例中,步驟S6實際上可包含下列步驟。In some embodiments, step S6 may actually include the following steps.

首先,編程器2讀取可編程裝置8中的可辨識資訊與可編程裝置公開金鑰並傳送至程式設計單元4。接著,程式設計單元4利用可辨識資訊及可編程裝置公開金鑰產生OEM證書簽署要求。First, the programmer 2 reads the identification information and the programmable device public key in the programmable device 8 and transmits them to the programming unit 4. Then, the programming unit 4 generates an OEM certificate signing request using the identification information and the programmable device public key.

在步驟S6之後,本案的方法更包含:步驟S7,認證模組利用雜湊值驗證OEM證書簽署要求,並於驗證成功時產生OEM裝置證書。於一些實施例中,由認證模組3利用雜湊值驗證OEM證書簽署要求,並於驗證成功時產生OEM裝置證書並傳送至安全性模組5。該安全性模組被設定為對該OEM裝置證書進行簽署,以產生一簽署OEM裝置證書After step S6, the method of the present invention further comprises: step S7, the authentication module verifies the OEM certificate signing request using the hash value, and generates an OEM device certificate when the verification is successful. In some embodiments, the authentication module 3 verifies the OEM certificate signing request using the hash value, and generates an OEM device certificate when the verification is successful and transmits it to the security module 5. The security module is configured to sign the OEM device certificate to generate a signed OEM device certificate.

於一些實施例中,步驟S7實際上可包含下列步驟。In some embodiments, step S7 may actually include the following steps.

程式設計單元4利用OEM證書簽署要求產生雜湊值,雜湊值經由編程器2傳送至可編程裝置8。於可編程裝置8收到雜湊值後使用可編程裝置私密金鑰簽署,再將簽署後的雜湊值經由編程器2傳送至程式設計單元4。接著,程式設計單元4將簽署後的雜湊值與OEM證書簽署要求一同傳送至認證模組3。接著,認證模組驗證簽署後的雜湊值與OEM證書簽署要求是否相符,當驗證結果相符時即產生OEM裝置證書傳送至安全性模組5。The programming unit 4 generates a hash value using the OEM certificate signing request, and the hash value is transmitted to the programmable device 8 via the programmer 2. After receiving the hash value, the programmable device 8 signs it using the programmable device private key, and then transmits the signed hash value to the programming unit 4 via the programmer 2. Then, the programming unit 4 transmits the signed hash value and the OEM certificate signing request to the authentication module 3. Then, the authentication module verifies whether the signed hash value matches the OEM certificate signing request. When the verification result matches, an OEM device certificate is generated and transmitted to the security module 5.

在步驟S7之後,本案的方法更包含:步驟S8,由安全性模組以OEM私密金鑰簽署OEM裝置證書。於一些實施例中,在步驟S8中,安全性模組5收到OEM裝置證書便利用存放於其中的OEM私密金鑰簽署,並經由認證模組3傳送簽署OEM裝置證書至程式設計單元4。After step S7, the method of the present invention further comprises: step S8, the security module signs the OEM device certificate with the OEM private key. In some embodiments, in step S8, upon receiving the OEM device certificate, the security module 5 signs the certificate with the OEM private key stored therein, and transmits the signed OEM device certificate to the programming unit 4 via the authentication module 3.

步驟S9,程式設計單元4利用OEM公開金鑰驗證OEM裝置證書。於一些實施例中,程式設計單元4將OEM裝置證書以OEM公開金鑰驗證,並於驗證無誤後傳送OEM裝置證書到編程器2。In step S9, the programming unit 4 verifies the OEM device certificate using the OEM public key. In some embodiments, the programming unit 4 verifies the OEM device certificate using the OEM public key and transmits the OEM device certificate to the programmer 2 after the verification is correct.

步驟S10,編程器於步驟S9的驗證結果正確時,產生由OEM裝置證書所計算出的第三驗證碼。於一些實施例中,編程器2利用收到的OEM裝置證書計算第三驗證碼,並將驗證碼暫存於隨機存取記憶體中。In step S10, the programmer generates a third verification code calculated from the OEM device certificate when the verification result of step S9 is correct. In some embodiments, the programmer 2 calculates the third verification code using the received OEM device certificate and temporarily stores the verification code in the random access memory.

步驟S11,編程器燒錄OEM裝置證書到可編程裝置8。In step S11, the programmer burns the OEM device certificate to the programmable device 8.

步驟S12,由編程器2將已燒錄的OEM裝置證書進行讀取,以計算第四驗證碼。於一些實施例中,編程器2將被燒錄進可編程裝置8的OEM裝置證書讀取出來,以計算第四驗證碼。In step S12, the programmer 2 reads the burned OEM device certificate to calculate the fourth verification code. In some embodiments, the programmer 2 reads the OEM device certificate burned into the programmable device 8 to calculate the fourth verification code.

步驟S13,驗證第三驗證碼及第四驗證碼。於一些實施例中,由編程器2將暫存於隨機存取記憶體的第三驗證碼與第四驗證碼進行驗證。此外,當第三驗證碼與第四驗證碼驗證結束後,編程器2隨即將由讀取出的的第四驗證碼及讀取出的OEM裝置證書進行抹除。Step S13, verifying the third verification code and the fourth verification code. In some embodiments, the programmer 2 verifies the third verification code and the fourth verification code temporarily stored in the random access memory. In addition, when the third verification code and the fourth verification code are verified, the programmer 2 immediately erases the fourth verification code and the OEM device certificate read out.

步驟S14,依照步驟S13的驗證結果分類可編程裝置8,其中當驗證結果為成功時,將可編程裝置8分類到定義為良好的第一輸出容器。In step S14, the programmable device 8 is classified according to the verification result of step S13, wherein when the verification result is successful, the programmable device 8 is classified into a first output container defined as good.

於一些實施例中,在步驟S1更包含:可由安全儲存單元80取出有效負載。於一些實施例中,步驟S1更包含:自可編程裝置8的安全儲存單元80取出OEM裝置證書。In some embodiments, step S1 further includes: retrieving the payload from the secure storage unit 80. In some embodiments, step S1 further includes: retrieving the OEM device certificate from the secure storage unit 80 of the programmable device 8.

於其它實施例中,步驟S14更包含:利用裝置移放單元(未圖示)移放可編程裝置8到第一輸出容器。裝置移放單元可為但不限於自動化設備的機器人手臂。In other embodiments, step S14 further includes: using a device transfer unit (not shown) to transfer the programmable device 8 to the first output container. The device transfer unit may be, but is not limited to, a robot arm of an automated device.

另外,於其它實施例中,本案的方法更可包含步驟S15及S16,步驟S15及S16於步驟S1執行前執行,其中步驟S15為: 產生工作控制封包,工作控制封包附有編程器識別列表,編程器識別列表紀錄了可進行燒錄的至少一編程器2。步驟S16為: 利用紀錄在編程器識別列表的至少一編程器2將工作控制封包中的有效負載編程到可編程裝置8中。In addition, in other embodiments, the method of the present invention may further include steps S15 and S16, which are executed before step S1, wherein step S15 is: generating a work control packet, the work control packet is attached with a programmer identification list, and the programmer identification list records at least one programmer 2 that can be burned. Step S16 is: using at least one programmer 2 recorded in the programmer identification list to program the valid load in the work control packet into the programmable device 8.

於一些實施例中,步驟S14更包含: 當驗證結果為失敗時,將可編程裝置8分類到定義為不良的第二輸出容器。於一些實施例中,第一輸出容器及第二輸出容器分別為不同的承載盤。In some embodiments, step S14 further includes: When the verification result is a failure, classifying the programmable device 8 into a second output container defined as bad. In some embodiments, the first output container and the second output container are different carrier trays.

於其它實施例中,本案的方法更可包含步驟S17: 設定編程器2編程加密的有效負載到可編程裝置8。In other embodiments, the method of the present invention may further include step S17: configuring the programmer 2 to program the encrypted valid load to the programmable device 8.

於一些實施例中,程式設計單元4連接到編程器2,用以利用OEM公開金鑰驗證OEM裝置證書,並於驗證成功時將OEM裝置證書傳送到編程器2,其中編程器2被設定為將OEM裝置證書與有效負載編程到可編程裝置8。In some embodiments, the programming unit 4 is connected to the programmer 2 to verify the OEM device certificate using the OEM public key, and transmit the OEM device certificate to the programmer 2 when the verification is successful, wherein the programmer 2 is configured to program the OEM device certificate and the valid load into the programmable device 8.

於一些實施例中,第1A、1B圖所示的方法可儲存於電腦可讀取紀錄媒體中,且電腦可讀取紀錄媒體可儲存至少一軟體指令的序列,軟體指令的序列可包含第1A、1B圖所示的方法,此等軟體指令的序列可被由一或更多個處理器(未圖示)執行。 於一些實施例中,電腦可讀取紀錄媒體可包括非依電性媒體及/或依電性媒體。非依電性媒體例如包括光碟或磁碟。依電性媒體包括動態記憶體,例如主記憶。電腦可讀取紀錄媒體的常見形式例如包括軟碟、軟性磁碟(flexible disk)、硬碟、固態硬碟、磁帶或任何其他磁式資料儲存媒體、CD-ROM、任何其他光學資料儲存媒體、具有孔洞圖案的任何實體媒體、RAM、PROM,及EPROM、FLASH-EPROM、NVRAM、任何其他記憶體晶片或匣。In some embodiments, the method shown in Figures 1A and 1B may be stored in a computer-readable recording medium, and the computer-readable recording medium may store at least one sequence of software instructions, the sequence of software instructions may include the method shown in Figures 1A and 1B, and the sequence of software instructions may be executed by one or more processors (not shown). In some embodiments, the computer-readable recording medium may include non-volatile media and/or volatile media. Non-volatile media include, for example, optical disks or magnetic disks. Volatile media include dynamic memory, such as main memory. Common forms of computer-readable recording media include, for example, floppy disks, flexible disks, hard disks, solid-state drives, magnetic tapes or any other magnetic data storage media, CD-ROMs, any other optical data storage media, any physical media with a hole pattern, RAM, PROM, and EPROM, FLASH-EPROM, NVRAM, any other memory chip or cartridge.

綜上所述,本案提供一種操作安全程式設計系統的方法及其適用之電腦可讀取紀錄媒體及安全程式設計系統,藉此可在燒錄流程中確保燒錄資料僅由持有對應的配對公鑰或私鑰和通過及時身分驗證的裝置進行讀取,以避免燒錄資料遭受竄改、損壞、洩漏及剽竊。此外,本案的操作安全程式設計系統的方法及其適用之電腦可讀取紀錄媒體及安全程式設計系統更僅能讓通過身分驗證的裝置對經過安全燒錄的積體電路內的韌體程式進行操作/控制。In summary, the present invention provides a method for operating a secure programming system and a computer-readable recording medium and a secure programming system applicable thereto, thereby ensuring that the burned data can only be read by a device that holds a corresponding paired public key or private key and has passed timely identity verification during the burning process, so as to prevent the burned data from being tampered with, damaged, leaked, and plagiarized. In addition, the method for operating a secure programming system and a computer-readable recording medium and a secure programming system applicable thereto in the present invention allow only a device that has passed identity verification to operate/control the firmware program in the securely burned integrated circuit.

1: 安全程式設計系統 9: 原始設備製造商裝置 2: 編程器 3: 認證模組 4: 程式設計單元 5: 安全性模組 6: 安全控制單元 8: 可編程裝置 80: 安全儲存單元 S1~S14: 安全燒錄方法 1: Safety programming system 9: OEM device 2: Programmer 3: Authentication module 4: Programming unit 5: Security module 6: Safety control unit 8: Programmable device 80: Safety storage unit S1~S14: Safety burning method

第1A、1B圖為本案較佳實施例之操作安全程式設計系統的方法的步驟流程圖; 第2圖為第1A、1B圖所示之方法所操作的安全程式設計系統的結構示意圖。 Figures 1A and 1B are step flow charts of the method for operating a safety programming system in a preferred embodiment of the present invention; Figure 2 is a structural schematic diagram of the safety programming system operated by the method shown in Figures 1A and 1B.

S1~S14: 操作安全程式設計系統的方法S1~S14: Methods of operating a safety programming system

Claims (24)

一種操作一安全程式設計系統的方法,該安全程式設計系統包含一編程器、一程式設計單元、一認證模組及一安全性模組,該方法包含: S1.該編程器利用一安全控制單元金鑰將已加密的一工作控制封包解密,以取出一有效負載; S2.該編程器產生由該有效負載所計算出的一第一驗證碼; S3.該編程器將該有效負載燒錄到一可編程裝置; S4.在該有效負載被燒錄到該可編程裝置後,由該編程器將已燒錄的該有效負載進行讀取,以計算一第二驗證碼; S5.該編程器驗證該第一驗證碼及該第二驗證碼,並當驗證成功時,執行一燒錄作業; S6.該程式設計單元於該燒錄作業執行時,利用該可編程裝置中的一可辨識資訊與一可編程裝置公開金鑰產生一OEM證書簽署要求; S7.該認證模組利用一雜湊值驗證該OEM證書簽署要求,並於驗證成功時產生一OEM裝置證書; S8.由該安全性模組以一OEM私密金鑰簽署該OEM裝置證書; S9.該程式設計單元利用一OEM公開金鑰驗證該OEM裝置證書; S10.該編程器於步驟S9的驗證結果正確時,產生由該OEM裝置證書所計算出的一第三驗證碼; S11.該編程器燒錄該OEM裝置證書到該可編程裝置; S12.由該編程器將已燒錄的該OEM裝置證書進行讀取,以計算一第四驗證碼; S13.該編程器驗證該第三驗證碼及該第四驗證碼;以及 S14.該程式設計單元依照該步驟S13的驗證結果分類該可編程裝置,其中當驗證結果為成功時,將該可編程裝置分類到定義為良好的一第一輸出容器。 A method for operating a secure programming system, the secure programming system comprising a programmer, a programming unit, an authentication module and a security module, the method comprising: S1. The programmer uses a security control unit key to decrypt an encrypted work control packet to extract a valid load; S2. The programmer generates a first verification code calculated by the valid load; S3. The programmer burns the valid load to a programmable device; S4. After the valid load is burned to the programmable device, the programmer reads the burned valid load to calculate a second verification code; S5. The programmer verifies the first verification code and the second verification code, and when the verification is successful, executes a burning operation; S6. When the burning operation is executed, the programming unit generates an OEM certificate signing request using an identifiable information in the programmable device and a programmable device public key; S7. The authentication module verifies the OEM certificate signing request using a hash value, and generates an OEM device certificate when the verification is successful; S8. The security module signs the OEM device certificate with an OEM private key; S9. The programming unit verifies the OEM device certificate using an OEM public key; S10. When the verification result of step S9 is correct, the programmer generates a third verification code calculated from the OEM device certificate; S11. The programmer burns the OEM device certificate to the programmable device; S12. The programmer reads the burned OEM device certificate to calculate a fourth verification code; S13. The programmer verifies the third verification code and the fourth verification code; and S14. The programming unit classifies the programmable device according to the verification result of step S13, wherein when the verification result is successful, the programmable device is classified into a first output container defined as good. 如請求項1所述的方法,其中該步驟S1包含: 由該可編程裝置的一安全儲存單元取出該有效負載。 The method as claimed in claim 1, wherein the step S1 comprises: Retrieving the effective load from a secure storage unit of the programmable device. 如請求項1所述的方法,其中該步驟S12包含: 由該可編程裝置的一安全儲存單元取出該OEM裝置證書。 The method as claimed in claim 1, wherein the step S12 comprises: Retrieving the OEM device certificate from a secure storage unit of the programmable device. 如請求項1所述的方法,其中該步驟S14包含: 利用一裝置移放單元移放該可編程裝置到該第一輸出容器。 The method as described in claim 1, wherein step S14 comprises: Using a device transfer unit to transfer the programmable device to the first output container. 如請求項1所述的方法,其中該方法於該步驟S1執行之前更包含: S15. 產生該工作控制封包,該工作控制封包附有一編程器識別列表,該編程器識別列表紀錄了可進行燒錄的至少一編程器;以及 S16.利用紀錄在該編程器識別列表的該至少一編程器將該工作控制封包中的該有效負載編程到該可編程裝置中。 The method as claimed in claim 1, wherein the method further comprises before the execution of step S1: S15. generating the work control packet, the work control packet being accompanied by a programmer identification list, the programmer identification list recording at least one programmer that can be burned; and S16. programming the effective load in the work control packet into the programmable device using the at least one programmer recorded in the programmer identification list. 如請求項1所述的方法,其中該步驟S14包含: 當驗證結果為失敗時,將該可編程裝置分類到定義為不良的一第二輸出容器。 The method as claimed in claim 1, wherein step S14 comprises: When the verification result is a failure, classifying the programmable device into a second output container defined as bad. 如請求項5所述的方法,其中該方法包含: S17.設定該編程器編程加密的該有效負載到該可編程裝置。 The method as claimed in claim 5, wherein the method comprises: S17. Setting the programmer to program the encrypted payload to the programmable device. 一種電腦可讀取紀錄媒體,儲存至少一指令的序列,該至少一指令的序列被至少一處理器執行,且該電腦可讀取紀錄媒體應用於一安全程式設計系統中,該安全程式設計系統包含一編程器、一程式設計單元、一認證模組及一安全性模組,該至少一指令的序列包含下列,該至少一指令的序列經執行後進行一方法,該方法包含下列步驟: S1.該編程器利用一安全控制單元金鑰將已加密的一工作控制封包解密,以取出一有效負載; S2.該編程器產生由該有效負載所計算出的一第一驗證碼; S3.該編程器將該有效負載燒錄到一可編程裝置; S4.該編程器在該有效負載被燒錄到該可編程裝置後,由該編程器將已燒錄的該有效負載進行讀取,以計算一第二驗證碼; S5.該編程器驗證該第一驗證碼及該第二驗證碼,並當驗證成功時,執行一燒錄作業; S6.該程式設計單元於該燒錄作業執行時,利用該可編程裝置中的一可辨識資訊與一可編程裝置公開金鑰產生一OEM證書簽署要求; S7.該認證模組利用一雜湊值驗證該OEM證書簽署要求,並於驗證成功時產生一OEM裝置證書; S8.由該安全性模組以一OEM私密金鑰簽署該OEM裝置證書; S9.該程式設計單元利用一OEM公開金鑰驗證該OEM裝置證書; S10. 該編程器於步驟S9的驗證結果正確時,產生由該OEM裝置證書所計算出的一第三驗證碼; S11.該編程器燒錄該OEM裝置證書到該可編程裝置; S12.由該編程器將已燒錄的該OEM裝置證書進行讀取,以計算一第四驗證碼; S13.該編程器驗證該第三驗證碼及該第四驗證碼;以及 S14.該程式設計單元依照該步驟S13的驗證結果分類該可編程裝置,其中當驗證結果為成功時,將該可編程裝置分類到定義為良好的一第一輸出容器。 A computer-readable recording medium stores a sequence of at least one instruction, the sequence of at least one instruction is executed by at least one processor, and the computer-readable recording medium is applied to a secure programming system, the secure programming system includes a programmer, a programming unit, an authentication module and a security module, the sequence of at least one instruction includes the following, the sequence of at least one instruction is executed to perform a method, the method includes the following steps: S1. The programmer uses a security control unit key to decrypt an encrypted work control packet to extract a valid load; S2. The programmer generates a first verification code calculated by the valid load; S3. The programmer burns the valid load to a programmable device; S4. After the payload is burned into the programmable device, the programmer reads the burned payload to calculate a second verification code; S5. The programmer verifies the first verification code and the second verification code, and when the verification succeeds, executes a burning operation; S6. When the burning operation is executed, the programming unit generates an OEM certificate signing request using an identifiable information in the programmable device and a programmable device public key; S7. The authentication module verifies the OEM certificate signing request using a hash value, and generates an OEM device certificate when the verification succeeds; S8. The security module signs the OEM device certificate with an OEM private key; S9. The programming unit verifies the OEM device certificate using an OEM public key; S10. The programmer generates a third verification code calculated from the OEM device certificate when the verification result of step S9 is correct; S11. The programmer burns the OEM device certificate to the programmable device; S12. The programmer reads the burned OEM device certificate to calculate a fourth verification code; S13. The programmer verifies the third verification code and the fourth verification code; and S14. The programming unit classifies the programmable device according to the verification result of step S13, wherein when the verification result is successful, the programmable device is classified into a first output container defined as good. 如請求項8所述的電腦可讀取紀錄媒體,其中該步驟S1包含: 由該可編程裝置的一安全儲存單元取出該有效負載。 The computer-readable recording medium as described in claim 8, wherein the step S1 comprises: Retrieving the effective load from a secure storage unit of the programmable device. 如請求項8所述的電腦可讀取紀錄媒體,其中該步驟 S12包含: 自該可編程裝置的一安全儲存單元取出該OEM裝置證書。 The computer-readable recording medium as described in claim 8, wherein the step S12 comprises: Retrieving the OEM device certificate from a secure storage unit of the programmable device. 如請求項8所述的電腦可讀取紀錄媒體,其中該步驟S14包含: 利用一裝置移放單元移放該可編程裝置到該第一輸出容器。 The computer-readable recording medium as described in claim 8, wherein the step S14 comprises: Using a device transfer unit to transfer the programmable device to the first output container. 如請求項8所述的電腦可讀取紀錄媒體,其中該方法於該步驟S1執行之前更包含: S15. 產生該工作控制封包,該工作控制封包附有一編程器識別列表,該編程器識別列表紀錄了可進行燒錄的至少一編程器;以及 S16.利用紀錄在該編程器識別列表的該至少一編 程器將該工作控制封包中的該有效負載編程到該可編程裝置中。 The computer-readable recording medium as described in claim 8, wherein the method further comprises before the execution of step S1: S15. Generate the work control packet, the work control packet is attached with a programmer identification list, the programmer identification list records at least one programmer that can be burned; and S16. Use the at least one programmer recorded in the programmer identification list to program the effective load in the work control packet into the programmable device. 如請求項8所述的電腦可讀取紀錄媒體,其中該步驟S14包含: 當驗證結果為失敗時,將該可編程裝置分類到定義為不良的一第二輸出容器。 The computer-readable recording medium as described in claim 8, wherein step S14 comprises: When the verification result is a failure, classifying the programmable device into a second output container defined as bad. 如請求項12所述的電腦可讀取紀錄媒體,其中該至少一指令的序列包含下列: S17.設定該編程器編程加密的該有效負載到該可編程裝置。 A computer-readable recording medium as described in claim 12, wherein the sequence of at least one instruction includes the following: S17. Setting the programmer to program the encrypted payload to the programmable device. 一種安全程式設計系統,包含: 一編程器,利用一安全控制單元金鑰將已加密的一工作控制封包解密,以取出一有效負載,且產生由該有效負載所計算出的一第一驗證碼,並將該有效負載燒錄到一可編程裝置,且在該有效負載被燒錄到該可編程裝置後,由該編程器將已燒錄的該有效負載進行讀取,以計算一第二驗證碼,並驗證該第一驗證碼及該第二驗證碼,並當驗證成功時,執行一燒錄作業,並於該燒錄作業執行時,讀取該可編程裝置中的一可辨識資訊與一可編程裝置公開金鑰,並傳送給一程式設計單元,使程式設計單元產生一OEM證書簽署要求; 一認證模組,連接到一安全性模組,該認證模組利用一雜湊值驗證一OEM證書簽署要求,並於驗證成功時產生一OEM裝置證書並傳送至該安全性模組,其中該安全性模組被設定為對該OEM裝置證書進行簽署,以產生一簽署OEM裝置證書;以及 一程式設計單元,連接到該編程器,用以利用一OEM公開金鑰驗證該OEM裝置證書,並於驗證成功時將該OEM裝置證書傳送到該編程器,其中該編程器被設定為將該OEM裝置證書與該有效負載編程到該可編程裝置; 其中於該程式設計單元利用該OEM公開金鑰驗證該OEM裝置證書成功時,該編程器產生由該OEM裝置證書所計算出的第三驗證碼,且該編程器燒錄該OEM裝置證書到該可編程裝置,且該編程器由已燒錄的該OEM裝置證書進行讀取,以計算一第四驗證碼,並驗證該第三驗證碼及該第四驗證碼,該程式設計單元依照該第三驗證碼及該第四驗證碼的驗證結果分類該可編程裝置,其中當驗證結果為成功時,將該可編程裝置分類到定義為良好的一第一輸出容器。 A secure programming system comprising: A programmer uses a security control unit key to decrypt an encrypted work control packet to extract a payload, and generates a first verification code calculated by the payload, and burns the payload to a programmable device. After the payload is burned to the programmable device, the programmer reads the burned payload to calculate a second verification code, and verifies the first verification code and the second verification code. When the verification is successful, a burning operation is performed, and when the burning operation is performed, an identifiable information and a programmable device public key in the programmable device are read and transmitted to a programming unit, so that the programming unit generates an OEM certificate signing request; An authentication module connected to a security module, the authentication module verifies an OEM certificate signing request using a hash value, and generates an OEM device certificate and transmits it to the security module when the verification is successful, wherein the security module is configured to sign the OEM device certificate to generate a signed OEM device certificate; and A programming unit connected to the programmer, for verifying the OEM device certificate using an OEM public key, and transmitting the OEM device certificate to the programmer when the verification is successful, wherein the programmer is configured to program the OEM device certificate and the payload into the programmable device; When the programming unit successfully verifies the OEM device certificate using the OEM public key, the programmer generates a third verification code calculated from the OEM device certificate, and burns the OEM device certificate to the programmable device, and the programmer reads the burned OEM device certificate to calculate a fourth verification code, and verifies the third verification code and the fourth verification code, and the programming unit classifies the programmable device according to the verification results of the third verification code and the fourth verification code, wherein when the verification result is successful, the programmable device is classified into a first output container defined as good. 如請求項15所述的安全程式設計系統,其中該編程器被設定為由該可編程裝置的一安全儲存單元取出該有效負載。A secure programming system as described in claim 15, wherein the programmer is configured to retrieve the payload from a secure storage unit of the programmable device. 如請求項15所述的安全程式設計系統,其中該安全性模組被設定為產生於該雜湊值與該OEM證書簽署要求之間的驗證成功,且經由一OEM私密金鑰簽署時的該OEM裝置證書。A secure programming system as described in claim 15, wherein the security module is configured to generate the OEM device certificate when verification between the hash value and the OEM certificate signing request is successful and signed by an OEM private key. 如請求項15所述的安全程式設計系統,其中該編程器被設定為由該可編程裝置的一安全儲存單元取出該OEM裝置證書。A secure programming system as described in claim 15, wherein the programmer is configured to retrieve the OEM device certificate from a secure storage unit of the programmable device. 如請求項15所述的安全程式設計系統,其中該編程器被設定為利用一裝置移放單元移放該可編程裝置到該第一輸出容器。A secure programming system as described in claim 15, wherein the programmer is configured to move the programmable device to the first output container using a device moving unit. 如請求項15所述的安全程式設計系統,其中該安全控制單元被設定為產生附有一編程器識別列表的該工作控制封包,該編程器識別列表紀錄了可進行燒錄的至少一編程器,且該安全控制單元利用紀錄在該編程器識別列表的該至少一編程器將該工作控制封包中的該有效負載編程到該可編程裝置中。A secure programming system as described in claim 15, wherein the security control unit is configured to generate the work control packet with a programmer identification list attached, the programmer identification list records at least one programmer that can be burned, and the security control unit uses the at least one programmer recorded in the programmer identification list to program the valid load in the work control packet into the programmable device. 如請求項15所述的安全程式設計系統,其中該編程器被設定為編程加密的該有效負載到該可編程裝置。A secure programming system as described in claim 15, wherein the programmer is configured to program the encrypted payload into the programmable device. 如請求項20所述的安全程式設計系統,其中該程式設計單元被設定為驗證儲存記錄在該編程器識別列表內的可進行燒錄的該至少一編程器與該安全程式設計系統的該編程器的一可識別資訊,並於驗證成功時將該OEM裝置證書編程到該可編程裝置。A secure programming system as described in claim 20, wherein the programming unit is configured to verify the identifiable information of at least one programmer that can be burned and stored in the programmer identification list and the secure programming system, and to program the OEM device certificate into the programmable device when the verification is successful. 如請求項15所述的安全程式設計系統,其中該程式設計單元被設定為確認儲存的一生產計數,其中在該編程器的燒錄次數少於該生產計數時,該程式設計單元驅動該編程器執行該燒錄作業,當該編程器的燒錄次數多於該生產計數時,該程式設計單元驅動編程器執行燒錄作業,且該編程器的燒錄次數最多到達該生產計數的上限值。A secure programming system as described in claim 15, wherein the programming unit is configured to confirm a stored production count, wherein when the number of burn times of the programmer is less than the production count, the programming unit drives the programmer to perform the burning operation, and when the number of burn times of the programmer is more than the production count, the programming unit drives the programmer to perform the burning operation, and the number of burn times of the programmer is at most up to the upper limit of the production count. 如請求項15所述的安全程式設計系統,其中當該第三驗證碼及該第四驗證碼的驗證結果為失敗時,將該可編程裝置分類到定義為不良的一第二輸出容器。A secure programming system as described in claim 15, wherein when the verification result of the third verification code and the fourth verification code is failure, the programmable device is classified into a second output container defined as bad.
TW112141865A 2023-07-10 2023-10-31 Method of operating secure programming system, computer readable recording medium and secure programming system using the same TWI876643B (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
US18/397,606 US20250023733A1 (en) 2023-07-10 2023-12-27 Secure programming system and operating method thereof
US18/397,674 US20250023722A1 (en) 2023-07-10 2023-12-27 Secure programming system, operating method thereof and computer readable recording medium using such operating method
US18/767,037 US20250023746A1 (en) 2023-07-10 2024-07-09 Method of operating secure programming system

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US202363525825P 2023-07-10 2023-07-10
US202363525809P 2023-07-10 2023-07-10
US63/525,825 2023-07-10
US63/525,809 2023-07-10

Publications (2)

Publication Number Publication Date
TW202503516A TW202503516A (en) 2025-01-16
TWI876643B true TWI876643B (en) 2025-03-11

Family

ID=95152525

Family Applications (3)

Application Number Title Priority Date Filing Date
TW112141865A TWI876643B (en) 2023-07-10 2023-10-31 Method of operating secure programming system, computer readable recording medium and secure programming system using the same
TW112141864A TWI899680B (en) 2023-07-10 2023-10-31 Method of operating secure programming system and secure programming system using the same
TW113125735A TWI873058B (en) 2023-07-10 2024-07-09 Method of operating secure programming system

Family Applications After (2)

Application Number Title Priority Date Filing Date
TW112141864A TWI899680B (en) 2023-07-10 2023-10-31 Method of operating secure programming system and secure programming system using the same
TW113125735A TWI873058B (en) 2023-07-10 2024-07-09 Method of operating secure programming system

Country Status (1)

Country Link
TW (3) TWI876643B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW201820132A (en) * 2016-09-30 2018-06-01 美商數據輸出入公司 Unified programming environment for programmable devices
CN111611593A (en) * 2019-02-22 2020-09-01 安全物品有限公司 Secure data processing equipment
TW202207664A (en) * 2020-08-03 2022-02-16 新唐科技股份有限公司 Secure computing device, secure computing method, verifier and device attestation method
CN114912138A (en) * 2020-12-28 2022-08-16 M·伦佩尔 Architecture, system and method for secure computing using hardware security level
CN116070215A (en) * 2022-12-16 2023-05-05 深圳市航盛电子股份有限公司 System security startup method, device, terminal equipment and storage medium

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE10109546A1 (en) * 2001-02-28 2002-09-12 Siemens Ag Method and communication system for providing a program element
CN103514385A (en) * 2012-06-26 2014-01-15 鸿富锦精密工业(深圳)有限公司 Embedded system and method for preventing software piracy through embedded system
CN107979467B (en) * 2016-10-21 2020-07-21 中国移动通信有限公司研究院 Verification method and device
CN108647499A (en) * 2018-05-16 2018-10-12 广州视源电子科技股份有限公司 Method, device, equipment and storage medium for generating anti-copy check code
CN110896390B (en) * 2018-09-12 2021-05-11 华为技术有限公司 Message sending method, message verification method, device and communication system
CN111342955B (en) * 2018-12-19 2023-04-18 北京沃东天骏信息技术有限公司 Communication method and device and computer storage medium
TWI763294B (en) * 2021-02-03 2022-05-01 宜鼎國際股份有限公司 Data storage device, system, and method for digital signature
TWI773161B (en) * 2021-03-02 2022-08-01 雲想科技股份有限公司 Digital signature private key verification method
CN116257820A (en) * 2021-12-09 2023-06-13 华大半导体有限公司 Communication security system and communication security chip
US12045504B2 (en) * 2021-12-14 2024-07-23 Micron Technology, Inc. Burn-in solid state drives through generation of proof of space plots in a manufacturing facility

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW201820132A (en) * 2016-09-30 2018-06-01 美商數據輸出入公司 Unified programming environment for programmable devices
CN111611593A (en) * 2019-02-22 2020-09-01 安全物品有限公司 Secure data processing equipment
TW202207664A (en) * 2020-08-03 2022-02-16 新唐科技股份有限公司 Secure computing device, secure computing method, verifier and device attestation method
CN114912138A (en) * 2020-12-28 2022-08-16 M·伦佩尔 Architecture, system and method for secure computing using hardware security level
CN116070215A (en) * 2022-12-16 2023-05-05 深圳市航盛电子股份有限公司 System security startup method, device, terminal equipment and storage medium

Also Published As

Publication number Publication date
TW202503515A (en) 2025-01-16
TWI899680B (en) 2025-10-01
TWI873058B (en) 2025-02-11
TW202503563A (en) 2025-01-16
TW202503516A (en) 2025-01-16

Similar Documents

Publication Publication Date Title
EP3458999B1 (en) Self-contained cryptographic boot policy validation
ES2692900T3 (en) Cryptographic certification of secure hosted execution environments
US20210012008A1 (en) Method of initializing device and method of updating firmware of device having enhanced security function
US9256210B2 (en) Safe method for card issuing, card issuing device and system
TW201635186A (en) System and method for computing device with improved firmware service security using credential-derived encryption key
CN101256613A (en) Secure processor system that does not require maker and user to know each other's encrypted information
CN102084313A (en) Systems and method for data security
US20230351056A1 (en) Sram physically unclonable function (puf) memory for generating keys based on device owner
TW202036347A (en) Data storage and verification method and device
CN101019368B (en) Method of delivering direct proof private keys to devices using a distribution CD
CN109445705A (en) Firmware authentication method and solid state hard disk
CN114189862A (en) Wireless terminal and interface access authentication method of wireless terminal in Uboot mode
US20240152620A1 (en) Owner revocation emulation container
JP2022527069A (en) Runtime code execution verification
CN114154164B (en) FPGA safe starting method, device, equipment and readable medium
CN116561734A (en) A verification method, device, computer and computer configuration system
TWI876643B (en) Method of operating secure programming system, computer readable recording medium and secure programming system using the same
CN120874061A (en) Server starting control method and electronic equipment
CN115756515A (en) Method, device and equipment for verifying container software deployment permission and storage medium
CN110445774B (en) Security protection method, device and equipment for IoT (Internet of things) equipment
US20250023722A1 (en) Secure programming system, operating method thereof and computer readable recording medium using such operating method
CN114816549B (en) Method and system for protecting bootloader and environment variable thereof
CN114297673A (en) A password verification method, solid state hard disk and host computer
KR102878206B1 (en) Programmable Logic Controller and the control method thereof
US12361175B1 (en) Neural processing device, non-transitory computer-readable recording medium and method for transferring ownership of the neural processing device thereof