[go: up one dir, main page]

TWI899680B - Method of operating secure programming system and secure programming system using the same - Google Patents

Method of operating secure programming system and secure programming system using the same

Info

Publication number
TWI899680B
TWI899680B TW112141864A TW112141864A TWI899680B TW I899680 B TWI899680 B TW I899680B TW 112141864 A TW112141864 A TW 112141864A TW 112141864 A TW112141864 A TW 112141864A TW I899680 B TWI899680 B TW I899680B
Authority
TW
Taiwan
Prior art keywords
programmer
payload
authentication
programmable device
control packet
Prior art date
Application number
TW112141864A
Other languages
Chinese (zh)
Other versions
TW202503515A (en
Inventor
康銘輝
Original Assignee
岱鐠科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 岱鐠科技股份有限公司 filed Critical 岱鐠科技股份有限公司
Priority to US18/397,674 priority Critical patent/US20250023722A1/en
Priority to US18/397,606 priority patent/US20250023733A1/en
Priority to US18/767,037 priority patent/US20250023746A1/en
Publication of TW202503515A publication Critical patent/TW202503515A/en
Application granted granted Critical
Publication of TWI899680B publication Critical patent/TWI899680B/en

Links

Landscapes

  • Storage Device Security (AREA)
  • Programmable Controllers (AREA)

Abstract

A method of operating a secure programming system is disclosed. The method comprises: encrypting a work control packet with a payload by a programmable device, wherein the work control packet includes an authentication list; installing the programmable device into a programmer; verifying that an authentication ID of the authentication list matches a device ID of the programmable device; if the authentication ID matches the device ID, decrypting the encrypted work control packet to retrieve the payload; generating a first verification code calculated from the payload and burning the payload into the programmable device by the programmer; reading the burned payload to calculate a second verification code; verifying the first verification code and the second verification code, and if the verification is successful, classifying the programmable devices into a first output container according to the verification results.

Description

操作安全程式設計系統的方法及安全程式設計系統Method for operating a safety programming system and safety programming system

本案屬於安全程式設計系統的技術領域,尤指一種操作安全程式設計系統的方法及安全程式設計系統。This case belongs to the technical field of secure programming systems, and in particular, refers to a method for operating a secure programming system and a secure programming system.

在現有的燒錄作業及流程中,會將資料燒錄於積體電路中。當欲燒錄資料於積體電路中,若欲燒錄的資料皆為明文而未經加密保護,則可能導致資料有外洩的可能性。In existing burning operations and processes, data is burned into integrated circuits. When burning data into an integrated circuit, if the data to be burned is in plain text and not encrypted, it may lead to the possibility of data leakage.

因此,如何發展一種操作安全程式設計系統的方法及安全程式設計系統,實為本領域急需面對的課題。Therefore, how to develop a method for operating a secure programming system and a secure programming system is an urgent issue that needs to be addressed in this field.

本案為一種操作安全程式設計系統的方法及安全程式設計系統,該方法可對具有認證列表及有效負載的工作控制封包進行加密保護,並在認證列表的認證識別碼匹配可編程裝置的設備識別碼時,將有效負載燒錄到可編程裝置,如此一來,可避免有效負載外洩,進而提升資料的安全性。This case discloses a method for operating a secure programming system and a secure programming system. The method encrypts and protects a work control packet having an authentication list and a payload. When the authentication identifier of the authentication list matches the device identifier of the programmable device, the payload is burned into the programmable device. This prevents the payload from being leaked, thereby enhancing data security.

為達上述目的,本案之一實施態樣為提供一種操作安全程式設計系統的方法,安全程式設計系統包含編程器,方法包含:編程器利用安全控制單元將具有認證列表及有效負載的工作控制封包加密,其中認證列表具有認證識別碼;S2.將可編程裝置裝載到編程器中,其中可編程裝置具有設備識別碼; S3.驗證認證列表的認證識別碼是否匹配可編程裝置的設備識別碼;當驗證認證列表的認證識別碼匹配可編程裝置的設備識別碼時,編程器利用安全控制單元之安全控制單元金鑰將已加密的工作控制封包解密,以取出有效負載;編程器產生由有效負載所計算出的第一驗證碼,並將有效負載燒錄到可編程裝置;編程器在有效負載被燒錄到可編程裝置後,由編程器將已燒錄的有效負載進行讀取,以計算第二驗證碼;以及S7.編程器驗證第一驗證碼及第二驗證碼,並當驗證成功時,將可編程裝置分類到定義為良好的第一輸出容器。To achieve the above-mentioned objectives, one embodiment of the present invention provides a method for operating a secure programming system, the secure programming system including a programmer. The method comprises: the programmer, using a security control unit, encrypting a work control packet having an authentication list and a payload, wherein the authentication list includes an authentication identification code; S2. loading a programmable device into the programmer, wherein the programmable device includes a device identification code; S3. Verify whether the authentication identifier of the authentication list matches the device identifier of the programmable device; when the authentication identifier of the authentication list matches the device identifier of the programmable device, the programmer uses the security control unit key of the security control unit to decrypt the encrypted work control packet to extract the payload; the programmer generates a first authentication code calculated from the payload and burns the payload into the programmable device; after the payload is burned into the programmable device, the programmer reads the burned payload to calculate the second authentication code; and S7. The programmer verifies the first authentication code and the second authentication code, and when the authentication is successful, classifies the programmable device into a first output container defined as good.

為達上述目的,本案之另一實施態樣為提供一種安全程式設計系統,包含:編程器,用已裝載可編程裝置,且利用安全控制單元將具有認證列表及有效負載的工作控制封包加密,並利用安全控制單元之安全控制單元金鑰將已加密的工作控制封包解密,以取出有效負載,且產生由有效負載所計算出的第一驗證碼,並將有效負載燒錄到可編程裝置,且在有效負載被燒錄到可編程裝置後,由編程器將已燒錄的有效負載進行讀取,以計算第二驗證碼,並驗證第一驗證碼及第二驗證碼,以當驗證成功時,將可編程裝置分類到定義為良好的第一輸出容器;以及程式設計單元,連接到編程器,用以擷取具有認證列表及有效負載的工作控制封包,並驗證認證列表的認證識別碼是否匹配可編程裝置的設備識別碼,以於認證識別碼匹配設備識別碼時,產生成功驗證訊至編程器,使編程器將利用安全控制單元金鑰將已加密的工作控制封包解密,以取出有效負載。To achieve the above-mentioned objectives, another embodiment of the present invention provides a secure programming system, comprising: a programmer, which is loaded with a programmable device and uses a security control unit to encrypt a work control packet having an authentication list and a payload, decrypts the encrypted work control packet using a security control unit key of the security control unit to extract the payload, generates a first verification code calculated from the payload, and burns the payload into the programmable device. After the payload is burned into the programmable device, the programmer reads the burned payload. The second verification code is calculated and the first verification code and the second verification code are verified, so that when the verification is successful, the programmable device is classified into a first output container defined as good; and the programming unit is connected to the programmer and is used to capture the work control packet having the authentication list and the valid payload, and verify whether the authentication identifier of the authentication list matches the device identifier of the programmable device. When the authentication identifier matches the device identifier, a successful authentication signal is generated to the programmer, so that the programmer will use the security control unit key to decrypt the encrypted work control packet to extract the valid payload.

體現本案特徵與優點的一些典型實施例將在後段的說明中詳細敘述。應理解的是本案能夠在不同的態樣上具有各種的變化,其皆不脫離本案的範圍,且其中的說明及圖示在本質上當作說明之用,而非架構於限制本案。Typical embodiments that embody the features and advantages of this invention will be described in detail in the following description. It should be understood that this invention is capable of various variations in different aspects without departing from the scope of this invention, and that the descriptions and illustrations herein are intended for illustrative purposes only and are not intended to limit this invention.

請參閱第1圖及第2圖,其中第1圖為本案較佳實施例之操作安全程式設計系統的方法的步驟流程圖,第2圖為第1圖所示之方法所操作的安全程式設計系統的結構示意圖。如第1圖及第2圖所示,本案之方法可應用於安全程式設計系統1中,其中安全程式設計系統1可與原始設備製造商(OEM)裝置9相通信,安全程式設計系統1可以個別加密資料及代碼的目標有效負載,並接著將資訊編程進每一個可編程裝置8,其中可編程裝置8可以包括積體電路、記憶體晶片、電路板或電子裝置,例如智慧型電話、媒體播放器、或其他消費及工業電子裝置等。安全程式設計系統1可以建立定製的有效負載封包,該定製的有效負載封包僅可由具有正確安全金鑰的系統或裝置解密。Please refer to Figures 1 and 2, wherein Figure 1 is a flowchart of the steps of a method for operating a secure programming system according to a preferred embodiment of the present invention, and Figure 2 is a schematic diagram of the structure of the secure programming system operated by the method shown in Figure 1. As shown in Figures 1 and 2, the method of the present invention can be applied to a secure programming system 1, wherein the secure programming system 1 can communicate with an original equipment manufacturer (OEM) device 9, and the secure programming system 1 can individually encrypt a target payload of data and code and then program the information into each programmable device 8, wherein the programmable device 8 can include an integrated circuit, a memory chip, a circuit board, or an electronic device, such as a smartphone, a media player, or other consumer and industrial electronic devices. The secure programming system 1 can create customized payload packets that can only be decrypted by systems or devices with the correct security key.

安全程式設計系統1包含編程器2及程式設計單元4。編程器2可以是用於實體編程可編程裝置8的電機系統,其可裝載可編程裝置8。The safety programming system 1 includes a programmer 2 and a programming unit 4. The programmer 2 may be a motor system for physically programming a programmable device 8, which may be loaded with the programmable device 8.

程式設計單元4可擷取具有認證列表及有效負載的工作控制封包,並驗證認證列表的認證識別碼是否匹配可編程裝置8的設備識別碼,以於認證識別碼匹配設備識別碼時,產生成功驗證訊息給編程器2,而編程器2在接收到成功驗證訊息時,便將程式設計單元4所提供的有效負載配給可編程裝置8。The programming unit 4 can capture the work control packet with the authentication list and the valid load, and verify whether the authentication identifier of the authentication list matches the device identifier of the programmable device 8, so as to generate a successful authentication message to the programmer 2 when the authentication identifier matches the device identifier. When the programmer 2 receives the successful authentication message, it allocates the valid load provided by the programming unit 4 to the programmable device 8.

於一些實施例中,安全程式設計系統1包含安全控制單元6,用以以編程器公開金鑰、OEM公開金鑰、安全性模組公開金鑰、矽供應商公開金鑰或安全控制單元公開金鑰加密有效負載,並透過加密格式而形成具有有效負載的工作控制封包。於一些實施例中,安全控制單元6用於處理安全資訊的計算裝置,且可以包括特定密碼技術及計算硬體,以促進密碼資訊的處理。舉例而言,安全控制單元6可以包括量子電腦、平行計算電路系統、配置為處理安全資訊的現場可編程閘陣列(FPGA)、共處理器、陣列邏輯單元、微處理器、或其組合。此外,安全控制單元6可以是特別配置為防止在處理安全資訊的輸入、中間、或最終階段處未授權地存取安全資訊的安全裝置。In some embodiments, the secure programming system 1 includes a security control unit 6 configured to encrypt a payload using a programmer public key, an OEM public key, a security module public key, a silicon vendor public key, or a security control unit public key, and to form a work control packet containing the payload in an encrypted format. In some embodiments, the security control unit 6 is configured to be a computing device that processes secure information and may include specific cryptographic techniques and computing hardware to facilitate the processing of cryptographic information. For example, the security control unit 6 may include a quantum computer, a parallel computing circuit system, a field programmable gate array (FPGA) configured to process secure information, a coprocessor, an array logic unit, a microprocessor, or a combination thereof. In addition, the security control unit 6 may be a security device specifically configured to prevent unauthorized access to security information at the input, intermediate, or final stages of processing the security information.

本實施例的方法包含步驟如下。The method of this embodiment includes the following steps.

步驟S1,編程器2利用安全控制單元6將具有有效負載的工作控制封包加密,其中工作控制封包更具有認證列表,且認證列表具有認證識別碼。於一些實施例中,原始設備製造商裝置9將編程器2的序號列表與有效負載放入工作控制封包,透過安全控制單元6隨機產生的安全控制單元金鑰對工作控制封包加密,也載入安全性模組公鑰而對安全控制單元金鑰加密,最後將已加密的工作控制封包、已加密的安全控制單元金鑰、認證列表及安全性模組公鑰傳送給程式設計單元4。In step S1, the programmer 2 uses the security control unit 6 to encrypt a work control packet containing a payload. The work control packet further includes an authentication list, and the authentication list includes an authentication identifier. In some embodiments, the original equipment manufacturer (OEM) device 9 places the programmer 2's serial number list and the payload into the work control packet, encrypts the work control packet using a randomly generated security control unit key by the security control unit 6, and also encrypts the security module public key by loading the key. Finally, the encrypted work control packet, the encrypted security control unit key, the authentication list, and the security module public key are transmitted to the programming unit 4.

步驟S2,將可編程裝置8裝載到編程器2中,其中可編程裝置8具有設備識別碼。In step S2, the programmable device 8 is loaded into the programmer 2, wherein the programmable device 8 has a device identification code.

步驟S3,驗證認證列表的認證識別碼是否匹配可編程裝置8的設備識別碼。Step S3, verify whether the authentication identification code in the authentication list matches the device identification code of the programmable device 8.

步驟S4,當步驟S3中驗證認證列表的認證識別碼匹配可編程裝置8的設備識別碼時,編程器2利用安全控制單元6之安全控制單元金鑰將已加密的工作控制封包解密,以取出有效負載。In step S4, when the authentication identification code of the authentication list verified in step S3 matches the device identification code of the programmable device 8, the programmer 2 uses the security control unit key of the security control unit 6 to decrypt the encrypted work control packet to extract the effective payload.

步驟S5,編程器2產生由有效負載所計算出的第一驗證碼,並將有效負載燒錄到可編程裝置8。In step S5, the programmer 2 generates a first verification code calculated from the payload and burns the payload into the programmable device 8.

步驟S6,編程器2在有效負載被燒錄到可編程裝置8後,由編程器2將已燒錄的有效負載進行讀取,以計算第二驗證碼。In step S6, after the payload is burned into the programmable device 8, the programmer 2 reads the burned payload to calculate the second verification code.

步驟S7,編程器2驗證第一驗證碼及第二驗證碼,並當驗證成功時,將可編程裝置8分類到定義為良好的第一輸出容器。In step S7, the programmer 2 verifies the first verification code and the second verification code, and if the verification is successful, the programmer 2 classifies the programmable device 8 into the first output container defined as good.

由上述內容可知,本案之方法可對具有認證列表及有效負載的工作控制封包進行加密保護,並在認證列表的認證識別碼匹配可編程裝置8的設備識別碼時,才將有效負載燒錄到可編程裝置8,如此一來,可避免有效負載外洩,進而提升資料的安全性。As can be seen from the above content, the method of this case can encrypt and protect the work control packet with the authentication list and the valid payload, and only burn the valid payload to the programmable device 8 when the authentication identifier of the authentication list matches the device identifier of the programmable device 8. In this way, the leakage of the valid payload can be avoided, thereby improving data security.

於一些實施例中,在步驟S1更包含:可由安全儲存單元80取出有效負載。In some embodiments, step S1 further includes: retrieving the payload from the secure storage unit 80.

另外,於其它實施例中,本案的方法更可包含步驟S8及S9,步驟S8及S9於步驟S1執行前執行,其中步驟S8為: 產生工作控制封包,工作控制封包附有編程器識別列表,編程器識別列表紀錄了可進行燒錄的至少一編程器2。步驟S9為: 利用紀錄在編程器識別列表的至少一編程器2將工作控制封包中的有效負載編程到可編程裝置8中。In other embodiments, the method of the present invention may further include steps S8 and S9, which are executed before step S1. Step S8 comprises generating a work control packet, which includes a programmer identification list that lists at least one programmer 2 that can be burned. Step S9 comprises programming the payload in the work control packet into the programmable device 8 using the at least one programmer 2 listed in the programmer identification list.

於一些實施例中,步驟S7更包含: 當驗證結果為失敗時,將可編程裝置8分類到定義為不良的第二輸出容器。於一些實施例中,第一輸出容器及第二輸出容器分別為不同的承載盤。In some embodiments, step S7 further includes: when the verification result is failure, classifying the programmable device 8 into a second output container defined as defective. In some embodiments, the first output container and the second output container are different carriers.

於其它實施例中,步驟S7更包含:利用裝置移放單元(未圖示)移放可編程裝置8到第一輸出容器或第二輸出容器。裝置移放單元可為但不限於自動化設備的機器人手臂。In other embodiments, step S7 further includes: using a device transfer unit (not shown) to transfer the programmable device 8 to the first output container or the second output container. The device transfer unit can be, but is not limited to, a robot arm of an automated device.

於一些實施例中,程式設計單元4從有效負載抽取韌體影像,其中韌體影像可以為但不限於影像檔、程式語言的編碼或資料的表格等,且程式設計單元4解密韌體影像。編程器2則從程式設計單元4接收解密後的韌體影像,並將解密後的韌體影像複製到可編程裝置8。In some embodiments, the programming unit 4 extracts a firmware image from the payload, where the firmware image may be, but is not limited to, an image file, a programming language code, or a data table, and decrypts the firmware image. The programmer 2 receives the decrypted firmware image from the programming unit 4 and copies the decrypted firmware image to the programmable device 8.

於一些實施例中,程式設計單元4可從一個以上的編程器2分別取出該些編程器2所對應的專屬序號,並將該些序號整合成序號列表,並傳送給原始設備製造商裝置9。In some embodiments, the programming unit 4 can retrieve the unique serial numbers corresponding to more than one programmer 2, integrate the serial numbers into a serial number list, and transmit it to the original equipment manufacturer device 9.

於一些實施例中,安全程式設計系統1包含安全性模組(Hardware Security Module; HSM) 5,用以利用非對稱式加密演算法產生相互匹配的安全性模組公鑰及安全性模組私鑰,同時設定對應安全性模組公鑰的可使用燒錄次數,其中安全性模組私鑰被保存於安全性模組5內,而安全性模組公鑰可經由安全控制單元6輸出,以提供給原始設備製造商裝置9。In some embodiments, the secure programming system 1 includes a security module (Hardware Security Module; HSM) 5, which utilizes an asymmetric encryption algorithm to generate a matching security module public key and a security module private key, and sets a maximum number of burn times for the corresponding security module public key. The security module private key is stored in the security module 5, and the security module public key can be output via a security control unit 6 to be provided to an original equipment manufacturer device 9.

於一些實施例中,在步驟S3中,程式設計單元4由編程器2讀取可編程裝置8的設備識別碼,以與認證列表的認證識別碼進行驗證,當成功驗證時,程式設計單元4將安全性模組公鑰傳送至安全性模組5,而安全性模組5查詢對應的可使用的燒錄次數,再將查詢到的可使用的燒錄次數傳回給程式設計單元4。In some embodiments, in step S3, the programming unit 4 reads the device identification code of the programmable device 8 from the programmer 2 to verify it with the authentication identification code in the authentication list. When the authentication is successful, the programming unit 4 transmits the security module public key to the security module 5, and the security module 5 queries the corresponding number of available burn times and then returns the queried number of available burn times to the programming unit 4.

於一些實施例中,程式設計單元4基於可使用的生產計數來判斷編程器2是否繼續對可編程裝置8執行燒錄作業。若可使用的生產計數驗證為0,即終止燒錄作業;反之,若可使用的生產計數驗證非為0,則程式設計單元4先扣除1次以上作為預扣生產計數,但當預扣生產計數超過可使用的生產計數時,程式設計單元4則以可使用的生產計數的上限值來做為預扣生產計數,並將預扣生產計數儲存於程式設計單元4,同時程式設計單元4將扣完預扣生產計數的剩餘可使用生產計數傳送至安全性模組5儲存。換言之,即程式設計單元4被設定為確認儲存的生產計數,並在編程器2的燒錄次數少於生產計數時,驅動編程器2執行燒錄作業,反之,當編程器2的燒錄次數多於生產計數時,程式設計單元4雖同樣驅動編程器2執行燒錄作業,但編程器2的燒錄次數最多只會到達可使用的生產計數的上限值。In some embodiments, the programming unit 4 determines whether the programmer 2 should continue the burn operation on the programmable device 8 based on the available production count. If the available production count is verified to be 0, the burn operation is terminated. Conversely, if the available production count is not 0, the programming unit 4 first deducts one or more times as a pre-withheld production count. However, if the pre-withheld production count exceeds the available production count, the programming unit 4 uses the upper limit of the available production count as the pre-withheld production count and stores the pre-withheld production count in the programming unit 4. At the same time, the programming unit 4 transmits the remaining available production count after deducting the pre-withheld production count to the security module 5 for storage. In other words, the programming unit 4 is set to confirm the stored production count and drive the programmer 2 to perform the burning operation when the number of burn times of the programmer 2 is less than the production count. Conversely, when the number of burn times of the programmer 2 is more than the production count, the programming unit 4 will also drive the programmer 2 to perform the burning operation, but the number of burn times of the programmer 2 will only reach the upper limit of the available production count.

於一些實施例中,程式設計單元4更將加密的工作控制封包傳送至編程器2並儲存於編程器2的隨機存取記憶體(未圖示),接著隨即抹除程式設計單元4裡已加密的工作控制封包。In some embodiments, the programming unit 4 further transmits the encrypted operation control packet to the programmer 2 and stores it in the random access memory (not shown) of the programmer 2, and then immediately erases the encrypted operation control packet in the programming unit 4.

於一些實施例中,程式設計單元4從認證識別碼取得編程器列表,且藉由對編程器列表的成功驗證(即認證列表的認證識別碼匹配可編程裝置8的設備識別碼),將有效負載配給可編程裝置8。In some embodiments, the programming unit 4 obtains the programmer list from the authentication identifier and distributes the payload to the programmable device 8 upon successful verification of the programmer list (ie, the authentication identifier of the authentication list matches the device identifier of the programmable device 8).

於一些實施例中,編程器2會將暫存於隨機存取記憶體中已解密的有效負載燒錄進可編程裝置8。此外,程式設計單元4將已加密的安全控制單元金鑰連同安全性模組公鑰傳送至安全性模組5解密。然後,程式設計單元4收到安全性模組5回傳已解密的安全控制單元金鑰後,再將其傳送給編程器2的隨機存取記憶體解密已加密的工作控制封包。最後,編程器2從已解密的工作控制封包先取出有效負載,再取出編程器2的序號列表並與自身的專屬序號匹配,若自身的專屬序號未包含在序號列表內,則中止燒錄作業,若自身專屬序號包含在序號列表內,則繼續燒錄作業。In some embodiments, programmer 2 burns the decrypted payload temporarily stored in random access memory into programmable device 8. Furthermore, programming unit 4 transmits the encrypted security control unit key along with the security module public key to security module 5 for decryption. After receiving the decrypted security control unit key from security module 5, programming unit 4 transmits it to programmer 2's random access memory to decrypt the encrypted work control packet. Finally, programmer 2 extracts the payload from the decrypted work control packet, then extracts programmer 2's sequence number list and matches it with its own unique sequence number. If its own unique sequence number is not included in the sequence number list, the burning operation is aborted. If its own unique sequence number is included in the sequence number list, the burning operation continues.

於一些實施例中,編程器2更將可編程裝置8的內容讀出,並利用隨機存取記憶體中已解密的有效負載來對可編程裝置8的內容進行驗證。此外,編程器2將驗證結果傳至程式設計單元4,隨即便將存放在隨機存取記憶體的有效負載讀出。程式設計單元4依據編程器2所傳來的驗證結果確認驗證結果是否成功,若驗證成功,程式設計單元4將對所儲存的預扣生產計數減1次,若驗證失敗,則不更動所儲存的預扣生產計數。若程式設計單元4的預扣生產計數為0次,則程式設計單元4透過安全性模組5去查詢對應的生產計數,使安全性模組5將生產計數傳回至程式設計單元4,若生產次數為0次則中止燒錄,若生產計數非為0次則先扣除1次或1次以上的次數做為預扣生產計數,並將預扣生產計數儲存於程式設計單元4,同時程式設計單元4將扣完預扣生產計數的剩餘可使用生產計數傳送至安全性模組5儲存。In some embodiments, programmer 2 further reads the contents of programmable device 8 and verifies the contents of programmable device 8 using the decrypted payload stored in random access memory. Furthermore, programmer 2 transmits the verification result to programming unit 4, which then reads the payload stored in random access memory. Based on the verification result transmitted by programmer 2, programming unit 4 verifies whether the verification is successful. If the verification is successful, programming unit 4 decrements the stored pre-withheld production count by one. If the verification fails, the stored pre-withheld production count remains unchanged. If the pre-withheld production count of programming unit 4 is 0, programming unit 4 queries the corresponding production count through security module 5, so that security module 5 returns the production count to programming unit 4. If the production count is 0, the burning is terminated. If the production count is not 0, 1 or more times are deducted as the pre-withheld production count, and the pre-withheld production count is stored in programming unit 4. At the same time, programming unit 4 transmits the remaining usable production count after deducting the pre-withheld production count to security module 5 for storage.

綜上所述,本案提供一種操作安全程式設計系統的方法及安全程式設計系統,該方法及安全程式設計系統可對有效負載的工作控制封包進行加密保護,其中工作控制封包更具有認證列表,並在認證列表的認證識別碼匹配可編程裝置的設備識別碼時,才將有效負載燒錄到可編程裝置,如此一來,可避免有效負載外洩,進而提升資料的安全性。In summary, this case provides a method for operating a secure programming system and a secure programming system. The method and secure programming system can encrypt and protect the work control packet of a payload. The work control packet further includes an authentication list. The payload is only burned into the programmable device when the authentication identifier in the authentication list matches the device identifier of the programmable device. This prevents the payload from being leaked, thereby enhancing data security.

1: 安全程式設計系統 9: 原始設備製造商裝置 2: 編程器 4: 程式設計單元 5: 安全性模組 6: 安全控制單元 8: 可編程裝置 S1~S7: 操作安全程式設計系統的方法 1: Safety Programming System 9: Original Equipment Manufacturer Device 2: Programmer 4: Programming Unit 5: Safety Module 6: Safety Control Unit 8: Programmable Device S1-S7: Methods for Operating a Safety Programming System

第1圖為本案較佳實施例之操作安全程式設計系統的方法的步驟流程圖; 第2圖為第1圖所示之方法所操作的安全程式設計系統的結構示意圖。 Figure 1 is a flowchart of the steps of a method for operating a secure programming system according to a preferred embodiment of the present invention. Figure 2 is a schematic diagram of the structure of the secure programming system operated by the method shown in Figure 1.

S1~S7: 操作安全程式設計系統的方法S1~S7: Methods for operating a safety programming system

Claims (9)

一種操作一安全程式設計系統的方法,該安全程式設計系統包含一編程器,該方法包含: S1.該編程器利用一安全控制單元將具有一有效負載的一工作控制封包加密,其中該工作控制封包更包含一認證列表,且該認證列表具有一認證識別碼; S2.將一可編程裝置裝載到該編程器中,其中該可編程裝置具有一設備識別碼; S3.驗證該認證列表的該認證識別碼是否匹配該可編程裝置的該設備識別碼; S4.當驗證該認證列表的該認證識別碼匹配該可編程裝置的該設備識別碼時,該編程器利用該安全控制單元之一安全控制單元金鑰將已加密的工作控制封包解密,以取出該有效負載; S5.該編程器產生由該有效負載所計算出的一第一驗證碼,並將該有效負載燒錄到該可編程裝置; S6.該編程器在該有效負載被燒錄到該可編程裝置後,由該編程器將已燒錄的該有效負載進行讀取,以計算一第二驗證碼;以及 S7.該編程器驗證該第一驗證碼及該第二驗證碼,並當驗證成功時,將該可編程裝置分類到定義為良好的一第一輸出容器。 A method for operating a secure programming system, the secure programming system including a programmer, the method comprising: S1. The programmer encrypts a work control packet having a payload using a security control unit, wherein the work control packet further includes an authentication list, and the authentication list has an authentication identification code; S2. Loads a programmable device into the programmer, wherein the programmable device has a device identification code; S3. Verifies whether the authentication identification code in the authentication list matches the device identification code of the programmable device; S4. When it is verified that the authentication identification code in the authentication list matches the device identification code of the programmable device, the programmer decrypts the encrypted work control packet using a security control unit key of the security control unit to extract the payload; S5. The programmer generates a first verification code calculated from the payload and burns the payload into the programmable device. S6. After the payload is burned into the programmable device, the programmer reads the burned payload to calculate a second verification code. S7. The programmer verifies the first verification code and the second verification code and, if verification is successful, classifies the programmable device into a first output container defined as good. 如請求項1所述的方法,其中該步驟S1包含: 由該可編程裝置的一安全儲存單元取出該有效負載。 The method of claim 1, wherein step S1 comprises: Retrieving the payload from a secure storage unit of the programmable device. 如請求項1所述的方法,其中該步驟S7包含: 當驗證結果為失敗時,將該可編程裝置分類到定義為不良的一第二輸出容器。 The method of claim 1, wherein step S7 includes: When the verification result is failure, classifying the programmable device into a second output container defined as defective. 如請求項1所述的方法,其中該方法於該步驟S1執行之前更包含: S8. 產生該工作控制封包,該工作控制封包附有一編程器識別列表,該編程器識別列表紀錄了可進行燒錄的至少一編程器;以及 S9. 利用紀錄在該編程器識別列表的該至少一編程器將該工作控制封包中的該有效負載編程到該可編程裝置中。 The method of claim 1, wherein, before executing step S1, the method further comprises: S8. generating the operation control packet, the operation control packet being accompanied by a programmer identification list, the programmer identification list recording at least one programmer capable of performing programming; and S9. programming the payload in the operation control packet into the programmable device using the at least one programmer recorded in the programmer identification list. 一種安全程式設計系統,包含: 一編程器,用已裝載一可編程裝置,且利用一安全控制單元將具有一有效負載的工作控制封包加密,且該工作控制封包更包含一認證列表,該編程器利用該安全控制單元之一安全控制單元金鑰將已加密的工作控制封包解密,以取出該有效負載,且產生由該有效負載所計算出的一第一驗證碼,並將該有效負載燒錄到一可編程裝置,且在該有效負載被燒錄到該可編程裝置後,由該編程器將已燒錄的該有效負載進行讀取,以計算一第二驗證碼,並驗證該第一驗證碼及該第二驗證碼,以當驗證成功時,將該可編程裝置分類到定義為良好的一第一輸出容器;以及 一程式設計單元,連接到該編程器,用以擷取具有該認證列表及該有效負載的該工作控制封包,並驗證該認證列表的一認證識別碼是否匹配該可編程裝置的一設備識別碼,以於該認證識別碼匹配該設備識別碼時,產生一成功驗證訊至該編程器,使該編程器將利用該安全控制單元金鑰將已加密的工作控制封包解密,以取出該有效負載。 A secure programming system comprises: A programmer, loaded with a programmable device, and utilizing a security control unit to encrypt a work control packet containing a payload, wherein the work control packet further includes an authentication list. The programmer decrypts the encrypted work control packet using a security control unit key of the security control unit to extract the payload, generates a first authentication code calculated from the payload, and burns the payload into a programmable device. After the payload is burned into the programmable device, the programmer reads the burned payload to calculate a second authentication code, and verifies the first authentication code and the second authentication code. If the authentication succeeds, the programmer classifies the programmable device into a first output container defined as good. A programming unit, connected to the programmer, is configured to capture the operation control packet containing the authentication list and the payload and verify whether an authentication identifier in the authentication list matches a device identifier of the programmable device. When the authentication identifier matches the device identifier, a successful authentication signal is generated to the programmer, causing the programmer to decrypt the encrypted operation control packet using the security control unit key to retrieve the payload. 如請求項5所述的安全程式設計系統,其中該編程器被設定為由該可編程裝置的一安全儲存單元取出該有效負載。The secure programming system of claim 5, wherein the programmer is configured to retrieve the payload from a secure storage unit of the programmable device. 如請求項5所述的安全程式設計系統,其中該編程器被設定為利用一裝置移放單元移放該可編程裝置到該第一輸出容器。A secure programming system as described in claim 5, wherein the programmer is configured to move the programmable device to the first output container using a device moving unit. 如請求項5所述的安全程式設計系統,其中該安全控制單元被設定為產生附有一編程器識別列表的該工作控制封包,該編程器識別列表紀錄了可進行燒錄的至少一編程器,且該安全控制單元利用紀錄在該編程器識別列表的該至少一編程器將該工作控制封包中的該有效負載編程到該可編程裝置中。A secure programming system as described in claim 5, wherein the security control unit is configured to generate the work control packet with a programmer identification list attached, the programmer identification list records at least one programmer that can be burned, and the security control unit uses the at least one programmer recorded in the programmer identification list to program the valid load in the work control packet into the programmable device. 如請求項5所述的安全程式設計系統,其中該程式設計單元被設定為確認儲存的一生產計數,其中在該編程器的燒錄次數少於該生產計數時,該程式設計單元驅動該編程器執行該燒錄作業,當該編程器的燒錄次數多於該生產計數時,該程式設計單元驅動編程器執行燒錄作業,且該編程器的燒錄次數最多到達該生產計數的上限值。A secure programming system as described in claim 5, wherein the programming unit is configured to confirm a stored production count, wherein when the number of burns of the programmer is less than the production count, the programming unit drives the programmer to perform the burn operation, and when the number of burns of the programmer is more than the production count, the programming unit drives the programmer to perform the burn operation, and the number of burns of the programmer is at most up to the upper limit of the production count.
TW112141864A 2023-07-10 2023-10-31 Method of operating secure programming system and secure programming system using the same TWI899680B (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
US18/397,674 US20250023722A1 (en) 2023-07-10 2023-12-27 Secure programming system, operating method thereof and computer readable recording medium using such operating method
US18/397,606 US20250023733A1 (en) 2023-07-10 2023-12-27 Secure programming system and operating method thereof
US18/767,037 US20250023746A1 (en) 2023-07-10 2024-07-09 Method of operating secure programming system

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US202363525809P 2023-07-10 2023-07-10
US202363525825P 2023-07-10 2023-07-10
US63/525,825 2023-07-10
US63/525,809 2023-07-10

Publications (2)

Publication Number Publication Date
TW202503515A TW202503515A (en) 2025-01-16
TWI899680B true TWI899680B (en) 2025-10-01

Family

ID=95152525

Family Applications (3)

Application Number Title Priority Date Filing Date
TW112141864A TWI899680B (en) 2023-07-10 2023-10-31 Method of operating secure programming system and secure programming system using the same
TW112141865A TWI876643B (en) 2023-07-10 2023-10-31 Method of operating secure programming system, computer readable recording medium and secure programming system using the same
TW113125735A TWI873058B (en) 2023-07-10 2024-07-09 Method of operating secure programming system

Family Applications After (2)

Application Number Title Priority Date Filing Date
TW112141865A TWI876643B (en) 2023-07-10 2023-10-31 Method of operating secure programming system, computer readable recording medium and secure programming system using the same
TW113125735A TWI873058B (en) 2023-07-10 2024-07-09 Method of operating secure programming system

Country Status (1)

Country Link
TW (3) TWI899680B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW201401102A (en) * 2012-06-26 2014-01-01 Hon Hai Prec Ind Co Ltd Embedded system and method of using the embedded system to preventing software from pirating
CN108647499A (en) * 2018-05-16 2018-10-12 广州视源电子科技股份有限公司 Method, device, equipment and storage medium for generating anti-copy check code
CN116257820A (en) * 2021-12-09 2023-06-13 华大半导体有限公司 Communication security system and communication security chip
US20230185482A1 (en) * 2021-12-14 2023-06-15 Micron Technology, Inc. Burn-In Solid State Drives through Generation of Proof of Space Plots in A Manufacturing Facility

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE10109546A1 (en) * 2001-02-28 2002-09-12 Siemens Ag Method and communication system for providing a program element
US10069633B2 (en) * 2016-09-30 2018-09-04 Data I/O Corporation Unified programming environment for programmable devices
CN107979467B (en) * 2016-10-21 2020-07-21 中国移动通信有限公司研究院 Verification method and device
CN110896390B (en) * 2018-09-12 2021-05-11 华为技术有限公司 Message sending method, message verification method, device and communication system
CN111342955B (en) * 2018-12-19 2023-04-18 北京沃东天骏信息技术有限公司 Communication method and device and computer storage medium
GB201902470D0 (en) * 2019-02-22 2019-04-10 Secure Thingz Ltd Security data processing device
US11601268B2 (en) * 2020-08-03 2023-03-07 Nuvoton Technology Corporation Device attestation including attestation-key modification following boot event
CN114912138A (en) * 2020-12-28 2022-08-16 M·伦佩尔 Architecture, system and method for secure computing using hardware security level
TWI763294B (en) * 2021-02-03 2022-05-01 宜鼎國際股份有限公司 Data storage device, system, and method for digital signature
TWI773161B (en) * 2021-03-02 2022-08-01 雲想科技股份有限公司 Digital signature private key verification method
CN116070215A (en) * 2022-12-16 2023-05-05 深圳市航盛电子股份有限公司 System security startup method, device, terminal equipment and storage medium

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW201401102A (en) * 2012-06-26 2014-01-01 Hon Hai Prec Ind Co Ltd Embedded system and method of using the embedded system to preventing software from pirating
CN108647499A (en) * 2018-05-16 2018-10-12 广州视源电子科技股份有限公司 Method, device, equipment and storage medium for generating anti-copy check code
CN116257820A (en) * 2021-12-09 2023-06-13 华大半导体有限公司 Communication security system and communication security chip
US20230185482A1 (en) * 2021-12-14 2023-06-15 Micron Technology, Inc. Burn-In Solid State Drives through Generation of Proof of Space Plots in A Manufacturing Facility

Also Published As

Publication number Publication date
TW202503516A (en) 2025-01-16
TWI873058B (en) 2025-02-11
TW202503563A (en) 2025-01-16
TW202503515A (en) 2025-01-16
TWI876643B (en) 2025-03-11

Similar Documents

Publication Publication Date Title
EP3458999B1 (en) Self-contained cryptographic boot policy validation
TWI840506B (en) Security data processing device
EP2506488B1 (en) Secure dynamic on-chip key programming
US20060005046A1 (en) Secure firmware update procedure for programmable security devices
US20050138387A1 (en) System and method for authorizing software use
CN109388961B (en) Security control method of storage device and storage device
CN102084313A (en) Systems and method for data security
EP2579178A1 (en) Controller, control method, computer program, program recording medium, recording apparatus, and method of manufacturing recording apparatus
CN102027707A (en) Integrated circuit with secured software image and method therefor
CN109445705B (en) Firmware authentication method and solid state disk
TWI629608B (en) Method for copy-protected storage of information on a data carrier
JP2012090231A (en) Storage device and secure erase method
US11874928B2 (en) Security device, electronic device, secure boot management system, method for generating boot image, and method for executing boot chain
CN101019368B (en) Method of delivering direct proof private keys to devices using a distribution CD
CN102456111A (en) Method and system for controlling permission of Linux operating system
US6336189B1 (en) Apparatus and method for data capsule generation
CN114189862A (en) Wireless terminal and interface access authentication method of wireless terminal in Uboot mode
WO2017001530A1 (en) Secure Programming of Secret data
EP3920066B1 (en) Electronic device capable of protecting confidential data
US11784987B2 (en) Secure reprogramming of embedded processing system
TWI899680B (en) Method of operating secure programming system and secure programming system using the same
US20250023733A1 (en) Secure programming system and operating method thereof
US12204616B2 (en) Method and intelligent apparatus for calling permission verification of protected intelligent application
US20130089205A1 (en) Token Provisioning Method
TWI499929B (en) Programming system