Search

CN-121985329-A - Collaborative hardware security terminal architecture based on glass vacuum cavity

CN121985329ACN 121985329 ACN121985329 ACN 121985329ACN-121985329-A

Abstract

The invention discloses a collaborative hardware security terminal architecture based on a glass vacuum cavity, which comprises an independently arranged glass vacuum cavity security module, and can work cooperatively with an existing terminal main processor, so that hardware-level security upgrade is realized on the premise of not affecting original performance and use experience. The glass vacuum cavity adopts two selectable sealing processes, integrates mass production and flexibility, integrates a national security hardware safety unit in the cavity, and realizes key storage and encryption transmission. The invention adopts an end cloud cooperative architecture, sensitive data is not stored locally, and the security module can realize physical transplantation. The invention has strong compatibility, does not depend on advanced process, has strong physical attack resistance, can be widely applied to various smart phones and high-security-level terminals, and has higher practicability and market value.

Inventors

  • WANG CHENGJIN

Assignees

  • 王成金

Dates

Publication Date
20260505
Application Date
20260322

Claims (7)

  1. 1. The collaborative hardware safety terminal framework based on the glass vacuum cavity is characterized by comprising glass vacuum cavity safety modules which are independently arranged, wherein the safety modules can work cooperatively with a terminal main processor and do not interfere with each other; the glass vacuum cavity is formed by sealing two layers of chemically-strengthened glass substrates, the thickness of the cavity is 25-500 mu m, the internal vacuum degree is less than or equal to 1X 10-3 Pa, and a glass supporting structure is arranged in the cavity; The glass vacuum cavity is prepared by one of the following two processes: (1) Anode bonding and integrated sealing under vacuum environment; (2) Reserving an air suction channel, vacuumizing after bonding, and permanently sealing; The integrated hardware security unit in the cavity is used for key storage, identity authentication and data encryption and decryption, and does not participate in conventional operation and graphic rendering; the terminal adopts an end cloud cooperative architecture, user data is stored in a cloud, and only real-time response and encryption transmission are carried out locally.
  2. 2. The structure of claim 1, wherein the getter is built into the chamber, and the vacuum retention life is greater than or equal to 10 years.
  3. 3. The framework of claim 1, wherein the glass supporting structure is a columnar or round bump, the diameter is 50-200 μm, and the compressive strength of the cavity is more than or equal to 50MPa.
  4. 4. The framework of claim 1, wherein the glass supporting structure is a columnar or round bump, the diameter is 50-200 μm, and the compressive strength of the cavity is more than or equal to 50MPa.
  5. 5. The architecture of claim 1, wherein the hardware security unit supports SM2, SM3, SM4 national encryption algorithm and AES-256 encryption algorithm.
  6. 6. The architecture of claim 1, wherein the glass vacuum cavity security module is packaged in a standardized manner, and is detachable, ball-mounted and re-attached to achieve secure identity physical migration.
  7. 7. The architecture of claim 1, wherein the security module independently co-exists with the host processor without affecting game play, graphics rendering, and conventional computing performance, and is adaptable to a wide variety of brands of smart terminals.

Description

Collaborative hardware security terminal architecture based on glass vacuum cavity Technical Field The invention belongs to the technical field of mobile communication, hardware security and end cloud cooperation, and particularly relates to an independent hardware security module based on glass vacuum cavity encapsulation, which can cooperate with an existing intelligent terminal main processor to realize compatibility of high-performance operation and high-level security protection. Background The current mobile terminal is developed towards high performance and multifunction, and the performance requirements on graphic processing, game running, multimedia rendering and the like are continuously improved, and the mobile terminal is mainly realized by a high-performance main processor. Meanwhile, the terminal information security problem is increasingly outstanding, the traditional security chip is mostly packaged by plastic or ceramic, the air tightness and the physical attack resistance are weak, and the key storage security is insufficient. The existing security schemes are highly integrated with the main chip, cannot independently realize the security identity migration, and part of the schemes depend on the advanced process, so that the production cost is high and the supply chain is limited. How to improve the safety capability of hardware level on the premise of not affecting the original operation performance of the terminal and not changing the conventional use experience of users becomes a problem to be solved in industry. Disclosure of Invention The invention provides a collaborative hardware security terminal architecture based on a glass vacuum cavity, wherein a hardware security module is an independent functional unit, can be collaborative with an existing terminal high-performance main processor, and is matched with the existing terminal high-performance main processor in a labor-division way without interference, so that hardware level security upgrading is realized on the premise of ensuring that the conventional performances of terminal game operation, graphic rendering, multimedia processing and the like are unchanged. The glass vacuum cavity is formed by sealing two layers of chemically-strengthened glass substrates, the thickness of the cavity is 25-500 mu m, the internal vacuum degree is not higher than 1X 10-3 Pa, a glass supporting structure can be arranged in the cavity to improve the mechanical strength, and a getter can be arranged in the cavity to maintain the long-term vacuum stability. The glass vacuum cavity adopts two alternative sealing processes: The first is a vacuum environment integrated bonding process, anodic bonding is directly completed in a vacuum chamber, a sealed vacuum structure is formed, the production efficiency is high, and the method is suitable for large-scale mass production; the second is a reserved channel air extraction process, and the gold wire or the metal tube is reserved as an air extraction channel, and after primary bonding is completed in a conventional environment, the vacuum is pumped and sealed, so that the requirement on production equipment is low, and the method is suitable for small-batch production and trial-production scenes. The integrated hardware safety unit in the cavity comprises a true random number generator, a national encryption module and a safety communication interface, is only used for key storage, identity authentication, data encryption and decryption and safety scheduling, does not participate in tasks such as conventional operation, graphic rendering and the like, and does not occupy main processor resources. According to the method, a terminal cloud cooperative mode is adopted, massive user data are not stored locally by the terminal, only real-time instruction response and safe encryption transmission are responsible, data storage and high-performance calculation are completed by a cloud, and data security is further improved. The hardware security module can be in a standardized packaging form, can be fixedly integrated in the terminal to meet daily use requirements, and can realize detaching, ball planting and re-mounting through professional procedures under the high-security requirement scene such as equipment replacement, maintenance and the like to complete physical migration of security identities and promote security continuity. Advantageous effects The invention adopts the design of an independent hardware security module, can form a cooperative architecture with various existing main processors, does not influence the original game operation of the terminal, high-performance experience such as multimedia processing and the like, has strong compatibility, and is easy to be adopted by the existing mobile phone manufacturers. The invention does not depend on the prior process, improves the physical protection capability through the encapsulation of the glass vacuum cavity, has the characteristics of disassemb