CN106484477A - The software download of safety and startup method - Google Patents
The software download of safety and startup method Download PDFInfo
- Publication number
- CN106484477A CN106484477A CN201610885227.8A CN201610885227A CN106484477A CN 106484477 A CN106484477 A CN 106484477A CN 201610885227 A CN201610885227 A CN 201610885227A CN 106484477 A CN106484477 A CN 106484477A
- Authority
- CN
- China
- Prior art keywords
- download
- program
- equipment
- field
- download instruction
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
- G06F9/44505—Configuring for program initiating, e.g. using registry, configuration files
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/606—Protecting data by securing the transmission between two devices or processes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Health & Medical Sciences (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of safe software download and startup method, comprise the steps:Step 1, the startup program that is realized by software using hardware logic electric circuit verification;Step 2, read by the startup program or hardware logic electric circuit and download attribute field;If step 3 attribute field of downloading shows current equipment in downloading the application program stage, startup program verifies download instruction processing routine, then executes download instruction processing routine;If the download attribute field shows that current equipment is in can not download the application program stage, startup program verification Application program, application program is then executed.The present invention can resist the attack that attacker is carried out to equipment using means of different, improve the security of equipment.
Description
Technical field
The present invention relates to security chip design technical field, more particularly to a kind of safe software download and startup side
Method.
Background technology
Attacker can be by the program in physical attacks means alterable storage so as to reach illegal objective.This attack
Typically carry out under equipment off-mode.
In addition, equipment after manufacture, is typically necessary the individual demand according to each user, using different application journeys
Sequence.These application programs are all stored in the nonvolatile memory of equipment.This means that equipment is had after manufacture
One download channel downloads application program for user.
This download channel equally exists and is utilized to reach download illegal program by attacker, destroys the security of equipment
Purpose.
How to prevent these attack meanses so that equipment is safer, be exactly problem to be solved by this invention.
Content of the invention
The technical problem to be solved in the present invention is to provide a kind of safe software download and startup method, can resist attack
The attack that person is carried out to equipment using means of different, improves the security of equipment.
For solving above-mentioned technical problem, the software download of the safety of the present invention and startup method, comprise the steps:
Step 1, the startup program that is realized by software using hardware logic electric circuit verification;
Step 2, read by the startup program or hardware logic electric circuit and download attribute field;
If step 3 attribute field of downloading shows that current equipment, in downloading the application program stage, starts journey
Sequence verifies download instruction processing routine, then executes download instruction processing routine;
If the download attribute field shows that current equipment is in can not download the application program stage, startup program school
Application program is tested, then executes application program.
The safe software download and the another program for starting method employing, comprise the steps:
Step A, hardware logic electric circuit read downloads attribute field;
The startup program that step B, hardware logic electric circuit verification are realized by software;
If the step C attribute field of downloading shows that current equipment, in downloading the application program stage, starts journey
Sequence verifies download instruction processing routine, then executes download instruction processing routine;
If the download attribute field shows that current equipment is in can not download the application program stage, startup program school
Application program is tested, then executes application program.
Using the method for the present invention, the startup program that is realized by software is verified using hardware logic electric circuit, be ensure that
Startup program is not distorted by attacker.This be software program is compared due to hardware logic electric circuit for, it is not easy to by attacker
Attack.
Using the method for the present invention so that attacker is difficult to by attack meanses come at using the original download instruction of equipment
Reason program come implement attack acquisition equipment confidential information, the verification to operation program in start-up course, also so that attacker
Under equipment off-mode to device program distort in start-up course can verified out, without being performed.These are all
So that equipment is safer.
Description of the drawings
The present invention is further detailed explanation with specific embodiment below in conjunction with the accompanying drawings:
Fig. 1 is the safe software download and startup method flow schematic diagram;
Fig. 2 is download instruction processing routine schematic flow sheet in Fig. 1.
Specific embodiment
The safe software download and startup method, including hardware check program, software startup program, at download instruction
Reason program.The method can realize safe software download and self-starting.Equipment using the method is in nonvolatile memory
In store download attribute field;Startup program is also stores, is downloaded and the respective length field of application program and self-correcting
Test field.
Referring to Fig. 1, the safe software download is applied with the equipment for starting method upon actuation, first by hardware logic
Circuit is verifying the startup program that is realized by software.This be software program is compared due to hardware logic electric circuit for, it is not easy to quilt
Attacker attacks, so by the hardware logic electric circuit startup program that verification software is realized first, it is ensured that startup program is not attacked
The person of hitting distorts.Then startup program or hardware logic electric circuit go to read to download attribute field.If startup program goes to read, then
This step is necessary for after hardware logic electric circuit verification this step of startup program;If hardware logic electric circuit goes to read, then
This step can verify this step exchanging order of startup program with hardware logic electric circuit.This is because hardware logic electric circuit goes reading
Words, the security of this two step is the same;And if software startup program goes to read, the security of startup program be by hardware logic
The check results of circuit ensure, so order can not be changed.
Downloading attribute field needs multidigit redundant representation, and represents that the condition that can be downloaded is equal to certain fixed number,
Other all represent can not download, so when nonvolatile memory is under attack, it is not easy to cause safety problem.So-called peace
Full problem is referred to, when equipment should be in the stage that can not download application program, due under attack so that equipment is changed into can
To download application program.If using 1 bit as download attribute field when, under attack after, 1 bit be easy to upset,
So as to produce safety problem.When many bits are adopted, when such as being represented with 32 bits, 32 bits are attacked into one specifically
Number, hence it is evident that more a lot of than attacking the hardly possible for coming 1 bit reversal.
Show stage of the current equipment in application program can be downloaded if reading and downloading attribute field, then startup program
Just verification download instruction processing routine, then executes download instruction processing routine;If the download attribute field shows current
Stage of the equipment in application program can not be downloaded, then then startup program executes application program with regard to verification Application program;?
That is before application program or download instruction processing routine are performed, being all to be verified by startup program, being protected with this
Card application program or download instruction processing routine are not distorted by attacker.
For download instruction processing routine, application program to be downloaded is passed in the data segment for write on download instruction
Bring.
In conjunction with shown in Fig. 2, first, download instruction processing routine can start reception.After receiving download instruction, first checking command
Whether form is correct.If download instruction form is incorrect, continue to etc. to be received;If download instruction form is correct
Words, are just write the data segment in instruction in the nonvolatile memory of storage program successively;Then seen in download instruction again
Whether final data attribute field is last time transmission data, if not, then continue startup next download of reception and refer to
Order, if last once transmission data, then just rewrite the length field of application program, and self checking field, download indicate,
Last download instruction processing routine self-destruction.Having downloaded rear download instruction processing routine self-destruction, this can cause the attacker cannot
Illegal program is downloaded again by attack meanses using this download instruction processing routine.Self-destruction can pass through certain section in program
Code is rewritten into invalid code to realize, it is also possible to by the self checking field write error value of download instruction processing routine come
Realize.
The startup program that above-mentioned hardware logic electric circuit verification software is realized, startup program verify download instruction processing routine,
Startup program verification Application program;The verifying function of these description the insides, it can be from the beginning of fixing address to implement, and first read
The length field of program to be verified, then reads through length field again according to length field, then reads whole program segment, same read
When can calculate check value, after running through, the check value that calculates compare with the check field that there is program segment end again whether consistent,
If consistent, verification just passes through, and otherwise verifies and does not just pass through.During verification, read through again length field be in order to length word
Section be also included in data to be verified, if this can just protect length field by attacker distort also can verified out.
In addition, including data sequence field in download instruction, data sequence field represents the data in this download instruction
It is which data, when whether checking command form is correct, will also checks whether data sequence field is correct, if secondary
Sequence field shows that and then this secondary data will not receive, and it is incorrect that this is also considered as instruction format.
Attribute field is downloaded, can just be write as the Downloadable fixed value of expression only when equipment is produced, and solid being write as
Need to execute full wiping operation before definite value, the data in the memory of equipment are emptied;Just can only fix from this after manufacture
Value is written as other values.This is realized by the memory authority management module of equipment;By equipment external terminal level representing
Equipment be in the production phase still produce after stage;In the final step of production, physically, irreversibly destroy outside this
Portion's pin.So just can guarantee that attribute field after manufacture not by never Downloadable state be changed to can download state, so as to quilt
Attacker is using download illegal program.Need before writing full wiping operation is executed, the data in the memory of equipment emptied,
Be in order to just in case attacked into by attacker can download state, then can also protect the confidential data in memory not by attacker
Obtain.
The length field of startup program and self checking field can not be written over after manufacture, the length word of application program
Section and self checking field cannot be written over when download mark expression can not be downloaded, and this is weighed by the memory of equipment
Limit management module is realized.These are provided to prevent attacker from distorting these fields, so that startup program is to application program
Verification failure.
By above a variety of measures, work in coordination, particularly download after the completion of self-destruction download instruction processing routine this
Point so that attacker is difficult to be implemented using the original download instruction processing routine of equipment by attack meanses to attack acquisition and sets
Standby confidential information, the verification to operation program in start-up course also cause attacker to equipment journey under equipment off-mode
Distorting for sequence can be verified out without being performed in start-up course.These all cause equipment safer.
The present invention is described in detail above by specific embodiment, but these have not been constituted to the present invention's
Limit.Without departing from the principles of the present invention, those skilled in the art can also make many deformation and improvement, these
Should be regarded as protection scope of the present invention.
Claims (12)
1. a kind of safe software download with start method, it is characterised in that comprise the steps:
Step 1, the startup program that is realized by software using hardware logic electric circuit verification;
Step 2, read by the startup program or hardware logic electric circuit and download attribute field;
If the step 3 download attribute field shows that current equipment is in can download the application program stage, startup program school
Download instruction processing routine is tested, then executes download instruction processing routine;
If the download attribute field shows current equipment in downloading the application program stage, startup program verification should
With program, application program is then executed.
2. a kind of safe software download with start method, it is characterised in that comprise the steps:
Step A, hardware logic electric circuit read downloads attribute field;
The startup program that step B, hardware logic electric circuit verification are realized by software;
If the step C download attribute field shows that current equipment is in can download the application program stage, startup program school
Download instruction processing routine is tested, then executes download instruction processing routine;
If the download attribute field shows current equipment in downloading the application program stage, startup program verification should
With program, application program is then executed.
3. method as claimed in claim 1 or 2, it is characterised in that:Application program to be downloaded writes on the data of download instruction
Duan Zhong, is then transmitted;The method for implementing is as follows,
Step a, the download instruction processing routine start reception;After receiving download instruction, whether first checking command form is correct;
If download instruction form is incorrect, continue waiting for receiving;If download instruction lattice are correct, by the data in download instruction
In the nonvolatile memory of Duan Yici write storage program;
Step b, the final data attribute field that checks in download instruction see whether be last time transmission data;If it is not,
Then continue to start to receive next download instruction;If last time transmission data, then rewrite the length field of application program,
Self checking field, downloads mark, last download instruction processing routine self-destruction.
4. method as claimed in claim 3, it is characterised in that:The download instruction includes data sequence field, the data time
Sequence field represents which data are the data in this download instruction be, when the download instruction processing routine checking command form
When whether correct, need to check whether data sequence field correct, if data sequence field show this secondary data be not immediately
To be received, be then also considered as instruction format incorrect.
5. method as claimed in claim 3, it is characterised in that:The download instruction processing routine self-destruction, by by program
Certain section of code be rewritten into invalid code realization, or by by the self checking field write error value of download instruction processing routine
Realize.
6. method as claimed in claim 3, it is characterised in that:Described download indicates, using multidigit redundant representation, and represents
The condition that can be downloaded is equal to certain fixed number, and other all represent can not download.
7. method as claimed in claim 1 or 2, it is characterised in that:The download attribute field, only when equipment is produced
Can be write as the Downloadable fixed value of expression, and need before being write as fixed value full wiping operation is executed, the memory of equipment
In data empty;Then other values can only be written as after manufacture from the fixed value;
8. method as claimed in claim 7, it is characterised in that:Determined residing for equipment by the memory authority management module of equipment
Stage;By equipment external terminal level come represent equipment be in the production phase still produce after stage;In production
Final step, physically, irreversibly destroy the external terminal.
9. method as claimed in claim 1 or 2, it is characterised in that:The length field of the startup program and self checking field
Can not be written over after manufacture.
10. method as claimed in claim 9, it is characterised in that:Equipment institute is determined by the memory authority management module of equipment
The stage at place;By equipment external terminal level come represent equipment be in the production phase still produce after stage;Giving birth to
The final step of product, physically, irreversibly destroys the external terminal.
11. methods as claimed in claim 1 or 2, it is characterised in that:The length field of application program and self checking field are in institute
State download attribute field to represent when can not download, then can not be written over.
12. methods as claimed in claim 1 or 2, it is characterised in that:The verification is first read to be verified from the beginning of fixing address
The length field of program, then reads through length field again according to length field;Read whole program segment afterwards, at this moment same read
When calculate check value, after running through, the check value for calculating is compared with the check field that there is program segment end, if one
Cause, then verification passes through, and otherwise verifies and does not pass through.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610885227.8A CN106484477B (en) | 2016-10-11 | 2016-10-11 | The software download and starting method of safety |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610885227.8A CN106484477B (en) | 2016-10-11 | 2016-10-11 | The software download and starting method of safety |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106484477A true CN106484477A (en) | 2017-03-08 |
CN106484477B CN106484477B (en) | 2019-11-12 |
Family
ID=58269262
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610885227.8A Active CN106484477B (en) | 2016-10-11 | 2016-10-11 | The software download and starting method of safety |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106484477B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108513169A (en) * | 2018-04-04 | 2018-09-07 | 青岛海信电器股份有限公司 | A kind of chip downloads method, chip and the LCD TV of startup program |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2001195247A (en) * | 2000-01-07 | 2001-07-19 | Nec Corp | System and method for verifying and guaranteeing safety of software |
CN1897515A (en) * | 2006-06-29 | 2007-01-17 | 中兴通讯股份有限公司 | Method for assuring equipment software on-line downloading reliability |
CN101122936A (en) * | 2007-09-21 | 2008-02-13 | 武汉大学 | Embed type platform guiding of credible mechanism |
CN101965570A (en) * | 2008-02-29 | 2011-02-02 | 先进微装置公司 | A computer system comprising a secure boot mechanism |
-
2016
- 2016-10-11 CN CN201610885227.8A patent/CN106484477B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2001195247A (en) * | 2000-01-07 | 2001-07-19 | Nec Corp | System and method for verifying and guaranteeing safety of software |
CN1897515A (en) * | 2006-06-29 | 2007-01-17 | 中兴通讯股份有限公司 | Method for assuring equipment software on-line downloading reliability |
CN101122936A (en) * | 2007-09-21 | 2008-02-13 | 武汉大学 | Embed type platform guiding of credible mechanism |
CN101965570A (en) * | 2008-02-29 | 2011-02-02 | 先进微装置公司 | A computer system comprising a secure boot mechanism |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108513169A (en) * | 2018-04-04 | 2018-09-07 | 青岛海信电器股份有限公司 | A kind of chip downloads method, chip and the LCD TV of startup program |
Also Published As
Publication number | Publication date |
---|---|
CN106484477B (en) | 2019-11-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8375219B2 (en) | Program and operation verification | |
US20210149681A1 (en) | Secure Firmware Management with Hierarchical Boot Sequence using Last Known Good Firmware | |
US20090260084A1 (en) | Method for verifying conformity of the logical content of a computer appliance with a reference content | |
CN101840361B (en) | Program verification apparatus and its method | |
US20080215955A1 (en) | Semiconductor storage device | |
US11829479B2 (en) | Firmware security verification method and device | |
CN110363010A (en) | A kind of safety startup of system method based on MPSoC chip | |
US9660802B1 (en) | Systems and methods for generating and storing silicon fingerprints for a security chip | |
CN111104662B (en) | Method for authenticating a program and corresponding integrated circuit | |
CN106484477B (en) | The software download and starting method of safety | |
EP1739587A1 (en) | Portable electronic apparatus and secured data output method therefor | |
CN111176696B (en) | Memory chip upgrading method and device, terminal equipment and medium | |
US9886362B2 (en) | Checking the integrity of a program executed by an electronic circuit | |
CN107678879A (en) | A kind of apparatus and method verified in real time for bus and memory cell data block | |
CN106935266B (en) | Control method, device and system for reading configuration information from memory | |
CN106326726A (en) | Method and system for embedded type encrypting and recognition based on DS2432 chip | |
CN109768853A (en) | A kind of key component verification method, device and terminal device | |
KR20230082388A (en) | Apparatus for verifying bootloader of ecu and method thereof | |
EP3460702A1 (en) | Method to detect an attack by fault injection on a sensitive operation | |
US10242183B2 (en) | Method of executing a program by a processor and electronic entity comprising such a processor | |
CN110311773A (en) | A kind of method of the anti-injection attack of Advanced Encryption Standard coprocessor | |
JP5822123B2 (en) | Security token, data update method, and computer program | |
US7822953B2 (en) | Protection of a program against a trap | |
CN109614807B (en) | Method and device for protecting sensitive information and readable storage medium | |
US20240012903A1 (en) | Method for Executing a Program on a Data Processing Device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |