CN111095213A - 嵌入式程序的安全引导方法、装置、设备及存储介质 - Google Patents
嵌入式程序的安全引导方法、装置、设备及存储介质 Download PDFInfo
- Publication number
- CN111095213A CN111095213A CN201880001250.3A CN201880001250A CN111095213A CN 111095213 A CN111095213 A CN 111095213A CN 201880001250 A CN201880001250 A CN 201880001250A CN 111095213 A CN111095213 A CN 111095213A
- Authority
- CN
- China
- Prior art keywords
- data
- program
- information
- key
- verification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000003860 storage Methods 0.000 title claims abstract description 142
- 238000000034 method Methods 0.000 title claims abstract description 132
- 238000012795 verification Methods 0.000 claims abstract description 120
- 238000004422 calculation algorithm Methods 0.000 claims description 30
- 230000008569 process Effects 0.000 claims description 21
- 238000012545 processing Methods 0.000 claims description 16
- 238000013507 mapping Methods 0.000 claims description 6
- 238000004590 computer program Methods 0.000 claims description 5
- 238000010586 diagram Methods 0.000 description 14
- 230000006870 function Effects 0.000 description 6
- 230000000694 effects Effects 0.000 description 4
- 241000334993 Parma Species 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000001514 detection method Methods 0.000 description 2
- 230000007704 transition Effects 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000005856 abnormality Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 125000004122 cyclic group Chemical group 0.000 description 1
- 238000013506 data mapping Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000002427 irreversible effect Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000007619 statistical method Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/48—Program initiating; Program switching, e.g. by interrupt
- G06F9/4806—Task transfer initiation or dispatching
- G06F9/4843—Task transfer initiation or dispatching by program, e.g. task dispatcher, supervisor, operating system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1408—Protection against unauthorised use of memory or access to memory by using cryptography
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/72—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mathematical Physics (AREA)
- Storage Device Security (AREA)
Abstract
一种嵌入式程序的安全引导方法、装置、设备及存储介质,该方法包括在运行引导程序时,获取应用程序的数据,包括签名信息、公钥信息、参数信息、加密数据及数字校验码(S201);根据签名信息进行签名校验(S202);若通过,根据数字校验码进行完整性校验(S203);若通过,根据公钥信息和参数信息进行数据解密(S204)。可提高信息安全性。
Description
PCT国内申请,说明书已公开。
Claims (34)
- PCT国内申请,权利要求书已公开。
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/CN2018/101983 WO2020037612A1 (zh) | 2018-08-23 | 2018-08-23 | 嵌入式程序的安全引导方法、装置、设备及存储介质 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111095213A true CN111095213A (zh) | 2020-05-01 |
CN111095213B CN111095213B (zh) | 2024-04-30 |
Family
ID=69592172
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201880001250.3A Active CN111095213B (zh) | 2018-08-23 | 2018-08-23 | 嵌入式程序的安全引导方法、装置、设备及存储介质 |
Country Status (4)
Country | Link |
---|---|
US (1) | US11562075B2 (zh) |
EP (1) | EP3644181A4 (zh) |
CN (1) | CN111095213B (zh) |
WO (1) | WO2020037612A1 (zh) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112711761A (zh) * | 2021-01-12 | 2021-04-27 | 联合汽车电子有限公司 | 控制器的安全防护方法、控制器的主芯片及控制器 |
CN114266083A (zh) * | 2021-12-24 | 2022-04-01 | 杭州万高科技股份有限公司 | 一种芯片内密钥的安全存储方法 |
CN114615075A (zh) * | 2022-03-28 | 2022-06-10 | 重庆长安汽车股份有限公司 | 一种控制器的软件防篡改***、方法及存储介质 |
CN115080075A (zh) * | 2022-08-22 | 2022-09-20 | 南京芯驰半导体科技有限公司 | 一种嵌入式硬件安全模块的固件部署***及方法 |
Families Citing this family (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110677250B (zh) | 2018-07-02 | 2022-09-02 | 阿里巴巴集团控股有限公司 | 密钥和证书分发方法、身份信息处理方法、设备、介质 |
CN110795742B (zh) | 2018-08-02 | 2023-05-02 | 阿里巴巴集团控股有限公司 | 高速密码运算的度量处理方法、装置、存储介质及处理器 |
CN110795774B (zh) | 2018-08-02 | 2023-04-11 | 阿里巴巴集团控股有限公司 | 基于可信高速加密卡的度量方法、设备和*** |
CN110874478B (zh) * | 2018-08-29 | 2023-05-02 | 阿里巴巴集团控股有限公司 | 密钥处理方法及装置、存储介质和处理器 |
CN111597560B (zh) * | 2020-05-18 | 2023-05-09 | 国网电力科学研究院有限公司 | 一种安全可信模组启动方法及*** |
CN112114888B (zh) * | 2020-09-29 | 2024-05-17 | 上海大郡动力控制技术有限公司 | 一种电动汽车电控***通用客户端引导程序生成方法 |
CN112632562B (zh) * | 2020-12-28 | 2024-01-26 | 四川虹微技术有限公司 | 设备启动方法、设备管理方法和嵌入式设备 |
KR20220155684A (ko) | 2021-05-17 | 2022-11-24 | 삼성전자주식회사 | Crum 칩 및 스마트 카드 |
CN113177201A (zh) * | 2021-05-20 | 2021-07-27 | 北京奕斯伟计算技术有限公司 | 程序校验、签名方法及装置、soc芯片 |
CN113467842B (zh) * | 2021-06-25 | 2023-09-19 | 厦门码灵半导体技术有限公司 | 适用于工业级应用场景的嵌入式设备的启动方法、嵌入式设备和计算机可读存储介质 |
CN113778061B (zh) * | 2021-09-16 | 2023-03-28 | 广州锦红源电子科技有限公司 | 电子控制器程序完整性的校验方法、装置、电子控制器 |
CN115766014A (zh) * | 2022-05-19 | 2023-03-07 | 惠州市德赛西威汽车电子股份有限公司 | 一种控制器安全管理方法、装置、车辆及存储介质 |
CN114785503B (zh) * | 2022-06-16 | 2022-09-23 | 北京智芯半导体科技有限公司 | 密码卡及其根密钥保护方法、计算机可读存储介质 |
CN115130114B (zh) * | 2022-08-31 | 2022-12-23 | 杭州云动智能汽车技术有限公司 | 一种网关安全启动方法、装置、电子设备及存储介质 |
GB2624661A (en) * | 2022-11-24 | 2024-05-29 | Secure Thingz Ltd | Secure provisioning of a programmable device |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050283601A1 (en) * | 2004-06-22 | 2005-12-22 | Sun Microsystems, Inc. | Systems and methods for securing a computer boot |
US20060236122A1 (en) * | 2005-04-15 | 2006-10-19 | Microsoft Corporation | Secure boot |
US20120060039A1 (en) * | 2010-03-05 | 2012-03-08 | Maxlinear, Inc. | Code Download and Firewall for Embedded Secure Application |
CN103226482A (zh) * | 2013-03-22 | 2013-07-31 | 深圳市九洲电器有限公司 | 一种机顶盒引导启动方法和装置 |
CN103810421A (zh) * | 2014-02-19 | 2014-05-21 | 北京视博数字电视科技有限公司 | 应用程序的校验方法、装置和终端设备 |
CN103914658A (zh) * | 2013-01-05 | 2014-07-09 | 展讯通信(上海)有限公司 | 终端设备的安全启动方法及终端设备 |
US20150113278A1 (en) * | 2012-03-02 | 2015-04-23 | Syphermedia International, Inc. | Blackbox security provider programming system permitting multiple customer use and in field conditional access switching |
KR20180007717A (ko) * | 2016-07-13 | 2018-01-24 | (주)이더블유비엠 | 이중보안기능을 가지는 SoC 및 SoC의 이중보안방법 |
CN108347332A (zh) * | 2017-06-06 | 2018-07-31 | 清华大学 | 验证固件签名的方法及装置 |
US10057243B1 (en) * | 2017-11-30 | 2018-08-21 | Mocana Corporation | System and method for securing data transport between a non-IP endpoint device that is connected to a gateway device and a connected service |
Family Cites Families (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP4058322B2 (ja) * | 2002-10-07 | 2008-03-05 | 株式会社ルネサステクノロジ | メモリカード |
CN103258164A (zh) * | 2013-02-20 | 2013-08-21 | 中国电力科学研究院 | 一种嵌入式可信***的启动方法 |
US9471785B2 (en) * | 2013-08-30 | 2016-10-18 | Freescale Semiconductor, Inc. | Systems and methods for secure boot ROM patch |
JP6054908B2 (ja) * | 2014-05-22 | 2016-12-27 | レノボ・シンガポール・プライベート・リミテッド | 変数セットを修復する方法、コンピュータ・プログラムおよびコンピュータ |
CN104156659B (zh) * | 2014-08-14 | 2017-02-01 | 电子科技大学 | 一种嵌入式***的安全启动方法 |
US9953167B2 (en) * | 2015-10-12 | 2018-04-24 | Microsoft Technology Licensing, Llc | Trusted platforms using minimal hardware resources |
KR102353058B1 (ko) * | 2016-02-02 | 2022-01-20 | 삼성전자주식회사 | 시스템 온 칩 및 그것의 동작 방법 |
US9778309B1 (en) * | 2016-03-17 | 2017-10-03 | Qualcomm Incorporated | Type-C factory and special operating mode support |
US10268844B2 (en) * | 2016-08-08 | 2019-04-23 | Data I/O Corporation | Embedding foundational root of trust using security algorithms |
KR102617354B1 (ko) * | 2017-01-05 | 2023-12-26 | 삼성전자주식회사 | 보안 부트 시퀀서 및 보안 부트 장치 |
US10528740B2 (en) * | 2017-06-15 | 2020-01-07 | International Business Machines Corporation | Securely booting a service processor and monitoring service processor integrity |
TWI626541B (zh) * | 2017-08-31 | 2018-06-11 | 慧榮科技股份有限公司 | 將資料寫入至快閃記憶體模組的方法及相關的快閃記憶體控制器與電子裝置 |
CN108154025A (zh) * | 2017-12-22 | 2018-06-12 | 北京四达时代软件技术股份有限公司 | 嵌入式设备启动的方法、应用程序镜像处理的方法及装置 |
US10819510B2 (en) * | 2018-02-06 | 2020-10-27 | Wickr Inc. | Facilitating communications using hybrid cryptography |
-
2018
- 2018-08-23 CN CN201880001250.3A patent/CN111095213B/zh active Active
- 2018-08-23 WO PCT/CN2018/101983 patent/WO2020037612A1/zh unknown
- 2018-08-23 EP EP18921293.9A patent/EP3644181A4/en active Pending
-
2019
- 2019-12-12 US US16/712,956 patent/US11562075B2/en active Active
Patent Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050283601A1 (en) * | 2004-06-22 | 2005-12-22 | Sun Microsystems, Inc. | Systems and methods for securing a computer boot |
US20060236122A1 (en) * | 2005-04-15 | 2006-10-19 | Microsoft Corporation | Secure boot |
US20120060039A1 (en) * | 2010-03-05 | 2012-03-08 | Maxlinear, Inc. | Code Download and Firewall for Embedded Secure Application |
US20150113278A1 (en) * | 2012-03-02 | 2015-04-23 | Syphermedia International, Inc. | Blackbox security provider programming system permitting multiple customer use and in field conditional access switching |
CN103914658A (zh) * | 2013-01-05 | 2014-07-09 | 展讯通信(上海)有限公司 | 终端设备的安全启动方法及终端设备 |
CN103226482A (zh) * | 2013-03-22 | 2013-07-31 | 深圳市九洲电器有限公司 | 一种机顶盒引导启动方法和装置 |
CN103810421A (zh) * | 2014-02-19 | 2014-05-21 | 北京视博数字电视科技有限公司 | 应用程序的校验方法、装置和终端设备 |
KR20180007717A (ko) * | 2016-07-13 | 2018-01-24 | (주)이더블유비엠 | 이중보안기능을 가지는 SoC 및 SoC의 이중보안방법 |
CN108347332A (zh) * | 2017-06-06 | 2018-07-31 | 清华大学 | 验证固件签名的方法及装置 |
US10057243B1 (en) * | 2017-11-30 | 2018-08-21 | Mocana Corporation | System and method for securing data transport between a non-IP endpoint device that is connected to a gateway device and a connected service |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112711761A (zh) * | 2021-01-12 | 2021-04-27 | 联合汽车电子有限公司 | 控制器的安全防护方法、控制器的主芯片及控制器 |
CN112711761B (zh) * | 2021-01-12 | 2024-03-19 | 联合汽车电子有限公司 | 控制器的安全防护方法、控制器的主芯片及控制器 |
CN114266083A (zh) * | 2021-12-24 | 2022-04-01 | 杭州万高科技股份有限公司 | 一种芯片内密钥的安全存储方法 |
CN114615075A (zh) * | 2022-03-28 | 2022-06-10 | 重庆长安汽车股份有限公司 | 一种控制器的软件防篡改***、方法及存储介质 |
CN115080075A (zh) * | 2022-08-22 | 2022-09-20 | 南京芯驰半导体科技有限公司 | 一种嵌入式硬件安全模块的固件部署***及方法 |
CN115080075B (zh) * | 2022-08-22 | 2022-11-18 | 南京芯驰半导体科技有限公司 | 一种嵌入式硬件安全模块的固件部署***及方法 |
Also Published As
Publication number | Publication date |
---|---|
WO2020037612A1 (zh) | 2020-02-27 |
CN111095213B (zh) | 2024-04-30 |
US11562075B2 (en) | 2023-01-24 |
EP3644181A4 (en) | 2020-07-15 |
EP3644181A1 (en) | 2020-04-29 |
US20200117805A1 (en) | 2020-04-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111095213B (zh) | 嵌入式程序的安全引导方法、装置、设备及存储介质 | |
US9953166B2 (en) | Method for securely booting target processor in target system using a secure root of trust to verify a returned message authentication code recreated by the target processor | |
KR100792287B1 (ko) | 자체 생성한 암호화키를 이용한 보안방법 및 이를 적용한보안장치 | |
US11829479B2 (en) | Firmware security verification method and device | |
JP5607546B2 (ja) | 保護された動作モードの間にシステムアクセスを制御するための方法および装置 | |
US8572410B1 (en) | Virtualized protected storage | |
US20230020278A1 (en) | Secure boot assist for devices, and related systems, methods and devices | |
US8438658B2 (en) | Providing sealed storage in a data processing device | |
CN110990084B (zh) | 芯片的安全启动方法、装置、存储介质和终端 | |
US20080205651A1 (en) | Secure processor system without need for manufacturer and user to know encryption information of each other | |
US20070237325A1 (en) | Method and apparatus to improve security of cryptographic systems | |
US9842214B2 (en) | System and method to secure on-board bus transactions | |
US20210367781A1 (en) | Method and system for accelerating verification procedure for image file | |
CN112148314B (zh) | 一种嵌入式***的镜像验证方法、装置、设备及存储介质 | |
CN111095200A (zh) | 嵌入式程序的安全升级方法、装置、设备及存储介质 | |
JP2018508063A (ja) | セキュア素子 | |
KR101954439B1 (ko) | 이중보안기능을 가지는 SoC 및 SoC의 이중보안방법 | |
US7624442B2 (en) | Memory security device for flexible software environment | |
JP2018169694A (ja) | 故障利用攻撃に対しての耐タンパー性を持たせたセキュリティデバイス | |
US11768963B2 (en) | System and method for validating trust provisioning operation on system-on-chip | |
US20220317184A1 (en) | Secured debug | |
CN114995918A (zh) | 基板管理控制器的启动方法、配置方法、装置及电子设备 | |
US20230017231A1 (en) | Securely executing software based on cryptographically verified instructions | |
CN111357003A (zh) | 预操作***环境中的数据保护 | |
US20240020422A1 (en) | Process and circuit for verifying the integrity of a software application |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |