CN111095213A - 嵌入式程序的安全引导方法、装置、设备及存储介质 - Google Patents

嵌入式程序的安全引导方法、装置、设备及存储介质 Download PDF

Info

Publication number
CN111095213A
CN111095213A CN201880001250.3A CN201880001250A CN111095213A CN 111095213 A CN111095213 A CN 111095213A CN 201880001250 A CN201880001250 A CN 201880001250A CN 111095213 A CN111095213 A CN 111095213A
Authority
CN
China
Prior art keywords
data
program
information
key
verification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201880001250.3A
Other languages
English (en)
Other versions
CN111095213B (zh
Inventor
李庆斌
陈德坤
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Goodix Technology Co Ltd
Original Assignee
Shenzhen Goodix Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Goodix Technology Co Ltd filed Critical Shenzhen Goodix Technology Co Ltd
Publication of CN111095213A publication Critical patent/CN111095213A/zh
Application granted granted Critical
Publication of CN111095213B publication Critical patent/CN111095213B/zh
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/48Program initiating; Program switching, e.g. by interrupt
    • G06F9/4806Task transfer initiation or dispatching
    • G06F9/4843Task transfer initiation or dispatching by program, e.g. task dispatcher, supervisor, operating system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1408Protection against unauthorised use of memory or access to memory by using cryptography
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/72Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mathematical Physics (AREA)
  • Storage Device Security (AREA)

Abstract

一种嵌入式程序的安全引导方法、装置、设备及存储介质,该方法包括在运行引导程序时,获取应用程序的数据,包括签名信息、公钥信息、参数信息、加密数据及数字校验码(S201);根据签名信息进行签名校验(S202);若通过,根据数字校验码进行完整性校验(S203);若通过,根据公钥信息和参数信息进行数据解密(S204)。可提高信息安全性。

Description

PCT国内申请,说明书已公开。

Claims (34)

  1. PCT国内申请,权利要求书已公开。
CN201880001250.3A 2018-08-23 2018-08-23 嵌入式程序的安全引导方法、装置、设备及存储介质 Active CN111095213B (zh)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2018/101983 WO2020037612A1 (zh) 2018-08-23 2018-08-23 嵌入式程序的安全引导方法、装置、设备及存储介质

Publications (2)

Publication Number Publication Date
CN111095213A true CN111095213A (zh) 2020-05-01
CN111095213B CN111095213B (zh) 2024-04-30

Family

ID=69592172

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201880001250.3A Active CN111095213B (zh) 2018-08-23 2018-08-23 嵌入式程序的安全引导方法、装置、设备及存储介质

Country Status (4)

Country Link
US (1) US11562075B2 (zh)
EP (1) EP3644181A4 (zh)
CN (1) CN111095213B (zh)
WO (1) WO2020037612A1 (zh)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112711761A (zh) * 2021-01-12 2021-04-27 联合汽车电子有限公司 控制器的安全防护方法、控制器的主芯片及控制器
CN114266083A (zh) * 2021-12-24 2022-04-01 杭州万高科技股份有限公司 一种芯片内密钥的安全存储方法
CN114615075A (zh) * 2022-03-28 2022-06-10 重庆长安汽车股份有限公司 一种控制器的软件防篡改***、方法及存储介质
CN115080075A (zh) * 2022-08-22 2022-09-20 南京芯驰半导体科技有限公司 一种嵌入式硬件安全模块的固件部署***及方法

Families Citing this family (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110677250B (zh) 2018-07-02 2022-09-02 阿里巴巴集团控股有限公司 密钥和证书分发方法、身份信息处理方法、设备、介质
CN110795742B (zh) 2018-08-02 2023-05-02 阿里巴巴集团控股有限公司 高速密码运算的度量处理方法、装置、存储介质及处理器
CN110795774B (zh) 2018-08-02 2023-04-11 阿里巴巴集团控股有限公司 基于可信高速加密卡的度量方法、设备和***
CN110874478B (zh) * 2018-08-29 2023-05-02 阿里巴巴集团控股有限公司 密钥处理方法及装置、存储介质和处理器
CN111597560B (zh) * 2020-05-18 2023-05-09 国网电力科学研究院有限公司 一种安全可信模组启动方法及***
CN112114888B (zh) * 2020-09-29 2024-05-17 上海大郡动力控制技术有限公司 一种电动汽车电控***通用客户端引导程序生成方法
CN112632562B (zh) * 2020-12-28 2024-01-26 四川虹微技术有限公司 设备启动方法、设备管理方法和嵌入式设备
KR20220155684A (ko) 2021-05-17 2022-11-24 삼성전자주식회사 Crum 칩 및 스마트 카드
CN113177201A (zh) * 2021-05-20 2021-07-27 北京奕斯伟计算技术有限公司 程序校验、签名方法及装置、soc芯片
CN113467842B (zh) * 2021-06-25 2023-09-19 厦门码灵半导体技术有限公司 适用于工业级应用场景的嵌入式设备的启动方法、嵌入式设备和计算机可读存储介质
CN113778061B (zh) * 2021-09-16 2023-03-28 广州锦红源电子科技有限公司 电子控制器程序完整性的校验方法、装置、电子控制器
CN115766014A (zh) * 2022-05-19 2023-03-07 惠州市德赛西威汽车电子股份有限公司 一种控制器安全管理方法、装置、车辆及存储介质
CN114785503B (zh) * 2022-06-16 2022-09-23 北京智芯半导体科技有限公司 密码卡及其根密钥保护方法、计算机可读存储介质
CN115130114B (zh) * 2022-08-31 2022-12-23 杭州云动智能汽车技术有限公司 一种网关安全启动方法、装置、电子设备及存储介质
GB2624661A (en) * 2022-11-24 2024-05-29 Secure Thingz Ltd Secure provisioning of a programmable device

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050283601A1 (en) * 2004-06-22 2005-12-22 Sun Microsystems, Inc. Systems and methods for securing a computer boot
US20060236122A1 (en) * 2005-04-15 2006-10-19 Microsoft Corporation Secure boot
US20120060039A1 (en) * 2010-03-05 2012-03-08 Maxlinear, Inc. Code Download and Firewall for Embedded Secure Application
CN103226482A (zh) * 2013-03-22 2013-07-31 深圳市九洲电器有限公司 一种机顶盒引导启动方法和装置
CN103810421A (zh) * 2014-02-19 2014-05-21 北京视博数字电视科技有限公司 应用程序的校验方法、装置和终端设备
CN103914658A (zh) * 2013-01-05 2014-07-09 展讯通信(上海)有限公司 终端设备的安全启动方法及终端设备
US20150113278A1 (en) * 2012-03-02 2015-04-23 Syphermedia International, Inc. Blackbox security provider programming system permitting multiple customer use and in field conditional access switching
KR20180007717A (ko) * 2016-07-13 2018-01-24 (주)이더블유비엠 이중보안기능을 가지는 SoC 및 SoC의 이중보안방법
CN108347332A (zh) * 2017-06-06 2018-07-31 清华大学 验证固件签名的方法及装置
US10057243B1 (en) * 2017-11-30 2018-08-21 Mocana Corporation System and method for securing data transport between a non-IP endpoint device that is connected to a gateway device and a connected service

Family Cites Families (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4058322B2 (ja) * 2002-10-07 2008-03-05 株式会社ルネサステクノロジ メモリカード
CN103258164A (zh) * 2013-02-20 2013-08-21 中国电力科学研究院 一种嵌入式可信***的启动方法
US9471785B2 (en) * 2013-08-30 2016-10-18 Freescale Semiconductor, Inc. Systems and methods for secure boot ROM patch
JP6054908B2 (ja) * 2014-05-22 2016-12-27 レノボ・シンガポール・プライベート・リミテッド 変数セットを修復する方法、コンピュータ・プログラムおよびコンピュータ
CN104156659B (zh) * 2014-08-14 2017-02-01 电子科技大学 一种嵌入式***的安全启动方法
US9953167B2 (en) * 2015-10-12 2018-04-24 Microsoft Technology Licensing, Llc Trusted platforms using minimal hardware resources
KR102353058B1 (ko) * 2016-02-02 2022-01-20 삼성전자주식회사 시스템 온 칩 및 그것의 동작 방법
US9778309B1 (en) * 2016-03-17 2017-10-03 Qualcomm Incorporated Type-C factory and special operating mode support
US10268844B2 (en) * 2016-08-08 2019-04-23 Data I/O Corporation Embedding foundational root of trust using security algorithms
KR102617354B1 (ko) * 2017-01-05 2023-12-26 삼성전자주식회사 보안 부트 시퀀서 및 보안 부트 장치
US10528740B2 (en) * 2017-06-15 2020-01-07 International Business Machines Corporation Securely booting a service processor and monitoring service processor integrity
TWI626541B (zh) * 2017-08-31 2018-06-11 慧榮科技股份有限公司 將資料寫入至快閃記憶體模組的方法及相關的快閃記憶體控制器與電子裝置
CN108154025A (zh) * 2017-12-22 2018-06-12 北京四达时代软件技术股份有限公司 嵌入式设备启动的方法、应用程序镜像处理的方法及装置
US10819510B2 (en) * 2018-02-06 2020-10-27 Wickr Inc. Facilitating communications using hybrid cryptography

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050283601A1 (en) * 2004-06-22 2005-12-22 Sun Microsystems, Inc. Systems and methods for securing a computer boot
US20060236122A1 (en) * 2005-04-15 2006-10-19 Microsoft Corporation Secure boot
US20120060039A1 (en) * 2010-03-05 2012-03-08 Maxlinear, Inc. Code Download and Firewall for Embedded Secure Application
US20150113278A1 (en) * 2012-03-02 2015-04-23 Syphermedia International, Inc. Blackbox security provider programming system permitting multiple customer use and in field conditional access switching
CN103914658A (zh) * 2013-01-05 2014-07-09 展讯通信(上海)有限公司 终端设备的安全启动方法及终端设备
CN103226482A (zh) * 2013-03-22 2013-07-31 深圳市九洲电器有限公司 一种机顶盒引导启动方法和装置
CN103810421A (zh) * 2014-02-19 2014-05-21 北京视博数字电视科技有限公司 应用程序的校验方法、装置和终端设备
KR20180007717A (ko) * 2016-07-13 2018-01-24 (주)이더블유비엠 이중보안기능을 가지는 SoC 및 SoC의 이중보안방법
CN108347332A (zh) * 2017-06-06 2018-07-31 清华大学 验证固件签名的方法及装置
US10057243B1 (en) * 2017-11-30 2018-08-21 Mocana Corporation System and method for securing data transport between a non-IP endpoint device that is connected to a gateway device and a connected service

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112711761A (zh) * 2021-01-12 2021-04-27 联合汽车电子有限公司 控制器的安全防护方法、控制器的主芯片及控制器
CN112711761B (zh) * 2021-01-12 2024-03-19 联合汽车电子有限公司 控制器的安全防护方法、控制器的主芯片及控制器
CN114266083A (zh) * 2021-12-24 2022-04-01 杭州万高科技股份有限公司 一种芯片内密钥的安全存储方法
CN114615075A (zh) * 2022-03-28 2022-06-10 重庆长安汽车股份有限公司 一种控制器的软件防篡改***、方法及存储介质
CN115080075A (zh) * 2022-08-22 2022-09-20 南京芯驰半导体科技有限公司 一种嵌入式硬件安全模块的固件部署***及方法
CN115080075B (zh) * 2022-08-22 2022-11-18 南京芯驰半导体科技有限公司 一种嵌入式硬件安全模块的固件部署***及方法

Also Published As

Publication number Publication date
WO2020037612A1 (zh) 2020-02-27
CN111095213B (zh) 2024-04-30
US11562075B2 (en) 2023-01-24
EP3644181A4 (en) 2020-07-15
EP3644181A1 (en) 2020-04-29
US20200117805A1 (en) 2020-04-16

Similar Documents

Publication Publication Date Title
CN111095213B (zh) 嵌入式程序的安全引导方法、装置、设备及存储介质
US9953166B2 (en) Method for securely booting target processor in target system using a secure root of trust to verify a returned message authentication code recreated by the target processor
KR100792287B1 (ko) 자체 생성한 암호화키를 이용한 보안방법 및 이를 적용한보안장치
US11829479B2 (en) Firmware security verification method and device
JP5607546B2 (ja) 保護された動作モードの間にシステムアクセスを制御するための方法および装置
US8572410B1 (en) Virtualized protected storage
US20230020278A1 (en) Secure boot assist for devices, and related systems, methods and devices
US8438658B2 (en) Providing sealed storage in a data processing device
CN110990084B (zh) 芯片的安全启动方法、装置、存储介质和终端
US20080205651A1 (en) Secure processor system without need for manufacturer and user to know encryption information of each other
US20070237325A1 (en) Method and apparatus to improve security of cryptographic systems
US9842214B2 (en) System and method to secure on-board bus transactions
US20210367781A1 (en) Method and system for accelerating verification procedure for image file
CN112148314B (zh) 一种嵌入式***的镜像验证方法、装置、设备及存储介质
CN111095200A (zh) 嵌入式程序的安全升级方法、装置、设备及存储介质
JP2018508063A (ja) セキュア素子
KR101954439B1 (ko) 이중보안기능을 가지는 SoC 및 SoC의 이중보안방법
US7624442B2 (en) Memory security device for flexible software environment
JP2018169694A (ja) 故障利用攻撃に対しての耐タンパー性を持たせたセキュリティデバイス
US11768963B2 (en) System and method for validating trust provisioning operation on system-on-chip
US20220317184A1 (en) Secured debug
CN114995918A (zh) 基板管理控制器的启动方法、配置方法、装置及电子设备
US20230017231A1 (en) Securely executing software based on cryptographically verified instructions
CN111357003A (zh) 预操作***环境中的数据保护
US20240020422A1 (en) Process and circuit for verifying the integrity of a software application

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant