CN114598465B - Data updating method and controller - Google Patents

Data updating method and controller Download PDF

Info

Publication number
CN114598465B
CN114598465B CN202210227244.8A CN202210227244A CN114598465B CN 114598465 B CN114598465 B CN 114598465B CN 202210227244 A CN202210227244 A CN 202210227244A CN 114598465 B CN114598465 B CN 114598465B
Authority
CN
China
Prior art keywords
information
verification
updating
update
encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210227244.8A
Other languages
Chinese (zh)
Other versions
CN114598465A (en
Inventor
丛聪
孙潇
陈娜娜
覃艳
***
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Weichai Power Co Ltd
Weifang Weichai Power Technology Co Ltd
Original Assignee
Weichai Power Co Ltd
Weifang Weichai Power Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Weichai Power Co Ltd, Weifang Weichai Power Technology Co Ltd filed Critical Weichai Power Co Ltd
Priority to CN202210227244.8A priority Critical patent/CN114598465B/en
Publication of CN114598465A publication Critical patent/CN114598465A/en
Application granted granted Critical
Publication of CN114598465B publication Critical patent/CN114598465B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Algebra (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)

Abstract

The application provides a data updating method and a controller. In the data updating method, the updating verification characterization information is encrypted in an encryption mode of taking the public key of the first device included in the updating verification request as an encryption key, namely the updating verification characterization information is subjected to double encryption, so that even if any third party intercepts the public key in the transmission path, any original plaintext information cannot be directly decrypted; in addition, the updated characterization information is directly encrypted and stored in the first device before updating and verifying, so that the updated characterization information cannot be intercepted by a third party in the updating and verifying process; in summary, the data updating method provided by the application can reduce potential safety hazards existing in the updating process; the encryption chip can be regarded as the first device in the data updating method, so the data updating method provided by the application can also reduce the potential safety hazard of the encryption chip in the updating process.

Description

Data updating method and controller
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a data updating method and a controller.
Background
In the ECU (Electronic Control Unit, an electric control unit), a main singlechip communicates with an external encryption chip to exchange key information so as to update software of the external encryption chip; in general, the security of the update process can be ensured by providing an identity authentication or encryption credential through an encryption chip.
However, at present, a hacker can crack identity authentication or encryption credentials provided by the encryption chip by utilizing the vulnerability of the encryption chip, so as to perform illegal operations such as pirating or falsifying software content, and further, potential safety hazards exist in a finer process of the encryption chip.
Therefore, how to reduce the potential safety hazard in the updating process of the encryption chip is a technical problem to be solved.
Disclosure of Invention
In view of the above, the present invention provides a data updating method and a controller to reduce the potential safety hazard in the updating process of the encryption chip.
In order to achieve the above object, the embodiment of the present invention provides the following technical solutions:
the application provides a data updating method, which comprises the following steps:
after sending an update verification request to a second device, a first device receives first update verification encryption information from the second device; the first updating verification encryption information is encrypted by adopting an encryption mode that a public key of the first device included in the updating verification request is taken as an encryption key;
the first device decrypts the updated verification characterization information from the first updated verification encryption information, and encrypts the updated verification characterization information again to obtain second updated verification encryption information;
the first device judges whether the second updating verification encryption information is consistent with updating encryption information stored in the first device in advance in an encrypted manner; the updating encryption information is the same as the encryption mode of the second updating verification encryption information;
And if the second updating verification encryption information is consistent with the updating encryption information, judging that the updating verification is successful, and feeding back an updating verification result to the second equipment.
Optionally, the updating the update information characterized by the characterization information includes: a unique serial number of the first device and a unique serial number of the second device;
The unique serial number of the second device is sent to the first device during the burning of the second device.
Optionally, the updating verification information characterized by the verification characterization information includes: a unique serial number of the first device and a unique serial number of the second device;
The unique serial number of the first device is sent by the first device to the second device together with the sending of the authentication request to the second device.
Optionally, the updating the update information characterized by the characterization information further includes: version information of a current version of the second device;
Before the first update verification is successful, the version information of the current version of the second device is sent to the first device in the burning process of the second device.
Optionally, the updating verification information characterized by the updating verification characterization information further includes: version information of a current version of the second device.
Optionally, while the first device receives the first update authentication encryption information from the second device, the method further includes:
the first equipment receives encryption information to be updated from the second equipment and decrypts version information of a version to be updated of the second equipment from the encryption information to be updated; the encryption information to be updated is encrypted by adopting a digital envelope encryption mode.
Optionally, after determining that the update verification is successful and feeding back the update verification result to the second device, the method further includes:
and the first equipment updates the verification encryption information according to the version information of the version to be updated of the second equipment.
Optionally, the update characterization information is update summary information obtained after digital summary of the update information, and the update verification characterization information is update verification summary information obtained after digital summary of the update verification information.
Optionally, the first device is a slave device in the master-slave device, and the second device is a master device in the master-slave device.
The present application provides a controller comprising: a processing unit and a storage unit; wherein:
The processing unit is used for executing the program stored in the storage unit;
the program stored in the storage unit includes a data updating method according to any one of the above aspects of the present application.
According to the technical scheme, the application provides a data updating method. In the data updating method, the updating verification characterization information is encrypted in an encryption mode of taking the public key of the first device included in the updating verification request as an encryption key, namely the updating verification characterization information is subjected to double encryption, so that even if any third party intercepts the public key in the transmission path, any original plaintext information cannot be directly decrypted; in addition, the updated characterization information is directly encrypted and stored in the first device before updating and verifying, so that the updated characterization information cannot be intercepted by a third party in the updating and verifying process; in summary, the data updating method provided by the application can reduce potential safety hazards existing in the updating process; the encryption chip can be regarded as the first device in the data updating method, so the data updating method provided by the application can also reduce the potential safety hazard of the encryption chip in the updating process.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only embodiments of the present invention, and that other drawings can be obtained according to the provided drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic flow chart of an embodiment of a data update method according to the present application;
FIG. 2 is a flow chart of a method for offline security authentication between devices of the Internet of things in the prior art;
FIG. 3 is a flowchart illustrating another embodiment of a data update method according to an embodiment of the present application;
FIG. 4 is a flow chart of obtaining encryption information to be updated;
FIG. 5 is a data flow diagram of the first device and the second device when the second device is burned;
FIG. 6 is a data flow diagram of a first device and a second device during update verification of the second device.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
In the present disclosure, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
In order to reduce the potential safety hazard in the updating process of the encryption chip, another embodiment of the present application provides a data updating method, the specific flow of which is shown in fig. 1, comprising the following steps:
S110, after sending an update verification request to the second device, the first device receives first update verification encryption information from the second device.
Optionally, the first device is a slave device in the master-slave device, and the second device is a master device in the master-slave device; in practical applications, including but not limited to, any two devices or systems that need to be updated are not specifically limited herein, and they are within the scope of the present application as the case may be.
The update verification request is sent to the second device when the first device needs to update data, so as to obtain update verification encryption information of the second device to perform update verification; typically, the public key of the first device is included in the update authentication request, as shown in fig. 6.
The encryption mode adopted by the first updating verification encryption information is an encryption mode taking a public key of the first equipment as an encryption key, so that the updating verification characterization information is updated verification abstract information at the moment; the data flow when the first updated verification encryption information is obtained is as shown in fig. 6, and the specific process of obtaining the updated verification encryption information is as follows: and the second device calls the public key of the first device to asymmetrically encrypt the updated verification characterization information to obtain the first updated verification encryption information.
The first update verification characterization information is information for verifying whether the update accords with a rule in an update verification process, namely, verifying whether the second device can update the second device.
S120, the first device decrypts the updated verification characterization information from the first updated verification encryption information, and encrypts the updated verification characterization information again to obtain second updated verification encryption information.
Wherein, when the first device decrypts the updated verification characterization information from the first updated verification encryption information, the data flow is opposite to that of the encrypted data, and is not illustrated here; the specific process of decrypting the updated verification characterization information from the first updated verification encryption information by the first device is as follows: the first device invokes the private key of the first device to decrypt the first update verification encryption information to obtain update verification characterization information, namely update verification summary information.
Optionally, when the updated verification characterization information is encrypted again, an asymmetric encryption mode, such as a digital signature encryption mode, or a symmetric encryption mode may be adopted; in practical applications, including but not limited to, the present application is not limited to, and can be applied to the protection scope of the present application as the case may be.
When the second updating verification encryption information adopts a digital signature encryption mode, updating verification characterization information into updating verification abstract information, wherein the specific encryption process is as follows: the first device calls a public key cryptographic algorithm to generate and store a public key and a private key of the first device, and performs asymmetric encryption on the update verification summary information by using the private key of the first device to obtain second update verification encryption information.
It should be noted that, the second updating verification characterization information is also information for verifying whether the updating accords with the rule in the updating verification process, that is, verifying whether the second device can update the second device; therefore, the second updated verification characterizing information has the same function as the first updated verification characterizing information, but has different encryption modes, so the purpose of converting the second updated verification characterizing information is as follows: and keeping consistent with the encryption mode of updating the encryption information so as to perform updating verification.
Alternatively, the public key cryptographic algorithm may be elliptic curve public key cryptographic algorithm, or may be RSA asymmetric algorithm; in practical applications, including but not limited to, asymmetric algorithms such as ECC, SM2, etc., the present application is not limited thereto, and the present application can be applied to any situation.
S130, the first device judges whether the second updating verification encryption information is consistent with updating encryption information stored in the first device in advance.
If the second updated verification encryption information is consistent with the updated encryption information, executing step S140; if the second updated authentication encryption information is inconsistent with the updated encryption information, step S150 is executed.
The encryption mode of the updated encryption information is the same as that of the second updated verification encryption information, so that in practical application, the encryption mode including the updated encryption information is not particularly limited herein, and the updated encryption information is within the protection scope of the present application according to the specific situation.
When the updating encryption information adopts the encryption mode of digital signature, the updating characterization information is updating abstract information, as shown in fig. 5, and the specific encryption process is as follows: the first device calls a public key cryptographic algorithm to generate and store a public key and a private key of the first device, and performs asymmetric encryption on the update summary information by using the private key of the first device to obtain update encryption information and store the update encryption information.
The updated characterization information is information used as a verification standard in the updating verification process.
Alternatively, the public key cryptographic algorithm may be elliptic curve public key cryptographic algorithm, or may be RSA asymmetric algorithm; in practical applications, including but not limited to, asymmetric algorithms such as ECC, SM2, etc., the present application is not limited thereto, and the present application can be applied to any situation.
And S140, judging that the updating verification is successful, and feeding back the updating verification result to the second equipment.
S150, judging that the updating verification fails, and feeding back an updating verification result to the second device.
In this embodiment, since the update verification characterization information is encrypted by using an encryption method using the public key of the first device included in the update verification request as an encryption key, that is, the update verification characterization information is doubly encrypted, even if any third party intercepts the public key in the transmission path, it is not possible to directly decrypt and obtain any original plaintext information; in addition, the updated characterization information is directly encrypted and stored in the first device before updating and verifying, so that the updated characterization information cannot be intercepted by a third party in the updating and verifying process; in summary, the data updating method provided by the application can reduce potential safety hazards existing in the updating process; the encryption chip can be regarded as the first device in the data updating method, so the data updating method provided by the application can also reduce the potential safety hazard of the encryption chip in the updating process.
In the prior art, there is a method for offline security authentication between devices of the internet of things, the specific flow of which is shown in fig. 2, and the method specifically includes the following steps:
S210, the first Internet of things device generates a first temporary public key and a first random number.
S220, the first Internet of things device digitally signs the preset first device unique identifier, the first temporary public key and the first random number according to the preset first device private key, and first signature data are generated.
S230, the first Internet of things device sends first signature data, a preset first device public key, a first device unique identifier, a first temporary public key and a first random number to the second Internet of things device.
S240, the first Internet of things device receives second signature data, a second device public key, a second device unique identifier, a second temporary public key and a second random number, which are sent by the second Internet of things device.
S250, the first Internet of things device performs second decryption on the second signature data according to the second device public key, and verifies whether the unique identifier of the second device, the second temporary public key and the second random number are consistent with the second decrypted content.
Therefore, in the first internet of things device, only the second device unique identifier, the second temporary public key and whether the second random number are consistent with the analysis data of the second signature data is verified, but the device which sends the data to itself is not verified to be legal, so that if the device is taken as the basis for data update release, the situation that the first internet of things device updates the data of any third party device possibly occurs, and data leakage is caused.
To solve this problem, another embodiment of the present application provides another implementation of the data updating method, in which a specific procedure is the same as that provided in the above embodiment, but the updated characterization information and the updated verification characterization information are slightly different, and specifically the following situations are:
Updating the update information characterized by the characterization information, comprising: a unique serial number of the first device and a unique serial number of the second device. The unique serial number of the second device is sent to the first device in the burning process of the second device.
Updating the updated verification information characterized by the verification characterization information, comprising: a unique serial number of the first device and a unique serial number of the second device. Wherein the unique serial number of the first device is sent by the first device to the second device together when sending the authentication request to the second device.
In this embodiment, since the update characterizing information is bound with the unique serial number of the first device and the unique serial number of the second device together, in the verification process, the update verification is successful only when the update verifying information characterized by the update characterizing information includes both the unique serial number of the first device and the unique serial number of the second device, so that the situation that data is revealed due to the data update of the third party device by the second device can be avoided, and therefore, the potential safety hazard in the update verification process can be further reduced.
In addition, in the implementation manner provided in the foregoing embodiment, for the first device, since the update verification characterization information and the update characterization information remain unchanged in each update verification process, a situation that the substitute message falsifies the signature may occur, that is, the third party device uses the intercepted update verification characterization message in the previous verification process to disguise, so that the second device performs data update on the update verification message, thereby having a potential safety hazard in the update verification process.
To solve this problem, another embodiment of the present application provides another implementation manner of the data updating method, in which the updated characterization information and the updated verification characterization information are slightly different, specifically as follows:
Updating the update information characterized by the characterization information, as shown in fig. 5, includes: the unique serial number of the first device, the unique serial number of the second device, and version information of the current version of the second device; wherein, in general, the version information of the current version of the second device is a string of information character strings containing item codes and item numbers; in addition, as shown in fig. 5, the unique serial number of the second device is sent to the first device during the burning process of the second device, and before the first update verification is successful, the version information of the current version of the second device is sent to the first device during the burning process of the second device.
Update verification information characterized by the update verification characterization information, as shown in fig. 6, includes: the unique serial number of the first device, the unique serial number of the second device, and version information of the current version of the second device; wherein the unique serial number of the first device is sent by the first device to the second device together when sending an authentication request to the second device, as shown in fig. 6.
In addition, in this embodiment, as shown in fig. 3, the specific flow includes the following steps while executing step S110:
s310, the first device receives the encryption information to be updated from the second device, and decrypts version information of the version to be updated of the second device from the encryption information to be updated.
The encryption information to be updated is encrypted by adopting a digital envelope encryption mode; it should be noted that, the data flow for obtaining the encrypted information to be updated is shown in fig. 6 (similar to the encrypted information to be updated, not specifically shown), the specific flow for obtaining the encrypted information to be updated is shown in fig. 4, and specifically includes the following steps:
S410, the second device selects a random number, and symmetrically encrypts version information of the version to be updated of the second device by taking the random number as a temporary session key to generate ciphertext information of the version to be updated.
S420, the second device calls the public key of the first device, performs asymmetric encryption on the temporary session key, and generates a ciphertext key.
S430, the second device packages the ciphertext key and the version ciphertext information to be updated into encryption information to be updated.
In practical application, the encryption information to be updated may also adopt other encryption modes, so long as the version information of the second device to be updated can be restored after encryption, the method is not particularly limited, and the method and the device are all within the protection scope of the application according to the specific conditions.
It should be noted that, in practical applications, the execution position of the step S310 is not limited to this, and the execution position is just before the step S320, which is not limited specifically herein, and can be within the protection scope of the present application as the case may be.
After step S140, the method further includes the steps of:
S320, the first device updates the verification encryption information according to version information of the version to be updated of the second device.
Specifically, the specific process of step S320 is: updating the version information of the current version of the second device in the updated characterization information by the version information of the version to be updated of the second device, calling a private key of the second device to asymmetrically encrypt the updated characterization information after updating, and replacing the original updated encryption information by the updated encryption information again, so that updating of the updated encryption information is realized.
In this embodiment, since the version information of the current version of the second device is added to the update verification characterizing information and the update information characterized by the update characterizing information, and after step S140, the verification encrypting information is updated with the version information of the to-be-updated version of the second device, so that one signature at a time is realized, the repeated update verification characterizing information cannot pass the update verification, and further, the situation that the replacement message falsifies the signature can be avoided, and therefore, the potential safety hazard existing in the update verification process can be further reduced.
The embodiment also provides another specific implementation manner for updating the verification token and the updated token information, which is specifically as follows: the update characterization information is update abstract information obtained after digital abstract is performed on the update information, and the update verification characterization information is update verification abstract information obtained after digital abstract is performed on the update verification information.
The process of obtaining the update summary information by digital summary of the update information is similar to the process of obtaining the update summary information by digital summary of the update verification information, and only the process of obtaining the update summary information by digital summary of the update information is described in detail herein, the process of obtaining the update summary information by digital summary of the update verification information may refer to the process of obtaining the update summary information by digital summary of the update information, and the process of obtaining the update summary information by digital summary of the update information is derived and is not repeated herein.
The process of obtaining the update abstract information by carrying out digital abstract on the update information comprises the following steps: the first device calls a hash function to calculate the update information, and the generated hash digest value is the update digest information.
The hash function is also called as one-way hash function, and is a method for creating small data fingerprint from any data, that is, the hash function can compress information or data into a digest so that the data volume is reduced; and the compressed abstract is in a fixed data format.
Alternatively, the hash function may be SHAI algorithm, may be SHA256 algorithm, and in practical applications, including but not limited to, for example, SM3 algorithm, which is not limited herein, are within the scope of the present application, and may be within the scope of the present application as appropriate.
In this embodiment, since the digital digest is also equivalent to an encryption manner, the updating characterization information is encrypted again after that, which is equivalent to double encryption of the updating characterization information, so that even if any third party intercepts the public key in the transmission path, any original plaintext information cannot be directly decrypted, thereby further reducing the potential safety hazard in the updating process of the encryption chip.
Another embodiment of the present application provides a controller, which specifically includes: a processing unit and a storage unit; the processing unit is used for executing the program stored in the storage unit; the program stored in the storage unit includes the data updating method as provided in any of the above embodiments.
In this specification, each embodiment is described in a progressive manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. In particular, for a system or system embodiment, since it is substantially similar to a method embodiment, the description is relatively simple, with reference to the description of the method embodiment being made in part. The systems and system embodiments described above are merely illustrative, wherein the elements illustrated as separate elements may or may not be physically separate, and the elements shown as elements may or may not be physical elements, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative elements and steps are described above generally in terms of functionality in order to clearly illustrate the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (8)

1. A method of updating data, comprising:
after sending an update verification request to a second device, a first device receives first update verification encryption information from the second device; the first updating verification encryption information is encrypted by adopting an encryption mode that a public key of the first device included in the updating verification request is taken as an encryption key;
the first device decrypts the updated verification characterization information from the first updated verification encryption information, and encrypts the updated verification characterization information again to obtain second updated verification encryption information;
The first device judges whether the second updating verification encryption information is consistent with updating characterization information stored in the first device in advance in an encrypted manner; the updating characterization information and the second updating verification encryption information are encrypted in the same way;
if the second updating verification encryption information is consistent with the updating characterization information, judging that updating verification is successful, and feeding back an updating verification result to the second equipment;
The updating information characterized by the updating characterization information comprises the following steps: a unique serial number of the first device and a unique serial number of the second device;
the unique serial number of the second device is sent to the first device in the burning process of the second device;
the update verification information characterized by the update verification characterization information comprises: a unique serial number of the first device and a unique serial number of the second device;
the unique serial number of the first device is sent by the first device to the second device together when sending an authentication request to the second device.
2. The data updating method according to claim 1, wherein updating the update information characterized by the characterization information further comprises: version information of a current version of the second device;
Before the first update verification is successful, the version information of the current version of the second device is sent to the first device in the burning process of the second device.
3. The data updating method according to claim 2, wherein the update-verification-information characterized by the update-verification-characterization information further comprises: version information of a current version of the second device.
4. The data updating method according to claim 3, wherein, while the first device receives the first update authentication encryption information from the second device, further comprising:
the first equipment receives encryption information to be updated from the second equipment and decrypts version information of a version to be updated of the second equipment from the encryption information to be updated; the encryption information to be updated is encrypted by adopting a digital envelope encryption mode.
5. The data updating method according to claim 4, further comprising, after determining that the update verification is successful and feeding back an update verification result to the second device:
and the first equipment updates the verification encryption information according to the version information of the version to be updated of the second equipment.
6. The data updating method according to any one of claims 1 to 5, wherein the update-characterization information is update-digest information obtained by digitally abstracting the update information, and the update-verification-characterization information is update-verification-digest information obtained by digitally abstracting the update-verification information.
7. The data updating method according to any one of claims 1 to 5, wherein the first device is a slave device of a master-slave device, and the second device is a master device of the master-slave device.
8. A controller, comprising: a processing unit and a storage unit; wherein:
The processing unit is used for executing the program stored in the storage unit;
the program stored in the storage unit includes the data updating method according to any one of claims 1 to 7.
CN202210227244.8A 2022-03-08 2022-03-08 Data updating method and controller Active CN114598465B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210227244.8A CN114598465B (en) 2022-03-08 2022-03-08 Data updating method and controller

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210227244.8A CN114598465B (en) 2022-03-08 2022-03-08 Data updating method and controller

Publications (2)

Publication Number Publication Date
CN114598465A CN114598465A (en) 2022-06-07
CN114598465B true CN114598465B (en) 2024-05-17

Family

ID=81816655

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210227244.8A Active CN114598465B (en) 2022-03-08 2022-03-08 Data updating method and controller

Country Status (1)

Country Link
CN (1) CN114598465B (en)

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1950780A (en) * 2004-03-10 2007-04-18 松下电器产业株式会社 Authentication system and authentication apparatus
CN108419233A (en) * 2017-01-31 2018-08-17 福特全球技术公司 Over-the-air updating safety
CN110868294A (en) * 2019-12-09 2020-03-06 北京智宝云科科技有限公司 Key updating method, device and equipment
CN111641505A (en) * 2020-04-20 2020-09-08 广东乐心医疗电子股份有限公司 Information processing method and device, electronic equipment and readable storage medium
CN111770488A (en) * 2020-07-03 2020-10-13 Oppo广东移动通信有限公司 EHPLMN updating method, related equipment and storage medium
CN111786820A (en) * 2020-06-16 2020-10-16 浙江国利网安科技有限公司 Firmware updating method and device and network equipment
CN112134884A (en) * 2020-09-23 2020-12-25 普联技术有限公司 Message serial number updating method
CN112241284A (en) * 2020-12-16 2021-01-19 支付宝(杭州)信息技术有限公司 Program data updating method, system, device and equipment based on privacy protection
CN112733107A (en) * 2021-04-02 2021-04-30 腾讯科技(深圳)有限公司 Information verification method, related device, equipment and storage medium
CN113127020A (en) * 2019-12-30 2021-07-16 华为技术有限公司 Software upgrading method and device
CN113239341A (en) * 2021-07-12 2021-08-10 南京赛宁信息技术有限公司 Identity authentication method, equipment and system independent of user real characteristic information

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1712992A1 (en) * 2005-04-11 2006-10-18 Sony Ericsson Mobile Communications AB Updating of data instructions

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1950780A (en) * 2004-03-10 2007-04-18 松下电器产业株式会社 Authentication system and authentication apparatus
CN108419233A (en) * 2017-01-31 2018-08-17 福特全球技术公司 Over-the-air updating safety
CN110868294A (en) * 2019-12-09 2020-03-06 北京智宝云科科技有限公司 Key updating method, device and equipment
CN113127020A (en) * 2019-12-30 2021-07-16 华为技术有限公司 Software upgrading method and device
CN111641505A (en) * 2020-04-20 2020-09-08 广东乐心医疗电子股份有限公司 Information processing method and device, electronic equipment and readable storage medium
CN111786820A (en) * 2020-06-16 2020-10-16 浙江国利网安科技有限公司 Firmware updating method and device and network equipment
CN111770488A (en) * 2020-07-03 2020-10-13 Oppo广东移动通信有限公司 EHPLMN updating method, related equipment and storage medium
CN112134884A (en) * 2020-09-23 2020-12-25 普联技术有限公司 Message serial number updating method
CN112241284A (en) * 2020-12-16 2021-01-19 支付宝(杭州)信息技术有限公司 Program data updating method, system, device and equipment based on privacy protection
CN112733107A (en) * 2021-04-02 2021-04-30 腾讯科技(深圳)有限公司 Information verification method, related device, equipment and storage medium
CN113239341A (en) * 2021-07-12 2021-08-10 南京赛宁信息技术有限公司 Identity authentication method, equipment and system independent of user real characteristic information

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
Femtocell security in theory and practice;Fabian van den Broek;Nordic Conference on Secure IT Systems;全文 *
基于Lotus Notes的文档ID应用剖析;王锦程, 杨扬;现代电子技术(19);全文 *

Also Published As

Publication number Publication date
CN114598465A (en) 2022-06-07

Similar Documents

Publication Publication Date Title
US10652015B2 (en) Confidential communication management
US9847880B2 (en) Techniques for ensuring authentication and integrity of communications
US11533297B2 (en) Secure communication channel with token renewal mechanism
KR101010040B1 (en) File encryption/decryption method, device, program, and computer-readable recording medium containing the program
US8130961B2 (en) Method and system for client-server mutual authentication using event-based OTP
US7697691B2 (en) Method of delivering Direct Proof private keys to devices using an on-line service
CN110050437B (en) Apparatus and method for distributed certificate registration
JP4501349B2 (en) System module execution device
CN107094108B (en) Device connected to a data bus and method for implementing an encryption function in said device
Schaad et al. Secure/multipurpose internet mail extensions (s/mime) version 4.0 message specification
CN109981255B (en) Method and system for updating key pool
WO2020173332A1 (en) Trusted execution environment-based application activation method and apparatus
WO2005055514A1 (en) Methods, systems and computer program products for automatic rekeying in an authentication environment
JP2009089000A (en) Encryption module distribution system, encryption management server device, encryption processing apparatus, client device, encryption management program, encryption processing program, and client program
CN114697040B (en) Electronic signature method and system based on symmetric key
JP2022521525A (en) Cryptographic method for validating data
WO2021109817A1 (en) Key update method, data decryption method, and digital signature authentication method
CN117436043A (en) Method and device for verifying source of file to be executed and readable storage medium
CN112948896A (en) Signature information verification method and information signature method
CN114598465B (en) Data updating method and controller
JP2007517289A (en) Digital signature protection for software
CN114598464B (en) Data updating method and controller
KR100883442B1 (en) Method of delivering direct proof private keys to devices using an on-line service
CN112131597A (en) Method and device for generating encrypted information and intelligent equipment
CN109104393B (en) Identity authentication method, device and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant