CN115186273A - Power terminal, safe starting method and device thereof and storage medium - Google Patents
Power terminal, safe starting method and device thereof and storage medium Download PDFInfo
- Publication number
- CN115186273A CN115186273A CN202211088144.8A CN202211088144A CN115186273A CN 115186273 A CN115186273 A CN 115186273A CN 202211088144 A CN202211088144 A CN 202211088144A CN 115186273 A CN115186273 A CN 115186273A
- Authority
- CN
- China
- Prior art keywords
- application program
- power terminal
- call
- complete
- measurement
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 57
- 238000005259 measurement Methods 0.000 claims abstract description 154
- 230000002787 reinforcement Effects 0.000 claims abstract description 64
- 238000004422 calculation algorithm Methods 0.000 claims description 56
- 238000012795 verification Methods 0.000 description 9
- 230000006870 function Effects 0.000 description 6
- 230000003014 reinforcing effect Effects 0.000 description 4
- 238000004364 calculation method Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 239000000463 material Substances 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000004913 activation Effects 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 238000009795 derivation Methods 0.000 description 1
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000012827 research and development Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/4401—Bootstrapping
- G06F9/4406—Loading of operating system
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
Abstract
The invention discloses an electric power terminal and a safe starting method, a safe starting device and a storage medium thereof, wherein the electric power terminal comprises an operating system, application software and an embedded safety module, the application software comprises a safety reinforcement application program, a basic application program and a service application program, and the method comprises the following steps: after the power terminal is powered on, controlling an operating system to call an embedded security module to complete a security reinforcement application program and forward measurement of the operating system; after confirming that the forward measurement is successfully completed, starting a security reinforcement application program; controlling the security reinforcement application program to call the embedded security module to complete the reverse measurement of the operating system; and after the reverse measurement is successfully completed, controlling the operating system to call the embedded safety module to complete the forward measurement of the basic application program and the business application program. The method disclosed by the invention is used for orderly verifying the internal software of the power terminal based on the embedded safety module, can realize the safety protection of the power terminal, and is low in cost and high in safety.
Description
Technical Field
The present invention relates to the field of device security technologies, and in particular, to a secure boot method for an electrical power terminal, a secure boot apparatus for an electrical power terminal, a computer-readable storage medium, and an electrical power terminal.
Background
A set of complete service safety protection system is adopted for data acquisition and uploading of a traditional acquisition master station, a terminal and an electric energy meter, and the system is established based on an embedded safety module (ESAM) and a master station cipher machine to realize identity authentication, key management and ciphertext transmission between the master station and the terminal/electric energy meter. In the set of security protection system, since the operating system and all application programs carried by the terminal are developed and operated by each terminal manufacturer, the identity validity of the operating system and the application software is generally not verified in the terminal.
The intelligent terminal is as novel electric power terminal, carries on unified operating system, unified basic class application APP (application) and various business APPs, and fungible tradition terminal and distribution acquisition terminal realize marketing distribution equipment data acquisition, analysis and upload. And the operating system and the basic APP of the terminal are uniformly designed and managed by an authority department. The biggest difference between the intelligent terminal and the traditional terminal is that the intelligent terminal is similar to a smart phone, and the carried operating system, application components, patches and application APP can be remotely updated through an internet of things management platform and an application store. Therefore, how to prevent the operating system and the application APP from being tampered and ensure the terminal to be safely started and run is very important.
In the prior art, the RSA algorithm or the SM2 algorithm is combined with the SM3 algorithm to realize the safety verification of a certain part of contents of an operating system, and the method does not need to depend on hardware, has the advantages of independence of software and hardware, lower cost and the like, but has lower safety level. In addition, a special TPM (Trusted Platform Module) is adopted in a TPM-based technology, and new requirements are put on an existing hardware interface and configuration, which require close hardware fit, and have a high security level, but a complex architecture and a high cost.
Disclosure of Invention
The present invention is directed to solving, at least in part, one of the technical problems in the related art. Therefore, a first object of the present invention is to provide a secure start method for an electric power terminal, which is based on an embedded security module, and sequentially verifies internal software of the electric power terminal through a forward measurement and a reverse measurement, so as to implement security protection of the electric power terminal, and the method has the advantages of low cost and high security.
A second object of the present invention is to provide a safety starting device for an electric power terminal.
A third object of the invention is to propose a computer-readable storage medium.
A fourth object of the present invention is to provide an electric power terminal.
In order to achieve the above object, an embodiment of a first aspect of the present invention provides a secure startup method for an electric power terminal, where the electric power terminal includes an operating system, application software and an embedded security module, the application software includes a security reinforcement application program, a basic application program and a service application program, and the method includes: after the power terminal is powered on, controlling an operating system to call an embedded security module to complete a security reinforcement application program and forward measurement of the operating system; after confirming that the forward measurement is successfully completed, starting a security reinforcement application program; controlling the security reinforcement application program to call the embedded security module to complete the reverse measurement of the operating system; and after the reverse measurement is successfully completed, controlling the operating system to call the embedded safety module to complete the forward measurement of the basic application program and the business application program.
According to the safe starting method of the power terminal, after the power terminal is powered on, the operating system is controlled to call the embedded safety module to finish the safety reinforcement application program and the forward measurement of the operating system, after the forward measurement is confirmed to be successfully finished, the safety reinforcement application program is started, the safety reinforcement application program is controlled to call the embedded safety module to finish the reverse measurement of the operating system, and after the reverse measurement is confirmed to be successfully finished, the operating system is controlled to call the embedded safety module to finish the forward measurement of the basic application program and the business application program. Therefore, the method is based on the embedded safety module, the software in the power terminal is sequentially verified through the forward measurement and the reverse measurement, the safety protection of the power terminal can be realized, and the method is low in cost and high in safety.
In addition, the secure startup method of the power terminal according to the above embodiment of the present invention may further have the following additional technical features:
according to one embodiment of the invention, the operating system comprises a bootstrap program, a system kernel, a file system and a security starting component, and the control operating system calls an embedded security module to complete the security reinforcement application program and the forward measurement of the operating system, and the method comprises the following steps: controlling a bootstrap program to call an embedded security module to complete the forward measurement of a system kernel; and after the forward measurement of the system kernel is determined to be successful, controlling the system kernel to call the embedded security module to sequentially complete the forward measurement of the file system, the security starting component and the security reinforcement application program.
According to one embodiment of the invention, the method for controlling the bootstrap program to call the embedded security module to complete the forward measurement of the system kernel comprises the following steps: calculating the abstract value of a system kernel by adopting a SM3 cryptographic algorithm; and (4) adopting a SM2 cryptographic algorithm to check and sign the system kernel so as to complete forward measurement.
According to an embodiment of the present invention, the operating system further includes a driver, and when the security reinforcement application is started, the secure boot method of the power terminal further includes: and controlling key configuration files in the file system to sequentially load a driver and start the safe starting component.
According to one embodiment of the invention, the control of the security reinforcement application program to call the embedded security module to complete the reverse measurement of the operating system comprises the following steps: and controlling the security reinforcement application program to call the embedded security module to sequentially complete the reverse measurement of the bootstrap program and the system kernel.
According to one embodiment of the invention, controlling a security reinforcement application program to call an embedded security module to sequentially complete reverse measurement of a bootstrap program and a system kernel comprises: calculating abstract values of a bootstrap program and a system kernel by adopting a SM3 algorithm; and (4) adopting a state secret SM2 algorithm to check and sign the bootstrap program and the system kernel in sequence so as to complete reverse measurement.
According to one embodiment of the invention, the controlling the operating system calls the embedded security module to complete the forward measurement of the basic application program and the business application program comprises the following steps: the control safety starting component calls the embedded safety module to calculate the abstract values of the basic application program and the business application program by adopting a SM3 cryptographic algorithm; and (4) adopting a national secret SM2 algorithm to sequentially check and sign the basic application program and the business application program so as to complete forward measurement.
According to one embodiment of the invention, the watchdog of the power terminal is controlled to reset when the forward measurement or the reverse measurement fails to be determined.
According to one embodiment of the invention, the base application and the business application invoke the embedded security module through the security hardened application.
In order to achieve the above object, a second embodiment of the present invention provides a secure boot apparatus for an electrical terminal, where the electrical terminal includes an operating system, application software and an embedded security module, the application software includes a security reinforcement application, a basic application and a business application, and the apparatus includes: the control module is used for controlling the operating system to call the embedded security module to complete the security reinforcement application program and the forward measurement of the embedded security module after the power terminal is powered on; the starting module is used for starting the security reinforcement application program after confirming that the forward measurement is successfully completed; the control module is also used for controlling the security reinforcement application program to call the embedded security module to complete the reverse measurement of the operating system; and the control module is also used for controlling the operating system to call the embedded safety module to complete the forward measurement of the basic application program and the service application program after the successful completion of the reverse measurement is determined.
According to the safety starting device of the power terminal, the control module is used for controlling the operating system to call the embedded safety module to complete the safety reinforcement application program and the forward measurement of the control module after the power terminal is powered on, the starting module is used for starting the safety reinforcement application program after the forward measurement is confirmed to be completed successfully, the control module is also used for controlling the safety reinforcement application program to call the embedded safety module to complete the reverse measurement of the operating system, and the control module is also used for controlling the operating system to call the embedded safety module to complete the forward measurement of the basic application program and the business application program after the reverse measurement is confirmed to be completed successfully. Therefore, the device is based on the embedded safety module, orderly verifies the internal software of the power terminal through the forward measurement and the reverse measurement, can realize the safety protection of the power terminal, and has low cost and high safety.
In addition, the safety starting device of the power terminal according to the above embodiment of the present invention may further have the following additional technical features:
according to an embodiment of the present invention, the operating system includes a boot program, a system kernel, a file system, and a secure boot component, and the control module is specifically configured to, when the control operating system calls the embedded security module to complete the security hardened application and the forward measurement of the control operating system, perform: controlling a bootstrap program to call an embedded security module to complete the forward measurement of a system kernel; and after the forward measurement of the system kernel is determined to be successful, controlling the system kernel to call the embedded security module to sequentially complete the forward measurement of the file system, the security starting component and the security reinforcement application program.
According to an embodiment of the present invention, when the control bootstrap program calls the embedded security module to complete the forward measurement of the system kernel, the control module is specifically configured to: calculating the abstract value of a system kernel by adopting a SM3 cryptographic algorithm; and (5) adopting a national secret SM2 algorithm to check and sign the system kernel so as to complete forward measurement.
According to an embodiment of the present invention, the operating system further includes a driver, and when the security hardened application is started, the control module is further configured to control the key configuration file in the file system to sequentially load the driver and start the security boot component.
According to an embodiment of the present invention, when the control module controls the security hardened application to call the embedded security module to complete the reverse measurement of the operating system, the control module is specifically configured to: and controlling the security reinforcement application program to call the embedded security module to sequentially complete the reverse measurement of the bootstrap program and the system kernel.
According to an embodiment of the present invention, when the control module controls the security hardened application program to call the embedded security module to sequentially complete the reverse metrics of the bootstrap program and the system kernel, the control module is specifically configured to: calculating abstract values of a bootstrap program and a system kernel by adopting a SM3 algorithm; and (4) adopting a state secret SM2 algorithm to check and sign the bootstrap program and the system kernel in sequence so as to complete reverse measurement.
According to an embodiment of the present invention, when the control operating system calls the embedded security module to complete the forward measurement of the basic application program and the business application program, the control module is specifically configured to: the control safety starting component calls the embedded safety module to calculate abstract values of a basic application program and a business application program by adopting a state secret SM3 algorithm; and (4) adopting a SM2 cryptographic algorithm to check and sign the basic application program and the service application program in sequence so as to complete forward measurement.
According to an embodiment of the invention, the control module is further configured to control the watchdog of the power terminal to reset when the forward metric or the reverse metric is determined to fail.
According to one embodiment of the invention, the base application and the business application invoke the embedded security module through the security hardened application.
In order to achieve the above object, a third aspect of the present invention provides a computer-readable storage medium, on which a secure boot program of an electric power terminal is stored, and the secure boot program of the electric power terminal, when executed by a processor, implements the secure boot method of the electric power terminal described above.
According to the computer-readable storage medium provided by the embodiment of the invention, by executing the safe starting method of the power terminal, the safety protection of the power terminal can be realized, and the computer-readable storage medium is low in cost and high in safety.
To achieve the above object, a fourth aspect of the present invention provides a power terminal, including: the processor executes the safe starting program of the electric power terminal, and the safe starting method of the electric power terminal is realized.
According to the electric terminal provided by the embodiment of the invention, by executing the safe starting method of the electric terminal, the safety protection of the electric terminal can be realized, and the electric terminal is low in cost and high in safety.
Additional aspects and advantages of the invention will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the invention.
Drawings
Fig. 1 is a flowchart of a secure boot method of an electric power terminal according to an embodiment of the present invention;
FIG. 2 is a diagram of a secure boot architecture of a power terminal according to an embodiment of the present invention;
fig. 3 is a flowchart of a secure booting method of an electric power terminal according to a specific example of the present invention;
fig. 4 is a block diagram illustrating a safety starting apparatus of a power terminal according to an embodiment of the present invention;
fig. 5 is a block schematic diagram of a power terminal according to an embodiment of the invention.
Detailed Description
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are illustrative and intended to be illustrative of the invention and are not to be construed as limiting the invention.
A secure boot method of an electric power terminal, a secure boot apparatus of an electric power terminal, a computer-readable storage medium, and an electric power terminal according to embodiments of the present invention will be described below with reference to the accompanying drawings.
In an embodiment of the present invention, the power terminal includes an operating system, application software, and an embedded security module, wherein, as shown in fig. 2, the power terminal operating system may include: the system comprises a bootstrap program uboot, a system kernel, a file system, a driver and a safe starting component. The power terminal application software comprises: security hardened applications, base applications, and business applications. The bootstrap program uboot is responsible for hardware starting of the power terminal, the system kernel is responsible for task scheduling and task process management in the system, the driver program is responsible for operation of hardware and external equipment, the safety starting assembly is responsible for verifying the application program, the safety reinforcing application program is not only responsible for verifying the bootstrap program and the operating system, but also responsible for authorization of the embedded safety module, the basic application program is responsible for direct interaction with hardware driving, corresponding service is provided for the service application program, and the service application program can be connected with the power utilization information acquisition system and is responsible for realization of marketing and power distribution services. The embedded security module (ESAM) has the functions of identity mutual authentication, data encryption and decryption, distributed key derivation, internal distributed key, digital signature, data security storage and the like.
Fig. 1 is a flowchart of a secure boot method of an electric power terminal according to an embodiment of the present invention.
As shown in fig. 1, a method for safely starting a power terminal according to an embodiment of the present invention may include the following steps:
s1, after the power terminal is powered on, controlling an operating system to call an embedded security module to complete a security reinforcement application program and forward measurement of the embedded security module.
Specifically, powering up the power terminal activates a switch that turns on the power terminal. After the power terminal is powered on, security verification needs to be performed on the operating system and the application program, for example, whether a system file of the operating system is tampered, and whether malicious code (virus, trojan, malicious plug-in, etc.) is implanted. If the system file or the application program of the power terminal is tampered, the power terminal faces the safety crisis of information, and therefore the power terminal can control the operating system to call the embedded security module (ESAM) to complete the verification of the safety reinforced application program and the verification of the operating system.
According to one embodiment of the invention, the operating system comprises a bootstrap program, a system kernel, a file system and a security starting component, and the control operating system calls an embedded security module to complete the security reinforcement application program and the forward measurement of the operating system, and the method comprises the following steps: controlling a bootstrap program to call an embedded security module to complete the forward measurement of a system kernel; and after the forward measurement of the system kernel is determined to be successful, controlling the system kernel to call the embedded security module to sequentially complete the forward measurement of the file system, the security starting component and the security reinforcement application program.
According to one embodiment of the invention, the control bootstrap program calls the embedded security module to complete the forward measurement of the system kernel, and the method comprises the following steps: calculating the abstract value of a system kernel by adopting a SM3 cryptographic algorithm; and (5) adopting a national secret SM2 algorithm to check and sign the system kernel so as to complete forward measurement.
Specifically, referring to fig. 2, the operating system includes a boot program uboot, a system kernel, a file system, and a secure boot component. The method comprises the steps of calling an embedded security module ESAM through a bootstrap uboot, calculating a digest value of an operating system kernel by adopting a state secret SM3 algorithm, for example, forming a digital digest of the system kernel in the operating system by hash operation (a hash function is a function for changing an input message string with any length into an output string with a fixed length), encrypting the digital digest by using a private key to serve as the digest value of the operating system kernel, calling the embedded security module ESAM again by the bootstrap uboot, and checking the digest value of the operating system kernel by adopting a state secret SM2 algorithm, namely decrypting the digest value by using a public key and comparing the decrypted digest value with an original digest value to finish forward measurement operation. When the signature verification of the digest value of the kernel of the operating system is successful by adopting the SM2 algorithm, for example, the decrypted digest value is the same as the original digest value, which indicates that the information is not damaged or tampered in the transmission process, and the forward measurement of the kernel of the system is successful. After the fact that the forward measurement of the system kernel is successful is determined, the system kernel is controlled to call the embedded security module ESAM, the same forward measurement operation is sequentially carried out on the file system, the security starting assembly and the security reinforcing application program, and therefore whether the file system, the security starting assembly and the security reinforcing application program are tampered or not is judged.
And S2, after the forward measurement is confirmed to be completed successfully, starting the security reinforcement application program.
According to an embodiment of the present invention, the operating system further includes a driver, and when the security reinforced application is started, the secure startup method of the power terminal further includes: and controlling key configuration files in the file system to sequentially load a driver and start the safe starting component.
Specifically, referring to fig. 2, when the boot program uboot successfully completes the forward measurement on the system kernel, and the system kernel also successfully completes the forward measurement on the file system, the security boot component, and the security hardened application, the security hardened application is started through the file system, and the key configuration file in the file system is controlled, and the driver is sequentially loaded and the security boot component is started. For example, a driver is loaded through a key configuration file rc, which is written with a command for loading the driver and starting the secure boot component and the secure hardened application, and a secure boot component is started, and the corresponding program can be loaded or started by executing the command.
And S3, controlling the security reinforcement application program to call the embedded security module to complete the reverse measurement of the operating system.
According to one embodiment of the invention, the control of the security reinforcement application program to call the embedded security module to complete the reverse measurement of the operating system comprises the following steps: and controlling the security reinforcement application program to call the embedded security module to sequentially complete the reverse measurement of the bootstrap program and the system kernel.
According to an embodiment of the present invention, controlling a security hardened application to call an embedded security module to sequentially complete reverse metrics of a bootstrap program and a system kernel includes: calculating abstract values of a bootstrap program and a system kernel by adopting a SM3 algorithm; and (4) adopting a SM2 cryptographic algorithm to check and sign the bootstrap program and the system kernel in sequence so as to complete reverse measurement.
Specifically, after the security reinforcement application program is successfully started, the security reinforcement application program can call the embedded security module, calculate the abstract value of the bootstrap program uboot by adopting the SM3 cryptographic algorithm, calculate the abstract value of the system kernel by adopting the SM3 cryptographic algorithm, for example, a digital digest is formed by hashing the boot program uboot and the system kernel, and the digital digest is encrypted by using a private key as digest values of the boot program uboot and the system kernel. After the calculation of the digest values of the boot program uboot and the system kernel is completed, the security reinforcement application program calls the embedded security module again, and the signature verification is performed on the digest value of the boot program uboot and the digest value of the system kernel by adopting a state secret SM2 algorithm to complete the reverse measurement.
And S4, after the backward measurement is successfully completed, controlling the operating system to call the embedded safety module to complete the forward measurement of the basic application program and the service application program.
According to one embodiment of the invention, controlling an operating system to call an embedded security module to complete forward metrics of a base application and a business application comprises: the control safety starting component calls the embedded safety module to calculate abstract values of a basic application program and a business application program by adopting a state secret SM3 algorithm; and (4) adopting a national secret SM2 algorithm to sequentially check and sign the basic application program and the business application program so as to complete forward measurement.
According to one embodiment of the invention, the base application and the business application invoke the embedded security module through the security hardened application.
Specifically, in step S3, if the digest values of the boot uboot and the system kernel are successfully checked by using the smm 2 algorithm, for example, the decrypted digest values of the boot uboot and the system kernel are the same as the digest values of the boot uboot and the system kernel, it is determined that the reverse metric is successful. After the success of the reverse measurement is determined, the security reinforcement application opens the access permission of the embedded security module, so that the basic application and the business application can call the embedded security module through the security reinforcement application, the security starting component is controlled to call the embedded security module and calculate abstract values of the basic application and the business application by adopting a state secret SM3 algorithm, after the calculation is completed, the security starting component calls the embedded security module again and checks and signs the basic application and the business application in sequence by adopting a state secret SM2 algorithm, the forward measurement is completed, and whether the basic application and the business application are tampered or not is judged. When the forward measurement of the safety starting component is successful, the basic application program and the service application program are not tampered, the basic application program and the service application program can be started, and the embedded safety module is called by the basic application program and the service application program through the safety reinforcing application program, so that the safety protection of the power terminal software can be realized.
In conclusion, based on the embedded security module, the national cryptographic algorithm SM3 and the national cryptographic algorithm SM2 are adopted, and the secure startup of the power terminal software is realized in a closed-loop mode through the operation of forward measurement and reverse measurement. The operating system and the application software are designed by different research and development organizations, are uniformly signed by an authority, complete mutual authentication through forward measurement and reverse measurement, and form a mutual restricted authentication closed loop. The national cryptographic algorithm used by the forward measurement and the reverse measurement is realized by the hardware embedded security module, and the cryptographic key is stored in the embedded security module, so that the overall security risk is effectively reduced.
In addition, according to an embodiment of the present invention, the watchdog of the power terminal is controlled to be reset when determining that the forward metric or the reverse metric fails.
Specifically, the watchdog is also called watchdog, and is essentially a timer circuit, generally having an input and an output, where the input is called feeding dog, and the output is generally connected to the reset terminal of another part, generally connected to the single chip microcomputer. The watchdog is an anti-interference measure commonly adopted in the intelligent terminal, and when the system is in an abnormal state, for example, when some system files or key information of an application program are tampered, the watchdog can be automatically reset, restarted and normally operated, so that the system is ensured to be recovered to normal operation from software and hardware errors. The watchdog command has the highest priority in the interruption of the program, and when the forward measurement or the reverse measurement fails, the watchdog of the power terminal can be controlled to reset, for example, when the forward measurement fails, when the embedded security module ESAM is called by the bootstrap uboot, the digest value of the kernel of the operating system is calculated by adopting the secret SM3 algorithm, then the embedded security module ESAM is called again, the signature of the digest value of the kernel of the operating system is verified by adopting the secret SM2 algorithm, and when the signature verification fails, the fact that the kernel of the system is possibly tampered at the moment is described, and the watchdog of the power terminal can be controlled to reset. For another example, during reverse measurement, the security reinforcement application calls the embedded security module, calculates the digest value of the bootstrap uboot by using the SM3 cryptographic algorithm, and calculates the digest value of the system kernel by using the SM3 cryptographic algorithm. After the calculation of the digest values of the bootstrap program uboot and the system kernel is completed, the security reinforcement application program calls the embedded security module again, the signature verification is carried out on the digest value of the bootstrap program uboot and the digest value of the system kernel by adopting a state secret SM2 algorithm, when the signature verification fails, the data of the bootstrap program uboot or the system kernel are falsified, and the watchdog of the power terminal can be controlled to reset.
The secure boot method of the present invention is described below in conjunction with fig. 3.
As a specific example, the secure startup method of the power terminal of the present invention may include the steps of:
and S101, powering on the power terminal.
S102, judging whether the direct measurement of the system kernel by the embedded safety module called by the bootstrap program is successful. If yes, go to step S103; if not, step S110 is executed.
S103, judging whether the forward measurement of the system kernel calling the embedded security module to the file system, the security starting component and the security reinforcement application program is successful or not. If yes, go to step S104; if not, step S110 is executed.
And S104, sequentially loading a driver, starting a security reinforcement application and starting a security starting component by the key configuration file in the file system.
And S105, judging whether the security reinforcement application program calls the embedded security module to successfully measure the boot program and the system kernel in the reverse direction. If yes, go to step S106; if not, step S110 is executed.
S106, the security reinforcement application program opens the access permission of the embedded security module.
S107, whether the forward measurement of the basic application program and the business application program is successful when the safety starting component calls the embedded safety module is judged. If yes, go to step S108; if not, step S110 is executed.
And S108, starting the basic application program and the service application program by the safety starting component.
And S109, calling the embedded security module by the basic application program and the business application program through the security reinforcement application program.
And S110, controlling the watchdog of the power terminal to reset.
In summary, according to the secure start method of the power terminal in the embodiment of the present invention, after the power terminal is powered on, the operating system is controlled to call the embedded security module to complete the security reinforcement application and the forward measurement of the power terminal itself, after it is confirmed that the forward measurement is successfully completed, the security reinforcement application is started, the security reinforcement application is controlled to call the embedded security module to complete the reverse measurement of the operating system, and after it is determined that the reverse measurement is successfully completed, the operating system is controlled to call the embedded security module to complete the forward measurement of the basic application and the business application. Therefore, the method is based on the embedded safety module, the software in the power terminal is sequentially verified through the forward measurement and the reverse measurement, the safety protection of the power terminal can be realized, and the method is low in cost and high in safety.
Corresponding to the embodiment, the invention further provides a safe starting device of the power terminal.
As shown in fig. 4, the safety starting apparatus 100 of the power terminal according to the embodiment of the present invention includes: a control module 110 and an activation module 120.
The control module 110 is configured to control the operating system to call the embedded security module to complete the security reinforcement application and the forward measurement of the embedded security module after the power terminal is powered on. The launch module 120 is configured to launch the security hardened application after confirming that the forward metrics are successfully completed. The control module 110 is also used to control the security hardened application to call the embedded security module to perform the reverse measurement of the operating system. The control module 110 is further configured to control the operating system to call the embedded security module to complete the forward metrics of the base application and the business application after determining that the reverse metrics are successfully completed.
According to an embodiment of the present invention, the operating system includes a boot program, a system kernel, a file system, and a secure boot component, and when the control operating system calls the embedded security module to complete the security hardened application and its forward measurement, the control module 110 is specifically configured to: controlling a bootstrap program to call an embedded security module to complete the forward measurement of a system kernel; and after the forward measurement of the system kernel is determined to be successful, controlling the system kernel to call the embedded security module to sequentially complete the forward measurement of the file system, the security starting component and the security reinforcement application program.
According to an embodiment of the present invention, when the control bootstrap calls the embedded security module to complete the forward measurement of the system kernel, the control module 110 is specifically configured to: calculating the abstract value of a system kernel by adopting a SM3 cryptographic algorithm; and (4) adopting a SM2 cryptographic algorithm to check and sign the system kernel so as to complete forward measurement.
According to an embodiment of the present invention, the operating system further includes a driver, and when the security hardened application is started, the control module 110 is further configured to control a key configuration file in the file system to sequentially load the driver and start the security boot component.
According to an embodiment of the present invention, when the control module 110 controls the security hardened application to call the embedded security module to complete the reverse measurement of the operating system, the control module is specifically configured to: and controlling the security reinforcement application program to call the embedded security module to sequentially complete the reverse measurement of the bootstrap program and the system kernel.
According to an embodiment of the present invention, when the control module 110 controls the security hardening application to call the embedded security module to sequentially complete the reverse measurement of the bootstrap program and the system kernel, the control module is specifically configured to: calculating abstract values of a bootstrap program and a system kernel by adopting a SM3 algorithm; and (4) adopting a state secret SM2 algorithm to check and sign the bootstrap program and the system kernel in sequence so as to complete reverse measurement.
According to an embodiment of the present invention, when the control operating system calls the embedded security module to complete the forward measurement of the basic application program and the business application program, the control module 110 is specifically configured to: the control safety starting component calls the embedded safety module to calculate the abstract values of the basic application program and the business application program by adopting a SM3 cryptographic algorithm; and (4) adopting a SM2 cryptographic algorithm to check and sign the basic application program and the service application program in sequence so as to complete forward measurement.
According to an embodiment of the present invention, the control module 110 is further configured to control the watchdog of the power terminal to reset when the forward metric or the reverse metric is determined to fail.
According to one embodiment of the invention, the base application and the business application invoke the embedded security module through the security hardened application.
It should be noted that, for details that are not disclosed in the secure boot apparatus of the power terminal according to the embodiment of the present invention, please refer to details that are disclosed in the secure boot method of the power terminal according to the embodiment of the present invention, and detailed descriptions thereof are omitted here.
According to the safety starting device of the power terminal, the control module is used for controlling the operating system to call the embedded safety module to finish the safety reinforcement application program and the forward measurement of the control module after the power terminal is powered on, the starting module is used for starting the safety reinforcement application program after the forward measurement is confirmed to be successfully finished, the control module is also used for controlling the safety reinforcement application program to call the embedded safety module to finish the reverse measurement of the operating system, and the control module is also used for controlling the operating system to call the embedded safety module to finish the forward measurement of the basic application program and the business application program after the reverse measurement is confirmed to be successfully finished. Therefore, the device is based on the embedded safety module, orderly verifies the internal software of the power terminal through the forward measurement and the reverse measurement, can realize the safety protection of the power terminal, and has low cost and high safety.
The invention further provides a computer readable storage medium corresponding to the above embodiment.
The computer-readable storage medium of an embodiment of the present invention stores thereon a secure boot program of an electric power terminal, which when executed by a processor implements the secure boot method of the electric power terminal described above.
According to the computer-readable storage medium provided by the embodiment of the invention, by executing the safe starting method of the power terminal, the safety protection of the power terminal can be realized, and the computer-readable storage medium is low in cost and high in safety.
Corresponding to the embodiment, the invention further provides the power terminal.
As shown in fig. 5, the power terminal 200 according to an embodiment of the present invention may include: the secure boot method of the power terminal includes a memory 210, a processor 220, and a secure boot program of the power terminal, which is stored in the memory 210 and can be run on the processor 220, and the secure boot method of the power terminal is implemented when the processor 220 executes the secure boot program of the power terminal.
According to the electric power terminal provided by the embodiment of the invention, by executing the safe starting method of the electric power terminal, the safety protection of the electric power terminal can be realized, and the electric power terminal is low in cost and high in safety.
It should be noted that the logic and/or steps shown in the flowcharts or otherwise described herein, such as an ordered listing of executable instructions that can be considered to implement logical functions, can be embodied in any computer-readable medium for use by or in connection with an instruction execution system, apparatus, or device, such as a computer-based system, processor-containing system, or other system that can fetch the instructions from the instruction execution system, apparatus, or device and execute the instructions. For the purposes of this description, a "computer-readable medium" can be any means that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device. More specific examples (a non-exhaustive list) of the computer-readable medium would include the following: an electrical connection (electronic device) having one or more wires, a portable computer diskette (magnetic device), a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber device, and a portable compact disc read-only memory (CDROM). Further, the computer-readable medium could even be paper or another suitable medium upon which the program is printed, as the program can be electronically captured, via for instance optical scanning of the paper or other medium, then compiled, interpreted or otherwise processed in a suitable manner if necessary, and then stored in a computer memory.
It should be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, any one or combination of the following technologies, which are well known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
Furthermore, the terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one of the feature. In the description of the present invention, "a plurality" means at least two, e.g., two, three, etc., unless specifically limited otherwise.
In the present invention, unless otherwise explicitly stated or limited, the terms "mounted," "connected," "fixed," and the like are to be construed broadly, e.g., as being permanently connected, detachably connected, or integral; can be mechanically or electrically connected; they may be directly connected or indirectly connected through intervening media, or they may be interconnected within two elements or in a relationship where two elements interact with each other unless otherwise specifically limited. The specific meanings of the above terms in the present invention can be understood by those skilled in the art according to specific situations.
Although embodiments of the present invention have been shown and described above, it will be understood that the above embodiments are exemplary and not to be construed as limiting the present invention, and that changes, modifications, substitutions and alterations can be made to the above embodiments by those of ordinary skill in the art within the scope of the present invention.
Claims (20)
1. A safe starting method of an electric power terminal is characterized in that the electric power terminal comprises an operating system, application software and an embedded safety module, the application software comprises a safety reinforcement application program, a basic application program and a business application program, and the method comprises the following steps:
after the power terminal is powered on, controlling the operating system to call the embedded security module to complete the security reinforcement application program and the forward measurement of the embedded security module;
after confirming that forward measurement is successfully completed, starting the security reinforcement application;
controlling the security reinforcement application program to call the embedded security module to complete the reverse measurement of the operating system;
and after determining that the reverse measurement is successfully completed, controlling the operating system to call the embedded security module to complete the forward measurement of the basic application program and the business application program.
2. The secure boot method of the power terminal according to claim 1, wherein the operating system includes a boot program, a system kernel, a file system, and a secure boot component, and the controlling the operating system to call the embedded security module to complete the security hardened application and the forward metrics of itself includes:
controlling the bootstrap program to call the embedded security module to complete the forward measurement of the system kernel;
and after determining that the forward measurement of the system kernel is successful, controlling the system kernel to call the embedded security module to sequentially complete the forward measurement of the file system, the security starting component and the security reinforced application program.
3. The secure startup method of the power terminal according to claim 2, wherein controlling the bootstrap program to call the embedded security module to complete the forward measurement of the system kernel comprises:
calculating the abstract value of the system kernel by adopting a SM3 cryptographic algorithm;
and adopting a SM2 cryptographic algorithm to check and sign the system kernel so as to complete forward measurement.
4. The secure boot method of the power terminal according to claim 2, wherein the operating system further includes a driver, and when the secure hardened application is booted, the method further includes:
and controlling key configuration files in the file system to sequentially load a driver and start the safe starting component.
5. The secure boot method of the power terminal according to claim 2, wherein controlling the security hardened application to call the embedded security module to perform the reverse measurement of the operating system comprises:
and controlling the security reinforcement application program to call the embedded security module to sequentially complete the reverse measurement of the bootstrap program and the system kernel.
6. The secure boot method for the power terminal according to claim 5, wherein controlling the security hardened application to call the embedded security module to sequentially complete the boot program and the reverse measurement of the system kernel comprises:
calculating abstract values of the bootstrap program and the system kernel by adopting a SM3 cryptographic algorithm;
and adopting a SM2 cryptographic algorithm to check and sign the bootstrap program and the system kernel in sequence so as to finish reverse measurement.
7. The secure startup method for the power terminal according to claim 2, wherein controlling the operating system to call the embedded security module to complete forward metrics of the base application program and the business application program comprises:
controlling the safety starting component to call the embedded safety module to calculate abstract values of the basic application program and the business application program by adopting a SM3 cryptographic algorithm;
and adopting a state secret SM2 algorithm to sequentially check and sign the basic application program and the service application program so as to finish forward measurement.
8. The secure boot method of the power terminal according to claim 1, wherein the watchdog of the power terminal is controlled to reset when the forward measurement or the reverse measurement is determined to fail.
9. The secure boot method of the power terminal according to claim 1, wherein the basic application and the business application invoke the embedded security module through the security hardened application.
10. A safe starting device of an electric terminal, which is characterized in that the electric terminal comprises an operating system, application software and an embedded safety module, wherein the application software comprises a safety reinforcement application program, a basic application program and a business application program, and the device comprises:
the control module is used for controlling the operating system to call the embedded security module to complete the security reinforcement application program and the forward measurement of the embedded security module after the power terminal is powered on;
the starting module is used for starting the security reinforcement application program after confirming that the forward measurement is completed successfully;
the control module is further used for controlling the security reinforcement application program to call the embedded security module to complete reverse measurement of the operating system;
the control module is further configured to control the operating system to call the embedded security module to complete the forward metrics of the basic application program and the business application program after determining that the reverse metrics are completed successfully.
11. The secure boot apparatus of the power terminal according to claim 10, wherein the operating system includes a boot program, a system kernel, a file system, and a secure boot component, and the control module, when controlling the operating system to call the embedded security module to complete the security hardened application and its forward metrics, is specifically configured to:
controlling the bootstrap program to call the embedded security module to complete the forward measurement of the system kernel;
and after the forward measurement of the system kernel is determined to be successful, controlling the system kernel to call the embedded security module to sequentially complete the forward measurement of the file system, the security starting component and the security reinforced application program.
12. The secure boot apparatus of an electric power terminal according to claim 11, wherein the control module, when controlling the bootstrap program to call the embedded security module to complete the forward measurement of the system kernel, is specifically configured to:
calculating the abstract value of the system kernel by adopting a SM3 cryptographic algorithm;
and adopting a SM2 cryptographic algorithm to check and sign the system kernel so as to complete forward measurement.
13. The secure boot apparatus of an electric power terminal according to claim 11, wherein the operating system further includes a driver, and the control module is further configured to, when the secure hardened application is launched,
and controlling key configuration files in the file system to sequentially load a driver and start the safe starting component.
14. The secure boot apparatus of an electrical terminal according to claim 11, wherein the control module, when controlling the security hardened application to call the embedded security module to complete the reverse measurement of the operating system, is specifically configured to:
and controlling the security reinforcement application program to call the embedded security module to sequentially complete the reverse measurement of the bootstrap program and the system kernel.
15. The secure boot apparatus of an electrical terminal according to claim 14, wherein the control module, when controlling the security hardened application program to call the embedded security module to sequentially complete the boot program and the reverse measurement of the system kernel, is specifically configured to:
calculating abstract values of the bootstrap program and the system kernel by adopting a SM3 cryptographic algorithm;
and adopting a SM2 cryptographic algorithm to check and sign the bootstrap program and the system kernel in sequence so as to finish reverse measurement.
16. The secure booting apparatus of an electrical terminal according to claim 11, wherein the control module, when controlling the operating system to call the embedded security module to complete the forward metrics of the basic application and the business application, is specifically configured to:
controlling the safety starting component to call the embedded safety module to calculate abstract values of the basic application program and the business application program by adopting a SM3 cryptographic algorithm;
and adopting a SM2 cryptographic algorithm to sequentially check and sign the basic application program and the service application program so as to complete forward measurement.
17. The secure boot device of the power terminal as claimed in claim 10, wherein the control module is further configured to control the watchdog of the power terminal to reset when the forward measurement or the reverse measurement is determined to fail.
18. The secure boot apparatus of an electric power terminal according to claim 10, wherein the basic application and the business application invoke the embedded security module through the security hardened application.
19. A computer-readable storage medium, characterized in that a secure boot program of an electric power terminal is stored thereon, which when executed by a processor implements the secure boot method of the electric power terminal according to any one of claims 1 to 9.
20. An electric power terminal, characterized by comprising a memory, a processor and a safe starting program of the electric power terminal stored on the memory and capable of running on the processor, wherein the processor implements the safe starting method of the electric power terminal according to any one of claims 1-9 when executing the safe starting program of the electric power terminal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211088144.8A CN115186273A (en) | 2022-09-07 | 2022-09-07 | Power terminal, safe starting method and device thereof and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211088144.8A CN115186273A (en) | 2022-09-07 | 2022-09-07 | Power terminal, safe starting method and device thereof and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115186273A true CN115186273A (en) | 2022-10-14 |
Family
ID=83523175
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211088144.8A Pending CN115186273A (en) | 2022-09-07 | 2022-09-07 | Power terminal, safe starting method and device thereof and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115186273A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116340956A (en) * | 2023-05-25 | 2023-06-27 | 国网上海能源互联网研究院有限公司 | Trusted protection optimization method and device for electric embedded terminal equipment |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110087872A1 (en) * | 2009-10-13 | 2011-04-14 | Gaurav Shah | Firmware Verified Boot |
| CN109598126A (en) * | 2018-12-03 | 2019-04-09 | 贵州华芯通半导体技术有限公司 | A kind of safety startup of system methods, devices and systems based on national secret algorithm |
| CN112163216A (en) * | 2020-08-28 | 2021-01-01 | 中国电力科学研究院有限公司 | Method and system for establishing safe computing environment of intelligent electric energy meter |
| CN114417360A (en) * | 2022-03-28 | 2022-04-29 | 青岛鼎信通讯股份有限公司 | System safety starting method applied to embedded power equipment |
| CN114996724A (en) * | 2022-04-25 | 2022-09-02 | 麒麟软件有限公司 | Security operating system based on state cryptographic algorithm module |
-
2022
- 2022-09-07 CN CN202211088144.8A patent/CN115186273A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110087872A1 (en) * | 2009-10-13 | 2011-04-14 | Gaurav Shah | Firmware Verified Boot |
| CN109598126A (en) * | 2018-12-03 | 2019-04-09 | 贵州华芯通半导体技术有限公司 | A kind of safety startup of system methods, devices and systems based on national secret algorithm |
| CN112163216A (en) * | 2020-08-28 | 2021-01-01 | 中国电力科学研究院有限公司 | Method and system for establishing safe computing environment of intelligent electric energy meter |
| CN114417360A (en) * | 2022-03-28 | 2022-04-29 | 青岛鼎信通讯股份有限公司 | System safety starting method applied to embedded power equipment |
| CN114996724A (en) * | 2022-04-25 | 2022-09-02 | 麒麟软件有限公司 | Security operating system based on state cryptographic algorithm module |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116340956A (en) * | 2023-05-25 | 2023-06-27 | 国网上海能源互联网研究院有限公司 | Trusted protection optimization method and device for electric embedded terminal equipment |
| CN116340956B (en) * | 2023-05-25 | 2023-08-08 | 国网上海能源互联网研究院有限公司 | Trusted protection optimization method and device for electric embedded terminal equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11093258B2 (en) | Method for trusted booting of PLC based on measurement mechanism | |
| KR100998344B1 (en) | Simple scalable and configurable secure boot for trusted mobile phones | |
| EP1560098B1 (en) | Method and system ensuring installation or execution of a software update only on a specific device or class of devices | |
| JP3863447B2 (en) | Authentication system, firmware device, electrical device, and authentication method | |
| KR101229148B1 (en) | Protecting interfaces on processor architectures | |
| KR101867789B1 (en) | Secure battery authentication | |
| CN102332070A (en) | Trust chain transfer method for trusted computing platform | |
| CN112699419B (en) | Method for safely executing extensible firmware application program and calculator equipment | |
| CN105205401A (en) | Trusted computer system based on safe password chip and trusted guiding method thereof | |
| US20210248239A1 (en) | Verification of a provisioned state of a platform | |
| CN112651030B (en) | BMC firmware system security-oriented trusted starting method | |
| CN111162911B (en) | PLC firmware upgrading system and method | |
| US20100100966A1 (en) | Method and system for blocking installation of some processes | |
| US11755739B2 (en) | Update signals | |
| CN103049694A (en) | Core safety architecture implementation method of intelligent financial transaction terminal | |
| US20210058249A1 (en) | Hardware security module for verifying executable code, device having hardware security module, and method of operating device | |
| CN112632562B (en) | Device starting method, device management method and embedded device | |
| CN111177709A (en) | Execution method and device of terminal trusted component and computer equipment | |
| CN115186273A (en) | Power terminal, safe starting method and device thereof and storage medium | |
| CN112163216B (en) | Method and system for establishing safe computing environment of intelligent electric energy meter | |
| JP4818824B2 (en) | Program management system and terminal device | |
| CN112861137A (en) | Secure firmware | |
| CN115828273B (en) | Vehicle safety starting method and device, electronic control unit and storage medium | |
| CN111506897B (en) | Data processing method and device | |
| JP2020057309A (en) | Control system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20221014 |