WO2022052665A1 - 无线终端及无线终端在Uboot模式下的接口访问鉴权方法 - Google Patents
无线终端及无线终端在Uboot模式下的接口访问鉴权方法 Download PDFInfo
- Publication number
- WO2022052665A1 WO2022052665A1 PCT/CN2021/110126 CN2021110126W WO2022052665A1 WO 2022052665 A1 WO2022052665 A1 WO 2022052665A1 CN 2021110126 W CN2021110126 W CN 2021110126W WO 2022052665 A1 WO2022052665 A1 WO 2022052665A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- key
- information
- wireless terminal
- encryption algorithm
- authentication request
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 46
- 238000012795 verification Methods 0.000 claims abstract description 81
- 230000004044 response Effects 0.000 claims abstract description 3
- 238000004590 computer program Methods 0.000 claims description 10
- 230000006870 function Effects 0.000 description 8
- 238000004891 communication Methods 0.000 description 6
- 238000012905 input function Methods 0.000 description 5
- 238000003745 diagnosis Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 230000008901 benefit Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000012356 Product development Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000007723 transport mechanism Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0863—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/088—Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3006—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
- H04L9/302—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the integer factorization problem, e.g. RSA or quadratic sieve [QS] schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3239—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
Definitions
- the embodiments of the present disclosure relate to, but are not limited to, the field of wireless terminals, and specifically relate to, but are not limited to, wireless terminals and an interface access authentication method for wireless terminals in Uboot mode.
- the serial port of the wireless terminal is in the product development stage. It is an important communication interface for software debugging and fault diagnosis, through which you can understand the operating mechanism of the wireless terminal, obtain sensitive data and reverse firmware information.
- the wireless terminal In order to prevent malicious attacks, reading or tampering, the wireless terminal only closes part of the serial port functions, while Most of the serial port functions are reserved to meet the needs of after-sales service fault diagnosis, which increases the security risks of wireless terminals. Therefore, it is necessary to add security measures for the interface access of wireless terminals to prevent malicious access to wireless terminal interfaces.
- the interface access authentication method of the wireless terminal in the Uboot mode mainly solves the technical problem that the interface access of the wireless terminal has a security risk.
- an embodiment of the present disclosure provides an interface access authentication method for a wireless terminal in Uboot mode, which is used to obtain the interface access authority of the wireless terminal, and the interface access authentication method includes:
- the key query information and the key verification information are obtained according to the same plaintext key, including:
- the first encryption algorithm is used to generate the key verification information from the plaintext key
- the second encryption algorithm is used to generate the key query information from the plaintext key
- the password strength policy includes a minimum password character length and a minimum number of character types included.
- the first encryption algorithm and the second encryption algorithm are different; the first encryption algorithm includes a symmetric encryption algorithm or a hash algorithm; the second encryption algorithm includes an asymmetric encryption algorithm.
- the first encryption algorithm includes AES, MD5 or SHA encryption algorithm.
- the second encryption algorithm includes RSA or elliptic curve asymmetric encryption algorithm.
- Embodiments of the present disclosure also provide a wireless terminal, including a processor and a memory;
- the processor is configured to execute one or more programs stored in the memory to implement the steps of the interface access authentication method as described above; wherein the memory is coupled to the processor.
- Embodiments of the present disclosure also provide a wireless terminal, including:
- an interface opening module configured to open the access authority of the serial port interface of the wireless terminal
- a storage module configured to store a key verification information and a key query information preset by the wireless terminal; the key query information and the key verification information are obtained according to the same plaintext key;
- the authentication module is configured to respond to the authentication request of the interface access, obtain the authentication request key information carried by the authentication request, and verify the authentication request key information according to the key verification information; when the verification is successful , obtain the interface access authority of the wireless terminal; when the verification fails, output the key query information.
- an encryption module is further included, configured to encrypt the authentication request key information according to a first preset encryption algorithm, so that the authentication module can verify the encrypted data according to the key verification information.
- the authentication requests key information.
- the encryption module is further configured to randomly generate the plaintext encryption key according to a preset password strength policy, use a first encryption algorithm to generate the encryption key verification information from the plaintext encryption key, and use a second encryption algorithm to generate the encryption key verification information. generating the key query information from the plaintext key.
- Embodiments of the present disclosure further provide a computer storage medium, where the computer-readable storage medium stores one or more programs, and the one or more programs can be executed by one or more processors to implement the above-mentioned implementation The steps of the interface access authentication method in the example.
- the authentication request key information carried in the authentication request is obtained by responding to the authentication request of the interface access , verify the authentication request key information according to a preset key verification information, obtain the interface access authority of the wireless terminal when the verification is successful, and output a key query information when the verification fails.
- the key query information and the key verification information are obtained according to the same plaintext key.
- FIG. 1 is a schematic flowchart of an interface access authentication method in Uboot mode according to Embodiment 1 of the present disclosure
- FIG. 2 is a schematic structural diagram of a wireless terminal according to Embodiment 2 of the present disclosure.
- FIG. 3 is a schematic flowchart of an access authentication method for a serial port interface of a wireless terminal according to Embodiment 3 of the present disclosure
- FIG. 4 is a schematic flowchart of a method for obtaining key verification information and key query information according to Embodiment 3 of the present disclosure
- FIG. 5 is a schematic structural diagram of a wireless terminal in another embodiment.
- the serial port of the wireless terminal is an important means of software debugging and fault diagnosis in the product development stage. For attackers, the serial port also has extremely high utilization value. Through it, you can understand the operating mechanism of the device, obtain sensitive data and reverse firmware. Only some projects of the wireless terminal have the device serial port function disabled, but most projects need to retain the device serial port debugging function for after-sales fault diagnosis. Therefore, security measures are required to prevent illegal users from accessing the device serial port. In order to protect the interface access of the wireless terminal in Uboot mode, any commands other than authentication requests are not allowed to be input in Uboot mode by default, and the interface console of the wireless device will not be opened even after the kernel of the wireless terminal is started. For example, to enable the serial port command input function of a wireless terminal, you need to enter a password and pass the authentication before opening.
- FIG. 1 is a schematic flowchart of an interface access authentication method in Uboot mode according to Embodiment 1 of the present disclosure.
- the method is used to obtain an interface access authority of a wireless terminal, including:
- Step 1 Obtain the authentication request key information.
- the command input function of the interface is disabled. If the command input function of interface access is pre-enabled, an authentication request command carrying the authentication request key information needs to be input. After inputting the authentication request in Uboot mode, respond to the authentication request of interface access, and obtain the authentication request key information carried in the authentication request.
- Step 2 verify the authentication request key information.
- the authentication request key information is verified according to a preset key verification information.
- the preset key verification information is obtained according to a plaintext key.
- the preset key verification information is obtained by encrypting the plaintext key using the first encryption algorithm. First, encrypt the obtained key verification information according to the first encryption algorithm, and then compare whether the encrypted key verification information is the same as the preset key verification information.
- the first encryption algorithm includes a symmetric encryption algorithm or a hash algorithm.
- Step 3 Obtain the interface access permission.
- the interface access authority of the wireless terminal is obtained, that is, the command input function of interface access is enabled.
- Step 4 output the key query information.
- the key query information and the key verification information are obtained according to the same plaintext key, and the methods for obtaining the key query information and the key verification information include:
- the plaintext key is randomly generated according to the preset password strength policy.
- the preset password strength policy includes that the plaintext encryption key must contain uppercase letters, lowercase letters, special characters and/or numbers.
- the preset password strength policy also includes the minimum character length of the plaintext encryption key. and the minimum number of character types contained.
- the first encryption algorithm is used to generate the key verification information from the plaintext key
- the second encryption algorithm is used to generate the key query information from the plaintext key.
- the first encryption algorithm and the second encryption algorithm are different, wherein the first encryption algorithm includes a symmetric encryption algorithm or a hash algorithm, and the second encryption algorithm includes an asymmetric encryption algorithm.
- the first encryption algorithm includes AES, MD5 or SHA encryption algorithm; in one embodiment, the second encryption algorithm includes RSA or elliptic curve asymmetric encryption algorithm.
- the plaintext key can be obtained according to the output key query information according to the second encryption algorithm, and the plaintext key is used as the authentication request key information, that is, The access authentication succeeds, and the interface access authority of the wireless terminal is obtained.
- the embodiment of the present disclosure provides an interface access authentication method for a wireless terminal in the Uboot mode.
- the authentication request key information carried in the authentication request is obtained, and according to a preset key
- the verification information verifies the authentication request key information.
- the interface access authority of the wireless terminal is obtained, and when the verification fails, a key query information is output.
- the key query information and the key verification information are obtained according to the same plaintext key.
- security measures for the wireless terminal interface access are added, thereby preventing malicious access to the wireless terminal interface.
- the R&D or tester when the verification fails, will use the private key tool or IT system containing the second encryption algorithm to decrypt the key query information to obtain the plaintext key, and then use the authentication request on the interface to carry the decrypted key. Enter the plaintext key of the wireless terminal into the wireless terminal to enable the interface debugging function of the wireless terminal.
- Embodiment 2 is a diagrammatic representation of Embodiment 1:
- the wireless terminal 100 includes an interface opening module 110 , a storage module 120 and an authentication module 130 .
- the interface enabling module 110 is configured to enable the access authority of the serial port interface of the wireless terminal.
- the storage module 120 is configured to store a key verification information and a key query information preset by the wireless terminal 100, and the key query information and the key verification information are obtained according to the same plaintext key.
- the authentication module 130 is configured to respond to the authentication request of the interface access, obtain the authentication request key information carried in the authentication request, and verify the authentication request key information according to the key verification information, and when the verification is successful, obtain the information of the wireless terminal.
- the wireless terminal 100 further includes an encryption module 140 configured to encrypt the authentication request key information according to the first preset encryption algorithm, so that the authentication module 130 can verify the encrypted authentication information according to the key verification information. right to request key information.
- the encryption module 140 is further configured to randomly generate the plaintext encryption key according to a preset password strength policy, use the first encryption algorithm to generate the encryption key verification information from the plaintext encryption key, and use the second encryption algorithm to generate the plaintext encryption key.
- the key query information is generated.
- the wireless terminal includes an interface opening module, a storage module, and an authentication module
- the interface opening module is set to open the access authority of the serial port interface of the wireless terminal
- the storage module is set to store key verification information and key query information
- the authentication module is set to obtain the authentication request key information in response to the authentication request of the interface access, and verify the authentication request key information according to the key verification information, when the verification succeeds, obtain the interface access authority of the wireless terminal, and the verification fails , output the key query information.
- the key query information and the key verification information are obtained according to the same plaintext key.
- FIG. 3 is a schematic flowchart of an access authentication method for a serial port interface of a wireless terminal according to Embodiment 3 of the present disclosure.
- the method is used to obtain the access authority of the serial port interface of a wireless terminal.
- the wireless terminal includes a serial port module 200 and an authentication module. 300. After the wireless terminal is powered on, the command input function of the serial port module 200 is disabled in the uboot mode. If you want to enable the access authority of the uboot serial port interface, you need to enter the uboot startup mode when the wireless terminal is turned on and enter the countdown stage.
- An authentication request for authentication request information, and the access authentication method includes:
- Step S101 the serial port module 200 receives the authentication request carrying the authentication request information from the serial port of the wireless terminal;
- Step S102 the serial port module 200 obtains the authentication request information from the authentication request, and sends the authentication request information to the authentication module 300;
- Step S103 the authentication module 300 encrypts the authentication request information, and the encryption method is the same as the encryption method of the pre-compared key verification information.
- the first encryption algorithm is used for encryption, and the first encryption algorithm includes AES, MD5 or SHA encryption algorithm;
- Step S104 verifying the key verification information and the encrypted authentication request information
- Step S105 if the verification fails, send the key query information to the serial port module 200;
- step S106 the serial port module 200 outputs the received key query information, does not enable the access authority of the serial port interface, and closes the serial port console.
- the access authentication method may further include:
- Step S107 obtaining key verification information according to the key query information.
- the key query information and the key verification information are obtained according to the same plaintext encryption key, the first encryption algorithm is used to generate the plaintext encryption key to generate the encryption key verification information, and the second encryption algorithm is used to generate the encryption key query information from the plaintext encryption key.
- the first encryption algorithm and the second encryption algorithm are different, wherein the first encryption algorithm includes a symmetric encryption algorithm or a hash algorithm, and the second encryption algorithm includes an asymmetric encryption algorithm.
- the first encryption algorithm includes AES, MD5 or SHA encryption algorithm, and the second encryption algorithm includes RSA or elliptic curve asymmetric encryption algorithm;
- Step S108 carrying the plaintext encryption key to the serial port module 200 through the authentication request, and the serial port module 200 sends the plaintext encryption key to the authentication module 300 for access authentication of the serial port interface of the wireless terminal;
- Step S109 encrypt the plaintext key, and verify the key verification information and the encrypted plaintext key
- Step S110 sending verification success information to the serial port module 200;
- Step S111 the serial port module 200 enables the access authority of the serial port interface of the wireless terminal.
- Embodiment 4 is a diagrammatic representation of Embodiment 4:
- FIG. 4 is a schematic flowchart of a method for obtaining key verification information and key query information according to Embodiment 3 of the present disclosure, which is used to generate and obtain key verification information and a password for securely opening a serial port interface of a wireless terminal by a key generation device.
- Key query information first query whether the key verification information already exists, if so, stop the generation of the key verification information and the key query information, if not, the method includes:
- Step S201 generating a plaintext key.
- the password strength policy includes the minimum length of password characters and the minimum number of character types (such as uppercase, lowercase, numbers, special characters, etc.).
- Step S202 adopt the second encryption algorithm to encrypt the plaintext key, generate and store the key query information, because the acquisition of the key query information does not need to be generated in the uboot mode, so the second encryption algorithm can use complex asymmetric encryption. algorithm to generate key query information in a preset dedicated key generation device.
- Step S203 using the first encryption algorithm to encrypt the plaintext key to generate and store the key verification information, because in the authentication process, it is necessary to use the first encryption algorithm to encrypt the pre-verification authentication request information in the uboot mode , so the first encryption algorithm needs to use a symmetric encryption algorithm or a hash algorithm, and uboot does not need to integrate a complex encryption algorithm library, so that the encryption process is simple and easy to implement.
- the first encryption algorithm includes encryption algorithms such as AES, MD5, or SHA.
- This embodiment also provides a wireless terminal, including a processor and a memory, the processor is configured to execute one or more programs stored in the memory, so as to implement the steps of the interface access authentication method described in Embodiment 1, wherein , the memory is coupled to the processor.
- the present embodiments also provide a computer-readable storage medium embodied in any method or technology arranged to store information, such as computer-readable instructions, data structures, computer program modules, or other data volatile or nonvolatile, removable or non-removable media.
- Computer-readable storage media include but are not limited to RAM (Random Access Memory, random access memory), ROM (Read-Only Memory, read-only memory), EEPROM (Electrically Erasable Programmable read only memory, electrified Erasable Programmable Read-Only Memory) ), flash memory or other memory technology, CD-ROM (Compact Disc Read-Only Memory), digital versatile disk (DVD) or other optical disk storage, magnetic cartridges, magnetic tape, magnetic disk storage or other magnetic storage devices, Or any other medium that can be used to store the desired information and that can be accessed by a computer.
- This embodiment also provides a computer program (or computer software), the computer program can be distributed on a computer-readable medium and executed by a computable device, so as to realize the above-mentioned first embodiment, third embodiment and fourth embodiment At least one step of the interface access authentication method under the Uboot mode, the access authentication method of the serial port interface of the wireless terminal and the acquisition method of the key verification information and the key query information; and in some cases, can be different from At least one of the steps shown or described is performed in the order described in the above embodiments.
- FIG. 5 is a schematic structural diagram of a wireless terminal in another embodiment, which includes a processor 51, a memory 53, and a communication bus 52, wherein:
- the communication bus 52 is configured to realize the connection communication between the processor 51 and the memory 52;
- the processor 51 is configured to execute one or more computer programs stored in the memory 53 to implement at least one step of the data transmission method in the first embodiment above.
- This embodiment also provides a computer program product, including a computer-readable device, where the computer program as shown above is stored on the computer-readable device.
- the computer-readable device may include the computer-readable storage medium as described above.
- each wireless terminal uses the interface authentication key verification information and key query information to be randomly generated and unique, and the interface access authority of the wireless terminal is checked during the startup phase of the uboot mode Therefore, it has higher security.
- the interface authentication password supports the password query function. If the R&D or tester does not know the authentication password, they can enter the authentication password to query, and then use tools or IT systems to decrypt them into plaintext keys, so as to improve the user experience. experience.
- the key verification information and the key query information are generated by a preset key generation device, and the preset key generation device can run in a non-uboot mode, thereby reducing the difficulty of implementing the interface access authentication method disclosed in this application .
- the functional modules/units in the system, and the device can be implemented as software (which can be implemented by computer program codes executable by a computing device). ), firmware, hardware, and their appropriate combination.
- the division between functional modules/units mentioned in the above description does not necessarily correspond to the division of physical components; for example, one physical component may have multiple functions, or one function or step may be composed of several physical components Components execute cooperatively.
- Some or all physical components may be implemented as software executed by a processor, such as a central processing unit, digital signal processor or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit .
- communication media typically embodies computer readable instructions, data structures, computer program modules, or other data in a modulated data signal such as a carrier wave or other transport mechanism, and can include any information delivery, as is well known to those of ordinary skill in the art medium. Therefore, the present disclosure is not limited to any particular combination of hardware and software.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Algebra (AREA)
- Mathematical Analysis (AREA)
- Mathematical Optimization (AREA)
- Mathematical Physics (AREA)
- Pure & Applied Mathematics (AREA)
- Power Engineering (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephone Function (AREA)
Abstract
Description
Claims (10)
- 一种无线终端在Uboot模式下的接口访问鉴权方法,用于获取无线终端的接口访问权限,所述接口访问鉴权方法包括:响应接口访问的鉴权请求,获取所述鉴权请求携带的鉴权请求密匙信息;依据预设的一密匙验证信息验证所述鉴权请求密匙信息;在验证成功的情况下,获取所述无线终端的接口访问权限;在验证失败的情况下,输出一密匙查询信息;所述密匙查询信息与所述密匙验证信息依据相同的明文密匙获取。
- 如权利要求1所述的接口访问鉴权方法,其中,所述密匙查询信息与所述密匙验证信息依据相同的明文密匙获取,包括:按预设密码强度策略随机生成所述明文密匙;采用第一加密算法将所述明文密匙生成所述密匙验证信息,采用第二加密算法将所述明文密匙生成所述密匙查询信息。
- 如权利要求2所述的接口访问鉴权方法,其中,所述密码强度策略包括密码字符最小长度和包含的最少字符类型数。
- 如权利要求2所述的接口访问鉴权方法,其中,所述第一加密算法和所述第二加密算法不同;所述第一加密算法包括对称加密算法或散列算法,所述第二加密算法包括非对称加密算法。
- 如权利要求2所述的接口访问鉴权方法,其中,所述第一加密算法包括AES、MD5或SHA加密算法;所述第二加密算法包括RSA或椭圆曲线非对称加密算法。
- 一种无线终端,包括:接口开启模块,设置为开启所述无线终端的串口接口的访问权限;存储模块,设置为存储所述无线终端预设的一密匙验证信息和一密匙查询信息;所述密匙查询信息与所述密匙验证信息依据相同的明文密匙获取;鉴权模块,设置为响应接口访问的鉴权请求,获取所述鉴权请求携带的鉴权请求密匙信息,并依据所述密匙验证信息验证所述鉴权请求密匙信息;验证成功时,获取所述无线终端的接口访问权限;验证失败时,输出所述密匙查询信息。
- 如权利要求6所述的无线终端,其中,还包括加密模块,设置为按一第一预设加密算法对所述鉴权请求密匙信息进行加密,以用于所述鉴权模块依据所述密匙验证信息验证加密后的所述鉴权请求密匙信息。
- 如权利要求7所述的无线终端,其中,所述加密模块还设置为按预设密码强度策略随机生成所述明文密匙,采用第一加密算法将所述明文密匙生成所述密匙验证信息,采用第二加密算法将所述明文密匙生成所述密匙查询信息。
- 一种无线终端,包括处理器和存储器,所述存储器与所述处理器耦接;所述处理器设置为执行所述存储器中存储的一个或者多个程序,以实现如权利要求1至5中任一项所述的接口访问鉴权方法的步骤。
- 一种计算机可读存储介质,所述计算机可读存储介质存储有一个或者多个计算机程 序,所述一个或者多个计算机程序可被一个或者多个处理器执行,以实现如权利要求1至5中任一项所述的接口访问鉴权方法的步骤。
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2023516195A JP2023542099A (ja) | 2020-09-14 | 2021-08-02 | 無線端末、及び無線端末のUbootモードにおけるインタフェースアクセス認証方法 |
EP21865721.1A EP4213520A4 (en) | 2020-09-14 | 2021-08-02 | WIRELESS TERMINAL AND INTERFACE ACCESS AUTHENTICATION METHOD FOR WIRELESS TERMINAL IN UBOOT MODE |
US18/026,240 US20230370262A1 (en) | 2020-09-14 | 2021-08-02 | Wireless Terminal and Method for Authenticating Interface Access of Wireless Terminal in Uboot Mode |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010960485.4A CN114189862A (zh) | 2020-09-14 | 2020-09-14 | 无线终端及无线终端在Uboot模式下的接口访问鉴权方法 |
CN202010960485.4 | 2020-09-14 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2022052665A1 true WO2022052665A1 (zh) | 2022-03-17 |
Family
ID=80539637
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2021/110126 WO2022052665A1 (zh) | 2020-09-14 | 2021-08-02 | 无线终端及无线终端在Uboot模式下的接口访问鉴权方法 |
Country Status (5)
Country | Link |
---|---|
US (1) | US20230370262A1 (zh) |
EP (1) | EP4213520A4 (zh) |
JP (1) | JP2023542099A (zh) |
CN (1) | CN114189862A (zh) |
WO (1) | WO2022052665A1 (zh) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114760063A (zh) * | 2022-03-18 | 2022-07-15 | 百安居信息技术(上海)有限公司 | 家装留资数据处理方法、***、存储介质及设备 |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112257074B (zh) * | 2020-11-10 | 2024-02-23 | 深圳市绿联科技股份有限公司 | 一种usb接口芯片电路、扩展坞、固件鉴权方法和装置 |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104322003A (zh) * | 2012-01-31 | 2015-01-28 | 菲纳逻辑商业技术有限公司 | 借助实时加密进行的密码认证和识别方法 |
CN105488435A (zh) * | 2015-11-30 | 2016-04-13 | 南京南瑞继保电气有限公司 | 一种嵌入式***串口终端防攻击方法 |
CN106992857A (zh) * | 2017-03-30 | 2017-07-28 | 努比亚技术有限公司 | 一种刷机验证方法及装置 |
CN107395560A (zh) * | 2017-06-05 | 2017-11-24 | 努比亚技术有限公司 | 安全校验及其发起、管理方法、设备、服务器和存储介质 |
CN108965943A (zh) * | 2018-07-26 | 2018-12-07 | 四川长虹电器股份有限公司 | Android智能电视对串口访问密码控制的方法 |
CN109981562A (zh) * | 2019-01-17 | 2019-07-05 | 平安科技(深圳)有限公司 | 一种软件开发工具包授权方法及装置 |
CN110719166A (zh) * | 2019-10-15 | 2020-01-21 | 深圳市元征科技股份有限公司 | 芯片烧录方法、芯片烧录装置、芯片烧录***及存储介质 |
CN112257074A (zh) * | 2020-11-10 | 2021-01-22 | 深圳市绿联科技有限公司 | 一种usb接口芯片电路、扩展坞、固件鉴权方法和装置 |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE19835609C2 (de) * | 1998-08-06 | 2000-06-08 | Siemens Ag | Programmgesteuerte Einheit |
JP2009505304A (ja) * | 2005-08-22 | 2009-02-05 | エヌエックスピー ビー ヴィ | 埋設式メモリのアクセス制御 |
US8214630B2 (en) * | 2009-02-24 | 2012-07-03 | General Instrument Corporation | Method and apparatus for controlling enablement of JTAG interface |
-
2020
- 2020-09-14 CN CN202010960485.4A patent/CN114189862A/zh active Pending
-
2021
- 2021-08-02 WO PCT/CN2021/110126 patent/WO2022052665A1/zh active Application Filing
- 2021-08-02 EP EP21865721.1A patent/EP4213520A4/en active Pending
- 2021-08-02 JP JP2023516195A patent/JP2023542099A/ja active Pending
- 2021-08-02 US US18/026,240 patent/US20230370262A1/en active Pending
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104322003A (zh) * | 2012-01-31 | 2015-01-28 | 菲纳逻辑商业技术有限公司 | 借助实时加密进行的密码认证和识别方法 |
CN105488435A (zh) * | 2015-11-30 | 2016-04-13 | 南京南瑞继保电气有限公司 | 一种嵌入式***串口终端防攻击方法 |
CN106992857A (zh) * | 2017-03-30 | 2017-07-28 | 努比亚技术有限公司 | 一种刷机验证方法及装置 |
CN107395560A (zh) * | 2017-06-05 | 2017-11-24 | 努比亚技术有限公司 | 安全校验及其发起、管理方法、设备、服务器和存储介质 |
CN108965943A (zh) * | 2018-07-26 | 2018-12-07 | 四川长虹电器股份有限公司 | Android智能电视对串口访问密码控制的方法 |
CN109981562A (zh) * | 2019-01-17 | 2019-07-05 | 平安科技(深圳)有限公司 | 一种软件开发工具包授权方法及装置 |
CN110719166A (zh) * | 2019-10-15 | 2020-01-21 | 深圳市元征科技股份有限公司 | 芯片烧录方法、芯片烧录装置、芯片烧录***及存储介质 |
CN112257074A (zh) * | 2020-11-10 | 2021-01-22 | 深圳市绿联科技有限公司 | 一种usb接口芯片电路、扩展坞、固件鉴权方法和装置 |
Non-Patent Citations (1)
Title |
---|
See also references of EP4213520A4 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114760063A (zh) * | 2022-03-18 | 2022-07-15 | 百安居信息技术(上海)有限公司 | 家装留资数据处理方法、***、存储介质及设备 |
Also Published As
Publication number | Publication date |
---|---|
CN114189862A (zh) | 2022-03-15 |
JP2023542099A (ja) | 2023-10-05 |
EP4213520A4 (en) | 2024-03-13 |
US20230370262A1 (en) | 2023-11-16 |
EP4213520A1 (en) | 2023-07-19 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3458999B1 (en) | Self-contained cryptographic boot policy validation | |
CN112513857A (zh) | 可信执行环境中的个性化密码安全访问控制 | |
JP4912879B2 (ja) | プロセッサの保護された資源へのアクセスに対するセキュリティ保護方法 | |
WO2020192406A1 (zh) | 数据存储、验证方法及装置 | |
US7639819B2 (en) | Method and apparatus for using an external security device to secure data in a database | |
US6539480B1 (en) | Secure transfer of trust in a computing system | |
US8281115B2 (en) | Security method using self-generated encryption key, and security apparatus using the same | |
US20160350549A1 (en) | Implementing access control by system-on-chip | |
WO2019109968A1 (zh) | 一种解锁sim卡的方法及移动终端 | |
US9893882B1 (en) | Apparatus, system, and method for detecting device tampering | |
WO2022052665A1 (zh) | 无线终端及无线终端在Uboot模式下的接口访问鉴权方法 | |
US20170201528A1 (en) | Method for providing trusted service based on secure area and apparatus using the same | |
US20230237193A1 (en) | Security processor configured to authenticate user and authorize user for user data and computing system including the same | |
CN106992978B (zh) | 网络安全管理方法及服务器 | |
CN114942729A (zh) | 一种计算机***的数据安全存储与读取方法 | |
US9076002B2 (en) | Stored authorization status for cryptographic operations | |
US11216571B2 (en) | Credentialed encryption | |
US20230198746A1 (en) | Secure key exchange using key-associated attributes | |
CN116484379A (zh) | ***启动方法、包含可信计算基软件的***、设备及介质 | |
CN110740036A (zh) | 基于云计算的防攻击数据保密方法 | |
CN108228219B (zh) | 一种带外刷新bios时验证bios合法性的方法及装置 | |
EP3525391A1 (en) | Device and method for key provisioning | |
CN117786667B (zh) | 一种用于可控计算的进程权限管理方法、***及存储介质 | |
CN114491481B (zh) | 一种基于fpga的安全计算方法及装置 | |
CN114091027B (zh) | 信息配置方法、数据访问方法及相关装置、设备 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 21865721 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2023516195 Country of ref document: JP Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2021865721 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
ENP | Entry into the national phase |
Ref document number: 2021865721 Country of ref document: EP Effective date: 20230414 |