CN102043641A - Firmware upgrading method of electronic equipment - Google Patents
Firmware upgrading method of electronic equipment Download PDFInfo
- Publication number
- CN102043641A CN102043641A CN2009102017078A CN200910201707A CN102043641A CN 102043641 A CN102043641 A CN 102043641A CN 2009102017078 A CN2009102017078 A CN 2009102017078A CN 200910201707 A CN200910201707 A CN 200910201707A CN 102043641 A CN102043641 A CN 102043641A
- Authority
- CN
- China
- Prior art keywords
- electronic equipment
- key
- firmware
- firmware file
- ciphertext
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a firmware upgrading method of electronic equipment, which comprises the following steps: 1, carrying out block encryption on a plain text of a firmware file to form a cipher text of the firmware file; selecting at least one block of the cipher text of the firmware file as a key block; and using a key of block encryption and/or initialization vectors as an access certificate; 2, publicly issuing the cipher text of the firmware file without the key block on a network; and transmitting the key block of the cipher text of the firmware file and the access certificate to the electronic equipment exclusively through a safe network connection; 3, after the electronic equipment acquires the cipher text of the firmware file without the key block, the key block of the cipher text of the firmware file and the access certificate, merging the front two parts into the complete cipher text of the firmware file, and decrypting the plain text of the firmware file based on the access certificate; and 4, upgrading the firmware of the electronic equipment in accordance with the plain text of the firmware file. The invention not only meets the safety requirements but also ensures the transmission rate.
Description
Technical field
The present invention relates to a kind of method that the firmware of electronic equipment is upgraded.
Background technology
Firmware (Firmware) is a kind of software that electronic equipment is carried out internal control.The electronic equipment that typically has firmware comprises: at personal user's end product, and for example telepilot, counter, mobile phone, digital camera; Assembly relevant or equipment, for example hard disk, keyboard, CD-ROM drive, display, storage card with computing machine; Scientific instrument; Industrial robot etc.Firmware provides very the basis, low-level operation for electronic equipment; In case leave firmware, electronic equipment will can't be worked fully.
Firmware is stored in the nonvolatile memory (Non-volatile Memory) of electronic equipment usually, for example ROM, PROM or Flash etc.Firmware needs upgrading, and upgrading is normally for the mistake that corrects original firmware or for the new function of electronic equipment increase etc.The upgrading of firmware normally provides binary image file (image file) by electronic equipment set manufacturer, makes electronic equipment load this firmware file and upgrades according to certain program.The firmware upgrade of some electronic equipment need be by staff's operation of manufacturer, and the firmware upgrade of other electronic equipments is then operated by the user.
A kind of firmware upgrade method of existing electronic equipment is: manufacturer is open firmware file on the website, and user's download this document also carries out firmware upgrade to electronic equipment.
Owing to comprise some confidential information usually in the firmware file, this firmware upgrade method is open with firmware file, and third party particularly rival is easy to obtain confidential information from firmware file.
The firmware upgrade method of another kind of existing electronic equipment is: set up safe network between electronic equipment and manufacturer's website (server) and be connected, server carries out firmware upgrade to electronic equipment then directly to the electronic equipment firmware file.
This firmware upgrade method adopts client-server mode transfer firmware file, and the minority server is connected to numerous client (electronic equipment) usually, so file transfer speed is very restricted.
Summary of the invention
Technical matters to be solved by this invention provides a kind of firmware upgrade method of electronic equipment, can satisfy the security requirement of firmware file, has taken into account its transfer rate again.
For solving the problems of the technologies described above, the firmware upgrade method of electronic equipment of the present invention comprises the steps:
The 1st step, firmware file is expressly carried out block encryption, form the firmware file ciphertext;
With at least one of firmware file ciphertext as key blocks;
With the key of block encryption and/or initialization vector together as access certificate;
In the 2nd step, the firmware file ciphertext is removed the part of key blocks, public publication on network;
The key blocks of firmware file ciphertext and access certificate, only the network connection by safety transfers to electronic equipment;
In the 3rd step, after electronic equipment obtains the firmware file ciphertext and removes the key blocks of the part of key blocks, firmware file ciphertext, access certificate, preceding two parts are merged into complete firmware file ciphertext, and decrypt firmware file expressly by access certificate;
In the 4th step, electronic equipment expressly carries out firmware upgrade according to firmware file.
The firmware upgrade method of electronic equipment of the present invention, firmware file is encrypted to a plurality of ciphertext blocks of " indispensable ", and therefrom extract key blocks, itself and access certificate only are transferred to electronic equipment by the network channel of safety, then issue by disclosed network channel for the firmware file ciphertext of removing outside the key blocks.After lacking key blocks and access certificate, anyone can't form complete firmware file ciphertext, the more impossible firmware file plaintext that decrypts, and this has just fully guaranteed the safety of firmware file.Key blocks and access certificate are less, and the firmware file ciphertext of removing outside the key blocks is bigger, and part that will be bigger is issued with open channel, thereby allows the user obtain speed of download faster.
Description of drawings
Fig. 1 is the synoptic diagram of the firmware upgrade method of electronic equipment of the present invention;
Fig. 2 is the synoptic diagram of block encryption.
Embodiment
See also Fig. 1, the firmware upgrade method of electronic equipment of the present invention comprises the steps:
The 1st step, electronic equipment set manufacturer carries out block encryption to the plaintext of firmware file, the algorithm pattern of block encryption is CBC pattern or CFB pattern or OFB pattern, at least one of the firmware file ciphertext that will obtain after will encrypting then as key blocks, and with the key of block encryption and initialization vector together as access certificate.
In the 2nd step, the firmware file ciphertext is removed the part of key blocks, public publication on network; The key blocks of firmware file ciphertext and access certificate, only the network connection by safety transfers to electronic equipment.
In the 3rd step, after electronic equipment obtains the firmware file ciphertext and removes the key blocks of the part of key blocks, firmware file ciphertext, access certificate, preceding two parts are merged into complete firmware file ciphertext, and decrypt firmware expressly by access certificate.
In the 4th step, electronic equipment expressly carries out firmware upgrade according to firmware file.
Generally the encryption equipment based on key is shaped on two kinds: symmetric key encryption (Symmetric KeyCryptogtaphy) and asymmetric-key encryption (Asymmetric Key Cryptography).Symmetric key encryption is divided into stream encryption (stream ciphers) and block encryption (block ciphers) again.Stream encryption is a position in the encrypting plaintext, for example a bit (position) or a byte (byte).Block encryption is a piece in the encrypting plaintext, claims block encryption again.
See also Fig. 2, the basic skills of block encryption is: earlier plaintext is divided into a plurality of Plaintext block, the length of each Plaintext block is identical, and last Plaintext block can be filled to satisfy length requirement.Again each Plaintext block is encrypted according to cryptographic algorithm, thereby obtain a plurality of ciphertext blocks.The quantity of ciphertext blocks is identical with the quantity of Plaintext block.The integral body of these a plurality of ciphertext blocks is exactly ciphertext.For different cryptographic algorithm, algorithm pattern, when encrypting, also need key and/or initialization vector.
The common algorithm of block encryption has: AES (advanced encryption standard, Advanced Encryption Standard); DES (data encryption standard, data encryption standards) also claims DEA (dataencryption algorithm, data encryption algorithm); DESX (extended data encryptionstandard, the data encryption standards of expansion); Three times of DES (triple DES); RC2; RC5; RC6 etc.
Algorithm pattern (algorithm mode) is the combination of a series of rudimentary algorithm steps in the block encryption, and common algorithm pattern has: ECB (Electronic Code Book, electronic codebook mode) pattern; CBC (Cipher Block Chaining, cipher block chaining) pattern; CFB (Cipher Feedback, cipher feedback) pattern; OFB (Output Feedback, output feedback) pattern." safety theory of communication network and technology " (publishing house of Tsing-Hua University 2006 publishes, wear the hermit, Wang Peikang, Chen Wei write) 10.2.2 joint has detailed description for the encryption and decryption operation of above-mentioned various algorithm patterns.
CBC, CFB have identical characteristics with the OFB algorithm pattern: when first Plaintext block is encrypted, need use initialization vector and key; When second and later Plaintext block are encrypted, need use previous Plaintext block (or certain value in the previous Plaintext block ciphering process) and key.During to first ciphertext blocks deciphering, need use initialization vector and key; During to second and later ciphertext blocks deciphering, need use previous ciphertext blocks (or certain value in the previous ciphertext blocks decrypting process) and key.This means, form a plurality of ciphertext blocks, lack wherein that any one ciphertext blocks just can't decrypt whole Plaintext block, thereby can't obtain plaintext when adopting CBC, CFB or OFB algorithm pattern to encrypt.
Said method has just made full use of CBC, CFB and the OFB algorithm pattern of the block encryption in the symmetric cryptography in the 1st step, and a plurality of ciphertext blocks of having constructed " indispensable " are as the firmware file ciphertext.Then with at least one ciphertext blocks in the firmware file ciphertext as key blocks.Under the preferable case, with first ciphertext blocks of firmware file ciphertext as key blocks.With the initialization vector in the ciphering process and key as access certificate.Key and initialization vector can be one group, also can be many groups, and obviously the latter's security is stronger.Because symmetric cryptography mechanism, this access certificate also is used for decryption oprerations simultaneously.
Said method is in the 2nd step, and the firmware file ciphertext is removed the part of key blocks, and with the publicity pattern distribution, the user can download from each big website, thereby obtains transfer rate faster.Because public publication is not complete firmware file ciphertext, so the third party can't obtain firmware file expressly thus.The key blocks of firmware file ciphertext and access certificate, only the network by safety connects from the Server Transport to the electronic equipment.The network of so-called safety connects, and for example to be electronic equipment is connected the network connection line data of going forward side by side by the https agreement transmits with server.
Said method is in the 3rd step, electronic equipment will disclose firmware file ciphertext that channel obtains and remove the key blocks of the firmware file ciphertext that the part of key blocks, safe channel obtain and merge into complete firmware file ciphertext, and the access certificate that obtains with safe channel decrypts the firmware plaintext again.The third party can't obtain from the crucial money and the access certificate of the firmware file ciphertext of safety channel transmission, so the third party both can't obtain complete firmware file ciphertext, also can't decrypt firmware file expressly.
Enumerate the specific embodiment of the firmware upgrade method of an electronic equipment of the present invention below.
The 1.1st step generated key and initialization vector that m organizes the AES-256 cryptographic algorithm at random, and all keys and initialization vector are formed access certificate jointly.
The 1.2nd step was a plurality of Plaintext block with unencrypted firmware file (promptly expressly) cutting, and the length of each Plaintext block is identical, and this length is necessary for the multiple of 16 bytes.If the length of last Plaintext block less than the length of other Plaintext block, then adds to identical with other Plaintext block length.In the preferred case, the length of each Plaintext block should be qualified minimum length.
The 1.3rd step, use m group key and initialization vector to encrypt a plurality of Plaintext block by turns, form a plurality of ciphertext blocks identical with Plaintext block quantity.
The 1st group key and initialization vector encrypt the 1st, m+1,2m+1,3m+1 ... individual Plaintext block; The 2nd group key and initialization vector encrypt the 2nd, m+2,2m+2,3m+2 ... individual Plaintext block; The rest may be inferred, m group key and initialization vector encrypt m, 2m, 3m, 4m ... individual Plaintext block.The algorithm of encrypting is AES-256, and algorithm pattern is CBC.
With the 1st group key and initialization vector is example, need use the 1st group key and the 1st group of initialization vector when encrypting the 1st Plaintext block, obtains the 1st ciphertext blocks; Need use the 1st ciphertext blocks and the 1st group key when encrypting m+1 Plaintext block, obtain m+1 ciphertext blocks; Need use m+1 ciphertext blocks and the 1st group key when encrypting 2m+1 Plaintext block ...This encryption mode is exactly the CBC algorithm pattern, during deciphering similarly.
Adopting the AES-256 cryptographic algorithm, is because its enciphering rate is fast, safe, is suitable for encrypting mass data.Adopting the CBC algorithm pattern, is because it has the characteristics of " lack any ciphertext blocks and just can't decrypt whole Plaintext block ".
Obviously, AES-256 cryptographic algorithm among this embodiment can replace with any block encryption algorithm, CBC algorithm pattern among this embodiment can replace with CFB or OFB algorithm pattern, many group keys and initialization vector among this embodiment can replace with a group key and initialization vector, this to the present invention without any materially affect.
The 1.4th step, every group key and initialization vector are encrypted the first ciphertext blocks that forms as key blocks, promptly the 1st, 2 ... m ciphertext blocks is as key blocks, and this is preferred situation.Perhaps, can get one or more arbitrarily ciphertext blocks as key blocks.
In the 2nd step, the key blocks of firmware file ciphertext and access certificate, directly are transferred to the electric terminal from server as the https agreement together by reliable encrypted tunnel, with the key blocks of guaranteeing the firmware file ciphertext and the transmission security of access certificate.The firmware file ciphertext of removing outside the key blocks is may volume bigger, and for example tens or MB up to a hundred, therefore by the network public publication, allow the user to use various download tools to download, thereby accelerate speed of download from the website that each has this resource.
The 3rd step, electronic equipment obtains the key blocks of access certificate and firmware file ciphertext by the https agreement, after also obtaining to remove firmware file ciphertext outside the key blocks, two parts firmware file ciphertext merged form complete firmware file ciphertext from public download channel.Electronic equipment is again by access certificate, decrypt firmware file expressly according to the AES-256 decipherment algorithm from the firmware file ciphertext.
If cryptographic algorithm is not AES-256, then decipherment algorithm should be corresponding with cryptographic algorithm.
In the 4th step, electronic equipment utilizes firmware file (promptly expressly) to carry out firmware upgrade.
The group number of the cryptographic algorithm that the foregoing description provides, decipherment algorithm, algorithm pattern, key and initialization vector, key blocks etc. are signal; any change of being done under the prerequisite of not violating inventive concept all should be regarded as within protection scope of the present invention.
Claims (7)
1. the firmware upgrade method of an electronic equipment is characterized in that, comprises the steps:
The 1st step, firmware file is expressly carried out block encryption, form the firmware file ciphertext;
With at least one of firmware file ciphertext as key blocks;
With the key of block encryption and/or initialization vector together as access certificate;
In the 2nd step, the firmware file ciphertext is removed the part of key blocks, public publication on network;
The key blocks of firmware file ciphertext and access certificate, only the network connection by safety transfers to electronic equipment;
In the 3rd step, after electronic equipment obtains the firmware file ciphertext and removes the key blocks and access certificate of the part of key blocks, firmware file ciphertext, preceding two parts are merged into complete firmware file ciphertext, and decrypt firmware file expressly by access certificate;
In the 4th step, electronic equipment expressly carries out firmware upgrade according to firmware file.
2. the firmware upgrade method of electronic equipment according to claim 1 is characterized in that, described method is in the 1st step, and the algorithm pattern of block encryption is CBC pattern or CFB pattern or OFB pattern.
3. the firmware upgrade method of electronic equipment according to claim 1 is characterized in that, described the 1st step of method specifically comprises:
In the 1.1st step, generate at least one group key and/or initialization vector;
The 1.2nd step expressly was divided into a plurality of Plaintext block of equal in length with firmware file, if last Plaintext block length is different with other Plaintext block length, then in the end in Plaintext block filling to satisfy equal in length;
The 1.3rd step, adopt one or more groups key and/or the initialization vector of the generation of the 1.1st step, a plurality of Plaintext block that the 1.2nd step formed are carried out block encryption respectively, form a plurality of ciphertext blocks identical with Plaintext block quantity, these a plurality of ciphertext blocks have been formed the firmware file ciphertext;
In the 1.4th step, at least one ciphertext blocks in a plurality of ciphertext blocks that the 1.3rd step was formed is as key blocks.
4. the firmware upgrade method of electronic equipment according to claim 3 is characterized in that, described method generates a group key and initialization vector in the 1.1st step;
Described method adopts this group key and initialization vector that all Plaintext block are encrypted in the 1.3rd step.
5. the firmware upgrade method of electronic equipment according to claim 3 is characterized in that, described method generates m group key and initialization vector in the 1.2nd step, and m is the natural number greater than 1;
Described method adopts this m group key and initialization vector by turns all Plaintext block to be encrypted in the 1.3rd step;
The 1st group key and initialization vector encrypt the 1st, m+1,2m+1,3m+1 ... individual Plaintext block;
The 2nd group key and initialization vector encrypt the 2nd, m+2,2m+1,3m+1 ... individual Plaintext block;
......
M group key and initialization vector encrypt m, 2m, 3m, 4m ... individual Plaintext block.
6. the firmware upgrade method of electronic equipment according to claim 3 is characterized in that, described method is encrypted the first ciphertext blocks of formation as key blocks with every group key and initialization vector in the 1.4th step.
7. the firmware upgrade method of electronic equipment according to claim 1 is characterized in that, described method is in the 1st step, and the algorithm of block encryption is one or more of AES, DES, DESX, three times of DES, RC2, RC5, RC6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009102017078A CN102043641A (en) | 2009-10-22 | 2009-10-22 | Firmware upgrading method of electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009102017078A CN102043641A (en) | 2009-10-22 | 2009-10-22 | Firmware upgrading method of electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102043641A true CN102043641A (en) | 2011-05-04 |
Family
ID=43909800
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009102017078A Pending CN102043641A (en) | 2009-10-22 | 2009-10-22 | Firmware upgrading method of electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102043641A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103761486A (en) * | 2013-12-02 | 2014-04-30 | 苗立地 | Electronic file encryption method and device |
| CN106503494A (en) * | 2016-11-05 | 2017-03-15 | 福建省北峰电讯科技有限公司 | A kind of firmware protection location and guard method with flash memory microcontroller on piece |
| CN108306970A (en) * | 2018-02-02 | 2018-07-20 | 浙江德景电子科技有限公司 | A kind of download of firmware safety and calibration equipment and method based on safety chip |
| CN109495527A (en) * | 2017-09-12 | 2019-03-19 | 北京普源精电科技有限公司 | A kind of upgrade method and oscillograph of oscillograph |
| CN109660542A (en) * | 2018-12-25 | 2019-04-19 | 百度在线网络技术(北京)有限公司 | Data processing method, device and terminal |
-
2009
- 2009-10-22 CN CN2009102017078A patent/CN102043641A/en active Pending
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103761486A (en) * | 2013-12-02 | 2014-04-30 | 苗立地 | Electronic file encryption method and device |
| CN106503494A (en) * | 2016-11-05 | 2017-03-15 | 福建省北峰电讯科技有限公司 | A kind of firmware protection location and guard method with flash memory microcontroller on piece |
| CN109495527A (en) * | 2017-09-12 | 2019-03-19 | 北京普源精电科技有限公司 | A kind of upgrade method and oscillograph of oscillograph |
| CN109495527B (en) * | 2017-09-12 | 2021-11-02 | 北京普源精电科技有限公司 | Oscilloscope and upgrading method thereof |
| CN108306970A (en) * | 2018-02-02 | 2018-07-20 | 浙江德景电子科技有限公司 | A kind of download of firmware safety and calibration equipment and method based on safety chip |
| CN109660542A (en) * | 2018-12-25 | 2019-04-19 | 百度在线网络技术(北京)有限公司 | Data processing method, device and terminal |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101753292B (en) | Methods and devices for a chained encryption mode | |
| KR101744748B1 (en) | Contents protection, encryption and decryption apparatus using white-box cryptography | |
| CN102546181B (en) | Cloud storage encrypting and deciphering method based on secret key pool | |
| KR102136904B1 (en) | Shared secret key generation device, encryption device, decryption device, shared secret key generation method, encryption method, decryption method, and program | |
| CN102195776A (en) | Method and system for processing information in a safety communication system | |
| CN101304314B (en) | Methods of encrypting and decrypting data and bus system using the methods | |
| US20100202606A1 (en) | Two strings private key (symmetric) encryption and decryption method | |
| CN103081396A (en) | Communication terminal, communication system, communication method and communication program | |
| CN103795533A (en) | Id-based encryption and decryption method, and apparatus for executing same | |
| CN104917787A (en) | File secure sharing method and system based on group key | |
| CN110062014A (en) | The encryption and decryption method and system of network model | |
| CN102546156A (en) | Method, system and device for grouping encryption | |
| CN100382485C (en) | Method of designing optimum encryption function and optimized encryption apparatus in a mobile communication system | |
| CN102043641A (en) | Firmware upgrading method of electronic equipment | |
| CN103580851A (en) | Information encryption and decryption method | |
| CN101931623B (en) | Safety communication method suitable for remote control with limited capability at controlled end | |
| CN102833077A (en) | Encryption and decryption methods of remote card-issuing data transmission of financial IC (Integrated Circuit) card and financial social security IC card | |
| CN103117850B (en) | A kind of method for building up of the cryptographic system based on random sequence database | |
| CN102332077A (en) | Hand-held equipment data encryption and decryption method and hand-held equipment peripheral equipment thereof | |
| CN112947967B (en) | Software updating method, blockchain application store and software uploading terminal | |
| CN102377563A (en) | Method for data stream encryption | |
| KR101602803B1 (en) | The encryption and decryption Method of using to polarization | |
| US20080232585A1 (en) | Method for Code Generation | |
| CN103313097A (en) | Method and system for encrypting and decrypting encoded file | |
| CN101267295A (en) | Method and system for processing information in safety communication system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| ASS | Succession or assignment of patent right |
Owner name: SHANGHAI GUOKE ELECTRONIC CO., LTD. Free format text: FORMER OWNER: SHANDA COMPUTER (SHANGHAI) CO., LTD. Effective date: 20120706 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20120706 Address after: Shanghai city Pudong New Area 201203 GuoShouJing Road No. 356 Applicant after: Shanghai Guoke Electronic Co., Ltd. Address before: Shanghai city Pudong New Area 201203 GuoShouJing Road No. 356 Applicant before: Shanda computer (Shanghai) Co., Ltd. |
|
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| ASS | Succession or assignment of patent right |
Owner name: SHANGHAI SHENGXUAN NETWORK TECHNOLOGY CO., LTD. Free format text: FORMER OWNER: SHANGHAI GUOKE ELECTRONIC CO., LTD. Effective date: 20130304 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20130304 Address after: 201203 Shanghai Guo Shou Jing Road, Zhangjiang hi tech Park No. 356 building 3 room 126 Applicant after: Shanghai Shengxuan Network Technology Co., Ltd. Address before: Shanghai city Pudong New Area 201203 GuoShouJing Road No. 356 Applicant before: Shanghai Guoke Electronic Co., Ltd. |
|
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20110504 |