CN109508534A - Prevent method, the embedded system attacked that degrade by software - Google Patents
Prevent method, the embedded system attacked that degrade by software Download PDFInfo
- Publication number
- CN109508534A CN109508534A CN201710826021.2A CN201710826021A CN109508534A CN 109508534 A CN109508534 A CN 109508534A CN 201710826021 A CN201710826021 A CN 201710826021A CN 109508534 A CN109508534 A CN 109508534A
- Authority
- CN
- China
- Prior art keywords
- version information
- main version
- memory area
- subsystem components
- secure memory
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The present invention, which is provided in embedded system, prevents degrade by software method, the embedded system attacked based on trustzone, after method includes: system electrification, loads the edition data of system to be launched to secure memory area;Signature check is carried out to the edition data in secure memory area;If being verified, the main version information of pre-stored first is obtained from secure storage section to secure memory area;The second main version information is read from the edition data, and is compared with the described first main version information;If the second main version information is lower than the first main version information, refuse system starting.The grade for being able to achieve the version information of the main version information and subsystems component for the treatment of activation system is judged, forbids system software to degrade and there is the risk attacked for known bugs, so that it is guaranteed that the security reliability of system running environment.
Description
Technical field
The present invention relates to embedded system security field, particularly relate to prevent the side attacked that degrades by software
Method, embedded system.
Background technique
In embedded systems, by credible starting, (each stage is loaded existing technical solution in start-up course
Module all carries out safety check before load operating, runs if verifying and passing through, and otherwise refusal executes) although can guarantee
All system components of load starting are all authority checkings, but do not account for the problem of software version is replaced.Namely
Existing highest version software version may alternatively be the software of old lowest version, because of the signature that the software of legacy version is had
And it is legal, it can also start in the legal load of existing system, if there are security breaches for the software of legacy version, thus
It can be utilized by attacker, first replace with old version program and attacked using the loophole of legacy version.
The key plate of such as newest embedded system of present company publication is originally 2.0 version, while on company official website
Key plate can be downloaded to originally it is 1.0 legacy version, but this 1.0 version has security breaches, and 2.0 version is
Repaired corresponding security breaches.At this moment the equipment that attacker takes 2.0 versions can not attack, therefore he will be
The equipment of 2.0 versions degrades, by the software and burning of downloading 1.0 versions till now in the equipment of 2.0 versions, thus
The loophole that can use 1.0 versions attack.
Therefore, it is necessary to provide a kind of safeguard measure that can prevent from attacker from passing through software degradation to be attacked.
Summary of the invention
The technical problems to be solved by the present invention are: providing a kind of prevents the method, embedding attacked that degrades by software
Embedded system effectively prevent attacker to attack by software degradation, to improve security of system.
In order to solve the above-mentioned technical problem, the technical solution adopted by the present invention are as follows:
The method attacked that degrades by software is prevented based on trustzone in embedded system, comprising:
After system electrification, the edition data of system to be launched is loaded to secure memory area;
Signature check is carried out to the edition data in secure memory area;
If being verified, the main version information of pre-stored first is obtained from secure storage section to secure memory area;
The second main version information is read from the edition data, and is compared with the described first main version information;If
Second main version information is lower than the first main version information, then refuses system starting.
Another technical solution provided by the invention are as follows:
A kind of embedded system based on trustzone, the ROM area that can not be distorted including on piece, secure storage section
And secure memory area;
It is stored with computer program on the ROM area, which is cured to described before system factory
In ROM area;It is performed the steps of when described program is executed by processor
After system electrification, the edition data of system to be launched is loaded to secure memory area;
Signature check is carried out to the edition data in secure memory area;
If being verified, the main version information of pre-stored first is obtained from secure storage section to secure memory area;
The second main version information is read from the edition data, and is compared with the described first main version information;If
Second main version information is lower than the first main version information, then refuses system starting.
The beneficial effects of the present invention are: the present invention is based on the trustzone hardware structures of ARM, by embedded system
After system powers on, whether judgement is lower than by the main version information of the system to be launched of signature verification in believable secure memory area
The main version information stored in secure memory area, if so, refusal starting.Refuse the related journey lower than current system version with this
Sequence starting, it is ensured that embedded system associated component can not be entered the component of legacy version by brush, to prevent attacker by brushing into band
There is the component of the legacy version of known bugs, the known bugs of legacy version is recycled to be attacked.The present invention can ensure that embedded system
System operates in safe and reliable environment.
Detailed description of the invention
Fig. 1 is to prevent the method attacked that degrades by software based on trustzone in embedded system of the present invention
Flow diagram;
Fig. 2 is the data structure schematic diagram of edition data in the present invention;
Fig. 3 is the information exchange schematic diagram that this information process of key plate is verified in the embodiment of the present invention;
Fig. 4 is the data structure schematic diagram of subsystem components in the present invention;
Fig. 5 is the information exchange schematic diagram that front stage subsystem components version information is verified in the embodiment of the present invention;
Fig. 6 is the information exchange schematic diagram that each subsystem components version information is verified in the embodiment of the present invention;
Fig. 7 is the schematic diagram of signature process in the embodiment of the present invention;
Fig. 8 is the schematic diagram of signature verification process in the embodiment of the present invention.
Specific embodiment
To explain the technical content, the achieved purpose and the effect of the present invention in detail, below in conjunction with embodiment and cooperate attached
Figure is explained.
The most critical design of the present invention is: judging in believable secure memory area logical after embedded system powers on
Whether the main version information for crossing the system to be launched of signature verification is lower than the main version information stored in secure memory area, if so,
Then refuse to start.It can effectively prevent illegal person and pass through the problem of recycling known bugs attack that system version degrades.
Explanation of technical terms of the present invention:
Please refer to Fig. 1 and Fig. 2, the present invention provides to be prevented from passing through software in a kind of embedded system based on trustzone
Degrade the method attacked, comprising:
After system electrification, the edition data of system to be launched is loaded to secure memory area;
Signature check is carried out to the edition data in secure memory area;
If being verified, the main version information of pre-stored first is obtained from secure storage section to secure memory area;
The second main version information is read from the edition data, and is compared with the described first main version information;If
Second main version information is lower than the first main version information, then refuses system starting.
As can be seen from the above description, the beneficial effects of the present invention are: the main version information of only system to be launched is above
Or could be run equal to the main version information of current system, prevent software to be downgraded to legacy version with this, then by attacker's benefit
System is attacked with the known bugs of legacy version, threatens system safety.
Further, further includes:
If not being pre-stored with the first main version information in the secure storage section, by the described first main version information
It stores to the secure storage section.
It seen from the above description, will if not stored in secure storage section have the existing main version information of highest system
The main version information write-in read in edition data by verifying verification, provides foundation for edition comparison next time.
Further, further includes:
If the second main version information is higher than the first main version information, the described second main version information is replaced into the first key plate
This information is written in the secure storage section.
Seen from the above description, if system this message level of key plate to be launched is higher than the main version information of existing system,
Then the higher main version information of grade is replaced in original write-in secure storage section, it is ensured that it is accurate that each version information compares
Property.
Further, further includes:
A subsystem components to be launched are loaded to secure memory area;
If passing through in secure memory area to the signature check of a subsystem components;
Corresponding sub-component version information is then read from a subsystem components;
Compare whether the sub-component version information is lower than the son that a subsystem components are corresponded in the edition data
Version information, if so, refusal starts a subsystem components;If it is not, then agreeing to start a subsystem components, simultaneously
It triggers and the version of next subsystem components is verified.
Seen from the above description, due to the limited storage space of secure storage section, main version information is only recorded, other are waited for
The judgment basis for loading the corresponding child release information of subsystem components of starting is to be loaded into safety from generic storage region
The edition data crossed in memory field by signature check.And the verifying of the child release information of each subsystem components is all linked with one another, only
There are previous subsystem components by the way that the judgement to next subsystem components could be triggered after verifying, therefore ensures that embedded system
Each system component version of upper operation, which can not be replaced by, to have the legacy version component of security breaches, while guarantee system
That verifies is comprehensive.
Further, the edition data includes the second main version information, the corresponding child release letter of subsystems component
Breath and to the signed data of the described second main version information and each child release information.
Seen from the above description, the therein first main version information and each sub- version only could be obtained by signature verification
This information therefore ensures that the legitimate secure of edition data.
Another technical solution provided by the invention are as follows:
A kind of embedded system based on trustzone, the ROM area that can not be distorted including on piece, secure storage section
And secure memory area;
It is stored with computer program on the ROM area, which is cured to described before system factory
In ROM area;It is performed the steps of when described program is executed by processor
After system electrification, the edition data of system to be launched is loaded to secure memory area;
Signature check is carried out to the edition data in secure memory area;
If being verified, the main version information of pre-stored first is obtained from secure storage section to secure memory area;
The second main version information is read from the edition data, and is compared with the described first main version information;If
Second main version information is lower than the first main version information, then refuses system starting.
As can be seen from the above description, trustzone hardware structure of this programme based on ARM, on piece can not distort ROM area,
(first program after embedded system electrifying startup is behaved from this, before factory program Solidification to the inside it
Just can not modify afterwards, in this, as the trusted root of system), secure storage section and credible starting (every single order in start-up course
The module that section is loaded all has carried out safety check before load operating, runs if verifying and passing through, and otherwise refusal is held
Row).In advance in two local recording version informations, one is that secure storage section is stored in believable main version information, in addition one
The main version information of a corresponding region deposit whole system generic storage region (being generally placed upon on FLASH) and to be loaded
The child release information of subsystems component.Trust authentication is carried out by the way that version information is loaded into secure memory area, and is judged
Whether its rank is higher than existing system, and only the two could be run by verifying.Can on the basis of existing trust authentication,
Illegal downgrade attacks are effectively prevent, the security level of system running environment is significantly improved.
Further, described program, which also executes, includes:
If not being pre-stored with the first main version information in the secure storage section, by the described first main version information
It stores to the secure storage section.
Further, described program, which also executes, includes:
If the second main version information is higher than the first main version information, the described second main version information is replaced into the first key plate
This information is written in the secure storage section.
Further, further include the area flash in general memory area, be stored with system to be launched in the area flash
The edition data of system, the edition data include the second main version information, the corresponding child release information of subsystems component, with
And the signed data to the described second main version information and each child release information;
Described program also executes
A subsystem components to be launched are loaded from the area flash to secure memory area;
If passing through in secure memory area to the signature check of a subsystem components;
Corresponding sub-component version information is then read from a subsystem components;
Compare in the edition data whether the sub-component version information is lower than in the secure memory area and corresponds to institute
The child release information of a subsystem components is stated, if so, refusal starts a subsystem components;If it is not, then agreeing to start institute
A subsystem components are stated, while triggering and the version of next subsystem components is verified.
Further, the secure storage section is on piece fuse bit.
Embodiment
Referring to figure 2. to Fig. 8, the present embodiment provides one kind to apply in embedded system, the trustzone based on ARM
Hardware structure realizes the method and system for preventing attacker from being attacked by software degradation.The framework provide a hardware every
From secure memory area (region trustzone) handle the higher task of security requirement.
The realization of method in the present embodiment, based on the embedded system for supporting trustzone;As shown in figure 3, the system packet
Include ROM area, secure storage section and secure memory area that on piece can not distort.Specifically, the area ROM that on piece can not distort
After domain is embedded system electrifying startup, place that first program of system behaves.What is be typically complex is embedded
Several components of system point, such as first order loading procedure, second level loading procedure, kernel program, file system, application program
Deng, first program here refer to power on after the first order loading procedure that starts.Meanwhile in the present embodiment, by that will correspond to
The program Solidification of the present embodiment method is realized to that just can not modify later here, in this, as the trusted root of system.Further,
In the present embodiment, preferably using on piece fuse bit as secure storage section, there is the characteristic that can not change physically, it is following will be with
It is illustrated for this.
The present embodiment provides a kind of in the premise of existing credible start-up technique, and further strengthening realization prevents software from dropping
The method that grade arrives legacy version.The credible starting, the module being loaded for each stage in start-up course is before load operating
Safety check has all been carried out, has been run if verifying and passing through, otherwise refusal executes.
The method of the present embodiment, specifically includes:
S1: the main version information of current system is stored on piece fuse bit in advance.Certainly, if current system is not installed also
Software is crossed, then will not be stored with main version information on piece fuse bit.
S2: the system software corresponding edition data to be launched for updating installation is downloaded in general memory area, is preferably deposited
Storage is following to be also illustrated as example in the corresponding region flash.Specifically, being stored with version number in the region flash
According to and each starting to be loaded subsystem components 1 to subsystem components N.
The format of the edition data is as shown in Fig. 2, include main version information, each height to be loaded of system to be launched
Version information 1 is to child release information N, and the signed data of this corresponding two parts information.
S3: after system electrification, credible rooter first loaded from the region flash the edition data of system to be launched to
The secure memory area in the region trustzone;
S4: in secure memory area, signature verification is carried out to above-mentioned edition data, if signature verification passes through, from piece
The main version information of highest system of pre-stored current system, i.e. S1 pre-stored main version information, until peace are obtained in fuse bit
Full memory field.
S5: the main version information of system to be launched is read out from the edition data above by signature verification;
S6: if will be read from the edition data that signature verification passes through in fuse bit there are no main version information is stored
To main version information write-in fuse bit in.Due to having passed through trust authentication, while again, there is no the versions of greater degree to believe
Breath, it is thus ensured that the safety of current system to be launched.Then execute S9;
S7: it if being stored with the main version information of current system in fuse bit, reads into secure memory area;
S8: the key plate of current system this letter that the main version information and S7 for comparing the system to be launched that S5 is read are read
Breath;
If the main version information of system to be launched is lower than the main version information of current system, refuse to load system to be launched
First order boot loader, such as subsystem components 1;
It is normal to start if the two version number is identical, continue to execute step S9;
If the main version information of system to be launched is higher than the main version information in fuse bit, be written in fuse bit wait open
The main version information of dynamic system, as new main version information;Then normal starting, executes step S9.
Because fuse bit region is limited, the main version information of current system is only recorded.Therefore, the son of other startings to be loaded
The foundation of the version judgement of system component has been loaded into secure memory from flash, and the edition data of signature check is passed through.
The internal data format of subsystem components is as shown in figure 4, include master data, subsystem group of the subsystem components
The version information of part and signed data to preceding two parts content.
Referring to Fig. 5, the sequence according to number 1. 2. 3. 4., the version of the subsystem components of other startings to be loaded are legal
Property judge process are as follows: such as want load and execution n-th subsystem components, it is legal to need to confirm by signature check and version
The N-1 subsystem components carry out, the N-1 subsystem components runs to final stage, next level assembly can be loaded
Signature check and version confirmation request to next level assembly are initiated to memory, and to the trusted root for operating in trustzone, it can
Believe that root can carry out signature check to next level assembly loaded into memory, compares if verifying and passing through and be already loaded into safety
Complement version information in the version information of the level assembly and common memory in the edition data of memory field, if in common memory
Version it is lower than the version in secure memory, refuse to execute, the load operating if being higher than or is identical.
Specifically, referring to Fig. 6, may include:
S9: first subsystem components (subsystem components 1) to be launched is loaded to secure memory area;
S10: if passing through in secure memory area to the signature check of the subsystem components;Then read from the subsystem components
Take corresponding sub-component version information;
S11: compare whether the sub-component version information is lower than in S4 step by the edition data of signature verification
The child release information of the correspondence of the storage subsystem components;If so, refusal starts the subsystem components;If it is not, then agreeing to open
A subsystem components are moved, while triggering and the version of next subsystem components is verified, i.e., are initiated to trusted root to next stage
The signature verification and version confirmation request of subsystem components;Next level assembly (subsystem components 2) is loaded to secure memory area, according to
Sequence judgement, until completing the judgement of sub-system component N.Thus the signature of subsystem components step by step is tested in completion all linked with one another
Card and version confirmation, it is ensured that each system component version run in embedded system can not be replaced by may be with safety leakage
The legacy version component in hole.
The entire embedded device of the present embodiment is in the process that each stage of starting successfully starts up: device power -> starting
Credible rooter -> load application version data that on piece can not distort, signature check, key plate this validation of information -> load subsystem group
Part 1& signature check, the confirmation of 1 version of subsystem components, execute -> ... -> load subsystem components N& signature check, subsystem group
The confirmation of part version, executes.
It should be noted that signature and signature-verification process in the present embodiment, as shown in fig. 7, signature process are as follows: treat
The edition data of system and the edition data of other subsystems components for loading starting carry out One-way secure hash respectively
Corresponding digest value is calculated in algorithm, then corresponding number of signature is obtained after encrypting respectively to digest value using corresponding private key
According to.As shown in figure 8, signature-verification process: signed data is decrypted using corresponding public key generates a digest value, while to
The data of signature verification are calculated also one digest value of generation using One-way secure hash functions, are carried out pair in two digest value
If signature verification fails if inconsistent than consistent signature verification success.
Method through this embodiment may insure that embedded system associated component can not be entered the component of legacy version by brush, from
And attacker is prevented by brushing the component into the legacy version with known bugs, so that the known bugs using legacy version are attacked
It hits.
The present embodiment also provides a corresponding embedded system based on trustzone for realizing the above method, including on piece
The secure memory area in ROM area, secure storage section (on piece fuse bit) and the region trustzone that can not be distorted;
The ROM area solidifies a computer program so far before factory, the trusted root as system.The computer program
S2 to the S11 step executed in the above method is just started by processor after device power.
Preferably, as shown in figure 3, including peace in the credible performing environment of the trustzone of the embedded system of the present embodiment
Full memory field, loading module, signature check module and version confirmation module;Corresponding S2 to the S8 step for realizing the above method.
Trusted root includes signature check module and version confirmation module, corresponds to the subsystem components for realizing starting to be loaded
Version validity judgement process.
It is attacked in conclusion preventing from degrading by software based on trustzone in embedded system provided by the invention
The method and its system hit are able to achieve the version information of the main version information and subsystems component for the treatment of activation system
Grade is judged, forbids system software to degrade and there is the risk attacked for known bugs, so that it is guaranteed that system is transported
The security reliability of row environment.
The above description is only an embodiment of the present invention, is not intended to limit the scope of the invention, all to utilize this hair
Equivalents made by bright specification and accompanying drawing content are applied directly or indirectly in relevant technical field, similarly include
In scope of patent protection of the invention.
Claims (10)
1. preventing the method attacked that degrades by software based on trustzone in embedded system, which is characterized in that packet
It includes:
After system electrification, the edition data of system to be launched is loaded to secure memory area;
Signature check is carried out to the edition data in secure memory area;
If being verified, the main version information of pre-stored first is obtained from secure storage section to secure memory area;
The second main version information is read from the edition data, and is compared with the described first main version information;If second
Main version information is lower than the first main version information, then refuses system starting.
2. preventing the side attacked that degrades by software based on trustzone in embedded system as described in claim 1
Method, which is characterized in that further include:
If not being pre-stored with the first main version information in the secure storage section, the described first main version information is stored
To the secure storage section.
3. preventing the side attacked that degrades by software based on trustzone in embedded system as described in claim 1
Method, which is characterized in that further include:
If the second main version information is higher than the first main version information, the described second main version information is replaced into first key plate this letter
Breath, is written in the secure storage section.
4. preventing the side attacked that degrades by software based on trustzone in embedded system as described in claim 1
Method, which is characterized in that further include:
A subsystem components to be launched are loaded to secure memory area;
If passing through in secure memory area to the signature check of a subsystem components;
Corresponding sub-component version information is then read from a subsystem components;
Compare whether the sub-component version information is lower than the child release that a subsystem components are corresponded in the edition data
Information, if so, refusal starts a subsystem components;If it is not, then agreeing to start a subsystem components, trigger simultaneously
Version verifying to next subsystem components.
5. preventing the side attacked that degrades by software based on trustzone in embedded system as described in claim 1
Method, which is characterized in that the edition data include the second main version information, the corresponding child release information of subsystems component,
And the signed data to the described second main version information and each child release information.
6. a kind of embedded system based on trustzone, which is characterized in that the ROM area that can not be distorted including on piece, safety
Storage region and secure memory area;
It is stored with computer program on the ROM area, which is cured to the area ROM before system factory
In domain;It is performed the steps of when described program is executed by processor
After system electrification, the edition data of system to be launched is loaded to secure memory area;
Signature check is carried out to the edition data in secure memory area;
If being verified, the main version information of pre-stored first is obtained from secure storage section to secure memory area;
The second main version information is read from the edition data, and is compared with the described first main version information;If second
Main version information is lower than the first main version information, then refuses system starting.
7. a kind of embedded system based on trustzone as claimed in claim 6, which is characterized in that described program is also held
Row includes:
If not being pre-stored with the first main version information in the secure storage section, the described first main version information is stored
To the secure storage section.
8. a kind of embedded system based on trustzone as claimed in claim 6, which is characterized in that described program is also held
Row includes:
If the second main version information is higher than the first main version information, the described second main version information is replaced into first key plate this letter
Breath, is written in the secure storage section.
9. a kind of embedded system based on trustzone as claimed in claim 6, which is characterized in that further include positioned at general
Lead to the area flash in storage region, the edition data of system to be launched, the edition data packet are stored in the area flash
Include the corresponding child release information of the second main version information, subsystems component and to the described second main version information and respectively
The signed data of child release information;
Described program also executes
A subsystem components to be launched are loaded from the area flash to secure memory area;
If passing through in secure memory area to the signature check of a subsystem components;
Corresponding sub-component version information is then read from a subsystem components;
Compare in the edition data whether the sub-component version information is lower than in the secure memory area and corresponds to described one
The child release information of subsystem components, if so, refusal starts a subsystem components;If it is not, then agreeing to start described one
Subsystem components, while triggering and the version of next subsystem components is verified.
10. a kind of embedded system based on trustzone as claimed in claim 6, which is characterized in that the secure storage
Region is on piece fuse bit.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710826021.2A CN109508534A (en) | 2017-09-14 | 2017-09-14 | Prevent method, the embedded system attacked that degrade by software |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710826021.2A CN109508534A (en) | 2017-09-14 | 2017-09-14 | Prevent method, the embedded system attacked that degrade by software |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109508534A true CN109508534A (en) | 2019-03-22 |
Family
ID=65744327
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710826021.2A Pending CN109508534A (en) | 2017-09-14 | 2017-09-14 | Prevent method, the embedded system attacked that degrade by software |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109508534A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110070903A (en) * | 2019-04-22 | 2019-07-30 | 北京时代民芯科技有限公司 | A kind of the polycrystalline resistor type fuse circuit and method of advanced super low-power consumption |
| CN112560047A (en) * | 2020-12-21 | 2021-03-26 | 福建新大陆支付技术有限公司 | Android platform firmware degradation prevention method, application and storage medium thereof |
| CN112738031A (en) * | 2020-12-17 | 2021-04-30 | 南京城建隧桥经营管理有限责任公司 | Method and device for realizing security isolation of central server |
| WO2021223549A1 (en) * | 2020-05-08 | 2021-11-11 | 厦门亿联网络技术股份有限公司 | Clone upgrading method and system, and application |
| CN114567628A (en) * | 2022-02-28 | 2022-05-31 | 中汽创智科技有限公司 | OTA (over the air) upgrading method and device |
| WO2023143237A1 (en) * | 2022-01-25 | 2023-08-03 | 华为技术有限公司 | Software loading method and related apparatus |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JPH1153193A (en) * | 1997-06-05 | 1999-02-26 | Matsushita Electric Ind Co Ltd | Remotely downloadable terminal device, downloading method applied to loader program that same terminal device has, and recording medium where same loader program is recorded |
| US20140130151A1 (en) * | 2012-11-07 | 2014-05-08 | Qualcomm Incorporated | Methods for providing anti-rollback protection of a firmware version in a device which has no internal non-volatile memory |
| US20140250290A1 (en) * | 2013-03-01 | 2014-09-04 | St-Ericsson Sa | Method for Software Anti-Rollback Recovery |
| CN106406939A (en) * | 2016-09-05 | 2017-02-15 | 惠州Tcl移动通信有限公司 | EMMC chip-based mobile terminal rollback prevention method and system |
| CN106650460A (en) * | 2016-11-15 | 2017-05-10 | 上海华为技术有限公司 | Version check method and device and terminal equipment |
-
2017
- 2017-09-14 CN CN201710826021.2A patent/CN109508534A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JPH1153193A (en) * | 1997-06-05 | 1999-02-26 | Matsushita Electric Ind Co Ltd | Remotely downloadable terminal device, downloading method applied to loader program that same terminal device has, and recording medium where same loader program is recorded |
| US20140130151A1 (en) * | 2012-11-07 | 2014-05-08 | Qualcomm Incorporated | Methods for providing anti-rollback protection of a firmware version in a device which has no internal non-volatile memory |
| US20140250290A1 (en) * | 2013-03-01 | 2014-09-04 | St-Ericsson Sa | Method for Software Anti-Rollback Recovery |
| CN106406939A (en) * | 2016-09-05 | 2017-02-15 | 惠州Tcl移动通信有限公司 | EMMC chip-based mobile terminal rollback prevention method and system |
| CN106650460A (en) * | 2016-11-15 | 2017-05-10 | 上海华为技术有限公司 | Version check method and device and terminal equipment |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110070903A (en) * | 2019-04-22 | 2019-07-30 | 北京时代民芯科技有限公司 | A kind of the polycrystalline resistor type fuse circuit and method of advanced super low-power consumption |
| WO2021223549A1 (en) * | 2020-05-08 | 2021-11-11 | 厦门亿联网络技术股份有限公司 | Clone upgrading method and system, and application |
| CN112738031A (en) * | 2020-12-17 | 2021-04-30 | 南京城建隧桥经营管理有限责任公司 | Method and device for realizing security isolation of central server |
| CN112560047A (en) * | 2020-12-21 | 2021-03-26 | 福建新大陆支付技术有限公司 | Android platform firmware degradation prevention method, application and storage medium thereof |
| WO2023143237A1 (en) * | 2022-01-25 | 2023-08-03 | 华为技术有限公司 | Software loading method and related apparatus |
| CN114567628A (en) * | 2022-02-28 | 2022-05-31 | 中汽创智科技有限公司 | OTA (over the air) upgrading method and device |
| CN114567628B (en) * | 2022-02-28 | 2024-03-08 | 中汽创智科技有限公司 | OTA upgrading method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109508534A (en) | Prevent method, the embedded system attacked that degrade by software | |
| US11120126B2 (en) | Method and system for preventing and detecting security threats | |
| TWI607376B (en) | System and method for processing requests to alter system security databases and firmware stores in a unified extensible firmware interface-compliant computing device | |
| US8321911B2 (en) | Secure game download | |
| US20060156008A1 (en) | Last line of defense ensuring and enforcing sufficiently valid/current code | |
| EP2854066B1 (en) | System and method for firmware integrity verification using multiple keys and OTP memory | |
| US20060112241A1 (en) | System, method and apparatus of securing an operating system | |
| EP3295352A1 (en) | Client software attestation | |
| JP5937109B2 (en) | Method and engine control system for vehicle crime prevention | |
| CN106230598A (en) | Mobile terminal third-party application safety certifying method and device | |
| US20100100966A1 (en) | Method and system for blocking installation of some processes | |
| KR20070084326A (en) | Updating configuration parameters in a mobile terminal | |
| CN110795126A (en) | Firmware safety upgrading system | |
| CN106295350B (en) | identity verification method and device of trusted execution environment and terminal | |
| CN102833745B (en) | Method, communication equipment and communication system that a kind of software security is upgraded | |
| CN108959973A (en) | A kind of guard method and system refreshed for BMC firmware | |
| Ter Louw et al. | Extensible web browser security | |
| CN109583206B (en) | Method, device, equipment and storage medium for monitoring access process of application program | |
| CN115879087A (en) | Safe and trusted starting method and system for power terminal | |
| Slaviero et al. | Attacking Signed Binaries. | |
| WO2007085987A1 (en) | Method for keeping track of upgrade safety, electronic device with upgradable firmware, server and data carrier | |
| CN114721693A (en) | Microprocessor, BIOS firmware updating method, computer equipment and storage medium | |
| CN117828603A (en) | Mobile terminal operating system information protection method based on hardware certificate | |
| CN117874773A (en) | Operating system safe starting method and device based on safety level control strategy | |
| AU2007200349B2 (en) | Secure game download |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |