CN109802929B - Client program upgrading method based on dual systems and computer readable storage medium - Google Patents
Client program upgrading method based on dual systems and computer readable storage medium Download PDFInfo
- Publication number
- CN109802929B CN109802929B CN201711146435.7A CN201711146435A CN109802929B CN 109802929 B CN109802929 B CN 109802929B CN 201711146435 A CN201711146435 A CN 201711146435A CN 109802929 B CN109802929 B CN 109802929B
- Authority
- CN
- China
- Prior art keywords
- client
- operating system
- remote server
- ciphertext
- signature
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Storage Device Security (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a client program upgrading method and a computer readable storage medium based on dual systems, wherein the method comprises the following steps: generating a public and private key pair, storing the private key to a remote server, and storing the public key to a secure operating system of the local equipment; encrypting and signing the client program by using a private key to obtain a client ciphertext and a client signature; the remote server sends an upgrade request to a secure operating system of the local device; the security operating system generates a response data packet and sends the response data packet to the remote server; if the remote server passes the verification of the response data packet, sending the client ciphertext and the client signature to the safe operating system; and if the client ciphertext and the client signature validity of the safe operating system are verified, replacing the original data of the client program in the common operating system with the client ciphertext and the client signature. The invention can ensure the validity of the client program received by the local equipment.
Description
Technical Field
The present invention relates to the field of program upgrading technologies, and in particular, to a dual-system-based client program upgrading method and a computer-readable storage medium.
Background
The ARM trustzone technology may divide the ARM processor into two regions: a secure region and a non-secure region, this region including the processor core and all internal and external resources. The processor cores are divided into secure and non-secure cores, the resources are divided into secure and non-secure resources, for example, an external device can be set to be secure, when a device is set to a secure state, the device can only be accessed by the secure processor and software running on the secure processor, and the non-secure processor core and software running on the non-secure processor core can not access the device. By applying the characteristic, the trustzone technology can be applied to a scene needing safety isolation, a processor and resources on the process are isolated into two worlds, namely a safety world and a non-safety world, a safety operating system runs on the safety world, and a non-safety operating system runs on the non-safety world.
And (4) performing resource isolation on the vehicle-mounted central control screen by using a trustzone technology, wherein an insecure area runs an Android operating system, and a secure area runs a secure operating system. Android can ensure that the central control screen provides rich multimedia applications, and application programs from multiple parties can be run on the Android. Because some applications related to vehicle information safety need to be run on the central control screen, such as obtaining vehicle speed, turning on a vehicle window, a headlamp, a steering lamp and the like, the applications concern the safety of the vehicle, in order to prevent illegal applications from controlling the vehicle, the applications related to vehicle control are generally divided into two parts to be realized, one part is called a client program, the other part is called a server program, the client program runs on an Android system, the server program runs on a safe operating system, and meanwhile, devices connected with the vehicle, such as a CAN bus device, are set in a safe state, so that the applications on the Android cannot directly access the safety devices. When a client program on the Android needs to control a vehicle, the client program needs to be connected with a server program firstly, and after the identity authentication of the server program, the client program can send a request and control the vehicle through the server program.
Software is generally required to be upgraded and upgraded, a currently common software upgrading mode is to download software required to be updated from a remote application store to the local through a wired or wireless network, the downloaded software is often not authenticated, any software can be downloaded to a local device, the illusion that the software is updated is caused, and the downloaded software cannot be found to be wrong until the software starts to run.
The client program and the server program are developed by a vehicle manufacturer or an authorized third party manufacturer, so that the legality and the safety of the client program and the server program can be ensured, the client program and the server program are related to the safety of a vehicle, and the legality of the client software must be ensured in the downloading or updating process of the client software.
Disclosure of Invention
The technical problem to be solved by the invention is as follows: a client program upgrading method based on dual systems and a computer readable storage medium are provided, which can ensure the validity of a client program received by local equipment.
In order to solve the technical problems, the technical scheme adopted by the invention is as follows: a client program upgrading method based on dual systems comprises the following steps:
generating a public and private key pair, storing the private key to a remote server, and storing the public key to a secure operating system of the local equipment;
encrypting and signing the client program by using the private key to obtain a client ciphertext and a client signature;
the remote server sends an upgrade request to a secure operating system of the local device;
the safe operating system generates a response data packet according to the upgrading request and sends the response data packet to a remote server;
if the remote server passes the verification of the response data packet, sending the client ciphertext and the client signature to a secure operating system;
and the safe operating system carries out validity verification on the client ciphertext and the client signature, and if the client ciphertext and the client signature pass the verification, the original data of the client program in the common operating system is replaced by the client ciphertext and the client signature.
The invention also relates to a computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of:
generating a public and private key pair, storing the private key to a remote server, and storing the public key to a secure operating system of the local equipment;
encrypting and signing the client program by using the private key to obtain a client ciphertext and a client signature;
the remote server sends an upgrade request to a secure operating system of the local device;
the safe operating system generates a response data packet according to the upgrading request and sends the response data packet to a remote server;
if the remote server passes the verification of the response data packet, the client-side ciphertext and the client-side signature are sent to a safe operating system;
and the safe operating system carries out validity verification on the client ciphertext and the client signature, and if the client ciphertext and the client signature pass the verification, the original data of the client program in the common operating system is replaced by the client ciphertext and the client signature.
The invention has the beneficial effects that: the remote server verifies the response data packet to ensure that the response data packet comes from a legal local device; the local equipment performs signature verification on the client program according to the received client ciphertext and the client signature, and the validity of the received client program is ensured; meanwhile, the receiving of the upgrade request and the verification of the client program are completed in the safe operating system, so that the interference from the non-safe aspect can be reduced. The invention can ensure the legality of the client program received by the local equipment, overcomes the problem that illegal software can be received possibly and cannot be detected in the upgrading process, and timely discovery and prevention are realized.
Drawings
FIG. 1 is a flow chart of a method for upgrading a client program based on dual systems according to the present invention;
FIG. 2 is a flowchart of a method according to a first embodiment of the present invention;
fig. 3 is a schematic diagram illustrating upgrading of a dual-system client program according to a second embodiment of the present invention.
Detailed Description
In order to explain technical contents, objects and effects of the present invention in detail, the following detailed description is given with reference to the accompanying drawings in conjunction with the embodiments.
The most key concept of the invention is as follows: and carrying out signature verification on the received upgrade data in the secure operating system.
The noun interpretation:
a CAN module: the intelligent electric control equipment is an intelligent electric control device for realizing communication data forwarding among all electronic control devices of the whole vehicle, so that the regional network control system of the vehicle-mounted electric control devices of the whole vehicle is realized. In the invention, the CAN module CAN be dynamically set into a common CAN module and CAN also be set into a safe CAN module, when the common CAN module is set, both operating systems CAN access the CAN module, and when the safe CAN module is set, only the safe operating system CAN access the CAN module.
Trust-server: the security application service provides service for a security operating system, and the security operating system can operate resources under a common operating system, such as a file system for reading and writing Android, through a trust-server application program.
Trust-driver: and the communication driver module of the safe operating system is used for communicating with the Normal-driver of the communication driver module of the common operating system to complete the data communication function of the safe operating system and the common operating system.
Normal-driver: and the communication driving module corresponds to the Trust-driver module and is a communication driving module under a common operating system and is used for carrying out data communication with the safety operating system.
Referring to fig. 1, a method for upgrading a client program based on dual systems includes:
generating a public and private key pair, storing the private key to a remote server, and storing the public key to a secure operating system of the local equipment;
encrypting and signing the client program by using the private key to obtain a client ciphertext and a client signature;
the remote server sends an upgrade request to a secure operating system of the local device;
the safe operating system generates a response data packet according to the upgrading request and sends the response data packet to a remote server;
if the remote server passes the verification of the response data packet, sending the client ciphertext and the client signature to a secure operating system;
and the safe operating system carries out validity verification on the client ciphertext and the client signature, and if the client ciphertext and the client signature pass the verification, the original data of the client program in the common operating system is replaced by the client ciphertext and the client signature.
From the above description, the beneficial effects of the present invention are: the method can ensure the legality of the client program received by the local equipment, overcome the problem that illegal software can be received possibly and cannot be observed in the upgrading process, and timely find and timely prevent the illegal software.
Further, the "the remote server sends the upgrade request to the secure operating system of the local device" specifically includes:
the remote server sends an upgrading request to a CAN module of the local equipment;
if the current CAN module is in a safe state, forwarding the upgrading request to a safe operating system;
if the current CAN module is in an unsafe state, forwarding the upgrading request to a common operating system;
the common operating system forwards the upgrading request to a safe operating system;
the security operating system sets the CAN module to a secure state.
As CAN be seen from the above description, when the CAN module is in the non-secure state, the security operating system is notified, so that the security operating system sets the CAN module to the secure state, thereby ensuring the security of subsequent transmission of the response data packet and transmission of the upgrade data.
Further, the step of generating, by the secure operating system, a response data packet according to the upgrade request, and sending the response data packet to the remote server includes:
the safe operating system generates a response data packet according to the upgrading request;
and encrypting the response data packet by using a public key, and sending the encrypted response data packet to a remote server.
Further, the "if the remote server passes the verification of the response packet, the client ciphertext and the client signature are sent to the secure operating system" specifically includes:
the remote server decrypts the encrypted response data packet by using a private key;
and if the decryption is successful, sending the client ciphertext and the client signature to a secure operating system.
As can be seen from the above description, by performing encryption transmission on the response packet, transmission security is ensured; and the validity of the local equipment is ensured by decrypting and verifying the response data packet.
Further, the validity verification of the client ciphertext and the client signature by the secure operating system specifically includes:
the secure operating system receives the client ciphertext and the client signature;
decrypting the client ciphertext by using a public key to obtain a client plaintext;
carrying out digest operation on the plaintext of the client to obtain a first digest value;
decrypting the client signature by using a public key to obtain a second digest value;
and if the first abstract value is consistent with the second abstract value, judging that the verification is passed.
According to the description, the signature verification is carried out on the client program according to the received client ciphertext and the client signature, and the validity of the received client program is ensured.
The invention also proposes a computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of:
generating a public and private key pair, storing the private key to a remote server, and storing the public key to a secure operating system of the local equipment;
encrypting and signing the client program by using the private key to obtain a client ciphertext and a client signature;
the remote server sends an upgrade request to a secure operating system of the local device;
the safe operating system generates a response data packet according to the upgrading request and sends the response data packet to a remote server;
if the remote server passes the verification of the response data packet, sending the client ciphertext and the client signature to a secure operating system;
and the safe operating system carries out validity verification on the client ciphertext and the client signature, and if the client ciphertext and the client signature pass the verification, the original data of the client program in the common operating system is replaced by the client ciphertext and the client signature.
Further, the "the remote server sends the upgrade request to the secure operating system of the local device" specifically includes:
the remote server sends an upgrading request to a CAN module of the local equipment;
if the current CAN module is in a safe state, forwarding the upgrading request to a safe operating system;
if the current CAN module is in an unsafe state, forwarding the upgrading request to a common operating system;
the common operating system forwards the upgrading request to a safe operating system;
the security operating system sets the CAN module to a secure state.
Further, the step of generating, by the secure operating system, a response data packet according to the upgrade request, and sending the response data packet to the remote server includes:
the safe operating system generates a response data packet according to the upgrading request;
and encrypting the response data packet by using a public key, and sending the encrypted response data packet to a remote server.
Further, the step of sending the client ciphertext and the client signature to the secure operating system if the remote server verifies the response packet is specifically:
the remote server decrypts the encrypted response data packet by using a private key;
and if the decryption is successful, sending the client ciphertext and the client signature to a secure operating system.
Further, the "performing, by the secure operating system, validity verification on the client ciphertext and the client signature" specifically includes:
the secure operating system receives the client ciphertext and the client signature;
decrypting the client ciphertext by using a public key to obtain a client plaintext;
performing digest operation on the plaintext of the client to obtain a first digest value;
decrypting the client signature by using a public key to obtain a second digest value;
and if the first abstract value is consistent with the second abstract value, judging that the verification is passed.
Example one
Referring to fig. 2, a first embodiment of the present invention is: a client program upgrading method based on dual systems is based on the trustzone technology and can be applied to program upgrading in a vehicle-mounted terminal, and comprises the following steps:
s1: generating a public and private key pair, storing the private key to a remote server, and storing the public key to a secure operating system of the local equipment;
s2: encrypting and signing the client program by using the private key to obtain a client ciphertext and a client signature; specifically, the private key encrypts a client program to obtain a client ciphertext; the client program is subjected to hash operation by a hash algorithm, a digital string with a fixed length is generated and is called an abstract value, and then the abstract value is encrypted by a private key, so that a client signature is obtained.
S3: and the remote server sends an upgrade request to a secure operating system of the local equipment.
Specifically, the remote server sends an upgrade request to a CAN module of the local device; and if the current CAN module is in a safe state, forwarding the upgrading request to a safe operating system. If the current CAN module is in an unsafe state, forwarding the upgrading request to a common operating system; the common operating system forwards the upgrading request to a safe operating system; the security operating system sets the CAN module to a secure state.
S4: the safe operating system generates a response data packet according to the upgrading request and sends the response data packet to a remote server; further, the secure operating system encrypts the response data packet by using the public key, and sends the encrypted response data packet to the remote server. Further, the encrypted response data packet is sent to the remote server through the CAN module in the safe state.
S5: and judging whether the remote server passes the verification of the response data packet, if so, executing step S6. Further, the remote server decrypts the encrypted response data packet by using a private key, and if the decryption is successful, the verification is judged to be passed.
S6: sending the client ciphertext and the client signature to a secure operating system;
s7: and the security operating system carries out validity verification on the client ciphertext and the client signature, judges whether the verification is passed, if so, executes the step S8, and otherwise, judges that the upgrading is failed.
Specifically, after receiving the client ciphertext and the client signature, the secure operating system decrypts the client ciphertext by using the public key to obtain the client plaintext, and then performs digest operation on the client plaintext to obtain a first digest value, where the digest operation used for calculating the digest value is consistent with the hash algorithm in step S2. And then, decrypting the client signature by using the public key to obtain a second digest value. And if the first digest value is consistent with the second digest value, the received client program is legal, and the verification is judged to be passed.
S8: and replacing the original data of the client program in the common operating system with the client ciphertext and the client signature. Specifically, the trust-server service program of the ordinary operating system is informed to load the received client ciphertext and the client signature to a file directory/data/ca of the ordinary operating system to replace the original client ciphertext and the original client signature.
In this embodiment, the remote server verifies the response packet to ensure that the response packet is from a legitimate local device; the local equipment performs signature verification on the client program according to the received client ciphertext and the client signature, and the validity of the received client program is ensured; meanwhile, the sending and receiving of the response data and the upgrading data between the remote server and the local equipment are completed through the CAN module in a safe state, the receiving of the upgrading request and the verification of the client program are completed in a safe operating system, and the interference from the non-safe aspect CAN be reduced. The invention can ensure the legality of the client program received by the local equipment, overcomes the problem that illegal software can be received possibly and cannot be observed in the upgrading process, and realizes timely discovery and timely prevention.
Example two
The present embodiment is a specific application scenario of the first embodiment.
Fig. 3 is a schematic diagram of an upgrade of a dual-system client program according to this embodiment, where the dual-system client program includes a local device and a remote server, and the local device employs a trustzone technology and has a secure operating system and a normal operating system.
The local equipment refers to equipment where a client needing to be updated is located; the remote server is a server storing the client software upgrade package, the encrypted client program and the signature of the client are stored on the server, and the remote server sends the encrypted client program and the signature to the local device during updating.
Be equipped with a CAN module in the local equipment, the CAN module CAN set up to ordinary CAN module dynamically, also CAN set up to safe CAN module, and when setting up to ordinary CAN module, this CAN module CAN all be visited to two operating system, and when setting up to safe CAN module, this CAN module CAN be visited to only safe operating system.
The normal operation system and the safe operation system are respectively provided with a CAN data processing module. The CAN data processing module 1 in the common operating system is used for receiving and processing CAN data packets from the common CAN module and sending the data packets to a module corresponding to the common operating system, and when the CAN module is in a non-safety state, the CAN data processing module 1 processes CAN data. And when the CAN module is in a safe state, the CAN data processing module 2 processes CAN data.
The upgrading module in the safe operation system is used for receiving the upgrading data packet from the CAN data processing module, verifying the client software by using the public key stored in the safe operation system, and sending the client software to the common operation system after the verification is passed.
The file system/data/ca in the common operating system is used for storing client software.
Further, the remote server is communicatively coupled to the local device via an intermediate network. The intermediate network CAN be a vehicle-mounted gateway tbox, is arranged between the remote server and the CAN network, and CAN send data of the remote server to the local equipment through the CAN network.
The method comprises the following specific steps:
1. before the equipment leaves a factory, a public and private key pair is generated, the private key is stored by a remote server, and the public key is stored by local equipment;
2. storing a client program CA needing to be updated on a remote server, encrypting the client program CA into a client ciphertext CA by using a private key, and generating a signature;
3. the remote server sends a CAN data packet requesting for upgrading CA through a CAN network;
4. if the current CAN module is in an unsafe state, the CAN data packet CAN be received by the CAN data processing module 1, then the CAN data processing module 1 forwards the data to the trust-server, and the step 5 is carried out; and if the current CAN equipment is in a safe state, directly switching to the step 7.
5. And the trust-server receives the CAN data packet forwarded by the CAN data processing module 1, informs the security operating system of a client side upgrading request and enters step 6.
6. The secure operating system notifies the upgrade module, which sets the CAN module to a secure state.
7. The upgrading module generates a response data packet, the data packet is used for informing a remote server that the current equipment is ready to receive upgrading data, a public key on the equipment is required to be used for encrypting the data packet before the response data packet is sent, and then the encrypted response data packet is sent out through the safety CAN module.
8. The remote server receives the encrypted response data packet, decrypts the response data packet by using the private key, confirms that the response data packet is from the legal security equipment, and sends the upgrade data (the client ciphertext CA generated in the step 2 and the signature) to the security operating system of the local equipment through the CAN network.
9. And after receiving the upgrading data, the CAN data processing module 2 of the safe operating system distributes the data to the upgrading module.
10. And the upgrading module receives the client ciphertext CA and the signature, and after receiving the complete client ciphertext CA and the signature, the upgrading module verifies the validity of the client program CA.
11. And after the client program CA is verified to be legal, the upgrading module replaces the CA and the signature with the corresponding CA and the signature under the data/tee/directory through the trust-server program of the common operating system.
In this embodiment, through the secure CAN network of the secure operating system, the client update package is downloaded from the remote end to the local secure operating system, the secure operating system verifies the validity of the client program according to the received client data and signature, only the client passes the signature verification, and then the secure operating system sends the client update program to the client directory of the normal operating system. The data packet receiving and the data verification are completed in the safe operating system, so that the interference from the non-safe aspect can be reduced, the method can ensure that the client software received by the local equipment is legal, the problem that the client software cannot be detected because the client software is possibly received in the upgrading process is solved, and timely discovery and timely prevention are achieved.
EXAMPLE III
The present embodiment is a computer-readable storage medium corresponding to the above-mentioned embodiments, on which a computer program is stored, which when executed by a processor, performs the steps of:
generating a public and private key pair, storing the private key to a remote server, and storing the public key to a secure operating system of the local equipment;
encrypting and signing the client program by using the private key to obtain a client ciphertext and a client signature;
the remote server sends an upgrade request to a secure operating system of the local device;
the safe operating system generates a response data packet according to the upgrading request and sends the response data packet to a remote server;
if the remote server passes the verification of the response data packet, sending the client ciphertext and the client signature to a secure operating system;
and the safe operating system carries out validity verification on the client ciphertext and the client signature, and if the client ciphertext and the client signature pass the verification, the original data of the client program in the common operating system is replaced by the client ciphertext and the client signature.
Further, the "the remote server sends the upgrade request to the secure operating system of the local device" specifically includes:
the remote server sends an upgrading request to a CAN module of the local equipment;
if the current CAN module is in a safe state, forwarding the upgrading request to a safe operating system;
if the current CAN module is in an unsafe state, forwarding the upgrading request to a common operating system;
the common operating system forwards the upgrading request to a safe operating system;
the security operating system sets the CAN module to a secure state.
Further, the step of generating, by the secure operating system, a response data packet according to the upgrade request, and sending the response data packet to the remote server includes:
the safe operating system generates a response data packet according to the upgrading request;
and encrypting the response data packet by using a public key, and sending the encrypted response data packet to a remote server.
Further, the "if the remote server passes the verification of the response packet, the client ciphertext and the client signature are sent to the secure operating system" specifically includes:
the remote server decrypts the encrypted response data packet by using a private key;
and if the decryption is successful, sending the client ciphertext and the client signature to a secure operating system.
Further, the "performing, by the secure operating system, validity verification on the client ciphertext and the client signature" specifically includes:
the secure operating system receives the client ciphertext and the client signature;
decrypting the client ciphertext by using a public key to obtain a client plaintext;
performing digest operation on the plaintext of the client to obtain a first digest value;
decrypting the client signature by using a public key to obtain a second digest value;
and if the first abstract value is consistent with the second abstract value, judging that the verification is passed.
In summary, according to the dual-system-based client program upgrading method and the computer-readable storage medium provided by the present invention, the remote server verifies the response data packet to ensure that the response data packet is from the legal local device; the local equipment performs signature verification on the client program according to the received client ciphertext and the client signature, and the validity of the received client program is ensured; meanwhile, the receiving of the upgrade request and the verification of the client program are completed in the safe operating system, so that the interference from the non-safe aspect can be reduced. The invention can ensure the legality of the client program received by the local equipment, overcomes the problem that illegal software can be received possibly and cannot be detected in the upgrading process, and timely discovery and prevention are realized.
The above description is only an embodiment of the present invention, and not intended to limit the scope of the present invention, and all equivalent changes made by using the contents of the present specification and the drawings, or applied directly or indirectly to the related technical fields, are included in the scope of the present invention.
Claims (10)
1. A client program upgrading method based on dual systems is characterized by comprising the following steps:
generating a public and private key pair, storing the private key to a remote server, and storing the public key to a secure operating system of the local equipment;
encrypting and signing the client program by using the private key to obtain a client ciphertext and a client signature;
the remote server sends an upgrade request to a secure operating system of the local device;
the safe operating system generates a response data packet according to the upgrading request and sends the response data packet to a remote server;
if the remote server passes the verification of the response data packet, sending the client ciphertext and the client signature to a secure operating system;
and the safe operating system carries out validity verification on the client ciphertext and the client signature, and if the client ciphertext and the client signature pass the verification, the original data of the client program in the common operating system is replaced by the client ciphertext and the client signature.
2. The dual-system-based client program upgrading method according to claim 1, wherein the "sending an upgrade request to the secure operating system of the local device by the remote server" specifically includes:
the remote server sends an upgrading request to a CAN module of the local equipment;
if the current CAN module is in a safe state, forwarding the upgrading request to a safe operating system;
if the current CAN module is in an unsafe state, forwarding the upgrading request to a common operating system;
the common operating system forwards the upgrading request to a safe operating system;
the security operating system sets the CAN module to a secure state.
3. The dual-system-based client program upgrading method according to claim 1, wherein the step of generating a response packet by the secure operating system according to the upgrading request and sending the response packet to the remote server specifically comprises:
the safe operating system generates a response data packet according to the upgrading request;
and encrypting the response data packet by using a public key, and sending the encrypted response data packet to a remote server.
4. The dual-system-based client program upgrading method according to claim 3, wherein the sending the client ciphertext and the client signature to the secure operating system if the remote server verifies the response packet specifically is:
the remote server decrypts the encrypted response data packet by using a private key;
and if the decryption is successful, sending the client ciphertext and the client signature to a secure operating system.
5. The dual-system-based client program upgrading method according to claim 1, wherein the validity verification of the client ciphertext and the client signature by the secure operating system specifically comprises:
the secure operating system receives the client ciphertext and the client signature;
decrypting the client ciphertext by using a public key to obtain a client plaintext;
carrying out digest operation on the plaintext of the client to obtain a first digest value;
decrypting the client signature by using a public key to obtain a second digest value;
and if the first abstract value is consistent with the second abstract value, judging that the verification is passed.
6. A computer-readable storage medium on which a computer program is stored, which program, when executed by a processor, performs the steps of:
generating a public and private key pair, storing the private key to a remote server, and storing the public key to a secure operating system of the local equipment;
encrypting and signing the client program by using the private key to obtain a client ciphertext and a client signature;
the remote server sends an upgrade request to a secure operating system of the local device;
the safe operating system generates a response data packet according to the upgrading request and sends the response data packet to a remote server;
if the remote server passes the verification of the response data packet, the client-side ciphertext and the client-side signature are sent to a safe operating system;
and the safe operating system carries out validity verification on the client ciphertext and the client signature, and if the client ciphertext and the client signature pass the verification, the original data of the client program in the common operating system is replaced by the client ciphertext and the client signature.
7. The computer-readable storage medium according to claim 6, wherein the "sending an upgrade request from the remote server to the secure operating system of the local device" is specifically:
the remote server sends an upgrading request to a CAN module of the local equipment;
if the current CAN module is in a safe state, forwarding the upgrading request to a safe operating system;
if the current CAN module is in an unsafe state, forwarding the upgrading request to a common operating system;
the common operating system forwards the upgrading request to a safe operating system;
the security operating system sets the CAN module to a secure state.
8. The computer-readable storage medium according to claim 6, wherein the "the secure operating system generates a response packet according to the upgrade request, and sends the response packet to the remote server" specifically includes:
the safe operating system generates a response data packet according to the upgrading request;
and encrypting the response data packet by using the public key, and sending the encrypted response data packet to a remote server.
9. The computer-readable storage medium according to claim 8, wherein the sending the client-side ciphertext and the client-side signature to the secure operating system if the remote server verifies the response packet specifically is:
the remote server decrypts the encrypted response data packet by using a private key;
and if the decryption is successful, sending the client ciphertext and the client signature to a secure operating system.
10. The computer-readable storage medium according to claim 6, wherein the validity verification of the client ciphertext and the client signature by the secure operating system specifically comprises:
the secure operating system receives the client ciphertext and the client signature;
decrypting the client ciphertext by using a public key to obtain a client plaintext;
performing digest operation on the plaintext of the client to obtain a first digest value;
decrypting the client signature by using a public key to obtain a second digest value;
and if the first abstract value is consistent with the second abstract value, judging that the verification is passed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711146435.7A CN109802929B (en) | 2017-11-17 | 2017-11-17 | Client program upgrading method based on dual systems and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711146435.7A CN109802929B (en) | 2017-11-17 | 2017-11-17 | Client program upgrading method based on dual systems and computer readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109802929A CN109802929A (en) | 2019-05-24 |
| CN109802929B true CN109802929B (en) | 2022-09-30 |
Family
ID=66556008
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711146435.7A Active CN109802929B (en) | 2017-11-17 | 2017-11-17 | Client program upgrading method based on dual systems and computer readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109802929B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111427609A (en) * | 2020-04-01 | 2020-07-17 | 山东汇贸电子口岸有限公司 | Automatic application upgrading method based on multi-node server |
| CN111756714B (en) * | 2020-06-15 | 2022-05-20 | 国家计算机网络与信息安全管理中心 | Flow replay type test method and test engine for industrial control protocol |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2016168487A1 (en) * | 2015-04-14 | 2016-10-20 | Gigavation, Inc. | Paravirtualized security threat protection of a computer-driven system with networked devices |
| CN106599697A (en) * | 2016-11-30 | 2017-04-26 | 北京三未信安科技发展有限公司 | Method and system for safe upgrade of programs in PCI password card |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103714459A (en) * | 2013-12-26 | 2014-04-09 | 电子科技大学 | Secure payment system and method of intelligent terminal |
| US9483249B2 (en) * | 2014-01-06 | 2016-11-01 | Apple Inc. | On-board applet migration |
| GB2541013A (en) * | 2015-08-06 | 2017-02-08 | De La Rue Int Ltd | User identification system and method |
| CN105260663B (en) * | 2015-09-15 | 2017-12-01 | 中国科学院信息工程研究所 | A kind of safe storage service system and method based on TrustZone technologies |
| CN106648626A (en) * | 2016-11-29 | 2017-05-10 | 郑州信大捷安信息技术股份有限公司 | Secure remote upgrade system and upgrade method for vehicles |
-
2017
- 2017-11-17 CN CN201711146435.7A patent/CN109802929B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2016168487A1 (en) * | 2015-04-14 | 2016-10-20 | Gigavation, Inc. | Paravirtualized security threat protection of a computer-driven system with networked devices |
| CN106599697A (en) * | 2016-11-30 | 2017-04-26 | 北京三未信安科技发展有限公司 | Method and system for safe upgrade of programs in PCI password card |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109802929A (en) | 2019-05-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107919955B (en) | Vehicle network security authentication method, system, vehicle, device and medium | |
| CN103166759B (en) | Use the method and apparatus downloaded for secure firmware of diagnosis link connector (DLC) and ONSTAR system | |
| AU2013230989B2 (en) | Policy for secure packet transmission using required node paths and cryptographic signatures | |
| EP2991268B1 (en) | Data processing method and apparatus | |
| CN109547464B (en) | Method and apparatus for storing and executing access control client | |
| CN102413224B (en) | Methods, systems and equipment for binding and running security digital card | |
| JP2017050875A (en) | Mobile apparatus supporting plural access control clients, and corresponding methods | |
| JP6663032B2 (en) | In-vehicle gateway, key management device | |
| US20160006762A1 (en) | Method for creating a profile in a security domain of a secured element | |
| US20150172064A1 (en) | Method and relay device for cryptographic communication | |
| US10970398B2 (en) | Data provision system, data security device, data provision method, and computer program | |
| CN113785549B (en) | Improving transmission of in-vehicle data or messages using SOME/IP communication protocol | |
| CN110213039B (en) | Management method, terminal and server | |
| CN114327532A (en) | Automobile OTA (over the air) upgrade information security implementation method based on digital signature and encryption | |
| CN105763517A (en) | Router security access and control method and system | |
| CN109802929B (en) | Client program upgrading method based on dual systems and computer readable storage medium | |
| JP7143744B2 (en) | Equipment integration system and update management system | |
| TW201340739A (en) | Methods and apparatus for large scale distribution of electronic access clients | |
| CN110771087B (en) | Private key update | |
| CN106096336B (en) | Software anti-crack method and system | |
| CN110247877B (en) | Management method and terminal for offline management instruction | |
| US10511439B2 (en) | Method for implementing encrypted client-server communication | |
| CN113079506A (en) | Network security authentication method, device and equipment | |
| CN111464554A (en) | Vehicle information safety control method and system | |
| CN114143198B (en) | Firmware upgrading method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |