CN111258615A - Industrial control host, method and device for upgrading software of industrial control host and mobile storage medium - Google Patents
Industrial control host, method and device for upgrading software of industrial control host and mobile storage medium Download PDFInfo
- Publication number
- CN111258615A CN111258615A CN201911373990.2A CN201911373990A CN111258615A CN 111258615 A CN111258615 A CN 111258615A CN 201911373990 A CN201911373990 A CN 201911373990A CN 111258615 A CN111258615 A CN 111258615A
- Authority
- CN
- China
- Prior art keywords
- software
- serial number
- upgrading
- hardware
- industrial control
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 48
- 238000013475 authorization Methods 0.000 claims abstract description 25
- 230000015654 memory Effects 0.000 claims description 19
- 230000006399 behavior Effects 0.000 claims description 9
- 230000001965 increasing effect Effects 0.000 description 4
- 238000009434 installation Methods 0.000 description 4
- 238000012795 verification Methods 0.000 description 4
- 230000002708 enhancing effect Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 239000007787 solid Substances 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/65—Updates
- G06F8/654—Updates using techniques specially adapted for alterable solid state memories, e.g. for EEPROM or flash memories
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/73—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by creating or determining hardware identification, e.g. serial numbers
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/61—Installation
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Mathematical Physics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses an industrial control host, a method and a device for upgrading software thereof and a mobile storage medium, wherein the method comprises the following steps: acquiring a local host disk hardware serial number, hardware information and configuration information which are stored in a mobile storage medium encryption area and encrypted by a public key, wherein the hardware information comprises a disk hardware serial number list, and the configuration information comprises authorization time; acquiring a private key paired with the public key; decrypting the hardware information and the configuration information encrypted by the public key according to the private key; judging whether the hardware serial number of the local host disk is in the disk hardware serial number list or not according to the decrypted hardware information; if the hardware serial number of the local host disk is in the disk hardware serial number list, judging whether the current time is within the authorized time according to the decrypted configuration information; if the current time is within the authorized time, acquiring a software upgrading package stored in a universal area of the mobile storage medium, and executing a preset security policy; and running a software upgrading package to upgrade the industrial control host software.
Description
Technical Field
The invention relates to the technical field of industrial control system software installation, in particular to an industrial control host, a method and a device for upgrading the industrial control host software and a mobile storage medium.
Background
In the network security practice of an industrial control system (industrial control system for short), the white list technology in the industrial control environment is introduced because the software and equipment updating frequency of the industrial control system is low, the process, communication and data are relatively single and stable, and the industrial control system has strict requirements on the reliability and continuity of the service. Despite their low software and equipment update frequency, industrial control systems do not avoid the need to upgrade or maintain them. For an industrial control field host, if a white list protection strategy or other file protection strategies are configured on the current host, files or directories for upgrading are limited by the white list protection strategy or the file protection strategy, or files identified as threatening the system are identified, so that the operation of upgrading files is limited, and the normal upgrading of software is influenced.
The current host is configured with a white list protection strategy or other file protection strategies, and when software is upgraded, a software upgrading program is usually directly put into a temporary white list, so that the software upgrading is not limited by the white list protection strategy or other file protection strategies of the current host. However, the software upgrading method usually does not control the legality and installation authority of the software upgrading program, and thus security holes are easily caused.
Disclosure of Invention
In view of this, embodiments of the present invention provide an industrial control host, a method and an apparatus for upgrading software thereof, and a mobile storage medium, so as to solve the problem that security holes are easily caused when the software of the industrial control host is upgraded without controlling the legitimacy and installation authority of a software upgrading program.
According to a first aspect, an embodiment of the present invention provides a method for upgrading industrial control host software, including: acquiring a local host disk hardware serial number, hardware information and configuration information which are stored in a mobile storage medium encryption area and encrypted by a public key, wherein the hardware information comprises a disk hardware serial number list, and the configuration information comprises authorization time; acquiring a private key paired with the public key; decrypting the hardware information and the configuration information encrypted by the public key according to the private key; judging whether the hardware serial number of the local host disk is in the disk hardware serial number list or not according to the decrypted hardware information; if the hardware serial number of the local host disk is in the disk hardware serial number list, judging whether the current time is within the authorized time according to the decrypted configuration information; if the current time is within the authorized time, acquiring a software upgrading package stored in a universal area of the mobile storage medium, and executing a preset security policy; and running a software upgrading package to upgrade the industrial control host software.
Optionally, if the local host disk hardware serial number is not in the disk hardware serial number list of the authorization file, the upgrade is ended.
Optionally, if the current time is not within the authorized time, the upgrade is ended.
Optionally, after the software upgrade package is run, the method for upgrading the software of the industrial control host further includes: and tracking the behavior of the software upgrading package, and putting the dynamic library and the executable program released by the software upgrading package into a temporary white list.
Optionally, after the industrial control host software is upgraded according to the result of running the software upgrade package, the method for upgrading the industrial control host software further includes: and putting the dynamic library and the executable program in the temporary white list into the white list.
According to a second aspect, an embodiment of the present invention provides an apparatus for upgrading industrial control host software, including: the first acquisition module is used for acquiring a local host disk hardware serial number, hardware information and configuration information which are stored in a mobile storage medium encryption area and encrypted by a public key, wherein the hardware information comprises a disk hardware serial number list, and the configuration information comprises authorization time; the second acquisition module is used for acquiring a private key matched with the public key; the decryption module is used for decrypting the hardware information and the configuration information after the public key is encrypted according to the private key; the first judgment module is used for judging whether the hardware serial number of the local host disk is in the disk hardware serial number list or not according to the decrypted hardware information; the second judgment module is used for judging whether the current time is within the authorized time or not according to the decrypted configuration information if the disk hardware serial number of the local host is within the disk hardware serial number list; the third acquisition module is used for acquiring the software upgrading package stored in the universal area of the mobile storage medium and executing a preset security policy if the current time is within the authorized time; and the upgrading module is used for operating the software upgrading package and upgrading the industrial control host software.
According to a third aspect, an embodiment of the present invention provides an industrial control host, including: at least one processor; and a memory communicatively coupled to the at least one processor; the memory stores instructions executable by the processor, and the instructions are executed by the at least one processor to cause the at least one processor to execute the method for upgrading the industrial control host software according to the first aspect or any embodiment of the first aspect.
According to a fourth aspect, an embodiment of the present invention provides a computer-readable storage medium, where computer instructions are stored, and the computer instructions are configured to cause a computer to execute a method for upgrading software of an industrial control host as in the first aspect or any implementation manner of the first aspect.
According to a fifth aspect, an embodiment of the present invention provides a mobile storage medium, where the mobile storage medium includes an encryption area and a general area, the encryption area stores hardware information and configuration information encrypted by a public key, the hardware information includes a disk hardware serial number list, the configuration information includes authorization time, and the general area stores a software upgrade package.
The industrial control host and the software upgrading method, the device and the mobile storage medium thereof provided by the embodiment of the invention decrypt the hardware information and the configuration information which are stored in the encryption area of the mobile storage medium and are encrypted by the public key to obtain the decrypted disk hardware serial number list and the authorization time, then compare the disk hardware serial number of the local host with the decrypted disk hardware serial number list to determine whether the local host has the software upgrading authority, and determine whether the current time can be subjected to software upgrading by comparing the authorization time with the current time so as to control the legality of a software upgrading program, and only upgrade the software under the condition that the two conditions are met, thereby increasing the legality and upgrading authority verification of the upgrading program when the local host is subjected to software upgrading, avoiding random uncontrolled software installation, random software upgrading, and the like, And upgrading the behavior, thereby further enhancing the safety of the system. And the hardware information and the configuration information are stored in the encryption area of the mobile storage medium after being encrypted by the public key, so that the integrity of the hardware information and the configuration information is effectively ensured, and the hardware information and the configuration information can be prevented from being maliciously damaged.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
FIG. 1 is a flow chart illustrating a method for upgrading industrial control host software according to an embodiment of the present invention;
FIG. 2 is a block diagram of an apparatus for upgrading industrial control host software according to an embodiment of the present invention;
fig. 3 shows a block diagram of an industrial control host according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In the software upgrading process, in order to control the legality and the installation authority of a software upgrading program, the embodiment of the invention provides an industrial control host, a method and a device for upgrading the software of the industrial control host and a mobile storage medium. The embodiment of the invention firstly introduces a mobile storage medium, which comprises an encryption area and a general area, wherein the encryption area stores hardware information and configuration information encrypted by a public key, the hardware information comprises a disk hardware serial number list, the configuration information comprises authorization time, and the general area stores a software upgrading package.
Specifically, the manufacturing process of the mobile storage medium is as follows: and acquiring system hardware information of a target operating system by using the white list control software, wherein the target operating system refers to an operating system needing to install or upgrade application software, and the hardware information refers to a disk serial number list. The method comprises the steps of manufacturing a mobile storage medium on white list control software with management authority, wherein the mobile storage medium is a storage device for storing installation software or upgrade software and storing hardware information and configuration information, and the configuration information is used for setting authorization time of software upgrade for further enhancing security, namely, only in a specified operation time period, specified installation or upgrade software can be installed or upgraded on a specified operating system without being limited by the white list control software. The configuration information and the hardware information are stored in an encryption area of the mobile storage medium after being encrypted by a public key, and the encryption area is different from the mobile storage medium and is invisible on an operating system. And storing the software upgrading package or the software installation package in a general area of a special mobile storage medium, and then setting the attribute of the mobile storage medium to be read only so as to ensure the integrity of the installed or upgraded software and prevent malicious software from entering an operating system protected by using white list control software.
The embodiment of the invention also provides a method for upgrading the software of the industrial control host, which comprises the following steps as shown in fig. 1:
s101, acquiring a local host disk hardware serial number, hardware information and configuration information which are stored in a mobile storage medium encryption area and encrypted through a public key, wherein the hardware information comprises a disk hardware serial number list, and the configuration information comprises authorization time; specifically, after the mobile storage medium is inserted into the industrial personal computer, the white list control software on the industrial personal computer reads the hardware information and the configuration information encrypted by the public key in the encryption area of the mobile storage medium, and reads the disk hardware serial number on the local host.
S102, acquiring a private key matched with the public key; specifically, the private key paired with the public key may be pre-stored on the local host computer that needs to be upgraded, or the host computer with management authority may directly issue the private key paired with the public key to the local host computer that needs to be upgraded.
S103, decrypting the hardware information and the configuration information after the public key is encrypted according to the private key; specifically, the white list control software decrypts the hardware information and the configuration information encrypted by the public key according to the obtained private key, so as to obtain a decrypted disk hardware serial number list and authorization time.
S104, judging whether the hardware serial number of the disk of the local host is in a disk hardware serial number list or not according to the decrypted hardware information; specifically, the white list control software compares the local host disk hardware serial number with the disk hardware serial number list, determines whether the local host disk hardware serial number is in the disk hardware serial number list, and if the local host disk hardware serial number is in the disk hardware serial number list, step S105 is performed, and if the local host disk hardware serial number is not in the disk hardware serial number list of the authorization file, step S108 is performed.
S105, judging whether the current time is within the authorized time according to the decrypted configuration information; specifically, if the local host disk hardware serial number is in the disk hardware serial number list, the current local host has the software upgrading right. At this time, whether the current time is within the authorized time range in the configuration information is compared, so that whether the software upgrading behavior is legal at the current time can be known. If the current time is within the authorized time, the process proceeds to step S106. If the current time is not within the authorized time, the process proceeds to step S108.
S106, acquiring a software upgrading package stored in a universal area of the mobile storage medium, and executing a preset security strategy; specifically, the white list control software copies or reads the software upgrade package from the general area of the mobile storage medium and executes a preset security policy. The preset security policy means that the software upgrade package is allowed to run whether the software upgrade package is in the local white list or not.
And S107, operating a software upgrading package to upgrade the industrial control host software. Specifically, under a preset security policy, a software upgrade package can be run to upgrade the industrial control host software.
And S108, finishing upgrading. Specifically, if the disk hardware serial number of the local host is not in the disk hardware serial number list of the authorization file, the local host does not have the software upgrading authority, the software upgrading package cannot be run, and the upgrading is finished. And if the current time is not within the authorized time, the software upgrading package cannot be operated, and the upgrading is finished.
The industrial control host software upgrading method provided by the embodiment of the invention can determine whether the local host has the software upgrading authority or not by decrypting the hardware information and the configuration information which are stored in the encryption area of the mobile storage medium and encrypted by the public key to obtain the decrypted disk hardware serial number list and the authorization time, then comparing the disk hardware serial number of the local host with the decrypted disk hardware serial number list, and can determine whether the current time can be subjected to software upgrading or not by comparing the authorization time with the current time so as to control the legality of a software upgrading program, and only if the two conditions are met, the software is upgraded, so that the legality and upgrading authority verification of the upgrading program are increased when the local host is subjected to software upgrading, and the software installation or upgrading behavior is effectively controlled, the random uncontrolled software installation and upgrading behaviors can be avoided, and the safety of the system is further enhanced. And the hardware information and the configuration information are stored in the encryption area of the mobile storage medium after being encrypted by the public key, so that the integrity of the hardware information and the configuration information is effectively ensured, and the hardware information and the configuration information can be prevented from being maliciously damaged.
In an alternative embodiment, after the software upgrade package is run, the software upgrade package may release some dynamic libraries, executable programs, and the like, which may be limited by a local white list, and therefore, after the software upgrade package is run, the method for upgrading the software of the industrial control host further includes: and tracking the behavior of the software upgrading package, and putting the dynamic library and the executable program released by the software upgrading package into a temporary white list. The dynamic library and the executable program released by the software upgrading package are put into the temporary white list, so that the dynamic library and the executable program are not limited by the local white list when being executed.
In an optional embodiment, in order to ensure that the upgraded software can normally run after the software is upgraded, the dynamic library and the executable program released in the software upgrading process need to be placed in a local white list. Specifically, after the industrial control host software is upgraded according to the result of running the software upgrade package, the method for upgrading the industrial control host software further includes: and putting the dynamic library and the executable program in the temporary white list into the white list.
The embodiment of the invention provides a device for upgrading industrial control host software, as shown in fig. 2, comprising:
the first obtaining module 21 is configured to obtain a hardware serial number of a disk of the local host, and hardware information and configuration information which are stored in the encryption area of the mobile storage medium and encrypted by a public key, where the hardware information includes a disk hardware serial number list, and the configuration information includes authorization time; the specific implementation manner is described in detail in step S101 of the method for upgrading the industrial control host software in the foregoing embodiment, and is not described again here.
A second obtaining module 22, configured to obtain a private key paired with the public key; the specific implementation manner is described in detail in step S102 in the method for upgrading the industrial control host software according to the foregoing embodiment, and is not described again here.
The decryption module 23 is configured to decrypt the hardware information and the configuration information after the public key is encrypted according to the private key; the specific implementation manner is described in detail in step S103 of the method for upgrading the industrial control host software in the foregoing embodiment, and is not described again here.
The first judging module 24 is configured to judge whether the local host disk hardware serial number is in the disk hardware serial number list according to the decrypted hardware information; the specific implementation manner is described in detail in step S104 of the method for upgrading the industrial control host software in the foregoing embodiment, and is not described again here.
The second judging module 25 is configured to, if the local host disk hardware serial number is in the disk hardware serial number list, judge whether the current time is within the authorized time according to the decrypted configuration information; the specific implementation manner is described in detail in step S105 of the method for upgrading the industrial control host software in the foregoing embodiment, and is not described again here.
A third obtaining module 26, configured to obtain the software upgrade package stored in the universal area of the mobile storage medium and execute a preset security policy if the current time is within the authorized time; the specific implementation manner is described in detail in step S106 of the method for upgrading the industrial control host software in the foregoing embodiment, and is not described again here.
And the upgrading module 27 is used for operating a software upgrading package and upgrading the industrial control host software. The specific implementation manner is described in detail in step S107 of the method for upgrading the industrial control host software in the foregoing embodiment, and is not described again here.
The industrial control host software upgrading device provided by the embodiment of the invention can determine whether the local host has the software upgrading authority or not by decrypting the hardware information and the configuration information which are stored in the encryption area of the mobile storage medium and encrypted by the public key to obtain the decrypted disk hardware serial number list and the authorization time, and then comparing the disk hardware serial number of the local host with the decrypted disk hardware serial number list, and can determine whether the current time can be subjected to software upgrading or not by comparing the authorization time with the current time, so that the legality of a software upgrading program can be controlled, and the software is upgraded only when the two conditions are met, so that the legality and upgrading authority verification of the upgrading program are increased when the local host is subjected to software upgrading, and random uncontrolled software installation and uncontrolled software installation can be avoided, And upgrading the behavior, thereby further enhancing the safety of the system. And the hardware information and the configuration information are stored in the encryption area of the mobile storage medium after being encrypted by the public key, so that the integrity of the hardware information and the configuration information is effectively ensured, and the hardware information and the configuration information can be prevented from being maliciously damaged.
An embodiment of the present invention further provides an industrial control host, as shown in fig. 3, the industrial control host may include a processor 21 and a memory 22, where the processor 21 and the memory 22 may be connected by a bus or in another manner, and fig. 2 takes the example of connection by a bus as an example.
The processor 21 may be a Central Processing Unit (CPU). The Processor 21 may also be other general purpose processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components, or any combination thereof.
The memory 22, which is a non-transitory computer readable storage medium, may be used to store non-transitory software programs, non-transitory computer executable programs, and modules, such as program instructions/modules corresponding to the method for upgrading industrial host software in the embodiments of the present invention. The processor 21 executes various functional applications and data processing of the processor by executing the non-transitory software programs, instructions and modules stored in the memory 22, that is, the method for upgrading the industrial control host software in the above method embodiment is realized.
The memory 22 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created by the processor 21, and the like. Further, the memory 22 may include high speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, the memory 22 may optionally include memory located remotely from the processor 21, and these remote memories may be connected to the processor 21 via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
One or more of the modules described above are stored in memory 22 and, when executed by processor 21, perform the method of industrial host software upgrade as in the embodiment shown in fig. 1.
The specific details of the industrial control host may be understood by referring to the corresponding related descriptions and effects in the embodiment shown in fig. 1, and are not described herein again.
The industrial personal computer provided by the embodiment of the invention decrypts the hardware information and the configuration information which are stored in the encryption area of the mobile storage medium and encrypted by the public key to obtain the decrypted disk hardware serial number list and the authorization time, then compares the local host disk hardware serial number with the decrypted disk hardware serial number list, it may be determined whether the local host has the right to upgrade the software, and by comparing the authorization time with the current time, it can be determined whether the software upgrade is possible at the current time, so that the legitimacy of the software upgrade program can be controlled, under the condition that the two conditions are both met, the software is upgraded, so that the legality and upgrading permission verification of an upgrading program are increased when the local host computer is upgraded, the random uncontrolled software installation and upgrading behaviors can be avoided, and the safety of the system is further enhanced. And the hardware information and the configuration information are stored in the encryption area of the mobile storage medium after being encrypted by the public key, so that the integrity of the hardware information and the configuration information is effectively ensured, and the hardware information and the configuration information can be prevented from being maliciously damaged.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware related to instructions of a computer program, and the program can be stored in a computer readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. The storage medium may be a magnetic Disk, an optical Disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a Flash Memory (Flash Memory), a Hard Disk (Hard Disk Drive, abbreviated as HDD), a Solid State Drive (SSD), or the like; the storage medium may also comprise a combination of memories of the kind described above.
Although the embodiments of the present invention have been described in conjunction with the accompanying drawings, those skilled in the art may make various modifications and variations without departing from the spirit and scope of the invention, and such modifications and variations fall within the scope defined by the appended claims.
Claims (9)
1. A method for upgrading industrial control host software is characterized by comprising the following steps:
acquiring a local host disk hardware serial number, hardware information and configuration information which are stored in a mobile storage medium encryption area and encrypted by a public key, wherein the hardware information comprises a disk hardware serial number list, and the configuration information comprises authorization time;
obtaining a private key paired with the public key;
decrypting the hardware information and the configuration information after the public key is encrypted according to the private key;
judging whether the hardware serial number of the local host computer disk is in the disk hardware serial number list or not according to the decrypted hardware information;
if the local host disk hardware serial number is in the disk hardware serial number list, judging whether the current time is in the authorized time according to the decrypted configuration information;
if the current time is within the authorized time, acquiring a software upgrading package stored in the universal area of the mobile storage medium, and executing a preset security policy;
and operating the software upgrading package to upgrade the industrial control host software.
2. The method for upgrading industrial personal host software according to claim 1, wherein if the disk hardware serial number of the local host is not in the disk hardware serial number list of the authorization file, the upgrading is finished.
3. The method for upgrading industrial control host computer software according to claim 1, wherein if the current time is not within the authorized time, the upgrading is finished.
4. The method for upgrading industrial control host software according to claim 1, further comprising, after the running the software upgrade package:
and tracking the behavior of the software upgrading package, and putting the dynamic library and the executable program released by the software upgrading package into a temporary white list.
5. The method for upgrading industrial control host software according to claim 4, wherein after the upgrading of the industrial control host software according to the result of running the software upgrade package, the method further comprises:
and putting the dynamic library and the executable program in the temporary white list into a white list.
6. The utility model provides a device of industrial control host computer software upgrading which characterized in that includes:
the first acquisition module is used for acquiring a local host disk hardware serial number, hardware information and configuration information which are stored in a mobile storage medium encryption area and encrypted by a public key, wherein the hardware information comprises a disk hardware serial number list, and the configuration information comprises authorization time;
the second acquisition module is used for acquiring a private key matched with the public key;
the decryption module is used for decrypting the hardware information and the configuration information after the public key is encrypted according to the private key;
the first judgment module is used for judging whether the local host disk hardware serial number is in the disk hardware serial number list or not according to the decrypted hardware information;
the second judgment module is used for judging whether the current time is within the authorization time or not according to the decrypted configuration information if the local host disk hardware serial number is within the disk hardware serial number list;
the third acquisition module is used for acquiring the software upgrading package stored in the universal area of the mobile storage medium and executing a preset security policy if the current time is within the authorized time;
and the upgrading module is used for operating the software upgrading package and upgrading the industrial control host software.
7. An industrial personal computer, comprising:
at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to cause the at least one processor to perform the method of industrial control host software upgrade of any one of claims 1-5.
8. A computer readable storage medium storing computer instructions for causing a computer to perform the method of industrial control host software upgrade of any one of claims 1-5.
9. A mobile storage medium is characterized in that the storage of the mobile storage medium comprises an encryption area and a general area, the encryption area stores hardware information and configuration information which are encrypted through a public key, the hardware information comprises a disk hardware serial number list, the configuration information comprises authorization time, and the general area stores a software upgrading package.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911373990.2A CN111258615A (en) | 2019-12-26 | 2019-12-26 | Industrial control host, method and device for upgrading software of industrial control host and mobile storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911373990.2A CN111258615A (en) | 2019-12-26 | 2019-12-26 | Industrial control host, method and device for upgrading software of industrial control host and mobile storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111258615A true CN111258615A (en) | 2020-06-09 |
Family
ID=70948539
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911373990.2A Pending CN111258615A (en) | 2019-12-26 | 2019-12-26 | Industrial control host, method and device for upgrading software of industrial control host and mobile storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111258615A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114117364A (en) * | 2022-01-24 | 2022-03-01 | 北京麟卓信息科技有限公司 | Offline software license control method and system |
| CN116048585A (en) * | 2023-02-09 | 2023-05-02 | 国核自仪系统工程有限公司 | Industrial control safety protection system and software updating method, device, equipment and medium thereof |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103258151A (en) * | 2012-10-30 | 2013-08-21 | 中国科学院沈阳自动化研究所 | Real-time authorization software License control method |
| CN103491097A (en) * | 2013-09-30 | 2014-01-01 | 华中师范大学 | Software authorization system based on public key cryptosystem |
| CN103491098A (en) * | 2013-09-30 | 2014-01-01 | 华中师范大学 | Software authorization method based on public key cryptosystem |
| CN105489236A (en) * | 2014-12-27 | 2016-04-13 | 哈尔滨安天科技股份有限公司 | USB (Universal Serial Bus) flash disk capable of guaranteeing software reliability on the basis of partitioned storage, and use method |
| CN109992286A (en) * | 2019-04-02 | 2019-07-09 | 深圳创维数字技术有限公司 | Device updating method, server and computer readable storage medium |
-
2019
- 2019-12-26 CN CN201911373990.2A patent/CN111258615A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103258151A (en) * | 2012-10-30 | 2013-08-21 | 中国科学院沈阳自动化研究所 | Real-time authorization software License control method |
| CN103491097A (en) * | 2013-09-30 | 2014-01-01 | 华中师范大学 | Software authorization system based on public key cryptosystem |
| CN103491098A (en) * | 2013-09-30 | 2014-01-01 | 华中师范大学 | Software authorization method based on public key cryptosystem |
| CN105489236A (en) * | 2014-12-27 | 2016-04-13 | 哈尔滨安天科技股份有限公司 | USB (Universal Serial Bus) flash disk capable of guaranteeing software reliability on the basis of partitioned storage, and use method |
| CN109992286A (en) * | 2019-04-02 | 2019-07-09 | 深圳创维数字技术有限公司 | Device updating method, server and computer readable storage medium |
Non-Patent Citations (3)
| Title |
|---|
| 王春来: "基于计算机硬件序列号进行软件加密的技术" * |
| 王颖: "移动存储介质权限管理和认证方法的研究" * |
| 黄敏: "工业控制网络安全方案探讨" * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114117364A (en) * | 2022-01-24 | 2022-03-01 | 北京麟卓信息科技有限公司 | Offline software license control method and system |
| CN114117364B (en) * | 2022-01-24 | 2022-03-29 | 北京麟卓信息科技有限公司 | Offline software license control method and system |
| CN116048585A (en) * | 2023-02-09 | 2023-05-02 | 国核自仪系统工程有限公司 | Industrial control safety protection system and software updating method, device, equipment and medium thereof |
| CN116048585B (en) * | 2023-02-09 | 2023-08-25 | 国核自仪系统工程有限公司 | Industrial control safety protection system and software updating method, device, equipment and medium thereof |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9965268B2 (en) | Method and apparatus for preventing software version rollback | |
| WO2015184891A1 (en) | Security management and control method, apparatus, and system for android system | |
| CN110597538B (en) | Software upgrading method and OTA upgrading system based on OTA upgrading system | |
| US20170308705A1 (en) | System, device and method for anti-rollback protection of over-the-air updated device images | |
| US8856538B2 (en) | Secured flash programming of secondary processor | |
| JP6422059B2 (en) | Processing device, in-vehicle terminal device, processing device activation method, and processing device activation program | |
| KR101427646B1 (en) | Method and apparatus for checking integrity of firmware | |
| CN106295350B (en) | identity verification method and device of trusted execution environment and terminal | |
| US8930710B2 (en) | Using a manifest to record presence of valid software and calibration | |
| KR20020075439A (en) | Method and apparatus for providing secure control of software or firmware code downloading and secure operation of a computing device receiving downloaded code | |
| CN110008659B (en) | Software license offline management method and device, computer equipment and storage medium | |
| CN108229144B (en) | Verification method of application program, terminal equipment and storage medium | |
| CN104751049A (en) | Application program installing method and mobile terminal | |
| EP1967977A2 (en) | Method and apparatus for protecting flash memory | |
| WO2013185724A2 (en) | Mobile terminal and software upgrade method thereof | |
| US10339307B2 (en) | Intrusion detection system in a device comprising a first operating system and a second operating system | |
| WO2016165215A1 (en) | Method and apparatus for loading code signing on applications | |
| CN111258615A (en) | Industrial control host, method and device for upgrading software of industrial control host and mobile storage medium | |
| CN114676419A (en) | Method, system, equipment and medium for real-time early warning of tampering of application program file | |
| US20200233676A1 (en) | Bios management device, bios management system, bios management method, and bios management program-stored recording medium | |
| CN111353150B (en) | Trusted boot method, trusted boot device, electronic equipment and readable storage medium | |
| CN105208046A (en) | Double-security certification method and device for intelligent POS (Point Of Sale) machine | |
| EP2341459A1 (en) | Method and device for detecting if a computer file has been copied and method and device for enabling such detection | |
| WO2017220014A1 (en) | System permission management method and apparatus, and intelligent terminal | |
| CN112219186B (en) | Method for installing a program code package in a device, device and motor vehicle |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200609 |