CN112929871A - OTA upgrade package acquisition method, electronic device and storage medium - Google Patents
OTA upgrade package acquisition method, electronic device and storage medium Download PDFInfo
- Publication number
- CN112929871A CN112929871A CN201911233659.0A CN201911233659A CN112929871A CN 112929871 A CN112929871 A CN 112929871A CN 201911233659 A CN201911233659 A CN 201911233659A CN 112929871 A CN112929871 A CN 112929871A
- Authority
- CN
- China
- Prior art keywords
- key
- encryption
- ota
- package
- upgrade package
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 85
- 238000012795 verification Methods 0.000 claims abstract description 30
- 230000008569 process Effects 0.000 claims abstract description 25
- 238000004590 computer program Methods 0.000 claims description 6
- 238000004364 calculation method Methods 0.000 claims description 3
- 239000000126 substance Substances 0.000 claims 1
- 230000006855 networking Effects 0.000 abstract description 8
- 238000004422 calculation algorithm Methods 0.000 description 15
- 238000013461 design Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000003032 molecular docking Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/22—Processing or transfer of terminal data, e.g. status or physical capabilities
- H04W8/24—Transfer of terminal data
- H04W8/245—Transfer of terminal data from a network towards a terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3239—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3249—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/84—Vehicles
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the invention relates to the field of Internet of vehicles and discloses an OTA upgrade package acquisition method, electronic equipment and a storage medium. In the invention, the method for acquiring the OTA upgrade package comprises the following steps: acquiring an encryption package, a first encryption key and a second key from an over-the-air OTA platform; the first encryption key is the encrypted first key, the first key is the hash value of the OTA upgrade package, and the encryption package is the encrypted OTA upgrade package; decrypting the first encryption key by using the second secret key to obtain a first secret key; and decrypting the encrypted packet by using the first secret key to obtain the OTA upgrade packet. The invention can avoid the problem of verification failure caused by unstable network during networking verification and reduce the requirement of a decryption process on the terminal equipment.
Description
Technical Field
The embodiment of the invention relates to the field of car networking, in particular to an OTA upgrade package acquisition method, electronic equipment and a storage medium.
Background
At present, an Over-The-Air (OTA) technology is widely applied to various fields, The protection of The security of an OTA upgrade package is an important part in The upgrade protection process by using The OTA technology, and The certification in The aspects of security, integrity, authenticity and The like of The obtained OTA upgrade package is necessary, so that The risk of The company of revealing important assets is reduced. In the prior art, a terminal side for upgrading generally needs to obtain a secret Key from a Public Key Infrastructure (PKI) through networking to decrypt an encrypted packet obtained from an OTA platform, so as to obtain an OTA upgrade packet.
The inventor finds that at least the following problems exist in the prior art: the prior art often encounters the problem of verification failure caused by network instability during networking verification. Moreover, since the key for decrypting the encrypted packet needs to be obtained by means of PKI, the decryption process is too dependent on hardware facilities, and accordingly, the requirements on the terminal-side device are higher.
Disclosure of Invention
The embodiment of the invention aims to provide an OTA upgrade package acquisition method, electronic equipment and a storage medium, which can avoid the problem of verification failure caused by network instability during networking verification and reduce the requirement on terminal equipment in the process of decrypting an encrypted package.
In order to solve the above technical problem, an embodiment of the present invention provides a method for acquiring an OTA upgrade package, which is applied to a terminal and includes: acquiring an encryption package, a first encryption key and a second key from an over-the-air OTA platform; the first encryption key is the encrypted first key, the first key is the hash value of the OTA upgrade package, and the encryption package is the encrypted OTA upgrade package; decrypting the first encryption key by using the second secret key to obtain a first secret key; and decrypting the encrypted packet by using the first secret key to obtain the OTA upgrade packet.
The embodiment of the invention also provides an obtaining method of the OTA upgrade package, which is applied to the OTA platform and comprises the following steps: acquiring a first secret key; the first secret key is a hash value of the OTA upgrade package; encrypting the OTA upgrade package by using a first secret key to obtain an encryption package; encrypting the first secret key by using the third secret key to obtain a first encryption secret key; and sending the encryption package, the first encryption key and a second secret key to the terminal, wherein the second secret key and the third secret key are a pair of secret keys.
An embodiment of the present invention also provides an electronic device, including: at least one processor; and a memory communicatively coupled to the at least one processor; the memory stores instructions executable by the at least one processor, and the instructions are executed by the at least one processor to enable the at least one processor to execute the OTA upgrade package acquisition method.
The embodiment of the invention also provides a computer readable storage medium, which stores a computer program, and the computer program is executed by a processor to realize the above OTA upgrade package acquisition method.
Compared with the prior art, the terminal directly obtains the second secret key for decrypting the first encryption secret key from the OTA platform, decrypts the first encryption secret key by using the second secret key to obtain the first secret key capable of decrypting the encryption package, does not need to network and obtain the secret key for decrypting the encryption package from the PKI, can avoid the problem of verification failure caused by unstable network during network verification, and reduces the requirement on terminal equipment because the process of decrypting the encryption package does not depend on the PKI.
In addition, after obtaining the encryption package, the first encryption key and the second key from the OTA platform, before decrypting the first encryption key with the second key to obtain the first key, the method further includes: verifying the encrypted packet acquired from the OTA platform; and if the encrypted packet obtained from the OTA platform passes the verification, decrypting the first encrypted secret key by using the second secret key to obtain the first secret key. In this embodiment, before the terminal decrypts the first secret key, the identity of the encrypted packet is verified, and the first encrypted secret key is decrypted only if the verification passes. The embodiment can confirm the identity of the encryption package, ensure the reliability and integrity of the source of the encryption package, and enhance the safety of the upgrading process.
In addition, in the process of acquiring the encryption package, the first encryption key and the second key from the OTA platform, the method further comprises the following steps: acquiring a first encrypted hash value from an OTA platform; the first encryption hash value is obtained by signing the hash value of the encryption packet through the OTA platform; the method comprises the following steps of verifying and signing an encryption packet acquired from an OTA platform, and specifically comprises the following steps: signing the hash value of the encrypted packet acquired from the OTA platform to obtain a second encrypted hash value; comparing the first encrypted hash value with the second encrypted hash value; and if the first encryption hash value is the same as the second encryption hash value, judging that the encryption packet acquired from the OTA platform passes the verification. The embodiment provides a specific method for verifying the signature, which compares the signed encrypted packet hash values obtained in the two ways, and indicates that the signature passes the verification under the same condition, so that the security is enhanced.
In addition, after obtaining the encryption package, the first encryption key and the second key from the OTA platform, before calculating the hash value of the encryption package obtained from the OTA platform and decrypting the first encryption hash value by using the second key to obtain the hash value of the encryption package, the method further includes: verifying the second secret key by using a prestored root certificate; and if the second secret key passes the verification, decrypting the first encrypted hash value by using the second secret key to obtain the hash value of the encrypted packet. In this embodiment, the verification indicates that the second secret key is legal, and then the second secret key is used to decrypt the first encrypted hash value, so as to ensure that the second secret key is complete and reliable, thereby avoiding the security problem caused by using an illegal second secret key for decryption.
In addition, utilize first secret key to decrypt the encryption package, obtain OTA upgrade package after, still include: calculating the hash value of the OTA upgrade package obtained by decryption, and comparing the hash value of the OTA upgrade package obtained by calculation with the first secret key; and if the calculated hash value of the OTA upgrade package is the same as the first secret key, using the OTA upgrade package obtained by decryption. In this embodiment, the hash value of the OTA upgrade package obtained through calculation is compared with the first secret key obtained by decrypting the first encryption secret key, whether the finally obtained upgrade package is complete is determined, the tampered upgrade package is avoided, and whether company assets are leaked or not can be checked.
In addition, the OTA upgrade package acquisition method is applied to the vehicle-mounted terminal. The embodiment provides an application scenario of the OTA upgrade package acquisition method.
Drawings
One or more embodiments are illustrated by the corresponding figures in the drawings, which are not meant to be limiting.
Fig. 1 is a flowchart of a method for acquiring an OTA upgrade package according to a first embodiment of the present invention;
fig. 2 is a flowchart of a method for acquiring an OTA upgrade package in a second embodiment of the present invention;
fig. 3 is a flowchart of a method for acquiring an OTA upgrade package according to a third embodiment of the present invention;
fig. 4 is a flowchart of a method for acquiring an OTA upgrade package in a fourth embodiment of the present invention;
fig. 5 is a flowchart of a method for acquiring an OTA upgrade package in a fifth embodiment of the present invention;
fig. 6 is a schematic structural diagram of an electronic device according to a sixth embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention more apparent, embodiments of the present invention will be described in detail below with reference to the accompanying drawings. However, it will be appreciated by those of ordinary skill in the art that numerous technical details are set forth in order to provide a better understanding of the present application in various embodiments of the present invention. However, the technical solution claimed in the present application can be implemented without these technical details and various changes and modifications based on the following embodiments. The following embodiments are divided for convenience of description, and should not constitute any limitation to the specific implementation manner of the present invention, and the embodiments may be mutually incorporated and referred to without contradiction.
The first embodiment of the present invention relates to a method for acquiring an OTA upgrade package, which is applied to a terminal, where the terminal may be a computer, a mobile phone, or the like, and may be applied to a vehicle-mounted terminal in practical applications, which is not limited herein. In this embodiment, after obtaining the encryption package, the first encryption key, and the second key from the OTA platform, the terminal decrypts the first encryption key using the second key to obtain the first key, and decrypts the encryption package using the first key to obtain the OTA upgrade package finally. In the whole process, the terminal does not need to be networked to obtain the secret key for decrypting the encryption package from the PKI, but an OTA platform is used for issuing the first encryption secret key and the second secret key, and after a series of operations, the encryption package can be decrypted to obtain an OTA upgrade package, so that the problem of verification failure caused by unstable networks during networking verification can be avoided, and the requirement of the decryption process on the terminal equipment is reduced. The details of the OTA upgrade package obtaining method according to this embodiment are described in detail below, and the following description is only provided for the convenience of understanding, and is not necessary for implementing this embodiment. As shown in fig. 1, the method includes:
Specifically, the first encryption key is the encrypted first key, the first key is a hash value of the OTA upgrade package, and the encryption package is the encrypted OTA upgrade package. And the terminal acquires the encrypted OTA upgrade package, the hash value of the encrypted OTA upgrade package and a second secret key from the OTA platform.
In a specific example, the OTA platform calculates a hash value of the OTA upgrade package, and encrypts the OTA upgrade package by using the hash value of the OTA to obtain an encrypted package, where the Encryption may be implemented by using an Advanced Encryption Standard (AES) algorithm, such as: the AES256 algorithm, which is not limited herein. In addition, the OTA platform acquires a pair of public and private keys from the PKI through the docking platform, and encrypts the hash value of the OTA upgrade package by using the private key as a second key so as to obtain a first encryption key. Therefore, if the OTA platform receives an OTA upgrade request sent by the terminal, the OTA platform can issue the encryption packet, the hash value of the encrypted OTA upgrade packet and the public key in the key pair to the terminal, and the issue mode may be that the encryption packet, the hash value of the encrypted OTA upgrade packet and the public key in the key pair are issued through a hypertext Transfer Protocol over secure session Transport Layer (HTTPS) channel, where the HTTPS channel may adopt a Transport Layer Security (TLS), for example: TLS 1.2, which is not limited herein. The method for the terminal to obtain the hash value of the encryption package, the encrypted OTA upgrade package and the public key in the key pair may be as follows: the download address of the OTA upgrade package is accessed using HTTPS, which is not limited herein.
In a specific example, the terminal may receive a file package from the OTA platform, and then the terminal may disassemble the file package according to a predetermined rule to obtain an encrypted package, a public key in the key pair, and a hash value of the encrypted OTA upgrade package, and then decrypt the hash value of the encrypted OTA upgrade package by using the public key as the second key, so as to obtain the hash value of the OTA upgrade package.
And 103, decrypting the encrypted packet by using the first secret key to obtain the OTA upgrade packet.
In a specific example, after the terminal decrypts the hash value of the encrypted OTA upgrade package to obtain the hash value of the OTA upgrade package, the terminal may use the hash value of the OTA upgrade package as a first key to decrypt the encrypted package obtained from the OTA platform to finally obtain the OTA upgrade package, so as to further complete the upgrade using the OTA upgrade package, where the decryption may be performed by using an AES algorithm corresponding to the process of encrypting the OTA upgrade package by the OTA platform, such as: the AES256 algorithm, which is not limited herein.
In the embodiment, the terminal does not need to be networked to obtain the secret key for decrypting the encryption package from the PKI, but an OTA platform is used for issuing the first encryption secret key and the second secret key, and after a series of operations, the encryption package can be decrypted to obtain the OTA upgrade package, so that the problem of verification failure caused by unstable network during networking verification can be avoided, and the requirement of the decryption process on the terminal equipment is reduced.
The second embodiment of the invention relates to a method for acquiring an OTA upgrade package. The second embodiment is substantially the same as the first embodiment, and mainly differs therefrom in that: in a second embodiment, after the terminal acquires the encryption package, the first encryption key and the second key from the OTA platform, before the second key is used to decrypt the first encryption key to obtain the first key, the terminal may further check the encryption package acquired from the OTA platform, and if the encryption package acquired from the OTA platform passes the check, the terminal performs decryption of the first encryption key by using the second key to obtain the first key. As shown in fig. 2, the method for acquiring an OTA upgrade package in this embodiment includes:
And 202, checking the encrypted packet acquired from the OTA platform.
Specifically, after receiving an encryption packet, a first encryption key and a second key issued by the OTA platform, the terminal checks the encryption packet therein.
In a specific example, in the process that the terminal acquires the encrypted packet, the first encryption key and the second key from the OTA platform, the terminal may further acquire the first encryption hash value, that is, a signature character string obtained by the OTA platform signing the hash value of the encrypted packet, where the signature mode may be: the OTA platform uses a Secure Hash Algorithm (SHA for short) to sign the Hash value of the encrypted packet, which is not limited herein. After the terminal acquires the hash value of the encrypted packet, the terminal can sign the acquired hash value of the encrypted packet by using an SHA algorithm to obtain a second encrypted hash value, then the first encrypted hash value and the second encrypted hash value are compared, and if the first encrypted hash value and the second encrypted hash value are the same, the encrypted packet acquired from the OTA platform is judged to pass the verification of the signature. It should be noted that, the method for the terminal to obtain the hash value of the encrypted packet may be: receiving the hash value of the encrypted packet sent by the OTA platform, or calculating the hash value of the encrypted packet after receiving the encrypted packet sent by the OTA platform, which is not limited herein.
More preferably, the OTA platform may sign the hash value of the encrypted packet by: the method comprises the steps of signing the hash value of an encryption package by utilizing the SHA to obtain a first encryption hash value, then encrypting the first encryption hash value by utilizing the RSA algorithm and a private key in a private key pair to obtain an encrypted first encryption hash value, namely, signing and encrypting the hash value of the encryption package by utilizing the SHA256with RSA algorithm by the terminal. For the terminal side, the terminal may decrypt the encrypted first encrypted hash value by using the RSA algorithm and the public key of the key pair to obtain the first encrypted hash value. In addition, the terminal signs the hash value of the encryption packet sent by the OTA platform by using the SHA algorithm to obtain a second encryption hash value, then compares the first encryption hash value with the second encryption hash value, and if the first encryption hash value is the same as the second encryption hash value, the terminal judges that the encryption packet obtained from the OTA platform passes the verification of the signature. It should be noted that the public key in the above key pair may be issued by the OTA platform.
In step 203, if the encrypted packet obtained from the OTA platform passes the verification, the first encrypted key is decrypted by using the second secret key to obtain the first secret key.
In a specific example, if the calculated hash value of the encrypted packet and the decrypted hash value of the encrypted packet are the same, indicating that the signature verification passes, the terminal may decrypt the first encryption key by using the public key delivered by the OTA platform to obtain the first secret key, that is, obtain the hash value of the OTA upgrade packet.
And step 204, decrypting the encrypted packet by using the first secret key to obtain the OTA upgrade packet. Similar to step 103, further description is omitted here.
In this embodiment, the terminal verifies and signs the encryption package that obtains from the OTA platform, if the encryption package that obtains from the OTA platform verifies and signs and passes through, carry out again and utilize the first encryption key of second secret key deciphering to obtain first key, promptly, under the circumstances that the encryption package that obtains from the OTA platform verified and signs and passes through, just can continue to carry out and decipher first encryption key, this embodiment can play the effect of confirming the identity of encryption package, guarantee the reliability and the integrality of encryption package source, the security of obtaining the upgrade package process has been strengthened.
The third embodiment of the invention relates to a method for acquiring an OTA upgrade package. The third embodiment is substantially the same as the first embodiment, and mainly differs therefrom in that: after the terminal obtains the encryption package, the first encryption key and the second key from the OTA platform, the second key is verified before the first encryption key is decrypted by the second key to obtain the first key, and if the second key passes the verification, the terminal decrypts the first encryption key by the second key to obtain the first key. As shown in fig. 3, the method for acquiring an OTA upgrade package in this embodiment includes:
In a specific example, after the terminal acquires the public key issued by the OTA platform, the terminal may perform validity verification on the public key by using the root certificate.
In a specific example, if the public key obtained from the OTA platform verifies that the public key is legal, the terminal may decrypt the first encryption key using the public key to obtain the first secret key, i.e., obtain the hash value of the OTA upgrade package.
And step 304, decrypting the encrypted packet by using the first secret key to obtain the OTA upgrade packet. Similar to step 103, further description is omitted here.
In the embodiment, after the terminal acquires the encryption package, the first encryption key and the second key from the OTA platform, the second key is verified before the first encryption key is decrypted by using the second key to obtain the first key, and the verification indicates that the second key is legal.
The fourth embodiment of the invention relates to a method for acquiring an OTA upgrade package. The fourth embodiment is substantially the same as the first embodiment, and mainly differs therefrom in that: the terminal decrypts the encrypted package by using the first secret key to obtain the OTA upgrade package, calculates the hash value of the OTA upgrade package obtained by decryption, compares the calculated hash value of the OTA upgrade package with the first secret key, and uses the OTA upgrade package obtained by decryption if the calculated hash value of the OTA upgrade package is the same as the first secret key. As shown in fig. 4, the method for acquiring an OTA upgrade package in this embodiment includes:
And step 403, decrypting the encrypted packet by using the first secret key to obtain the OTA upgrade packet. Similar to step 103, further description is omitted here.
Specifically, the terminal calculates the hash value of the decrypted OTA upgrade package, and compares the calculated hash value of the OTA upgrade package with the first secret key, that is, compares the calculated hash value of the OTA upgrade package with the hash value of the OTA upgrade package acquired from the OTA platform.
In step 405, if the calculated hash value of the OTA upgrade package is the same as the first secret key, the OTA upgrade package obtained by decryption is used.
Specifically, if the hash value of the OTA upgrade package calculated by the terminal is the same as the first secret key, that is, the hash value of the OTA upgrade package calculated by the terminal is the same as the hash value of the OTA upgrade package, it indicates that the OTA upgrade package of the OTA platform is consistent with the OTA upgrade package obtained by the terminal, and the terminal can use the decrypted OTA upgrade package.
In this embodiment, the terminal compares the calculated hash value of the OTA upgrade package with the first secret key obtained by decrypting the first encryption secret key, and determines whether the finally obtained upgrade package is complete. By adopting the method, the problem of upgrading failure caused by obtaining the tampered OTA upgrading packet can be avoided, and the condition that the terminal system is damaged due to upgrading of the unofficial OTA upgrading packet is prevented.
The fifth embodiment of the invention relates to an OTA upgrade package acquisition method, which is applied to an OTA platform. In this embodiment, the OTA platform obtains a first key, that is, a hash value of the OTA upgrade package, encrypts the OTA upgrade package with the first key to obtain an encryption package, encrypts the first secret key with a third key to obtain the first encryption key, and sends the encryption package, the first encryption key, and the second secret key to the terminal, where the second key and the third key are a pair of keys. That is to say, the OTA platform directly issues the second key that is used for deciphering first encryption key to the terminal, for the terminal utilizes the second key to decipher first encryption key and obtain the hash value of OTA upgrade package, and utilize the hash value of OTA upgrade package to decipher the encryption package and obtain OTA upgrade package, so, to the terminal, the deciphering process need not the networking and obtains the key, can avoid the unstable problem that leads to the check-up failure of network, and, because the deciphering process need not rely on PKI, so the terminal can not rely on hardware setting, the requirement of deciphering process to terminal equipment has been reduced. The details of the OTA upgrade package obtaining method according to this embodiment are described in detail below, and the following description is only provided for the convenience of understanding, and is not necessary for implementing this embodiment. As shown in fig. 5, the method includes:
Specifically, the OTA platform calculates the hash value of the OTA upgrade package as the first secret key.
Specifically, the OTA platform may use the hash value of the OTA upgrade package as a key to encrypt the OTA upgrade package to obtain an encryption package, where the encryption mode may be an AES algorithm, for example: the AES256 algorithm, which is not limited herein.
In step 503, the first secret key is encrypted by using the third secret key to obtain a first encryption secret key.
Specifically, the OTA platform encrypts the hash value of the OTA upgrade package by using the acquired third key to obtain the encrypted hash value of the OTA upgrade package, and uses the encrypted hash value as the first encryption key.
In a specific example, the OTA platform acquires a pair of keys from the PKI, and encrypts the hash value of the OTA upgrade package by using a private key thereof as a third key, that is, encrypts the first secret key to obtain the first encryption key.
In a specific example, the OTA platform obtains a pair of keys from the PKI, and uses the public key thereof as the second key, and uses the private key thereof as the third key, that is, the second key and the third key are a pair of keys each other. After obtaining the encrypted OTA upgrade package, the hash value of the encrypted OTA upgrade package and the public key through a series of operations, the OTA platform issues the encrypted OTA upgrade package, the hash value and the public key to the terminal so that the terminal can decrypt the encrypted OTA upgrade package to obtain the OTA upgrade package.
In a specific example, after the OTA platform encrypts the OTA upgrade package by using the first secret key to obtain the encrypted package, before sending the encrypted package, the first encrypted secret key and the second secret key to the terminal, the OTA platform may further calculate a hash value of the encrypted package, and sign the hash value of the encrypted package to obtain the first encrypted hash value, where the signing manner may be an SHA256withRSA algorithm, which is not limited herein. The OTA platform also can send the first encryption hash value to the terminal together in the process of sending the encryption package, the first encryption secret key and the second secret key to the terminal, so that the terminal can check the hash value of the encryption package obtained from the OTA platform, and the safety of the upgrading process is enhanced.
In this embodiment, the OTA platform directly issues the second key for decrypting the first encryption key to the terminal, so that the terminal decrypts the first encryption key by using the second key to obtain the hash value of the OTA upgrade package, and decrypts the encryption package by using the hash value of the OTA upgrade package to obtain the OTA upgrade package, so as to the terminal, the decryption process does not need to be networked to obtain the key, the problem of failure in verification due to unstable network can be avoided, and moreover, the terminal does not depend on hardware setting because the decryption process does not need to use PKI, and the requirement of the decryption process on the terminal equipment is reduced.
The steps of the above methods are divided for clarity, and the implementation may be combined into one step or split some steps, and the steps are divided into multiple steps, so long as the same logical relationship is included, which are all within the protection scope of the present patent; it is within the scope of the patent to add insignificant modifications to the algorithms or processes or to introduce insignificant design changes to the core design without changing the algorithms or processes.
A sixth embodiment of the present invention relates to an electronic apparatus, as shown in fig. 6, including: at least one processor 601; and a memory 602 communicatively coupled to the at least one processor 601; the memory 602 stores instructions executable by the at least one processor 601, and the instructions are executed by the at least one processor 601 to enable the at least one processor 601 to execute the OTA upgrade package obtaining method.
Where the memory 602 and the processor 601 are coupled by a bus, the bus may comprise any number of interconnected buses and bridges that couple one or more of the various circuits of the processor 601 and the memory 602 together. The bus may also connect various other circuits such as peripherals, voltage regulators, power management circuits, and the like, which are well known in the art, and therefore, will not be described any further herein. A bus interface provides an interface between the bus and the transceiver. The transceiver may be one element or a plurality of elements, such as a plurality of receivers and transmitters, providing a means for communicating with various other apparatus over a transmission medium. The data processed by the processor 601 is transmitted over a wireless medium via an antenna, which further receives the data and transmits the data to the processor 601.
The processor 601 is responsible for managing the bus and general processing and may also provide various functions including timing, peripheral interfaces, voltage regulation, power management, and other control functions. While memory 602 may be used to store data used by processor 601 in performing operations.
A seventh embodiment of the present invention relates to a computer-readable storage medium storing a computer program. The computer program realizes the above-described method embodiments when executed by a processor.
That is, as can be understood by those skilled in the art, all or part of the steps in the method for implementing the embodiments described above may be implemented by a program instructing related hardware, where the program is stored in a storage medium and includes several instructions to enable a device (which may be a single chip, a chip, or the like) or a processor (processor) to execute all or part of the steps of the method described in the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
It will be understood by those of ordinary skill in the art that the foregoing embodiments are specific examples for carrying out the invention, and that various changes in form and details may be made therein without departing from the spirit and scope of the invention in practice.
Claims (10)
1. A method for acquiring an OTA upgrade package is applied to a terminal and comprises the following steps:
acquiring an encryption package, a first encryption key and a second key from an over-the-air OTA platform; the first encryption key is an encrypted first key, the first key is a hash value of an OTA upgrade package, and the encryption package is the encrypted OTA upgrade package;
decrypting the first encryption key by using the second secret key to obtain the first secret key;
and decrypting the encryption package by using the first secret key to obtain the OTA upgrade package.
2. The method of claim 1, wherein after obtaining the encryption package, the first encryption key, and the second key from the OTA platform, and before decrypting the first encryption key with the second key to obtain the first key, the method further comprises:
verifying the encrypted packet acquired from the OTA platform;
and if the encryption package obtained from the OTA platform passes the verification of the signature, executing the decryption of the first encryption key by using the second secret key to obtain the first secret key.
3. The OTA upgrade package obtaining method according to claim 2, wherein the process of obtaining the encryption package, the first encryption key and the second encryption key from the OTA platform further comprises:
obtaining a first encrypted hash value from the OTA platform; the first encryption hash value is obtained by signing the hash value of the encryption packet through the OTA platform;
the verifying and signing the encrypted packet acquired from the OTA platform specifically comprises:
signing the hash value of the encryption packet acquired from the OTA platform to obtain a second encryption hash value;
comparing the first and second cryptographic hash values;
and if the first encryption hash value is the same as the second encryption hash value, judging that the encryption package acquired from the OTA platform passes the verification of the signature.
4. The method of claim 1, wherein after obtaining the encryption package, the first encryption key, and the second key from the OTA platform, and before decrypting the first encryption key with the second key to obtain the first key, the method further comprises:
verifying the second secret key by using a prestored root certificate;
and if the second secret key passes the verification, executing the decryption of the first encryption secret key by using the second secret key to obtain the first secret key.
5. The method for acquiring the OTA upgrade package according to any one of claims 1 to 4, wherein the decrypting the encrypted package with the first key to obtain the OTA upgrade package further comprises:
calculating the hash value of the OTA upgrade package obtained by decryption, and comparing the calculated hash value of the OTA upgrade package with the first secret key;
and if the hash value of the OTA upgrade package obtained by calculation is the same as the first secret key, using the OTA upgrade package obtained by decryption.
6. The OTA upgrade package acquisition method according to any one of claims 1 to 4, wherein the OTA upgrade package acquisition method is applied to a vehicle-mounted terminal.
7. A method for acquiring an OTA upgrade package is applied to an OTA platform and comprises the following steps:
acquiring a first secret key; the first secret key is a hash value of the OTA upgrade package;
encrypting the OTA upgrade package by using the first secret key to obtain an encryption package;
encrypting the first secret key by using a third secret key to obtain a first encryption secret key;
sending the encryption packet, the first encryption key and the second secret key to a terminal; the second key and the third key are a pair of keys.
8. The method according to claim 7, wherein after the OTA upgrade package is encrypted by using the first secret key to obtain an encrypted package, and before the encrypted package, the first encryption secret key, and the second secret key are sent to the terminal, the method further comprises:
calculating a hash value of the encrypted packet, and signing the hash value of the encrypted packet to obtain a first encrypted hash value;
in the process of sending the encryption packet, the first encryption key and the second secret key to the terminal, the method further includes:
and sending the first encrypted hash value to the terminal.
9. An electronic device, comprising:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform a method of acquiring an OTA upgrade package as claimed in any one of claims 1 to 6; or to enable the at least one processor to perform the OTA upgrade package acquisition method according to any of claims 7 to 8.
10. A computer-readable storage medium storing a computer program, wherein the computer program, when executed by a processor, implements the OTA upgrade package acquisition method of any one of claims 1 to 6; or, when executed by a processor, implement the OTA upgrade package acquisition method of any one of claims 7 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911233659.0A CN112929871A (en) | 2019-12-05 | 2019-12-05 | OTA upgrade package acquisition method, electronic device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911233659.0A CN112929871A (en) | 2019-12-05 | 2019-12-05 | OTA upgrade package acquisition method, electronic device and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112929871A true CN112929871A (en) | 2021-06-08 |
Family
ID=76162281
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911233659.0A Pending CN112929871A (en) | 2019-12-05 | 2019-12-05 | OTA upgrade package acquisition method, electronic device and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112929871A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2021259310A1 (en) * | 2020-06-23 | 2021-12-30 | 京东方科技集团股份有限公司 | Over-the-air updating method, update server, terminal device, and internet of things system |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101425114A (en) * | 2008-12-12 | 2009-05-06 | 四川长虹电器股份有限公司 | Software upgrading bag packaging method and software upgrading method |
| CN104506515A (en) * | 2014-12-17 | 2015-04-08 | 北京极科极客科技有限公司 | Firmware protection method and firmware protection device |
| CN108737394A (en) * | 2018-05-08 | 2018-11-02 | 腾讯科技(深圳)有限公司 | Off-line verification system, barcode scanning equipment and server |
| CN109189450A (en) * | 2018-10-24 | 2019-01-11 | 郑州云海信息技术有限公司 | A kind of method and device of server firmware upgrading |
| CN109560931A (en) * | 2018-11-30 | 2019-04-02 | 江苏恒宝智能系统技术有限公司 | A kind of equipment remote upgrade method based on no Certification system |
| CN109829294A (en) * | 2019-01-31 | 2019-05-31 | 云丁网络技术(北京)有限公司 | A kind of firmware validation method, system, server and electronic equipment |
| CN110071940A (en) * | 2019-05-06 | 2019-07-30 | 深圳市网心科技有限公司 | Software package encipher-decipher method, server, user equipment and storage medium |
| CN110362990A (en) * | 2019-05-31 | 2019-10-22 | 口碑(上海)信息技术有限公司 | Using the security processing of installation, apparatus and system |
| CN110378105A (en) * | 2019-07-02 | 2019-10-25 | 广州小鹏汽车科技有限公司 | Security upgrading method, system, server and car-mounted terminal |
| CN110460588A (en) * | 2018-05-31 | 2019-11-15 | 腾讯科技(深圳)有限公司 | Realize method, apparatus, the computer system and storage medium of Information Authentication |
-
2019
- 2019-12-05 CN CN201911233659.0A patent/CN112929871A/en active Pending
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101425114A (en) * | 2008-12-12 | 2009-05-06 | 四川长虹电器股份有限公司 | Software upgrading bag packaging method and software upgrading method |
| CN104506515A (en) * | 2014-12-17 | 2015-04-08 | 北京极科极客科技有限公司 | Firmware protection method and firmware protection device |
| CN108737394A (en) * | 2018-05-08 | 2018-11-02 | 腾讯科技(深圳)有限公司 | Off-line verification system, barcode scanning equipment and server |
| CN110460588A (en) * | 2018-05-31 | 2019-11-15 | 腾讯科技(深圳)有限公司 | Realize method, apparatus, the computer system and storage medium of Information Authentication |
| CN109189450A (en) * | 2018-10-24 | 2019-01-11 | 郑州云海信息技术有限公司 | A kind of method and device of server firmware upgrading |
| CN109560931A (en) * | 2018-11-30 | 2019-04-02 | 江苏恒宝智能系统技术有限公司 | A kind of equipment remote upgrade method based on no Certification system |
| CN109829294A (en) * | 2019-01-31 | 2019-05-31 | 云丁网络技术(北京)有限公司 | A kind of firmware validation method, system, server and electronic equipment |
| CN110071940A (en) * | 2019-05-06 | 2019-07-30 | 深圳市网心科技有限公司 | Software package encipher-decipher method, server, user equipment and storage medium |
| CN110362990A (en) * | 2019-05-31 | 2019-10-22 | 口碑(上海)信息技术有限公司 | Using the security processing of installation, apparatus and system |
| CN110378105A (en) * | 2019-07-02 | 2019-10-25 | 广州小鹏汽车科技有限公司 | Security upgrading method, system, server and car-mounted terminal |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2021259310A1 (en) * | 2020-06-23 | 2021-12-30 | 京东方科技集团股份有限公司 | Over-the-air updating method, update server, terminal device, and internet of things system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11757662B2 (en) | Confidential authentication and provisioning | |
| CN108566381A (en) | A kind of security upgrading method, device, server, equipment and medium | |
| CN109194625B (en) | Client application protection method and device based on cloud server and storage medium | |
| US11321074B2 (en) | Vehicle-mounted device upgrade method and related apparatus | |
| CN110990827A (en) | Identity information verification method, server and storage medium | |
| CN105072125B (en) | A kind of http communication system and method | |
| EP3001598B1 (en) | Method and system for backing up private key in electronic signature token | |
| CN112913189B (en) | OTA (over the air) upgrading method and device | |
| JP2020530726A (en) | NFC tag authentication to remote servers with applications that protect supply chain asset management | |
| CN111970114B (en) | File encryption method, system, server and storage medium | |
| CN106550359B (en) | Authentication method and system for terminal and SIM card | |
| CN114710298B (en) | Chameleon hash-based document batch signing method, device, equipment and medium | |
| CN111614621A (en) | Internet of things communication method and system | |
| KR102591826B1 (en) | Apparatus and method for authenticating device based on certificate using physical unclonable function | |
| KR20170017455A (en) | Mutual authentication method between mutual authentication devices based on session key and token, mutual authentication devices | |
| CN109960935B (en) | Method, device and storage medium for determining trusted state of TPM (trusted platform Module) | |
| CN114095277A (en) | Power distribution network secure communication method, secure access device and readable storage medium | |
| CN112929871A (en) | OTA upgrade package acquisition method, electronic device and storage medium | |
| CN108242997B (en) | Method and apparatus for secure communication | |
| CN114661314A (en) | Vehicle-mounted terminal file encryption upgrading method and device, terminal equipment and storage medium | |
| CN109104393B (en) | Identity authentication method, device and system | |
| CN113364756B (en) | Intelligent electronic equipment data transmission method, device, system and medium | |
| CN112187458B (en) | Method, device, system and medium for activating session between equipment end and platform end | |
| CN114240428A (en) | Data transmission method and device, data transaction terminal and data supplier | |
| CN117336090A (en) | Communication method, communication device, communication system, and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |