CN114124363A - Electronic equipment, authentication system and authentication method - Google Patents

Electronic equipment, authentication system and authentication method Download PDF

Info

Publication number
CN114124363A
CN114124363A CN202010880133.8A CN202010880133A CN114124363A CN 114124363 A CN114124363 A CN 114124363A CN 202010880133 A CN202010880133 A CN 202010880133A CN 114124363 A CN114124363 A CN 114124363A
Authority
CN
China
Prior art keywords
electronic device
serial
serial port
data
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010880133.8A
Other languages
Chinese (zh)
Inventor
文小华
许立
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Industrial Utechnology Research Institute
Original Assignee
Shanghai Industrial Utechnology Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Industrial Utechnology Research Institute filed Critical Shanghai Industrial Utechnology Research Institute
Priority to CN202010880133.8A priority Critical patent/CN114124363A/en
Publication of CN114124363A publication Critical patent/CN114124363A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The application provides an electronic device, authentication system and authentication method, the electronic device has a serial interface for data receiving and transmitting, the electronic device includes: a first storage unit for storing a public key; a random number generator for generating a random number; and a controller that generates serial data according to the random number and identification information of the electronic device, the serial data being stored in the electronic device and transmitted to the outside of the electronic device; after the electronic equipment outputs the serial port data, the controller verifies the received signature information by using the public key and the stored serial port data under the condition of receiving the signature information, and sets the serial interface to be in a normal state or a forbidden state according to a verification result.

Description

Electronic equipment, authentication system and authentication method
Technical Field
The present application relates to the field of electronic circuit technologies, and in particular, to an electronic device, an authentication system, and an authentication method.
Background
An existing electronic device, such as a vehicle-mounted terminal, generally reserves a serial port (i.e., a serial interface) as a debugging port.
In the development process of software and hardware systems of electronic equipment, some information of the systems can be checked through a debugging port, or a key log (log) is checked when the systems are down (crash), or an error log is checked through a serial port when a vehicle-mounted terminal returns to a factory for maintenance, and the like.
It should be noted that the above background description is only for the convenience of clear and complete description of the technical solutions of the present application and for the understanding of those skilled in the art. Such solutions are not considered to be known to the person skilled in the art merely because they have been set forth in the background section of the present application.
Disclosure of Invention
The inventor of the application finds that after the electronic equipment faces the market, the reserved serial port in the electronic equipment brings great potential safety hazards to the electronic equipment, for example: an attacker can check some sensitive information of the system, backup (dump) key data of the system, modify system software or crack the system and the like through the reserved serial port, so that the attempt of illegally invading the system is achieved.
The application provides an electronic device, an authentication system and an authentication method, which protect a serial port by adding an authentication mechanism and prevent illegal operation aiming at the serial port.
According to an aspect of the embodiments of the present application, there is provided an electronic device having a serial interface for data transmission and reception,
the electronic device includes:
a first storage part for storing a public key (P)A);
A random number generator for generating a random number (Rd); and
a controller that generates serial data (PlaintextMsg) from the random number (Rd) and identification Information (ID) of the electronic device, the serial data being stored in the electronic device and sent to the outside of the electronic device;
the electronic equipment receives signature information (CER) after outputting the serial port dataA) Under the condition of (1), the controller verifies the received signature information by using the public key and the stored serial port data, and sets the signature information according to the verification resultThe serial interface is brought into a normal state or a disabled state,
wherein the content of the first and second substances,
in the normal state, the external equipment can read the system information of the electronic equipment through the serial interface and can send an operation command to the electronic equipment through the serial interface;
in the disabled state, the external device cannot exchange data with the electronic device through the serial interface.
According to another aspect of the embodiments of the present application, there is provided an authentication system including an electronic device and an authentication apparatus,
the electronic device includes:
a serial interface for transmitting and receiving data;
a first storage part for storing a public key (P)A);
A random number generator for generating a random number (Rd); and
a controller that generates serial data (PlaintextMsg) from the random number (Rd) and identification Information (ID) of the electronic device, the serial data being stored in the electronic device and sent to the outside of the electronic device;
the electronic equipment receives signature information (CER) after outputting the serial port dataA) Under the condition that the serial interface is in a normal state or a forbidden state, the controller verifies the received signature information by using the public key and the stored serial data and sets the serial interface to be in the normal state or the forbidden state according to a verification result,
wherein the content of the first and second substances,
in the normal state, the external equipment can read the system information of the electronic equipment through the serial interface and can send an operation command to the electronic equipment through the serial interface;
in the disabled state, an external device cannot exchange data with the electronic device through the serial interface,
the authentication apparatus includes:
second storageA section for storing a private key (d)A) (ii) a And
a signer for signing the serial port data based on a signature algorithm by using the private key and generating the signature information (CER) under the condition of receiving the serial port data sent by the electronic equipmentA)。
According to another aspect of the embodiments of the present application, there is provided an authentication method applied to an electronic device for setting a state of a serial interface of the electronic device, the authentication method including:
generating a random number (Rd);
generating serial port data (PlaintextMsg) according to the random number (Rd) and identification Information (ID) of the electronic device, the serial port data being stored in the electronic device and sent to the outside of the electronic device; and
the electronic equipment receives signature information (CER) after transmitting the serial port dataA) In case of the serial port, the received signature information is verified by using the public key and the stored serial port data, and the serial port is set to be in a normal state or a forbidden state according to the verification result,
wherein the content of the first and second substances,
in the normal state, the external equipment can read the system information of the electronic equipment through the serial interface and can send an operation command to the electronic equipment through the serial interface;
in the disabled state, the external device cannot exchange data with the electronic device through the serial interface.
The beneficial effect of this application lies in: an authentication mechanism is added to protect the serial port of the electronic equipment, and illegal operation aiming at the serial port is prevented.
Specific embodiments of the present application are disclosed in detail with reference to the following description and drawings, indicating the manner in which the principles of the application may be employed. It should be understood that the embodiments of the present application are not so limited in scope. The embodiments of the application include many variations, modifications and equivalents within the spirit and scope of the appended claims.
Features that are described and/or illustrated with respect to one embodiment may be used in the same way or in a similar way in one or more other embodiments, in combination with or instead of the features of the other embodiments.
It should be emphasized that the term "comprises/comprising" when used herein, is taken to specify the presence of stated features, integers, steps or components but does not preclude the presence or addition of one or more other features, integers, steps or components.
Drawings
The accompanying drawings, which are included to provide a further understanding of the embodiments of the application, are incorporated in and constitute a part of this specification, illustrate embodiments of the application and together with the description serve to explain the principles of the application. It is obvious that the drawings in the following description are only some embodiments of the application, and that for a person skilled in the art, other drawings can be derived from them without inventive effort. In the drawings:
fig. 1 is a schematic diagram of an authentication system according to embodiment 1 of the present application;
fig. 2 is a schematic diagram of a method for setting a state of a serial interface by an authentication system according to embodiment 1 of the present application;
fig. 3 is a schematic diagram of an authentication method according to embodiment 2 of the present application.
Detailed Description
The foregoing and other features of the present application will become apparent from the following description, taken in conjunction with the accompanying drawings. In the description and drawings, particular embodiments of the application are disclosed in detail as being indicative of some of the embodiments in which the principles of the application may be employed, it being understood that the application is not limited to the described embodiments, but, on the contrary, is intended to cover all modifications, variations, and equivalents falling within the scope of the appended claims.
Example 1
Embodiment 1 of the present application provides an authentication system. Fig. 1 is a schematic diagram of an authentication system according to an embodiment of the present application.
As shown in fig. 1, the authentication system 100 includes an electronic device 1 and an authentication apparatus 2.
As shown in fig. 1, the electronic apparatus 1 includes a serial interface 10 for transmitting and receiving data. The authentication device 2 may exchange data with the electronic apparatus 1 via the serial interface 10.
The electronic device 10 includes: a first storage unit 11, a random number generator 12, and a controller 13.
The first storage part 11 is used for storing a public key PA(ii) a The random number generator 12 is used for generating a random number Rd; the controller 13 generates serial port data PlaintextMsg based on the random number Rd and the identification information ID of the electronic device 1, which is stored in the electronic device 1 and sent to the outside of the electronic device 1.
After the electronic device 1 outputs the serial port data PlaintextMsg, it receives the signature information CERAIn case of (2), the controller 13 utilizes the public key PAAnd the stored serial port data pair receives the signature information CERAVerification is performed, and the serial interface 10 is set to a normal state or a disabled state according to the result of the verification.
When the serial interface 10 is in a normal state, the external device can read the system information of the electronic device 1 through the serial interface 10, and can send an operation command to the electronic device 1 through the serial interface 1; when the serial interface is in the disabled state, the external device cannot exchange data with the electronic device 1 through the serial interface 10.
In the present embodiment, the signature information CER is applied to the controller 13AIf the verification is successful, the serial interface 10 may be set to a normal state; signature information CER at the controller 13AIn the case where the verification fails, the serial interface 10 may be set to the disabled state.
In the present embodiment, the authentication apparatus 2 may include: a second storage 21 and a signer 22.
The second storage unit 21 stores a private key dA(ii) a The signer 22 uses the private key d when receiving the serial data PlaintextMsg sent by the electronic device 1ABased onThe signature algorithm signs the serial port data PlaintextMsg to generate signature information CERA. The signature information CERAMay be transmitted to the electronic device 10 via the serial interface 10 so that the electronic device 10 is able to sign the information CERAAnd (6) carrying out verification.
According to embodiment 1 of the present application, an authentication mechanism is added to protect a serial interface of an electronic device, thereby preventing an illegal operation for the serial interface.
In this embodiment, the controller 13 may set the serial interface to the authentication state when the electronic apparatus 1 is powered on. In the authentication state, the serial interface 10 can only transmit data related to the authentication process, for example, in the authentication state, the serial interface 10 is used to: receiving authentication request message RequestAuthID, sending serial port data PlaintextMsg and receiving signature information CERAAnd the like. Thereby, data transmission related to authentication can be performed after the electronic device 1 is powered on.
Wherein, in case the electronic device 1 receives the authentication request message RequestAuthID from the authentication apparatus 2, the controller 13 generates serial data PlaintextMsg which can be stored in the electronic device 1 and sent to the authentication apparatus 2 for generating the signature information CERA
In the case where the first predetermined time has elapsed after the serial port data is transmitted, if the electronic device 1 does not receive the signature information CER from the authentication apparatus 2AThe controller 13 controls the random number generator 12 to generate a random number again, and generates serial data PlaintextMsg again based on the generated random number and the identification information ID again, the serial data PlaintextMsg generated again being stored in the electronic device 1 and being sent to the outside of the electronic device 1 (for example, to an authentication device). The first predetermined time is, for example, 10 seconds. Since the regenerated random number is different from the previous random number, the regenerated serial data PlaintextMsg is also different from the previously generated serial data.
In the case where serial port data is continuously generated N times, if the electronic device 1 still does not receive the signature information CE within the first predetermined timeRAThe controller 13 controls the serial interface 10 to be in the disabled state, and N is a natural number greater than 1. For example, N is equal to 3, that is, when the electronic device 1 is powered on, a random number is generated for the first time and the first serial port data PlaintextMsg is sent, and the signature information CER is not received from the authentication apparatus 2 after a first predetermined time (for example, 10 seconds) has elapsedAThe electronic device 1 generates a random number 2 nd time and transmits the second serial data PlaintextMsg, and if the signature information CERA is not received from the authentication apparatus 2 after a first predetermined time (for example, 10 seconds), the electronic device 1 generates a random number 3 rd time and transmits the 3 rd serial data plaintemsg, and if the signature information CERA is not received from the authentication apparatus 2 yet after the first predetermined time (for example, 10 seconds) has elapsed, the controller 13 sets the serial interface 10 to a disabled state.
In the embodiment of the present application, the public key PACan be generated based on the national secret SM2 public key algorithm standard. For example, the public key P can be obtained by a trusted key distribution center according to the SM2 public key algorithm standardATo the electronic device 1; in addition, the private key d can be used through a secure channelADistributed to the authentication apparatus 2, and the authentication apparatus 2 can secretly store the private key dA
In the embodiment of the present application, the electronic device 1 may be, for example, a vehicle-mounted terminal. The authentication device 2 may be an authentication server, which may be accessed over a network, for example, by a personal computer, which may exchange data with the electronic apparatus 1 via the serial interface 10. The authentication device 2 may be provided in a portable device such as a laptop computer or a portable memory (e.g., a usb disk, a portable hard disk, etc.), and the portable device may exchange data with the electronic device 1 via the serial interface 10, thereby enabling communication between the electronic device 1 and the authentication device 2.
In this embodiment, the identification information ID of the electronic device 1 may be, for example, an identity of the electronic device 1, and the identification information ID may have 64bits (64 bits).
In the present embodiment, the random number Rd generated by the random number generator 12 of the electronic device 1 is, for example, 256bits (256 bits).
In the present embodiment, the authentication apparatus 2 can use the private key dASigning the serial port data PlaintextMsg by using a signature algorithm of SM2 to generate signature information CERA. Generated signature information CERAFor example, a signed certificate.
Next, a method of setting the state of the serial interface 10 by the authentication system of the present embodiment will be described.
Fig. 2 is a schematic diagram of a method for setting a state of a serial interface by an authentication system, as shown in fig. 2, the method includes:
step 201, the electronic device 1 is powered on, and the serial interface 10 completes initialization;
step 202, the controller 13 of the electronic apparatus 1 controls the random number generator 12 to generate a random number Rd (for example, 256bits), and waits for an authentication request message RequestAuthID to be input from the serial interface 10;
step 203, the authentication device 2 inputs an authentication request message RequestAuthID to the electronic device 1 through the serial interface 10;
step 204, after receiving the authentication request message RequestAuthID, the electronic device 1 generates serial port data PlaintextMsg according to the random number Rd generated in step 203 and the identification information ID of the electronic device 1, wherein PlaintextMsg { (SHA 256(Rd | | ID), ID }, stores the serial port data PlaintextMsg, and sends the serial port data PlaintextMsg to the authentication device 2 through the serial interface 10;
step 205, the authentication device utilizes the private key d under the condition of receiving the serial port data PlaintextMsgASigning the received serial port data PlaintextMsg by using a signature algorithm of SM2 to generate signature information CERAAnd transmits the data to the electronic device 1 through the serial interface 10;
in step 206, the controller 13 of the electronic device 1 determines whether or not the signature information CER transmitted by the authentication apparatus 2 has been received within a first predetermined time (for example, 10 seconds)AIf the judgment is no, the step 207 is entered, and if the judgment is yes, the step 208 is entered;
step 207, determining whether serial port data is continuously generated N times, for example, if N is 3, if yes, entering step 210, and if no, returning to step 202;
step 208, the electronic device 1 receives the signature information CERAThen, the signature information CER is verified by using the SM2 signature verification algorithm by using the public key PA and the serial port data PlaintextMsg generated and stored in the step 203AIf valid, go to step 209, if invalid, go to step 210; in step 208, the verification is performed, for example, using the public key PATo signature information CERADecrypting to obtain signature information CERAComparing the decrypted serial data with the serial data PlaintextMsg generated and stored in the step 203, and if the serial data are consistent with the serial data PlaintextMsg, judging that the serial data are signature information CERAIf the two are not consistent, the signature information CER is judged to be validAInvalid;
step 209, setting the serial interface 10 to a normal state;
step 210, the serial interface is set to the disabled state.
In the embodiment, an authentication mechanism is added to a serial interface (i.e., a serial port) of the electronic device, and if the serial interface fails to pass authentication, the serial port cannot be used, so that illegal attacks from the serial port are avoided, and the safety of the electronic device is ensured. The SM2 cryptographic algorithm is an asymmetric encryption algorithm, encryption is performed based on an Elliptic Curve encryption method (ECC), and the calculation efficiency and the safety are better; in addition, the electronic device 1 generates a random number every time of power-on, and signature authentication on the random number can ensure that signature information is different every time, so that counterfeiting is difficult, and the authentication security is better improved; in addition, because of the asymmetric SM2 algorithm, the public key stored in the electronic device 1 does not need to be stored in a secret manner, and even if the public key is stolen, the signature private key of the authentication device cannot be obtained, so that the security of the authentication system is high.
Example 2
Embodiment 2 of the present application provides an authentication method, which is applied to the electronic device 1 of embodiment 1, for setting the state of the serial interface 10 of the electronic device 1.
Fig. 3 is a schematic diagram of the authentication method, as shown in fig. 3, the authentication method includes:
step 301, generating a random number (Rd);
step 302, generating serial port data (PlaintextMsg) according to the random number (Rd) and the identification Information (ID) of the electronic equipment, wherein the serial port data is stored in the electronic equipment and is sent to the outside of the electronic equipment; and
step 303, after the electronic device sends the serial port data, it receives the signature information (CER)A) And under the condition of the serial port, verifying the received signature information by using the public key and the stored serial port data, and setting the serial port to be in a normal state or a forbidden state according to a verification result.
In the normal state, the external device can read the system information of the electronic device through the serial interface and can send an operation command to the electronic device through the serial interface; in the disabled state, the external device cannot exchange data with the electronic device through the serial interface.
For detailed description of the above steps, reference may be made to the description of the respective components of the electronic device 1 in embodiment 1.
In the embodiment, an authentication mechanism is added to a serial interface (i.e., a serial port) of the electronic device, and if the serial interface fails to pass authentication, the serial port cannot be used, so that illegal attacks from the serial port are avoided, and the safety of the electronic device is ensured.
The present application has been described in conjunction with specific embodiments, but it should be understood by those skilled in the art that these descriptions are intended to be illustrative, and not limiting. Various modifications and adaptations of the present application may occur to those skilled in the art based on the spirit and principles of the application and are within the scope of the application.

Claims (10)

1. An electronic device has a serial interface for transmitting and receiving data,
the electronic device includes:
a first storage part for storing a public key (P)A);
A random number generator for generating a random number (Rd); and
a controller that generates serial data (PlaintextMsg) from the random number (Rd) and identification Information (ID) of the electronic device, the serial data being stored in the electronic device and sent to the outside of the electronic device;
the electronic equipment receives signature information (CER) after outputting the serial port dataA) Under the condition that the serial interface is in a normal state or a forbidden state, the controller verifies the received signature information by using the public key and the stored serial data and sets the serial interface to be in the normal state or the forbidden state according to a verification result,
wherein the content of the first and second substances,
in the normal state, the external equipment can read the system information of the electronic equipment through the serial interface and can send an operation command to the electronic equipment through the serial interface;
in the disabled state, the external device cannot exchange data with the electronic device through the serial interface.
2. The electronic device of claim 1,
the controller sets the serial interface to an authentication state when the electronic device is powered on,
in the authentication state, the serial interface is to: receiving an authentication request message, sending the serial port data and receiving the signature information,
wherein the controller generates the serial port data when the electronic device receives the authentication request message.
3. The electronic device of claim 1,
and under the condition that the electronic equipment does not receive the signature information after first preset time passes after the serial port data are sent, the controller controls the random number generator to generate random numbers again, serial port data are generated again according to the generated random numbers and the identification information, and the generated serial port data are stored in the electronic equipment and sent to the outside of the electronic equipment.
4. The electronic device of claim 3,
and under the condition that serial port data are continuously generated for N times, if the electronic equipment still does not receive the signature information within the first preset time, the controller controls the serial port to be in a forbidden state, wherein N is a natural number greater than 1.
5. The electronic device of claim 1,
the public key is generated based on the public key SM2 public key algorithm standard.
6. An authentication system includes an electronic device and an authentication apparatus,
the electronic device includes:
a serial interface for transmitting and receiving data;
a first storage part for storing a public key (P)A);
A random number generator for generating a random number (Rd); and
a controller that generates serial data (PlaintextMsg) from the random number (Rd) and identification Information (ID) of the electronic device, the serial data being stored in the electronic device and sent to the outside of the electronic device;
the electronic equipment receives signature information (CER) after outputting the serial port dataA) Under the condition that the serial interface is in a normal state or a forbidden state, the controller verifies the received signature information by using the public key and the stored serial data and sets the serial interface to be in the normal state or the forbidden state according to a verification result,
wherein the content of the first and second substances,
in the normal state, the external equipment can read the system information of the electronic equipment through the serial interface and can send an operation command to the electronic equipment through the serial interface;
in the disabled state, an external device cannot exchange data with the electronic device through the serial interface,
the authentication apparatus includes:
a second storage part for storing a private key (d)A) (ii) a And
a signer for signing the serial port data based on a signature algorithm by using the private key and generating the signature information (CER) under the condition of receiving the serial port data sent by the electronic equipmentA)。
7. The authentication system of claim 6,
the controller sets the serial interface to an authentication state when the electronic device is powered on,
in the authentication state, the serial interface is to: receiving an authentication request message, sending the serial port data and receiving the signature information,
wherein the content of the first and second substances,
the authentication apparatus further transmits the authentication request message to the electronic device through the serial interface,
and under the condition that the electronic equipment receives the authentication request message, the controller generates the serial port data.
8. The authentication system of claim 6,
and under the condition that the electronic equipment does not receive the signature information after first preset time passes after the serial port data are sent, the controller controls the random number generator to generate random numbers again, serial port data are generated again according to the generated random numbers and the identification information, and the generated serial port data are stored in the electronic equipment and sent to the outside of the electronic equipment.
9. The authentication system of claim 8,
and under the condition that serial port data are continuously generated for N times, if the electronic equipment still does not receive the signature information within the first preset time, the controller controls the serial port to be in a forbidden state, wherein N is a natural number greater than 1.
10. An authentication method applied to an electronic device and used for setting the state of a serial interface of the electronic device, the authentication method comprising:
generating a random number (Rd);
generating serial port data (PlaintextMsg) according to the random number (Rd) and identification Information (ID) of the electronic device, the serial port data being stored in the electronic device and sent to the outside of the electronic device; and
the electronic equipment receives signature information (CER) after transmitting the serial port dataA) In case of the serial port, the received signature information is verified by using the public key and the stored serial port data, and the serial port is set to be in a normal state or a forbidden state according to the verification result,
wherein the content of the first and second substances,
in the normal state, the external equipment can read the system information of the electronic equipment through the serial interface and can send an operation command to the electronic equipment through the serial interface;
in the disabled state, the external device cannot exchange data with the electronic device through the serial interface.
CN202010880133.8A 2020-08-27 2020-08-27 Electronic equipment, authentication system and authentication method Pending CN114124363A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010880133.8A CN114124363A (en) 2020-08-27 2020-08-27 Electronic equipment, authentication system and authentication method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010880133.8A CN114124363A (en) 2020-08-27 2020-08-27 Electronic equipment, authentication system and authentication method

Publications (1)

Publication Number Publication Date
CN114124363A true CN114124363A (en) 2022-03-01

Family

ID=80374771

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010880133.8A Pending CN114124363A (en) 2020-08-27 2020-08-27 Electronic equipment, authentication system and authentication method

Country Status (1)

Country Link
CN (1) CN114124363A (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109347635A (en) * 2018-11-14 2019-02-15 中云信安(深圳)科技有限公司 A kind of Internet of Things security certification system and authentication method based on national secret algorithm
CN110414248A (en) * 2019-07-11 2019-11-05 珠海格力电器股份有限公司 A kind of method and microprocessor for debugging microprocessor
US20190361073A1 (en) * 2018-05-24 2019-11-28 Seagate Technology Llc Secure debug system for electronic devices
CN111125675A (en) * 2018-10-30 2020-05-08 阿里巴巴集团控股有限公司 Method and system for controlling debugging port and test method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190361073A1 (en) * 2018-05-24 2019-11-28 Seagate Technology Llc Secure debug system for electronic devices
CN111125675A (en) * 2018-10-30 2020-05-08 阿里巴巴集团控股有限公司 Method and system for controlling debugging port and test method
CN109347635A (en) * 2018-11-14 2019-02-15 中云信安(深圳)科技有限公司 A kind of Internet of Things security certification system and authentication method based on national secret algorithm
CN110414248A (en) * 2019-07-11 2019-11-05 珠海格力电器股份有限公司 A kind of method and microprocessor for debugging microprocessor

Similar Documents

Publication Publication Date Title
CN107085675B (en) Controlled security code authentication
US6073237A (en) Tamper resistant method and apparatus
EP1415430B1 (en) A method and a system for processing information in an electronic device
JP4067985B2 (en) Application authentication system and device
CN112000975B (en) Key management system
JP4603167B2 (en) Communication between modules of computing devices
CN111740844A (en) SSL communication method and device based on hardware cryptographic algorithm
CN111404696B (en) Collaborative signature method, security service middleware, related platform and system
CN110990827A (en) Identity information verification method, server and storage medium
CN109981562B (en) Software development kit authorization method and device
CN101005361A (en) Server and software protection method and system
CN108616531B (en) Radio frequency signal secure communication method and system
JP2004508619A (en) Trusted device
CN103248491B (en) A kind of backup method of electronic signature token private key and system
CN103269271A (en) Method and system for back-upping private key in electronic signature token
EP1042882A1 (en) Method for strongly authenticating another process in a different address space
CN112487380A (en) Data interaction method, device, equipment and medium
CN110990814A (en) Trusted digital identity authentication method, system, equipment and medium
KR20070059891A (en) Application authentication security system and method thereof
CN105873043B (en) Method and system for generating and applying network private key for mobile terminal
CN103281188A (en) Method and system for backing up private key in electronic signature token
CN108242997B (en) Method and apparatus for secure communication
CN112968774B (en) Method, device storage medium and equipment for encrypting and decrypting configuration file
CN114124363A (en) Electronic equipment, authentication system and authentication method
CN103248490A (en) Method and system for backing-up information in electronic signature token

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination