CN114547630B - Vehicle-mounted multi-operating-system-based verification method and device - Google Patents
Vehicle-mounted multi-operating-system-based verification method and device Download PDFInfo
- Publication number
- CN114547630B CN114547630B CN202210436796.XA CN202210436796A CN114547630B CN 114547630 B CN114547630 B CN 114547630B CN 202210436796 A CN202210436796 A CN 202210436796A CN 114547630 B CN114547630 B CN 114547630B
- Authority
- CN
- China
- Prior art keywords
- mirror image
- original
- hash
- operating system
- mirror
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/034—Test or assess a computer or a system
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- Storage Device Security (AREA)
Abstract
The application relates to a vehicle-mounted multi-operating-system-based verification method and device. The multi-operating system comprises a first operating system and a second operating system, and the method comprises the following steps: starting the first operating system, and acquiring an encrypted image and an original image of the second operating system through the first operating system, wherein the original image comprises one or more image blocks; decrypting the encrypted mirror image to obtain a decrypted mirror image; performing operation based on the original mirror image, wherein for any mirror image block in the one or more mirror image blocks, the mirror image block is split from the original mirror image, and the mirror image block is operated to obtain corresponding mirror image block operation information; and comparing and verifying the image block operation information with the decrypted image. The second operating system is efficiently verified through the first operating system, the second operating system is prevented from being tampered, the safety of the verified operating system is guaranteed, and the system verification efficiency, the vehicle safety and the user experience are improved.
Description
Technical Field
The application relates to the technical field of vehicle safety, in particular to a vehicle-machine-based multi-operating-system verification method and device.
Background
With the rapid development of the automobile technology field, a large number of vehicle-mounted infotainment products are installed in automobiles to meet the diverse demands of users. The vehicle machine is a vehicle-mounted information entertainment product which is installed in a vehicle for short, and can realize information communication between people and the vehicle and between the vehicle and the outside. When the vehicle system is updated, the vehicle system setting may be tampered, so that the vehicle security mechanism is changed, and the vehicle is threatened by security. Therefore, the safety of the vehicle-mounted machine system is the basis of the driving safety of the vehicle, and the vehicle-mounted machine is required to be ensured not to be tampered before the vehicle is started.
In a conventional solution, a verification method for a car machine system generally starts from a system start program, and performs verification step by step until verification of a whole car machine system file is completed. In the verification process, the operating system included in the car machine system is generally independently verified, and the risk of tampering exists.
Disclosure of Invention
Therefore, it is necessary to provide a verification method and device based on multiple in-vehicle operating systems to solve the problem that the operating system is tampered in the verification method of the in-vehicle operating system in the prior art.
In one aspect, a verification method based on a multi-operating system of a vehicle machine is provided, where the multi-operating system includes a first operating system and a second operating system, and the method includes:
starting the first operating system, and acquiring an encrypted image and an original image of the second operating system through the first operating system, wherein the original image comprises one or more image blocks;
decrypting the encrypted mirror image to obtain a decrypted mirror image;
performing operation based on the original mirror image, wherein for any mirror image block in the one or more mirror image blocks, the mirror image block is split from the original mirror image, and the mirror image block is operated to obtain corresponding mirror image block operation information;
and comparing and verifying the mirror image block operation information with the decrypted mirror image.
Wherein, in one example, the first operating system and the second operating system are communicatively connected through a virtual machine monitor (Hypervisor) and run on the same processor.
In one embodiment, the decrypting the encrypted image includes:
during the process of starting the second operating system, the first operating system carries out decryption verification on the encrypted image,
if the decryption verification is passed, accessing the decrypted mirror image and the original mirror image;
and if the decryption verification is not passed, stopping starting the second operating system.
In one embodiment, the comparing and verifying the mirror block operation information and the decrypted mirror includes:
comparing and verifying the mirror image block operation information with the decrypted mirror image,
if the comparison is consistent, other mirror blocks in the one or more mirror blocks are continuously compared and verified;
and if the comparison is inconsistent, stopping starting the second operating system.
In one embodiment, before the starting of the first operating system, the method further includes:
and acquiring the original mirror image, classifying the original mirror image to obtain a classification result, performing hash operation on the classification result to obtain a hash result, and encrypting the hash result by using a secret key to obtain the encrypted mirror image.
In one embodiment, the classifying the original image to obtain a classification result, performing a hash operation on the classification result to obtain a hash result, and encrypting the hash result with a key to obtain the encrypted image includes:
classifying the original mirror images according to a preset classification threshold, judging the original mirror images smaller than or equal to the classification threshold as root mirror images, and judging the original mirror images larger than the classification threshold as system mirror images;
performing hash operation on the original mirror image according to a preset hash length to obtain a hash result, wherein the hash result comprises a root hash and a hash tree, and the preset hash length corresponds to the preset classification threshold;
and encrypting the root hash of the root image and the hash tree of the system image by using the key to obtain the encrypted image.
In an embodiment, the splitting the image block from the original image and performing an operation on the image block to obtain corresponding image block operation information includes:
if the original mirror image is the root mirror image, acquiring a first mirror image block obtained after splitting the root mirror image, and obtaining root hash corresponding to the first mirror image block as corresponding mirror image block operation information after operating the first mirror image block;
and if the original mirror image is the system mirror image, acquiring a second mirror image block obtained after the system mirror image is split, and operating the second mirror image block to obtain an original hash tree corresponding to the second mirror image block as corresponding mirror image block operation information.
In one embodiment, the comparing and verifying the mirror block operation information and the decrypted mirror includes:
if the mirror image block split from the original mirror image is the first mirror image block, comparing and verifying the root hash of the first mirror image block and the root hash of the decrypted mirror image;
and if the mirror image block split from the original mirror image is the second mirror image block, comparing and verifying the hash tree of the second mirror image block and the hash tree of the decrypted mirror image.
In one embodiment, the method further comprises:
after any mirror image block is operated, selecting the corresponding hash result according to the type of the original mirror image corresponding to the mirror image block, and performing comparison and verification on the encrypted mirror image according to the hash result,
if the original mirror image is the root mirror image, performing the hash operation on the root mirror image to obtain the root hash of the root mirror image, and comparing and verifying the root hash of the root mirror image and the encrypted mirror image;
and if the original mirror image is the system mirror image, performing the hash operation on the system mirror image to obtain the hash tree of the system mirror image, and comparing and verifying the hash tree of the system mirror image and the encrypted mirror image.
In one embodiment, the method further comprises:
if the second operating system is updated, the original mirror image is correspondingly updated to obtain an updated original mirror image, the updated original mirror image is split and encrypted to obtain an updated encrypted mirror image, wherein the updated original mirror image comprises one or more updated mirror image blocks;
starting the first operating system, and acquiring an updated encrypted image and an updated original image of the second operating system through the first operating system;
decrypting the updated encrypted mirror image to obtain an updated decrypted mirror image;
performing operation based on the updated original mirror image, wherein for any updated mirror image block in the one or more updated mirror image blocks, the updated mirror image block is split from the updated original mirror image, and the updated mirror image block is operated to obtain corresponding updated mirror image block operation information;
and comparing and verifying the updated mirror image block operation information with the updated decrypted mirror image.
On the other hand, a verification device based on the multiple operating systems of the car machine is provided, the device comprises:
the starting module is used for starting the first operating system, and acquiring an encrypted image and an original image of the second operating system through the first operating system, wherein the original image comprises one or more image blocks;
the processing module is used for decrypting the encrypted mirror image to obtain a decrypted mirror image; performing operation based on the original mirror image, wherein for any mirror image block in the one or more mirror image blocks, the mirror image block is split from the original mirror image, and the mirror image block is operated to obtain corresponding mirror image block operation information;
and the verification module is used for comparing and verifying the mirror image block operation information with the decrypted mirror image.
According to the verification method and device based on the multiple operating systems of the vehicle-mounted device, the first operating system is started, and the encrypted mirror image and the original mirror image of the second operating system are obtained through the first operating system, wherein the original mirror image comprises one or more mirror image blocks, so that the second operating system is mounted by the first operating system and verified, and the safety and reliability of the system verification process are improved; the encrypted mirror image is decrypted to obtain a decrypted mirror image, so that the safety and the reliability of the encrypted mirror image and the decrypted mirror image are ensured, and the decrypted mirror image can be used as a reliable comparison verification reference object; the operation is carried out based on the original mirror image, wherein for any mirror image block in the one or more mirror image blocks, the mirror image block is split from the original mirror image, and the corresponding mirror image block operation information is obtained after the operation is carried out on the mirror image block, so that when any mirror image block in the one or more mirror image blocks needs to be executed, the mirror image block is split and operated, the information of the mirror image block is verified, the verification of the whole second operating system is not required to be finished, and the verification efficiency of the vehicle operating system is further improved; by comparing and verifying the mirror image block operation information and the decrypted mirror image, the safety of the mirror image block to be executed is ensured, and the high-efficiency verification of the vehicle machine operating system is realized. By the verification method, based on the multiple operating systems of the vehicle, efficient verification of the second operating system can be achieved through the first operating system of the vehicle, the second operating system is prevented from being tampered, the safety of the verified operating system is guaranteed, and the system verification efficiency, the vehicle safety and the user experience are improved.
Drawings
FIG. 1 is a diagram illustrating an exemplary embodiment of an application environment for a vehicle-mounted multi-OS based authentication method;
fig. 2 is a schematic flowchart of a verification method based on multiple in-vehicle operating systems in one embodiment;
FIG. 3 is a schematic diagram illustrating a process for decrypting the encrypted image according to one embodiment;
FIG. 4 is a diagram illustrating a partial operation process based on root mirroring in one embodiment;
FIG. 5 is a block diagram illustrating an exemplary verification apparatus based on a multi-OS on-board unit;
FIG. 6 is a diagram of the internal structure of a computer device in one embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
The verification method based on the multiple in-vehicle operating systems can be applied to the application environment shown in fig. 1. Wherein, the first operating system 101 and the second operating system 102 interact on the same terminal 103. Illustratively, the first operating system and the second operating system are communicatively connected through a virtual machine monitor (Hypervisor) and run on the same processor. For example, the verification method provided by the present application may access the original image and the encrypted image of the second operating system 102 by the first operating system 101, and verify whether the second operating system 102 is tampered with. The terminal 103 may be, but not limited to, various car machines, personal computers, notebook computers, smart phones, tablet computers, and portable wearable devices, and the system included in the terminal 103 is also not limited to the first operating system and the second operating system.
In a conventional solution for verifying the vehicle-mounted computer system, the system start program is generally started, and verification is performed step by step until verification of the whole vehicle-mounted computer system file is completed. In the verification process, the operating system included in the car machine system is generally independently verified, and the risk of tampering exists. Therefore, the scheme provides a verification method based on the multiple in-vehicle operating systems, whether the second operating system is tampered or not is verified through the first operating system, and the problem that the efficiency of the verification method of the in-vehicle system is low is solved.
In an embodiment, as shown in fig. 2, a verification method based on a car-machine multi-operating system is provided, where the multi-operating system includes a first operating system and a second operating system, and the method is described by taking the example of being applied to the terminal 103 in fig. 1, and includes the following steps:
s1, starting the first operating system, and acquiring the encrypted image and the original image of the second operating system through the first operating system, wherein the original image comprises one or more image blocks.
The mirror image is a file storage form, and the data on one disk has an identical copy on another disk, namely the mirror image.
It is understood that, in order to verify whether the second operating system is tampered with, the data in the second operating system may be compressed and stored in the form of an image, so as to facilitate transmission and processing of the data of the operating system, so that an original image of the second operating system, which may be one or more images, may be obtained and verified to implement verification of the second operating system, where the original image of the second operating system may be one or more images, and these images also include one or more image blocks.
It should be noted that, in order to ensure the security in the system verification process, in addition to the original mirror image, an encrypted mirror image corresponding to the original mirror image needs to be obtained, where the encrypted mirror image is a mirror image obtained by processing the original mirror image in a certain operation manner and an encryption manner, and the original mirror image needs to be verified safely and reliably after the encrypted mirror image is decrypted in a certain decryption manner.
And S2, decrypting the encrypted mirror image to obtain a decrypted mirror image.
It should be noted that the encrypted mirror image is a mirror image processed in a certain encryption manner, so that a decryption manner corresponding to the encryption manner is required to decrypt the encrypted mirror image, so as to obtain a decrypted mirror image.
Illustratively, the mirror image can be encrypted by using a symmetric encryption algorithm or an asymmetric encryption algorithm, in order to ensure higher security in the vehicle-mounted multi-operating-system authentication process, and for multiple operating systems, the asymmetric encryption algorithm can be selected for encryption.
And S3, performing operation based on the original mirror image, wherein for any one of the one or more mirror image blocks, the mirror image block is split from the original mirror image, and the mirror image block is operated to obtain corresponding mirror image block operation information.
For the convenience of understanding, one or more mirror blocks in the original mirror can be regarded as one or more functions in the system, and when a certain function in the system needs to be called, the corresponding one or more mirror blocks need to be executed.
It should be noted that, performing an operation on the original image is to obtain information related to data stored in the original image, where, for any one of one or more image blocks included in the original image, when the image block is executed, the image block is split from the original image, and the operation is performed on the image block preferentially, so as to obtain operation information of the image block, so as to implement an operation and a verification of the image block when a certain image block is executed, and determine whether the operating system is tampered after the whole operating system is completely verified, thereby improving efficiency of verifying the operating system.
And S4, comparing and verifying the mirror image block operation information and the decrypted mirror image.
It should be noted that, the decrypted image includes operation information obtained by processing the original image before encryption in a certain operation manner, and the operation information is compared with the operation information of any one of one or more image blocks in the original image, so that the verification of the image block can be completed.
In the verification method based on the multiple operating systems of the vehicle, the first operating system is started, and then the encrypted mirror image and the original mirror image of the second operating system are obtained through the first operating system, wherein the original mirror image comprises one or more mirror image blocks, so that the second operating system is mounted by the first operating system and verified, and the safety and reliability of the system verification process are improved; the encrypted mirror image is decrypted to obtain a decrypted mirror image, so that the safety and the reliability of the encrypted mirror image and the decrypted mirror image are ensured, and the decrypted mirror image can be used as a reliable comparison verification reference object; the operation is carried out based on the original mirror image, wherein for any mirror image block in the one or more mirror image blocks, the mirror image block is split from the original mirror image, and the corresponding mirror image block operation information is obtained after the operation is carried out on the mirror image block, so that when any mirror image block in the one or more mirror image blocks needs to be executed, the mirror image block is split and operated, the information of the mirror image block is verified, the verification of the whole second operating system is not required to be finished, and the verification efficiency of the vehicle operating system is further improved; by comparing and verifying the mirror image block operation information and the decrypted mirror image, the safety of the mirror image block to be executed is ensured, and the high-efficiency verification of the vehicle machine operating system is realized. By the verification method, based on the multiple in-vehicle operating systems, efficient verification of the second operating system can be achieved through the first in-vehicle operating system, the second operating system is prevented from being tampered, the safety of the verified operating system is guaranteed, system verification efficiency, vehicle safety and user experience are improved, and the problem that the vehicle system verification method is low in efficiency is solved.
Wherein, in one example, the first operating system and the second operating system are communicatively connected through a virtual machine monitor (Hypervisor) and run on the same processor.
In one embodiment, the decrypting the encrypted image includes:
during the process of starting the second operating system, the first operating system carries out decryption verification on the encrypted image,
if the decryption verification is passed, accessing the decrypted mirror image and the original mirror image;
and if the decryption verification is not passed, stopping starting the second operating system.
It should be noted that, in order to ensure the security and reliability in the process of verifying the operating system, in the process of decrypting the encrypted mirror image, there is also a process of determining the encrypted mirror image to identify whether the encrypted mirror image is mounted on the second operating system by the first operating system, so that the original mirror image and the encrypted mirror image of the second operating system are already changed before being acquired, thereby preventing the original mirror image and the encrypted mirror image from being changed together.
Mounting refers to a process of making computer files and directories on a storage device accessible to a user through a file system of a computer by an operating system. When the first operating system is started, the original image and the encrypted image of the second operating system can be mounted in the first operating system, and the original image and the encrypted image of the second operating system can be accessed through the first operating system. It should be understood that the definitions of "first" and "second" in the first operating system and the second operating system are only label names for distinguishing the two operating systems, and should not be understood as defining the execution timing, the system type and the primary and secondary relationships of the operating systems.
Specifically, the encrypted mirror image is decrypted and verified according to a corresponding decryption mode, whether the encrypted mirror image can be decrypted normally is judged, if the encrypted mirror image passes the decryption verification, the encrypted mirror image is not tampered, and the decrypted mirror image and the original mirror image can be accessed; and if the encrypted image is not verified through decryption, the encrypted image is tampered, and the second operating system is stopped being started. The security and reliability of the verification method are further improved by carrying out decryption verification on the encrypted mirror image.
Exemplarily, referring to fig. 3, fig. 3 is a schematic flowchart of a process of decrypting the encrypted image in another embodiment, and for easy understanding, the keys of the encrypted image that are already saved by the first operating system are referred to as a first public key and a first private key, the keys of the encrypted image that is to be subsequently verified and/or decrypted are referred to as a second public key and a second private key, if the encrypted image is not changed, the first public key is equal to the second public key, and the first private key is equal to the second private key; if the encrypted image is changed, the first public key is not equal to the second public key, the first private key is not equal to the second private key, and the decryption step includes steps S310 to S340:
s310, accessing an encrypted image of a second operating system through a first operating system;
s320, carrying out key verification, wherein the first operating system verifies whether the first operating system is matched with a second private key of the currently accessed encrypted mirror by using the first public key, and if so, the step S330 is executed after the verification is passed; if not, the verification is not passed, and step S340 is executed.
S330, using the first private key, decrypting and accessing the encrypted image and the original image of the second operating system.
And S340, stopping starting the second operating system.
The method further comprises verifying the address source of the encrypted mirror image through the second public key, and during decryption, comparing whether the first private key is matched with the second private key to judge whether the encrypted mirror image can be decrypted by the first private key.
In one embodiment, the comparing and verifying the mirror block operation information and the decrypted mirror includes:
comparing and verifying the mirror image block operation information with the decrypted mirror image,
if the comparison is consistent, other mirror blocks in the one or more mirror blocks are continuously compared and verified;
and if the comparison is inconsistent, stopping starting the second operating system.
The encrypted mirror image is the original mirror image which is operated and the operation information of the encrypted mirror image is encrypted, so that the original operation information which is not tampered can be obtained after the encrypted mirror image is decrypted, namely, the mirror image block operation information and the decrypted mirror image are compared and verified, whether the mirror image block operation information is tampered or not can be known, the comparison and verification of the mirror image block are completed, if the comparison is consistent, the mirror image block is not tampered, and other to-be-executed mirror image blocks in the one or more mirror image blocks can be continuously compared and verified; if the comparison is not consistent, the image block is tampered, and the second operating system is stopped to be started. The method for verifying the operation information of the mirror image block and decrypting the mirror image by comparison realizes the verification of whether the operating system is tampered.
In one embodiment, before the starting of the first operating system, the method further includes:
obtaining the original mirror image, classifying the original mirror image to obtain a classification result, performing hash operation on the classification result to obtain a hash result, and encrypting the hash result by using a secret key to obtain the encrypted mirror image.
The Hash operation refers to a Hash function operation, and the Hash function is a compression mapping, and converts an input with an arbitrary length into an output with a fixed length through the Hash function.
It can be understood that encrypting the hash result is equivalent to encrypting the operation information, and in order to provide sufficient security, an asymmetric encryption algorithm more suitable for the application environment of the verification method can be used in the encryption process, and corresponding public keys and private keys are set for the respective images, so as to be in line with verifying whether another operating system is tampered by one operating system in the in-vehicle multi-operating system.
In one embodiment, the classifying the original image to obtain a classification result, performing a hash operation on the classification result to obtain a hash result, and encrypting the hash result with a key to obtain the encrypted image includes:
classifying the original mirror images according to a preset classification threshold, judging the original mirror images smaller than or equal to the classification threshold as root mirror images, and judging the original mirror images larger than the classification threshold as system mirror images;
performing hash operation on the original mirror image according to a preset hash length to obtain a hash result, wherein the hash result comprises a root hash and a hash tree, and the preset hash length corresponds to the preset classification threshold;
and encrypting the root hash of the root image and the hash tree of the system image by using the key to obtain the encrypted image.
The root hash and the hash tree can be obtained through hash operation, the root hash represents a hash value obtained through hash operation, and the hash tree represents a process realized through hash operation.
It should be noted that, the data size of each mirror image is different, and for small mirror images with small memory space occupation, the speed of hash operation is fast, and the efficiency of obtaining the root hash is high; for a large mirror image with large memory space, the speed of hash operation is low, and the efficiency of obtaining the root hash is low, but when the hash operation is performed on the large mirror image, the hash tree is correspondingly generated according to the operation process, and compared with the root hash, the use of the hash tree is more convenient.
Therefore, in order to operate each mirror image, the verification efficiency is improved, the original mirror images can be classified according to the classification threshold value, the original mirror images which are smaller than or equal to the classification threshold value are determined as root mirror images, the original mirror images which are larger than the classification threshold value are determined as system mirror images, then the mirror images of all classes are operated, only the root hash of the root mirror images and the hash tree of the system mirror images need to be kept, the root hash of the root mirror images and the hash tree of the system mirror images are encrypted and saved by using the secret key, the encrypted mirror images are obtained, the operation efficiency is favorably improved, and a certain storage space is saved.
In an embodiment, the splitting the image block from the original image and performing an operation on the image block to obtain corresponding image block operation information includes:
if the original mirror image is the root mirror image, acquiring a first mirror image block obtained after splitting the root mirror image, and obtaining root hash corresponding to the first mirror image block as corresponding mirror image block operation information after operating the first mirror image block;
and if the original mirror image is the system mirror image, acquiring a second mirror image block obtained after the system mirror image is split, and operating the second mirror image block to obtain an original hash tree corresponding to the second mirror image block as corresponding mirror image block operation information.
In the verification process, if a certain mirror image block in a certain original mirror image needs to be executed first, the mirror image block is verified first.
Illustratively, if the original mirror image is a root mirror image, splitting the executed mirror image block to obtain a first mirror image block, performing hash operation on the first mirror image block to obtain a root hash of the first mirror image block, and using the root hash as mirror image block operation information of the first mirror image block; if the original mirror image is a system mirror image, splitting the executed mirror image block to obtain a second mirror image block, performing hash operation on the second mirror image block to obtain a hash tree of the second mirror image block, and taking the hash tree as mirror image block operation information of the second mirror image block; the first and the second in the embodiment are only used for distinguishing the types of the mirror blocks, the number, the execution sequence and other attributes or information of the mirror blocks are not limited, the embodiment can correspond to the operation information stored in the encrypted mirror image, the original mirror image can be verified through the operation information in the encrypted mirror image conveniently, and the verification efficiency is improved.
To further explain, for convenience of understanding, a hash operation process is described by taking a root image as an example, and reference may be made to fig. 4, which is a schematic diagram of a partial operation process based on a root image, where a root image 410 is split according to a preset hash length of 4KB to obtain a plurality of first image blocks 411 with a size of 4KB, and then the first image blocks 411 are subjected to a hash operation, and are subjected to a step-by-step compression mapping until a final root hash 412 is obtained, and a calculation process for obtaining the root hash 412 is a hash tree 413.
In one embodiment, the comparing and verifying the mirror block operation information and the decrypted mirror includes:
if the mirror image block split from the original mirror image is the first mirror image block, comparing and verifying the root hash of the first mirror image block and the root hash of the decrypted mirror image;
and if the mirror image block split from the original mirror image is the second mirror image block, comparing and verifying the hash tree of the second mirror image block and the hash tree of the decrypted mirror image.
It should be noted that, in this embodiment, according to the category of the split mirror block, a corresponding comparison verification manner is selected, so that a reasonable simplification of the operation process and the comparison process is achieved, and the method is also an important step for improving the verification efficiency.
Specifically, if the mirror image block split from the original mirror image is the first mirror image block, comparing and verifying the root hash of the first mirror image block with the corresponding root hash in the decrypted mirror image;
and if the mirror image block split from the original mirror image is the second mirror image block, comparing and verifying the hash tree of the second mirror image block with the corresponding hash tree in the decrypted mirror image.
In one embodiment, the method further comprises:
after any mirror image block is operated, selecting the corresponding hash result according to the type of the original mirror image corresponding to the mirror image block, and performing comparison and verification on the encrypted mirror image according to the hash result,
if the original mirror image is the root mirror image, performing the hash operation on the root mirror image to obtain the root hash of the root mirror image, and comparing and verifying the root hash of the root mirror image and the encrypted mirror image;
and if the original mirror image is the system mirror image, performing the hash operation on the system mirror image to obtain the hash tree of the system mirror image, and comparing and verifying the hash tree of the system mirror image and the encrypted mirror image.
The hash result comprises a root hash and a hash tree, and if the original image corresponding to the image block is the root image, the root hash of the image block is selected to be compared and verified with the encrypted image; and if the original mirror image corresponding to the mirror image block is the system mirror image, selecting the hash tree of the mirror image block and the encrypted mirror image for comparison and verification so as to improve the efficiency of comparison and verification in the verification process.
In one embodiment, the method further comprises:
if the second operating system is updated, the original mirror image is correspondingly updated to obtain an updated original mirror image, the updated original mirror image is split and encrypted to obtain an updated encrypted mirror image, wherein the updated original mirror image comprises one or more updated mirror image blocks;
starting the first operating system, and acquiring an updated encrypted image and an updated original image of the second operating system through the first operating system;
decrypting the updated encrypted mirror image to obtain an updated decrypted mirror image;
performing operation based on the updated original mirror image, wherein for any updated mirror image block in the one or more updated mirror image blocks, the updated mirror image block is split from the updated original mirror image, and the updated mirror image block is operated to obtain corresponding updated mirror image block operation information;
and comparing and verifying the updated mirror image block operation information with the updated decrypted mirror image.
It should be noted that, when the second operating system is normally updated, the update permission needs to be obtained, the original mirror image is correspondingly updated to obtain an updated original mirror image, the updated original mirror image is encrypted to obtain an updated encrypted mirror image, that is, the corresponding update of the original mirror image and the encrypted mirror image is completed, after the first operating system is started, the updated second operating system can also be verified by the verification method, and the second operating system can still be verified under the condition that the second operating system is normally rewritten by the present embodiment.
In one embodiment, a method for verifying a first operating system is also included, comprising the steps of:
after a processor is powered on, entering a PBL (Primary BootLoader, initialization loading) stage, and initializing a safe operation environment to ensure that a program in a subsequent process can normally operate;
selecting a starting device according to a General-purpose input/output (GPIO), and acquiring related data for starting a first operating system after the GPIO is successfully accessed to the starting device, wherein the related data comprises one or more images of the first operating system;
acquiring an XBL (Extensible Boolean adapter), wherein the XBL comprises a hardware environment and a code environment related to initialization, loading the XBL from starting equipment to an On-Chip Memory (OCIMEN) and/or an Internal Memory (IMEM) for authentication so as to verify whether the XBL has the right to access a system, initializing the hardware environment and the code environment according to the XBL, and configuring a system clock frequency;
entering a loading stage, loading relevant data for starting the first operating system into a Random Access Memory (RAM), and authenticating;
after the authentication is completed, loading a High-Level Operating System (HLOS), loading and accessing the image of the first Operating System through the HLOS, and starting the first Operating System.
The authentication means to verify whether the user has the right to access the system, and may be performed by a password or by using an authentication authorization to verify whether the digital signature is correct to achieve the purpose of authentication, and the authentication method further includes: authentication and Key Agent (AKA) Authentication, HTTP (Hyper Text Transfer Protocol) digest Authentication, and the like, and the Authentication method is not limited herein; the HLOS includes an Android system, a Linux system, and the like, and the HLOS is not limited herein, but the Linux system has various advantages of high security, high availability, easy maintenance, and the like, and thus Linux may be preferentially used as the system environment in the method.
In one embodiment, as shown in fig. 5, there is provided a vehicle-mounted multi-os based authentication apparatus 500, including: a starting module 510, a processing module 520, and a verification module 530, wherein:
the starting module is used for starting the first operating system, and acquiring an encrypted image and an original image of the second operating system through the first operating system, wherein the original image comprises one or more image blocks;
the processing module is used for decrypting the encrypted mirror image to obtain a decrypted mirror image; performing operation based on the original mirror image, wherein for any mirror image block in the one or more mirror image blocks, the mirror image block is split from the original mirror image, and the mirror image block is operated to obtain corresponding mirror image block operation information;
and the verification module is used for comparing and verifying the mirror image block operation information with the decrypted mirror image.
The verification apparatus 500 may serve as an execution carrier of the verification method based on the in-vehicle multi-os, start the first os through the start module 510, and obtain the encrypted image and the original image of the second os through the first os, where the original image includes one or more image blocks; decrypting the encrypted image through the processing module 520 to obtain a decrypted image; performing operation based on the original mirror image, wherein for any mirror image block in the one or more mirror image blocks, the mirror image block is split from the original mirror image, and the mirror image block is operated to obtain corresponding mirror image block operation information; the mirror block operation information is compared and verified with the decrypted mirror image through a verification module 530. Therefore, through the verification device 500, the first operating system is controlled to efficiently verify the second operating system based on the vehicle-mounted multi-operating-system environment, the second operating system is prevented from being tampered, the safety of the verified operating system is guaranteed, the second operating system is prevented from being tampered, and the system verification efficiency, the vehicle safety and the user experience are improved.
In one embodiment, the decrypting the encrypted image includes:
during the process of starting the second operating system, the first operating system carries out decryption verification on the encrypted image,
if the decryption verification is passed, accessing the decrypted mirror image and the original mirror image;
and if the decryption verification is not passed, stopping starting the second operating system.
In one embodiment, the comparing and verifying the mirror block operation information and the decrypted mirror includes:
comparing and verifying the mirror image block operation information with the decrypted mirror image,
if the comparison is consistent, other mirror blocks in the one or more mirror blocks are continuously compared and verified;
and if the comparison is inconsistent, stopping starting the second operating system.
In one embodiment, before the starting of the first operating system, the method further includes:
obtaining the original mirror image, classifying the original mirror image to obtain a classification result, performing hash operation on the classification result to obtain a hash result, and encrypting the hash result by using a secret key to obtain the encrypted mirror image.
In one embodiment, the classifying the original image to obtain a classification result, performing a hash operation on the classification result to obtain a hash result, and encrypting the hash result with a key to obtain the encrypted image includes:
classifying the original mirror images according to a preset classification threshold, judging the original mirror images smaller than or equal to the classification threshold as root mirror images, and judging the original mirror images larger than the classification threshold as system mirror images;
performing hash operation on the original mirror image according to a preset hash length to obtain a hash result, wherein the hash result comprises a root hash and a hash tree, and the preset hash length corresponds to the preset classification threshold;
and encrypting the root hash of the root image and the hash tree of the system image by using the key to obtain the encrypted image.
In an embodiment, the splitting the image block from the original image and performing an operation on the image block to obtain corresponding image block operation information includes:
if the original mirror image is the root mirror image, acquiring a first mirror image block obtained after splitting the root mirror image, and obtaining root hash corresponding to the first mirror image block as corresponding mirror image block operation information after operating the first mirror image block;
and if the original mirror image is the system mirror image, acquiring a second mirror image block obtained after the system mirror image is split, and operating the second mirror image block to obtain an original hash tree corresponding to the second mirror image block as corresponding mirror image block operation information.
In one embodiment, the comparing and verifying the mirror block operation information and the decrypted mirror includes:
if the mirror image block split from the original mirror image is the first mirror image block, comparing and verifying the root hash of the first mirror image block and the root hash of the decrypted mirror image;
and if the mirror image block split from the original mirror image is the second mirror image block, comparing and verifying the hash tree of the second mirror image block and the hash tree of the decrypted mirror image.
In one embodiment, the method further comprises:
after any mirror image block is operated, selecting the corresponding hash result according to the type of the original mirror image corresponding to the mirror image block, and performing comparison and verification on the encrypted mirror image according to the hash result,
if the original mirror image is the root mirror image, performing the hash operation on the root mirror image to obtain the root hash of the root mirror image, and comparing and verifying the root hash of the root mirror image and the encrypted mirror image;
and if the original mirror image is the system mirror image, performing the hash operation on the system mirror image to obtain the hash tree of the system mirror image, and comparing and verifying the hash tree of the system mirror image and the encrypted mirror image.
In one embodiment, the method further comprises:
if the second operating system is updated, the original mirror image is correspondingly updated to obtain an updated original mirror image, the updated original mirror image is split and encrypted to obtain an updated encrypted mirror image, wherein the updated original mirror image comprises one or more updated mirror image blocks;
starting the first operating system, and acquiring an updated encrypted image and an updated original image of the second operating system through the first operating system;
decrypting the updated encrypted mirror image to obtain an updated decrypted mirror image;
performing operation based on the updated original mirror image, wherein for any updated mirror image block in the one or more updated mirror image blocks, the updated mirror image block is split from the updated original mirror image, and the updated mirror image block is operated to obtain corresponding updated mirror image block operation information;
and comparing and verifying the updated mirror image block operation information with the updated decrypted mirror image.
It should be understood that although the various steps in the flow diagrams of fig. 2-3 are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least some of the steps in fig. 2-3 may include multiple sub-steps or multiple stages that are not necessarily performed at the same time, but may be performed at different times, and the order of performing the sub-steps or stages is not necessarily sequential, but may be performed alternately or alternatingly with other steps or at least some of the sub-steps or stages of other steps.
For specific limitations of the in-vehicle system verification apparatus, reference may be made to the above limitations of the in-vehicle system verification method, which is not described herein again. All or part of each module in the vehicle-mounted device system verification device can be realized through software, hardware and a combination thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device is provided, which may be a server, and its internal structure diagram may be as shown in fig. 6. The computer device includes a processor, a memory, a network interface, and a database connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The database of the computer equipment is used for storing the data verified by the vehicle machine system. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to realize the authentication method based on the multi-operating system of the vehicle machine.
Those skilled in the art will appreciate that the architecture shown in fig. 6 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
In one embodiment, there is provided a computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the following steps when executing the computer program:
starting the first operating system, and acquiring an encrypted image and an original image of the second operating system through the first operating system, wherein the original image comprises one or more image blocks;
decrypting the encrypted mirror image to obtain a decrypted mirror image;
performing operation based on the original mirror image, wherein for any mirror image block in the one or more mirror image blocks, the mirror image block is split from the original mirror image, and the mirror image block is operated to obtain corresponding mirror image block operation information;
and comparing and verifying the mirror image block operation information with the decrypted mirror image.
In one embodiment, a computer-readable storage medium is provided, having a computer program stored thereon, which when executed by a processor, performs the steps of:
starting the first operating system, and acquiring an encrypted image and an original image of the second operating system through the first operating system, wherein the original image comprises one or more image blocks;
decrypting the encrypted mirror image to obtain a decrypted mirror image;
performing operation based on the original mirror image, wherein for any mirror image block in the one or more mirror image blocks, the mirror image block is split from the original mirror image, and the mirror image block is operated to obtain corresponding mirror image block operation information;
and comparing and verifying the mirror image block operation information with the decrypted mirror image.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware related to instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in the embodiments provided herein may include non-volatile and/or volatile memory, among others. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), Rambus Direct RAM (RDRAM), direct bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above examples only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.
Claims (9)
1. The vehicle-machine-based multi-operating-system verification method is characterized in that the multi-operating-system comprises a first operating system and a second operating system, and the method comprises the following steps:
acquiring an original mirror image of the second operating system, and classifying the original mirror image to obtain a classification result, wherein the classification result comprises a root mirror image and/or a system mirror image;
carrying out hash operation on the classification result to obtain a hash result, wherein the hash result comprises root hash and a hash tree;
encrypting the root hash of the root image and the hash tree of the system image by using a key to obtain an encrypted image of the second operating system;
starting the first operating system, and acquiring the encrypted image and the original image of the second operating system through the first operating system, wherein the original image comprises one or more image blocks;
decrypting the encrypted mirror image to obtain a decrypted mirror image;
performing operation based on the original mirror image, wherein for any mirror image block in the one or more mirror image blocks, the mirror image block is split from the original mirror image, and the mirror image block is operated to obtain corresponding mirror image block operation information;
and comparing and verifying the mirror image block operation information with the decrypted mirror image.
2. The method of claim 1, wherein decrypting the encrypted image comprises:
during the process of starting the second operating system, the first operating system carries out decryption verification on the encrypted image,
if the decryption verification is passed, accessing the decrypted mirror image and the original mirror image;
and if the decryption verification is not passed, stopping starting the second operating system.
3. The method according to claim 1 or 2, wherein the comparing and verifying the mirror block operation information and the decrypted mirror comprises:
comparing and verifying the mirror image block operation information with the decrypted mirror image,
if the comparison is consistent, other mirror blocks in the one or more mirror blocks are continuously compared and verified;
and if the comparison is inconsistent, stopping starting the second operating system.
4. The method according to claim 1, wherein the original mirror image is classified to obtain a classification result, wherein the classification result comprises a root mirror image and/or a system mirror image; performing hash operation on the classification result to obtain a hash result, wherein the hash result comprises a root hash and a hash tree, and the method comprises the following steps:
classifying the original mirror images according to a preset classification threshold, judging the original mirror images smaller than or equal to the classification threshold as root mirror images, and judging the original mirror images larger than the classification threshold as system mirror images;
and carrying out hash operation on the original mirror image according to a preset hash length to obtain a hash result, wherein the hash result comprises root hash and a hash tree, and the preset hash length corresponds to the preset classification threshold.
5. The method of claim 4, wherein splitting the mirror block from the original mirror and performing an operation on the mirror block to obtain corresponding mirror block operation information comprises:
if the original mirror image is the root mirror image, acquiring a first mirror image block obtained after splitting the root mirror image, and obtaining root hash corresponding to the first mirror image block as corresponding mirror image block operation information after operating the first mirror image block;
and if the original mirror image is the system mirror image, acquiring a second mirror image block obtained after the system mirror image is split, and operating the second mirror image block to obtain an original hash tree corresponding to the second mirror image block as corresponding mirror image block operation information.
6. The method of claim 5, wherein the verifying the mirror block operation information against the decrypted mirror comprises:
if the mirror image block split from the original mirror image is the first mirror image block, comparing and verifying the root hash of the first mirror image block and the root hash of the decrypted mirror image;
and if the mirror image block split from the original mirror image is the second mirror image block, comparing and verifying the hash tree of the second mirror image block and the hash tree of the decrypted mirror image.
7. The method of claim 6, further comprising:
after any mirror image block is operated, selecting the corresponding hash result according to the type of the original mirror image corresponding to the mirror image block, and performing comparison and verification on the encrypted mirror image according to the hash result,
if the original mirror image is the root mirror image, performing the hash operation on the root mirror image to obtain the root hash of the root mirror image, and comparing and verifying the root hash of the root mirror image and the encrypted mirror image;
and if the original mirror image is the system mirror image, performing the hash operation on the system mirror image to obtain the hash tree of the system mirror image, and comparing and verifying the hash tree of the system mirror image and the encrypted mirror image.
8. The method of claim 1, further comprising:
if the second operating system is updated, the original mirror image is correspondingly updated to obtain an updated original mirror image, the updated original mirror image is split and encrypted to obtain an updated encrypted mirror image, wherein the updated original mirror image comprises one or more updated mirror image blocks;
starting the first operating system, and acquiring an updated encrypted image and an updated original image of the second operating system through the first operating system;
decrypting the updated encrypted mirror image to obtain an updated decrypted mirror image;
performing operation based on the updated original mirror image, wherein for any updated mirror image block in the one or more updated mirror image blocks, the updated mirror image block is split from the updated original mirror image, and the updated mirror image block is operated to obtain corresponding updated mirror image block operation information;
and comparing and verifying the updated mirror image block operation information with the updated decrypted mirror image.
9. The utility model provides a verification device based on many operating systems of car machine which characterized in that, many operating systems include first operating system and second operating system, the device includes:
the processing module is used for acquiring an original mirror image of the second operating system and classifying the original mirror image to obtain a classification result, wherein the classification result comprises a root mirror image and/or a system mirror image; carrying out hash operation on the classification result to obtain a hash result, wherein the hash result comprises root hash and a hash tree; encrypting the root hash of the root image and the hash tree of the system image by using a key to obtain an encrypted image of the second operating system;
the starting module is used for starting the first operating system, and acquiring the encrypted mirror image and the original mirror image of the second operating system through the first operating system, wherein the original mirror image comprises one or more mirror image blocks;
the processing module is further configured to decrypt the encrypted image to obtain a decrypted image; performing operation based on the original mirror image, wherein for any mirror image block in the one or more mirror image blocks, the mirror image block is split from the original mirror image, and the mirror image block is operated to obtain corresponding mirror image block operation information;
and the verification module is used for comparing and verifying the mirror image block operation information with the decrypted mirror image.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210436796.XA CN114547630B (en) | 2022-04-25 | 2022-04-25 | Vehicle-mounted multi-operating-system-based verification method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210436796.XA CN114547630B (en) | 2022-04-25 | 2022-04-25 | Vehicle-mounted multi-operating-system-based verification method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114547630A CN114547630A (en) | 2022-05-27 |
| CN114547630B true CN114547630B (en) | 2022-08-09 |
Family
ID=81667611
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210436796.XA Active CN114547630B (en) | 2022-04-25 | 2022-04-25 | Vehicle-mounted multi-operating-system-based verification method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114547630B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106529301A (en) * | 2016-09-28 | 2017-03-22 | 东软集团股份有限公司 | Method and device for controlling vehicle-mounted machine system, and vehicle-mounted machine system |
| KR20200041639A (en) * | 2018-10-12 | 2020-04-22 | 현대자동차주식회사 | In-vehicle software update system and method for controlling the same |
| CN112148314A (en) * | 2020-09-21 | 2020-12-29 | 龙尚科技(上海)有限公司 | Mirror image verification method, device, equipment and storage medium of embedded system |
| CN112887401A (en) * | 2021-01-25 | 2021-06-01 | 宁波均联智行科技股份有限公司 | Network access method based on multiple operating systems and vehicle machine system |
| CN112912847A (en) * | 2018-11-09 | 2021-06-04 | 华为技术有限公司 | Method and related device for over-the-air upgrading |
| CN113946375A (en) * | 2021-10-19 | 2022-01-18 | 珠海全志科技股份有限公司 | Rapid and safe starting method and device of embedded system and electronic equipment |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106815528B (en) * | 2016-12-07 | 2019-10-29 | 重庆软云科技有限公司 | A kind of file management method and device, storage equipment |
| US11354418B2 (en) * | 2019-03-08 | 2022-06-07 | International Business Machines Corporation | Incremental decryption and integrity verification of a secure operating system image |
| CN112287367B (en) * | 2020-10-29 | 2022-05-10 | 合肥工业大学智能制造技术研究院 | Automobile T-BOX evidence obtaining system based on trusted computing |
-
2022
- 2022-04-25 CN CN202210436796.XA patent/CN114547630B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106529301A (en) * | 2016-09-28 | 2017-03-22 | 东软集团股份有限公司 | Method and device for controlling vehicle-mounted machine system, and vehicle-mounted machine system |
| KR20200041639A (en) * | 2018-10-12 | 2020-04-22 | 현대자동차주식회사 | In-vehicle software update system and method for controlling the same |
| CN112912847A (en) * | 2018-11-09 | 2021-06-04 | 华为技术有限公司 | Method and related device for over-the-air upgrading |
| CN112148314A (en) * | 2020-09-21 | 2020-12-29 | 龙尚科技(上海)有限公司 | Mirror image verification method, device, equipment and storage medium of embedded system |
| CN112887401A (en) * | 2021-01-25 | 2021-06-01 | 宁波均联智行科技股份有限公司 | Network access method based on multiple operating systems and vehicle machine system |
| CN113946375A (en) * | 2021-10-19 | 2022-01-18 | 珠海全志科技股份有限公司 | Rapid and safe starting method and device of embedded system and electronic equipment |
Non-Patent Citations (3)
| Title |
|---|
| Encryption scheme in portable electric vehicle charging infrastructure: Encryption scheme using symmetric key;Chan-Kuk Jang等;《2017 4th International Conference on Computer Applications and Information Processing Technology (CAIPT)》;20180322;全文 * |
| 一种多操作系统下软件组合加密法的实现;杨满喜;《微计算机应用》;20061205;第27卷(第06期);全文 * |
| 车载终端信息安全威胁与防范;罗璎珞等;《电信网技术》;20160615;第2016卷(第06期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114547630A (en) | 2022-05-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101300583B (en) | Simple scalable and configurable secure boot for trusted mobile phones | |
| US20070118752A1 (en) | Authentication of control units in a vehicle | |
| WO2019104988A1 (en) | Plc security processing unit and bus arbitration method thereof | |
| US20140244993A1 (en) | Method of updating the operating system of a secure microcircuit | |
| CN108304698B (en) | Product authorized use method and device, computer equipment and storage medium | |
| WO2021114614A1 (en) | Application program secure startup method and apparatus, computer device, and storage medium | |
| CA2925733A1 (en) | Encryption and decryption processing method, apparatus, and device | |
| CN112257086A (en) | User privacy data protection method and electronic equipment | |
| WO2022160697A1 (en) | Authorization authentication and software development kit generation methods and apparatuses, and electronic device | |
| CN111177709A (en) | Execution method and device of terminal trusted component and computer equipment | |
| CN107688756B (en) | Hard disk control method, equipment and readable storage medium storing program for executing | |
| CN109977039A (en) | HD encryption method for storing cipher key, device, equipment and readable storage medium storing program for executing | |
| CN113885907A (en) | Firmware upgrading system and method | |
| CN111628863B (en) | Data signature method and device, electronic equipment and storage medium | |
| CN109889334A (en) | Embedded firmware encrypting method, apparatus, wifi equipment and storage medium | |
| CN109491716A (en) | Start method and device, program storage method and device | |
| CN111382425A (en) | Application installation management method under multi-signature mechanism, intelligent terminal and storage medium | |
| CN114547630B (en) | Vehicle-mounted multi-operating-system-based verification method and device | |
| CN114189862A (en) | Wireless terminal and interface access authentication method of wireless terminal in Uboot mode | |
| CN111400771A (en) | Target partition checking method and device, storage medium and computer equipment | |
| CN110674525A (en) | Electronic equipment and file processing method thereof | |
| CN112861137A (en) | Secure firmware | |
| CN114995894A (en) | Starting control method of operating system, terminal equipment and readable storage medium | |
| CN115688120A (en) | Secure chip firmware importing method, secure chip and computer readable storage medium | |
| CN111639353B (en) | Data management method and device, embedded equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |