CN115048640A - Anti-rollback method and device for terminal, computer readable storage medium and computing equipment - Google Patents
Anti-rollback method and device for terminal, computer readable storage medium and computing equipment Download PDFInfo
- Publication number
- CN115048640A CN115048640A CN202210663432.5A CN202210663432A CN115048640A CN 115048640 A CN115048640 A CN 115048640A CN 202210663432 A CN202210663432 A CN 202210663432A CN 115048640 A CN115048640 A CN 115048640A
- Authority
- CN
- China
- Prior art keywords
- terminal
- rollback
- transaction
- current
- power
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/04—Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Finance (AREA)
- Economics (AREA)
- General Business, Economics & Management (AREA)
- Technology Law (AREA)
- Strategic Management (AREA)
- Marketing (AREA)
- Development Economics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Retry When Errors Occur (AREA)
- Stored Programmes (AREA)
Abstract
An anti-rollback method and device for a terminal, a computer-readable storage medium and a computing device, wherein the method comprises the following steps: when the terminal is started, acquiring the current startup and shutdown times and/or transaction verification values; determining whether the terminal generates version rollback according to the current startup and shutdown times, and/or determining whether the terminal generates transaction rollback according to the current transaction verification value; the method comprises the steps that the number of times of power on/off is increased by one when the terminal is powered on/off every time, and a transaction verification value is randomly generated when the terminal conducts transaction every time. Thereby, a rollback prevention method of the terminal can be provided to prevent a software version rollback or a transaction rollback on the terminal.
Description
Technical Field
The present invention relates to the field of terminal security, and in particular, to a method and an apparatus for preventing rollback of a terminal, a computer-readable storage medium, and a computing device.
Background
With the development of science and technology, intelligent terminals (such as mobile phones, computers and the like) are being widely applied all over the world. Applications such as mobile payment are also gradually popularized, and intelligent terminals are gradually changing from communication tools to personal information terminals.
Generally, after an intelligent terminal leaves a factory, if a manufacturer finds some serious software problems, software (such as system software, application software and the like) on the terminal can be upgraded in a software upgrading mode, so that old version software in the original terminal is replaced by new version software with repaired problems. However, it is possible for hackers or malicious software to re-flush the old version of the software in question back into the terminal by some technical means, thereby exploiting known flaws in the software to steal user information or engage in some other illegal activity. The act of refreshing the old version of software back to the terminal is referred to as a version rollback or version rollback.
Transaction rollback (or rollback) is the state in which transactions that have occurred are changed to non-occurring. Namely, the payment action is already carried out on the terminal, but the attacker makes the transfer process have errors through some means, so that the whole transaction process is rolled back, and the purpose of transaction rolling back is achieved.
However, there is currently a lack of reliable means to prevent software versions or transactions on the terminal from rolling back.
Disclosure of Invention
The invention solves the technical problem of how to provide a rollback prevention method for a terminal and discover software version rollback or transaction rollback on the terminal.
In order to solve the above problem, an embodiment of the present invention provides a method for preventing a terminal from rolling back, including: when the terminal is started, acquiring the current startup and shutdown times and/or transaction verification values; determining whether the terminal generates version rollback according to the current startup and shutdown times, and/or determining whether the terminal generates transaction rollback according to the current transaction verification value; the method comprises the steps that the number of times of power on/off is increased by one when the terminal is powered on/off every time, and a transaction verification value is randomly generated when the terminal conducts transaction every time.
Optionally, the method further includes: when the terminal is powered off, acquiring the current power-on and power-off times as a first key, and encrypting data in a first preset storage space by using the first key to obtain and store a first ciphertext; performing hash operation on the data in the first preset storage space to obtain a first hash value; the determining whether the terminal has version rollback according to the current power on/off times includes: acquiring reference times, wherein the reference times are the times of power on and power off recorded when the version of the terminal is upgraded; when the current power-on and power-off times are larger than or equal to the reference times, the current power-on and power-off times are used as a second key, and the second key is used for decrypting the first ciphertext to obtain a first plaintext; performing hash operation on the first plaintext to obtain a second hash value; and if the first hash value is consistent with the second hash value, determining that the terminal does not generate the version rollback.
Optionally, the method further includes: when the terminal is powered off, acquiring a current transaction verification value as a third key, and encrypting data in a second preset storage space by using the third key to obtain and store a second ciphertext; performing hash operation on the data in the second preset storage space to obtain a third hash value; the determining whether the transaction rollback occurs in the terminal according to the current transaction verification value includes: taking the current transaction verification value as a fourth key, and decrypting the second ciphertext by using the fourth key to obtain a second plaintext; performing hash operation on the second plaintext to obtain a fourth hash value; and if the third hash value is consistent with the fourth hash value, determining that the transaction rollback does not occur in the terminal.
Optionally, the method further includes: when the terminal is powered off, acquiring the current power-on and power-off times and a transaction verification value; calculating the current startup and shutdown times and the transaction verification value according to a preset algorithm to obtain a fifth key, and encrypting data in a third preset storage space by using the fifth key to obtain and store a third ciphertext; performing hash operation on the data in the third preset storage space to obtain a fifth hash value; the determining whether the terminal has version rollback according to the current startup and shutdown times and determining whether the terminal has transaction rollback according to the current transaction verification value includes: acquiring reference times, wherein the reference times are the times of power on and power off recorded when the version of the terminal is upgraded; when the current startup and shutdown times are larger than or equal to the reference times, calculating the current startup and shutdown times and the transaction verification value according to the preset algorithm to obtain a sixth secret key, and decrypting the third ciphertext by using the sixth secret key to obtain a third plaintext; performing hash operation on the third plain text to obtain a sixth hash value; and if the fifth hash value is consistent with the sixth hash value, determining that the terminal does not have version rollback or transaction rollback.
Optionally, the method further includes: and storing the transaction verification value when each transaction is finished or abnormal power failure occurs.
Optionally, the number of times of power on and power off and/or the transaction verification value are stored in a one-time programmable memory of the terminal.
Optionally, the number of times of power on/off and/or the transaction verification value are stored in a one-time programmable memory and a backup space of the terminal at the same time; the acquiring the current startup and shutdown times and/or the transaction verification value comprises: respectively acquiring the startup and shutdown times and/or the transaction verification value from the one-time programmable memory and the backup space; and comparing whether the data stored in the one-time programmable memory and the backup space are consistent, if so, continuing to execute the step of determining whether the terminal has version rollback according to the current startup and shutdown times, and/or determining whether the terminal has transaction rollback according to the current transaction verification value.
Optionally, the method further includes: and if the terminal has version rollback or transaction rollback, the terminal is not allowed to be started.
Optionally, the method further includes: and if the transaction rollback occurs in the terminal, continuing to execute the starting operation and outputting an alarm prompt.
An embodiment of the present invention further provides an anti-rollback apparatus for a terminal, including: the storage data acquisition module is used for acquiring the current startup and shutdown times and/or transaction verification values when the terminal is started; the rollback judging module is used for determining whether the terminal generates version rollback according to the current startup and shutdown times and/or determining whether the terminal generates transaction rollback according to the current transaction verification value; the method comprises the steps that the number of times of power on/off is increased by one when the terminal is powered on/off every time, and a transaction verification value is randomly generated when the terminal conducts transaction every time.
Embodiments of the present invention further provide a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, performs any of the method steps.
The embodiment of the present invention further provides a computing device, which includes the anti-rollback apparatus of the terminal, or includes a memory and a processor, where the memory stores a computer program that can be executed on the processor, and when the processor executes the computer program, the processor executes any one of the steps of the method.
Compared with the prior art, the technical scheme of the embodiment of the application has the following beneficial effects:
the embodiment of the invention provides a rollback prevention method for a terminal, which comprises the following steps: when the terminal is started, acquiring the current startup and shutdown times and/or transaction verification values; determining whether the terminal generates version rollback according to the current startup and shutdown times, and/or determining whether the terminal generates transaction rollback according to the current transaction verification value; the method comprises the steps that the number of times of power on/off is increased by one when the terminal is powered on/off every time, and a transaction verification value is randomly generated when the terminal conducts transaction every time. Compared with the prior art, the scheme of the embodiment of the invention can judge whether the terminal has the software (such as an operating system or an application program) version rollback or not according to the current startup and shutdown times of the terminal, and/or can judge whether the terminal has the transaction rollback or not according to the current transaction verification value of the terminal.
Further, when the terminal is powered off every time, the hash value of the first ciphertext and the plaintext thereof encrypted by the data in the first preset storage space is stored. And when the terminal is started next time, acquiring the current startup and shutdown times as a key for decrypting the first ciphertext, and comparing the hash value of the plaintext after the first ciphertext is decrypted with the hash value of the plaintext of the data of the first preset storage space stored when the terminal is shut down so as to judge whether the terminal has version rollback.
Further, when the terminal is powered off every time, the hash value of the second ciphertext and the plaintext thereof encrypted by the data in the second preset storage space is stored. And when the terminal is started next time, acquiring the current transaction verification value as a key for decrypting the second ciphertext, and comparing the hash value of the plaintext after the second ciphertext is decrypted with the hash value of the plaintext of the data of the second preset storage space stored when the terminal is closed so as to judge whether transaction rollback occurs in the terminal.
Further, when the terminal is powered off every time, a third ciphertext and a hash value of a plaintext of the third ciphertext are stored, wherein the third ciphertext is obtained by encrypting the third ciphertext by using a value obtained by the current power-on and power-off times and the transaction verification value according to a preset algorithm as a secret key. And when the terminal is started next time, obtaining the current startup and shutdown times and the transaction verification value to obtain a key for decrypting the third ciphertext according to the preset algorithm, and comparing the hash value of the plaintext after the third ciphertext is decrypted with the hash value of the plaintext of the data in the third preset storage space stored during shutdown to synchronously judge whether the terminal has version rollback and transaction rollback.
Drawings
Fig. 1 is a flowchart illustrating a first method for preventing rollback of a terminal according to an embodiment of the present invention;
fig. 2 is a flowchart illustrating a rollback prevention method of a second terminal according to an embodiment of the present invention;
fig. 3 is a flowchart illustrating an anti-rollback method of a third terminal according to an embodiment of the present invention;
fig. 4 is a flowchart illustrating a version rollback verification method according to an embodiment of the present invention;
FIG. 5 is a flowchart illustrating a transaction rollback verification method according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of an anti-rollback apparatus of a terminal according to an embodiment of the present invention;
fig. 7 is a schematic application diagram of an anti-rollback apparatus of a terminal according to an embodiment of the present invention.
Detailed Description
As noted in the background, there is currently a lack of reliable means to prevent software versions or transactions on a terminal from rolling back.
Currently, there is an Anti-rollback (Anti-rollback) scheme for software, that is, each time software is run, a version number of the software is checked, for example, a hash value of the software version number is verified, so as to determine whether the software rolls back. If the check passes, the software does not roll back, otherwise the software may roll back. In addition, version information (such as a version number of software) of a core module/partition on the terminal may also be saved through a one-time programmable memory (e.g., efuse) on the terminal, and in a terminal starting process, the version information saved in the efuse is compared with version information of currently-running software to determine whether rollback of a software version occurs. However, through research by the inventor of the present application, it is found that version information stored in the efuse and version information of running software may be tampered, so that the anti-rollback method implemented by the efuse in the prior art cannot effectively resist the version rollback.
In order to solve the above problem, an embodiment of the present invention provides a method for preventing a rollback of a terminal, including: when the terminal is started, acquiring the current startup and shutdown times and/or transaction verification values; determining whether the terminal generates version rollback according to the current startup and shutdown times, and/or determining whether the terminal generates transaction rollback according to the current transaction verification value; the method comprises the steps that the number of times of power on/off is increased by one when the terminal is powered on/off every time, and a transaction verification value is randomly generated when the terminal conducts transaction every time. Therefore, whether the terminal generates the rollback of the software (such as an operating system or an application program) version can be judged according to the current startup and shutdown times of the terminal, and/or whether the terminal generates the transaction rollback can be judged according to the current transaction verification value of the terminal.
The anti-rollback method of the terminal is applied to the terminal or a chip of the terminal, and the terminal can comprise a mobile phone, a computer, an intelligent watch, an intelligent robot and other equipment. In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in detail below.
Referring to fig. 1 to 3, fig. 1 to 3 are schematic flow charts of anti-rollback methods for three terminals according to an embodiment of the present invention. The three methods are methods 1 to 3, respectively, described in detail below.
Method 1
Step S101, when a terminal is started, acquiring the current startup and shutdown times, wherein the startup and shutdown times are increased by one each time the terminal is started up/shut down; and step S102, determining whether the terminal has version rollback or not according to the current power on and power off times.
Optionally, the current power on/off times refers to a value of the power on/off times stored at the terminal at this time. And the current startup and shutdown times are stored in a local preset position of the terminal. In a specific example, the current power on/off times are stored in a one-time programmable memory of the terminal, which may be referred to as efuse (also referred to as a non-volatile memory) of the terminal chip. After the write-in of the one-time programmable memory, the one-time programmable memory cannot be erased and is not lost in power failure, the stored current startup and shutdown times can be guaranteed not to be tampered, the data security is improved, and the reliability of a version rollback judgment result is guaranteed.
Optionally, adding one to the power on/off times when the terminal is powered on/off each time, includes: adding one to the power-on and power-off times each time the terminal executes one power-on operation; and when the terminal executes one power-off operation each time, the power-on and power-off times are increased by one. Optionally, after adding one to the number of times of power on/off each time, the updated number of times of power on/off is stored in a one-time programmable memory (e.g., efuse).
In one specific example, a partition storing the number of power on/off times, denoted as powercnt, is included in efuse). Writing 1 bit into the partition (i.e. powercnt) every time the terminal is powered on, namely adding one to the power on/off times; each time the terminal is powered off, 1 bit 1 is written into this partition (i.e., powercnt) again, i.e., the number of power-on/power-off times is increased by one. Because the one-time programmable memory cannot be erased, the size of the reserved partition for storing the startup and shutdown times can be considered according to the life cycle of the terminal before the terminal leaves a factory, and the influence on the normal use of the terminal after the partition for storing the startup and shutdown times is fully stored is avoided.
Optionally, determining whether the terminal has version rollback according to the current power on/off times includes: a corresponding relation exists between the current startup and shutdown times and the software version installed on the terminal, and if the current startup and shutdown times meet the corresponding relation, the terminal does not roll back the version; and if the current power on/off times do not meet the corresponding relation, rolling back the version of the terminal.
The correspondence may include: the current number of times of power on/off is equal to or greater than the number of times of power on/off when the version is installed on the terminal (i.e., hereinafter referred to as "reference number"). When the terminal installs the version, the number of times of power on/off at this time is stored in the terminal, for example, in a one-time programmable memory. If the software version is updated on the terminal, the on-off times of the terminal during installation of the software version before and after the update are stored, for example, the software version on the terminal is upgraded from the version V1 to the version V2, the on-off times of the terminal during installation of the version V1 is 100 times, and the on-off times of the terminal during installation of the version V2 is 200 times.
In one specific example, if the number of times of power on and power off of the terminal when version V2 is installed is already stored on the terminal is 200 times, if the current number of times of power on and power off is acquired to be less than 200 times, it can be determined that the current number of times of power on and power off may be tampered with, and then version rollback may occur. If the number of power-on/off times on the terminal is 200 or more, and the number of power-on/off times of the terminal when the version V2 has been installed is stored on the terminal is 200, but the version of software currently installed on the terminal is version V1, a version rollback may occur.
By the method 1, the relationship between the software version on the terminal and the startup and shutdown times of the terminal is established, and when the terminal is started, whether the version rollback of the software version installed on the terminal occurs or not is monitored through the current startup and shutdown times.
Method 2
Step S201, when a terminal is started, obtaining a current transaction verification value, and randomly generating a transaction verification value when the terminal conducts transaction each time;
step S202, determining whether the terminal generates transaction rollback according to the current transaction verification value.
Optionally, the current transaction verification value refers to a value stored by the terminal at this time for verifying whether transaction rollback occurs. And the current transaction verification value is stored in a local preset position of the terminal. The occurrence of a transaction may refer to an electronic payment performed on the terminal, such as an electronic card swipe, an online purchase, and the like.
In one specific example, the current transaction verification value is stored in a one-time programmable memory of the terminal, which may be referred to as efuse (also referred to as non-volatile memory) of the terminal chip. After the write-in of the one-time programmable memory, the one-time programmable memory cannot be erased and is not lost when power is down, so that the stored current transaction verification value can be ensured not to be tampered, the data security is improved, and the reliability of the transaction rollback judgment result is ensured.
Optionally, in step S202, determining whether a transaction rollback occurs in the terminal according to the current transaction verification value may include: if the current transaction verification value is consistent with the transaction verification value generated by the last transaction, determining that the transaction rollback does not occur in the terminal; and if the current transaction verification value is inconsistent with the transaction verification value generated by the last transaction, determining that the transaction rollback of the terminal occurs.
In a specific example, a random counter inside the terminal chip counts in each transaction process, and a transaction verification value of the transaction is randomly generated. And storing the transaction verification value randomly generated at this time to a preset position when the transaction is finished, the terminal is abnormally powered off or the terminal is powered off. The preset position may be a one-time programmable memory (e.g., efuse). When the terminal is restarted due to abnormal power failure caused by chip temperature overhigh and operation error (such as watchdog error) and the like, the terminal may have unsafe factors, and the transaction verification value is stored in the one-time programmable memory at the moment, so that the transaction verification value is prevented from being tampered to cause transaction rollback.
In another specific example, the preset location includes two partitions, a first partition (denoted as a backup cnt) and a second partition (denoted as a version cnt). And when the transaction is finished, the terminal is abnormally powered off or the terminal is powered off, preferentially writing the transaction verification value randomly generated this time into a first partition at a preset position, and if the data in the first partition overflows, writing the data into a second partition. The first partition and the second partition respectively comprise a plurality of memory blocks, each memory block being for storing data of a single transaction verification value. The obtaining the current transaction verification value may include: and respectively acquiring data from the storage blocks corresponding to the first partition and the second partition to obtain a current transaction verification value. The single transaction verification value is divided into two partitions for storage, so that the dispersity of data storage can be further increased, and the difficulty in tampering the transaction verification value is further increased.
In the embodiment, when the terminal is started each time, the current transaction verification value can be obtained to judge whether the terminal has transaction rollback or not, so that the transaction safety of the terminal is improved.
Method 3
Step S301, when a terminal is started, obtaining the current startup and shutdown times and a transaction verification value, wherein the startup and shutdown times are increased by one when the terminal is started up/shut down each time, and the terminal randomly generates the transaction verification value during each transaction;
step S302, determining whether the terminal has version rollback or not according to the current power on and power off times;
step S303, determining whether the terminal generates transaction rollback according to the current transaction verification value.
Wherein, before/after/while executing step S302, step S303 is executed. For a detailed description of each step in the method 3, refer to the related descriptions of the method 1 and the method 2, which are not repeated herein. When the terminal is started, the current startup and shutdown times and the transaction verification value can be respectively obtained, and whether the terminal has version rollback and transaction rollback is judged.
In an embodiment, please refer to fig. 4, fig. 4 is a flowchart illustrating a rollback verification method according to an embodiment of the present invention, which may be used for verifying the method 1 and the method 3 to determine whether a terminal has rollback. The method may include steps S401 to S406, and the detailed description of each step is as follows.
Step S401, when the terminal is powered off, acquiring the current power on/off times as a first key, and encrypting data in a first preset storage space by using the first key to obtain and store a first ciphertext.
Step S402, performing hash operation on the data in the first preset storage space to obtain a first hash value.
And when the terminal receives a power-off command, firstly adding one to the power-on and power-off times to obtain the current power-on and power-off times and storing the current power-on and power-off times. And then, acquiring the current startup and shutdown times as a first key to encrypt the data of the first preset storage space to obtain a first ciphertext. Optionally, the first preset storage space may refer to any storage space on the terminal, for example, the first preset storage space may refer to a flash memory (flash memory) of the terminal chip. In addition, the terminal also stores the hash value of the data plaintext of the first preset storage space. Therefore, when the terminal is powered off, some private information (namely data in the first preset storage space) is encrypted and stored, and data leakage is avoided.
When the terminal is powered on, step S102 or step S302 is executed, and whether the terminal has a version rollback is determined according to the current power on/off frequency, which may specifically include the following steps S403 to S406.
Step S403, acquiring reference times, wherein the reference times are the times of startup and shutdown recorded when the version of the terminal is upgraded.
And S404, when the current power-on and power-off times are larger than or equal to the reference times, decrypting the first ciphertext by using the second key by using the current power-on and power-off times as a second key to obtain a first plaintext.
Step S405, performs a hash operation on the first plaintext to obtain a second hash value.
Step S406, if the first hash value and the second hash value are consistent, it is determined that the terminal has not rolled back.
It should be noted that, in step S101/S301, when the terminal is powered on to obtain the current power on/off times, the terminal does not complete the whole power on process at this time, the power on/off times are not increased by one, and the current power on/off times obtained in step S101/S301 and the current power on/off times in step S401 should be the same. If the current power on/off times obtained in step S101/S301 is the same as the current power on/off times in step S401, the second key may successfully decrypt the first ciphertext. By comparing whether the first hash value and the second hash value are consistent, it can be determined whether the second key successfully decrypts the first ciphertext. If the first hash value is consistent with the second hash value, the second key successfully decrypts the first ciphertext, the current power on/off times acquired in the step S101/S301 are the same as the power on/off times stored in the last power off, the terminal does not have version rollback, and the terminal can continue to execute the power on process. If the first hash value is not consistent with the second hash value, the second key cannot successfully decrypt the first ciphertext, the current power on/off times acquired in step S101/S301 are different from the power on/off times stored in the last power off, and the terminal may have version rollback.
In a specific embodiment, the boot process of the terminal includes the starting of the security module and the starting of the application module, and the starting and the running of the application module depend on the starting of the security module. Specifically, when the terminal is started, the security module is started first, the security module executes the anti-rollback method of the terminal according to the embodiment of the present invention, and if the security module determines that the version rollback or the transaction rollback does not occur, the terminal starts the application module, and the application module can run various application programs on the terminal.
In this embodiment, each time the terminal is powered off, the hash value of the first ciphertext and the plaintext thereof encrypted by the data in the first preset storage space is stored. When the terminal is started next time, the current startup and shutdown times are obtained to serve as a key for decrypting the first ciphertext, and the hash value of the plaintext (namely the first plaintext) after the first ciphertext is decrypted is compared with the hash value of the plaintext of the data of the first preset storage space stored when the terminal is shut down, so that whether the terminal is subjected to version rollback or not is judged.
In an embodiment, please refer to fig. 5, fig. 5 is a flowchart illustrating a transaction rollback verification method according to an embodiment of the present invention, which may be used for verifying the method 2 and the method 3 to determine whether a transaction rollback occurs in the terminal. The method may include steps S501 to S505, and the detailed description of each step is as follows.
Step S501, when the terminal is powered off, the current transaction verification value is obtained and used as a third secret key, and the third secret key is used for encrypting data of a second preset storage space to obtain a second ciphertext and storing the second ciphertext.
Step S502, performing a hash operation on the data in the second preset storage space to obtain a third hash value.
And when the terminal receives a shutdown instruction every time, the terminal stores a second ciphertext obtained by encrypting the data in the second preset storage space by taking the current transaction verification value as a key (namely a third key). In addition, the terminal also stores a hash value (i.e., a third hash value) of the plaintext of the data of the second preset storage space.
Optionally, the second preset storage space may refer to any storage space on the terminal, and may be the same storage space as the first preset storage space or a different storage space. For example, the second predetermined storage space may refer to a flash memory (flash memory) of the terminal chip.
When the terminal is powered on, step S202 or step S303 is executed, and whether a transaction rollback occurs in the terminal is determined according to the current transaction verification value, which may specifically include the following steps S503 to S505.
Step S503, using the current transaction verification value as a fourth key, and decrypting the second ciphertext with the fourth key to obtain a second plaintext.
Step S504, a hash operation is performed on the second plaintext to obtain a fourth hash value.
Step S505, if the third hash value and the fourth hash value are consistent, it is determined that no transaction rollback occurs in the terminal.
It should be noted that, in step S201/S301, the terminal is powered off last time until the terminal is powered on this time to obtain the current transaction verification value, the terminal does not perform a transaction, and the current transaction verification value obtained in step S201/S301 and the current transaction verification value in step S501 should be the same, so that the fourth secret key should be able to successfully decrypt the second ciphertext. By comparing whether the third hash value and the fourth hash value are consistent, it can be determined whether the fourth key successfully decrypts the second ciphertext. If the third hash value is consistent with the fourth hash value, the fourth key successfully decrypts the second ciphertext, the current transaction verification value obtained in step S201/S301 is the same as the transaction verification value stored in the last shutdown, the transaction rollback does not occur in the terminal, and the terminal may continue to execute the startup process. If the third hash value and the fourth hash value are not consistent, the fourth key cannot successfully decrypt the second ciphertext, the current transaction verification value acquired in step S201/S301 is different from the transaction verification value stored in the last shutdown, and transaction rollback may occur in the terminal.
In a specific embodiment, when the terminal is powered on, the security module is started first, the security module executes the anti-rollback method of the terminal according to the embodiment of the present invention, and if the security module determines that the version rollback or the transaction rollback does not occur, the terminal starts the application module, and the application module can run various application programs on the terminal.
In this embodiment, each time the terminal is powered off, the hash value of the second ciphertext and the plaintext thereof encrypted by the data in the second preset storage space is stored. And when the terminal is started next time, acquiring the current transaction verification value as a key for decrypting the second ciphertext, and comparing the hash value of the plaintext (namely the second plaintext) decrypted by the second ciphertext with the hash value of the plaintext of the data of the second preset storage space stored when the terminal is shut down so as to judge whether transaction rollback occurs in the terminal.
In one embodiment, the method further comprises: when the terminal is powered off, acquiring the current power-on and power-off times and a transaction verification value; calculating the current startup and shutdown times and the transaction verification value according to a preset algorithm to obtain a fifth key, and encrypting data in a third preset storage space by using the fifth key to obtain and store a third ciphertext; performing hash operation on the data in the third preset storage space to obtain a fifth hash value; the determining whether the terminal has version rollback according to the current startup and shutdown times and determining whether the terminal has transaction rollback according to the current transaction verification value includes: acquiring reference times, wherein the reference times are the times of power on and power off recorded when the version of the terminal is upgraded; when the current power-on and power-off times are larger than or equal to the reference times, calculating the current power-on and power-off times and the transaction verification value according to the preset algorithm to obtain a sixth secret key, and decrypting the third ciphertext by using the sixth secret key to obtain a third plaintext; performing hash operation on the third plain text to obtain a sixth hash value; and if the fifth hash value is consistent with the sixth hash value, determining that the terminal does not have version rollback or transaction rollback.
In this embodiment, when the terminal is powered on, it needs to verify whether version rollback and transaction rollback occur, and needs to obtain the current power on/off times and transaction verification value, and generate a numerical value according to a preset algorithm for both, thereby simultaneously verifying the version rollback and the transaction rollback.
Optionally, the preset algorithm may be one or more of addition, subtraction, multiplication, division, and the like, and is not limited herein. The third preset storage space may refer to any storage space on the terminal, and may be the same storage space as the first/second preset storage spaces or different storage spaces. For example, the third predetermined storage space may refer to a flash memory (flash memory) of the terminal chip.
In this embodiment, each time the terminal is powered off, a third ciphertext and a hash value of a plaintext thereof after data encryption in a third preset storage space are stored, and the third ciphertext is obtained by encrypting a value obtained by a preset algorithm with the current power-on and power-off times and the transaction verification value as a secret key. And when the terminal is started next time, obtaining the current startup and shutdown times and the transaction verification value to obtain a key for decrypting the third ciphertext according to the preset algorithm, and comparing the hash value of the plaintext (namely the third plaintext) decrypted by the third ciphertext with the hash value of the plaintext of the data in the third preset storage space stored when the terminal is shut down so as to synchronously judge whether the terminal has version rollback and transaction rollback.
It should be noted that other descriptions in this embodiment may refer to relevant contents in fig. 4 and fig. 5, and are not described here again.
In one embodiment, the number of power-on/off times and/or the transaction verification value are stored in a one-time programmable memory of the terminal and a backup space at the same time. That is, when the number of power-ups and/or the transaction verification value is stored to the one-time programmable memory, it is also stored to the backup space. Optionally, the backup space may also be a partition in the efuse, or the backup space may be stored in other storage locations on the terminal, that is, the number of times of power on and power off and/or the transaction verification value, by using double data (double bit).
Referring to fig. 1 to 3 again, in step S101, step S201, or step S301, the obtaining the current power on/off times and/or the transaction verification value may include: respectively acquiring the startup and shutdown times and/or the transaction verification value from the one-time programmable memory and the backup space; comparing whether the data stored in the one-time programmable memory and the backup space are consistent, if so, continuing to execute the step of determining whether the terminal has version rollback according to the current startup and shutdown times (namely step S102 or S302), and/or determining whether the terminal has transaction rollback according to the current transaction verification value (namely step S202 or S303).
Since the otp memory and the backup space store two times of power on/off and/or the transaction verification value, if an attacker should tamper with these data, the data stored in the otp memory and the backup space will be inconsistent. When the two are inconsistent, the data may be tampered, the current terminal may have a security problem, and the terminal may not be allowed to be powered on (for example, subsequent power-on operations such as starting an application module are not allowed to be continued) or a risk prompt is performed on the user to resist the error injection attack. If the two are consistent, the subsequent steps can be continuously executed to judge whether the terminal generates version rollback and/or transaction rollback.
In one embodiment, the anti-rollback method of the terminal may further include: and if the terminal is determined to have version rollback or transaction rollback according to the methods 1 to 3, not allowing the terminal to be powered on.
Specifically, if the terminal has version rollback or transaction rollback, the terminal may have a system bug or a security risk, and interrupt the current terminal boot process to power down the terminal. The user may seek help from after-market service personnel to resolve the issue of version rollback or transaction rollback of the terminal.
In one embodiment, the anti-rollback method of the terminal may further include: and if the transaction rollback occurs in the terminal according to the method 2 or the method 3, continuing to execute the starting operation and outputting an alarm prompt.
In particular, if only a transaction rollback occurs at the terminal, the boot-up operation may continue. And after the terminal is started, the terminal is prohibited from carrying out transaction operation until the risk existing in the transaction is solved by the user in an after-sale mode and the like. At this point, the functionality of non-transactional operations on the terminal is not affected. The alarm prompt is used for prompting that the user terminal may have transaction risk currently, and can be a prompt message such as a short message.
Referring to fig. 6, an embodiment of the present invention further provides an anti-rollback apparatus 60 for a terminal, including: a stored data obtaining module 601, configured to obtain current power on/off times and/or a transaction verification value when the terminal is powered on; a rollback judgment module 602, configured to determine whether a version rollback occurs in the terminal according to the current power on/off frequency, and/or determine whether a transaction rollback occurs in the terminal according to the current transaction verification value; the method comprises the steps that the number of times of power on/off is increased by one when the terminal is powered on/off every time, and a transaction verification value is randomly generated when the terminal conducts transaction every time.
In one embodiment, the rollback prevention apparatus 60 of the terminal may further include: the first encryption module is used for acquiring the current power-on and power-off times as a first key when the terminal is powered off, and encrypting data in a first preset storage space by using the first key to obtain and store a first ciphertext; and the first hash calculation module is used for executing hash operation on the data in the first preset storage space to obtain a first hash value. The rollback determination module 602 may include: the first reference frequency acquiring unit is used for acquiring reference frequencies, wherein the reference frequencies are the startup and shutdown frequencies recorded when the version of the terminal is upgraded; the first decryption unit is used for decrypting the first ciphertext by using the second key to obtain a first plaintext by taking the current power-on and power-off times as the second key when the current power-on and power-off times are greater than or equal to the reference times; the second hash calculation unit is used for executing hash operation on the first plaintext to obtain a second hash value; and the version rollback judging unit is used for determining that the terminal does not generate the version rollback if the first hash value is consistent with the second hash value.
In one embodiment, the rollback prevention apparatus 60 of the terminal may further include: the second encryption module is used for acquiring a current transaction verification value as a third key when the terminal is powered off, encrypting data in a second preset storage space by using the third key, and acquiring and storing a second ciphertext; and the third hash calculation module is used for executing hash operation on the data in the second preset storage space to obtain a third hash value. The rollback determination module 602 may include: the second decryption unit is used for decrypting the second ciphertext by using the fourth key to obtain a second plaintext by using the current transaction verification value as the fourth key; the fourth hash calculation unit is used for performing hash operation on the second plaintext to obtain a fourth hash value; and the transaction rollback judging unit is used for determining that the transaction rollback does not occur in the terminal if the third hash value is consistent with the fourth hash value.
In one embodiment, the rollback prevention apparatus 60 of the terminal may further include: the synchronous acquisition module is used for acquiring the current startup and shutdown times and the transaction verification value when the terminal is shutdown; the third encryption module is used for calculating the current startup and shutdown times and the transaction verification value according to a preset algorithm to obtain a fifth key, and encrypting data in a third preset storage space by using the fifth key to obtain and store a third ciphertext; and the fifth hash calculation module is used for performing hash operation on the data in the third preset storage space to obtain a fifth hash value. The rollback determination module 602 may include: a second reference frequency obtaining unit, configured to obtain a reference frequency, where the reference frequency is a power on/off frequency recorded when the version of the terminal is upgraded; the third decryption unit is used for calculating the current power-on and power-off times and the transaction verification value according to the preset algorithm to obtain a sixth secret key when the current power-on and power-off times are larger than or equal to the reference times, and decrypting the third ciphertext by using the sixth secret key to obtain a third plaintext; a sixth hash calculation unit, configured to perform a hash operation on the third plaintext to obtain a sixth hash value; and the synchronization judging unit is used for determining that the terminal does not generate version rollback or transaction rollback if the fifth hash value is consistent with the sixth hash value.
In one embodiment, the rollback prevention device 60 of the terminal may further include: and the storage module is used for storing the transaction verification value when each transaction is finished or abnormal power failure occurs.
In one embodiment, the number of power-ups and/or the transaction verification value is stored in a one-time programmable memory of the terminal.
In one embodiment, the number of times of power on and off and/or the transaction verification value are stored in a one-time programmable memory and a backup space of the terminal at the same time; the acquiring the current startup and shutdown times and/or the transaction verification value comprises: respectively acquiring the startup and shutdown times and/or the transaction verification value from the one-time programmable memory and the backup space; and comparing whether the data stored in the one-time programmable memory and the backup space are consistent, if so, continuing to execute the step of determining whether the terminal has version rollback according to the current startup and shutdown times, and/or determining whether the terminal has transaction rollback according to the current transaction verification value.
In one embodiment, the rollback prevention apparatus 60 of the terminal may further include: and the first rollback processing module is used for not allowing the terminal to be started when the terminal generates version rollback or transaction rollback.
In one embodiment, the rollback prevention apparatus 60 of the terminal may further include: and the second rollback processing module is used for continuously executing the starting operation when the transaction rollback occurs at the terminal and outputting an alarm prompt.
For more details on the operation principle and operation mode of the anti-rollback apparatus 60 of the terminal, reference may be made to the description of the anti-rollback method of the terminal in fig. 1 to 5, which is not repeated herein.
Referring to fig. 7, fig. 7 is an application diagram of an anti-rollback apparatus 60 of a terminal according to an embodiment of the present invention, and a specific structure of the anti-rollback apparatus 60 of the terminal may refer to the description related to the embodiment shown in fig. 6. The terminal stores the updated number of power on/off times in the partition storing the number of power on/off times in the otp memory 70 every time it is turned on/off. When the terminal finishes each transaction or abnormally powers down or shuts down the terminal, the transaction verification value generated during the latest transaction is stored in the first partition and the second partition in the one-time programmable memory 70. When the terminal is powered on, the anti-rollback apparatus 60 of the terminal may obtain the current power on/off times from the partition in which the power on/off times are stored in the otp memory 70 to determine whether a version rollback occurs in the terminal. The rollback prevention device 60 of the terminal may also obtain the current transaction verification value from the first partition and the second partition within the otp memory 70 when the terminal is powered on to determine whether a transaction rollback occurs in the terminal.
In a specific implementation, the anti-rollback apparatus 60 of the terminal may correspond to a Chip having a communication function in the terminal, or correspond to a Chip having a data processing function, such as a System-On-a-Chip (SOC), a radio frequency Chip, or the like; or the terminal comprises a chip module with a communication function; or to a chip module having a chip with a data processing function, or to a terminal.
Each module/unit included in each apparatus and product described in the above embodiments may be a software module/unit, or may also be a hardware module/unit, or may also be a part of a software module/unit and a part of a hardware module/unit. For example, for each device or product applied to or integrated into a chip, each module/unit included in the device or product may be implemented by hardware such as a circuit, or at least a part of the module/unit may be implemented by a software program running on a processor integrated within the chip, and the rest (if any) part of the module/unit may be implemented by hardware such as a circuit; for each device or product applied to or integrated with the chip module, each module/unit included in the device or product may be implemented by using hardware such as a circuit, and different modules/units may be located in the same component (e.g., a chip, a circuit module, etc.) or different components of the chip module, or at least some of the modules/units may be implemented by using a software program running on a processor integrated within the chip module, and the rest (if any) of the modules/units may be implemented by using hardware such as a circuit; for each device and product applied to or integrated in the terminal, each module/unit included in the device and product may be implemented by using hardware such as a circuit, and different modules/units may be located in the same component (e.g., a chip, a circuit module, etc.) or different components in the terminal, or at least part of the modules/units may be implemented by using a software program running on a processor integrated in the terminal, and the rest (if any) part of the modules/units may be implemented by using hardware such as a circuit.
An embodiment of the present application further provides a computer-readable storage medium, on which a computer program is stored, where the computer program is executed by a processor to perform the steps of the anti-rollback method of any one of the terminals in fig. 1 to 5. The storage medium may be a computer-readable storage medium, and may include, for example, a non-volatile (non-volatile) or non-transitory (non-transitory) memory, and may further include an optical disc, a mechanical hard disk, a solid state hard disk, and the like.
An embodiment of the present application further provides a computing device, where the computing device may include the anti-rollback apparatus 60 of the terminal shown in fig. 6. Alternatively, the computing device may comprise a memory having stored thereon a computer program operable on the processor, and a processor which, when running the computer program, performs the steps of the anti-rollback method of any of the terminals of fig. 1-5.
In the embodiments of the present application, the processor may be a general-purpose processor, a digital signal processor, an application specific integrated circuit, a field programmable gate array or other programmable logic device, a discrete gate or transistor logic device, or a discrete hardware component, and may implement or execute the methods, steps, and logic blocks disclosed in the embodiments of the present application. A general purpose processor may be a microprocessor or any conventional processor or the like. The steps of a method disclosed in connection with the embodiments of the present application may be directly implemented by a hardware processor, or may be implemented by a combination of hardware and software modules in a processor.
In the embodiment of the present application, the memory may be a non-volatile memory, such as a Hard Disk Drive (HDD) or a solid-state drive (SSD), and may also be a volatile memory (e.g., a random-access memory (RAM)). The memory is any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer, but is not limited to such. The memory in the embodiments of the present application may also be a circuit or any other device capable of implementing a storage function for storing a computer program and/or data.
The method provided by the embodiment of the present application may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. The procedures or functions according to the embodiments of the present application are wholly or partially generated when the computer program is loaded and executed on a computer. The computer may be a general purpose computer, a special purpose computer, a computer network, a network appliance, a user device, or other programmable apparatus. The computer program may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another computer readable storage medium, for example, the computer instructions may be transmitted from one website, computer, server, or data center to another website, computer, server, or data center via wire (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL)), or wireless (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that incorporates one or more of the available media. The usable medium may be a magnetic medium (e.g., a floppy disk, a hard disk, a magnetic tape), an optical medium (e.g., a Digital Video Disk (DVD)), or a semiconductor medium (e.g., an SSD), among others.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.
It should be noted that for simplicity of description, the above-mentioned embodiments of the method are described as a series of acts, but those skilled in the art should understand that the present application is not limited by the described order of acts, as some steps may be performed in other orders or simultaneously according to the present application. Further, those skilled in the art will recognize that the embodiments described in this specification are preferred embodiments and that acts or modules referred to are not necessarily required for this application.
In the foregoing embodiments, the descriptions of the respective embodiments have respective emphasis, any multiple embodiments may be used in combination, and reference may be made to relevant descriptions of other embodiments for parts that are not described in detail in a certain embodiment.
In implementation, the steps of the above method may be performed by integrated logic circuits of hardware in a processor or instructions in the form of software. The steps of a method disclosed in connection with the embodiments of the present application may be directly implemented by a hardware processor, or may be implemented by a combination of hardware and software elements in a processor. The software elements may be located in ram, flash, rom, prom, or eprom, registers, etc. as is well known in the art. The storage medium is located in a memory, and a processor executes instructions in the memory, in combination with hardware thereof, to perform the steps of the above-described method. To avoid repetition, it is not described in detail here.
In the embodiment of the present application, the processor of the above apparatus may be a Central Processing Unit (CPU), and the processor may also be other general processors, Digital Signal Processors (DSP), Application Specific Integrated Circuits (ASIC), Field Programmable Gate Arrays (FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, and the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
Embodiments of the present application also provide a computer program product comprising a non-transitory computer readable storage medium storing a computer program operable to cause a computer to perform some or all of the steps of any of the methods as described in the above method embodiments. The computer program product may be a software installation package.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus may be implemented in other manners. For example, the above-described embodiments of the apparatus are merely illustrative, and for example, the above-described division of the units is only one type of division of logical functions, and there may be other divisions when actually implementing, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted, or not implemented. In addition, the shown or discussed coupling or direct coupling or communication connection between each other may be through some interfaces, indirect coupling or communication connection between devices or units, and may be in an electrical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiments of the present application.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit may be stored in a computer readable memory if it is implemented in the form of a software functional unit and sold or used as a stand-alone product. Based on such understanding, the technical solution of the present application may be substantially or partially contributed by the prior art, or all or part of the technical solution may be embodied in a software product, which is stored in a memory and includes several instructions for causing a computer device (which may be a personal computer, a server, or a TRP, etc.) to execute all or part of the steps of the method of the embodiments of the present application. And the aforementioned memory comprises: a U-disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic or optical disk, and other various media capable of storing program codes.
It should be understood that the term "and/or" herein is merely one type of association relationship that describes an associated object, meaning that three relationships may exist, e.g., a and/or B may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" in this document indicates that the former and latter related objects are in an "or" relationship.
The "plurality" appearing in the embodiments of the present application means two or more.
The descriptions of the first, second, etc. appearing in the embodiments of the present application are only for illustrating and differentiating the objects, and do not represent the order or the particular limitation of the number of the devices in the embodiments of the present application, and do not constitute any limitation to the embodiments of the present application.
The term "connect" in the embodiments of the present application refers to various connection manners, such as direct connection or indirect connection, to implement communication between devices, which is not limited in this embodiment of the present application.
The foregoing detailed description of the embodiments of the present application has been presented to illustrate the principles and implementations of the present application, and the above description of the embodiments is only provided to help understand the method and the core concept of the present application; meanwhile, for a person skilled in the art, according to the idea of the present application, the specific implementation manner and the application scope may be changed, and in summary, the content of the present specification should not be construed as a limitation to the present application.
Claims (12)
1. An anti-rollback method of a terminal, the method comprising:
when the terminal is started, acquiring the current startup and shutdown times and/or transaction verification values;
determining whether the terminal generates version rollback according to the current startup and shutdown times, and/or determining whether the terminal generates transaction rollback according to the current transaction verification value;
the method comprises the steps that the number of times of power on/off is increased by one when the terminal is powered on/off every time, and a transaction verification value is randomly generated when the terminal conducts transaction every time.
2. The method of claim 1, further comprising:
when the terminal is powered off, acquiring the current power-on and power-off times as a first key, and encrypting data in a first preset storage space by using the first key to obtain and store a first ciphertext;
performing hash operation on the data in the first preset storage space to obtain a first hash value;
the determining whether the terminal has version rollback according to the current power on/off times includes:
acquiring reference times, wherein the reference times are the startup and shutdown times recorded when the version of the terminal is upgraded;
when the current power-on and power-off times are larger than or equal to the reference times, the current power-on and power-off times are used as a second key, and the second key is used for decrypting the first ciphertext to obtain a first plaintext;
performing hash operation on the first plaintext to obtain a second hash value;
and if the first hash value is consistent with the second hash value, determining that the terminal does not generate the version rollback.
3. The method of claim 1, further comprising:
when the terminal is powered off, acquiring a current transaction verification value as a third key, and encrypting data in a second preset storage space by using the third key to obtain and store a second ciphertext;
performing hash operation on the data in the second preset storage space to obtain a third hash value;
the determining whether the transaction rollback occurs in the terminal according to the current transaction verification value includes:
taking the current transaction verification value as a fourth key, and decrypting the second ciphertext by using the fourth key to obtain a second plaintext;
performing hash operation on the second plaintext to obtain a fourth hash value;
and if the third hash value is consistent with the fourth hash value, determining that the transaction rollback does not occur in the terminal.
4. The method of claim 1, further comprising:
when the terminal is powered off, acquiring the current power-on and power-off times and a transaction verification value;
calculating the current startup and shutdown times and the transaction verification value according to a preset algorithm to obtain a fifth key, and encrypting data in a third preset storage space by using the fifth key to obtain and store a third ciphertext;
performing hash operation on the data in the third preset storage space to obtain a fifth hash value;
the determining whether the terminal has version rollback according to the current startup and shutdown times and determining whether the terminal has transaction rollback according to the current transaction verification value includes:
acquiring reference times, wherein the reference times are the startup and shutdown times recorded when the version of the terminal is upgraded;
when the current power-on and power-off times are larger than or equal to the reference times, calculating the current power-on and power-off times and the transaction verification value according to the preset algorithm to obtain a sixth secret key, and decrypting the third ciphertext by using the sixth secret key to obtain a third plaintext;
performing hash operation on the third plain text to obtain a sixth hash value;
and if the fifth hash value is consistent with the sixth hash value, determining that the terminal does not have version rollback or transaction rollback.
5. The method according to any one of claims 1 to 4, further comprising: and storing the transaction verification value when each transaction is finished or abnormal power failure occurs.
6. The method according to any of claims 1 to 4, wherein the number of power-ups and/or the transaction verification value is stored in a one-time programmable memory of the terminal.
7. The method according to any one of claims 1 to 4, wherein the number of power-ups and/or the transaction verification value are stored in a one-time programmable memory of the terminal and in a backup space at the same time; the acquiring the current startup and shutdown times and/or the transaction verification value comprises:
respectively acquiring the startup and shutdown times and/or the transaction verification value from the one-time programmable memory and the backup space;
and comparing whether the data stored in the one-time programmable memory and the backup space are consistent, if so, continuing to execute the step of determining whether the terminal has version rollback according to the current startup and shutdown times, and/or determining whether the terminal has transaction rollback according to the current transaction verification value.
8. The method according to any one of claims 1 to 4, further comprising: and if the terminal has version rollback or transaction rollback, the terminal is not allowed to be started.
9. The method according to any one of claims 1 to 4, further comprising: and if the transaction rollback occurs in the terminal, continuing to execute the starting operation and outputting an alarm prompt.
10. An anti-rollback apparatus of a terminal, comprising:
the storage data acquisition module is used for acquiring the current startup and shutdown times and/or transaction verification values when the terminal is started;
the rollback judging module is used for determining whether the terminal generates version rollback according to the current startup and shutdown times and/or determining whether the terminal generates transaction rollback according to the current transaction verification value;
the method comprises the steps that the number of times of power on/off is increased by one when the terminal is powered on/off every time, and a transaction verification value is randomly generated when the terminal conducts transaction every time.
11. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 9.
12. A computing device comprising the anti-rollback apparatus of the terminal according to claim 10, or comprising a memory and a processor, the memory having stored thereon a computer program being executable on the processor, wherein the processor, when executing the computer program, performs the steps of the method according to any one of claims 1-9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210663432.5A CN115048640A (en) | 2022-06-13 | 2022-06-13 | Anti-rollback method and device for terminal, computer readable storage medium and computing equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210663432.5A CN115048640A (en) | 2022-06-13 | 2022-06-13 | Anti-rollback method and device for terminal, computer readable storage medium and computing equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115048640A true CN115048640A (en) | 2022-09-13 |
Family
ID=83162274
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210663432.5A Pending CN115048640A (en) | 2022-06-13 | 2022-06-13 | Anti-rollback method and device for terminal, computer readable storage medium and computing equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115048640A (en) |
-
2022
- 2022-06-13 CN CN202210663432.5A patent/CN115048640A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP6189569B1 (en) | Integrated circuit for determining whether data stored in external non-volatile memory is valid | |
| US9652755B2 (en) | Method and system for securely updating field upgradeable units | |
| EP2727040B1 (en) | A secure hosted execution architecture | |
| US20130254906A1 (en) | Hardware and Software Association and Authentication | |
| CN105122261A (en) | Recovering from compromised system boot code | |
| CN104951701B (en) | A kind of method of the terminal device booting operating system based on USB controller | |
| CN101578609A (en) | Secure booting a computing device | |
| CN104462965A (en) | Method for verifying integrity of application program and network device | |
| WO2017133559A1 (en) | Secure boot method and device | |
| US11228421B1 (en) | Secure secrets to mitigate against attacks on cryptographic systems | |
| WO2022256124A1 (en) | Firmware-based secure tenancy transfer | |
| EP3757838B1 (en) | Warm boot attack mitigations for non-volatile memory modules | |
| CN112148314A (en) | Mirror image verification method, device, equipment and storage medium of embedded system | |
| CN111353150B (en) | Trusted boot method, trusted boot device, electronic equipment and readable storage medium | |
| CN113626819A (en) | Method and system for safely mounting storage device | |
| CN115048640A (en) | Anti-rollback method and device for terminal, computer readable storage medium and computing equipment | |
| CN112966276B (en) | Method, device and medium for safely starting computer | |
| EP4006720A1 (en) | Information processing apparatus and bios management method | |
| CN108228219B (en) | Method and device for verifying BIOS validity during in-band refreshing of BIOS | |
| US11544412B2 (en) | Protection against unintended content change in DRAM during standby mode | |
| CN113886899A (en) | Method, device, equipment and medium for managing service life of automatic driving software | |
| CN106776087B (en) | Terminal equipment and starting method thereof | |
| CN109150534B (en) | Terminal device and data processing method | |
| CN113094109B (en) | Electronic device and control method | |
| CN115221499A (en) | Information processing apparatus, control method thereof, and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |