WO2022252330A1 - Patch-based update method and system for embedded operating system - Google Patents

Patch-based update method and system for embedded operating system Download PDF

Info

Publication number
WO2022252330A1
WO2022252330A1 PCT/CN2021/104185 CN2021104185W WO2022252330A1 WO 2022252330 A1 WO2022252330 A1 WO 2022252330A1 CN 2021104185 W CN2021104185 W CN 2021104185W WO 2022252330 A1 WO2022252330 A1 WO 2022252330A1
Authority
WO
WIPO (PCT)
Prior art keywords
patch
operating system
embedded operating
key
area
Prior art date
Application number
PCT/CN2021/104185
Other languages
French (fr)
Chinese (zh)
Inventor
周杰
程诗猛
张新访
董逢华
Original Assignee
武汉天喻信息产业股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 武汉天喻信息产业股份有限公司 filed Critical 武汉天喻信息产业股份有限公司
Publication of WO2022252330A1 publication Critical patent/WO2022252330A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Stored Programmes (AREA)

Abstract

A patch-based update method and system for an embedded operating system, which method and system relate to the field of smart terminals and smart cards. The method comprises: creating a BOOT area, an OS area, a user data area, a patch information area, a patch code area and a variable area in a storage space of an embedded operating system (S1); generating a key on the basis of the version number of the embedded operating system and a random number generated by the embedded operating system (S2); encrypting a patch for the embedded operating system on the basis of the key, and a FOTA server sending the encrypted patch to a smart terminal to which the embedded operating system belongs (S3); and the smart terminal receiving the patch, decrypting same on the basis of the key, and completing the upgrading and updating of the embedded operating system on the basis of the decrypted patch (S4). By means of the method, the upgrade costs of an embedded operating system can be effectively reduced, and the normal use thereof by a user is ensured.

Description

一种嵌入式操作系统的补丁更新方法及系统A patch update method and system for an embedded operating system 技术领域technical field
本发明涉及智能终端及智能卡领域,具体涉及一种嵌入式操作系统的补丁更新方法及系统。The invention relates to the field of smart terminals and smart cards, in particular to a patch update method and system for an embedded operating system.
背景技术Background technique
随着智能终端及智能卡的普及,智能终端及智能卡已经广泛应用于生活中的各个领域,为日常生活提供了极大地便捷。但是,当智能终端设备或智能卡卖给客户后,如果发现智能终端设备或智能卡存在功能bug(漏洞),或者需要进行功能扩展,则很难采用召回的方式对智能终端设备或智能卡进行升级;此外,如果进行召回升级,操作成本将会非常大,并且,召回过程也可能给客户造成不可挽回的损失。With the popularity of smart terminals and smart cards, smart terminals and smart cards have been widely used in various fields of life, providing great convenience for daily life. However, after the smart terminal device or smart card is sold to the customer, if it is found that the smart terminal device or smart card has a functional bug (loophole), or needs to be expanded, it is difficult to upgrade the smart terminal device or smart card by means of a recall; , if the recall is upgraded, the operating cost will be very high, and the recall process may also cause irreparable losses to customers.
发明内容Contents of the invention
针对现有技术中存在的缺陷,本发明的目的在于提供一种嵌入式操作系统的补丁更新方法及系统,能够有效降低嵌入式操作系统的升级成本,并保证用户的正常使用。Aiming at the defects existing in the prior art, the object of the present invention is to provide a patch update method and system for an embedded operating system, which can effectively reduce the upgrade cost of the embedded operating system and ensure the normal use of the user.
为达到以上目的,本发明提供的一种嵌入式操作系统的补丁更新方法,具体包括以下步骤:In order to achieve the above object, the patch update method of a kind of embedded operating system provided by the present invention specifically comprises the following steps:
在嵌入式操作系统的存储空间中创建BOOT区、OS区、用户数据区、补丁信息区、补丁代码区和变量区;Create BOOT area, OS area, user data area, patch information area, patch code area and variable area in the storage space of the embedded operating system;
基于嵌入式操作系统版本号和嵌入式操作系统生成的随机数,生成密钥;Generate a key based on the version number of the embedded operating system and the random number generated by the embedded operating system;
基于所述密钥对嵌入式操作系统的补丁进行加密,FOTA服务器 将加密后的补丁发至嵌入式操作系统所属智能终端;The patch of the embedded operating system is encrypted based on the key, and the FOTA server sends the encrypted patch to the intelligent terminal to which the embedded operating system belongs;
智能终端接收补丁并基于所述密钥进行解密,基于解密后的补丁完成嵌入式操作系统的升级更新。The smart terminal receives the patch and decrypts it based on the key, and completes the upgrade of the embedded operating system based on the decrypted patch.
在上述技术方案的基础上,On the basis of the above technical solutions,
所述BOOT区用于保存中断向量表、通讯代码、加解密代码和FLASH/EEPROM读写代码;The BOOT area is used to save interrupt vector tables, communication codes, encryption and decryption codes and FLASH/EEPROM read and write codes;
所述OS区用于保存OS代码;The OS area is used to store OS codes;
所述用户数据区用于存储OS运行过程需保存的数据;The user data area is used to store data to be saved during OS operation;
所述补丁信息区用于存储补丁起效标志、补丁版本信息和补丁长度;The patch information area is used to store the patch effective flag, patch version information and patch length;
所述补丁代码区用于存储补丁;The patch code area is used to store patches;
所述变量区用于存储OS运行过程产生的临时标量。The variable area is used to store temporary scalars generated by the operating process of the OS.
在上述技术方案的基础上,在基于嵌入式操作系统版本号和嵌入式操作系统生成的随机数,生成密钥之前,还包括:On the basis of the above technical solution, before generating the key based on the version number of the embedded operating system and the random number generated by the embedded operating system, it also includes:
基于网络通讯方式,FOTA服务器查询嵌入式操作系统的版本号;Based on the network communication method, the FOTA server queries the version number of the embedded operating system;
智能终端将嵌入式操作系统的版本号发至FOTA服务器;The smart terminal sends the version number of the embedded operating system to the FOTA server;
FOTA服务器基于嵌入式操作系统的版本号判断嵌入式操作系统是否需要升级:The FOTA server judges whether the embedded operating system needs to be upgraded based on the version number of the embedded operating system:
若是,则基于嵌入式操作系统版本号和嵌入式操作系统生成的随机数,生成密钥;If so, generate a key based on the version number of the embedded operating system and the random number generated by the embedded operating system;
若否,则结束。If not, end.
在上述技术方案的基础上,所述基于嵌入式操作系统版本号和嵌入式操作系统生成的随机数,生成密钥,具体步骤包括:On the basis of the above technical solution, the random number generated based on the version number of the embedded operating system and the embedded operating system is used to generate a key, and the specific steps include:
嵌入式操作系统生成随机数,并将生成的随机数发至FOTA服务器;The embedded operating system generates random numbers and sends the generated random numbers to the FOTA server;
FOTA服务器将随机数和嵌入式操作系统版本号填充为分散因子,对补丁下载加解密密钥进行分散,得到用于对补丁进行加密的密钥;The FOTA server fills the random number and the version number of the embedded operating system as a dispersion factor, and disperses the encryption and decryption keys for patch download to obtain the key for encrypting the patch;
嵌入式操作系统将随机数和嵌入式操作系统版本号填充为分散因子,对补丁下载加解密密钥进行分散,得到用于对补丁进行解密的密钥。The embedded operating system fills the random number and the version number of the embedded operating system as a dispersion factor, disperses the encryption and decryption keys for downloading the patch, and obtains the key for decrypting the patch.
在上述技术方案的基础上,在基于所述密钥对嵌入式操作系统的补丁进行加密之前,还包括:On the basis of the above technical solution, before encrypting the patch of the embedded operating system based on the key, it also includes:
智能终端生产商开发生成嵌入式操作系统的补丁,并将补丁转化为HEX或BIN文件;Smart terminal manufacturers develop and generate patches for embedded operating systems, and convert the patches into HEX or BIN files;
FOTA服务器获取HEX或BIN文件,并对HEX或BIN文件进行打包。The FOTA server obtains the HEX or BIN file and packs the HEX or BIN file.
在上述技术方案的基础上,所述基于所述密钥对嵌入式操作系统的补丁进行加密,FOTA服务器将加密后的补丁发至嵌入式操作系统所属智能终端,具体步骤包括:On the basis of the above technical solution, the patch of the embedded operating system is encrypted based on the key, and the FOTA server sends the encrypted patch to the intelligent terminal to which the embedded operating system belongs. The specific steps include:
FOTA服务器使用用于对补丁进行加密的密钥对打包后的HEX或BIN文件进行加密,得到补丁帧;The FOTA server uses the key used to encrypt the patch to encrypt the packaged HEX or BIN file to obtain the patch frame;
FOTA服务器将补丁帧发至嵌入式操作系统所属智能终端。The FOTA server sends the patch frame to the intelligent terminal to which the embedded operating system belongs.
在上述技术方案的基础上,所述智能终端接收补丁并基于所述密钥进行解密,具体步骤包括:On the basis of the above technical solution, the smart terminal receives the patch and decrypts it based on the key, and the specific steps include:
智能终端接收FOTA服务器发送的补丁帧;The smart terminal receives the patch frame sent by the FOTA server;
智能终端使用临时补丁下载解密密钥对补丁帧进行解密,得到补丁,直至所有补丁帧均接收并解密完成;The smart terminal uses the temporary patch download decryption key to decrypt the patch frame to obtain the patch until all the patch frames are received and decrypted;
其中,临时补丁下载解密密钥的生成过程为:智能终端将随机数和嵌入式操作系统版本号填充为分散因子,对自身存储的补丁下载加 解密密钥进行分散,得到临时补丁下载解密密钥。Among them, the generation process of the temporary patch download decryption key is as follows: the smart terminal fills the random number and the version number of the embedded operating system as a dispersion factor, disperses the patch download encryption and decryption keys stored by itself, and obtains the temporary patch download decryption key .
在上述技术方案的基础上,当所有补丁帧均接收并解密完成之后,还包括:激活补丁程序,保存补丁起效标志、补丁版本信息和补丁长度。On the basis of the above technical solution, after all the patch frames are received and decrypted, it also includes: activating the patch program, saving the patch effective flag, patch version information and patch length.
在上述技术方案的基础上,所述基于解密后的补丁完成嵌入式操作系统的升级更新,具体步骤包括:On the basis of the above-mentioned technical solution, the upgrade update of the embedded operating system is completed based on the decrypted patch, and the specific steps include:
FOTA服务器向智能终端发送补丁激活指令,所述补丁激活指令中包括CRC32校验码;The FOTA server sends a patch activation command to the smart terminal, and the patch activation command includes a CRC32 check code;
智能终端接收补丁激活指令,并判断自身存储的补丁CRC32校验码与补丁激活指令中的CRC32校验码是否一致:The smart terminal receives the patch activation command and judges whether the patch CRC32 check code stored by itself is consistent with the CRC32 check code in the patch activation command:
若是,则将补丁的激活标记修改为已激活,并启用补丁,然后基于补丁完成嵌入式操作系统的升级更新;If so, modify the activation flag of the patch to be activated, and enable the patch, and then complete the upgrade of the embedded operating system based on the patch;
若否,则结束。If not, end.
本发明提供的一种嵌入式操作系统的补丁更新系统,包括:A kind of patch updating system of embedded operating system provided by the present invention comprises:
划分模块,其用于在嵌入式操作系统的存储空间中创建BOOT区、OS区、用户数据区、补丁信息区、补丁代码区和变量区;Divide modules, which are used to create BOOT area, OS area, user data area, patch information area, patch code area and variable area in the storage space of the embedded operating system;
生成模块,其用于基于嵌入式操作系统版本号和嵌入式操作系统生成的随机数,生成密钥;A generation module, which is used to generate a key based on the embedded operating system version number and the random number generated by the embedded operating system;
发送模块,其用于基于所述密钥对嵌入式操作系统的补丁进行加密,驱使FOTA服务器将加密后的补丁发至嵌入式操作系统所属智能终端;A sending module, which is used to encrypt the patch of the embedded operating system based on the key, and drives the FOTA server to send the encrypted patch to the smart terminal to which the embedded operating system belongs;
更新模块,其用于驱使智能终端接收补丁并基于所述密钥进行解密,基于解密后的补丁完成嵌入式操作系统的升级更新。The update module is used to drive the smart terminal to receive the patch and decrypt it based on the key, and complete the upgrade and update of the embedded operating system based on the decrypted patch.
与现有技术相比,本发明的优点在于:通过对嵌入式操作系统的补丁进行加密后,FOTA服务器将加密后的补丁发至嵌入式操作系统 所属智能终端,智能终端接收补丁并解密,基于解密后的补丁完成嵌入式操作系统的升级更新,即通过网络的方式实现对嵌入式操作系统的升级更新,无需召回智能终端,有效降低嵌入式操作系统的升级成本,并保证用户的正常使用。Compared with the prior art, the present invention has the advantages that: after encrypting the patch of the embedded operating system, the FOTA server sends the encrypted patch to the smart terminal to which the embedded operating system belongs, and the smart terminal receives and decrypts the patch, based on The decrypted patch completes the upgrade and update of the embedded operating system, that is, the upgrade and update of the embedded operating system is realized through the network, without recalling the smart terminal, which effectively reduces the upgrade cost of the embedded operating system and ensures the normal use of the user.
附图说明Description of drawings
为了更清楚地说明本申请实施例中的技术方案,下面将对实施例描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings that need to be used in the description of the embodiments will be briefly introduced below. Obviously, the drawings in the following description are only some embodiments of the present application. For those skilled in the art, other drawings can also be obtained based on these drawings without creative effort.
图1为本发明实施例中一种嵌入式操作系统的补丁更新方法的流程图。FIG. 1 is a flow chart of a patch update method for an embedded operating system in an embodiment of the present invention.
具体实施方式Detailed ways
本发明实施例提供一种嵌入式操作系统的补丁更新方法,通过对嵌入式操作系统的补丁进行加密后,FOTA服务器将加密后的补丁发至嵌入式操作系统所属智能终端,智能终端接收补丁并解密,基于解密后的补丁完成嵌入式操作系统的升级更新,即通过网络的方式实现对嵌入式操作系统的升级更新,无需召回智能终端,有效降低嵌入式操作系统的升级成本,并保证用户的正常使用。本发明实施例相应地还提供了一种嵌入式操作系统的补丁更新系统。An embodiment of the present invention provides a patch update method for an embedded operating system. After encrypting the patch of the embedded operating system, the FOTA server sends the encrypted patch to the smart terminal to which the embedded operating system belongs, and the smart terminal receives the patch and Decryption, the upgrade of the embedded operating system is completed based on the decrypted patch, that is, the upgrade and update of the embedded operating system is realized through the network, without recalling the smart terminal, which effectively reduces the upgrade cost of the embedded operating system and guarantees the user's safety. Normal use. Correspondingly, the embodiment of the present invention also provides a patch update system for an embedded operating system.
为使本申请实施例的目的、技术方案和优点更加清楚,下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本申请的一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动的前提下所获得的所有其他实施例,都属于本申请 保护的范围。In order to make the purposes, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below in conjunction with the drawings in the embodiments of the present application. Obviously, the described embodiments It is a part of the embodiments of this application, but not all of them. Based on the embodiments in this application, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the scope of protection of this application.
参见图1所示,本发明实施例提供一种嵌入式操作系统的补丁更新方法,用于对满足下列特征的智能设备或智能卡进行FOTA(Firmware Over-the-Air,智能终端的空中下载软件升级)操作:1、智能设备或智能卡已经在正常使用阶段;2、有功能bug需要修改;3、有功能扩展需要支持,需要更新系统功能;4、操作系统更新支持FOTA方式;5、操作系统更新过程不影响用户数据。本发明实施例中所述的嵌入式操作系统包含智能卡COS(China Operating System,自主操作系统)。Referring to Fig. 1, an embodiment of the present invention provides a patch update method for an embedded operating system, which is used to perform FOTA (Firmware Over-the-Air, software upgrade over the air for intelligent terminals) to smart devices or smart cards that meet the following characteristics ) operation: 1. The smart device or smart card is already in normal use; 2. There is a functional bug that needs to be modified; 3. There is a function expansion that needs to be supported, and the system function needs to be updated; 4. The operating system update supports FOTA; 5. The operating system is updated The process does not affect user data. The embedded operating system described in the embodiment of the present invention includes a smart card COS (China Operating System, autonomous operating system).
具体的,本发明实施例的一种嵌入式操作系统的补丁更新方法包括以下步骤:Specifically, a patch update method for an embedded operating system in an embodiment of the present invention includes the following steps:
S1:在嵌入式操作系统的存储空间中创建BOOT(引导)区、OS(operation system,操作系统)区、用户数据区、补丁信息区、补丁代码区和变量区。S1: Create a BOOT (boot) area, an OS (operation system, operating system) area, a user data area, a patch information area, a patch code area, and a variable area in the storage space of the embedded operating system.
本发明实施例中,BOOT区用于保存中断向量表、通讯代码、加解密代码和FLASH(闪存)/EEPROM(Electrically Erasable Programmable Read-Only Memory,电可擦编程只读存储器)读写代码,BOOT区可以是ROM(Read-Only Memory,只读存储器);OS区用于保存OS代码,OS区中还包括ECASD(Embedded-Controlling Authority Security Domain,嵌入式控制授权安全域),整个系统的下载补丁功能由ECASD来完成,OS区可以是ROM;用户数据区用于存储OS运行过程需保存的数据,用户数据区为非易失性存储区掉电信息不丢失;补丁信息区用于存储补丁起效标志、补丁版本信息和补丁长度,补丁信息区为非易失性存储区;补丁代码区用于存储补丁,即对补丁代码进行存储,补丁代码区为非易失性存储区;变量区用于 存储OS运行过程产生的临时标量,变量区为RAM(Random Access Memory,随机存取存储器)区,掉电信息丢失。In the embodiment of the present invention, the BOOT area is used to save the interrupt vector table, communication codes, encryption and decryption codes, and FLASH (flash memory)/EEPROM (Electrically Erasable Programmable Read-Only Memory, Electrically Erasable Programmable Read-Only Memory) read and write codes, BOOT The area can be ROM (Read-Only Memory, read-only memory); the OS area is used to save the OS code, and the OS area also includes ECASD (Embedded-Controlling Authority Security Domain, embedded control authorization security domain), download patches for the entire system The function is completed by ECASD, the OS area can be ROM; the user data area is used to store the data that needs to be saved during the operation of the OS, and the user data area is a non-volatile storage area that will not lose the power-off information; the patch information area is used to store the patch The patch information area is a non-volatile storage area; the patch code area is used to store patches, that is, the patch code is stored, and the patch code area is a non-volatile storage area; the variable area is used To store temporary scalars generated during OS operation, the variable area is RAM (Random Access Memory, random access memory) area, and the power-off information is lost.
S2:基于嵌入式操作系统版本号和嵌入式操作系统生成的随机数,生成密钥;S2: Generate a key based on the version number of the embedded operating system and the random number generated by the embedded operating system;
S3:基于所述密钥对嵌入式操作系统的补丁进行加密,FOTA服务器将加密后的补丁发至嵌入式操作系统所属智能终端;S3: Encrypt the patch of the embedded operating system based on the key, and the FOTA server sends the encrypted patch to the smart terminal to which the embedded operating system belongs;
S4:智能终端接收补丁并基于所述密钥进行解密,基于解密后的补丁完成嵌入式操作系统的升级更新。S4: The smart terminal receives the patch and decrypts it based on the key, and completes the upgrade of the embedded operating system based on the decrypted patch.
本发明实施例中,在基于嵌入式操作系统版本号和嵌入式操作系统生成的随机数,生成密钥之前,还包括:In the embodiment of the present invention, before generating the key based on the embedded operating system version number and the random number generated by the embedded operating system, it also includes:
S201:基于网络通讯方式,FOTA服务器查询嵌入式操作系统的版本号;S201: Based on the network communication method, the FOTA server queries the version number of the embedded operating system;
S202:智能终端将嵌入式操作系统的版本号发至FOTA服务器;S202: The smart terminal sends the version number of the embedded operating system to the FOTA server;
具体的,FOTA服务器通过网络查询嵌入式操作系统的版本号、OS校验和、补丁激活状态与校验和,查询命令如下表1所示:Specifically, the FOTA server queries the version number, OS checksum, patch activation status and checksum of the embedded operating system through the network, and the query commands are shown in Table 1 below:
表1Table 1
value 长度length 说明illustrate
8080 11 CLACLA
CACA 11 INSINS
2A2A 11 P1P1
0505 11 P2P2
0E0E 11 LeLe
表1中,CLA表示指令类别,INS表示指令码,P1表示参数1,P2表示参数2,Le表示指令期望返回数据长度。In Table 1, CLA indicates the instruction category, INS indicates the instruction code, P1 indicates parameter 1, P2 indicates parameter 2, and Le indicates the expected return data length of the instruction.
智能终端针对查询命令,返回的数据,数据格式为:OS版本号(2字节)+OS校验和(4字节)+补丁激活状态(4字节)+补丁校验和(4字节)。The smart terminal returns data to the query command, and the data format is: OS version number (2 bytes) + OS checksum (4 bytes) + patch activation status (4 bytes) + patch checksum (4 bytes ).
S203:FOTA服务器基于嵌入式操作系统的版本号判断嵌入式操 作系统是否需要升级:若是,则基于嵌入式操作系统版本号和嵌入式操作系统生成的随机数,生成密钥;若否,则结束。S203: The FOTA server judges whether the embedded operating system needs to be upgraded based on the version number of the embedded operating system: if so, generates a key based on the version number of the embedded operating system and the random number generated by the embedded operating system; if not, ends .
本发明实施例中,基于嵌入式操作系统版本号和嵌入式操作系统生成的随机数,生成密钥,具体步骤包括:In the embodiment of the present invention, the key is generated based on the version number of the embedded operating system and the random number generated by the embedded operating system, and the specific steps include:
S211:嵌入式操作系统生成随机数,并将生成的随机数发至FOTA服务器;生成的随机数为8字节。S211: The embedded operating system generates a random number, and sends the generated random number to the FOTA server; the generated random number is 8 bytes.
FOTA服务器向嵌入式操作系统发送随机数生成命令,嵌入式操作系统基于随机数生成命令生成随机数,随机数生成命令如下表2所示:The FOTA server sends a random number generation command to the embedded operating system, and the embedded operating system generates a random number based on the random number generation command. The random number generation command is shown in Table 2 below:
表2Table 2
value 长度length 说明illustrate
8080 11 CLACLA
E2E2 11 INSINS
8888 11 P1P1
0000 11 P2P2
44 11 LcLc
LengthLength 44 补丁代码总长度Total patch code length
88 11 Le,取8字节随机数Le, take an 8-byte random number
S212:FOTA服务器将随机数和嵌入式操作系统版本号填充为分散因子,对补丁下载加解密密钥进行分散,得到用于对补丁进行加密的密钥;S212: The FOTA server fills the random number and the version number of the embedded operating system as a dispersion factor, disperses the encryption and decryption keys for downloading the patch, and obtains the key for encrypting the patch;
具体的,FOTA服务器将8字节的随机数和嵌入式操作系统版本号填充为16字节的分散因子,对补丁下载加解密密钥进行分散,得到用于对补丁进行加密的密钥。Specifically, the FOTA server fills the 8-byte random number and the version number of the embedded operating system into a 16-byte dispersal factor, disperses the encryption and decryption keys for downloading the patch, and obtains the key for encrypting the patch.
S213:嵌入式操作系统将随机数和嵌入式操作系统版本号填充为分散因子,对补丁下载加解密密钥进行分散,得到用于对补丁进行解密的密钥。S213: The embedded operating system fills the random number and the version number of the embedded operating system as a dispersion factor, and disperses the encryption and decryption keys for downloading the patch to obtain a key for decrypting the patch.
具体的,嵌入式操作系统将8字节的随机数和嵌入式操作系统版本号填充为16字节的分散因子,对补丁下载加解密密钥进行分散, 得到用于对补丁进行解密的密钥。Specifically, the embedded operating system fills the 8-byte random number and the version number of the embedded operating system into a 16-byte dispersion factor, disperses the encryption and decryption keys for downloading the patch, and obtains the key for decrypting the patch .
本发明实施例中:在基于所述密钥对嵌入式操作系统的补丁进行加密之前,还包括:In the embodiment of the present invention: before encrypting the patch of the embedded operating system based on the key, it also includes:
S311:智能终端生产商开发生成嵌入式操作系统的补丁,并将补丁转化为HEX或BIN文件;HEX和BIN均为文件的一种格式。S311: The smart terminal manufacturer develops and generates a patch for the embedded operating system, and converts the patch into a HEX or BIN file; both HEX and BIN are file formats.
S312:FOTA服务器获取HEX或BIN文件,并对HEX或BIN文件进行打包。S312: The FOTA server obtains the HEX or BIN file, and packs the HEX or BIN file.
本发明实施例中:基于所述密钥对嵌入式操作系统的补丁进行加密,FOTA服务器将加密后的补丁发至嵌入式操作系统所属智能终端,具体步骤包括:In the embodiment of the present invention: the patch of the embedded operating system is encrypted based on the key, and the FOTA server sends the encrypted patch to the smart terminal to which the embedded operating system belongs. The specific steps include:
S321:FOTA服务器使用用于对补丁进行加密的密钥对打包后的HEX或BIN文件进行加密,得到补丁帧;S321: the FOTA server encrypts the packaged HEX or BIN file using the key used to encrypt the patch to obtain a patch frame;
补丁帧的格式如下表3所示:The format of the patch frame is shown in Table 3 below:
表3table 3
value 长度length 说明illustrate
8080 11 CLACLA
E2E2 11 INSINS
8888 11 P1P1
0000 11 P2P2
xxxxx 11 LcLc
偏移offset 44 当前帧补丁数据偏移Current frame patch data offset
代码the code xx-4xx-4 当前帧补丁代码(密文)Current frame patch code (ciphertext)
S322:FOTA服务器将补丁帧发至嵌入式操作系统所属智能终端。S322: The FOTA server sends the patch frame to the smart terminal to which the embedded operating system belongs.
本发明实施例中,智能终端接收补丁并基于所述密钥进行解密,具体步骤包括:In the embodiment of the present invention, the smart terminal receives the patch and decrypts it based on the key, and the specific steps include:
S401:智能终端接收FOTA服务器发送的补丁帧;S401: The smart terminal receives the patch frame sent by the FOTA server;
S402:智能终端使用临时补丁下载解密密钥对对补丁帧进行解密,得到补丁,直至所有补丁帧均接收并解密完成。S402: The smart terminal decrypts the patch frame by using the temporary patch download decryption key pair to obtain the patch, until all the patch frames are received and decrypted.
其中,临时补丁下载解密密钥的生成过程为:智能终端将随机数和嵌入式操作系统版本号填充为分散因子,对自身存储的补丁下载加解密密钥进行分散,得到临时补丁下载解密密钥。Among them, the generation process of the temporary patch download decryption key is as follows: the smart terminal fills the random number and the version number of the embedded operating system as a dispersion factor, disperses the patch download encryption and decryption keys stored by itself, and obtains the temporary patch download decryption key .
FOTA服务器使用用于对补丁进行加密的密钥对打包后的HEX或BIN文件进行加密,得到的补丁帧为多个,每次仅发送一个补丁帧至智能终端,智能终端接收补丁帧并解密后,验证补丁帧的正确性和完整性,验证通过则存储该补丁帧,然后FOTA服务器向智能终端发送下一个补丁帧,直至所有补丁帧发送并存储完毕,补丁帧下载完成后,验证校验和。The FOTA server encrypts the packaged HEX or BIN file with the key used to encrypt the patch, and obtains multiple patch frames. Only one patch frame is sent to the smart terminal each time, and the smart terminal receives the patch frame and decrypts it. , verify the correctness and integrity of the patch frame, store the patch frame if the verification is passed, then the FOTA server sends the next patch frame to the smart terminal, until all the patch frames are sent and stored, after the patch frame is downloaded, verify the checksum .
本发明实施例中,当所有补丁帧均接收并解密完成之后,还包括:激活补丁程序,保存补丁起效标志、补丁版本信息和补丁长度。In the embodiment of the present invention, after all the patch frames are received and decrypted, it further includes: activating the patch program, saving the patch effective flag, patch version information and patch length.
本发明实施例中,基于解密后的补丁完成嵌入式操作系统的升级更新,具体步骤包括:In the embodiment of the present invention, the upgrade update of the embedded operating system is completed based on the decrypted patch, and the specific steps include:
S411:FOTA服务器向智能终端发送补丁激活指令,所述补丁激活指令中包括CRC32校验码;S411: The FOTA server sends a patch activation instruction to the smart terminal, and the patch activation instruction includes a CRC32 check code;
补丁激活指令如下表4所示:The patch activation instructions are shown in Table 4 below:
表4Table 4
value 长度length 说明illustrate
8080 11 CLACLA
E2E2 11 INSINS
8888 11 P1P1
0000 11 P2P2
0404 11 LcLc
CRC32CRC32 44 所有补丁的CRC32校验码CRC32 checksum of all patches
S412:智能终端接收补丁激活指令,并判断自身存储的补丁CRC32校验码与补丁激活指令中的CRC32校验码是否一致:若是,则将补丁的激活标记修改为已激活,并启用补丁,然后基于补丁完成嵌入式操作系统的升级更新;若否,则结束。S412: The smart terminal receives the patch activation instruction, and judges whether the patch CRC32 check code stored by itself is consistent with the CRC32 check code in the patch activation instruction: if yes, then modify the activation flag of the patch to be activated, and enable the patch, and then Complete the upgrade and update of the embedded operating system based on the patch; if not, end.
对于补丁的启用,嵌入式操作系统运行相关函数,检查补丁的激活标记,若补丁的激活标记无效,则继续运行该函数,若补丁的激活标记有效,则跳转至补丁函数入口,运行补丁函数。For the activation of the patch, the embedded operating system runs related functions to check the activation flag of the patch. If the activation flag of the patch is invalid, continue to run the function. If the activation flag of the patch is valid, it jumps to the entry of the patch function and runs the patch function. .
本发明实施例的嵌入式操作系统的补丁更新方法,通过对嵌入式操作系统的补丁进行加密后,FOTA服务器将加密后的补丁发至嵌入式操作系统所属智能终端,智能终端接收补丁并解密,基于解密后的补丁完成嵌入式操作系统的升级更新,即通过网络的方式实现对嵌入式操作系统的升级更新,无需召回智能终端,有效降低嵌入式操作系统的升级成本,并保证用户的正常使用。In the patch update method of the embedded operating system in the embodiment of the present invention, after encrypting the patch of the embedded operating system, the FOTA server sends the encrypted patch to the smart terminal to which the embedded operating system belongs, and the smart terminal receives the patch and decrypts it. Complete the upgrade and update of the embedded operating system based on the decrypted patch, that is, realize the upgrade and update of the embedded operating system through the network, without recalling the smart terminal, effectively reduce the upgrade cost of the embedded operating system, and ensure the normal use of users .
本发明实施例提供的一种嵌入式操作系统的补丁更新系统,包括划分模块、生成模块、发送模块和更新模块。A patch update system for an embedded operating system provided by an embodiment of the present invention includes a division module, a generation module, a sending module and an update module.
划分模块用于在嵌入式操作系统的存储空间中创建BOOT区、OS区、用户数据区、补丁信息区、补丁代码区和变量区;生成模块用于基于嵌入式操作系统版本号和嵌入式操作系统生成的随机数,生成密钥;发送模块用于基于所述密钥对嵌入式操作系统的补丁进行加密,驱使FOTA服务器将加密后的补丁发至嵌入式操作系统所属智能终端;更新模块用于驱使智能终端接收补丁并基于所述密钥进行解密,基于解密后的补丁完成嵌入式操作系统的升级更新。The division module is used to create BOOT area, OS area, user data area, patch information area, patch code area and variable area in the storage space of the embedded operating system; the generation module is used to base on the embedded operating system version number and embedded operation The random number generated by the system generates a key; the sending module is used to encrypt the patch of the embedded operating system based on the key, and drives the FOTA server to send the encrypted patch to the smart terminal to which the embedded operating system belongs; the update module uses To drive the smart terminal to receive the patch and decrypt it based on the key, and complete the upgrade of the embedded operating system based on the decrypted patch.
以上所述仅是本申请的具体实施方式,使本领域技术人员能够理解或实现本申请。对这些实施例的多种修改对本领域的技术人员来说将是显而易见的,本文中所定义的一般原理可以在不脱离本申请的精神或范围的情况下,在其它实施例中实现。因此,本申请将不会被限制于本文所示的这些实施例,而是要符合与本文所申请的原理和新颖特点相一致的最宽的范围。The above descriptions are only specific implementation manners of the present application, so that those skilled in the art can understand or implement the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the general principles defined herein may be implemented in other embodiments without departing from the spirit or scope of the application. Therefore, the present application will not be limited to the embodiments shown herein, but is to be accorded the widest scope consistent with the principles and novel features claimed herein.
本发明是参照根据本发明实施例的方法、设备(系统)和计算机 程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It should be understood that each procedure and/or block in the flowchart and/or block diagram, and a combination of procedures and/or blocks in the flowchart and/or block diagram can be realized by computer program instructions. These computer program instructions may be provided to a general purpose computer, special purpose computer, embedded processor, or processor of other programmable data processing equipment to produce a machine such that the instructions executed by the processor of the computer or other programmable data processing equipment produce a An apparatus for realizing the functions specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.

Claims (10)

  1. 一种嵌入式操作系统的补丁更新方法,其特征在于,具体包括以下步骤:A patch updating method for an embedded operating system is characterized in that it specifically comprises the following steps:
    在嵌入式操作系统的存储空间中创建BOOT区、OS区、用户数据区、补丁信息区、补丁代码区和变量区;Create BOOT area, OS area, user data area, patch information area, patch code area and variable area in the storage space of the embedded operating system;
    基于嵌入式操作系统版本号和嵌入式操作系统生成的随机数,生成密钥;Generate a key based on the version number of the embedded operating system and the random number generated by the embedded operating system;
    基于所述密钥对嵌入式操作系统的补丁进行加密,FOTA服务器将加密后的补丁发至嵌入式操作系统所属智能终端;The patch of the embedded operating system is encrypted based on the key, and the FOTA server sends the encrypted patch to the intelligent terminal to which the embedded operating system belongs;
    智能终端接收补丁并基于所述密钥进行解密,基于解密后的补丁完成嵌入式操作系统的升级更新。The smart terminal receives the patch and decrypts it based on the key, and completes the upgrade of the embedded operating system based on the decrypted patch.
  2. 如权利要求1所述的一种嵌入式操作系统的补丁更新方法,其特征在于:A kind of patch updating method of embedded operating system as claimed in claim 1, is characterized in that:
    所述BOOT区用于保存中断向量表、通讯代码、加解密代码和FLASH/EEPROM读写代码;The BOOT area is used to save interrupt vector tables, communication codes, encryption and decryption codes and FLASH/EEPROM read and write codes;
    所述OS区用于保存OS代码;The OS area is used to store OS codes;
    所述用户数据区用于存储OS运行过程需保存的数据;The user data area is used to store data to be saved during OS operation;
    所述补丁信息区用于存储补丁起效标志、补丁版本信息和补丁长度;The patch information area is used to store the patch effective flag, patch version information and patch length;
    所述补丁代码区用于存储补丁;The patch code area is used to store patches;
    所述变量区用于存储OS运行过程产生的临时标量。The variable area is used to store temporary scalars generated by the operating process of the OS.
  3. 如权利要求1所述的一种嵌入式操作系统的补丁更新方法,其特征在于,在基于嵌入式操作系统版本号和嵌入式操作系统生成的随机数,生成密钥之前,还包括:The patch updating method of a kind of embedded operating system as claimed in claim 1, is characterized in that, before generating the random number based on embedded operating system version number and embedded operating system, generating key, also includes:
    基于网络通讯方式,FOTA服务器查询嵌入式操作系统的版本号;Based on the network communication method, the FOTA server queries the version number of the embedded operating system;
    智能终端将嵌入式操作系统的版本号发至FOTA服务器;The smart terminal sends the version number of the embedded operating system to the FOTA server;
    FOTA服务器基于嵌入式操作系统的版本号判断嵌入式操作系统是否需要升级:The FOTA server judges whether the embedded operating system needs to be upgraded based on the version number of the embedded operating system:
    若是,则基于嵌入式操作系统版本号和嵌入式操作系统生成的随机数,生成密钥;If so, generate a key based on the version number of the embedded operating system and the random number generated by the embedded operating system;
    若否,则结束。If not, end.
  4. 如权利要求1所述的一种嵌入式操作系统的补丁更新方法,其特征在于,所述基于嵌入式操作系统版本号和嵌入式操作系统生成的随机数,生成密钥,具体步骤包括:The patch update method of a kind of embedded operating system as claimed in claim 1, is characterized in that, described based on the random number that embedded operating system version number and embedded operating system generate, generate key, concrete steps comprise:
    嵌入式操作系统生成随机数,并将生成的随机数发至FOTA服务器;The embedded operating system generates random numbers and sends the generated random numbers to the FOTA server;
    FOTA服务器将随机数和嵌入式操作系统版本号填充为分散因子,对补丁下载加解密密钥进行分散,得到用于对补丁进行加密的密钥;The FOTA server fills the random number and the version number of the embedded operating system as a dispersion factor, and disperses the encryption and decryption keys for patch download to obtain the key for encrypting the patch;
    嵌入式操作系统将随机数和嵌入式操作系统版本号填充为分散因子,对补丁下载加解密密钥进行分散,得到用于对补丁进行解密的密钥。The embedded operating system fills the random number and the version number of the embedded operating system as a dispersion factor, disperses the encryption and decryption keys for downloading the patch, and obtains the key for decrypting the patch.
  5. 如权利要求4所述的一种嵌入式操作系统的补丁更新方法,其特征在于,在基于所述密钥对嵌入式操作系统的补丁进行加密之前,还包括:The patch update method of a kind of embedded operating system as claimed in claim 4, is characterized in that, before encrypting the patch of embedded operating system based on said key, also comprises:
    智能终端生产商开发生成嵌入式操作系统的补丁,并将补丁转化为HEX或BIN文件;Smart terminal manufacturers develop and generate patches for embedded operating systems, and convert the patches into HEX or BIN files;
    FOTA服务器获取HEX或BIN文件,并对HEX或BIN文件进行打包。The FOTA server obtains the HEX or BIN file and packs the HEX or BIN file.
  6. 如权利要求5所述的一种嵌入式操作系统的补丁更新方法, 其特征在于,所述基于所述密钥对嵌入式操作系统的补丁进行加密,FOTA服务器将加密后的补丁发至嵌入式操作系统所属智能终端,具体步骤包括:A patch update method for an embedded operating system according to claim 5, wherein the patch of the embedded operating system is encrypted based on the key, and the FOTA server sends the encrypted patch to the embedded The smart terminal to which the operating system belongs, the specific steps include:
    FOTA服务器使用用于对补丁进行加密的密钥对打包后的HEX或BIN文件进行加密,得到补丁帧;The FOTA server uses the key used to encrypt the patch to encrypt the packaged HEX or BIN file to obtain the patch frame;
    FOTA服务器将补丁帧发至嵌入式操作系统所属智能终端。The FOTA server sends the patch frame to the intelligent terminal to which the embedded operating system belongs.
  7. 如权利要求6所述的一种嵌入式操作系统的补丁更新方法,其特征在于,所述智能终端接收补丁并基于所述密钥进行解密,具体步骤包括:A patch update method for an embedded operating system according to claim 6, wherein the smart terminal receives the patch and decrypts it based on the key, and the specific steps include:
    智能终端接收FOTA服务器发送的补丁帧;The smart terminal receives the patch frame sent by the FOTA server;
    智能终端使用临时补丁下载解密密钥对补丁帧进行解密,得到补丁,直至所有补丁帧均接收并解密完成;The smart terminal uses the temporary patch download decryption key to decrypt the patch frame to obtain the patch until all the patch frames are received and decrypted;
    其中,临时补丁下载解密密钥的生成过程为:智能终端将随机数和嵌入式操作系统版本号填充为分散因子,对自身存储的补丁下载加解密密钥进行分散,得到临时补丁下载解密密钥。Among them, the generation process of the temporary patch download decryption key is as follows: the smart terminal fills the random number and the version number of the embedded operating system as a dispersion factor, disperses the patch download encryption and decryption keys stored by itself, and obtains the temporary patch download decryption key .
  8. 如权利要求7所述的一种嵌入式操作系统的补丁更新方法,其特征在于,当所有补丁帧均接收并解密完成之后,还包括:激活补丁程序,保存补丁起效标志、补丁版本信息和补丁长度。The patch update method of a kind of embedded operating system as claimed in claim 7, it is characterized in that, after all patch frames are all received and deciphered, also include: activating the patch program, saving the patch effective sign, patch version information and Patch length.
  9. 如权利要求1所述的一种嵌入式操作系统的补丁更新方法,其特征在于,所述基于解密后的补丁完成嵌入式操作系统的升级更新,具体步骤包括:The patch update method of a kind of embedded operating system as claimed in claim 1, is characterized in that, described based on the patch after deciphering completes the upgrading update of embedded operating system, concrete steps comprise:
    FOTA服务器向智能终端发送补丁激活指令,所述补丁激活指令中包括CRC32校验码;The FOTA server sends a patch activation instruction to the smart terminal, and the patch activation instruction includes a CRC32 check code;
    智能终端接收补丁激活指令,并判断自身存储的补丁CRC32校验码与补丁激活指令中的CRC32校验码是否一致:The smart terminal receives the patch activation command and judges whether the patch CRC32 check code stored by itself is consistent with the CRC32 check code in the patch activation command:
    若是,则将补丁的激活标记修改为已激活,并启用补丁,然后基于补丁完成嵌入式操作系统的升级更新;If so, modify the activation flag of the patch to be activated, and enable the patch, and then complete the upgrade of the embedded operating system based on the patch;
    若否,则结束。If not, end.
  10. 一种嵌入式操作系统的补丁更新系统,其特征在于,包括:A patch update system for an embedded operating system, characterized in that it comprises:
    划分模块,其用于在嵌入式操作系统的存储空间中创建BOOT区、OS区、用户数据区、补丁信息区、补丁代码区和变量区;Divide modules, which are used to create BOOT area, OS area, user data area, patch information area, patch code area and variable area in the storage space of the embedded operating system;
    生成模块,其用于基于嵌入式操作系统版本号和嵌入式操作系统生成的随机数,生成密钥;A generation module, which is used to generate a key based on the embedded operating system version number and the random number generated by the embedded operating system;
    发送模块,其用于基于所述密钥对嵌入式操作系统的补丁进行加密,驱使FOTA服务器将加密后的补丁发至嵌入式操作系统所属智能终端;A sending module, which is used to encrypt the patch of the embedded operating system based on the key, and drives the FOTA server to send the encrypted patch to the smart terminal to which the embedded operating system belongs;
    更新模块,其用于驱使智能终端接收补丁并基于所述密钥进行解密,基于解密后的补丁完成嵌入式操作系统的升级更新。The update module is used to drive the smart terminal to receive the patch and decrypt it based on the key, and complete the upgrade and update of the embedded operating system based on the decrypted patch.
PCT/CN2021/104185 2021-06-02 2021-07-02 Patch-based update method and system for embedded operating system WO2022252330A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202110614911.3A CN113434165A (en) 2021-06-02 2021-06-02 Patch updating method and system for embedded operating system
CN202110614911.3 2021-06-02

Publications (1)

Publication Number Publication Date
WO2022252330A1 true WO2022252330A1 (en) 2022-12-08

Family

ID=77803598

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/104185 WO2022252330A1 (en) 2021-06-02 2021-07-02 Patch-based update method and system for embedded operating system

Country Status (2)

Country Link
CN (1) CN113434165A (en)
WO (1) WO2022252330A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060136898A1 (en) * 2004-09-06 2006-06-22 Bosscha Albert J Method of providing patches for software
CN110162328A (en) * 2019-05-28 2019-08-23 东信和平科技股份有限公司 A kind of smart card operating system upgrade method and device
CN111399894A (en) * 2020-03-23 2020-07-10 恒宝股份有限公司 Smart card, smart card operating system upgrading method and system
CN112672342A (en) * 2021-01-11 2021-04-16 金卡智能集团股份有限公司 Data transmission method, device, equipment, system and storage medium

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7440571B2 (en) * 2002-12-03 2008-10-21 Nagravision S.A. Method for securing software updates
CN103546576B (en) * 2013-10-31 2017-08-11 中安消技术有限公司 A kind of embedded device remote automatic upgrading method and system
SG11201703525SA (en) * 2014-12-29 2017-05-30 Visa Int Service Ass Over-the-air provisioning of application library
CN106251132B (en) * 2016-07-28 2020-03-31 恒宝股份有限公司 HCE offline security improving system and implementation method
CN109257327B (en) * 2017-07-14 2021-01-08 中国电力科学研究院 Communication message safety interaction method and device for power distribution automation system
CN110351314B (en) * 2018-04-03 2023-11-21 厦门雅迅网络股份有限公司 Remote upgrading method of automobile controller and computer readable storage medium
US11321080B2 (en) * 2018-07-19 2022-05-03 Huawei Technologies Co., Ltd. Patch package generation method and device
CN109495307A (en) * 2018-11-27 2019-03-19 北京车和家信息技术有限公司 Method for upgrading system, OTA upgrade package encryption method, terminal device and vehicle
CN110147329B (en) * 2019-05-24 2022-06-14 武汉瓯越网视有限公司 Method, device and terminal for dynamically detecting simulator

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060136898A1 (en) * 2004-09-06 2006-06-22 Bosscha Albert J Method of providing patches for software
CN110162328A (en) * 2019-05-28 2019-08-23 东信和平科技股份有限公司 A kind of smart card operating system upgrade method and device
CN111399894A (en) * 2020-03-23 2020-07-10 恒宝股份有限公司 Smart card, smart card operating system upgrading method and system
CN112672342A (en) * 2021-01-11 2021-04-16 金卡智能集团股份有限公司 Data transmission method, device, equipment, system and storage medium

Also Published As

Publication number Publication date
CN113434165A (en) 2021-09-24

Similar Documents

Publication Publication Date Title
JP5576983B2 (en) Secure boot and configuration of subsystems from non-local storage
US9626513B1 (en) Trusted modular firmware update using digital certificate
US20150095652A1 (en) Encryption and decryption processing method, apparatus, and device
CN102165457B (en) The safety of ticket authorization is installed and is guided
US11947673B2 (en) Over-the-air upgrade method and related apparatus
CN112187544B (en) Firmware upgrading method, device, computer equipment and storage medium
US20200374686A1 (en) Embedded Universal Integrated Circuit Card Profile Management Method and Apparatus
US20220405392A1 (en) Secure and flexible boot firmware update for devices with a primary platform
EP2357585A2 (en) User terminal, server and controlling method thereof
CN104486355A (en) Method and device for preventing malicious manipulation of codes
CN111382397B (en) Configuration method of upgrade software package, software upgrade method, equipment and storage device
US11455430B2 (en) Secure element and related device
CN107526608B (en) OTA upgrade package upgrading method and device
CN111240709A (en) Firmware upgrading method and system of POS equipment based on android system
US20190034186A1 (en) Method for managing objects in a secure element
CN111026419A (en) Application program upgrading method, device and system of single chip microcomputer
CN104517061A (en) Method for encrypting file system and method for mounting encrypted file system
CN110874467A (en) Information processing method, device, system, processor and storage medium
US10949537B2 (en) Secure firmware provisioning and device binding mechanism
EP3764224A1 (en) Resource permission processing method and apparatus, and storage medium and chip
WO2022252330A1 (en) Patch-based update method and system for embedded operating system
CN111064723A (en) Over-the-air upgrading method and system based on backup system
KR20140089703A (en) Method and apparatus for security of mobile data
CN111046389A (en) Method for securely updating firmware components and portable computer station for implementation
CN110427203B (en) SIM card, updating method of SIM card and updating method of SIM card operating system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21943687

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE