CN100574367C - Method for updating set-top box software and upgrade-system - Google Patents

Method for updating set-top box software and upgrade-system Download PDF

Info

Publication number
CN100574367C
CN100574367C CNB2007101192263A CN200710119226A CN100574367C CN 100574367 C CN100574367 C CN 100574367C CN B2007101192263 A CNB2007101192263 A CN B2007101192263A CN 200710119226 A CN200710119226 A CN 200710119226A CN 100574367 C CN100574367 C CN 100574367C
Authority
CN
China
Prior art keywords
aku
top box
upgrade
identification module
cryptographic digest
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CNB2007101192263A
Other languages
Chinese (zh)
Other versions
CN101090452A (en
Inventor
王彬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China United Network Communications Group Co Ltd
Original Assignee
China United Network Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China United Network Communications Group Co Ltd filed Critical China United Network Communications Group Co Ltd
Priority to CNB2007101192263A priority Critical patent/CN100574367C/en
Publication of CN101090452A publication Critical patent/CN101090452A/en
Application granted granted Critical
Publication of CN100574367C publication Critical patent/CN100574367C/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

The present invention relates to method for updating set-top box software and upgrade-system, set-top box sends the AKU download request to upgrade service equipment, carries the upgrade parameter of set-top box in the AKU download request; Upgrade service equipment reaches the cryptographic digest that encryption obtains to the AKU summary according to upgrade parameter with AKU, AKU summary and is downloaded to set-top box; Set-top box is sent to subscriber identification module with cryptographic digest; Subscriber identification module is deciphered cryptographic digest according to the upgrade validation key of storage inside and is obtained decrypted result; Set-top box is installed AKU when the AKU summary is identical with decrypted result.The present invention has strengthened the fail safe of updating set-top box software by the checking to AKU, has reduced set-top box by the possibility of malicious attack; Close being stored in the subscriber identification module and by subscriber identification module of upgrade validation finished decrypt operation, and key can not be leaked to outside the subscriber identification module, thereby has further strengthened fail safe.

Description

Method for updating set-top box software and upgrade-system
Technical field
The present invention relates to the communication technology, relate in particular to method for updating set-top box software, upgrade-system, set-top box, subscriber identification module and upgrade service equipment.
Background technology
Web TV (Internet Protocol Television, be called for short IPTV) business is a brand-new business model, and what it brought to the consumer is that the network that integrates information, amusement, study, does shopping is enjoyed.Existing TV can pass through IPTV set-top box (Set Top Box is called for short STB) and use the IPTV business.
In the actual use of set-top box, because the continuous release of relevant new business, set-top box need at new business professional plug-in unit to be installed aperiodically, and, the software platform of set-top box own also needs constantly to repair leak, and this all needs set-top box is carried out software upgrading.
Existing a kind of method for updating set-top box software is by the autonomous download plug-in of set-top box, and set-top box is not carried out the legitimacy authentication to plug-in unit.But, in present stage, can be found everywhere for stealing the Malware bag that user profile works out in the network, there is serious potential safety hazard in this method for updating set-top box software, and the legitimate verification of AKU is to need a key issue solving.
Existing another kind of method for updating set-top box software be by set-top box within it portion finish the authentication of AKU.When dispatching from the factory, key solidifies in set-top box inside, and during software upgrading, set-top box authenticates AKU according to this key.This method needs set-top box that perfect security mechanism is provided, and still, the security mechanism of existing set-top box can not satisfy the demand for security of software upgrading.
Summary of the invention
Technical problem to be solved by this invention is, method for updating set-top box software is provided, and strengthens the fail safe of updating set-top box software, reduces set-top box by the possibility of malicious attack.
In order to solve the problems of the technologies described above, the invention provides a kind of set top box software updating method, described method comprises the steps: that set-top box sends the AKU download request to upgrade service equipment, carries the upgrade parameter of described set-top box in the described AKU download request; Described upgrade service equipment reaches the cryptographic digest that encryption obtains to described AKU summary according to described upgrade parameter with AKU, AKU summary and is downloaded to described set-top box; Described set-top box is sent to subscriber identification module with described cryptographic digest; Described subscriber identification module obtains decrypted result according to the upgrade validation key of storage inside to described cryptographic digest deciphering; Described set-top box is installed described AKU when described AKU summary is identical with described decrypted result.
In order to solve the problems of the technologies described above, the present invention also provides a kind of method for updating set-top box software, and described method comprises the steps: to send the AKU download request that carries upgrade parameter to upgrade service equipment; Receive the AKU that described upgrade service equipment returns, the cryptographic digest that obtains after AKU summary and the summary encryption to described AKU; Described cryptographic digest is sent to subscriber identification module to be decrypted;
When described AKU summary is identical with decrypted result, described AKU is installed.
In order to solve the problems of the technologies described above, the present invention provides a kind of updating set-top box software system again, described system comprises: set-top box, be used for sending the AKU download request that carries upgrade parameter to upgrade service equipment, receive AKU, AKU summary and cryptographic digest that described upgrade service equipment returns, and described cryptographic digest is sent to subscriber identification module deciphering, when described AKU summary is identical with decrypted result, described AKU is installed; Upgrade service equipment is used for the upgrade parameter that carries according to described AKU download request, with AKU, AKU summary and described AKU summary is encrypted the cryptographic digest that obtains be downloaded to described set-top box; Subscriber identification module is used to store the upgrade validation key, and utilizes described upgrade validation key that described cryptographic digest deciphering is obtained decrypted result.
The present invention has strengthened the fail safe of updating set-top box software by the checking to AKU, has reduced set-top box by the possibility of malicious attack; Be stored in the subscriber identification module upgrade validation is close, and finish decrypt operation by subscriber identification module, key can not be leaked to outside the subscriber identification module, thereby has further strengthened fail safe.
Below by drawings and Examples, technical scheme of the present invention is described in further detail.
Description of drawings
Fig. 1 is for using the system configuration schematic diagram of method for updating set-top box software of the present invention;
Fig. 2 is method for updating set-top box software embodiment one flow chart of the present invention;
Fig. 3 is method for updating set-top box software embodiment two flow charts of the present invention.
Embodiment
As shown in Figure 1, for using the system configuration schematic diagram of method for updating set-top box software of the present invention.This system comprises: set-top box 10, subscriber identification module (Subscriber Identity Module is called for short SIM) 20 and upgrade service equipment 30.
Set-top box 10 is the equipment of pending software upgrading, when needs carry out software upgrading, set-top box 10 sends the AKU download request that carries upgrade parameter to upgrade server 30, and upgrade parameter can comprise parameters such as the hardware version numbers, operating system version number of set-top box.
Store the AKU of various set-top box in the upgrade server 30, AKU, the AKU summary of correspondence and the cryptographic digest that encryption obtains to the AKU summary are downloaded to set-top box 10 according to upgrade parameter.Wherein, AKU summary and cryptographic digest are used for the legitimate verification of AKU, and AKU summary and cryptographic digest can generate in advance, and are stored in the upgrade service equipment 30, when downloading, directly get final product according to the corresponding AKU of upgrade parameter retrieval, AKU summary and cryptographic digest.AKU summary and cryptographic digest also can generate in real time, and like this, the fail safe meeting is more better, and upgrade service equipment is retrieved AKU according to upgrade parameter, generate the AKU summary, and encryption generates cryptographic digest to the AKU summary.Download can be adopted the FTP mode, HTTP mode etc.Encryption and decryption to the AKU summary can adopt existing any encipher-decipher method, as 3DES algorithm, MD5 algorithm etc.
Subscriber identification module 20 stores the AKU authentication secret, and can utilize this key to be decrypted computing.Set-top box 10 is sent to subscriber identification module 20 with cryptographic digest after receiving AKU, AKU summary and the cryptographic digest that upgrade service equipment 30 returns, and utilizes the upgrade validation key of storage inside that cryptographic digest is decrypted by subscriber identification module 20.Make a summary when identical when decrypted result and AKU, checking is passed through, and set-top box 10 is installed AKUs.Whether decrypted result and AKU summary is identical can be judged by set-top box 10, also can be judged by subscriber identification module 20.When being determined 20 judgements by the User Recognition mould, set-top box needs the AKU summary is sent to subscriber identification module 20.
As shown in Figure 2, be method for updating set-top box software embodiment one flow chart of the present invention.Present embodiment comprises the steps:
Step S101, set-top box send the AKU download request that carries upgrade parameter to upgrade service equipment;
The upgrade parameter that step S102, upgrade service equipment carry according to the AKU download request, at this locality retrieval AKU, generation AKU summary, and, AKU, AKU summary and cryptographic digest are downloaded to set-top box to AKU summary encryption generation cryptographic digest;
Upgrading newspaper summary and cryptographic digest are verification msg; Can determine the length of AKU summary and cryptographic digest according to actual conditions, for example, adopt the verification msg of 32 bytes, wherein, preceding 16 bytes are the AKU summary, and back 16 bytes are cryptographic digest;
Step S103, set-top box receive AKU, AKU summary and cryptographic digest, and cryptographic digest is sent to subscriber identification module;
Step S104, subscriber identification module are utilized the upgrade validation key of storage inside that cryptographic digest is deciphered and are obtained decrypted result, and decrypted result is sent to set-top box;
Step S105, set-top box judge whether the AKU summary is identical with decrypted result, if identical, checking is passed through, execution in step S106; If different, checking is not passed through, and AKU is not installed;
Step S106, set-top box are installed the AKU of downloading.
Present embodiment can effectively prevent the attack of Malware to terminal by AKU summary encryption and decryption having been realized the legitimate verification of AKU; The storage of upgrade validation key and the deciphering of cryptographic digest are finished by subscriber identification module, make full use of subscriber identification module storage security height, the built-in characteristics of decipherment algorithm, and key can not be leaked to outside the subscriber identification module, can effectively strengthen fail safe.
As shown in Figure 3, be method for updating set-top box software embodiment two flow charts of the present invention.In the present embodiment, different users has different upgrade validation keys, stores the corresponding relation of user ID and encryption key in the upgrade service equipment.After receiving the AKU download request, upgrade service equipment is searched corresponding encryption key according to the user ID of carrying in the request, utilizes this encryption key that the AKU summary is encrypted.Present embodiment comprises the steps:
Step S201, set-top box send the AKU download request that carries upgrade parameter and user ID to upgrade service equipment; Wherein, user ID can be the sign of subscriber identification module;
Step S202, upgrade service equipment are retrieved AKU according to upgrade parameter in this locality, generate the AKU summary;
Step S203, upgrade service equipment are according to the corresponding encryption key of user ID retrieval;
The encryption key that step S204, upgrade service equipment utilization retrieve is encrypted the AKU summary;
Step S205, upgrade server are downloaded to set-top box with AKU, AKU summary and cryptographic digest;
Step S206, set-top box receive AKU, AKU summary and cryptographic digest, and AKU summary and cryptographic digest are sent to subscriber identification module;
Step S207, subscriber identification module are utilized the upgrade validation key of storage inside that cryptographic digest is deciphered and are obtained decrypted result;
Step S208, subscriber identification module judge whether the AKU summary is identical with decrypted result, and judged result is sent to set-top box;
Step S209, set-top box judge according to judged result whether checking is passed through, if the AKU summary is identical with decrypted result, checking is passed through, execution in step S210; If different, checking is not passed through, and AKU is not installed;
Step S210, set-top box are installed the AKU of downloading.
In the present embodiment, upgrade service equipment adopts different encryption keys that the AKU summary is encrypted at different users, further strengthened fail safe, can avoid when all users use same key, revealing the generation of the situation that influences all user's updating set-top box softwares because of key.
Whether identical step also can be carried out by set-top box for judge AKU summary and decrypted result in embodiment illustrated in fig. 3.In this case, set-top box does not need to send the AKU summary to subscriber identification module, subscriber identification module needs decrypted result is sent to set-top box after deciphering, set-top box just can judge whether the decrypted result that returns from the AKU of upgrade service device downloads and subscriber identification module is identical then, and and then selects whether to install AKU according to judged result.
It should be noted that at last: above embodiment only in order to technical scheme of the present invention to be described, is not intended to limit; Although with reference to previous embodiment the present invention is had been described in detail, those of ordinary skill in the art is to be understood that: it still can be made amendment to the technical scheme that aforementioned each embodiment put down in writing, and perhaps part technical characterictic wherein is equal to replacement; And these modifications or replacement do not make the essence of appropriate technical solution break away from the spirit and scope of various embodiments of the present invention technical scheme.

Claims (7)

1, a kind of set top box software updating method is characterized in that, described method comprises the steps:
Set-top box sends the AKU download request to upgrade service equipment, carries the upgrade parameter of described set-top box in the described AKU download request;
Described upgrade service equipment reaches the cryptographic digest that encryption obtains to described AKU summary according to described upgrade parameter with AKU, AKU summary and is downloaded to described set-top box;
Described set-top box is sent to subscriber identification module with described cryptographic digest;
Described subscriber identification module obtains decrypted result according to the upgrade validation key of storage inside to described cryptographic digest deciphering;
Described set-top box is installed described AKU when described AKU summary is identical with described decrypted result.
2, set top box software updating method according to claim 1, it is characterized in that, described upgrade service equipment according to described upgrade parameter with AKU, AKU summary and described AKU summary is encrypted the cryptographic digest that obtains be downloaded to described set-top box and be specially: described upgrade service equipment is retrieved in this locality according to described upgrade parameter, with the AKU, the AKU summary that retrieve and described AKU summary is encrypted the cryptographic digest that obtains be downloaded to set-top box.
3, set top box software updating method according to claim 1, it is characterized in that, described upgrade service equipment is downloaded to described set-top box according to the cryptographic digest that described upgrade parameter is made a summary AKU, AKU and encryption obtains to described AKU summary and is specially: described upgrade service equipment is retrieved AKU according to described upgrade parameter in this locality, generation AKU summary, and to AKU summary encryption generation cryptographic digest, then AKU, AKU being made a summary and described AKU summary is encrypted the cryptographic digest that obtains is downloaded to set-top box.
4, set top box software updating method according to claim 3, it is characterized in that, carry user totem information in the described AKU download request, before the AKU summary was encrypted, described upgrade service equipment was searched corresponding encryption key according to described user totem information.
5, according to the arbitrary described set top box software updating method of claim 1-4, it is characterized in that described method also comprises: described set-top box is sent to described subscriber identification module with the AKU summary; After obtaining decrypted result, described subscriber identification module judges whether described AKU summary is identical with described decrypted result, and judged result is sent to set-top box.
6, according to the arbitrary described set top box software updating method of claim 1-4, it is characterized in that after obtaining decrypted result, described subscriber identification module is sent to described set-top box with decrypted result; Described set-top box judges whether described AKU summary is identical with described decrypted result.
7, a kind of updating set-top box software system is characterized in that described system comprises:
Set-top box, be used for sending the AKU download request that carries upgrade parameter to upgrade service equipment, receive AKU, AKU summary and cryptographic digest that described upgrade service equipment returns, and described cryptographic digest is sent to subscriber identification module deciphering, when described AKU summary is identical with decrypted result, described AKU is installed;
Upgrade service equipment is used for the upgrade parameter that carries according to described AKU download request, with AKU, AKU summary and described AKU summary is encrypted the cryptographic digest that obtains be downloaded to described set-top box;
Subscriber identification module is used to store the upgrade validation key, and utilizes described upgrade validation key that described cryptographic digest deciphering is obtained decrypted result.
CNB2007101192263A 2007-07-18 2007-07-18 Method for updating set-top box software and upgrade-system Active CN100574367C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNB2007101192263A CN100574367C (en) 2007-07-18 2007-07-18 Method for updating set-top box software and upgrade-system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB2007101192263A CN100574367C (en) 2007-07-18 2007-07-18 Method for updating set-top box software and upgrade-system

Publications (2)

Publication Number Publication Date
CN101090452A CN101090452A (en) 2007-12-19
CN100574367C true CN100574367C (en) 2009-12-23

Family

ID=38943596

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB2007101192263A Active CN100574367C (en) 2007-07-18 2007-07-18 Method for updating set-top box software and upgrade-system

Country Status (1)

Country Link
CN (1) CN100574367C (en)

Families Citing this family (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101436924B (en) * 2008-11-06 2011-09-14 华为终端有限公司 Method, apparatus and system for synchronizing data
CN101436141B (en) * 2008-11-21 2012-07-18 深圳创维数字技术股份有限公司 Firmware upgrading and encapsulating method and device based on digital signing
CN101770374B (en) * 2008-12-26 2013-12-04 北京谊安医疗系统股份有限公司 Machine software function starting method and system
CN101867694A (en) * 2010-05-21 2010-10-20 中兴通讯股份有限公司 Method and system for upgrading interactive internet protocol television (IPTV) set top box (STB)
CN101969524B (en) * 2010-05-26 2013-07-17 福建二菱电子有限公司 Method for writing/updating set-top box by using set-top box
CN102340523B (en) * 2010-07-16 2015-09-09 腾讯科技(北京)有限公司 Mobile terminal and method for down loading, server and data transmission method for uplink
CN101989323A (en) * 2010-11-23 2011-03-23 北京安天电子设备有限公司 Program signature and upgrade error recovery method and device based on universal serial bus (USB) flash disk carrier
CN102625156B (en) * 2011-01-27 2014-08-13 天脉聚源(北京)传媒科技有限公司 information synchronization method and system
CN103108220B (en) * 2011-11-15 2016-07-13 北京邦天信息技术有限公司 Set Top Box and realize the system and method for equipment and Function Extension
CN102609326B (en) * 2012-01-17 2014-11-12 大唐移动通信设备有限公司 Data downloading processing method and data downloading processing device
CN102890638B (en) * 2012-09-29 2015-07-15 深圳市九洲电器有限公司 Upgrade method of STB (set top box)
CN104346299B (en) * 2013-08-01 2018-03-06 展讯通信(上海)有限公司 The control method and device of a kind of mobile terminal to update
CN106452786A (en) * 2013-09-30 2017-02-22 华为技术有限公司 Encryption and decryption processing method, apparatus and device
CN103702186A (en) * 2013-11-29 2014-04-02 康佳集团股份有限公司 Set-top box point-to-point upgrade realization method and system based on Internet
CN104023008B (en) * 2014-05-16 2016-06-08 小米科技有限责任公司 Download, start method and the device of tool kit
CN104394467B (en) * 2014-12-15 2017-12-15 珠海迈越信息技术有限公司 The method for down loading and set top box of set-top box application program
CN104780445A (en) * 2015-03-18 2015-07-15 福建新大陆通信科技股份有限公司 Method and system for preventing set top box software from malicious upgrade
CN105183499A (en) * 2015-08-04 2015-12-23 上海青橙实业有限公司 ROM flashing method, mobile terminal and terminal system
CN107704280B (en) * 2016-11-15 2020-08-04 平安科技(深圳)有限公司 Application program upgrading method and system
CN109429222B (en) * 2017-08-22 2022-06-07 叶毅嵘 Method for encrypting wireless network equipment upgrading program and communication data
CN109814899A (en) * 2018-12-28 2019-05-28 江苏万帮德和新能源科技股份有限公司 A kind of charging pile software system updating method and device
CN113094060A (en) * 2019-12-23 2021-07-09 瑞昱半导体股份有限公司 Electronic device and software updating method
CN111177707A (en) * 2019-12-27 2020-05-19 智车优行科技(北京)有限公司 Method and system for carrying out security inspection on application installation and application server
CN112583578B (en) * 2020-11-25 2023-03-24 青岛海信传媒网络技术有限公司 Display equipment and safety upgrading method thereof
CN112203149B (en) * 2020-12-07 2021-03-12 视联动力信息技术股份有限公司 Video networking software updating method and device based on domestic password
CN116243939B (en) * 2023-05-11 2023-07-21 深圳市驰普科达科技有限公司 Method and device for installing software, electronic equipment and storage medium

Also Published As

Publication number Publication date
CN101090452A (en) 2007-12-19

Similar Documents

Publication Publication Date Title
CN100574367C (en) Method for updating set-top box software and upgrade-system
US9531681B2 (en) Method for the authentication of applications
CN100396012C (en) Software validity checking system and method based on device management protocol
CN102333236B (en) Video content encryption and decryption system
CN101167388B (en) Limited supply access to mobile terminal features
CN101557308B (en) File upgrading method and terminal device
CN103067333B (en) The method of proof machine top box access identity and certificate server
CN101699819B (en) Method and system for managing digital rights
CN102281300B (en) Digital rights management license distribution method and system, server and terminal
CN109560931B (en) Equipment remote upgrading method based on certificate-free system
CN101350718B (en) Method for protecting play content authority range base on user identification module
KR100945650B1 (en) Digital cable system and method for protection of secure micro program
CN101300841B (en) Method for securing data exchanged between a multimedia processing device and a security module
KR20100072909A (en) Method and apparatus for mutual authentication in downloadable conditional access system
US8214644B2 (en) Method for installing rights object for content in memory card
CN102946392A (en) URL (Uniform Resource Locator) data encrypted transmission method and system
WO2006108788A1 (en) Updating of data instructions
CN104639506A (en) Terminal and application program installation controlling method and system
CN103067174A (en) Digital signature method and system completed in mobile operating system
CN102546580A (en) Method, system and device for updating user password
KR20070078341A (en) Apparatus for managing installation of drm and method thereof
CN104780445A (en) Method and system for preventing set top box software from malicious upgrade
CN102264068B (en) Shared key consultation method, system, network platform and terminal
CN104702566A (en) Use authorization method and use authorization device for virtual equipment
CN106096336B (en) Software anti-crack method and system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
ASS Succession or assignment of patent right

Owner name: CHINA LINKED NETWORK COMMUNICATION GROUP CO.,LTD.

Free format text: FORMER OWNER: CHINA NETWORK COMMUNICATIONS GROUP CORPORATION

Effective date: 20090522

C41 Transfer of patent application or patent right or utility model
TA01 Transfer of patent application right

Effective date of registration: 20090522

Address after: Number 21, Finance Street, Beijing, Xicheng District: 100140

Applicant after: China United Network Telecommunication Group Co., Ltd.

Address before: Number 21, Finance Street, Beijing, Xicheng District: 100032

Applicant before: China Network Communications Group Corporation

C14 Grant of patent or utility model
GR01 Patent grant