CN101217363A - A remote upgrading method realized by shared secret key - Google Patents
A remote upgrading method realized by shared secret key Download PDFInfo
- Publication number
- CN101217363A CN101217363A CNA2007103045610A CN200710304561A CN101217363A CN 101217363 A CN101217363 A CN 101217363A CN A2007103045610 A CNA2007103045610 A CN A2007103045610A CN 200710304561 A CN200710304561 A CN 200710304561A CN 101217363 A CN101217363 A CN 101217363A
- Authority
- CN
- China
- Prior art keywords
- software
- protecting equipment
- upgrade
- content
- upgrading
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a method for conducting remote upgrade to the content of a software protection device by sharing secret keys. The traditional upgrade method comprises the software protection device which is sent back to a software developer and then is sent back to users after being upgraded, thereby being time-consuming. Another method is that the users use internet to download an upgrade packet, which requires that software developers obtain the feature information of user equipment so as to produce different upgrade packets for different software protection devices. The operation of the method has great difficulty and the government cost increases. The method of the invention is different secret keys are shared among software developers and the different developed software protection device groups; software developers use the shared secret keys to carry out encryption to the content waiting for upgrading so as to produce the upgrade packet; the software protection devices make use of the shared secret keys to carry out decryption to an upgrade packet and to update the software protection devices. The method can carry out upgrade to the content of the software protection devices of users simply, safely and rapidly.
Description
Technical field
The present invention relates to information security field, relate in particular to by sharing key carries out remote upgrade to the content of software protecting equipment method.
Background technology
Share key, refer to the shared pair of secret keys of software protecting equipment that the software developer develops with it.
Software protecting equipment refers to software is carried out the hardware of encipherment protection.For example, encryption lock.
Remote upgrade refers to direct content at user side update software protective device.
Module refers to have in the software protecting equipment set of the content of a certain specific function.
Hardware program refers in software protecting equipment, and the bottom control functional programs is provided.
Traditional content to software protecting equipment is carried out upgrade method and is: the user turns back to the software developer with software protecting equipment and upgrades; return to the user by the software developer again; owing to need in kind the transmission; escalation process is consuming time long; influence user's normal use, also increase software developer's management cost simultaneously.
Also have and a kind ofly than the effective upgrade method of higher speed be: the software developer can send the AKU of software protecting equipment by Email to the user; perhaps download the AKU of software protecting equipment to the Internet, manually or automatically software protecting equipment is upgraded by the user.But the software developer need be known the characteristic information of subscriber equipment so that generate different AKUs at the software protecting equipment of different user in this method, and this has increased the difficulty of operation, software developer's management cost.
Summary of the invention
The purpose of this invention is to provide a kind of by sharing key carries out remote upgrade to the content of software protecting equipment method; so as can be simply, safely and fast the content of user's software protecting equipment is upgraded, overcome above-mentioned the problems of the prior art.
For achieving the above object, the invention provides and a kind ofly the content of software protecting equipment is carried out the method for remote upgrade by sharing key, comprise the following steps:
(1) software developer divides into groups to software protecting equipment;
(2) software developer writes identical shared key, the key difference in the software protecting equipment of different grouping in identical software protecting equipment grouping;
(3) when software protecting equipment need be upgraded, the software developer uses described cipher key shared that the content that will upgrade is encrypted, and generates AKU;
(4) obtain after the described AKU, software protecting equipment utilizes described cipher key shared by hardware program AKU to be decrypted, and with the content of its software protecting equipment of content update after the deciphering.
By upgrade method of the present invention; the software developer need not generate different AKUs at the software protecting equipment of each different user; and only need to generate AKU at different groupings; reduced software developer's management cost, and made that the upgrading of software protecting equipment is quick more, simple.Simultaneously, AKU sends through encrypting the back, and this has guaranteed the fail safe of AKU in transmission course, and guarantees that the software protecting equipment that only has this shared key could decipher AKU.
Description of drawings
Fig. 1 is the flow chart of method of the remote upgrade of the embodiment of the invention.
Embodiment
Below in conjunction with specific embodiment, content of the present invention is further elaborated.
Software protecting equipment in the present embodiment is the programmable hardware that is used to protect PC end software, and its core is single-chip microcomputer or intelligent card chip, and described single-chip microcomputer or intelligent card chip comprise central processing unit CPU, the memory that links to each other with CPU and interface control chip.CPU can adopt arbitrarily, as microprocessors such as Intel MCS8051, Philips 80C31.Memory can adopt the combination of RAM, ROM, EEPROM, Flash or above-mentioned processor.Interface control chip can be USB control chip, firewire control chip etc.Hardware program, user's executable code and deposit data are in memory.The PC end comprises protected software, the application layer API of hardware driving and access hardware.The PC end is by external bus, and as usb bus, the interface control chip in the software protecting equipment as the USB control chip, is communicated by letter with the software protecting equipment that is connected to PC.
Specifically, escalation process is as follows:
Software developer's end:
The software developer is to software protecting equipment divide into groups (S101).
The rule of described grouping is looked the decision of developer's demand strategy, for example, is used to protect the software protecting equipment of different editions software to be divided into different groups.
In the present embodiment, the software developer holds software to be divided into two versions of A, B PC according to software function: A version (version fully) has the software repertoire, B version (assessment version) has the software part of functions.
According to the version difference of PC end software, software protecting equipment also is divided into two groups of A, B accordingly.Now suppose software developer's A version PC end software of will upgrading, corresponding A group software protecting equipment also needs upgrading.
Share pair of secret keys (S102) between software developer and the software protecting equipment.
Key in the software protecting equipment of same grouping is identical, the key difference in the software protecting equipment of different grouping.The software developer with the key of A group software protecting equipment sharing A group, shares the key that B organizes with B group software protecting equipment when the initializers protective device.
The software developer encrypts the content that will upgrade, generates AKU (S103).
For the software protecting equipment of present embodiment, upgradeable content is executable code or the data of depositing in the memory.
Except comprising the content that to upgrade, can also comprise the information that upgrading is described in the described AKU.The described information that upgrading is described is meant the information that escalation process need be used, as, to the description of upgrading module, upgrading position.
Can also comprise the mandate to the upgrading content in the described AKU, i.e. use to the upgrading content limits, as service time, number of times, scope.
Present embodiment adopts the DES algorithm that the content and the mandate of upgrading are encrypted, and described mandate comprises the restriction to service time.
In addition, encryption can be used disclosed cryptographic algorithm, comprises symmetric encipherment algorithm (as DES, TDES, aes algorithm), rivest, shamir, adelman (as RSA Algorithm), Hybrid Encryption algorithm, or the secret algorithm that uses developer oneself to realize.
In the present embodiment, if A group software protecting equipment is upgraded, the software developer is with data to be upgraded secret key encryption with the A group.Data represents content to be upgraded, executable code for example to be updated or data; K
AThe key of expression A group.The ciphertext S of the content to be upgraded after then encrypting is:
Wherein, E represents des encryption computing, subscript K
AKey K is used in expression
ACiphertext S is AKU.
Then, the software developer sends to the user with S.
User side:
Software protecting equipment is decrypted AKU, update software protective device (S104).
The AKU S that the user sends the software developer, the ROMPaq by the PC end is sent in the software protecting equipment.
The key of the A group that the hardware program utilization in the software protecting equipment is shared obtains the S deciphering expressly by the DES algorithm:
Wherein, D represents DES decrypt operation, subscript K
AKey K is used in expression
A
Owing to share same key K with the software developer in the software protecting equipment
ASo Data1 and Data are identical.Software protecting equipment obtains content to be upgraded.
Hardware program utilizes the content in the Data1 update software protective device, for example executable code in the memory or data.
So far, upgrading completes successfully, and the user can use the software after the upgrading now.
On the other hand, B group user can not use AKU S its software protecting equipment of upgrading.
Suppose to use the user of B software to obtain AKU S by certain approach, the ROMPaq with same PC end is sent in the software protecting equipment.
Because what share in the B group software protecting equipment is the key of B group, is expressed as: K
BThen hardware program obtains S expressly with the deciphering of DES algorithm:
Because the key K that deciphering is used
BWith the key K of encrypting use
AInequality, so Data2 and correct upgrade data Data are inequality.
Software protecting equipment after the upgrading can not be complementary with the PC end software after the upgrading.The user of B group software can not use the software after the upgrading.This has only the user of A group software to obtain upgrading with regard to guaranteeing.
Obviously, those skilled in the art can carry out various changes and not break away from spiritual scope of the present invention method of the present invention.If therefore these changes belong in claims of the present invention and the equivalent technologies scope thereof, then the present invention also is intended to contain these changes.
Claims (10)
1. one kind is carried out the method for remote upgrade by sharing key to the content of software protecting equipment, comprises the following steps:
(1) software developer divides into groups to software protecting equipment;
(2) software developer writes identical shared key, the key difference in the software protecting equipment of different grouping in identical software protecting equipment grouping;
(3) when software protecting equipment need be upgraded, the software developer uses described cipher key shared that the content that will upgrade is encrypted, and generates AKU;
(4) obtain after the described AKU, software protecting equipment utilizes described cipher key shared by hardware program AKU to be decrypted, and with the content of content update software protecting equipment after the deciphering.
2. the method for remote upgrade as claimed in claim 1 is characterized in that:
The software developer writes cipher key shared in software protecting equipment when the initializers protective device.
3. the method for remote upgrade as claimed in claim 1 is characterized in that:
The definite of described grouping determines by the developer is tactful according to demand.
4. the method for remote upgrade as claimed in claim 1 is characterized in that:
Described shared key can be the employed key of any cryptographic algorithm.
5. the method for remote upgrade as claimed in claim 1 is characterized in that:
Comprise the content that to upgrade in the described AKU, can also comprise the information that upgrading is described, promptly refer to the information that escalation process need be used.
6. the method for remote upgrade as claimed in claim 1 is characterized in that:
Can also comprise the mandate to the upgrading content in the AKU, i.e. use to the upgrading content limits.
7. the method for remote upgrade as claimed in claim 3 is characterized in that:
Described demand strategy comprises the demand to the software protecting equipment that is used to protect different editions software.
8. the method for remote upgrade as claimed in claim 4 is characterized in that:
Described cryptographic algorithm comprises: symmetric encipherment algorithm, rivest, shamir, adelman, Hybrid Encryption algorithm, or the secret algorithm of software developer oneself realization.
9. the method for remote upgrade as claimed in claim 5 is characterized in that:
The described information that upgrading is described comprises the description to upgrading module, upgrading position.
10. the method for remote upgrade as claimed in claim 6 is characterized in that:
Described use restriction comprises service time, number of times, scope.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200710304561A CN100593296C (en) | 2007-12-28 | 2007-12-28 | A remote upgrading method realized by shared secret key |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200710304561A CN100593296C (en) | 2007-12-28 | 2007-12-28 | A remote upgrading method realized by shared secret key |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101217363A true CN101217363A (en) | 2008-07-09 |
| CN100593296C CN100593296C (en) | 2010-03-03 |
Family
ID=39623730
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200710304561A Active CN100593296C (en) | 2007-12-28 | 2007-12-28 | A remote upgrading method realized by shared secret key |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100593296C (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2012019395A1 (en) * | 2010-08-11 | 2012-02-16 | 中兴通讯股份有限公司 | Packing method and device for version upgrade software package |
| CN101741894B (en) * | 2008-11-26 | 2012-09-19 | 中国移动通信集团公司 | Upgrade method for distributed system and upgrade scheduling node and system |
| CN104486355A (en) * | 2014-12-30 | 2015-04-01 | 大连楼兰科技股份有限公司 | Method and device for preventing malicious manipulation of codes |
| CN107797817A (en) * | 2017-03-13 | 2018-03-13 | 平安科技(深圳)有限公司 | Using update method and device |
| CN108235807A (en) * | 2018-01-15 | 2018-06-29 | 福建联迪商用设备有限公司 | Software cryptography terminal, payment terminal, software package encryption and decryption method and system |
| CN105404534B (en) * | 2015-11-27 | 2018-11-23 | 北京京仪绿能电力系统工程有限公司 | A kind of online long-distance maintenance method of inverter software |
| CN112134911A (en) * | 2019-06-25 | 2020-12-25 | 联合汽车电子有限公司 | Remote program upgrading method, device and medium |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107026830A (en) * | 2016-02-02 | 2017-08-08 | 上海格尔软件股份有限公司 | The safety method that a kind of application program is upgraded automatically |
-
2007
- 2007-12-28 CN CN200710304561A patent/CN100593296C/en active Active
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101741894B (en) * | 2008-11-26 | 2012-09-19 | 中国移动通信集团公司 | Upgrade method for distributed system and upgrade scheduling node and system |
| WO2012019395A1 (en) * | 2010-08-11 | 2012-02-16 | 中兴通讯股份有限公司 | Packing method and device for version upgrade software package |
| US8726265B2 (en) | 2010-08-11 | 2014-05-13 | Zte Corporation | Apparatus and method for packing a software package of version upgrade |
| CN104486355A (en) * | 2014-12-30 | 2015-04-01 | 大连楼兰科技股份有限公司 | Method and device for preventing malicious manipulation of codes |
| CN105404534B (en) * | 2015-11-27 | 2018-11-23 | 北京京仪绿能电力系统工程有限公司 | A kind of online long-distance maintenance method of inverter software |
| CN107797817A (en) * | 2017-03-13 | 2018-03-13 | 平安科技(深圳)有限公司 | Using update method and device |
| CN107797817B (en) * | 2017-03-13 | 2021-02-19 | 平安科技(深圳)有限公司 | Application updating method and device |
| CN108235807A (en) * | 2018-01-15 | 2018-06-29 | 福建联迪商用设备有限公司 | Software cryptography terminal, payment terminal, software package encryption and decryption method and system |
| CN108235807B (en) * | 2018-01-15 | 2020-08-04 | 福建联迪商用设备有限公司 | Software encryption terminal, payment terminal, software package encryption and decryption method and system |
| CN112134911A (en) * | 2019-06-25 | 2020-12-25 | 联合汽车电子有限公司 | Remote program upgrading method, device and medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100593296C (en) | 2010-03-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3583740B1 (en) | Data owner restricted secure key distribution | |
| CN100593296C (en) | A remote upgrading method realized by shared secret key | |
| EP3387813B1 (en) | Mobile device having trusted execution environment | |
| CN109074449B (en) | Flexibly provisioning attestation keys in secure enclaves | |
| US8677144B2 (en) | Secure software and hardware association technique | |
| KR101317496B1 (en) | Method for securing transmission data and security system for implementing the same | |
| EP2856695B1 (en) | A method and system for transferring firmware or software to a plurality of devices | |
| CN101404576B (en) | Network resource query method and system | |
| US10680816B2 (en) | Method and system for improving the data security during a communication process | |
| US9116841B2 (en) | Methods and systems for securely transferring embedded code and/or data designed for a device to a customer | |
| CN102467634B (en) | Software authorization system and method | |
| CN101256607B (en) | Method for remote updating and controlling use of software protection apparatus | |
| RU2010114241A (en) | MULTIFACTOR CONTENT PROTECTION | |
| CN102932349A (en) | Data transmission method, device and system | |
| CN113346997B (en) | Method and device for communication of Internet of things equipment, Internet of things equipment and server | |
| US20130174282A1 (en) | Digital right management method, apparatus, and system | |
| EP3602368B1 (en) | Hardware trusted data communications over system-on-chip (soc) architectures | |
| CN102667800A (en) | Method for securely interacting with a security element | |
| US10841287B2 (en) | System and method for generating and managing a key package | |
| CN101140610A (en) | Contents decryption method using DRM card | |
| CN102833077A (en) | Encryption and decryption methods of remote card-issuing data transmission of financial IC (Integrated Circuit) card and financial social security IC card | |
| US20120321088A1 (en) | Method And System For The Accelerated Decryption Of Cryptographically Protected User Data Units | |
| CN102831357A (en) | Encryption and authentication protection method and system of secondary development embedded type application program | |
| CN112069535A (en) | Dual-system safety intelligent terminal architecture based on access partition physical isolation | |
| GB2541975B (en) | Data protection device and data protection method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| ASS | Succession or assignment of patent right |
Owner name: BEIJING SHENSI SHUDUN SCIENCE + TECHNOLOGY CO., LT Free format text: FORMER OWNER: BEIJING SENSELOCK SOFTWARE TECHNOLOGY CO., LTD. Effective date: 20150114 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 100086 HAIDIAN, BEIJING TO: 100872 HAIDIAN, BEIJING |
|
| TR01 | Transfer of patent right |
Effective date of registration: 20150114 Address after: 100872 room 1706, building 59, Zhongguancun street, Haidian District, Beijing Patentee after: BEIJING SHENSI SHUDUN TECHNOLOGY Co.,Ltd. Address before: 100086 Beijing City, Haidian District Zhongguancun South Street No. 6 Zhucheng building block B room 1201 Patentee before: Beijing Senselock Software Technology Co.,Ltd. |
|
| C56 | Change in the name or address of the patentee | ||
| CP03 | Change of name, title or address |
Address after: 100193 Beijing, Haidian District, East West Road, No. 10, East Hospital, building No. 5, floor 5, layer 510 Patentee after: BEIJING SENSESHIELD TECHNOLOGY Co.,Ltd. Address before: 100872 room 1706, building 59, Zhongguancun street, Haidian District, Beijing Patentee before: BEIJING SHENSI SHUDUN TECHNOLOGY Co.,Ltd. |
|
| CP01 | Change in the name or title of a patent holder |
Address after: 100193 5th floor 510, No. 5 Building, East Yard, No. 10 Wangdong Road, Northwest Haidian District, Beijing Patentee after: Beijing Shendun Technology Co.,Ltd. Address before: 100193 5th floor 510, No. 5 Building, East Yard, No. 10 Wangdong Road, Northwest Haidian District, Beijing Patentee before: BEIJING SENSESHIELD TECHNOLOGY Co.,Ltd. |
|
| CP01 | Change in the name or title of a patent holder |