CN103338450A - Verification method and equipment - Google Patents
Verification method and equipment Download PDFInfo
- Publication number
- CN103338450A CN103338450A CN2013102608290A CN201310260829A CN103338450A CN 103338450 A CN103338450 A CN 103338450A CN 2013102608290 A CN2013102608290 A CN 2013102608290A CN 201310260829 A CN201310260829 A CN 201310260829A CN 103338450 A CN103338450 A CN 103338450A
- Authority
- CN
- China
- Prior art keywords
- software kit
- digital signature
- priority
- storage area
- enable
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/14—Error detection or correction of the data by redundancy in operation
- G06F11/1402—Saving, restoring, recovering or retrying
- G06F11/1415—Saving, restoring, recovering or retrying at system level
- G06F11/1433—Saving, restoring, recovering or retrying at system level during software upgrading
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Quality & Reliability (AREA)
- Stored Programmes (AREA)
Abstract
The embodiment of the invention discloses a verification method which comprises the steps as follows: configuring at least two storage regions, wherein a first enable priority corresponding to a configured first storage region is higher than a second enable priority corresponding to a second storage region when the enable priority of each storage region is initialized; storing a first software package and a first digital signature corresponding to the first software package to the first storage region, receiving a second software package, obtaining a second digital signature corresponding to the second software package, and storing the second software package and the second digital signature to the second storage region; if unsuccessfully storing the second software package and the second digital signature, keeping the second enable priority unchanged; and when restarting equipment, verifying the legality of the first software package according to the first digital signature. The embodiment of the invention further discloses verification equipment. By adopting the method, the working reliability of the equipment can be improved and the normal operation of the equipment is guaranteed when software is unsuccessfully upgraded and verified.
Description
Technical field
The present invention relates to communication technical field, relate in particular to a kind of verification method and equipment.
Background technology
Along with the continuous development of the communication technology, wireless network architecture flattening, mobile network's IPization, the miniaturization of base station equipment form, dispose trend such as place flexibility caused the base station particularly small base station be subjected to increasing security threat.Be deployed in the base station that is not subjected to operator management and control place for some, the software on the base station equipment or key configuration data may be distorted, and allow the intention work of this equipment according to the assailant.In order to take precautions against assailant's distorting software or key configuration data; need carry out integrity protection to the software on the equipment or key configuration data; equipment vendor is by carrying out RSA integrality digital signature to these softwares or key configuration data; before using these security sensitive data; earlier its integrality is verified; if authentication failed means that then these data have been distorted, then equipment can not use these data.The purpose of the software on the equipment or key configuration data being carried out integrity protection is to prevent that it from being distorted; but; if when carrying out the integrality digital signature; digital signature storage failure; then the equipment imperfect digital signature that will read storage failure when carrying out integrity verification is verified; erroneous judgement software or key configuration data are distorted; thereby cause software or key configuration data to load failure; especially to the software on the equipment or key configuration data upgrading renewal the time; to cause upgrading to upgrade failure, equipment related software afunction even can't start.
Summary of the invention
Embodiment of the invention technical problem to be solved is, a kind of verification method is provided.Can improve the reliability of equipment work, guarantee that equipment still can operate as normal when the software upgrading authentication failed.
Embodiment of the invention first aspect provides a kind of verification method, comprising:
Dispose at least two storage areas, each storage area of initialization enable priority the time, dispose first of the first storage area correspondence and enable priority and be higher than second of the second storage area correspondence and enable priority;
Store first software kit and the first corresponding digital signature thereof into described first storage area, receive second software kit, obtain second digital signature of the described second software kit correspondence, store described second software kit and second digital signature into described second storage area;
If described second software kit and second digital signature storage failure, then keeping described second, to enable priority constant;
When equipment is restarted, according to the legitimacy of described first software kit of described first digital signature authentication.
In first kind of first aspect possible implementation, if described second software kit and second digital signature are stored successfully, then upgrade described second and enable priority, make described second to enable priority and be higher than described first and enable priority, when described equipment is restarted, according to the legitimacy of described second software kit of described second digital signature authentication.
In conjunction with first kind of first aspect possible implementation, in second kind of possible implementation, described second digital signature of obtaining the described second software kit correspondence stores described second software kit and second digital signature into second storage area, comprising:
Obtain encryption key and the decruption key of described second software kit by RSA cryptographic algorithms;
Described second software kit is carried out first summary that Hash calculation obtains described second software kit;
Utilize described encryption key that described first summary is encrypted second digital signature that obtains the described second software kit correspondence;
Store described second software kit and second digital signature into described second storage area.
In conjunction with second kind of first aspect possible implementation, in the third possible implementation, described when described equipment is restarted, the legitimacy according to described second software kit of described second digital signature authentication comprises:
When described equipment was restarted, more described first enabled the priority height that priority and described second is enabled priority;
Read second digital signature and second software kit enabled in the second high storage area of priority;
Utilize described clear crytpographic key that described second digital signature is decrypted, obtain second summary of described second software kit;
Judge whether described first summary is identical with second summary;
If identical, then load described second software kit.
In conjunction with first aspect or in conjunction with first or second or the third possible implementation of first aspect, in the 4th kind of possible implementation, if receive the 3rd software kit, then obtain the 3rd digital signature of described the 3rd software kit correspondence, enable priority and second according to described first and enable the height of priority, selection is enabled the low storage area of priority and is stored described the 3rd software kit and the 3rd digital signature, and the storage area of described the 3rd software kit of updated stored and the 3rd digital signature enable priority, make described the 3rd software kit of storage and the 3rd digital signature storage area enable the priority of enabling that priority is higher than other storage areas.
Embodiment of the invention second aspect provides a kind of Authentication devices, comprising:
Configuration module is used at least two storage areas of configuration, each storage area of initialization enable priority the time, dispose first of the first storage area correspondence and enable priority and be higher than second of the second storage area correspondence and enable priority;
Memory module, be used for storing first software kit and first digital signature thereof into first storage area, receive second software kit, obtain second digital signature of the described second software kit correspondence, store described second software kit and second digital signature into second storage area;
If update module is used for described second software kit and second digital signature storage failure, and then keeping described second, to enable priority constant;
Authentication module is used for when equipment is restarted, according to the legitimacy of described first software kit of described first digital signature authentication.
In first kind of second aspect possible implementation, described update module also is used for if described second software kit and second digital signature are stored successfully, then upgrade described second and enable priority, make described second to enable priority and be higher than described first and enable priority;
Described authentication module also is used for when described equipment is restarted, according to the legitimacy of described second software kit of described second digital signature authentication.
In conjunction with first kind of second aspect possible implementation, in second kind of possible implementation, described memory module comprises:
Key acquiring unit is for the encryption key and the decruption key that obtain described second software kit by RSA cryptographic algorithms;
The Hash calculation unit carries out first summary that Hash calculation obtains described second software kit to described second software kit;
The signature acquiring unit is used for utilizing described encryption key that described first summary is encrypted second digital signature that obtains the described second software kit correspondence;
Preserve the unit, be used for storing described second software kit and second digital signature into described second storage area.
In conjunction with second kind of second aspect possible implementation, in the third possible implementation, described authentication module comprises:
Comparing unit is used for when described equipment is restarted, and more described first enables the priority height that priority and described second is enabled priority;
Reading unit reads second digital signature and second software kit enabled in the second high storage area of priority;
Decrypting device utilizes described clear crytpographic key that described second digital signature is decrypted, and obtains second summary of described second software kit;
Judging unit is used for judging whether described first summary is identical with second summary;
Loading unit is used for loading described second software kit when described judging unit judges that described first summary is identical with second summary.
In conjunction with second aspect or in conjunction with first or second or the third possible implementation of first aspect, in the 4th kind of possible implementation, described memory module also is used for if receive the 3rd software kit, then obtain the 3rd digital signature of described the 3rd software kit correspondence, enable priority and second according to described first and enable the height of priority, select to enable the low storage area of priority and store described the 3rd software kit and the 3rd digital signature;
Described update module also be used for described the 3rd software kit of updated stored and the 3rd digital signature storage area enable priority, make described the 3rd software kit of storage and the 3rd digital signature storage area enable the priority of enabling that priority is higher than other storage areas.
Implement the embodiment of the invention, have following beneficial effect:
By at least two storage areas of configuration, and utilize first storage area to store first digital signature and first software kit of current use, utilize new second digital signature and second software kit that receives of second storage area storage, and dispose the priority of enabling that priority is higher than second area of enabling of first storage area, even second digital signature and second software kit storage failure like this, also can verify according to enabling first digital signature and first software kit stored in the first high storage area of priority, normal related software function and the starting device of using, thereby improved the reliability of equipment work, guaranteed that equipment still can operate as normal when the software upgrading authentication failed.
Description of drawings
In order to be illustrated more clearly in the embodiment of the invention or technical scheme of the prior art, to do to introduce simply to the accompanying drawing of required use in embodiment or the description of the Prior Art below, apparently, accompanying drawing in describing below only is some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is the schematic flow sheet of first embodiment of verification method of the present invention;
Fig. 2 is the schematic flow sheet of second embodiment of verification method of the present invention;
Fig. 3 is the schematic flow sheet of the 3rd embodiment of verification method of the present invention;
Fig. 4 is the composition schematic diagram of first embodiment of Authentication devices of the present invention;
Fig. 5 is the composition schematic diagram of the memory module of the described Authentication devices of Fig. 4;
Fig. 6 is the composition schematic diagram of the authentication module of the described Authentication devices of Fig. 4.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the invention, the technical scheme in the embodiment of the invention is clearly and completely described, obviously, described embodiment only is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that obtains under the creative work prerequisite.
Please refer to Fig. 1, the schematic flow sheet for first embodiment of verification method of the present invention in the present embodiment, said method comprising the steps of:
S101 disposes at least two storage areas, each storage area of initialization enable priority the time, dispose first of the first storage area correspondence and enable priority and be higher than second of the second storage area correspondence and enable priority.
Particularly, described storage area be used for store software packages, software kit correspondence digital signature, enable the relevant information of priority.It can be magnetic disc, CD, FLASH flash memory, read-only storage memory body (Read-Only Memory is called for short ROM) or store memory body (Random Access Memory is called for short RAM) etc. at random.
S102, store first software kit and the first corresponding digital signature thereof into described first storage area, receive second software kit, obtain second digital signature of the described second software kit correspondence, store described second software kit and second digital signature into described second storage area.
Particularly, described first software kit and second software kit can be the different editions of same software, also can be different configuration datas of same software etc.In the present embodiment, described first software kit software kit that is the current use of equipment.It can be the initial software kit that uses of equipment, also can be the last software kit that upgrades.When device start, to calculate first digital signature and be kept at described first storage area according to described first software kit, when not receiving new software kit, device power starts, then can give tacit consent to first digital signature that reads in described first storage area described first software kit is carried out integrity verification, when checking is passed through, then load described first software kit, carry out relative program.If authentication failed then can not load described first software kit.For various systems, described first software kit can be operating system, also can be common application software, if described first software kit is corresponding to normal application software, to cause corresponding software to start during authentication failed, thereby can't use the function of this software correspondence; If described first software kit corresponding to operating system, will cause equipment can't carry out operating system during authentication failed, thereby can't starting device.And for the embedded OS of more employing in the communications field, its operating system and software application generally integrate, the first software kit correspondence can be application program, the high layer software of equipment vendor, also can be embedded OS such as vxWorks, LINUX etc., they can also can upgrade simultaneously in standalone upgrade.For embedded OS, if authentication failed will directly cause equipment to start, thereby cause unpredictable loss.Therefore, in an embodiment, dispose the storage that at least two storage areas carry out correlated digital signature and software kit respectively, verify for the digital signature in the follow-up selection corresponding stored zone and software kit to provide the foundation.
The renewal AKU that described second software kit is described first software kit.When receiving described second software kit, can obtain encryption key SK and the decruption key PK of described second software kit by RSA cryptographic algorithms, described second software kit is carried out first summary that Hash calculation can obtain described second software kit, utilize described encryption key that described first summary is encrypted second digital signature that can obtain the described second software kit correspondence, when described second software kit of storage and second digital signature, store described second software kit and second digital signature into described second storage area.
S103, if described second software kit and second digital signature storage failure, then keeping described second, to enable priority constant.
When described second software kit of storage and second digital signature, use the FLASH flash memory to write usually and finish.Because writing needs the regular hour, if in ablation process, when reasons such as running into outage, open by mistake the pass, misoperation, software kit exceed capacity causes writing failure, second enable priority and remain unchanged what keep described second storage area, namely keep described second to enable priority and be lower than described first and enable priority according to original configuration.Need to prove, enabling being updated in of priority stores after described second software kit and second digital signature, only after the storage of described second software kit and second digital signature finishes, just can trigger the renewal of enabling priority, otherwise not upgrade, keep original priority of enabling.
S104 is when equipment is restarted, according to the legitimacy of described first software kit of described first digital signature authentication.
Because described second software kit and second digital signature storage failure, if when equipment is restarted, read the words that incomplete digital signature and software kit are verified in second storage area and will cause authentication failed, the related software function can't be used even can't starting device.But, in the present embodiment, because outside described second storage area, also there is described first storage area, and because described second software kit and second digital signature storage failure, described second enables priority remains unchanged, and namely keeps described first to enable priority and be higher than described second and enable priority according to original configuration.Therefore, when equipment is restarted, will select the legitimacy of enabling described first software kit of digital signature authentication in the first high storage area of priority according to the height of enabling priority.Thereby solve when software kit upgrades, because digital signature and software kit storage failure cause authentication failed, the problem that the related software function can't be used even equipment can't start.
Need to prove, equipment is restarted for storing the startup next time afterwards of described second software kit and second digital signature, it can carry out after attempting described second software kit of storage and second digital signature immediately, also can carry out after a period of time at trial described second software kit of storage and second digital signature again.
By at least two storage areas of configuration, and utilize first storage area to store first digital signature and first software kit of current use, utilize new second digital signature and second software kit that receives of second storage area storage, and dispose the priority of enabling that priority is higher than second area of enabling of first storage area, even second digital signature and second software kit storage failure like this, also can verify according to enabling first digital signature and first software kit stored in the first high storage area of priority, normal related software function and the starting device of using, thereby improved the reliability of equipment work, guaranteed that equipment still can operate as normal when the software upgrading authentication failed.
If there are three storage areas, then can be when priority be enabled in initialization, dispose first storage area successively, second storage area, the priority of enabling of the 3rd storage area is respectively first and enables priority, second enables priority, the 3rd enables priority, and first enables priority is higher than second, the 3rd enables priority, when receiving new software kit, can select in the second or the 3rd storage area any one to carry out the storage of new software kit and digital signature thereof, as selecting to enable the minimum storage area storage of priority, and upgrade the priority of enabling in corresponding stored zone and be higher than first and enable priority storing successfully the back, when equipment is restarted, will select new digital signature and software kit to verify like this.
Please refer to Fig. 2, the schematic flow sheet for second embodiment of verification method of the present invention in the present embodiment, said method comprising the steps of:
S201 disposes at least two storage areas, and first the enabling priority and be higher than second of the second storage area correspondence and enable priority of the first storage area correspondence.
S202, store first software kit and the first corresponding digital signature thereof into described first storage area, receive second software kit, obtain second digital signature of the described second software kit correspondence, store described second software kit and second digital signature into described second storage area.
S203, if described second software kit and second digital signature storage failure, then keeping described second, to enable priority constant.
S204 is when equipment is restarted, according to the legitimacy of described first software kit of described first digital signature authentication.
S205, if described second software kit and second digital signature are stored successfully, then upgrade described second and enable priority, make described second to enable priority and be higher than described first and enable priority, when described equipment is restarted, according to the legitimacy of described second software kit of described second digital signature authentication.
Particularly, the process of checking legitimacy is as follows:
When described equipment was restarted, more described first enabled the priority height that priority and described second is enabled priority;
Read second digital signature and second software kit enabled in the second high storage area of priority;
Utilize described clear crytpographic key that described second digital signature is decrypted, obtain second summary of described second software kit;
Judge whether described first summary is identical with second summary;
If identical, then load described second software kit.If different, then do not load described second software kit.
With respect to the ordinary authentication process, increased the priority ratio process of enabling.Thereby guarantee to use the content of enabling in the high storage area of priority to verify.
In the present embodiment, provided the verification method after described second software kit and second digital signature are stored successfully, because described second software kit and second digital signature are stored successfully, upgrade so need enable priority to described second, guarantee that described second enables priority and be higher than described first and enable priority.For example, during original configuration, first to enable priority be 2, second to enable priority be 1, then in described second software kit and second digital signature when failure storage, keep priority constant, and equipment will be enabled first digital signature and first software kit that priority enables in first storage area according to first and verify; And after described second software kit and second digital signature are stored successfully, upgrade described second and enable priority, for example promoting 2 makes second to enable priority and become 3 by 1, like this when described equipment is restarted, to enable second digital signature and second software kit that priority enables in second storage area according to new second verifies, if checking is passed through, equipment will load described second software kit, use software or the parameter configuration of redaction.
By to enabling the renewal of priority, guarantee when second digital signature and second software kit are stored successfully, with preferentially using new software kit, under the prerequisite of guaranteeing the equipment functional reliability, realize the instant use after the software upgrading.
Please refer to Fig. 3, the schematic flow sheet for the 3rd embodiment of verification method of the present invention in the present embodiment, said method comprising the steps of:
S301 disposes at least two storage areas, and first the enabling priority and be higher than second of the second storage area correspondence and enable priority of the first storage area correspondence.
S302, store first software kit and the first corresponding digital signature thereof into described first storage area, receive second software kit, obtain second digital signature of the described second software kit correspondence, store described second software kit and second digital signature into described second storage area.
S303, if described second software kit and second digital signature storage failure, then keeping described second, to enable priority constant.
S304 is when equipment is restarted, according to the legitimacy of described first software kit of described first digital signature authentication.
S305, if described second software kit and second digital signature are stored successfully, then upgrade described second and enable priority, make described second to enable priority and be higher than described first and enable priority, when described equipment is restarted, according to the legitimacy of described second software kit of described second digital signature authentication.
S306, if receive the 3rd software kit, then obtain the 3rd digital signature of described the 3rd software kit correspondence, enable priority and second according to described first and enable the height of priority, selection is enabled the low storage area of priority and is stored described the 3rd software kit and the 3rd digital signature, and the storage area of described the 3rd software kit of updated stored and the 3rd digital signature enable priority, make described the 3rd software kit of storage and the 3rd digital signature storage area enable the priority of enabling that priority is higher than other storage areas.
In the present embodiment, increased the processing that receives behind the 3rd software kit the 3rd software kit.If second software kit and second digital signature are stored successfully, then second enable priority and will be updated to and be higher than first and enable priority, this moment is if receive the 3rd software kit, then the method for describing according to preamble of obtaining digital signature is obtained the 3rd corresponding digital signature and the 3rd digital signature and the 3rd software kit is stored to and enables the first low storage area of priority, and will upgrade first of first storage area after storing successfully and enable priority, making wins enables priority and is higher than second and enables priority; If it is constant that the storage failure then keeps enabling priority.
If second software kit and second digital signature storage failure, then second enable priority and be lower than first and enable priority, this moment is if receive the 3rd software kit, then obtain after the 3rd digital signature the 3rd digital signature and the 3rd software kit be stored to and enable the second low storage area of priority, subsequent treatment is similar, repeats no more herein.
Certainly, also can keep in first storage area first digital signature, that first software kit, first is enabled priority is constant always, when receiving the 3rd software kit, upgrade earlier described second and enable priority and make second to enable priority and be lower than first and enable priority, handle according to the verification method among first embodiment and second embodiment again.
Please refer to Fig. 4, be the composition schematic diagram of first embodiment of Authentication devices of the present invention.In the present embodiment, described equipment comprises:
If update module 30 is used for described second software kit and second digital signature storage failure, and then keeping described second, to enable priority constant;
Described update module 30 also is used for then upgrading described second and enabling priority if described second software kit and second digital signature are stored successfully, makes described second to enable priority and be higher than described first and enable priority;
Described authentication module 40 also is used for when described equipment is restarted, according to the legitimacy of described second software kit of described second digital signature authentication.
In another embodiment, described memory module 20 also can be used for if receive the 3rd software kit, then obtain the 3rd digital signature of described the 3rd software kit correspondence, enable priority and second according to described first and enable the height of priority, select to enable the low storage area of priority and store described the 3rd software kit and the 3rd digital signature;
Described update module 30 also can be used for described the 3rd software kit of updated stored and the 3rd digital signature storage area enable priority, make described the 3rd software kit of storage and the 3rd digital signature storage area enable the priority of enabling that priority is higher than other storage areas.
Please refer to Fig. 5, be the composition schematic diagram of the memory module 20 of the described Authentication devices of Fig. 4, in the present embodiment, described memory module 20 comprises:
Key acquiring unit 21 is for the encryption key and the decruption key that obtain described second software kit by RSA cryptographic algorithms;
Hash calculation unit 22 carries out first summary that Hash calculation obtains described second software kit to described second software kit;
Signature acquiring unit 23 is used for utilizing described encryption key that described first summary is encrypted second digital signature that obtains the described second software kit correspondence;
Preserve unit 24, be used for storing described second software kit and second digital signature into described second storage area.
Please refer to Fig. 6, be the composition schematic diagram of the authentication module 40 of the described Authentication devices of Fig. 4, in the present embodiment, described authentication module 40 comprises:
Comparing unit 41 is used for when described equipment is restarted, and more described first enables the priority height that priority and described second is enabled priority;
Reading unit 42 reads second digital signature and second software kit enabled in the second high storage area of priority;
Decrypting device 43 utilizes described clear crytpographic key that described second digital signature is decrypted, and obtains second summary of described second software kit;
Judging unit 44 is used for judging whether described first summary is identical with second summary;
Need to prove that each embodiment in this specification all adopts the mode of going forward one by one to describe, what each embodiment stressed is and the difference of other embodiment that identical similar part is mutually referring to getting final product between each embodiment.For device embodiment, because it is similar substantially to method embodiment, so description is fairly simple, relevant part gets final product referring to the part explanation of method embodiment.
By the description of above-described embodiment, the present invention has the following advantages:
By at least two storage areas of configuration, and utilize first storage area to store first digital signature and first software kit of current use, utilize new second digital signature and second software kit that receives of second storage area storage, and dispose the priority of enabling that priority is higher than second area of enabling of first storage area, even second digital signature and second software kit storage failure like this, also can verify according to enabling first digital signature and first software kit stored in the first high storage area of priority, normal related software function and the starting device of using, thereby improved the reliability of equipment work, guaranteed that equipment still can operate as normal when the software upgrading authentication failed.
One of ordinary skill in the art will appreciate that all or part of flow process that realizes in above-described embodiment method, be to instruct relevant hardware to finish by computer program, described program can be stored in the computer read/write memory medium, this program can comprise the flow process as the embodiment of above-mentioned each side method when carrying out.Wherein, described storage medium can be magnetic disc, CD, read-only storage memory body (Read-Only Memory is called for short ROM) or stores memory body (Random Access Memory is called for short RAM) etc. at random.
Above disclosed is preferred embodiment of the present invention only, can not limit the present invention's interest field certainly with this, and therefore the equivalent variations of doing according to claim of the present invention still belongs to the scope that the present invention is contained.
Claims (10)
1. a verification method is characterized in that, comprising:
Dispose at least two storage areas, each storage area of initialization enable priority the time, dispose first of the first storage area correspondence and enable priority and be higher than second of the second storage area correspondence and enable priority;
Store first software kit and the first corresponding digital signature thereof into described first storage area, receive second software kit, obtain second digital signature of the described second software kit correspondence, store described second software kit and second digital signature into described second storage area;
If described second software kit and second digital signature storage failure, then keeping described second, to enable priority constant;
When equipment is restarted, according to the legitimacy of described first software kit of described first digital signature authentication.
2. the method for claim 1, it is characterized in that, if described second software kit and second digital signature are stored successfully, then upgrade described second and enable priority, make described second to enable priority and be higher than described first and enable priority, when described equipment is restarted, according to the legitimacy of described second software kit of described second digital signature authentication.
3. method as claimed in claim 2 is characterized in that, described second digital signature of obtaining the described second software kit correspondence stores described second software kit and second digital signature into second storage area, comprising:
Obtain encryption key and the decruption key of described second software kit by RSA cryptographic algorithms;
Described second software kit is carried out first summary that Hash calculation obtains described second software kit;
Utilize described encryption key that described first summary is encrypted second digital signature that obtains the described second software kit correspondence;
Store described second software kit and second digital signature into described second storage area.
4. method as claimed in claim 3 is characterized in that, described when described equipment is restarted, the legitimacy according to described second software kit of described second digital signature authentication comprises:
When described equipment was restarted, more described first enabled the priority height that priority and described second is enabled priority;
Read second digital signature and second software kit enabled in the second high storage area of priority;
Utilize described clear crytpographic key that described second digital signature is decrypted, obtain second summary of described second software kit;
Judge whether described first summary is identical with second summary;
If identical, then load described second software kit.
5. as each described method of claim 1-4, it is characterized in that, also comprise:
If receive the 3rd software kit, then obtain the 3rd digital signature of described the 3rd software kit correspondence, enable priority and second according to described first and enable the height of priority, selection is enabled the low storage area of priority and is stored described the 3rd software kit and the 3rd digital signature, and the storage area of described the 3rd software kit of updated stored and the 3rd digital signature enable priority, make described the 3rd software kit of storage and the 3rd digital signature storage area enable the priority of enabling that priority is higher than other storage areas.
6. an Authentication devices is characterized in that, comprising:
Configuration module is used at least two storage areas of configuration, each storage area of initialization enable priority the time, dispose first of the first storage area correspondence and enable priority and be higher than second of the second storage area correspondence and enable priority;
Memory module, be used for storing first software kit and first digital signature thereof into first storage area, receive second software kit, obtain second digital signature of the described second software kit correspondence, store described second software kit and second digital signature into second storage area;
If update module is used for described second software kit and second digital signature storage failure, and then keeping described second, to enable priority constant;
Authentication module is used for when equipment is restarted, according to the legitimacy of described first software kit of described first digital signature authentication.
7. equipment as claimed in claim 6 is characterized in that, comprising:
Described update module also is used for then upgrading described second and enabling priority if described second software kit and second digital signature are stored successfully, makes described second to enable priority and be higher than described first and enable priority;
Described authentication module also is used for when described equipment is restarted, according to the legitimacy of described second software kit of described second digital signature authentication.
8. equipment as claimed in claim 7 is characterized in that, described memory module comprises:
Key acquiring unit is for the encryption key and the decruption key that obtain described second software kit by RSA cryptographic algorithms;
The Hash calculation unit carries out first summary that Hash calculation obtains described second software kit to described second software kit;
The signature acquiring unit is used for utilizing described encryption key that described first summary is encrypted second digital signature that obtains the described second software kit correspondence;
Preserve the unit, be used for storing described second software kit and second digital signature into described second storage area.
9. equipment as claimed in claim 8 is characterized in that, described authentication module comprises:
Comparing unit is used for when described equipment is restarted, and more described first enables the priority height that priority and described second is enabled priority;
Reading unit reads second digital signature and second software kit enabled in the second high storage area of priority;
Decrypting device utilizes described clear crytpographic key that described second digital signature is decrypted, and obtains second summary of described second software kit;
Judging unit is used for judging whether described first summary is identical with second summary;
Loading unit is used for loading described second software kit when described judging unit judges that described first summary is identical with second summary.
10. as each described equipment of claim 6-9, it is characterized in that, comprising:
Described memory module also is used for if receive the 3rd software kit, then obtain the 3rd digital signature of described the 3rd software kit correspondence, enable priority and second according to described first and enable the height of priority, select to enable the low storage area of priority and store described the 3rd software kit and the 3rd digital signature;
Described update module also be used for described the 3rd software kit of updated stored and the 3rd digital signature storage area enable priority, make described the 3rd software kit of storage and the 3rd digital signature storage area enable the priority of enabling that priority is higher than other storage areas.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013102608290A CN103338450A (en) | 2013-06-26 | 2013-06-26 | Verification method and equipment |
| PCT/CN2014/078583 WO2014206170A1 (en) | 2013-06-26 | 2014-05-28 | Verification method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013102608290A CN103338450A (en) | 2013-06-26 | 2013-06-26 | Verification method and equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103338450A true CN103338450A (en) | 2013-10-02 |
Family
ID=49246532
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2013102608290A Pending CN103338450A (en) | 2013-06-26 | 2013-06-26 | Verification method and equipment |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN103338450A (en) |
| WO (1) | WO2014206170A1 (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2014206170A1 (en) * | 2013-06-26 | 2014-12-31 | 华为技术有限公司 | Verification method and device |
| CN105117651A (en) * | 2015-09-16 | 2015-12-02 | 上海华为技术有限公司 | Method for controlling single board to be safely started and method and device for upgrading software package |
| CN106161825A (en) * | 2015-04-15 | 2016-11-23 | 中国移动通信集团江苏有限公司 | A kind of application program charging method and device |
| CN106209754A (en) * | 2015-05-08 | 2016-12-07 | 中标软件有限公司 | Method and system to software kit automatic signature in version control system |
| CN106789088A (en) * | 2017-02-08 | 2017-05-31 | 上海诺行信息技术有限公司 | A kind of software version signature mechanism |
| CN111095342A (en) * | 2017-05-30 | 2020-05-01 | 法国电力公司 | Updating of device firmware and/or configuration for power distribution networks |
| CN111382397A (en) * | 2020-02-26 | 2020-07-07 | 浙江大华技术股份有限公司 | Configuration method of upgrade software package, software upgrade method, equipment and storage device |
| US20220021546A1 (en) * | 2021-06-25 | 2022-01-20 | Intel Corporation | Method, system and apparatus for delayed production code signing for heterogeneous artifacts |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP7477990B2 (en) * | 2020-02-28 | 2024-05-02 | 日立Astemo株式会社 | Information processing device and program start method |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101078993A (en) * | 2007-03-13 | 2007-11-28 | 中兴通讯股份有限公司 | Method for on-line upgrading of edition in terminal product without interrupting the operation |
| US20100185845A1 (en) * | 2007-10-05 | 2010-07-22 | Hisashi Takayama | Secure boot terminal, secure boot method, secure boot program, recording medium, and integrated circuit |
| CN101937347A (en) * | 2010-08-06 | 2011-01-05 | 深圳市共进电子有限公司 | Method for managing automatic updating in special networked terminal equipment |
| US20110099362A1 (en) * | 2008-06-23 | 2011-04-28 | Tomoyuki Haga | Information processing device, encryption key management method, computer program and integrated circuit |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7065650B2 (en) * | 2004-05-10 | 2006-06-20 | Aladdin Knowledge Systems Ltd. | Method for indicating the integrity of a collection of digital objects |
| CN100354825C (en) * | 2006-08-02 | 2007-12-12 | 华为技术有限公司 | Software staging and back spacing method |
| CN103338450A (en) * | 2013-06-26 | 2013-10-02 | 华为技术有限公司 | Verification method and equipment |
-
2013
- 2013-06-26 CN CN2013102608290A patent/CN103338450A/en active Pending
-
2014
- 2014-05-28 WO PCT/CN2014/078583 patent/WO2014206170A1/en active Application Filing
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101078993A (en) * | 2007-03-13 | 2007-11-28 | 中兴通讯股份有限公司 | Method for on-line upgrading of edition in terminal product without interrupting the operation |
| US20100185845A1 (en) * | 2007-10-05 | 2010-07-22 | Hisashi Takayama | Secure boot terminal, secure boot method, secure boot program, recording medium, and integrated circuit |
| US20110099362A1 (en) * | 2008-06-23 | 2011-04-28 | Tomoyuki Haga | Information processing device, encryption key management method, computer program and integrated circuit |
| CN101937347A (en) * | 2010-08-06 | 2011-01-05 | 深圳市共进电子有限公司 | Method for managing automatic updating in special networked terminal equipment |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2014206170A1 (en) * | 2013-06-26 | 2014-12-31 | 华为技术有限公司 | Verification method and device |
| CN106161825B (en) * | 2015-04-15 | 2019-11-12 | 中国移动通信集团江苏有限公司 | A kind of application program charging method and device |
| CN106161825A (en) * | 2015-04-15 | 2016-11-23 | 中国移动通信集团江苏有限公司 | A kind of application program charging method and device |
| CN106209754B (en) * | 2015-05-08 | 2019-01-22 | 中标软件有限公司 | To the method and system of software package automatic signature in version control system |
| CN106209754A (en) * | 2015-05-08 | 2016-12-07 | 中标软件有限公司 | Method and system to software kit automatic signature in version control system |
| CN105117651B (en) * | 2015-09-16 | 2018-05-29 | 上海华为技术有限公司 | A kind of method, method and device of software packet upgrade for controlling veneer clean boot |
| CN105117651A (en) * | 2015-09-16 | 2015-12-02 | 上海华为技术有限公司 | Method for controlling single board to be safely started and method and device for upgrading software package |
| CN106789088A (en) * | 2017-02-08 | 2017-05-31 | 上海诺行信息技术有限公司 | A kind of software version signature mechanism |
| CN111095342A (en) * | 2017-05-30 | 2020-05-01 | 法国电力公司 | Updating of device firmware and/or configuration for power distribution networks |
| CN111382397A (en) * | 2020-02-26 | 2020-07-07 | 浙江大华技术股份有限公司 | Configuration method of upgrade software package, software upgrade method, equipment and storage device |
| CN111382397B (en) * | 2020-02-26 | 2023-03-24 | 浙江大华技术股份有限公司 | Configuration method of upgrade software package, software upgrade method, equipment and storage device |
| US20220021546A1 (en) * | 2021-06-25 | 2022-01-20 | Intel Corporation | Method, system and apparatus for delayed production code signing for heterogeneous artifacts |
| US11902453B2 (en) * | 2021-06-25 | 2024-02-13 | Intel Corporation | Method, system and apparatus for delayed production code signing for heterogeneous artifacts |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2014206170A1 (en) | 2014-12-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103338450A (en) | Verification method and equipment | |
| US10229271B2 (en) | System-on-chips and electronic devices including same | |
| US8327153B2 (en) | Method and system for verifying software platform of vehicle | |
| EP2772868B1 (en) | Method of updating the operating system of a secure microcircuit | |
| US7711944B2 (en) | Method and apparatus for securely updating and booting code image | |
| CN101438254B (en) | Methods and apparatus for providing a read access control system associated with a flash device | |
| US20140181498A1 (en) | Method and apparatus for supporting dynamic change of authentication means secure booting | |
| EP2879327A1 (en) | Encryption and decryption processing method, apparatus and device | |
| US20120246442A1 (en) | Storage device and method for updating data in a partition of the storage device | |
| EP3100168B1 (en) | Data erasure of a target device | |
| US9430650B2 (en) | Method for managing memory space in a secure non-volatile memory of a secure element | |
| WO2014131652A1 (en) | A method for software anti-rollback recovery | |
| US20160004648A1 (en) | Data erasing apparatus, data erasing method, and computer-readable storage medium | |
| CN111201553B (en) | Safety element and related equipment | |
| CN110874467B (en) | Information processing method, device, system, processor and storage medium | |
| US11270003B2 (en) | Semiconductor device including secure patchable ROM and patch method thereof | |
| CN101923476A (en) | File installation system and file installation method | |
| CN106919865B (en) | Non-volatile memory data encryption system | |
| EP2705455B1 (en) | Determination of apparatus configuration and programming data | |
| CN107995230B (en) | A kind of method for down loading and terminal | |
| CN101751279B (en) | Chip and method for downloading on-chip operation system | |
| US11768943B2 (en) | Secure element and method for starting an application by a low-level operating system | |
| CN111125723A (en) | Encryption card identification method, device, equipment and storage medium | |
| CN101447012B (en) | Method for verifying electronic device and firmware therein | |
| US20090187898A1 (en) | Method for securely updating an autorun program and portable electronic entity executing it |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20131002 |
|
| RJ01 | Rejection of invention patent application after publication |