CN105068824A - Method and device for dividing terminal development mode and product mode - Google Patents
Method and device for dividing terminal development mode and product mode Download PDFInfo
- Publication number
- CN105068824A CN105068824A CN201510417556.5A CN201510417556A CN105068824A CN 105068824 A CN105068824 A CN 105068824A CN 201510417556 A CN201510417556 A CN 201510417556A CN 105068824 A CN105068824 A CN 105068824A
- Authority
- CN
- China
- Prior art keywords
- firmware
- exploitation
- product
- certificate
- development
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/572—Secure firmware programming, e.g. of basic input output system [BIOS]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Abstract
The invention provides a method and a system for dividing a terminal development mode and a product mode. The method comprises the following steps: a development CA (Certificate Authority) signs and issues a development certificate, wherein the development certificate comprises a development private key and a development public key; the development private key is used for writing a signature on development firmware; the development firmware with the signature is generated; a terminal obtains the firmware; according to a zone bit pre-stored in an internal FLASH, whether the terminal is under a development mode or a product mode at present is judged; if the terminal is under the development mode, the development CA is obtained; the development CA is used for carrying out attestation on the firmware; if the firmware passes the attestation, the firmware is judged as the development firmware; and the firmware is installed and operated. Different CAs and certificate systems are used for firmware corresponding to different stages for carrying out the signature, the corresponding CA is obtained according to a mode under which the terminal is in at present to verify the downloaded firmware, the firmware is allowed to be installed only when the firmware passes the verification, development permission and product permission are separated, and test version firmware under a development stage is prevented from being updated to a formal product.
Description
Technical field
The present invention relates to a kind of method and system dividing terminal development pattern and product pattern.
Background technology
In payment technical field, very high requirement is proposed to the legitimacy of terminal firmware, security, integrality, therefore facilitates the widespread use of certificate sign test system in payment technical field.
The sign test system of current main flow uses certificate to set building of whole sign test system, and by solidifying CA in disposable programming FLASH code, described program curing is written to DSP program exactly, and such DSP just can depart from emulator off-line operation.The process of solidification CA comprises: use certificate private key to sign to firmware, when firmware downloads enters terminal, uses CertPubKey to verify signature, meets the requirement of the legitimacy of terminal firmware, security, integrality.As shown in Figure 1, general firmware signature form is " firmware+signing certificate+HASH verifies "; By the signing messages verified containing signing certificate and HASH in firmware afterbody additional packets, complete the checking to firmware legitimacy, wherein, " HASH verification " adds a HASH value of signing certificate for calculating firmware after, the private key signature through frame number of signing generates; Sign test process, first by the PKI in signing certificate, " HASH verification " is decrypted, the HASH value of the file again after secure processing device encrypts, obtain the 2nd HASH value, compare a HASH value and the 2nd HASH value, if conform to, then attestation-signatures is normal, if do not conform to, then prove that firmware occurs in downloading process abnormal, may be revised by intercepting.
But, the sign test mode used after above-mentioned prior art terminal downloads firmware, and being separated of firmware development version and product version cannot be realized.In firmware development process, often can relate to the debugging amendment of firmware, therefore, may there is risk in the firmware of beta version; And although the firmware of beta version is in test phase, but still be legal, can sign test be passed through equally; After being downloaded to terminal, terminal can only judge the legitimacy of signature by above-mentioned sign test mode, but cannot district office download firmware be beta version or official release, therefore exist to slip up and download to the risk of beta version, and then cause terminal to there is larger potential safety hazard, terminal can normally be run, and the interests of user and operator all cannot be guaranteed.
Application number is the patented claim of 201210527778.9, disclose a kind of method and system preventing updating mobile terminal from arriving illegal firmware version, comprise upgrading tool to treat firmware updating version and carry out version legitimacy checking treatment, and according to version legitimacy check results, receive the firmware version to be upgraded that upgrading tool issues; Legitimate verification is carried out to the firmware version to be upgraded received, according to the result, carries out the upgrading of firmware version.
Above-mentioned application documents still can only judge the legitimacy of firmware, cannot realize the differentiation of firmware version; Therefore, be necessary to provide a kind of method and system dividing terminal development pattern and product pattern, to solve the problem.
Summary of the invention
Technical matters to be solved by this invention is: provide a kind of method and system dividing terminal development pattern and product pattern, realization exploitation authority is separated with product authority, guarantee that the firmware of beta version can not be updated in formal product, evade the potential safety hazard that terminal may exist.
In order to solve the problems of the technologies described above, the technical solution used in the present invention is:
Divide a method for terminal development pattern and product pattern, comprising:
Exploitation CA signs and issues exploitation certificate, comprises exploitation private key and exploitation PKI in described exploitation certificate;
Exploitation private key is used to sign to exploitation firmware; Generate the exploitation firmware of having signed;
Terminal obtains a firmware; Judge that described terminal is current according to the zone bit be stored in advance in inner FLASH and be in development mode or product pattern;
If development mode, then obtain exploitation CA; Use a firmware described in exploitation CA sign test; If sign test is passed through, then judge that a described firmware is as described exploitation firmware; Install and run a described firmware.
Another technical scheme provided by the invention is:
Divide a system for terminal development pattern and product pattern, comprising:
First signs and issues module, signs and issues exploitation certificate for developing CA, comprises exploitation private key and exploitation PKI in described exploitation certificate;
First signature blocks, signs to exploitation firmware for using exploitation private key;
First generation module, for generating the exploitation firmware of having signed;
First acquisition module, obtains a firmware for terminal;
First judge module, is in development mode or product pattern for judging that described terminal is current according to the zone bit be stored in advance in inner FLASH;
Second acquisition module, for obtaining exploitation CA;
First sign test module, for using a firmware described in exploitation CA sign test;
First determination module, for judging that a described firmware is as described exploitation firmware;
Installation module, for installing and running a described firmware.
Beneficial effect of the present invention is: the firmware that the present invention's correspondence is in different phase uses different CA and Certification system to sign; After terminal gets a firmware, judge that terminal is current be in development mode or product pattern according to being stored in advance in inner zone bit, and then obtain corresponding CA and verify, if be verified, then confirm that described firmware meets the current residing pattern of terminal; Realization exploitation authority is separated with product authority, guarantees that developer uses the beta version firmware after developing CA signature cannot download in formal product, evades the risk that beta version firmware flows out, and then the security of guarantee terminal.
Accompanying drawing explanation
Fig. 1 is the firmware signature form of prior art;
Fig. 2 is a kind of schematic flow sheet dividing the method for terminal development pattern and product pattern of the present invention;
Fig. 3 is a kind of schematic flow sheet dividing the method for terminal development pattern and product pattern of one embodiment of the invention;
Fig. 4 is a kind of schematic flow sheet dividing sign test process in the method for terminal development pattern and product pattern of one embodiment of the invention;
Fig. 5 is a kind of structural representation dividing the system of terminal development pattern and product pattern of the present invention;
Fig. 6 is a kind of structural representation dividing the system of terminal development pattern and product pattern of one embodiment of the invention;
Fig. 7 is a kind of structural representation dividing the first signature blocks in the system of terminal development pattern and product pattern of one embodiment of the invention;
Fig. 8 is a kind of structural representation dividing the first sign test module in the system of terminal development pattern and product pattern of one embodiment of the invention.
Label declaration:
1, first module is signed and issued; 2, the first signature blocks; 3, the first generation module;
4, the first acquisition module; 5, the first judge module; 6, the second acquisition module;
7, the first sign test module; 8, the first determination module; 9, installation module;
10, second module is signed and issued; 11, the second signature blocks; 12, the second generation module;
13, the 3rd acquisition module; 14, the second sign test module; 15, the second determination module;
16, the first computing unit; 17, ciphering unit; 18, authentication unit;
19, decryption unit; 20, the second computing unit; 21, unit is contrasted.
Embodiment
By describing technology contents of the present invention in detail, realized object and effect, accompanying drawing is coordinated to be explained below in conjunction with embodiment.
The design of most critical of the present invention is: the firmware of corresponding different phase uses different CA and Certification system to sign; According to the current residing corresponding CA of pattern acquiring of terminal, downloaded firmware is verified, be only verified and just allow to install, realize the isolation of authority.
The explanation of technical terms that the present invention relates to:
Please refer to Fig. 2 and Fig. 3, the invention provides a kind of method dividing terminal development pattern and product pattern, comprising:
Exploitation CA signs and issues exploitation certificate, comprises exploitation private key and exploitation PKI in described exploitation certificate;
Exploitation private key is used to sign to exploitation firmware; Generate the exploitation firmware of having signed;
Terminal obtains a firmware; According to the zone bit be stored in advance in inner FLASH, judge that described terminal is current and be in development mode or product pattern;
If development mode, then obtain exploitation CA; Use a firmware described in exploitation CA sign test; If sign test is passed through, then judge that a described firmware is as described exploitation firmware; Install and run a described firmware.
It should be noted that, described zone bit can use nybble to represent, as being product pattern when data are 0xFFFFFFFF, representing current when data are 0xABABABAB is development mode; The characteristic of FLASH is all written as 0xFF after erasing, reaches the effect that default conditions are Product Status.
From foregoing description, beneficial effect of the present invention is: realization exploitation authority is separated with product authority, guarantees that the beta version firmware being in the development phase can not be updated in formal product.In the development phase, developer can use exploitation authority to develop the signature of firmware and every debugging; When product firmware is formally issued, by product management and control librarian use product authority, product firmware is signed, guarantee the isolation of exploitation and product authority, ensure the security of exploitation firmware.
Further, also comprise:
Products C A signs and issues product certification, comprises product private key and product PKI in described product certification;
Product private key is used to sign to product firmware; Generate the product firmware of having signed;
If judge, described terminal is current is in product pattern, then obtain products C A; Use a firmware described in products C A sign test; If sign test is passed through, then judge that a described firmware is as product firmware; Install and run a described firmware.
Seen from the above description, to the product firmware being in the product stage, the products C A of supporting correspondence realizes signature and checking; After the firmware that the products C A good authentication that the terminal being only in the product stage chooses correspondence is downloaded, could confirm that the firmware downloaded is product firmware; Guarantee that the firmware that the terminal being in the product stage is installed is product firmware, ensure that Product Terminal works normally and runs.
Further, if sign test is not passed through, then delete a described firmware.
Seen from the above description, achieve terminal and automatically remove illegal firmware.
Further, described " signature " is specially:
HASH is calculated to described exploitation firmware and exploitation certificate, obtains a HASH value;
Use described exploitation private key to be encrypted a described HASH value, generate exploitation HASH verification.
Seen from the above description, the present invention can use exploitation CA to carry out signature operation to exploitation firmware, generates the exploitation firmware of having signed, to realize exploitation firmware and the differentiation in itself of product firmware.
Refer to Fig. 4, further, a described firmware comprises firmware, certificate and HASH verification;
Described " sign test " is specially:
Exploitation CA verifies the legitimacy of described certificate;
If by checking, then use HASH verification described in the public key decryptions in described certificate;
If successful decryption, then HASH is calculated to the described firmware in a described firmware and described certificate, obtain the 2nd HASH value;
Contrast a described HASH value and the 2nd HASH value; If identical, then sign test is passed through.
Seen from the above description, the present invention according to the stage residing for terminal, can call the firmware downloaded for CA sign test, and judge the firmware the downloaded stage whether residing for counterpart terminal according to concrete sign test result, the version realizing institute's download firmware is distinguished.
Refer to Fig. 5, another technical scheme provided by the invention is:
Divide a system for terminal development pattern and product pattern, comprising:
First signs and issues module 1, signs and issues exploitation certificate for developing CA, comprises exploitation private key and exploitation PKI in described exploitation certificate;
First signature blocks 2, signs to exploitation firmware for using exploitation private key;
First generation module 3, for generating the exploitation firmware of having signed;
First acquisition module 4, obtains a firmware for terminal;
First judge module 5, is in development mode or product pattern for judging that described terminal is current according to the zone bit be stored in advance in inner FLASH;
Second acquisition module 6, for obtaining exploitation CA;
First sign test module 7, for using a firmware described in exploitation CA sign test;
First determination module 8, for judging that a described firmware is as described exploitation firmware;
Installation module 9, for installing and running a described firmware.
From foregoing description, beneficial effect of the present invention is: the present invention signs and issues module 1, first signature blocks 2 by first and realizes being separated of exploitation authority and product authority with the first production module; Guarantee that the beta version firmware being in the development phase can not be updated in formal product by the first judge module 5, second acquisition module 6, first sign test module 7 and the first determination module 8; Guarantee the isolation of exploitation and product authority, ensure the security of exploitation firmware.
Refer to Fig. 6, further, also comprise:
Second signs and issues module 10, signs and issues product certification for products C A, comprises product private key and product PKI in described product certification;
Second signature blocks 11, signs to product firmware for using product private key;
Second generation module 12, for generating the product firmware of having signed;
3rd acquisition module 13, for obtaining products C A;
Second sign test module 14, for using a firmware described in products C A sign test;
Second determination module 15, for judging that a described firmware is as product firmware.
Seen from the above description, sign and issue module 10, second signature blocks 11, second generation module 12 by second and realize the signature of products C A to product firmware; Realize adopting products C A sign test firmware by the 3rd acquisition module 13, second sign test module 14 and the second judge module.
Refer to Fig. 7, further, described first signature blocks 2 comprises:
First computing unit 16, for calculating HASH to described exploitation firmware and exploitation certificate, obtains a HASH value;
Ciphering unit 17, for using described exploitation private key to be encrypted a described HASH value, generates exploitation HASH verification.
Seen from the above description, the present invention can use exploitation CA to carry out signature operation to exploitation firmware by the first computing module in the first signature blocks 2 and encrypting module, generate the exploitation of the signature firmware of corresponding exploitation CA, inherently make a distinction with product firmware.
Refer to Fig. 8, further, described first sign test module 7 comprises:
Authentication unit 18, verifies the legitimacy of described certificate for developing CA;
Decryption unit 19, verifies for using the HASH in a firmware described in the public key decryptions in described exploitation certificate;
Second computing unit 20, for calculating HASH to the described firmware in a described firmware and described certificate, obtains the 2nd HASH value;
Contrast unit 21, for contrasting a described HASH value and the 2nd HASH value.
Seen from the above description, the firmware that the present invention can be downloaded by the authentication unit 18 of the first sign test module 7, decryption unit 19, second computing unit 20 and contrast unit 21 pairs of terminals is verified, to judge whether the stage residing for counterpart terminal, guarantee the corresponding relation of stage residing for terminal and firmware.
Please refer to Fig. 1-4, embodiments of the invention one are:
A kind of method dividing terminal development pattern and product pattern is provided, comprises:
Terminal stores simultaneously exploitation CA and products C A; Described exploitation CA and products C A can be the different digital certificate verification center that different third party tissue or company develop, and certainly, also can be the different digital certificate verification center of same tissue or company's exploitation;
Exploitation CA signs and issues exploitation certificate, and described exploitation certificate comprises exploitation private key and exploitation PKI; Described exploitation private key as exploitation signature card, for developer holds; Developer uses exploitation signature card to carry out signature operation to the exploitation firmware being in test phase; Generate the exploitation firmware of having signed;
Concrete signature operation comprises:
HASH is calculated to described exploitation firmware and exploitation certificate, obtains exploitation the one HASH value;
Use described exploitation private key to be encrypted described exploitation the one HASH value, generate exploitation HASH verification;
The exploitation certificate and exploitation HASH that comprise exploitation PKI are verified the afterbody being attached to described exploitation firmware in accordance with certain form.
Be in the terminal of development phase, in advance the zone bit in terminal inner FLASH be set to be in the development phase;
Described terminal downloads firmware A; Described firmware A comprises firmware A, certificate and HASH verification;
Judge to obtain that described terminal is current is in the development phase according to the zone bit in the FLASH of terminal inner;
Obtain the exploitation CA being stored in terminal;
Exploitation CA is used to verify the legitimacy of certificate described in described firmware A;
If be verified, then use HASH verification described in the public key decryptions in described certificate;
If successful decryption, then HASH is calculated to the described firmware A in described firmware A and described certificate, obtain the 2nd HASH value;
Contrast described exploitation the one HASH value and the 2nd HASH value;
If identical, then sign test is passed through, and confirms that described firmware A is for exploitation firmware, meets the requirement of the terminal being in the development phase; Terminal is installed and is run described firmware A;
If not identical, then deleting described firmware A, judge that described firmware A not develops firmware, is illegal firmware.
Please refer to Fig. 1-4, on the basis of embodiment one, embodiments of the invention two are:
Products C A signs and issues product certification, and described product certification comprises product private key and product PKI; Described product private key is as product signature card, and for product, personnel hold; Product librarian use product signature card carries out signature operation to the product firmware for formal product; Generate the product firmware of having signed;
Concrete signature operation comprises:
HASH is calculated to described product firmware and product certification, obtains product the one HASH value;
Use described product private key to be encrypted described product the one HASH value, generate product HASH verification;
The product certification and product HASH that comprise product PKI are verified the afterbody being attached to described product firmware in accordance with certain form.
Be in the terminal in product stage, in advance the zone bit in terminal inner FLASH be set to be in the product stage;
Described terminal downloads firmware B; Described firmware B comprises firmware B, certificate and HASH verification;
Judge to obtain that described terminal is current is in the product stage according to the zone bit in the FLASH of terminal inner;
Obtain the products C A being stored in terminal;
Products C A is used to verify the legitimacy of certificate described in described firmware B;
If be verified, then use HASH verification described in the public key decryptions in described certificate;
If successful decryption, then HASH is calculated to the described firmware B in described firmware B and described certificate, obtain the 2nd HASH value;
Contrast described product the one HASH value and the 2nd HASH value;
If identical, then sign test is passed through, and confirms that described firmware B is product firmware, meets the requirement of the terminal being in the product stage; Terminal is installed and is run described firmware B;
If not identical, then deleting described firmware B, judge described firmware B and non-product firmware, is illegal firmware.
Refer to Fig. 6-Fig. 8, embodiments of the invention three are:
Divide a system for terminal development pattern and product pattern, comprise products C A, exploitation CA and terminal;
Described exploitation CA comprises:
First signs and issues module 1, signs and issues exploitation certificate for developing CA, comprises exploitation private key and exploitation PKI in described exploitation certificate; Described first signature blocks 2 comprises the first computing unit 16 and ciphering unit 17; First computing unit 16, for calculating HASH to described exploitation firmware and exploitation certificate, obtains a HASH value; Ciphering unit 17 is encrypted a described HASH value for using described exploitation private key, generates exploitation HASH verification;
First signature blocks 2, signs to exploitation firmware for using exploitation private key;
First generation module 3, for generating the exploitation firmware of having signed;
Described products C A comprises:
Second signs and issues module 10, signs and issues product certification for products C A, comprises product private key and product PKI in described product certification;
Second signature blocks 11, signs to product firmware for using product private key;
Second generation module 12, for generating the product firmware of having signed;
Described terminal comprises:
First acquisition module 4, obtains a firmware for terminal;
First judge module 5, is in development mode or product pattern for judging that described terminal is current according to the zone bit be stored in advance in inner FLASH;
Second acquisition module 6, for obtaining exploitation CA;
First sign test module 7, for using a firmware described in exploitation CA sign test; Specifically comprise authentication unit 18, decryption unit 19, second computing unit 20 and contrast unit 21, described authentication unit 18 verifies the legitimacy of described certificate for developing CA; Described decryption unit 19 verifies for using the HASH in a firmware described in the public key decryptions in described exploitation certificate; Second computing unit 20, for calculating HASH to the described firmware in a described firmware and described certificate, obtains the 2nd HASH value; Contrast unit 21 is for contrasting a described HASH value and the 2nd HASH value;
First determination module 8, for judging that a described firmware is as described exploitation firmware;
3rd acquisition module 13, for obtaining products C A;
Second sign test module 14, for using a firmware described in products C A sign test;
Second determination module 15, for judging that a described firmware is as product firmware.
Installation module 9, for installing and running a described firmware.
In sum, a kind of method and system dividing terminal development pattern and product pattern provided by the invention, the version that cannot realize terminal institute download firmware being different from prior art is distinguished, and beta version may be caused to flow out, there is the problem of potential safety hazard; The present invention uses different CA and Certification system to sign by the firmware of corresponding different phase; According to the current residing corresponding CA of pattern acquiring of terminal, downloaded firmware is verified, be only verified and just allow to install, realize the isolation of product authority and exploitation authority, guarantee that the firmware of beta version cannot be updated in Product Terminal; Meanwhile, also comprise and legitimacy sign test process is carried out to institute's download firmware, meet the legitimacy of terminal firmware, security and integrity demands.
The foregoing is only embodiments of the invention; not thereby the scope of the claims of the present invention is limited; every equivalents utilizing instructions of the present invention and accompanying drawing content to do, or be directly or indirectly used in relevant technical field, be all in like manner included in scope of patent protection of the present invention.
Claims (9)
1. divide a method for terminal development pattern and product pattern, it is characterized in that, comprising:
Exploitation CA signs and issues exploitation certificate, comprises exploitation private key and exploitation PKI in described exploitation certificate;
Exploitation private key is used to sign to exploitation firmware; Generate the exploitation firmware of having signed;
Terminal obtains a firmware; Judge that described terminal is current according to the zone bit be stored in advance in inner FLASH and be in development mode or product pattern;
If development mode, then obtain exploitation CA; Use a firmware described in exploitation CA sign test; If sign test is passed through, then judge that a described firmware is as described exploitation firmware; Install and run a described firmware.
2. a kind of method dividing terminal development pattern and product pattern as claimed in claim 1, is characterized in that, comprise further:
Products C A signs and issues product certification, comprises product private key and product PKI in described product certification;
Product private key is used to sign to product firmware; Generate the product firmware of having signed;
If judge, described terminal is current is in product pattern, then obtain products C A; Use a firmware described in products C A sign test; If sign test is passed through, then judge that a described firmware is as product firmware; Install and run a described firmware.
3. a kind of method dividing terminal development pattern and product pattern as claimed in claim 1 or 2, is characterized in that, if sign test is not passed through, then deletes a described firmware.
4. a kind of method dividing terminal development pattern and product pattern as claimed in claim 1, is characterized in that, described " signature " is specially:
HASH is calculated to described exploitation firmware and exploitation certificate, obtains a HASH value;
Use described exploitation private key to be encrypted a described HASH value, generate exploitation HASH verification.
5. a kind of method dividing terminal development pattern and product pattern as claimed in claim 4, is characterized in that, a described firmware comprises firmware, certificate and HASH verification;
Described " sign test " is specially:
Exploitation CA verifies the legitimacy of described certificate;
If by checking, then use HASH verification described in the public key decryptions in described certificate;
If successful decryption, then HASH is calculated to the described firmware in a described firmware and described certificate, obtain the 2nd HASH value;
Contrast a described HASH value and the 2nd HASH value; If identical, then sign test is passed through.
6. divide a system for terminal development pattern and product pattern, it is characterized in that, comprising:
First signs and issues module, signs and issues exploitation certificate for developing CA, comprises exploitation private key and exploitation PKI in described exploitation certificate;
First signature blocks, signs to exploitation firmware for using exploitation private key;
First generation module, for generating the exploitation firmware of having signed;
First acquisition module, obtains a firmware for terminal;
First judge module, is in development mode or product pattern for judging that described terminal is current according to the zone bit be stored in advance in inner FLASH;
Second acquisition module, for obtaining exploitation CA;
First sign test module, for using a firmware described in exploitation CA sign test;
First determination module, for judging that a described firmware is as described exploitation firmware;
Installation module, for installing and running a described firmware.
7. a kind of system dividing terminal development pattern and product pattern as claimed in claim 6, is characterized in that, further comprise:
Second signs and issues module, signs and issues product certification for products C A, comprises product private key and product PKI in described product certification;
Second signature blocks, signs to product firmware for using product private key;
Second generation module, for generating the product firmware of having signed;
3rd acquisition module, for obtaining products C A;
Second sign test module, for using a firmware described in products C A sign test;
Second determination module, for judging that a described firmware is as product firmware.
8. a kind of system dividing terminal development pattern and product pattern as claimed in claim 6, is characterized in that, described first signature blocks comprises:
First computing unit, for calculating HASH to described exploitation firmware and exploitation certificate, obtains a HASH value;
Ciphering unit, for using described exploitation private key to be encrypted a described HASH value, generates exploitation HASH verification.
9. a kind of system dividing terminal development pattern and product pattern as claimed in claim 6, is characterized in that, described first sign test module comprises:
Authentication unit, verifies the legitimacy of described certificate for developing CA;
Decryption unit, verifies for using the HASH in a firmware described in the public key decryptions in described exploitation certificate;
Second computing unit, for calculating HASH to the described firmware in a described firmware and described certificate, obtains the 2nd HASH value;
Contrast unit, for contrasting a described HASH value and the 2nd HASH value.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510417556.5A CN105068824B (en) | 2015-07-16 | 2015-07-16 | A kind of method and system dividing terminal development pattern and product pattern |
| PCT/CN2016/089762 WO2017008728A1 (en) | 2015-07-16 | 2016-07-12 | Method and system for classifying development mode and product mode for terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510417556.5A CN105068824B (en) | 2015-07-16 | 2015-07-16 | A kind of method and system dividing terminal development pattern and product pattern |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105068824A true CN105068824A (en) | 2015-11-18 |
| CN105068824B CN105068824B (en) | 2018-08-28 |
Family
ID=54498204
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510417556.5A Active CN105068824B (en) | 2015-07-16 | 2015-07-16 | A kind of method and system dividing terminal development pattern and product pattern |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN105068824B (en) |
| WO (1) | WO2017008728A1 (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2017008728A1 (en) * | 2015-07-16 | 2017-01-19 | 福建联迪商用设备有限公司 | Method and system for classifying development mode and product mode for terminal |
| CN106506163A (en) * | 2016-10-21 | 2017-03-15 | 北京小米移动软件有限公司 | ROM packet processing methods and device |
| CN107092831A (en) * | 2017-04-13 | 2017-08-25 | 昆山百敖电子科技有限公司 | Firmware based on firmware layer updates anti-virus method and device |
| CN111628873A (en) * | 2020-07-28 | 2020-09-04 | 四川省数字证书认证管理中心有限公司 | Method for storing digital certificate solidified data telegraph text |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2019114028A (en) * | 2017-12-22 | 2019-07-11 | 株式会社東芝 | Application development environment program and device |
| DE102020003072B3 (en) | 2020-05-22 | 2021-07-15 | Daimler Ag | Procedure for the secure use of cryptographic material |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101145906A (en) * | 2006-09-13 | 2008-03-19 | 北京邦天科技有限公司 | Method and system for authenticating legality of receiving terminal in unidirectional network |
| CN102594568A (en) * | 2012-03-23 | 2012-07-18 | 南京小网科技有限责任公司 | Method for ensuring safety of mobile equipment software mirror image based on multilevel digital certificate |
| CN102981881A (en) * | 2012-12-10 | 2013-03-20 | 中兴通讯股份有限公司 | Method and system for preventing mobile terminal from being updated to illegal firmware version |
| CN103944903A (en) * | 2014-04-23 | 2014-07-23 | 福建联迪商用设备有限公司 | Multi-party authorized APK signature method and system |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8204968B2 (en) * | 2008-12-03 | 2012-06-19 | At&T Mobility Ii Llc | Registration notification for mobile device management |
| CN102693139B (en) * | 2011-03-25 | 2015-09-30 | 比亚迪股份有限公司 | A kind of method and system of radio upgrade cell phone software |
| CN103257872B (en) * | 2013-04-15 | 2016-11-23 | 中国信息安全测评中心 | The embedded control system of a kind of computer and update method thereof |
| CN105068824B (en) * | 2015-07-16 | 2018-08-28 | 福建联迪商用设备有限公司 | A kind of method and system dividing terminal development pattern and product pattern |
-
2015
- 2015-07-16 CN CN201510417556.5A patent/CN105068824B/en active Active
-
2016
- 2016-07-12 WO PCT/CN2016/089762 patent/WO2017008728A1/en active Application Filing
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101145906A (en) * | 2006-09-13 | 2008-03-19 | 北京邦天科技有限公司 | Method and system for authenticating legality of receiving terminal in unidirectional network |
| CN102594568A (en) * | 2012-03-23 | 2012-07-18 | 南京小网科技有限责任公司 | Method for ensuring safety of mobile equipment software mirror image based on multilevel digital certificate |
| CN102981881A (en) * | 2012-12-10 | 2013-03-20 | 中兴通讯股份有限公司 | Method and system for preventing mobile terminal from being updated to illegal firmware version |
| CN103944903A (en) * | 2014-04-23 | 2014-07-23 | 福建联迪商用设备有限公司 | Multi-party authorized APK signature method and system |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2017008728A1 (en) * | 2015-07-16 | 2017-01-19 | 福建联迪商用设备有限公司 | Method and system for classifying development mode and product mode for terminal |
| CN106506163A (en) * | 2016-10-21 | 2017-03-15 | 北京小米移动软件有限公司 | ROM packet processing methods and device |
| CN106506163B (en) * | 2016-10-21 | 2019-11-15 | 北京小米移动软件有限公司 | ROM packet processing method and device |
| CN107092831A (en) * | 2017-04-13 | 2017-08-25 | 昆山百敖电子科技有限公司 | Firmware based on firmware layer updates anti-virus method and device |
| CN111628873A (en) * | 2020-07-28 | 2020-09-04 | 四川省数字证书认证管理中心有限公司 | Method for storing digital certificate solidified data telegraph text |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105068824B (en) | 2018-08-28 |
| WO2017008728A1 (en) | 2017-01-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105068824A (en) | Method and device for dividing terminal development mode and product mode | |
| CN107615292B (en) | System and method for managing installation of application packages requiring high risk permission access | |
| CN110597538B (en) | Software upgrading method and OTA upgrading system based on OTA upgrading system | |
| CN107463806B (en) | Signature and signature verification method for Android application program installation package | |
| CN101145906B (en) | Method and system for authenticating legality of receiving terminal in unidirectional network | |
| CN102662692B (en) | Method and system for updating application program in electronic control unit | |
| CN106936577B (en) | Method, terminal and system for certificate application | |
| JP2019505887A (en) | Mobile device with reliable execution environment | |
| CN103514000B (en) | Browser plug-in installation method and device | |
| CN107466455B (en) | POS machine security verification method and device | |
| CN104639506B (en) | Method, system and the terminal for carrying out management and control are installed to application program | |
| CN103577206A (en) | Method and device for installing application software | |
| WO2016019790A1 (en) | Verification method, client, server and system for installation package | |
| CN108229144B (en) | Verification method of application program, terminal equipment and storage medium | |
| CN104462965A (en) | Method for verifying integrity of application program and network device | |
| CN104680061A (en) | Method and system for verifying code signing during startup of application in Android environment | |
| CN108880859B (en) | Configuration method, device, server, terminal and storage medium of upgrade file | |
| CN104751049A (en) | Application program installing method and mobile terminal | |
| CN103677892A (en) | Authorization scheme to enable special privilege mode in secure electronic control unit | |
| CN108259479B (en) | Business data processing method, client and computer readable storage medium | |
| CN104915591A (en) | Data processing method and electronic equipment | |
| CN109358859B (en) | Method, device and storage medium for installing intelligent contract in block chain network | |
| CN109213501B (en) | Method, device and storage medium for installing intelligent contract in block chain network | |
| CN104426658A (en) | Method and device for performing identity authentication on application on mobile terminal | |
| CN107566413B (en) | Smart card security authentication method and system based on data short message technology |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |