CN105068824B - A kind of method and system dividing terminal development pattern and product pattern - Google Patents

A kind of method and system dividing terminal development pattern and product pattern Download PDF

Info

Publication number
CN105068824B
CN105068824B CN201510417556.5A CN201510417556A CN105068824B CN 105068824 B CN105068824 B CN 105068824B CN 201510417556 A CN201510417556 A CN 201510417556A CN 105068824 B CN105068824 B CN 105068824B
Authority
CN
China
Prior art keywords
firmware
exploitation
product
pattern
certificate
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510417556.5A
Other languages
Chinese (zh)
Other versions
CN105068824A (en
Inventor
林金寒
洪逸轩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fujian Landi Commercial Equipment Co Ltd
Original Assignee
Fujian Landi Commercial Equipment Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fujian Landi Commercial Equipment Co Ltd filed Critical Fujian Landi Commercial Equipment Co Ltd
Priority to CN201510417556.5A priority Critical patent/CN105068824B/en
Publication of CN105068824A publication Critical patent/CN105068824A/en
Priority to PCT/CN2016/089762 priority patent/WO2017008728A1/en
Application granted granted Critical
Publication of CN105068824B publication Critical patent/CN105068824B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/572Secure firmware programming, e.g. of basic input output system [BIOS]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Abstract

The present invention provides a kind of method and system dividing terminal development pattern and product pattern, and method includes:Exploitation CA signs and issues exploitation certificate, develops in certificate comprising exploitation private key and exploitation public key;It is signed to exploitation firmware using exploitation private key;Generate the exploitation firmware signed;Terminal obtains a firmware;Judge that terminal is currently at development mode or product pattern according to the flag bit being stored in advance in internal FLASH;If development mode, then exploitation CA is obtained;Use a firmware described in exploitation CA sign tests;If sign test passes through, judge that a firmware is the exploitation firmware;It installs and runs a firmware.The firmware that the present invention corresponds to different phase is signed using different CA and Certification system;The corresponding CA of pattern acquiring being presently according to terminal verifies the firmware downloaded, and being only verified just allows to install, and realizes the separation of hair permission and product permission, it is ensured that the beta version firmware in the development phase will not be updated in formal product.

Description

A kind of method and system dividing terminal development pattern and product pattern
Technical field
The present invention relates to a kind of method and system dividing terminal development pattern and product pattern.
Background technology
In payment technical field, very high requirement is proposed to the legitimacy of terminal firmware, safety, integrality, therefore promote Into certificate sign test system payment technical field extensive use.
The sign test system of mainstream completes building for entire sign test system using certificate tree at present, by disposable programming Cure CA in FLASH code, the program curing is exactly that program is written to DSP, and it is offline that such DSP can be detached from emulator Operation.Solidification CA process include:It is signed to firmware using certificate and private key, when firmware is downloaded into terminal, uses certificate public affairs Key verifies signature, meets the legitimacy of terminal firmware, safety, the requirement of integrality.As shown in Figure 1, general solid Part signs format as " firmware+signing certificate+HASH verifications ";It is verified comprising signing certificate and HASH by being added in firmware tail portion Signing messages, complete verification to firmware legitimacy, wherein " HASH verifications " is firmware is calculated and adds signing certificate the After one HASH values, the private key signature of signed frame number generates;Sign test process, first by the public key in signing certificate to " HASH Verification " is decrypted, then calculates the HASH values of the file after decryption, obtains the 2nd HASH values, compares the first HASH values and second HASH values, if being consistent, attestation-signatures are normal, if not being consistent, prove that firmware is abnormal in downloading process, may be cut It takes and changed.
However, above-mentioned prior art terminal downloads used sign test mode after firmware, and it cannot achieve firmware development version The separation of this and product version.During firmware development, often it is related to the debugging modification of firmware, therefore, beta version Firmware there may be risks;Although and the firmware of beta version is in test phase, but still is legal, can equally lead to Cross sign test;After being downloaded to terminal, terminal can only judge the legitimacy of signature by above-mentioned sign test mode, and institute but cannot be distinguished The firmware of download is beta version or official release, therefore downloads to the risk of beta version in the presence of that may slip up, and then is led Cause terminal there are larger security risk, the interests that terminal is capable of normal operation and user and operator are all unable to get guarantor Card.
Application No. is 201210527778.9 patent applications, and disclosing one kind prevents updating mobile terminal to illegal firmware The method and system of version, including upgrading tool treat firmware updating version and carry out version legitimacy verifies processing, and according to version This legitimacy verifies is as a result, receive the firmware version to be upgraded that upgrading tool issues;The firmware version to be upgraded received is carried out Legitimate verification carries out the upgrading of firmware version according to verification result.
Above-mentioned application documents still can only judge the legitimacy of firmware, cannot achieve the differentiation of firmware version;Therefore, having must A kind of method and system dividing terminal development pattern and product pattern are provided, to solve the above problems.
Invention content
The technical problem to be solved by the present invention is to:There is provided it is a kind of division terminal development pattern and product pattern method and System realizes the separation of exploitation permission and product permission, it is ensured that the firmware of beta version will not be updated in formal product, rule Keep away terminal security risk that may be present.
In order to solve the above-mentioned technical problem, the technical solution adopted by the present invention is:
A method of terminal development pattern and product pattern are divided, including:
Exploitation CA signs and issues exploitation certificate, includes exploitation private key and exploitation public key in the exploitation certificate;
It is signed to exploitation firmware using exploitation private key;Generate the exploitation firmware signed;
Terminal obtains a firmware;Judge that the terminal is currently at according to the flag bit being stored in advance in internal FLASH Development mode or product pattern;
If development mode, then exploitation CA is obtained;Use a firmware described in exploitation CA sign tests;If sign test passes through, judge One firmware is the exploitation firmware;It installs and runs a firmware.
Another technical solution provided by the invention is:
A kind of system dividing terminal development pattern and product pattern, including:
First signs and issues module, signs and issues exploitation certificate for developing CA, includes exploitation private key and exploitation in the exploitation certificate Public key;
First signature blocks, for being signed to exploitation firmware using exploitation private key;
First generation module, for generating the exploitation firmware signed;
First acquisition module obtains a firmware for terminal;
First judgment module, for judging that the terminal is currently located according to the flag bit being stored in advance in internal FLASH In development mode or product pattern;
Second acquisition module, for obtaining exploitation CA;
First sign test module, for using a firmware described in exploitation CA sign tests;
First determination module, for judging that a firmware is the exploitation firmware;
Module is installed, for installing and running a firmware.
The beneficial effects of the present invention are:The present invention corresponds to the firmware in different phase and uses different CA and certificate body System signs;After terminal gets a firmware, judge that terminal is presently at according to the flag bit for being stored in advance in internal Development mode or product pattern, and then obtain corresponding CA and verified, if being verified, confirm that the firmware meets end End is presently in pattern;Realize the separation of exploitation permission and product permission, it is ensured that developer uses the survey after exploitation CA signatures This firmware of test run can not download in formal product, evade the risk of beta version firmware outflow, and then ensure the safety of terminal Property.
Description of the drawings
Fig. 1 is the firmware signature format of the prior art;
Fig. 2 is a kind of flow diagram for the method dividing terminal development pattern and product pattern of the present invention;
Fig. 3 is a kind of flow diagram for the method dividing terminal development pattern and product pattern of one embodiment of the invention;
Fig. 4 is the stream of sign test process in a kind of method dividing terminal development pattern and product pattern of one embodiment of the invention Journey schematic diagram;
Fig. 5 is a kind of structural schematic diagram for the system dividing terminal development pattern and product pattern of the present invention;
Fig. 6 is a kind of structural schematic diagram for the system dividing terminal development pattern and product pattern of one embodiment of the invention;
Fig. 7 is the first signature blocks in a kind of system dividing terminal development pattern and product pattern of one embodiment of the invention Structural schematic diagram;
Fig. 8 is the first sign test module in a kind of system dividing terminal development pattern and product pattern of one embodiment of the invention Structural schematic diagram.
Label declaration:
1, first module is signed and issued;2, the first signature blocks;3, the first generation module;
4, the first acquisition module;5, the first judgment module;6, the second acquisition module;
7, the first sign test module;8, the first determination module;9, module is installed;
10, second module is signed and issued;11, the second signature blocks;12, the second generation module;
13, third acquisition module;14, the second sign test module;15, the second determination module;
16, the first computing unit;17, encryption unit;18, authentication unit;
19, decryption unit;20, the second computing unit;21, comparison unit.
Specific implementation mode
To explain the technical content, the achieved purpose and the effect of the present invention in detail, below in conjunction with embodiment and coordinate attached Figure is explained.
The design of most critical of the present invention is:The firmware of corresponding different phase is signed using different CA and Certification system Name;The corresponding CA of pattern acquiring being presently according to terminal verifies the firmware downloaded, and is only verified and just permits Perhaps it installs, realizes the isolation of permission.
Explanation of technical terms of the present invention:
Fig. 2 and Fig. 3 is please referred to, the present invention provides a kind of method dividing terminal development pattern and product pattern, including:
Exploitation CA signs and issues exploitation certificate, includes exploitation private key and exploitation public key in the exploitation certificate;
It is signed to exploitation firmware using exploitation private key;Generate the exploitation firmware signed;
Terminal obtains a firmware;According to the flag bit being stored in advance in internal FLASH, judge that the terminal is currently at Development mode or product pattern;
If development mode, then exploitation CA is obtained;Use a firmware described in exploitation CA sign tests;If sign test passes through, judge One firmware is the exploitation firmware;It installs and runs a firmware.
It should be noted that the flag bit can be indicated using nybble, it is such as production when data are 0xFFFFFFFF Product pattern indicates to be currently development mode when data are 0xABABABAB;The characteristic of FLASH is to be written as 0xFF after wiping, Achieve the effect that default conditions are Product Status.
As can be seen from the above description, the beneficial effects of the present invention are:Realize the separation of exploitation permission and product permission, it is ensured that Beta version firmware in the development phase will not be updated in formal product.In the development phase, developer can use Exploitation permission carries out the signature of exploitation firmware and every debugging;When product firmware is formally issued, used by product management and control personnel Product permission signs to product firmware, it is ensured that the isolation of exploitation and product permission ensures the safety of exploitation firmware.
Further, further include:
Products C A signs and issues product certification, includes product private key and product public key in the product certification;
It is signed to product firmware using product private key;Generate the product firmware signed;
If judging, the terminal is currently at product pattern, obtains products C A;Use a firmware described in products C A sign tests; If sign test passes through, judge a firmware for product firmware;It installs and runs a firmware.
Seen from the above description, to the product firmware in the product stage, mating corresponding products C A realizes signature and tests Card;Only be in the product stage terminal choose the firmware that corresponding products C A good authentications are downloaded after, just can confirm that under The firmware of load is product firmware;Ensure that the firmware that the terminal in the product stage is installed is product firmware, ensures Product Terminal Normal work and operation.
Further, if sign test does not pass through, a firmware is deleted.
Seen from the above description, it realizes terminal and removes illegal firmware automatically.
Further, described " signature " is specially:
HASH is calculated to the exploitation firmware and exploitation certificate, obtains the first HASH values;
The first HASH values are encrypted using the exploitation private key, generate exploitation HASH verifications.
Seen from the above description, the present invention can use exploitation CA to carry out signature operation to exploitation firmware, and generation has been signed Exploitation firmware, to realize the differentiation in itself of exploitation firmware and product firmware.
Referring to Fig. 4, further, a firmware includes firmware, certificate and HASH verifications;
" sign test " is specially:
Exploitation CA verifies the legitimacy of the certificate;
If by verification, verified using HASH described in the public key decryptions in the certificate;
If successful decryption, to the firmware and certificate calculating HASH in a firmware, the 2nd HASH is obtained Value;
Compare the first HASH values and the 2nd HASH values;If identical, sign test passes through.
Seen from the above description, the present invention can call the firmware downloaded for CA sign tests according to the stage residing for terminal, The firmware downloaded according to specific sign test result judgement whether the stage residing for counterpart terminal, realize the version of downloaded firmware It distinguishes.
Referring to Fig. 5, another technical solution provided by the invention is:
A kind of system dividing terminal development pattern and product pattern, including:
First signs and issues module 1, signs and issues exploitation certificate for developing CA, includes exploitation private key and exploitation in the exploitation certificate Public key;
First signature blocks 2, for being signed to exploitation firmware using exploitation private key;
First generation module 3, for generating the exploitation firmware signed;
First acquisition module 4 obtains a firmware for terminal;
First judgment module 5, for judging that the terminal is currently located according to the flag bit being stored in advance in internal FLASH In development mode or product pattern;
Second acquisition module 6, for obtaining exploitation CA;
First sign test module 7, for using a firmware described in exploitation CA sign tests;
First determination module 8, for judging that a firmware is the exploitation firmware;
Module 9 is installed, for installing and running a firmware.
As can be seen from the above description, the beneficial effects of the present invention are:The present invention signs and issues module 1, first by first and signs Module 2 and first produces the separation that module realizes exploitation permission and product permission;Mould is obtained by the first judgment module 5, second Block 6, the first sign test module 7 and the first determination module 8 ensure that the beta version firmware in the development phase will not be updated to just In formula product;Ensure exploitation and the isolation of product permission, ensures the safety of exploitation firmware.
Referring to Fig. 6, it is further, further include:
Second signs and issues module 10, signs and issues product certification for products C A, includes product private key and production in the product certification Product public key;
Second signature blocks 11, for being signed to product firmware using product private key;
Second generation module 12, for generating the product firmware signed;
Third acquisition module 13, for obtaining products C A;
Second sign test module 14, for using a firmware described in products C A sign tests;
Second determination module 15, for judging a firmware for product firmware.
Seen from the above description, module 10, the second signature blocks 11, the second generation module 12 are signed and issued by second and realizes production Signatures of the product CA to product firmware;It is realized and is used by third acquisition module 13, the second sign test module 14 and the second judgment module Products C A sign test firmwares.
Referring to Fig. 7, further, first signature blocks 2 include:
First computing unit 16 obtains the first HASH values for calculating HASH to the exploitation firmware and exploitation certificate;
Encryption unit 17 generates exploitation HASH for the first HASH values to be encrypted using the exploitation private key Verification.
Seen from the above description, the present invention can pass through the first computing module and encrypting module in the first signature blocks 2 Signature operation is carried out to exploitation firmware using exploitation CA, the signature for generating corresponding exploitation CA develops firmware, inherently with production Product firmware distinguishes.
Referring to Fig. 8, further, the first sign test module 7 includes:
Authentication unit 18 verifies the legitimacy of the certificate for developing CA;
Decryption unit 19, for being verified using the HASH in a firmware described in the public key decryptions in the exploitation certificate;
Second computing unit 20, for in a firmware the firmware and the certificate calculate HASH, obtain the Two HASH values;
Comparison unit 21, for comparing the first HASH values and the 2nd HASH values.
Seen from the above description, the present invention can pass through the authentication unit 18 of the first sign test module 7, decryption unit 19, the The firmware that two computing units 20 and comparison unit 21 download terminal is verified, to judge whether rank residing for counterpart terminal Section, it is ensured that the correspondence in stage and firmware residing for terminal.
Fig. 1-4 is please referred to, the embodiment of the present invention one is:
A kind of method dividing terminal development pattern and product pattern is provided, including:
Exploitation CA and products C A is stored in terminal simultaneously;The exploitation CA and products C A can be different third party's tissues Or the different digital certificate verification center that company is developed, it is of course also possible to be same tissue or the different digital of company's exploitation Certificate verification center;
Exploitation CA signs and issues exploitation certificate, and the exploitation certificate includes exploitation private key and exploitation public key;The exploitation private key is made To develop signature card, hold for developer;Developer using exploitation signature card to the exploitation firmware in test phase into Row signature operation;Generate the exploitation firmware signed;
Specifically signature operation includes:
HASH is calculated to the exploitation firmware and exploitation certificate, obtains the first HASH values of exploitation;
The first HASH values of the exploitation are encrypted using the exploitation private key, generate exploitation HASH verifications;
Exploitation certificate comprising exploitation public key and exploitation HASH are verified and be attached to the exploitation firmware in accordance with certain format Tail portion.
Flag bit in terminal inner FLASH is arranged in the development phase by the terminal in the development phase in advance;
The terminal downloads firmware A;The firmware A includes firmware A, certificate and HASH verifications;
Judge to obtain the terminal according to the flag bit in the FLASH of terminal inner and is currently at the development phase;
Obtain the exploitation CA for being stored in terminal;
The legitimacy of certificate described in the firmware A is verified using exploitation CA;
If being verified, verified using HASH described in the public key decryptions in the certificate;
If successful decryption, to the firmware A and certificate calculating HASH in the firmware A, the 2nd HASH is obtained Value;
Compare the first HASH values of the exploitation and the 2nd HASH values;
If identical, sign test passes through, and confirms that the firmware A is exploitation firmware, meets wanting for the terminal in the development phase It asks;Terminal is installed and runs the firmware A;
If differing, the firmware A is deleted, judges that the firmware A not develops firmware, is illegal firmware.
Fig. 1-4 is please referred to, on the basis of embodiment one, the embodiment of the present invention two is:
Products C A signs and issues product certification, and the product certification includes product private key and product public key;The product private key is made For product signature card, hold for product personnel;Product personnel using product signature card to be formal product product firmware Carry out signature operation;Generate the product firmware signed;
Specifically signature operation includes:
HASH is calculated to the product firmware and product certification, obtains the first HASH values of product;
The first HASH values of the product are encrypted using the product private key, generate product HASH verifications;
Product certification comprising product public key and product HASH verifications are attached to the product firmware in accordance with certain format Tail portion.
Flag bit in terminal inner FLASH is arranged in the product stage by the terminal in the product stage in advance;
The terminal downloads firmware B;The firmware B includes firmware B, certificate and HASH verifications;
Judge to obtain the terminal according to the flag bit in the FLASH of terminal inner and is currently at the product stage;
Obtain the products C A for being stored in terminal;
The legitimacy of certificate described in the firmware B is verified using products C A;
If being verified, verified using HASH described in the public key decryptions in the certificate;
If successful decryption, to the firmware B and certificate calculating HASH in the firmware B, the 2nd HASH is obtained Value;
Compare the first HASH values of the product and the 2nd HASH values;
If identical, sign test passes through, and confirms that the firmware B is product firmware, meets wanting for the terminal in the product stage It asks;Terminal is installed and runs the firmware B;
If differing, the firmware B is deleted, judges the firmware B and non-product firmware, is illegal firmware.
Fig. 6-Fig. 8 is please referred to, the embodiment of the present invention three is:
A kind of system dividing terminal development pattern and product pattern, including products C A, exploitation CA and terminal;
The exploitation CA includes:
First signs and issues module 1, signs and issues exploitation certificate for developing CA, includes exploitation private key and exploitation in the exploitation certificate Public key;First signature blocks 2 include the first computing unit 16 and encryption unit 17;First computing unit 16 is used for described It develops firmware and exploitation certificate calculates HASH, obtain the first HASH values;Encryption unit 17 is used for using the exploitation private key to institute It states the first HASH values to be encrypted, generates exploitation HASH verifications;
First signature blocks 2, for being signed to exploitation firmware using exploitation private key;
First generation module 3, for generating the exploitation firmware signed;
The products C A includes:
Second signs and issues module 10, signs and issues product certification for products C A, includes product private key and production in the product certification Product public key;
Second signature blocks 11, for being signed to product firmware using product private key;
Second generation module 12, for generating the product firmware signed;
The terminal includes:
First acquisition module 4 obtains a firmware for terminal;
First judgment module 5, for judging that the terminal is currently located according to the flag bit being stored in advance in internal FLASH In development mode or product pattern;
Second acquisition module 6, for obtaining exploitation CA;
First sign test module 7, for using a firmware described in exploitation CA sign tests;Specifically include authentication unit 18, decryption list First 19, second computing unit 20 and comparison unit 21, the authentication unit 18 is for developing the legitimacy that CA verifies the certificate; The decryption unit 19 is used to verify using the HASH in a firmware described in the public key decryptions in the exploitation certificate;Second calculates Unit 20 is used to, to the firmware and certificate calculating HASH in a firmware, obtain the 2nd HASH values;Comparison unit 21 for comparing the first HASH values and the 2nd HASH values;
First determination module 8, for judging that a firmware is the exploitation firmware;
Third acquisition module 13, for obtaining products C A;
Second sign test module 14, for using a firmware described in products C A sign tests;
Second determination module 15, for judging a firmware for product firmware.
Module 9 is installed, for installing and running a firmware.
In conclusion a kind of method and system dividing terminal development pattern and product pattern provided by the invention, difference It is distinguished in the version that cannot achieve the downloaded firmware of terminal of the prior art, beta version may be caused to flow out, it is hidden to there is safety The problem of suffering from;The present invention is signed by the firmware of corresponding different phase using different CA and Certification system;According to terminal The corresponding CA of pattern acquiring being presently in verifies the firmware downloaded, and being only verified just allows to install, and realizes The isolation of product permission and exploitation permission, it is ensured that the firmware of beta version can not be updated in Product Terminal;Meanwhile further including pair Downloaded firmware carries out legitimacy sign test process, meets legitimacy, safety and the integrity demands of terminal firmware.
Example the above is only the implementation of the present invention is not intended to limit the scope of the invention, every to utilize this hair Equivalents made by bright specification and accompanying drawing content are applied directly or indirectly in relevant technical field, include similarly In the scope of patent protection of the present invention.

Claims (7)

1. a kind of method dividing terminal development pattern and product pattern, which is characterized in that including:
Exploitation CA signs and issues exploitation certificate, includes exploitation private key and exploitation public key in the exploitation certificate;
It is signed to exploitation firmware using exploitation private key;Generate the exploitation firmware signed;
Terminal obtains a firmware;Judge that the terminal is currently at exploitation according to the flag bit being stored in advance in internal FLASH Pattern or product pattern;
If development mode, then exploitation CA is obtained;Use a firmware described in exploitation CA sign tests;If sign test passes through, described in judgement One firmware is the exploitation firmware;It installs and runs a firmware;
Further comprise:
Products C A signs and issues product certification, includes product private key and product public key in the product certification;
It is signed to product firmware using product private key;Generate the product firmware signed;
If judging, the terminal is currently at product pattern, obtains products C A;Use a firmware described in products C A sign tests;If testing Label pass through, then judge a firmware for product firmware;It installs and runs a firmware.
2. a kind of method dividing terminal development pattern and product pattern as described in claim 1, which is characterized in that if sign test Do not pass through, then deletes a firmware.
3. a kind of method dividing terminal development pattern and product pattern as described in claim 1, which is characterized in that described to make It is signed specially to exploitation firmware with exploitation private key:
HASH is calculated to the exploitation firmware and exploitation certificate, obtains the first HASH values;
The first HASH values are encrypted using the exploitation private key, generate exploitation HASH verifications.
4. a kind of method dividing terminal development pattern and product pattern as claimed in claim 3, which is characterized in that described one Firmware includes firmware, certificate and HASH verifications;
It is described to be specially using a firmware described in exploitation CA sign tests:
Exploitation CA verifies the legitimacy of the certificate;
If by verification, verified using HASH described in the public key decryptions in the certificate;
If successful decryption, to the firmware and certificate calculating HASH in a firmware, the 2nd HASH values are obtained;
Compare the first HASH values and the 2nd HASH values;If identical, sign test passes through.
5. a kind of system dividing terminal development pattern and product pattern, which is characterized in that including:
First signs and issues module, signs and issues exploitation certificate for developing CA, includes exploitation private key and exploitation public key in the exploitation certificate;
First signature blocks, for being signed to exploitation firmware using exploitation private key;
First generation module, for generating the exploitation firmware signed;
First acquisition module obtains a firmware for terminal;
First judgment module, for judging that the terminal is currently at out according to the flag bit being stored in advance in internal FLASH Hair pattern or product pattern;
Second acquisition module, for obtaining exploitation CA;
First sign test module, for using a firmware described in exploitation CA sign tests;
First determination module, for judging that a firmware is the exploitation firmware;
Module is installed, for installing and running a firmware;
Further comprise:
Second signs and issues module, signs and issues product certification for products C A, includes product private key and product public key in the product certification;
Second signature blocks, for being signed to product firmware using product private key;
Second generation module, for generating the product firmware signed;
Third acquisition module, for obtaining products C A;
Second sign test module, for using a firmware described in products C A sign tests;
Second determination module, for judging a firmware for product firmware.
6. a kind of system dividing terminal development pattern and product pattern as claimed in claim 5, which is characterized in that described the One signature blocks include:
First computing unit obtains the first HASH values for calculating HASH to the exploitation firmware and exploitation certificate;
Encryption unit generates exploitation HASH verifications for the first HASH values to be encrypted using the exploitation private key.
7. a kind of system dividing terminal development pattern and product pattern as claimed in claim 6, which is characterized in that described the One sign test module includes:
Authentication unit verifies the legitimacy of the certificate for developing CA;
Decryption unit, for being verified using the HASH in a firmware described in the public key decryptions in the exploitation certificate;
Second computing unit, for the firmware and certificate calculating HASH in a firmware, obtaining the 2nd HASH Value;
Comparison unit, for comparing the first HASH values and the 2nd HASH values.
CN201510417556.5A 2015-07-16 2015-07-16 A kind of method and system dividing terminal development pattern and product pattern Active CN105068824B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201510417556.5A CN105068824B (en) 2015-07-16 2015-07-16 A kind of method and system dividing terminal development pattern and product pattern
PCT/CN2016/089762 WO2017008728A1 (en) 2015-07-16 2016-07-12 Method and system for classifying development mode and product mode for terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510417556.5A CN105068824B (en) 2015-07-16 2015-07-16 A kind of method and system dividing terminal development pattern and product pattern

Publications (2)

Publication Number Publication Date
CN105068824A CN105068824A (en) 2015-11-18
CN105068824B true CN105068824B (en) 2018-08-28

Family

ID=54498204

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510417556.5A Active CN105068824B (en) 2015-07-16 2015-07-16 A kind of method and system dividing terminal development pattern and product pattern

Country Status (2)

Country Link
CN (1) CN105068824B (en)
WO (1) WO2017008728A1 (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105068824B (en) * 2015-07-16 2018-08-28 福建联迪商用设备有限公司 A kind of method and system dividing terminal development pattern and product pattern
CN106506163B (en) * 2016-10-21 2019-11-15 北京小米移动软件有限公司 ROM packet processing method and device
CN107092831A (en) * 2017-04-13 2017-08-25 昆山百敖电子科技有限公司 Firmware based on firmware layer updates anti-virus method and device
JP2019114028A (en) * 2017-12-22 2019-07-11 株式会社東芝 Application development environment program and device
DE102020003072B3 (en) * 2020-05-22 2021-07-15 Daimler Ag Procedure for the secure use of cryptographic material
CN111628873A (en) * 2020-07-28 2020-09-04 四川省数字证书认证管理中心有限公司 Method for storing digital certificate solidified data telegraph text

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101145906A (en) * 2006-09-13 2008-03-19 北京邦天科技有限公司 Method and system for authenticating legality of receiving terminal in unidirectional network
CN102594568A (en) * 2012-03-23 2012-07-18 南京小网科技有限责任公司 Method for ensuring safety of mobile equipment software mirror image based on multilevel digital certificate
CN102981881A (en) * 2012-12-10 2013-03-20 中兴通讯股份有限公司 Method and system for preventing mobile terminal from being updated to illegal firmware version
CN103944903A (en) * 2014-04-23 2014-07-23 福建联迪商用设备有限公司 Multi-party authorized APK signature method and system

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8204968B2 (en) * 2008-12-03 2012-06-19 At&T Mobility Ii Llc Registration notification for mobile device management
CN102693139B (en) * 2011-03-25 2015-09-30 比亚迪股份有限公司 A kind of method and system of radio upgrade cell phone software
CN103257872B (en) * 2013-04-15 2016-11-23 中国信息安全测评中心 The embedded control system of a kind of computer and update method thereof
CN105068824B (en) * 2015-07-16 2018-08-28 福建联迪商用设备有限公司 A kind of method and system dividing terminal development pattern and product pattern

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101145906A (en) * 2006-09-13 2008-03-19 北京邦天科技有限公司 Method and system for authenticating legality of receiving terminal in unidirectional network
CN102594568A (en) * 2012-03-23 2012-07-18 南京小网科技有限责任公司 Method for ensuring safety of mobile equipment software mirror image based on multilevel digital certificate
CN102981881A (en) * 2012-12-10 2013-03-20 中兴通讯股份有限公司 Method and system for preventing mobile terminal from being updated to illegal firmware version
CN103944903A (en) * 2014-04-23 2014-07-23 福建联迪商用设备有限公司 Multi-party authorized APK signature method and system

Also Published As

Publication number Publication date
CN105068824A (en) 2015-11-18
WO2017008728A1 (en) 2017-01-19

Similar Documents

Publication Publication Date Title
CN105068824B (en) A kind of method and system dividing terminal development pattern and product pattern
EP2659373B1 (en) System and method for secure software update
EP3642751B1 (en) Mutual authentication with integrity attestation
US8881308B2 (en) Method to enable development mode of a secure electronic control unit
US20140075517A1 (en) Authorization scheme to enable special privilege mode in a secure electronic control unit
US10726130B2 (en) Method and device for verifying upgrade of diagnosis connector of diagnostic equipment, and diagnosis connector
CN101194229B (en) Updating of data instructions
US8856538B2 (en) Secured flash programming of secondary processor
EP3528071B1 (en) Instruction verification method and device for diagnosis apparatus, and lower computer
CN101256607B (en) Method for remote updating and controlling use of software protection apparatus
CN107466455B (en) POS machine security verification method and device
CN109190362B (en) Secure communication method and related equipment
EP3343424B1 (en) Control board secure start method, and software package upgrade method and device
CN104932902A (en) Method for generating APK file and terminal
WO2013185724A2 (en) Mobile terminal and software upgrade method thereof
CN108259479B (en) Business data processing method, client and computer readable storage medium
CN109194625A (en) A kind of client application guard method, device and storage medium based on cloud server
CN111162911B (en) PLC firmware upgrading system and method
CN111382397A (en) Configuration method of upgrade software package, software upgrade method, equipment and storage device
CN105208046B (en) Intelligent POS machine dual safety authentication method and device
CN112861137A (en) Secure firmware
CN104361290B (en) A kind of program encryption downloader and its method of work
Weimerskirch Secure Software Flashing
CN105279425A (en) Application processing method and application processing device
CN112929871A (en) OTA upgrade package acquisition method, electronic device and storage medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant