Summary of the invention
It is an object of the invention to as overcoming the deficiencies in the prior art, it is provided that a kind of low cost, security performance are high, can be to BOOT
The method that startup code and APP application code are mutually authenticated, and use the device of the method.
For reaching above technical purpose, the technical solution used in the present invention is as follows:
A kind of method of embedded device clean boot:
S1: electrically activate and store the embedded device being booted up module and application module;
S2: be booted up module described in operation and the digital signature of described application module is verified;It is verified,
Perform S3, otherwise, perform S4;
S3: load and run described application module, verifies the described digital signature being booted up module;Checking
Pass through, continue to run with described application module properly functioning to order about described embedded device, otherwise, perform S4;
S4: order about described embedded device out of service.
Specifically, be booted up described in the digital signature of module derive from the legal code segment being booted up module and
PKI is obtained after carrying out computing and being encrypted by private key.The digital signature of described application module derives from legal application mould
The code segment of block, data segment and the described digital signature being booted up module are obtained after carrying out computing and being encrypted by private key.
Preferably, the digital signature of the digital signature or described application module that are booted up module described in utilizes HASH function
After computing, encryption obtains.
Further, in S2, described in be booted up module application modules digital signature proof procedure particularly as follows:
S21: code segment, data segment and the described digital signature being booted up module of current application module is carried out computing
Obtain the first operation values;
S22: the digital signature of described application module is decrypted and obtains the first decrypted value;
S23: described first operation values and the first decrypted value are compared, comparison success, perform described S3, otherwise, hold
The described S4 of row.
Further, in S3, described application module to be booted up module digital signature proof procedure particularly as follows:
S31: transport being currently booted up the code segment of module, PKI and the described digital signature being booted up module
Calculation obtains the second operation values;
S32: the described digital signature being booted up module is decrypted and obtains the second decrypted value;
S33: described second operation values and the second decrypted value are compared, contrast successfully, described current application module continues
Reforwarding row is properly functioning to order about described embedded device, otherwise, performs described S4.
Preferably, described first operation values or the second operation values utilize HASH functional operation to obtain.
A kind of device of embedded device clean boot, comprising:
Electric switch unit, is used for electrically activating described embedded device and controlling described embedded device according to the result
Continue to run with or out of service;
Memory element, is booted up module and application module for storage;
First authentication unit, is booted up module and the number to described application module described in running after electrically activating
Word signature is verified;It is verified, runs following second authentication unit, otherwise, order about described electric switch unit out of service
Described embedded device;
Second authentication unit, is used for loading and run described application module, to the described numeral label being booted up module
Name is verified;It is verified, continues to run with described application module properly functioning to order about described embedded device, otherwise, drive
Make described electric switch unit described embedded device out of service.
Specifically, also include digital signature generation module, for by the legal code segment being booted up module and
PKI is booted up the digital signature of module described in generating after carrying out computing and being encrypted by private key, and/or by legal
The code segment of application module, data segment and the described digital signature being booted up module carry out computing and encrypted by private key
The digital signature of the described application module of rear generation.
Preferably, encrypt after described digital signature generation module utilizes HASH functional operation and be booted up module described in obtaining
Digital signature and/or the digital signature of described application module.
Further, described first authentication unit includes:
First computing module, for code segment, data segment and the described number being booted up module to current application module
Word signature carries out computing and obtains the first operation values;
First deciphering module, obtains the first decrypted value for being decrypted the digital signature of described application module;
First comparing module, for described first operation values and the first decrypted value are compared, comparison success, runs institute
State the second authentication unit, otherwise, order about described electric switch unit described embedded device out of service.
Further, described second authentication unit includes:
Second computing module, for being currently booted up the code segment of module, PKI and the described module that is booted up
Digital signature carries out computing and obtains the second operation values;
Second deciphering module, obtains the second decrypted value for being decrypted the described digital signature being booted up module;
Second comparing module, for described second operation values and the second decrypted value being compared, contrast successfully, described ought
It is properly functioning that front application module continues to run with to order about described embedded device, otherwise, orders about described electric switch unit and stops fortune
The described embedded device of row.
Preferably, described first computing module utilizes HASH functional operation to obtain the first operation values, or described second computing
Module utilizes HASH functional operation to obtain the second operation values.
Compared with prior art, the present invention has the advantage that
(1) method and apparatus of the embedded device clean boot of the present invention, uses digital signature identification system, has relatively
High security, it is difficult to cracked by the unauthorized user that there is no private key;
(2) method and apparatus of the embedded device clean boot of the present invention, uses and is booted up module and application module
Bi-directional authentication, has higher clean boot.
(3) method and apparatus of the embedded device clean boot of the present invention, it is based on software computing, it is not necessary to corresponding
Hardware supported, more flexible in application, use cost is lower.
Detailed description of the invention
In order to make the object, technical solutions and advantages of the present invention clearer, below in conjunction with accompanying drawing the present invention made into
One step ground describes in detail, it is clear that described embodiment is only a part of embodiment of the present invention rather than whole enforcement
Example.Based on the embodiment in the present invention, those of ordinary skill in the art are obtained under not making creative work premise
All other embodiments, broadly fall into the scope of protection of the invention.
Below in conjunction with the drawings and specific embodiments, the present invention is described in further detail.
With reference to Fig. 1, the method for the embedded device clean boot of the present invention comprises the following steps:
S1, electrically activate embedded device;
Embedded device is mainly made up of flush bonding processor, associated support hardware and embedded software, and it collects software and hardware
In one, and can work independently.Embedded device has the features such as facility is flexible, the ratio of performance to price is high, embeddability is strong, permissible
It is embedded in existing any information household appliances and industrial control system;Embedded software therein has not alterability, system institute
Need that configuration requirement is relatively low, system is professional and the feature such as real-time is stronger.
Described embedded software generally include the module relevant to hardware configuration and with implement this embedded device merit
The module that can be correlated with, the described module relevant to function is usually application module (or referred to as application software, application code, APP).
In prior art, first described embedded device can run one in startup before properly functioning be booted up module, is used for
Initialize the setting of some hardware or software, in order to subsequent load also runs described application module.
For ensure described embedded device start safety, the present invention by described be mutually related be booted up module and
Application module at this embedded device after electrically activating, properly functioning before carry out security verification.Described electrically activating refers to
The hardware of this embedded device starts in the case of connecting with external power source.
With reference to Fig. 2, described in be booted up modules A by BOOT code segment A1, BOOT data segment A2, BOOTBSS section A3, PKI
(public key) A4 and BOOT digital signature (boot-sign) A5 forms.It is right that wherein said BOOT digital signature A5 derives from
The legal code segment being booted up module and PKI are obtained after carrying out HASH computing and being encrypted by private key.
Described application module B is by APP code segment B1, APP data segment B2, APP BSS section B3 and APP digital signature (app-
Sign) B4 composition.Wherein said APP digital signature B4 derives from the code segment to legal application module, data segment and described
BOOT digital signature A5 is obtained after carrying out HASH computing and being encrypted by private key.
It is booted up modules A described in S2, operation and the digital signature of current application module B is verified;
Digital signature technology is to be encrypted with the private key of sender by the summary info specified, and sends reception together with original text to
Person.Recipient only could decipher encrypted summary info with the private key of sender, then former to receive with HASH function
Literary composition produces a summary info, with the summary info contrast of deciphering.If identical, then illustrate that the information received is complete,
Not being modified in transmitting procedure, otherwise descriptive information is modified, and therefore digital signature is able to verify that the integrity of information.
Referring to figs. 2 and 3, specifically, described in be booted up modules A testing the digital signature of current application module B
Card process particularly as follows:
S21: APP code segment B1, APP data segment B2 and BOOT digital signature A5 to current application module B carry out HASH
Computing obtains the first operation values O1;
S22: described APP digital signature B4 is decrypted by described private key and obtains the first decrypted value D1;
S23: described first operation values O1 and the first decrypted value D1 are compared;
Contrast described here, is simply interpreted as that the first operation values O1 described in comparison and the first decrypted value D1 are the most consistent,
It can be appreciated that whether the ratio between described first operation values O1 and the first decrypted value D1 is default value.
If described first operation values O1 and the first decrypted value D1 comparison success, illustrate that current application module B is legal,
The content of this application module B is not illegally distorted, or this application module B is by the mandate operation of this embedded device,
Therefore following S3 is continued executing with;Otherwise, following S4 is performed.
S3, load and run described application module B, the current digital signature being booted up modules A is verified;
After described application module B is by the checking of above-mentioned steps, described in be booted up modules A just to application mould this described
Block B loads so that this application module B can run in this embedded device.
With reference to Fig. 2 and Fig. 4, further, it is booted up modules A described in and also needs to the numeral to current application module B
The carrying out of signature is verified, detailed process is:
S31: BOOT code segment A1, PKI A4 and BOOT digital signature A5 being currently booted up modules A is carried out HASH
Computing obtains the second operation values O2;
S32: described BOOT digital signature A5 is decrypted by described private key and obtains the second decrypted value D2;
S33: described second operation values O2 and the second decrypted value D2 are compared;
The implication that literary composition is caught up with in comparison described here is identical.If described second operation values O2 and the second decrypted value D2 comparison become
Merit, illustrates that the current modules A that is booted up is legal, and this content being booted up modules A is not illegally distorted, or should
Being booted up modules A to be run by this embedded device mandate, the most described current application module B will continue to run with to order about
Described embedded device is properly functioning;Otherwise, following S4 is performed.
S4: order about described embedded device out of service.
As it has been described above, no matter be booted up, described, the mistake that the digital signature of described application module B is verified by modules A
Cheng Zhong, or described in be booted up during the digital signature of described application module B verified by modules A, as long as wherein
The comparison of one-time authentication process is unsuccessful, and this embedded device is all by out of service, to ensure the safety of this embedded device.
Selectively, this embedded device is being set in default condition after the failure of previous round safety verification further
Under rerun described in be booted up modules A, then carry out the safety verification process of a new round, in order to get rid of last round of safety verification
In contingent mistake.Described default condition can be re-energised and electrically activate after, can be in "on" position
Under after the predetermined time out of service, or other technologies means that those skilled in the art commonly use.
Further, the step corresponding to method of above-mentioned embedded device clean boot can by corresponding functional unit by
One realizes, and the device of multiple described functional unit composition embedded device clean boot, and described functional unit can be integrated
In a processing module, it is also possible to be that each is individually physically present, it is also possible to be two or more functional units
It is integrated in one or more processing module.The device of described embedded device clean boot preferably employs software form and realizes,
But when it uses example, in hardware to realize also without departing substantially from the design principle of the present invention.Dress when described embedded device clean boot
When putting realization in a software form and sell as independent product or use, it is also possible to be stored in a computer-readable
In the storage medium taken.
With reference to Fig. 1 and Fig. 5, as a example by the device of the embedded device clean boot of described software form, this is embedded sets
The device of standby clean boot includes:
Electric switch unit 1, is used for electrically activating described embedded device and controls described embedded set according to the result
For continuing to run with or out of service.
Memory element 4, be used for storing described in be booted up modules A and application module B;According to embedded device and software thereof
Feature, described memory element 4 generally using flash memory as its hardware supported, with persistently store described embedded software and other
Information, when this embedded device will not wipe content therein when rebooting startup.
First authentication unit 2, is booted up modules A and to described application module B described in running after electrically activating
Digital signature verify;It is verified, runs following second authentication unit 3, otherwise, order about described electric switch unit 1 and stop
Only run described embedded device.
Specifically, described first authentication unit 2 includes: the first computing module 21, for reading from described memory element 4
The described information being booted up modules A and application module B, and APP code segment B1, APP data segment to current application module B
B2 and described BOOT digital signature A5 carry out HASH computing and obtain described first operation values O1;First deciphering module 22, for from
Described memory element 4 reads described APP digital signature B4, and this APP digital signature B4 is solved by described private key
Close obtain described first decrypted value D1;First comparing module 23, for entering described first operation values O1 and the first decrypted value D1
Row comparison, comparison success, runs described second authentication unit 3, otherwise, orders about described electric switch unit 1 out of service described embedding
Enter formula equipment.
Second authentication unit 3, is used for loading and run described application module B, to the described numeral being booted up modules A
Signature is verified;It is verified, continues to run with described application module B properly functioning to order about described embedded device, otherwise,
Order about described electric switch unit 1 described embedded device out of service.
Specifically, described second authentication unit 3 includes: the second computing module 31, for reading from described memory element 4
The described information being booted up modules A and application module B, and to being currently booted up the BOOT code segment A1 of modules A, PKI
Carry out HASH computing with described BOOT digital signature A5 and obtain described second operation values O2;Second deciphering module 32, for from institute
State and memory element 4 reads described BOOT digital signature A5, and this BOOT digital signature A5 is decrypted by private key
To the second decrypted value D2;Second comparing module 33 is for described second operation values D2 and the second decrypted value O2 being compared, right
Comparing successfully, it is properly functioning that described current application module B continues to run with to order about described embedded device, otherwise, orders about described electricity
Switch element 1 described embedded device out of service.
Preferably, the device of this embedded device clean boot can also include digital signature generation module, is used for generating
The described digital signature being booted up module, and/or generate the digital signature of described application module.Those skilled in the art pass through
Routine techniques means are booted up the digital signature of module and the digital signature of described application module by public affairs described in being obtained
Know mode to import in this embedded device safety starting device to use the essence also without departing substantially from the present invention.
In sum, the method and apparatus of embedded device clean boot of the present invention is installed and use cost is low, safety
Can be high, it is more suitable for extensively applying.
Above-described embodiment is the present invention preferably embodiment, but is not merely restricted to the described embodiments, other
The change made under any spirit without departing from the present invention and principle, modify, substitute, combine, simplify, all should be equivalence
Substitute mode, within being all contained in protection scope of the present invention.
The present invention is with reference to method, equipment (system) and the flow process of computer program according to embodiments of the present invention
Figure and/or block diagram describe.It should be understood that can the most first-class by computer program instructions flowchart and/or block diagram
Flow process in journey and/or square frame and flow chart and/or block diagram and/or the combination of square frame.These computer programs can be provided
Instruction arrives the processor of general purpose computer, special-purpose computer, Embedded Processor or other programmable data processing device to produce
A raw machine so that the instruction performed by the processor of computer or other programmable data processing device is produced for real
The device of the function specified in one flow process of flow chart or multiple flow process and/or one square frame of block diagram or multiple square frame now.
These computer program instructions may be alternatively stored in and computer or other programmable data processing device can be guided with spy
Determine in the computer-readable memory that mode works so that the instruction being stored in this computer-readable memory produces and includes referring to
Make the manufacture of device, this command device realize at one flow process of flow chart or multiple flow process and/or one square frame of block diagram or
The function specified in multiple square frames.
These computer program instructions also can be loaded in computer or other programmable data processing device so that at meter
Perform sequence of operations step on calculation machine or other programmable devices to produce computer implemented process, thus at computer or
The instruction performed on other programmable devices provides for realizing at one flow process of flow chart or multiple flow process and/or block diagram one
The step of the function specified in individual square frame or multiple square frame.
Although preferred embodiments of the present invention have been described, but those skilled in the art once know basic creation
Property concept, then can make other change and amendment to these embodiments.So, claims are intended to be construed to include excellent
Select embodiment and fall into all changes and the amendment of the scope of the invention.
Obviously, those skilled in the art can carry out various change and the modification essence without deviating from the present invention to the present invention
God and scope.So, if these amendments of the present invention and modification belong to the scope of the claims in the present invention and equivalent technologies thereof
Within, then the present invention is also intended to comprise these change and modification.