CN107105045A - A kind of convenient packaging process of Wired Security terminal firmware and system - Google Patents

A kind of convenient packaging process of Wired Security terminal firmware and system Download PDF

Info

Publication number
CN107105045A
CN107105045A CN201710313308.5A CN201710313308A CN107105045A CN 107105045 A CN107105045 A CN 107105045A CN 201710313308 A CN201710313308 A CN 201710313308A CN 107105045 A CN107105045 A CN 107105045A
Authority
CN
China
Prior art keywords
filling
security terminal
platform
firmware
terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710313308.5A
Other languages
Chinese (zh)
Other versions
CN107105045B (en
Inventor
胡灿峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hengonda Technology Co Ltd
Original Assignee
Hengonda Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hengonda Technology Co Ltd filed Critical Hengonda Technology Co Ltd
Priority to CN201710313308.5A priority Critical patent/CN107105045B/en
Publication of CN107105045A publication Critical patent/CN107105045A/en
Application granted granted Critical
Publication of CN107105045B publication Critical patent/CN107105045B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/02Standardisation; Integration
    • H04L41/0246Exchanging or transporting network management information using the Internet; Embedding network management web servers in network elements; Web-services-based protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0806Configuration setting for initial configuration or provisioning, e.g. plug-and-play
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/108Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The present invention provides a kind of convenient packaging process of Wired Security terminal firmware, and obtaining needs the security terminal production list of sequence numbers or inventory of filling firmware, and imported into document management server, and sets corresponding filling configuration information;Security terminal is connected to filling platform by the local interface of front server, downloads identification authentication certification core mechanism code;Security terminal runs identification authentication certification core mechanism code, carries out authentication with filling platform afterwards, and firmware file is downloaded after being verified;After firmware file download is finished, security terminal verifies the integrality of filling file, carries out filling and replys filling result;The present invention also provides a kind of convenient bulking system of Wired Security terminal firmware;Improve firmware filling efficiency, security and convenience.

Description

A kind of convenient packaging process of Wired Security terminal firmware and system
Technical field
The present invention relates to a kind of convenient packaging process of Wired Security terminal firmware and system.
Background technology
With the large-scale development of intelligent safety equipment, the same ardware model number applied towards multi-service channel it is embedded Intelligent safety terminal is (such as:Intelligent POS terminal), generally require for the application of different business channel (such as:China Merchants Bank, Unionpay business Business, fast money such as pay at the different application scene of customized firmware) there is provided different embedded firmwares to meet customer need;Meanwhile, Used to make end user's acquirement terminal device to open, customized firmware generally requires to complete in production link.
To ensure each customized firmware filling correctness in process of production, majority enterprises are in volume manufacturing process at present In, mainly using the higher production management method of artificial degree of participation.Such as:In intelligent POS terminal production process, pipe is relied on Manage flow, it is artificial or pass through production information management system and transmit the information such as software firmware file, filling configuration list, use The filling mode of one platform carries out firmware download.Although this mode has been employed for many years in most enterprises, in each management and control ring Section can clearly arrive person liable, and have the abnormal security mechanism of maturation, but the interface of security terminal connection is less, therefore overall Filling efficiency is very low, and production cost is very high.
The content of the invention
The technical problem to be solved in the present invention, is to provide a kind of convenient packaging process of Wired Security terminal firmware and is System, improves firmware filling efficiency, security and convenience.
What one of present invention was realized in:A kind of convenient packaging process of Wired Security terminal firmware, for security terminal Firmware it is filling, an including filling platform, an in addition at least front server, the front server is provided with local interface, The front server, to the filling platform, specifically includes following steps by network connection:
Step 1, the security terminal production list of sequence numbers or inventory for obtaining the filling firmware of needs, and it imported into file pipe Manage in server, and set corresponding filling configuration information;
Step 2, security terminal are connected to filling platform by the local interface of front server, download identification authentication certification Core mechanism code;
Step 3, security terminal operation identification authentication certification core mechanism code, carry out identity with filling platform afterwards and test Card, firmware file is downloaded after being verified;
After step 4, firmware file download are finished, security terminal verifies the integrality of filling file, carries out filling and replys Filling result.
Further, the step 1 is specially further:Obtaining needs the security terminal production sequence number column of filling firmware Table or inventory, and imported into document management server, and set corresponding filling configuration information;The filling platform Provided with an encryption chip, filling platform generates the whole group key needed for every security terminal in pouring process, and places to encryption Chip.
Further, the key is all encrypted.
Further, a step 11, security terminal are additionally provided between the step 1 and step 2 and is sent to filling platform and is connected Connect request;Filling platform sets accurately RTC time, and security terminal is when scheduling and planning is completed, the synchronous RTC configured before being easy to act as Time, using current RTC time as random key, transmission is encrypted in terminal hardware Serial No. fixed key;Filling platform Receive after encryption data, be decrypted according to algorithm, calculate security terminal transmission RTC time, and with current platform RTC time is compared, if in during difference limiting time, then it is assumed that current filling request is legal effectively, into step 2; Otherwise security terminal is not allowed to be connected to filling platform by the local interface of front server.
Further, carrying out authentication with filling platform in the step 3 is specially further:Security terminal is sent out first When playing request, filling platform carries out the authentication of security terminal;If authentication failed, filling platform no longer responds the safety eventually The access request at end;
Meanwhile, when security terminal initiates to ask first, random data string is generated, and filling platform is uploaded to, by filling flat The random train is encrypted platform according to the AES of restriction, and returns back to security terminal;Security terminal is received and asked back When multiple, verify whether the encryption data matches, illegal platform thought if mismatching, do not receive the platform subsequent control and Transmission requirement.
Further, in addition to the filling success quantity of step 5, filling platform statistics, and form is generated.
What the two of the present invention were realized in:A kind of convenient bulking system of Wired Security terminal firmware, for security terminal Firmware it is filling, an including filling platform, an in addition at least front server, the front server is provided with local interface, The front server, to the filling platform, specifically includes following module by network connection:
Preparation module, obtaining needs the security terminal production list of sequence numbers or inventory of filling firmware, and imported into text In part management server, and set corresponding filling configuration information;
Code module is downloaded, security terminal is connected to filling platform by the local interface of front server, downloads identity Authentication core mechanism code;
Firmware module is downloaded, security terminal operation identification authentication certification core mechanism code is carried out with filling platform afterwards Authentication, firmware file is downloaded after being verified;
Filling module, after firmware file download is finished, security terminal verifies the integrality of filling file, carries out filling and returns Multiple filling result.
Further, the preparation module is specially further:Obtaining needs the security terminal production sequence of filling firmware Number list or inventory, and imported into document management server, and set corresponding filling configuration information;It is described filling Platform is provided with the whole group key needed for every security terminal in an encryption chip, filling platform generation pouring process, and places extremely Encryption chip.
Further, the key is all encrypted.
Further, an authentication module, security terminal are additionally provided with to filling between the preparation module and download code module Assembling platform sends connection request;Filling platform sets accurately RTC time, and security terminal is synchronously matched somebody with somebody when scheduling and planning is completed The RTC time before being easy to act as is put, using current RTC time as random key, terminal hardware Serial No. fixed key is encrypted Transmission;Filling platform is received after encryption data, is decrypted according to algorithm, calculates the RTC time of security terminal transmission, and It is compared with the RTC time of current platform, if in during difference limiting time, then it is assumed that current filling request is legal to be had Effect, into download code module;Otherwise security terminal is not allowed to be connected to filling platform by the local interface of front server.
Further, carrying out authentication with filling platform in the firmware download module is specially further:Safety is eventually When request is initiated in end first, filling platform carries out the authentication of security terminal;If authentication failed, filling platform is no longer responded The access request of the security terminal;
Meanwhile, when security terminal initiates to ask first, random data string is generated, and filling platform is uploaded to, by filling flat The random train is encrypted platform according to the AES of restriction, and returns back to security terminal;Security terminal is received and asked back When multiple, verify whether the encryption data matches, illegal platform thought if mismatching, do not receive the platform subsequent control and Transmission requirement.
Further, in addition to Reports module, the filling filling success quantity of platform statistics, and generate form.
The invention has the advantages that:
1st, a kind of convenient packaging process of Wired Security terminal firmware of the invention and system, the telecommunication network based on IPV4 are passed The firmware bulking system of defeated mode, and using the WEB management platforms of good man-machine interaction experience, can largely realize production Automation, reduces the cost of labor of volume manufacturing process;The firmware file of 2Mbytes sizes, by originally average filling man-hour 3-5 Minute/platform, drops to 1~2 minute/platform, and man-haur efficiency improves more than 50%;
2nd, security terminal and filling platform use the identity validation technology of two-way authentication, can effectively prevent illegal platform, The invasion of illegal terminal, prevents security terminal equipment by the filling illegal firmware of malice;
3rd, security terminal is interacted with the important traffic of filling platform using specialized hardware server, isolates core security letter Breath, reduces the personal security security requirements of non-core safe R&D team, is more beneficial for the management of R&D team;
4th, security terminal and filling platform change tradition and relied on based on temporal information as the synchronous basic random number of both sides In the low-security applications situation of fixed key synchronization mechanism, the level of security of system is further improved.
Brief description of the drawings
The present invention is further illustrated in conjunction with the embodiments with reference to the accompanying drawings.
Fig. 1 is a kind of flow chart of the convenient packaging process of Wired Security terminal firmware of the invention.
Fig. 2 is a kind of theory diagram of the convenient bulking system of Wired Security terminal firmware of the invention.
Fig. 3 is a kind of embodiment schematic diagram of the invention.
Embodiment
As shown in figure 1, the convenient packaging process of wireless security terminal firmware of the present invention, the firmware for security terminal is filling, Including a filling platform and an at least front server, the front server is provided with local interface, the front server By network connection to the filling platform, following steps are specifically included:
Step 1, the security terminal production list of sequence numbers or inventory for obtaining the filling firmware of needs, and it imported into file pipe Manage in server, and set corresponding filling configuration information;The filling platform is provided with an encryption chip, filling platform life Whole group key into pouring process needed for every security terminal, and place to encryption chip, the key is all encrypted Processing;
Step 11, security terminal send connection request to filling platform;Filling platform sets accurately RTC time, safety Terminal is when scheduling and planning is completed, the synchronous RTC time configured before being easy to act as, and using current RTC time as random key, terminal is hard Part Serial No. fixed key, is encrypted transmission;Filling platform is received after encryption data, is decrypted according to algorithm, meter The RTC time of security terminal transmission is calculated, and is compared with the RTC time of current platform, if during difference limiting time It is interior, then it is assumed that current filling request is legal effectively, into step 2;Otherwise sheet of the security terminal by front server is not allowed Ground interface is connected to filling platform;
Step 2, security terminal are connected to filling platform by the local interface of front server, download identification authentication certification Core mechanism code;
Step 3, security terminal operation identification authentication certification core mechanism code, carry out identity with filling platform afterwards and test Card, firmware file is downloaded after being verified;
It is described to be specially further with the progress authentication of filling platform:It is filling flat when security terminal initiates request first Platform carries out the authentication of security terminal;If authentication failed, filling platform no longer responds the access request of the security terminal;
Meanwhile, when security terminal initiates to ask first, random data string is generated, and filling platform is uploaded to, by filling flat The random train is encrypted platform according to the AES of restriction, and returns back to security terminal;Security terminal is received and asked back When multiple, verify whether the encryption data matches, illegal platform thought if mismatching, do not receive the platform subsequent control and Transmission requirement;
After step 4, firmware file download are finished, security terminal verifies the integrality of filling file, carries out filling and replys Filling result;
The filling success quantity of step 5, filling platform statistics, and generate form.
As shown in Fig. 2 the convenient bulking system of wireless security terminal firmware of the present invention, the firmware for security terminal is filling, Including a filling platform and an at least front server, the front server is provided with local interface, the front server By network connection to the filling platform, following module is specifically included:
Preparation module, obtaining needs the security terminal production list of sequence numbers or inventory of filling firmware, and imported into text In part management server, and set corresponding filling configuration information;The filling platform is provided with an encryption chip, filling flat Whole group key in platform generation pouring process needed for every security terminal, and place to encryption chip, the key is all carried out Encryption;
Authentication module, security terminal send connection request to filling platform;Filling platform sets accurately RTC time, peace Full terminal is when scheduling and planning is completed, and the synchronous RTC time configured before being easy to act as regard current RTC time as random key, terminal Hardware sequence number is fixed key, and transmission is encrypted;Filling platform is received after encryption data, is decrypted according to algorithm, The RTC time of security terminal transmission is calculated, and is compared with the RTC time of current platform, if the difference limiting time phase In, then it is assumed that current filling request is legal effectively, into download code module;Otherwise security terminal is not allowed to pass through preposition clothes The local interface of business device is connected to filling platform
Code module is downloaded, security terminal is connected to filling platform by the local interface of front server, downloads identity Authentication core mechanism code;
Firmware module is downloaded, security terminal operation identification authentication certification core mechanism code is carried out with filling platform afterwards Authentication, downloads firmware file after being verified, described to be specially further with the progress authentication of filling platform:Safety When terminal initiates request first, filling platform carries out the authentication of security terminal;If authentication failed, filling platform no longer rings Should security terminal access request;
Meanwhile, when security terminal initiates to ask first, random data string is generated, and filling platform is uploaded to, by filling flat The random train is encrypted platform according to the AES of restriction, and returns back to security terminal;Security terminal is received and asked back When multiple, verify whether the encryption data matches, illegal platform thought if mismatching, do not receive the platform subsequent control and Transmission requirement;
Filling module, after firmware file download is finished, security terminal verifies the integrality of filling file, carries out filling and returns Multiple filling result;
Reports module, the filling filling success quantity of platform statistics, and generate form.
A kind of embodiment of the present invention:As shown in figure 3, the overall security terminal by required filling firmware of bulking system And the filling platform composition of the filling service of firmware is provided.
In terms of communication interaction, security terminal and filling platform using Ethernet transmit based on physical transfer mode, it is whole Individual system platform can realize in filling platform Unified Set and dispose that the scattered production of security terminal lifts the safety management of controlled file Rank.It is not directly provided with the security terminal of ethernet interface for part, production environment deployment Ethernet can turns at the scene Short-range communication is (such as:USB, RS232, RS485, WiFi) Distributed Services software, realize firmware file full-automatic distribution fill Dress.
(1), filling platform includes the compositions such as access Distributor, document management server, WEB management servers.
A, access Distributor mainly undertake data communication reception with security terminal, data encrypting and deciphering, security terminal The functions such as access identity authentication, the transmission of firmware file data downstream.The data encrypting and deciphering of filling platform is encrypted by special hardware Module is realized, is possessed key storage core in itself with security terminal and is supported the use, and arranges consistent key code system and encryption is calculated Method, realizes communication intercommunication and the efficient communication authentication of bottom.
Identification authentication module then undertakes the bidirectional authentication mechanism of whole system, when filling platform is based on security terminal agreement Between information be used as synchronous basic random number, it is to avoid use the fixed key of traditional approach as the basic data of authentication, Reduce the system risk of information-leakage.Meanwhile, to ensure the confidentiality of identification authentication mechanism, the management that reduction technical security is divulged a secret It is required that, the authentication related software modules of security terminal, the hexadecimal of the core security mechanism issued by filling platform can Code is performed, then dynamic load operating is adopted by security terminal, realization is docked with the identity of filling platform, lifts core security mechanism Confidentiality.
B, document management server mainly realize multi-service channel application various firmware files additions and deletions change operation and Hardware sequence number, the application of business channel of firmware file and security terminal etc. match corresponding relation.Hardware sequence number is whole by safety Hold physical module to be generated by the algorithm of certain rule, and ensure uniqueness in the entire system, as with security terminal For unique interaction index of control targe.
The hardware sequence number that C, WEB management server provide intelligent safety terminal (can generate the production of unique interaction index Information) in the data importing entrance of filling platform, and by visual page operation, in the way of man-machine interaction, convenient reality Show the accurate filling of the firmware file that multi-service channel is applied.
Main flow summary description is as follows:
(inventory includes business channel for A, the security terminal production list of sequence numbers of the filling firmware of output needs or inventory Application type, firmware file information etc.), the server of bulking system is imported into by WEB administration pages by system manager, And set corresponding filling configuration information;
B, production scene, by the initialization operation interface of security terminal, are simply matched somebody with somebody according to the industry characteristics of security terminal Server address, the terminal local IP address of filling platform have been put, bulking system is accessed, automatic start is filling to be downloaded;
C, flow is downloaded into auto-filling, the full-automation of this flow is completed, comprising fixed key is downloaded, access identity tests Card, temporal information synchronization and confirm, the dynamic download of identification authentication certification core mechanism code and load operating, bidirectional identification mirror Power checking, the download of firmware file file fragmentation etc.;
After D, firmware file download are finished, the integrality of the filling file of security terminal automatic Verification, and reply filling result;
The filling success quantity of E, filling platform statistics, and form is generated, used available for production and sales management.
3rd, several key modules technology explanations:
(1) the security terminal basic checking information synchronous with filling platform, is used as based on temporal information
Filling platform sets accurately RTC time, such as:20170411 12:00:00, it is accurate to the second;Security terminal is in life When production debugging is completed, before auto-filling software, the synchronous RTC time configured before being easy to act as.
Auto-filling, which is downloaded, to be started, and security terminal connects the hardware encryption server of filling platform, completes under fixed key After load, security terminal initiates auto-filling request, and using current RTC time as random key, terminal hardware Serial No. is consolidated Determine key, transmission (is being encrypted using financial level security AES;Filling platform is received after encryption data, according to calculation Method is decrypted, and calculates the RTC time of security terminal transmission, and is compared with the RTC time of current platform, if difference During certain time (such as:5 minutes), then it is assumed that current filling request is legal effectively, it is allowed to which auto-filling is downloaded.
(2), core security mechanism is issued by filling platform, the security terminal dynamic load operating core code
The realization mechanism of core security mechanism, using writing for embedded type C language, and is compiled into security terminal and can add respectively The binary file of carrying row, when security terminal starts filling firmware download request, by filling platform according under device type Hair, then internal memory operation is loaded onto by security terminal.
(3), security terminal needs both sides' authentication with filling platform
Security terminal uses bidirectional identity authentication mechanism with filling platform, when security terminal initiates filling request first, fills Assembling platform is the authentication for carrying out security terminal;Once authentication failed, then filling platform no longer respond connecing for the security terminal Enter request, and alarmed in the platform web page.Meanwhile, when security terminal initiates to ask first, random data string is generated, and Filling platform is uploaded to, the random train is encrypted according to the AES of security terminal by filling platform, and returns back to peace Full terminal;When security terminal receives request reply, verify whether the encryption data matches, think illegal flat if mismatching Platform, does not receive the subsequent control and transmission requirement of the platform.
(4), security terminal is interacted with the important traffic of filling platform using specialized hardware encrypting module (encryption chip)
Security terminal fixed key related to filling platform (group key of a terminal one), is stored by hardware encryption module And management.Security terminal is filling when being directed into bulking system by WEB management platforms after the production of general-purpose version semi-finished product is completed System automatically generates the whole group key needed for every security terminal needed for pouring process, and be placed on it is special, independent plus On close server, and all encryption storages.
When security terminal initiates filling request, the server is first arrived automatically and downloads corresponding whole group key data, in order to Ensuing data communication is with interacting;Filling platform then reads hardware encryption server, and obtain in real time when data receiver is verified The corresponding key data of corresponding hardware device number is taken to carry out encryption and decryption calculating.
(5) distributed network deployment way, can be further used, filling efficiency is improved
Do not possess the security terminal equipment of Ethernet interface or Wi-Fi interface for part, only possess RS232, USB etc. local Interface, the front end accessed in security terminal, deployment one possesses the front server of the interfaces such as Ethernet interface, RS232/USB, and Install Ethernet RS 232 USB data penetration transmission and distribution software, such final security terminal using RS232 USB interface side Formula connects front server, and the front server accesses filling platform using ether net mode again.
Although the foregoing describing the embodiment of the present invention, those familiar with the art should manage Solution, the specific embodiment described by us is merely exemplary, rather than for the restriction to the scope of the present invention, is familiar with this The equivalent modification and change that the technical staff in field is made in the spirit according to the present invention, should all cover the present invention's In scope of the claimed protection.

Claims (12)

1. a kind of convenient packaging process of Wired Security terminal firmware, the firmware for security terminal is filling, including a filling platform, It is characterized in that:Also include an at least front server, the front server is provided with local interface, and the front server leads to Network connection is crossed to the filling platform, following steps are specifically included:
Step 1, the security terminal production list of sequence numbers or inventory for obtaining the filling firmware of needs, and it imported into file management clothes It is engaged in device, and sets corresponding filling configuration information;
Step 2, security terminal are connected to filling platform by the local interface of front server, download identification authentication certification core Mechanism code;
Step 3, security terminal operation identification authentication certification core mechanism code, carry out authentication with filling platform afterwards, test Card downloads firmware file after;
After step 4, firmware file download are finished, security terminal verifies the integrality of filling file, carries out filling and replys filling As a result.
2. a kind of convenient packaging process of Wired Security terminal firmware according to claim 1, it is characterised in that:The step 1 is specially further:Obtaining needs the security terminal production list of sequence numbers or inventory of filling firmware, and imported into file pipe Manage in server, and set corresponding filling configuration information;The filling platform is provided with an encryption chip, filling platform life Whole group key into pouring process needed for every security terminal, and place to encryption chip.
3. a kind of convenient packaging process of Wired Security terminal firmware as claimed in claim 2, it is characterised in that:The key is complete Portion is encrypted.
4. a kind of convenient packaging process of Wired Security terminal firmware as claimed in claim 1, it is characterised in that:The step 1 With being additionally provided with a step 11, security terminal between step 2 to filling platform transmission connection request;Filling platform is set accurately RTC time, security terminal when scheduling and planning is completed, synchronous configuration be easy to act as before RTC time, using current RTC time as with Secret key, terminal hardware Serial No. fixed key, is encrypted transmission;Filling platform is received after encryption data, according to calculation Method is decrypted, and calculates the RTC time of security terminal transmission, and is compared with the RTC time of current platform, if difference During limiting time, then it is assumed that current filling request is legal effectively, into step 2;Otherwise security terminal is not allowed to pass through preceding The local interface for putting server is connected to filling platform.
5. a kind of convenient packaging process of Wired Security terminal firmware as claimed in claim 1, it is characterised in that:The step 3 In with filling platform carry out authentication be specially further:When security terminal initiates request first, filling platform carries out safety The authentication of terminal;If authentication failed, filling platform no longer responds the access request of the security terminal;
Meanwhile, when security terminal initiates to ask first, random data string is generated, and filling platform is uploaded to, will by filling platform The random train is encrypted according to the AES of restriction, and returns back to security terminal;When security terminal receives request reply, Verify whether the encryption data matches, think illegal platform if mismatching, do not receive subsequent control and the transmission of the platform It is required that.
6. a kind of convenient packaging process of Wired Security terminal firmware as claimed in claim 1, it is characterised in that:Also include step 5th, the filling filling success quantity of platform statistics, and generate form.
7. a kind of convenient bulking system of Wired Security terminal firmware, the firmware for security terminal is filling, including a filling platform, It is characterized in that:Also include an at least front server, the front server is provided with local interface, and the front server leads to Network connection is crossed to the filling platform, following module is specifically included:
Preparation module, obtaining needs the security terminal production list of sequence numbers or inventory of filling firmware, and imported into file pipe Manage in server, and set corresponding filling configuration information;
Code module is downloaded, security terminal is connected to filling platform by the local interface of front server, downloads identification authentication Certification core mechanism code;
Firmware module is downloaded, security terminal operation identification authentication certification core mechanism code carries out identity with filling platform afterwards Checking, firmware file is downloaded after being verified;
Filling module, after firmware file download is finished, security terminal verifies the integrality of filling file, carries out filling and replys filling Fill result.
8. a kind of convenient bulking system of Wired Security terminal firmware according to claim 7, it is characterised in that:It is described to prepare Module is specially further:Obtaining needs the security terminal production list of sequence numbers or inventory of filling firmware, and imported into text In part management server, and set corresponding filling configuration information;The filling platform is provided with an encryption chip, filling flat Whole group key in platform generation pouring process needed for every security terminal, and place to encryption chip.
9. a kind of convenient bulking system of Wired Security terminal firmware as claimed in claim 8, it is characterised in that:The key is complete Portion is encrypted.
10. a kind of convenient bulking system of Wired Security terminal firmware as claimed in claim 7, it is characterised in that:It is described to prepare An authentication module, security terminal, which are additionally provided with, between module and download code module sends connection request to filling platform;It is filling flat Platform sets accurately RTC time, and security terminal is when scheduling and planning is completed, and the synchronous RTC time configured before being easy to act as will be current Transmission is encrypted as random key, terminal hardware Serial No. fixed key in RTC time;Filling platform receives encryption After data, it is decrypted according to algorithm, calculates the RTC time of security terminal transmission, and carry out with the RTC time of current platform Compare, if differed in during limiting time, then it is assumed that current filling request is legal effectively, into download code module;Otherwise Security terminal is not allowed to be connected to filling platform by the local interface of front server.
11. a kind of convenient bulking system of Wired Security terminal firmware as claimed in claim 7, it is characterised in that:It is described to download Carrying out authentication with filling platform in firmware module is specially further:When security terminal initiates request first, filling platform Carry out the authentication of security terminal;If authentication failed, filling platform no longer responds the access request of the security terminal;
Meanwhile, when security terminal initiates to ask first, random data string is generated, and filling platform is uploaded to, will by filling platform The random train is encrypted according to the AES of restriction, and returns back to security terminal;When security terminal receives request reply, Verify whether the encryption data matches, think illegal platform if mismatching, do not receive subsequent control and the transmission of the platform It is required that.
12. a kind of convenient bulking system of Wired Security terminal firmware as claimed in claim 7, it is characterised in that:Also include report Table module, the filling filling success quantity of platform statistics, and generate form.
CN201710313308.5A 2017-05-05 2017-05-05 Convenient filling method and system for wired security terminal firmware Active CN107105045B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710313308.5A CN107105045B (en) 2017-05-05 2017-05-05 Convenient filling method and system for wired security terminal firmware

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710313308.5A CN107105045B (en) 2017-05-05 2017-05-05 Convenient filling method and system for wired security terminal firmware

Publications (2)

Publication Number Publication Date
CN107105045A true CN107105045A (en) 2017-08-29
CN107105045B CN107105045B (en) 2020-05-05

Family

ID=59657586

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710313308.5A Active CN107105045B (en) 2017-05-05 2017-05-05 Convenient filling method and system for wired security terminal firmware

Country Status (1)

Country Link
CN (1) CN107105045B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108306970A (en) * 2018-02-02 2018-07-20 浙江德景电子科技有限公司 A kind of download of firmware safety and calibration equipment and method based on safety chip
CN108958779A (en) * 2018-09-20 2018-12-07 广东美的暖通设备有限公司 Firmware upgrade management method, device and computer readable storage medium
CN114861165A (en) * 2022-05-05 2022-08-05 成都秦川物联网科技股份有限公司 LNG distributed energy remote authorization filling method and Internet of things system
CN116094730A (en) * 2023-01-18 2023-05-09 中国第一汽车股份有限公司 Vehicle ECU digital certificate application method and system

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1275744A (en) * 2000-07-20 2000-12-06 成都久力信息技术有限公司 Computer applycation layer network safety control and management system and relative program method thereof
CN1960363A (en) * 2006-09-12 2007-05-09 北京飞天诚信科技有限公司 Method and equipment for implementing remote updating information security devices through network
CN102081744A (en) * 2009-11-30 2011-06-01 中兴通讯股份有限公司 Path identification system and secure interaction method thereof
US7973607B1 (en) * 2007-04-23 2011-07-05 Emc Corporation RTC circuit with time value adjustment
CN102592064A (en) * 2011-01-07 2012-07-18 深圳同方电子设备有限公司 Dynamic crypto chip
US8984316B2 (en) * 2011-12-29 2015-03-17 Intel Corporation Fast platform hibernation and resumption of computing systems providing secure storage of context data
US9187061B2 (en) * 2013-10-18 2015-11-17 GM Global Technology Operations LLC Electronic device finder system
CN105162808A (en) * 2015-10-19 2015-12-16 成都卫士通信息产业股份有限公司 Safety login method based on domestic cryptographic algorithm

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1275744A (en) * 2000-07-20 2000-12-06 成都久力信息技术有限公司 Computer applycation layer network safety control and management system and relative program method thereof
CN1960363A (en) * 2006-09-12 2007-05-09 北京飞天诚信科技有限公司 Method and equipment for implementing remote updating information security devices through network
US7973607B1 (en) * 2007-04-23 2011-07-05 Emc Corporation RTC circuit with time value adjustment
CN102081744A (en) * 2009-11-30 2011-06-01 中兴通讯股份有限公司 Path identification system and secure interaction method thereof
CN102592064A (en) * 2011-01-07 2012-07-18 深圳同方电子设备有限公司 Dynamic crypto chip
US8984316B2 (en) * 2011-12-29 2015-03-17 Intel Corporation Fast platform hibernation and resumption of computing systems providing secure storage of context data
US9187061B2 (en) * 2013-10-18 2015-11-17 GM Global Technology Operations LLC Electronic device finder system
CN105162808A (en) * 2015-10-19 2015-12-16 成都卫士通信息产业股份有限公司 Safety login method based on domestic cryptographic algorithm

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108306970A (en) * 2018-02-02 2018-07-20 浙江德景电子科技有限公司 A kind of download of firmware safety and calibration equipment and method based on safety chip
CN108958779A (en) * 2018-09-20 2018-12-07 广东美的暖通设备有限公司 Firmware upgrade management method, device and computer readable storage medium
CN114861165A (en) * 2022-05-05 2022-08-05 成都秦川物联网科技股份有限公司 LNG distributed energy remote authorization filling method and Internet of things system
CN114861165B (en) * 2022-05-05 2024-06-07 成都秦川物联网科技股份有限公司 LNG distributed energy remote authorization filling method and Internet of things system
CN116094730A (en) * 2023-01-18 2023-05-09 中国第一汽车股份有限公司 Vehicle ECU digital certificate application method and system

Also Published As

Publication number Publication date
CN107105045B (en) 2020-05-05

Similar Documents

Publication Publication Date Title
CN101183932B (en) Security identification system of wireless application service and login and entry method thereof
CN102378171B (en) Automatic authentication method and system thereof, Portal server, and RADIUS server
CN105391695B (en) A kind of terminal registration method and method of calibration
CN107105045A (en) A kind of convenient packaging process of Wired Security terminal firmware and system
CN107181795A (en) A kind of convenient packaging process of wireless security terminal firmware and system
CN108416589A (en) Connection method, system and the computer readable storage medium of block chain node
CN106161359A (en) The method and device of certification user, the method and device of registration wearable device
CN107833317A (en) Control of bluetooth access control system and method
CN103186850B (en) For obtaining the method for evidence for payment, equipment and system
CN106785146A (en) The charging method and system of the electric automobile charging pile with bluetooth
CN104320779A (en) Near field communication authentication method based on U/SIM card authentication response and time-limited feedback
CN107484152A (en) The management method and device of terminal applies
CN104283961A (en) Community management cloud service integration platform and method
CN104424676A (en) Identity information sending method, identity information sending device, access control card reader and access control system
CN104125230A (en) Short message authentication service system and authentication method
CN108024243A (en) A kind of eSIM is caught in Network Communication method and its system
CN105407479B (en) A kind of information identifying method, info gateway, SIM card and system
CN106102062A (en) A kind of public wireless network cut-in method and device
CN106899548A (en) A kind of IP address modification method and device
CN109919614A (en) A kind of method for protecting intelligent contract privacy using zero-knowledge proof in block chain
CN108632042A (en) A kind of class AKA identity authorization systems and method based on pool of symmetric keys
CN106712939A (en) Offline key transmission method and device
CN110224823A (en) Substation's message safety protecting method, device, computer equipment and storage medium
CN101771696A (en) Multi-layer data mapping authentication system
CN106982430A (en) A kind of portal authentication method and system based on user's use habit

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant