CN107105045A - A kind of convenient packaging process of Wired Security terminal firmware and system - Google Patents
A kind of convenient packaging process of Wired Security terminal firmware and system Download PDFInfo
- Publication number
- CN107105045A CN107105045A CN201710313308.5A CN201710313308A CN107105045A CN 107105045 A CN107105045 A CN 107105045A CN 201710313308 A CN201710313308 A CN 201710313308A CN 107105045 A CN107105045 A CN 107105045A
- Authority
- CN
- China
- Prior art keywords
- filling
- security terminal
- platform
- firmware
- terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/02—Standardisation; Integration
- H04L41/0246—Exchanging or transporting network management information using the Internet; Embedding network management web servers in network elements; Web-services-based protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
- H04L41/0806—Configuration setting for initial configuration or provisioning, e.g. plug-and-play
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/108—Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The present invention provides a kind of convenient packaging process of Wired Security terminal firmware, and obtaining needs the security terminal production list of sequence numbers or inventory of filling firmware, and imported into document management server, and sets corresponding filling configuration information;Security terminal is connected to filling platform by the local interface of front server, downloads identification authentication certification core mechanism code;Security terminal runs identification authentication certification core mechanism code, carries out authentication with filling platform afterwards, and firmware file is downloaded after being verified;After firmware file download is finished, security terminal verifies the integrality of filling file, carries out filling and replys filling result;The present invention also provides a kind of convenient bulking system of Wired Security terminal firmware;Improve firmware filling efficiency, security and convenience.
Description
Technical field
The present invention relates to a kind of convenient packaging process of Wired Security terminal firmware and system.
Background technology
With the large-scale development of intelligent safety equipment, the same ardware model number applied towards multi-service channel it is embedded
Intelligent safety terminal is (such as:Intelligent POS terminal), generally require for the application of different business channel (such as:China Merchants Bank, Unionpay business
Business, fast money such as pay at the different application scene of customized firmware) there is provided different embedded firmwares to meet customer need;Meanwhile,
Used to make end user's acquirement terminal device to open, customized firmware generally requires to complete in production link.
To ensure each customized firmware filling correctness in process of production, majority enterprises are in volume manufacturing process at present
In, mainly using the higher production management method of artificial degree of participation.Such as:In intelligent POS terminal production process, pipe is relied on
Manage flow, it is artificial or pass through production information management system and transmit the information such as software firmware file, filling configuration list, use
The filling mode of one platform carries out firmware download.Although this mode has been employed for many years in most enterprises, in each management and control ring
Section can clearly arrive person liable, and have the abnormal security mechanism of maturation, but the interface of security terminal connection is less, therefore overall
Filling efficiency is very low, and production cost is very high.
The content of the invention
The technical problem to be solved in the present invention, is to provide a kind of convenient packaging process of Wired Security terminal firmware and is
System, improves firmware filling efficiency, security and convenience.
What one of present invention was realized in:A kind of convenient packaging process of Wired Security terminal firmware, for security terminal
Firmware it is filling, an including filling platform, an in addition at least front server, the front server is provided with local interface,
The front server, to the filling platform, specifically includes following steps by network connection:
Step 1, the security terminal production list of sequence numbers or inventory for obtaining the filling firmware of needs, and it imported into file pipe
Manage in server, and set corresponding filling configuration information;
Step 2, security terminal are connected to filling platform by the local interface of front server, download identification authentication certification
Core mechanism code;
Step 3, security terminal operation identification authentication certification core mechanism code, carry out identity with filling platform afterwards and test
Card, firmware file is downloaded after being verified;
After step 4, firmware file download are finished, security terminal verifies the integrality of filling file, carries out filling and replys
Filling result.
Further, the step 1 is specially further:Obtaining needs the security terminal production sequence number column of filling firmware
Table or inventory, and imported into document management server, and set corresponding filling configuration information;The filling platform
Provided with an encryption chip, filling platform generates the whole group key needed for every security terminal in pouring process, and places to encryption
Chip.
Further, the key is all encrypted.
Further, a step 11, security terminal are additionally provided between the step 1 and step 2 and is sent to filling platform and is connected
Connect request;Filling platform sets accurately RTC time, and security terminal is when scheduling and planning is completed, the synchronous RTC configured before being easy to act as
Time, using current RTC time as random key, transmission is encrypted in terminal hardware Serial No. fixed key;Filling platform
Receive after encryption data, be decrypted according to algorithm, calculate security terminal transmission RTC time, and with current platform
RTC time is compared, if in during difference limiting time, then it is assumed that current filling request is legal effectively, into step 2;
Otherwise security terminal is not allowed to be connected to filling platform by the local interface of front server.
Further, carrying out authentication with filling platform in the step 3 is specially further:Security terminal is sent out first
When playing request, filling platform carries out the authentication of security terminal;If authentication failed, filling platform no longer responds the safety eventually
The access request at end;
Meanwhile, when security terminal initiates to ask first, random data string is generated, and filling platform is uploaded to, by filling flat
The random train is encrypted platform according to the AES of restriction, and returns back to security terminal;Security terminal is received and asked back
When multiple, verify whether the encryption data matches, illegal platform thought if mismatching, do not receive the platform subsequent control and
Transmission requirement.
Further, in addition to the filling success quantity of step 5, filling platform statistics, and form is generated.
What the two of the present invention were realized in:A kind of convenient bulking system of Wired Security terminal firmware, for security terminal
Firmware it is filling, an including filling platform, an in addition at least front server, the front server is provided with local interface,
The front server, to the filling platform, specifically includes following module by network connection:
Preparation module, obtaining needs the security terminal production list of sequence numbers or inventory of filling firmware, and imported into text
In part management server, and set corresponding filling configuration information;
Code module is downloaded, security terminal is connected to filling platform by the local interface of front server, downloads identity
Authentication core mechanism code;
Firmware module is downloaded, security terminal operation identification authentication certification core mechanism code is carried out with filling platform afterwards
Authentication, firmware file is downloaded after being verified;
Filling module, after firmware file download is finished, security terminal verifies the integrality of filling file, carries out filling and returns
Multiple filling result.
Further, the preparation module is specially further:Obtaining needs the security terminal production sequence of filling firmware
Number list or inventory, and imported into document management server, and set corresponding filling configuration information;It is described filling
Platform is provided with the whole group key needed for every security terminal in an encryption chip, filling platform generation pouring process, and places extremely
Encryption chip.
Further, the key is all encrypted.
Further, an authentication module, security terminal are additionally provided with to filling between the preparation module and download code module
Assembling platform sends connection request;Filling platform sets accurately RTC time, and security terminal is synchronously matched somebody with somebody when scheduling and planning is completed
The RTC time before being easy to act as is put, using current RTC time as random key, terminal hardware Serial No. fixed key is encrypted
Transmission;Filling platform is received after encryption data, is decrypted according to algorithm, calculates the RTC time of security terminal transmission, and
It is compared with the RTC time of current platform, if in during difference limiting time, then it is assumed that current filling request is legal to be had
Effect, into download code module;Otherwise security terminal is not allowed to be connected to filling platform by the local interface of front server.
Further, carrying out authentication with filling platform in the firmware download module is specially further:Safety is eventually
When request is initiated in end first, filling platform carries out the authentication of security terminal;If authentication failed, filling platform is no longer responded
The access request of the security terminal;
Meanwhile, when security terminal initiates to ask first, random data string is generated, and filling platform is uploaded to, by filling flat
The random train is encrypted platform according to the AES of restriction, and returns back to security terminal;Security terminal is received and asked back
When multiple, verify whether the encryption data matches, illegal platform thought if mismatching, do not receive the platform subsequent control and
Transmission requirement.
Further, in addition to Reports module, the filling filling success quantity of platform statistics, and generate form.
The invention has the advantages that:
1st, a kind of convenient packaging process of Wired Security terminal firmware of the invention and system, the telecommunication network based on IPV4 are passed
The firmware bulking system of defeated mode, and using the WEB management platforms of good man-machine interaction experience, can largely realize production
Automation, reduces the cost of labor of volume manufacturing process;The firmware file of 2Mbytes sizes, by originally average filling man-hour 3-5
Minute/platform, drops to 1~2 minute/platform, and man-haur efficiency improves more than 50%;
2nd, security terminal and filling platform use the identity validation technology of two-way authentication, can effectively prevent illegal platform,
The invasion of illegal terminal, prevents security terminal equipment by the filling illegal firmware of malice;
3rd, security terminal is interacted with the important traffic of filling platform using specialized hardware server, isolates core security letter
Breath, reduces the personal security security requirements of non-core safe R&D team, is more beneficial for the management of R&D team;
4th, security terminal and filling platform change tradition and relied on based on temporal information as the synchronous basic random number of both sides
In the low-security applications situation of fixed key synchronization mechanism, the level of security of system is further improved.
Brief description of the drawings
The present invention is further illustrated in conjunction with the embodiments with reference to the accompanying drawings.
Fig. 1 is a kind of flow chart of the convenient packaging process of Wired Security terminal firmware of the invention.
Fig. 2 is a kind of theory diagram of the convenient bulking system of Wired Security terminal firmware of the invention.
Fig. 3 is a kind of embodiment schematic diagram of the invention.
Embodiment
As shown in figure 1, the convenient packaging process of wireless security terminal firmware of the present invention, the firmware for security terminal is filling,
Including a filling platform and an at least front server, the front server is provided with local interface, the front server
By network connection to the filling platform, following steps are specifically included:
Step 1, the security terminal production list of sequence numbers or inventory for obtaining the filling firmware of needs, and it imported into file pipe
Manage in server, and set corresponding filling configuration information;The filling platform is provided with an encryption chip, filling platform life
Whole group key into pouring process needed for every security terminal, and place to encryption chip, the key is all encrypted
Processing;
Step 11, security terminal send connection request to filling platform;Filling platform sets accurately RTC time, safety
Terminal is when scheduling and planning is completed, the synchronous RTC time configured before being easy to act as, and using current RTC time as random key, terminal is hard
Part Serial No. fixed key, is encrypted transmission;Filling platform is received after encryption data, is decrypted according to algorithm, meter
The RTC time of security terminal transmission is calculated, and is compared with the RTC time of current platform, if during difference limiting time
It is interior, then it is assumed that current filling request is legal effectively, into step 2;Otherwise sheet of the security terminal by front server is not allowed
Ground interface is connected to filling platform;
Step 2, security terminal are connected to filling platform by the local interface of front server, download identification authentication certification
Core mechanism code;
Step 3, security terminal operation identification authentication certification core mechanism code, carry out identity with filling platform afterwards and test
Card, firmware file is downloaded after being verified;
It is described to be specially further with the progress authentication of filling platform:It is filling flat when security terminal initiates request first
Platform carries out the authentication of security terminal;If authentication failed, filling platform no longer responds the access request of the security terminal;
Meanwhile, when security terminal initiates to ask first, random data string is generated, and filling platform is uploaded to, by filling flat
The random train is encrypted platform according to the AES of restriction, and returns back to security terminal;Security terminal is received and asked back
When multiple, verify whether the encryption data matches, illegal platform thought if mismatching, do not receive the platform subsequent control and
Transmission requirement;
After step 4, firmware file download are finished, security terminal verifies the integrality of filling file, carries out filling and replys
Filling result;
The filling success quantity of step 5, filling platform statistics, and generate form.
As shown in Fig. 2 the convenient bulking system of wireless security terminal firmware of the present invention, the firmware for security terminal is filling,
Including a filling platform and an at least front server, the front server is provided with local interface, the front server
By network connection to the filling platform, following module is specifically included:
Preparation module, obtaining needs the security terminal production list of sequence numbers or inventory of filling firmware, and imported into text
In part management server, and set corresponding filling configuration information;The filling platform is provided with an encryption chip, filling flat
Whole group key in platform generation pouring process needed for every security terminal, and place to encryption chip, the key is all carried out
Encryption;
Authentication module, security terminal send connection request to filling platform;Filling platform sets accurately RTC time, peace
Full terminal is when scheduling and planning is completed, and the synchronous RTC time configured before being easy to act as regard current RTC time as random key, terminal
Hardware sequence number is fixed key, and transmission is encrypted;Filling platform is received after encryption data, is decrypted according to algorithm,
The RTC time of security terminal transmission is calculated, and is compared with the RTC time of current platform, if the difference limiting time phase
In, then it is assumed that current filling request is legal effectively, into download code module;Otherwise security terminal is not allowed to pass through preposition clothes
The local interface of business device is connected to filling platform
Code module is downloaded, security terminal is connected to filling platform by the local interface of front server, downloads identity
Authentication core mechanism code;
Firmware module is downloaded, security terminal operation identification authentication certification core mechanism code is carried out with filling platform afterwards
Authentication, downloads firmware file after being verified, described to be specially further with the progress authentication of filling platform:Safety
When terminal initiates request first, filling platform carries out the authentication of security terminal;If authentication failed, filling platform no longer rings
Should security terminal access request;
Meanwhile, when security terminal initiates to ask first, random data string is generated, and filling platform is uploaded to, by filling flat
The random train is encrypted platform according to the AES of restriction, and returns back to security terminal;Security terminal is received and asked back
When multiple, verify whether the encryption data matches, illegal platform thought if mismatching, do not receive the platform subsequent control and
Transmission requirement;
Filling module, after firmware file download is finished, security terminal verifies the integrality of filling file, carries out filling and returns
Multiple filling result;
Reports module, the filling filling success quantity of platform statistics, and generate form.
A kind of embodiment of the present invention:As shown in figure 3, the overall security terminal by required filling firmware of bulking system
And the filling platform composition of the filling service of firmware is provided.
In terms of communication interaction, security terminal and filling platform using Ethernet transmit based on physical transfer mode, it is whole
Individual system platform can realize in filling platform Unified Set and dispose that the scattered production of security terminal lifts the safety management of controlled file
Rank.It is not directly provided with the security terminal of ethernet interface for part, production environment deployment Ethernet can turns at the scene
Short-range communication is (such as:USB, RS232, RS485, WiFi) Distributed Services software, realize firmware file full-automatic distribution fill
Dress.
(1), filling platform includes the compositions such as access Distributor, document management server, WEB management servers.
A, access Distributor mainly undertake data communication reception with security terminal, data encrypting and deciphering, security terminal
The functions such as access identity authentication, the transmission of firmware file data downstream.The data encrypting and deciphering of filling platform is encrypted by special hardware
Module is realized, is possessed key storage core in itself with security terminal and is supported the use, and arranges consistent key code system and encryption is calculated
Method, realizes communication intercommunication and the efficient communication authentication of bottom.
Identification authentication module then undertakes the bidirectional authentication mechanism of whole system, when filling platform is based on security terminal agreement
Between information be used as synchronous basic random number, it is to avoid use the fixed key of traditional approach as the basic data of authentication,
Reduce the system risk of information-leakage.Meanwhile, to ensure the confidentiality of identification authentication mechanism, the management that reduction technical security is divulged a secret
It is required that, the authentication related software modules of security terminal, the hexadecimal of the core security mechanism issued by filling platform can
Code is performed, then dynamic load operating is adopted by security terminal, realization is docked with the identity of filling platform, lifts core security mechanism
Confidentiality.
B, document management server mainly realize multi-service channel application various firmware files additions and deletions change operation and
Hardware sequence number, the application of business channel of firmware file and security terminal etc. match corresponding relation.Hardware sequence number is whole by safety
Hold physical module to be generated by the algorithm of certain rule, and ensure uniqueness in the entire system, as with security terminal
For unique interaction index of control targe.
The hardware sequence number that C, WEB management server provide intelligent safety terminal (can generate the production of unique interaction index
Information) in the data importing entrance of filling platform, and by visual page operation, in the way of man-machine interaction, convenient reality
Show the accurate filling of the firmware file that multi-service channel is applied.
Main flow summary description is as follows:
(inventory includes business channel for A, the security terminal production list of sequence numbers of the filling firmware of output needs or inventory
Application type, firmware file information etc.), the server of bulking system is imported into by WEB administration pages by system manager,
And set corresponding filling configuration information;
B, production scene, by the initialization operation interface of security terminal, are simply matched somebody with somebody according to the industry characteristics of security terminal
Server address, the terminal local IP address of filling platform have been put, bulking system is accessed, automatic start is filling to be downloaded;
C, flow is downloaded into auto-filling, the full-automation of this flow is completed, comprising fixed key is downloaded, access identity tests
Card, temporal information synchronization and confirm, the dynamic download of identification authentication certification core mechanism code and load operating, bidirectional identification mirror
Power checking, the download of firmware file file fragmentation etc.;
After D, firmware file download are finished, the integrality of the filling file of security terminal automatic Verification, and reply filling result;
The filling success quantity of E, filling platform statistics, and form is generated, used available for production and sales management.
3rd, several key modules technology explanations:
(1) the security terminal basic checking information synchronous with filling platform, is used as based on temporal information
Filling platform sets accurately RTC time, such as:20170411 12:00:00, it is accurate to the second;Security terminal is in life
When production debugging is completed, before auto-filling software, the synchronous RTC time configured before being easy to act as.
Auto-filling, which is downloaded, to be started, and security terminal connects the hardware encryption server of filling platform, completes under fixed key
After load, security terminal initiates auto-filling request, and using current RTC time as random key, terminal hardware Serial No. is consolidated
Determine key, transmission (is being encrypted using financial level security AES;Filling platform is received after encryption data, according to calculation
Method is decrypted, and calculates the RTC time of security terminal transmission, and is compared with the RTC time of current platform, if difference
During certain time (such as:5 minutes), then it is assumed that current filling request is legal effectively, it is allowed to which auto-filling is downloaded.
(2), core security mechanism is issued by filling platform, the security terminal dynamic load operating core code
The realization mechanism of core security mechanism, using writing for embedded type C language, and is compiled into security terminal and can add respectively
The binary file of carrying row, when security terminal starts filling firmware download request, by filling platform according under device type
Hair, then internal memory operation is loaded onto by security terminal.
(3), security terminal needs both sides' authentication with filling platform
Security terminal uses bidirectional identity authentication mechanism with filling platform, when security terminal initiates filling request first, fills
Assembling platform is the authentication for carrying out security terminal;Once authentication failed, then filling platform no longer respond connecing for the security terminal
Enter request, and alarmed in the platform web page.Meanwhile, when security terminal initiates to ask first, random data string is generated, and
Filling platform is uploaded to, the random train is encrypted according to the AES of security terminal by filling platform, and returns back to peace
Full terminal;When security terminal receives request reply, verify whether the encryption data matches, think illegal flat if mismatching
Platform, does not receive the subsequent control and transmission requirement of the platform.
(4), security terminal is interacted with the important traffic of filling platform using specialized hardware encrypting module (encryption chip)
Security terminal fixed key related to filling platform (group key of a terminal one), is stored by hardware encryption module
And management.Security terminal is filling when being directed into bulking system by WEB management platforms after the production of general-purpose version semi-finished product is completed
System automatically generates the whole group key needed for every security terminal needed for pouring process, and be placed on it is special, independent plus
On close server, and all encryption storages.
When security terminal initiates filling request, the server is first arrived automatically and downloads corresponding whole group key data, in order to
Ensuing data communication is with interacting;Filling platform then reads hardware encryption server, and obtain in real time when data receiver is verified
The corresponding key data of corresponding hardware device number is taken to carry out encryption and decryption calculating.
(5) distributed network deployment way, can be further used, filling efficiency is improved
Do not possess the security terminal equipment of Ethernet interface or Wi-Fi interface for part, only possess RS232, USB etc. local
Interface, the front end accessed in security terminal, deployment one possesses the front server of the interfaces such as Ethernet interface, RS232/USB, and
Install Ethernet RS 232 USB data penetration transmission and distribution software, such final security terminal using RS232 USB interface side
Formula connects front server, and the front server accesses filling platform using ether net mode again.
Although the foregoing describing the embodiment of the present invention, those familiar with the art should manage
Solution, the specific embodiment described by us is merely exemplary, rather than for the restriction to the scope of the present invention, is familiar with this
The equivalent modification and change that the technical staff in field is made in the spirit according to the present invention, should all cover the present invention's
In scope of the claimed protection.
Claims (12)
1. a kind of convenient packaging process of Wired Security terminal firmware, the firmware for security terminal is filling, including a filling platform,
It is characterized in that:Also include an at least front server, the front server is provided with local interface, and the front server leads to
Network connection is crossed to the filling platform, following steps are specifically included:
Step 1, the security terminal production list of sequence numbers or inventory for obtaining the filling firmware of needs, and it imported into file management clothes
It is engaged in device, and sets corresponding filling configuration information;
Step 2, security terminal are connected to filling platform by the local interface of front server, download identification authentication certification core
Mechanism code;
Step 3, security terminal operation identification authentication certification core mechanism code, carry out authentication with filling platform afterwards, test
Card downloads firmware file after;
After step 4, firmware file download are finished, security terminal verifies the integrality of filling file, carries out filling and replys filling
As a result.
2. a kind of convenient packaging process of Wired Security terminal firmware according to claim 1, it is characterised in that:The step
1 is specially further:Obtaining needs the security terminal production list of sequence numbers or inventory of filling firmware, and imported into file pipe
Manage in server, and set corresponding filling configuration information;The filling platform is provided with an encryption chip, filling platform life
Whole group key into pouring process needed for every security terminal, and place to encryption chip.
3. a kind of convenient packaging process of Wired Security terminal firmware as claimed in claim 2, it is characterised in that:The key is complete
Portion is encrypted.
4. a kind of convenient packaging process of Wired Security terminal firmware as claimed in claim 1, it is characterised in that:The step 1
With being additionally provided with a step 11, security terminal between step 2 to filling platform transmission connection request;Filling platform is set accurately
RTC time, security terminal when scheduling and planning is completed, synchronous configuration be easy to act as before RTC time, using current RTC time as with
Secret key, terminal hardware Serial No. fixed key, is encrypted transmission;Filling platform is received after encryption data, according to calculation
Method is decrypted, and calculates the RTC time of security terminal transmission, and is compared with the RTC time of current platform, if difference
During limiting time, then it is assumed that current filling request is legal effectively, into step 2;Otherwise security terminal is not allowed to pass through preceding
The local interface for putting server is connected to filling platform.
5. a kind of convenient packaging process of Wired Security terminal firmware as claimed in claim 1, it is characterised in that:The step 3
In with filling platform carry out authentication be specially further:When security terminal initiates request first, filling platform carries out safety
The authentication of terminal;If authentication failed, filling platform no longer responds the access request of the security terminal;
Meanwhile, when security terminal initiates to ask first, random data string is generated, and filling platform is uploaded to, will by filling platform
The random train is encrypted according to the AES of restriction, and returns back to security terminal;When security terminal receives request reply,
Verify whether the encryption data matches, think illegal platform if mismatching, do not receive subsequent control and the transmission of the platform
It is required that.
6. a kind of convenient packaging process of Wired Security terminal firmware as claimed in claim 1, it is characterised in that:Also include step
5th, the filling filling success quantity of platform statistics, and generate form.
7. a kind of convenient bulking system of Wired Security terminal firmware, the firmware for security terminal is filling, including a filling platform,
It is characterized in that:Also include an at least front server, the front server is provided with local interface, and the front server leads to
Network connection is crossed to the filling platform, following module is specifically included:
Preparation module, obtaining needs the security terminal production list of sequence numbers or inventory of filling firmware, and imported into file pipe
Manage in server, and set corresponding filling configuration information;
Code module is downloaded, security terminal is connected to filling platform by the local interface of front server, downloads identification authentication
Certification core mechanism code;
Firmware module is downloaded, security terminal operation identification authentication certification core mechanism code carries out identity with filling platform afterwards
Checking, firmware file is downloaded after being verified;
Filling module, after firmware file download is finished, security terminal verifies the integrality of filling file, carries out filling and replys filling
Fill result.
8. a kind of convenient bulking system of Wired Security terminal firmware according to claim 7, it is characterised in that:It is described to prepare
Module is specially further:Obtaining needs the security terminal production list of sequence numbers or inventory of filling firmware, and imported into text
In part management server, and set corresponding filling configuration information;The filling platform is provided with an encryption chip, filling flat
Whole group key in platform generation pouring process needed for every security terminal, and place to encryption chip.
9. a kind of convenient bulking system of Wired Security terminal firmware as claimed in claim 8, it is characterised in that:The key is complete
Portion is encrypted.
10. a kind of convenient bulking system of Wired Security terminal firmware as claimed in claim 7, it is characterised in that:It is described to prepare
An authentication module, security terminal, which are additionally provided with, between module and download code module sends connection request to filling platform;It is filling flat
Platform sets accurately RTC time, and security terminal is when scheduling and planning is completed, and the synchronous RTC time configured before being easy to act as will be current
Transmission is encrypted as random key, terminal hardware Serial No. fixed key in RTC time;Filling platform receives encryption
After data, it is decrypted according to algorithm, calculates the RTC time of security terminal transmission, and carry out with the RTC time of current platform
Compare, if differed in during limiting time, then it is assumed that current filling request is legal effectively, into download code module;Otherwise
Security terminal is not allowed to be connected to filling platform by the local interface of front server.
11. a kind of convenient bulking system of Wired Security terminal firmware as claimed in claim 7, it is characterised in that:It is described to download
Carrying out authentication with filling platform in firmware module is specially further:When security terminal initiates request first, filling platform
Carry out the authentication of security terminal;If authentication failed, filling platform no longer responds the access request of the security terminal;
Meanwhile, when security terminal initiates to ask first, random data string is generated, and filling platform is uploaded to, will by filling platform
The random train is encrypted according to the AES of restriction, and returns back to security terminal;When security terminal receives request reply,
Verify whether the encryption data matches, think illegal platform if mismatching, do not receive subsequent control and the transmission of the platform
It is required that.
12. a kind of convenient bulking system of Wired Security terminal firmware as claimed in claim 7, it is characterised in that:Also include report
Table module, the filling filling success quantity of platform statistics, and generate form.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710313308.5A CN107105045B (en) | 2017-05-05 | 2017-05-05 | Convenient filling method and system for wired security terminal firmware |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710313308.5A CN107105045B (en) | 2017-05-05 | 2017-05-05 | Convenient filling method and system for wired security terminal firmware |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107105045A true CN107105045A (en) | 2017-08-29 |
CN107105045B CN107105045B (en) | 2020-05-05 |
Family
ID=59657586
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710313308.5A Active CN107105045B (en) | 2017-05-05 | 2017-05-05 | Convenient filling method and system for wired security terminal firmware |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107105045B (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108306970A (en) * | 2018-02-02 | 2018-07-20 | 浙江德景电子科技有限公司 | A kind of download of firmware safety and calibration equipment and method based on safety chip |
CN108958779A (en) * | 2018-09-20 | 2018-12-07 | 广东美的暖通设备有限公司 | Firmware upgrade management method, device and computer readable storage medium |
CN114861165A (en) * | 2022-05-05 | 2022-08-05 | 成都秦川物联网科技股份有限公司 | LNG distributed energy remote authorization filling method and Internet of things system |
CN116094730A (en) * | 2023-01-18 | 2023-05-09 | 中国第一汽车股份有限公司 | Vehicle ECU digital certificate application method and system |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1275744A (en) * | 2000-07-20 | 2000-12-06 | 成都久力信息技术有限公司 | Computer applycation layer network safety control and management system and relative program method thereof |
CN1960363A (en) * | 2006-09-12 | 2007-05-09 | 北京飞天诚信科技有限公司 | Method and equipment for implementing remote updating information security devices through network |
CN102081744A (en) * | 2009-11-30 | 2011-06-01 | 中兴通讯股份有限公司 | Path identification system and secure interaction method thereof |
US7973607B1 (en) * | 2007-04-23 | 2011-07-05 | Emc Corporation | RTC circuit with time value adjustment |
CN102592064A (en) * | 2011-01-07 | 2012-07-18 | 深圳同方电子设备有限公司 | Dynamic crypto chip |
US8984316B2 (en) * | 2011-12-29 | 2015-03-17 | Intel Corporation | Fast platform hibernation and resumption of computing systems providing secure storage of context data |
US9187061B2 (en) * | 2013-10-18 | 2015-11-17 | GM Global Technology Operations LLC | Electronic device finder system |
CN105162808A (en) * | 2015-10-19 | 2015-12-16 | 成都卫士通信息产业股份有限公司 | Safety login method based on domestic cryptographic algorithm |
-
2017
- 2017-05-05 CN CN201710313308.5A patent/CN107105045B/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1275744A (en) * | 2000-07-20 | 2000-12-06 | 成都久力信息技术有限公司 | Computer applycation layer network safety control and management system and relative program method thereof |
CN1960363A (en) * | 2006-09-12 | 2007-05-09 | 北京飞天诚信科技有限公司 | Method and equipment for implementing remote updating information security devices through network |
US7973607B1 (en) * | 2007-04-23 | 2011-07-05 | Emc Corporation | RTC circuit with time value adjustment |
CN102081744A (en) * | 2009-11-30 | 2011-06-01 | 中兴通讯股份有限公司 | Path identification system and secure interaction method thereof |
CN102592064A (en) * | 2011-01-07 | 2012-07-18 | 深圳同方电子设备有限公司 | Dynamic crypto chip |
US8984316B2 (en) * | 2011-12-29 | 2015-03-17 | Intel Corporation | Fast platform hibernation and resumption of computing systems providing secure storage of context data |
US9187061B2 (en) * | 2013-10-18 | 2015-11-17 | GM Global Technology Operations LLC | Electronic device finder system |
CN105162808A (en) * | 2015-10-19 | 2015-12-16 | 成都卫士通信息产业股份有限公司 | Safety login method based on domestic cryptographic algorithm |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108306970A (en) * | 2018-02-02 | 2018-07-20 | 浙江德景电子科技有限公司 | A kind of download of firmware safety and calibration equipment and method based on safety chip |
CN108958779A (en) * | 2018-09-20 | 2018-12-07 | 广东美的暖通设备有限公司 | Firmware upgrade management method, device and computer readable storage medium |
CN114861165A (en) * | 2022-05-05 | 2022-08-05 | 成都秦川物联网科技股份有限公司 | LNG distributed energy remote authorization filling method and Internet of things system |
CN114861165B (en) * | 2022-05-05 | 2024-06-07 | 成都秦川物联网科技股份有限公司 | LNG distributed energy remote authorization filling method and Internet of things system |
CN116094730A (en) * | 2023-01-18 | 2023-05-09 | 中国第一汽车股份有限公司 | Vehicle ECU digital certificate application method and system |
Also Published As
Publication number | Publication date |
---|---|
CN107105045B (en) | 2020-05-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101183932B (en) | Security identification system of wireless application service and login and entry method thereof | |
CN102378171B (en) | Automatic authentication method and system thereof, Portal server, and RADIUS server | |
CN105391695B (en) | A kind of terminal registration method and method of calibration | |
CN107105045A (en) | A kind of convenient packaging process of Wired Security terminal firmware and system | |
CN107181795A (en) | A kind of convenient packaging process of wireless security terminal firmware and system | |
CN108416589A (en) | Connection method, system and the computer readable storage medium of block chain node | |
CN106161359A (en) | The method and device of certification user, the method and device of registration wearable device | |
CN107833317A (en) | Control of bluetooth access control system and method | |
CN103186850B (en) | For obtaining the method for evidence for payment, equipment and system | |
CN106785146A (en) | The charging method and system of the electric automobile charging pile with bluetooth | |
CN104320779A (en) | Near field communication authentication method based on U/SIM card authentication response and time-limited feedback | |
CN107484152A (en) | The management method and device of terminal applies | |
CN104283961A (en) | Community management cloud service integration platform and method | |
CN104424676A (en) | Identity information sending method, identity information sending device, access control card reader and access control system | |
CN104125230A (en) | Short message authentication service system and authentication method | |
CN108024243A (en) | A kind of eSIM is caught in Network Communication method and its system | |
CN105407479B (en) | A kind of information identifying method, info gateway, SIM card and system | |
CN106102062A (en) | A kind of public wireless network cut-in method and device | |
CN106899548A (en) | A kind of IP address modification method and device | |
CN109919614A (en) | A kind of method for protecting intelligent contract privacy using zero-knowledge proof in block chain | |
CN108632042A (en) | A kind of class AKA identity authorization systems and method based on pool of symmetric keys | |
CN106712939A (en) | Offline key transmission method and device | |
CN110224823A (en) | Substation's message safety protecting method, device, computer equipment and storage medium | |
CN101771696A (en) | Multi-layer data mapping authentication system | |
CN106982430A (en) | A kind of portal authentication method and system based on user's use habit |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |