CN107105045B - Convenient filling method and system for wired security terminal firmware - Google Patents

Convenient filling method and system for wired security terminal firmware Download PDF

Info

Publication number
CN107105045B
CN107105045B CN201710313308.5A CN201710313308A CN107105045B CN 107105045 B CN107105045 B CN 107105045B CN 201710313308 A CN201710313308 A CN 201710313308A CN 107105045 B CN107105045 B CN 107105045B
Authority
CN
China
Prior art keywords
filling
platform
firmware
terminal
safety terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710313308.5A
Other languages
Chinese (zh)
Other versions
CN107105045A (en
Inventor
胡灿峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hengonda Technology Co ltd
Original Assignee
Hengonda Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hengonda Technology Co ltd filed Critical Hengonda Technology Co ltd
Priority to CN201710313308.5A priority Critical patent/CN107105045B/en
Publication of CN107105045A publication Critical patent/CN107105045A/en
Application granted granted Critical
Publication of CN107105045B publication Critical patent/CN107105045B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/02Standardisation; Integration
    • H04L41/0246Exchanging or transporting network management information using the Internet; Embedding network management web servers in network elements; Web-services-based protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0806Configuration setting for initial configuration or provisioning, e.g. plug-and-play
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/108Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps

Abstract

The invention provides a convenient filling method of a wired safety terminal firmware, which comprises the steps of obtaining a safety terminal production serial number list or a list of the firmware to be filled, importing the list into a file management server, and setting corresponding filling configuration information; the safety terminal is connected to the filling platform through a local interface of the front server and downloads the identity authentication core mechanism code; the safety terminal operates an identity authentication core mechanism code, then performs identity verification with the filling platform, and downloads a firmware file after the verification is passed; after the firmware file is downloaded, the safety terminal checks the integrity of the filling file, performs filling and replies a filling result; the invention also provides a convenient filling system for the wired safety terminal firmware; the efficiency, the security and the convenience of firmware filling are improved.

Description

Convenient filling method and system for wired security terminal firmware
Technical Field
The invention relates to a convenient filling method and a convenient filling system for a wired safety terminal firmware.
Background
With the large-scale development of intelligent security equipment, the embedded intelligent security terminals (such as intelligent POS terminals) which are applied to multiple business channels and have the same hardware model are often required to provide different embedded firmware to meet the requirements of customers aiming at different business channel applications (such as different application scenes of customized firmware of a business recruitment bank, UnionPay business, fast money payment and the like); meanwhile, in order to enable the end user to obtain the terminal device for use, the customization of the firmware is often completed in the production link.
In order to ensure the correctness of filling of each customized firmware in the production process, most enterprises mainly adopt a production management method with higher manual participation degree in the batch manufacturing process at present. Such as: in the production process of the intelligent POS terminal, information such as software firmware files, filling configuration lists and the like is manually transmitted or transmitted through a production information management system by means of a management process, and firmware downloading is carried out in a filling mode. Although the method is applied to most enterprises for years, the responsible person can be clearly found in each management and control link, and a mature abnormal guarantee mechanism exists, the number of interfaces connected with the safety terminal is small, so that the overall filling efficiency is low, and the production cost is high.
Disclosure of Invention
The invention aims to provide a method and a system for conveniently filling a firmware of a wired security terminal, which improve the efficiency, safety and convenience of firmware filling.
One of the present invention is realized by: a convenient filling method of wired safety terminal firmware is used for filling the firmware of a safety terminal, and comprises a filling platform and at least one front server, wherein the front server is provided with a local interface and is connected to the filling platform through a network, and the method specifically comprises the following steps:
step 1, acquiring a safety terminal production serial number list or a list of firmware to be filled, importing the list into a file management server, and setting corresponding filling configuration information;
step 2, the security terminal is connected to the filling platform through a local interface of the front server, and an identity authentication core mechanism code is downloaded;
step 3, the safety terminal operates an identity authentication core mechanism code, then performs identity verification with the filling platform, and downloads a firmware file after the verification is passed;
and 4, after the firmware file is downloaded, the safety terminal checks the integrity of the filling file, performs filling and replies a filling result.
Further, the step 1 is further specifically: acquiring a safety terminal production serial number list or a list of firmware to be filled, importing the list into a file management server, and setting corresponding filling configuration information; the filling platform is provided with an encryption chip, and the filling platform generates a whole group of keys required by each safety terminal in the filling process and places the keys to the encryption chip.
Further, the keys are all encrypted.
Further, a step 11 of sending a connection request to the filling platform by the safety terminal is also arranged between the step 1 and the step 2; the method comprises the steps that the filling platform sets accurate RTC time, when the production debugging of the safety terminal is finished, the current RTC time is synchronously configured, the current RTC time is used as a random key, and a terminal hardware serial number is a fixed key, so that encryption transmission is carried out; after receiving the encrypted data, the filling platform decrypts the data according to the algorithm, calculates RTC time transmitted by the security terminal, compares the RTC time with RTC time of the current platform, if the difference is within a limited time period, considers that the current filling request is legal and effective, and enters step 2; otherwise, the security terminal is not allowed to be connected to the filling platform through the local interface of the front server.
Further, the authentication with the filling platform in step 3 is further specifically: when the safety terminal initiates a request for the first time, the filling platform carries out identity verification of the safety terminal; if the verification fails, the filling platform does not respond to the access request of the security terminal;
meanwhile, when the security terminal initiates a first request, a random data string is generated and uploaded to the filling platform, and the filling platform encrypts the random string according to a limited encryption algorithm and replies the random string to the security terminal; and when the security terminal receives the request reply, verifying whether the encrypted data is matched, if not, determining that the platform is illegal, and not accepting the subsequent control and transmission requirements of the platform.
Further, the method also comprises a step 5 of counting the successful filling quantity by the filling platform and generating a report.
The second invention is realized by the following steps: the utility model provides a convenient filling system of wired safety terminal firmware for the firmware filling of safety terminal, includes a filling platform, still includes an at least leading server, leading server is equipped with local interface, leading server passes through network connection to the filling platform specifically includes following module:
the preparation module is used for acquiring a safety terminal production serial number list or a list of firmware to be filled, importing the list into the file management server and setting corresponding filling configuration information;
the safety terminal is connected to the filling platform through a local interface of the front-end server and downloads the code of the identity authentication and authentication core mechanism;
downloading a firmware module, operating an identity authentication core mechanism code by the security terminal, then carrying out identity verification with the filling platform, and downloading a firmware file after the verification is passed;
and after the firmware file is downloaded, the safety terminal verifies the integrity of the filling file, performs filling and replies a filling result.
Further, the preparation module is further specifically: acquiring a safety terminal production serial number list or a list of firmware to be filled, importing the list into a file management server, and setting corresponding filling configuration information; the filling platform is provided with an encryption chip, and the filling platform generates a whole group of keys required by each safety terminal in the filling process and places the keys to the encryption chip.
Further, the keys are all encrypted.
Furthermore, a verification module is arranged between the preparation module and the code downloading module, and the safety terminal sends a connection request to the filling platform; the method comprises the steps that the filling platform sets accurate RTC time, when the production debugging of the safety terminal is finished, the current RTC time is synchronously configured, the current RTC time is used as a random key, and a terminal hardware serial number is a fixed key, so that encryption transmission is carried out; after receiving the encrypted data, the filling platform decrypts the data according to the algorithm, calculates RTC time transmitted by the security terminal, compares the RTC time with RTC time of the current platform, and if the difference is within a limited time period, considers that the current filling request is legal and effective, and enters a code downloading module; otherwise, the security terminal is not allowed to be connected to the filling platform through the local interface of the front server.
Further, the identity verification between the firmware downloading module and the filling platform is further specifically that: when the safety terminal initiates a request for the first time, the filling platform carries out identity verification of the safety terminal; if the verification fails, the filling platform does not respond to the access request of the security terminal;
meanwhile, when the security terminal initiates a first request, a random data string is generated and uploaded to the filling platform, and the filling platform encrypts the random string according to a limited encryption algorithm and replies the random string to the security terminal; and when the security terminal receives the request reply, verifying whether the encrypted data is matched, if not, determining that the platform is illegal, and not accepting the subsequent control and transmission requirements of the platform.
Further, the filling platform also comprises a report module, and the filling platform counts the number of successful filling and generates a report.
The invention has the following advantages:
1. according to the method and the system for conveniently filling the firmware of the wired safety terminal, disclosed by the invention, the firmware filling system is based on an IPV4 remote network transmission mode, and a WEB management platform with good human-computer interaction experience is adopted, so that the production automation can be realized to a great extent, and the labor cost in the batch manufacturing process is reduced; the method comprises the following steps that 1-2 minutes per unit of firmware files with the size of 2Mbytes are reduced from 3-5 minutes per unit of original average filling working hour, and the working hour efficiency is improved by more than 50%;
2. the security terminal and the filling platform adopt a bidirectional authentication identity verification technology, so that the invasion of an illegal platform and an illegal terminal can be effectively prevented, and illegal firmware is prevented from being maliciously filled in the security terminal equipment;
3. the key communication interaction between the security terminal and the filling platform adopts a special hardware server to separate out core security information, thereby reducing the personnel security requirements of a non-core security research and development team and being more beneficial to the management of the research and development team;
4. the safety terminal and the filling platform are used as the basic random numbers for synchronizing the two parties based on the time information, the traditional low-safety application situation depending on a fixed key synchronization mechanism is changed, and the safety level of the system is further improved.
Drawings
The invention will be further described with reference to the following examples with reference to the accompanying drawings.
Fig. 1 is a flowchart of a method for conveniently filling a firmware in a wired security terminal according to the present invention.
Fig. 2 is a schematic block diagram of a convenient firmware filling system for a wired security terminal according to the present invention.
FIG. 3 is a schematic diagram of an embodiment of the present invention.
Detailed Description
As shown in fig. 1, the method for conveniently filling a firmware in a wireless security terminal of the present invention is used for filling a firmware in a security terminal, and includes a filling platform and at least one front server, where the front server is provided with a local interface and is connected to the filling platform through a network, and specifically includes the following steps:
step 1, acquiring a safety terminal production serial number list or a list of firmware to be filled, importing the list into a file management server, and setting corresponding filling configuration information; the filling platform is provided with an encryption chip, the filling platform generates a whole group of keys required by each safety terminal in the filling process, and the keys are placed on the encryption chip and are all encrypted;
step 11, the safety terminal sends a connection request to the filling platform; the method comprises the steps that the filling platform sets accurate RTC time, when the production debugging of the safety terminal is finished, the current RTC time is synchronously configured, the current RTC time is used as a random key, and a terminal hardware serial number is a fixed key, so that encryption transmission is carried out; after receiving the encrypted data, the filling platform decrypts the data according to the algorithm, calculates RTC time transmitted by the security terminal, compares the RTC time with RTC time of the current platform, if the difference is within a limited time period, considers that the current filling request is legal and effective, and enters step 2; otherwise, the security terminal is not allowed to be connected to the filling platform through the local interface of the front server;
step 2, the security terminal is connected to the filling platform through a local interface of the front server, and an identity authentication core mechanism code is downloaded;
step 3, the safety terminal operates an identity authentication core mechanism code, then performs identity verification with the filling platform, and downloads a firmware file after the verification is passed;
the identity verification with the filling platform further specifically comprises: when the safety terminal initiates a request for the first time, the filling platform carries out identity verification of the safety terminal; if the verification fails, the filling platform does not respond to the access request of the security terminal;
meanwhile, when the security terminal initiates a first request, a random data string is generated and uploaded to the filling platform, and the filling platform encrypts the random string according to a limited encryption algorithm and replies the random string to the security terminal; when the security terminal receives the request reply, verifying whether the encrypted data is matched, if not, determining that the platform is illegal, and not accepting the subsequent control and transmission requirements of the platform;
step 4, after the firmware file is downloaded, the safety terminal checks the integrity of the filling file, performs filling and replies a filling result;
and 5, counting the successful filling quantity by the filling platform and generating a report.
As shown in fig. 2, the convenient filling system for firmware of a wireless security terminal of the present invention is used for filling firmware of a security terminal, and includes a filling platform and at least one front server, where the front server is provided with a local interface, and the front server is connected to the filling platform through a network, and specifically includes the following modules:
the preparation module is used for acquiring a safety terminal production serial number list or a list of firmware to be filled, importing the list into the file management server and setting corresponding filling configuration information; the filling platform is provided with an encryption chip, the filling platform generates a whole group of keys required by each safety terminal in the filling process, and the keys are placed on the encryption chip and are all encrypted;
the verification module and the safety terminal send connection requests to the filling platform; the method comprises the steps that the filling platform sets accurate RTC time, when the production debugging of the safety terminal is finished, the current RTC time is synchronously configured, the current RTC time is used as a random key, and a terminal hardware serial number is a fixed key, so that encryption transmission is carried out; after receiving the encrypted data, the filling platform decrypts the data according to the algorithm, calculates RTC time transmitted by the security terminal, compares the RTC time with RTC time of the current platform, and if the difference is within a limited time period, considers that the current filling request is legal and effective, and enters a code downloading module; otherwise, the security terminal is not allowed to be connected to the filling platform through the local interface of the front server
The safety terminal is connected to the filling platform through a local interface of the front-end server and downloads the code of the identity authentication and authentication core mechanism;
downloading a firmware module, operating an identity authentication core mechanism code by the security terminal, then performing identity verification with the filling platform, and downloading a firmware file after the verification is passed, wherein the further specific step of performing identity verification with the filling platform is as follows: when the safety terminal initiates a request for the first time, the filling platform carries out identity verification of the safety terminal; if the verification fails, the filling platform does not respond to the access request of the security terminal;
meanwhile, when the security terminal initiates a first request, a random data string is generated and uploaded to the filling platform, and the filling platform encrypts the random string according to a limited encryption algorithm and replies the random string to the security terminal; when the security terminal receives the request reply, verifying whether the encrypted data is matched, if not, determining that the platform is illegal, and not accepting the subsequent control and transmission requirements of the platform;
after the firmware file is downloaded, the safety terminal verifies the integrity of the filling file, performs filling and replies a filling result;
and the report module is used for counting the successful filling quantity by the filling platform and generating a report.
One specific embodiment of the present invention: as shown in fig. 3, the filling system is integrally composed of a safety terminal for filling the firmware and a filling platform for providing the firmware filling service.
In the aspect of communication interaction, the safety terminal and the filling platform adopt a physical transmission mode mainly based on Ethernet transmission, the whole system platform can realize unified and centralized deployment of the filling platform, the safety terminals are produced in a scattered mode, and the safety management level of the controlled files is improved. Aiming at some safety terminals which are not directly provided with Ethernet communication interfaces, distributed service software for converting short-distance communication (such as USB, RS232, RS485 and WiFi) into Ethernet can be deployed in a field production environment, and full-automatic distribution and filling of firmware files are realized.
(1) The filling platform comprises an access distribution server, a file management server, a WEB management server and the like.
A. The access distribution server mainly undertakes the functions of data communication and reception, data encryption and decryption, security terminal access identity authentication, firmware file data downlink transmission and the like with the security terminal. The data encryption and decryption of the filling platform are realized by a special hardware encryption module, the data encryption and decryption module is matched with a key storage core of the security terminal, and a consistent key system and an encryption algorithm are agreed to realize communication intercommunication and effective communication authentication of the bottom layer.
The identity authentication module undertakes a bidirectional authentication mechanism of the whole system, the filling platform and the safety terminal agree to use time information as synchronous basic random numbers, the fixed secret key of the traditional mode is avoided being used as basic data of identity authentication, and the risk of information leakage of the system is reduced. Meanwhile, in order to ensure the confidentiality of the identity authentication mechanism and reduce the management requirement of technical safety disclosure, the identity authentication related software module of the safety terminal adopts a hexadecimal executable code of the core safety mechanism issued by the filling platform and then adopts dynamic loading operation by the safety terminal, so that the identity docking with the filling platform is realized, and the confidentiality of the core safety mechanism is improved.
B. The file management server mainly realizes the operations of adding, deleting and modifying various firmware files applied by the multi-service channel and the matching corresponding relation between the firmware files and the hardware serial number, the service channel application and the like of the security terminal. The hardware serial number is generated by a security terminal physical module through a certain regular algorithm, and uniqueness in the whole system is ensured to be used as a unique interactive index taking the security terminal as a control target.
C. The WEB management server provides a hardware serial number (which can generate production information of a unique interaction index) of the intelligent security terminal at a data import port of the filling platform, and through visual page operation, the firmware file applied by the multi-service channel is accurately filled conveniently in a man-machine interaction mode.
The main flow is described in summary as follows:
A. outputting a safety terminal production serial number list or a list (the list comprises a service channel application type, firmware file information and the like) of firmware to be filled, leading the list into a server of a filling system by a system manager through a WEB management page, and setting corresponding filling configuration information;
B. the production site simply configures the server address and the terminal local IP address of the filling platform through the initialization operation interface of the safety terminal according to the production characteristics of the safety terminal, accesses the filling system and automatically starts filling and downloading;
C. entering an automatic filling and downloading process, completing the process in a full automation way, and comprising fixed key downloading, access identity verification, time information synchronization and confirmation, dynamic downloading and loading operation of an identity authentication core mechanism code, bidirectional identity authentication verification, firmware file segmented downloading and the like;
D. after the firmware file is downloaded, the safety terminal automatically checks the integrity of the filling file and replies a filling result;
E. and the filling platform counts the successful filling quantity, generates a report and can be used for production, sales and management.
3. Technical description of several key modules:
(1) time information-based basic verification information for synchronization of safety terminal and filling platform
The filling platform sets up accurate RTC time, if: 2017041112: 00:00, accurate to seconds; when the production debugging of the safety terminal is finished, the current RTC time is synchronously configured before the software is automatically filled.
The method comprises the steps that automatic filling downloading is started, a safety terminal is connected with a hardware encryption server of a filling platform, after downloading of a fixed secret key is completed, the safety terminal initiates an automatic filling request, current RTC time is used as a random secret key, a terminal hardware serial number is the fixed secret key, after a financial-level safety encryption algorithm (encryption transmission) is adopted, the filling platform receives encrypted data, decryption is carried out according to the algorithm, the RTC time transmitted by the safety terminal is calculated and compared with the RTC time of the current platform, if the difference is within a certain time period (such as 5 minutes), the current filling request is considered to be legal and effective, and automatic filling downloading is allowed.
(2) The core security mechanism is issued by the filling platform, and the security terminal dynamically loads and runs the core code
The core security mechanism is realized by adopting the compiling of an embedded C language and respectively compiling into binary files which can be loaded and operated by the security terminal, when the security terminal starts a filling firmware downloading request, the filling platform issues the request according to the equipment type, and then the request is loaded into the memory by the security terminal to operate.
(3) The safety terminal and the filling platform need both-party identity verification
The safety terminal and the filling platform adopt a bidirectional identity authentication mechanism, and when the safety terminal initiates a filling request for the first time, the filling platform performs identity verification of the safety terminal; and once the verification fails, the filling platform does not respond to the access request of the security terminal any more, and an alarm is given on a WEB page of the platform. Meanwhile, when the security terminal initiates a first request, a random data string is generated and uploaded to the filling platform, and the filling platform encrypts the random string according to the encryption algorithm of the security terminal and replies the random string to the security terminal; and when the security terminal receives the request reply, verifying whether the encrypted data is matched, if not, determining that the platform is illegal, and not accepting the subsequent control and transmission requirements of the platform.
(4) The key communication interaction of the security terminal and the filling platform adopts a special hardware encryption module (encryption chip)
The related fixed keys (a terminal group key) of the security terminal and the filling platform are stored and managed by a hardware encryption module. After the production of the general semi-finished product is finished, when the safety terminal is guided into the filling system through the WEB management platform, the filling system automatically generates a whole group of keys required by each safety terminal in the filling process, places the keys on a special and independent encryption server, and stores all the keys in an encrypted manner.
When the security terminal initiates a filling request, automatically downloading the corresponding whole group of key data to the server so as to facilitate the following data communication and interaction; and when the filling platform receives and verifies the data, the hardware encryption server is read in real time, and the corresponding key data of the corresponding hardware equipment number is obtained for encryption and decryption calculation.
(5) The distributed network deployment mode can be further adopted, and the filling efficiency is improved
Aiming at the part of safety terminal equipment without an Ethernet port or a Wi-Fi interface, the safety terminal equipment only has local interfaces such as RS232 and USB, a front-end server with the interfaces such as the Ethernet port and RS232/USB is deployed at the front end of the safety terminal access, data transmission and distribution software for converting the Ethernet to the RS232/USB is installed, finally the safety terminal is connected with the front-end server in an RS232/USB interface mode, and the front-end server is accessed to a filling platform in an Ethernet mode.
Although specific embodiments of the invention have been described above, it will be understood by those skilled in the art that the specific embodiments described are illustrative only and are not limiting upon the scope of the invention, and that equivalent modifications and variations can be made by those skilled in the art without departing from the spirit of the invention, which is to be limited only by the appended claims.

Claims (10)

1. A convenient filling method of a wired safety terminal firmware is used for filling the firmware of a safety terminal, and comprises a filling platform, and is characterized in that: the filling platform further comprises at least one front server, wherein the front server is provided with a local interface and is connected to the filling platform through a network, and the filling platform specifically comprises the following steps:
step 1, acquiring a safety terminal production serial number list or a list of firmware to be filled, importing the list into a file management server, and setting corresponding filling configuration information;
step 11, the safety terminal sends a connection request to the filling platform; the method comprises the steps that the filling platform sets accurate RTC time, when the production debugging of the safety terminal is finished, the current RTC time is synchronously configured, the current RTC time is used as a random key, and a terminal hardware serial number is a fixed key, so that encryption transmission is carried out; after receiving the encrypted data, the filling platform decrypts the data according to the algorithm, calculates RTC time transmitted by the security terminal, compares the RTC time with RTC time of the current platform, if the difference is within a limited time period, considers that the current filling request is legal and effective, and enters step 2; otherwise, the security terminal is not allowed to be connected to the filling platform through the local interface of the front server;
step 2, the security terminal is connected to the filling platform through a local interface of the front server, and an identity authentication core mechanism code is downloaded;
step 3, the safety terminal operates an identity authentication core mechanism code, then performs identity verification with the filling platform, and downloads a firmware file after the verification is passed;
and 4, after the firmware file is downloaded, the safety terminal checks the integrity of the filling file, performs filling and replies a filling result.
2. The convenient filling method of the firmware of the wired safety terminal according to claim 1, wherein the method comprises the following steps: the step 1 is further specifically as follows: acquiring a safety terminal production serial number list or a list of firmware to be filled, importing the list into a file management server, and setting corresponding filling configuration information; the filling platform is provided with an encryption chip, and the filling platform generates a whole group of keys required by each safety terminal in the filling process and places the keys to the encryption chip.
3. The convenient filling method of the firmware of the wired safety terminal as claimed in claim 2, wherein: all the keys are encrypted.
4. The convenient filling method of the firmware of the wired safety terminal as claimed in claim 1, wherein: the step 3 of performing identity verification with the filling platform further specifically comprises the following steps: when the safety terminal initiates a request for the first time, the filling platform carries out identity verification of the safety terminal; if the verification fails, the filling platform does not respond to the access request of the security terminal;
meanwhile, when the security terminal initiates a first request, a random data string is generated and uploaded to the filling platform, and the filling platform encrypts the random string according to a limited encryption algorithm and replies the random string to the security terminal; and when the security terminal receives the request reply, verifying whether the encrypted data is matched, if not, determining that the platform is illegal, and not accepting the subsequent control and transmission requirements of the platform.
5. The convenient filling method of the firmware of the wired safety terminal as claimed in claim 1, wherein: and 5, counting the successful filling quantity by the filling platform and generating a report.
6. The utility model provides a convenient filling system of wired safety terminal firmware for the firmware filling of safety terminal, includes a filling platform, its characterized in that: still include an at least leading server, leading server is equipped with local interface, leading server passes through network connection to the filling platform specifically includes following module:
the preparation module is used for acquiring a safety terminal production serial number list or a list of firmware to be filled, importing the list into the file management server and setting corresponding filling configuration information;
the verification module and the safety terminal send connection requests to the filling platform; the method comprises the steps that the filling platform sets accurate RTC time, when the production debugging of the safety terminal is finished, the current RTC time is synchronously configured, the current RTC time is used as a random key, and a terminal hardware serial number is a fixed key, so that encryption transmission is carried out; after receiving the encrypted data, the filling platform decrypts the data according to the algorithm, calculates RTC time transmitted by the security terminal, compares the RTC time with RTC time of the current platform, and if the difference is within a limited time period, considers that the current filling request is legal and effective, and enters a code downloading module; otherwise, the security terminal is not allowed to be connected to the filling platform through the local interface of the front server;
the safety terminal is connected to the filling platform through a local interface of the front-end server and downloads the code of the identity authentication and authentication core mechanism;
downloading a firmware module, operating an identity authentication core mechanism code by the security terminal, then carrying out identity verification with the filling platform, and downloading a firmware file after the verification is passed;
and after the firmware file is downloaded, the safety terminal verifies the integrity of the filling file, performs filling and replies a filling result.
7. The convenient filling system of wired safety terminal firmware according to claim 6, wherein: the preparation module is further specifically: acquiring a safety terminal production serial number list or a list of firmware to be filled, importing the list into a file management server, and setting corresponding filling configuration information; the filling platform is provided with an encryption chip, and the filling platform generates a whole group of keys required by each safety terminal in the filling process and places the keys to the encryption chip.
8. The convenient filling system of wired safety terminal firmware of claim 7, wherein: all the keys are encrypted.
9. The convenient filling system of wired safety terminal firmware of claim 6, wherein: the downloading firmware module and the filling platform are subjected to identity verification, and the method further comprises the following steps: when the safety terminal initiates a request for the first time, the filling platform carries out identity verification of the safety terminal; if the verification fails, the filling platform does not respond to the access request of the security terminal;
meanwhile, when the security terminal initiates a first request, a random data string is generated and uploaded to the filling platform, and the filling platform encrypts the random string according to a limited encryption algorithm and replies the random string to the security terminal; and when the security terminal receives the request reply, verifying whether the encrypted data is matched, if not, determining that the platform is illegal, and not accepting the subsequent control and transmission requirements of the platform.
10. The convenient filling system of wired safety terminal firmware of claim 6, wherein: the filling platform also comprises a report module, and the filling platform counts the number of successful filling and generates a report.
CN201710313308.5A 2017-05-05 2017-05-05 Convenient filling method and system for wired security terminal firmware Active CN107105045B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710313308.5A CN107105045B (en) 2017-05-05 2017-05-05 Convenient filling method and system for wired security terminal firmware

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710313308.5A CN107105045B (en) 2017-05-05 2017-05-05 Convenient filling method and system for wired security terminal firmware

Publications (2)

Publication Number Publication Date
CN107105045A CN107105045A (en) 2017-08-29
CN107105045B true CN107105045B (en) 2020-05-05

Family

ID=59657586

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710313308.5A Active CN107105045B (en) 2017-05-05 2017-05-05 Convenient filling method and system for wired security terminal firmware

Country Status (1)

Country Link
CN (1) CN107105045B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108306970A (en) * 2018-02-02 2018-07-20 浙江德景电子科技有限公司 A kind of download of firmware safety and calibration equipment and method based on safety chip
CN108958779A (en) * 2018-09-20 2018-12-07 广东美的暖通设备有限公司 Firmware upgrade management method, device and computer readable storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102081744A (en) * 2009-11-30 2011-06-01 中兴通讯股份有限公司 Path identification system and secure interaction method thereof
US7973607B1 (en) * 2007-04-23 2011-07-05 Emc Corporation RTC circuit with time value adjustment
US8984316B2 (en) * 2011-12-29 2015-03-17 Intel Corporation Fast platform hibernation and resumption of computing systems providing secure storage of context data
US9187061B2 (en) * 2013-10-18 2015-11-17 GM Global Technology Operations LLC Electronic device finder system

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1141653C (en) * 2000-07-20 2004-03-10 成都久力信息技术有限公司 Computer applycation layer network safety control and management system and relative program method thereof
CN1960363B (en) * 2006-09-12 2011-01-19 北京飞天诚信科技有限公司 Method and equipment for implementing remote updating information security devices through network
CN102592064A (en) * 2011-01-07 2012-07-18 深圳同方电子设备有限公司 Dynamic crypto chip
CN105162808B (en) * 2015-10-19 2019-09-06 成都卫士通信息产业股份有限公司 A kind of safe login method based on national secret algorithm

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7973607B1 (en) * 2007-04-23 2011-07-05 Emc Corporation RTC circuit with time value adjustment
CN102081744A (en) * 2009-11-30 2011-06-01 中兴通讯股份有限公司 Path identification system and secure interaction method thereof
US8984316B2 (en) * 2011-12-29 2015-03-17 Intel Corporation Fast platform hibernation and resumption of computing systems providing secure storage of context data
US9187061B2 (en) * 2013-10-18 2015-11-17 GM Global Technology Operations LLC Electronic device finder system

Also Published As

Publication number Publication date
CN107105045A (en) 2017-08-29

Similar Documents

Publication Publication Date Title
CN111737724B (en) Data processing method and device, intelligent equipment and storage medium
CN110601853B (en) Block chain private key generation method and equipment
US11431670B2 (en) Method for processing cloud service in cloud system, apparatus, and device
CN102546601B (en) The servicing unit of cloud computing terminal for accessing virtual machine
CN109460966A (en) Contract signing method, apparatus and terminal device based on requesting party's classification
CN103595718A (en) POS terminal and method, system and service platform for activating same
CN104506487B (en) The credible execution method of privacy policy under cloud environment
CN109005220B (en) Service implementation method of Internet of things terminal and Internet of things access gateway
CN103714636A (en) Method and operating terminal for collecting and uploading data of transmission keys in batch
CN113691597A (en) Block chain contract deployment method, device, equipment and storage medium
CN105186690B (en) Relay protection device constant value remote operation method
CN107181795B (en) Convenient filling method and system for wireless security terminal firmware
CN103685244A (en) Differentiated authentication method and differentiated authentication device
CN103957580A (en) Rapid WIFI networking matching method and module for smart hardware
CN104580246B (en) Dynamic and intelligent safe key is produced and managing and control system and method under WiFi environment
CN104125230A (en) Short message authentication service system and authentication method
CN110866265A (en) Data storage method, device and storage medium based on block chain
CN107105045B (en) Convenient filling method and system for wired security terminal firmware
CN106790138A (en) A kind of method of government affairs cloud application User logs in double factor checking
CN107749854A (en) Client-based single-point logging method and system
CN113542242B (en) Equipment management method and equipment management device
CN111339141A (en) Data transmission method, block link node equipment and medium
CN107231245B (en) Method and device for reporting monitoring log, and method and device for processing monitoring log
CN110266653A (en) A kind of method for authenticating, system and terminal device
CN102299945A (en) Gateway configuration page registration method, system thereof and portal certificate server

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant