CN109543392A - The method and unit of root shell are temporarily opened in a kind of embedded Linux equipment - Google Patents

The method and unit of root shell are temporarily opened in a kind of embedded Linux equipment Download PDF

Info

Publication number
CN109543392A
CN109543392A CN201811414275.4A CN201811414275A CN109543392A CN 109543392 A CN109543392 A CN 109543392A CN 201811414275 A CN201811414275 A CN 201811414275A CN 109543392 A CN109543392 A CN 109543392A
Authority
CN
China
Prior art keywords
equipment
hash value
embedded linux
root shell
license file
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201811414275.4A
Other languages
Chinese (zh)
Inventor
赵伟
黄章良
陶洋
陈小军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Lu Bangtong Networking Technology Co Ltd
Original Assignee
Guangzhou Lu Bangtong Networking Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Lu Bangtong Networking Technology Co Ltd filed Critical Guangzhou Lu Bangtong Networking Technology Co Ltd
Priority to CN201811414275.4A priority Critical patent/CN109543392A/en
Publication of CN109543392A publication Critical patent/CN109543392A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a kind of method for temporarily opening root shell in embedded Linux equipment, equipment manufacturer generates the public private key pair for signature authentication when producing embedded Linux equipment;The public key being stored in the embedded Linux equipment in public private key pair;Include the following steps: step 1: the first hash value is obtained by the SN code and hash function of embedded Linux equipment;Step 2: obtaining license file from equipment manufacturer, and the 2nd hash value is obtained by public key and license file;The 2nd hash value is that equipment manufacturer generates according to SN code and hash function, and generates license file using private key signature;Step 3: comparing the first hash value and whether the 2nd hash value is consistent, if so, temporarily open root shell permission;If it is not, not opening root shell permission then.The purpose of the present invention is to provide methods and unit that root shell is temporarily opened in a kind of embedded Linux equipment, this method is in not open root shell, by dynamically load portion license file, interim open root shell facilitates orientation problem or the secondary development of client.

Description

The method and unit of root shell are temporarily opened in a kind of embedded Linux equipment
Technical field
The present invention relates to field of communication technology, root is temporarily opened in specifically a kind of embedded Linux equipment The method and unit of shell.
Background technique
In current embedded Linux equipment, for root shell, there are two types of modes, and one is open root Shell, but the research staff of only producer knows, when research staff leaves office, it is possible to lead to root shell password Leakage, causes risk to equipment;Another kind is due to safety concerns, root shell not to be opened, in this case, if equipment It goes wrong or client wants to do secondary development in equipment, there will be bigger technology barriers.
Summary of the invention
The purpose of the present invention is to provide a kind of methods that root shell is temporarily opened in embedded Linux equipment, should Method is in not open root shell, and by dynamically load portion license file, interim open root shell is convenient The secondary development of orientation problem or client.
Specific technical solution of the invention are as follows: the side of root shell is temporarily opened in a kind of embedded Linux equipment Method, equipment manufacturer generate the public private key pair for signature authentication when producing embedded Linux equipment;Described is embedded The public key being stored in linux equipment in public private key pair;Include the following steps:
Step 1: the first hash value is obtained by the SN code and hash function of embedded Linux equipment;
Step 2: obtaining license file from equipment manufacturer, and obtain second by public key and license file Hash value;The 2nd hash value is that equipment manufacturer generates according to SN code and hash function, and is generated using private key signature License file;
Step 3: comparing the first hash value and whether the 2nd hash value is consistent, if so, temporarily open root shell power Limit;If it is not, not opening root shell permission then.
In the method for temporarily opening root shell in above-mentioned embedded Linux equipment, the hash function is SHA256。
In the method for temporarily opening root shell in above-mentioned embedded Linux equipment, the public key is stored in The OTP region of embedded Linux equipment.
In the method for temporarily opening root shell in above-mentioned embedded Linux equipment, the license file Generating mode are as follows:
Step 10: equipment manufacturer obtains the SN code of embedded Linux equipment, and is calculated second according to hash function Hash value;
Step 20: equipment manufacturer uses private key signature to the 2nd hash value, obtains license file.
Meanwhile the invention also discloses the units that root shell is temporarily opened in a kind of embedded Linux equipment, including Following module:
License module: for obtaining license file provided by equipment manufacturer;
First hash value generation module: SN code and hash function for passing through embedded Linux equipment obtain first Hash value;
2nd hash value obtains module: the license file for obtaining to license module is obtained by public key signature Obtain the 2nd hash value;
Comparison module: for the first hash value and the 2nd hash value to be compared;
Execution module: root shell permission is temporarily opened for determining whether according to the comparison result of comparison module.
Compared with prior art, the beneficial effects of the present invention are:
The present invention is in not open root shell, by dynamically load portion license file, temporarily opens root Shell facilitates orientation problem or the secondary development of client.
Detailed description of the invention
Fig. 1 is the flow chart of the embodiment of the present invention 1;
Fig. 2 is the structural block diagram of the embodiment of the present invention 2.
Specific embodiment
With reference to embodiment, technical solution of the present invention is described in further detail, but do not constituted pair Any restrictions of the invention.
Embodiment 1
As shown in Figure 1, a kind of method for temporarily opening root shell in embedded Linux equipment, equipment manufacturer exist The public private key pair for being used for signature authentication is generated when producing embedded Linux equipment;It is stored in the embedded Linux equipment Public key in public private key pair;In general, the OTP region of embedded Linux equipment will not be wiped free of to store the public key. This method includes the following steps:
Step 1: the first hash value is obtained by the SN code and hash function of embedded Linux equipment;
Hash function is SHA256, since SN code is all unique, generating first for any equipment Hash value is also unique.
Step 2: obtaining license file from equipment manufacturer, and obtain second by public key and license file Hash value;The 2nd hash value is that equipment manufacturer generates according to SN code and hash function, and is generated using private key signature License file;
Any third party or client can obtain in the case where equipment manufacturer agrees to from equipment manufacturer License file.It can sign to license file using with the matched public key of private key, signature can obtain after passing through The 2nd hash value in license file.
Equipment manufacturer has just made license file in process of production under normal circumstances;
Make the main method of license file are as follows:
Step 10: equipment manufacturer obtains the SN code of embedded Linux equipment, and is calculated second according to hash function Hash value;
Step 20: equipment manufacturer uses private key signature to the 2nd hash value, obtains license file.
Step 3: comparing the first hash value and whether the 2nd hash value is consistent, if so, temporarily open root shell power Limit;If it is not, not opening root shell permission then.
By the above method, if the third party or client will obtain root shell permission, as long as being produced from equipment License file is obtained at quotient.The interim opening of the permission of root shell may be implemented.
Embodiment 2
As shown in Fig. 2, temporarily opening the unit of root shell, including following module in a kind of embedded Linux equipment:
License module 1: for obtaining license file provided by equipment manufacturer;Equipment manufacturer's ordinary circumstance Under just made license file in process of production;Make the main method of license file are as follows:
Step 10: equipment manufacturer obtains the SN code of embedded Linux equipment, and is calculated according to hash function SHA256 To the 2nd hash value;
Step 20: equipment manufacturer uses private key signature to the 2nd hash value, obtains license file.
First hash value generation module 2: SN code and hash function SHA256 for passing through embedded Linux equipment obtain First hash value;
2nd hash value obtains module 3: the license file for obtaining to license module is obtained by public key signature Obtain the 2nd hash value;
Comparison module 4: for the first hash value and the 2nd hash value to be compared;
Execution module 5: root shell permission is temporarily opened for determining whether according to the comparison result of comparison module.
During obtaining temporary authority, third party or client and equipment manufacturer are agreed to by linking up, then License module 1 obtains license file, then obtains module 3 by the 2nd hash value and obtains the 2nd hash value;Pass through One hash value generation module 2 obtains the first hash value;The oneth hash value and the 2nd hash value are compared by comparison module 4 It is right, then decide whether open root shell permission according to result execution module 5.
Above-described is only presently preferred embodiments of the present invention, all made within the scope of the spirit and principles in the present invention What modifications, equivalent substitutions and improvements etc., should all be included in the protection scope of the present invention.

Claims (5)

1. a kind of method for temporarily opening root shell in embedded Linux equipment, equipment manufacturer is embedded in production The public private key pair for being used for signature authentication is generated when linux equipment;It is stored in public private key pair in the embedded Linux equipment Public key;It is characterized by comprising the following steps:
Step 1: the first hash value is obtained by the SN code and hash function of embedded Linux equipment;
Step 2: obtaining license file from equipment manufacturer, and the 2nd hash is obtained by public key and license file Value;The 2nd hash value is that equipment manufacturer generates according to SN code and hash function, and is generated using private key signature License file;
Step 3: comparing the first hash value and whether the 2nd hash value is consistent, if so, temporarily open root shell permission;If It is no, then do not open root shell permission.
2. the method for temporarily opening root shell in embedded Linux equipment according to claim 1, feature exist In the hash function is SHA256.
3. the method for temporarily opening root shell in embedded Linux equipment according to claim 2, feature exist In the public key is stored in the OTP region of embedded Linux equipment.
4. the method for temporarily opening root shell in embedded Linux equipment according to claim 3, feature exist In the generating mode of the license file are as follows:
Step 10: equipment manufacturer obtains the SN code of embedded Linux equipment, and the 2nd hash is calculated according to hash function Value;
Step 20: equipment manufacturer uses private key signature to the 2nd hash value, obtains license file.
5. temporarily opening the unit of root shell in a kind of embedded Linux equipment, which is characterized in that including following module:
License module: for obtaining license file provided by equipment manufacturer;
First hash value generation module: for the SN code and hash function the first hash value of acquisition by embedded Linux equipment;
2nd hash value obtains module: license file for obtaining to license module is by public key signature, acquisition the Two hash values;
Comparison module: for the first hash value and the 2nd hash value to be compared;
Execution module: root shell permission is temporarily opened for determining whether according to the comparison result of comparison module.
CN201811414275.4A 2018-11-26 2018-11-26 The method and unit of root shell are temporarily opened in a kind of embedded Linux equipment Pending CN109543392A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811414275.4A CN109543392A (en) 2018-11-26 2018-11-26 The method and unit of root shell are temporarily opened in a kind of embedded Linux equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811414275.4A CN109543392A (en) 2018-11-26 2018-11-26 The method and unit of root shell are temporarily opened in a kind of embedded Linux equipment

Publications (1)

Publication Number Publication Date
CN109543392A true CN109543392A (en) 2019-03-29

Family

ID=65849930

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811414275.4A Pending CN109543392A (en) 2018-11-26 2018-11-26 The method and unit of root shell are temporarily opened in a kind of embedded Linux equipment

Country Status (1)

Country Link
CN (1) CN109543392A (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101394280A (en) * 2008-10-30 2009-03-25 深圳华为通信技术有限公司 Mobile terminal and data service message protecting method
CN103152366A (en) * 2013-04-10 2013-06-12 珠海市魅族科技有限公司 Method, terminal and server for obtaining terminal authorization
CN103747028A (en) * 2013-11-27 2014-04-23 上海斐讯数据通信技术有限公司 Method for granting user temporary root authority
CN104394467A (en) * 2014-12-15 2015-03-04 珠海迈越信息技术有限公司 STB (set top box) application downloading method and STB
CN105868644A (en) * 2015-12-11 2016-08-17 乐视移动智能信息技术(北京)有限公司 Method and apparatus for controlling Root function of mobile terminal and mobile terminal
CN106169042A (en) * 2016-06-30 2016-11-30 北京壹人壹本信息科技有限公司 The method and device of administration authority
CN106407709A (en) * 2016-10-08 2017-02-15 杭州昕龙医疗科技有限公司 Method and system for generating reagent registration codes
CN107223328A (en) * 2017-04-12 2017-09-29 福建联迪商用设备有限公司 A kind of method and system of Root authority management and control

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101394280A (en) * 2008-10-30 2009-03-25 深圳华为通信技术有限公司 Mobile terminal and data service message protecting method
CN103152366A (en) * 2013-04-10 2013-06-12 珠海市魅族科技有限公司 Method, terminal and server for obtaining terminal authorization
CN103747028A (en) * 2013-11-27 2014-04-23 上海斐讯数据通信技术有限公司 Method for granting user temporary root authority
CN104394467A (en) * 2014-12-15 2015-03-04 珠海迈越信息技术有限公司 STB (set top box) application downloading method and STB
CN105868644A (en) * 2015-12-11 2016-08-17 乐视移动智能信息技术(北京)有限公司 Method and apparatus for controlling Root function of mobile terminal and mobile terminal
CN106169042A (en) * 2016-06-30 2016-11-30 北京壹人壹本信息科技有限公司 The method and device of administration authority
CN106407709A (en) * 2016-10-08 2017-02-15 杭州昕龙医疗科技有限公司 Method and system for generating reagent registration codes
CN107223328A (en) * 2017-04-12 2017-09-29 福建联迪商用设备有限公司 A kind of method and system of Root authority management and control

Similar Documents

Publication Publication Date Title
US8533482B2 (en) Method for generating a key pair and transmitting a public key or request file of a certificate in security
EP3665863A1 (en) System for secure storage of cryptographic keys
US8959357B2 (en) Biometric encryption and key generation
CN106156635A (en) Method for starting terminal and device
CN103559526A (en) Method and system for generation and verification of two-dimensional code
CN109245899B (en) Trust chain design method based on SM9 cryptographic algorithm
CN101964789B (en) Method and system for safely accessing protected resources
CN109922027B (en) Credible identity authentication method, terminal and storage medium
CN101160783A (en) Safety authentication system and method
CN108737391B (en) Method for quickly revoking identity of information service entity
WO2017076216A1 (en) Server, mobile terminal, and internet real name authentication system and method
WO2012040840A1 (en) A mechanism for managing authentication device lifecycles
CN108773743A (en) Authorization method, device, equipment and the storage medium of building hoist
CN105553667A (en) Dynamic password generating method
CN101958913A (en) Bidirectional ID (Identity) authentication method based on dynamic password and digital certificate
CN107634834A (en) A kind of trusted identity authentication method based on the more scenes in multiple terminals
CN110995410A (en) Method, device, equipment and medium for generating public key and private key
CN106936584A (en) A kind of building method without CertPubKey cryptographic system
CN109218025A (en) Method, safety device and security system
CN102404112A (en) Access authentication method for credible terminal
CN103888268B (en) A kind of handset earphone encrypted based on PUF authentications and information
CN109829329B (en) Method and device for decrypting electronic signature document, storage medium and electronic equipment
EP1703456A2 (en) Electronic value exchange system and electronic value exchange method
CN107733645B (en) Encrypted communication authentication method and system
CN104270754B (en) A kind of Subscriber Identity Module method for authenticating and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Address after: 511356 Room 501, building 2, No. 63, Yong'an Avenue, Huangpu District, Guangzhou, Guangdong

Applicant after: Guangzhou lubangtong Internet of things Technology Co.,Ltd.

Address before: 510653 3rd floor, building F, kehuiyuan, 95 Daguan Road, Tianhe District, Guangzhou City, Guangdong Province

Applicant before: GUANGZHOU ROBUSTEL TECHNOLOGIES Co.,Ltd.

RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20190329