CN109802929A - Client-side program upgrade method and computer readable storage medium based on dual system - Google Patents
Client-side program upgrade method and computer readable storage medium based on dual system Download PDFInfo
- Publication number
- CN109802929A CN109802929A CN201711146435.7A CN201711146435A CN109802929A CN 109802929 A CN109802929 A CN 109802929A CN 201711146435 A CN201711146435 A CN 201711146435A CN 109802929 A CN109802929 A CN 109802929A
- Authority
- CN
- China
- Prior art keywords
- client
- operating system
- secure operating
- data packet
- response data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Abstract
The invention discloses a kind of client-side program upgrade method and computer readable storage medium based on dual system, method includes: generation public private key pair, and private key is saved to remote server, and public key is saved to the secure operating system of local device;Client-side program is encrypted and signed using private key, obtains client ciphertext and client signature;Remote server sends the secure operating system of upgrade request to local device;Secure operating system generates response data packet, and response data packet is sent to remote server;If remote server is verified response data packet, client ciphertext and client signature are sent to secure operating system;If secure operating system passes through client ciphertext and client signature legitimate verification, the data of client-side program original in normal operating system are replaced with into client ciphertext and client signature.The invention can ensure that the legitimacy for the client-side program that local device receives.
Description
Technical field
The present invention relates to program upgrade technique field more particularly to a kind of client-side program upgrade methods based on dual system
And computer readable storage medium.
Background technique
ARM trustzone technology can be divided into arm processor two regions: safety zone and insecure area,
This region includes processor core and all inside and outside resources.Processor core is divided into safe kernel and non-security core, money
Source is divided into secure resources and non-secured resource, for example, can be set an external equipment be it is safe, when an equipment quilt
When being arranged to safe condition, the software that this equipment can only be safely handled device and operate on safe processor is accessed, and
This equipment can not be accessed in those non-security processor cores and the software operated on non-secure processor core.With this
Characteristic can be applied to trustzone technology need the scene of security isolation, the resource isolation on processor and processing at
Two worlds, a safer world, a non-security world run a secure operating system on safer world, non-security
A non-secure operating system is run in the world.
Resource isolation is carried out using trustzone technology on vehicle-mounted middle control screen, insecure area runs Android operation system
System, safety zone run a secure operating system.Android controls the relatively rich media application of screen offer in can guaranteeing,
Android is upper can be run from multi-party application program.Due to also needing to run some and information of vehicles safety on middle control screen
Relevant application, for example car speed is obtained, unlocking vehicle window, headlight and turn signal etc., these application programs are concerning vehicle
Safety, the application for being related to vehicle control is usually divided into two parts by illegal application program controlling vehicle in order to prevent
It is realized, a part is known as client-side program, and a part is known as serve end program, and client-side program operates in Android
System, serve end program operate in secure operating system, while the equipment connecting with vehicle, such as CAN bus equipment, setting
At safe condition, it can guarantee that the application on Android is that these safety equipments can not directly be accessed in this way.When
When client-side program on Android needs to control vehicle, need to connect upper serve end program first, and pass through serve end program
Authentication, after authentication, client-side program could send request, and remove control vehicle by serve end program.
Usual software is all to need to carry out promotion and demotion, and software upgrading mode universal at present is by wired or wireless network
The software that network updates needs from distal end using store it is locally downloading, this mode often to the software downloaded not into
Row authentication, any software may be all downloaded on local device, and software is caused to be updated the illusion completed, Ke Nengzhi
Start to this software and just finds that downloaded software is wrong when running.
Client-side program and serve end program are developed by depot or authorization third party manufacturer, may insure it in this way
The safety of legitimacy and safety, client-side program and serve end program concerning vehicle, it is necessary to assure the client run is soft
Part is legal, so must guarantee the legitimacy of this client software from client software downloading or renewal process.
Summary of the invention
The technical problems to be solved by the present invention are: provide it is a kind of by the client-side program upgrade method of dual system and based on
Calculation machine readable storage medium storing program for executing, it is ensured that the legitimacy for the client-side program that local device receives.
In order to solve the above-mentioned technical problem, a kind of the technical solution adopted by the present invention are as follows: client journey based on dual system
Sequence upgrade method, comprising:
Public private key pair is generated, private key is saved to remote server, public key is saved to the safety operation system of local device
System;
Client-side program is encrypted and signed using the private key, obtains client ciphertext and client signature;
Remote server sends the secure operating system of upgrade request to the local device;
Secure operating system generates response data packet according to the upgrade request, and the response data packet is sent to
Remote server;
If remote server is verified the response data packet, by the client ciphertext and client signature
It is sent to secure operating system;
Secure operating system carries out legitimate verification to the client ciphertext and client signature, if being verified,
The data of the client-side program original in normal operating system are replaced with into the client ciphertext and client signature.
The invention further relates to a kind of computer readable storage mediums, are stored thereon with computer program, and described program is located
Reason device performs the steps of when executing
Public private key pair is generated, private key is saved to remote server, public key is saved to the safety operation system of local device
System;
Client-side program is encrypted and signed using the private key, obtains client ciphertext and client signature;
Remote server sends the secure operating system of upgrade request to the local device;
Secure operating system generates response data packet according to the upgrade request, and the response data packet is sent to
Remote server;
If remote server is verified the response data packet, by the client ciphertext and client signature
It is sent to secure operating system;
Secure operating system carries out legitimate verification to the client ciphertext and client signature, if being verified,
The data of the client-side program original in normal operating system are replaced with into the client ciphertext and client signature.
The beneficial effects of the present invention are: remote server guarantees response data by verifying to response data packet
Packet is from legal local device;Local device according to receive client ciphertext and client signature to client-side program into
Row signature verification guarantees the legitimacy of client-side program received;Meanwhile the reception of upgrade request and testing for client-side program
Card is all completed in secure operating system, it is possible to reduce the interference from non-security aspect.The invention can ensure that local device connects
The legitimacy of the client-side program received overcomes and is likely to be received illegal software in escalation process and what cannot be perceived asks
Topic accomplishes to find prevention in time in time.
Detailed description of the invention
Fig. 1 is a kind of flow chart of the client-side program upgrade method based on dual system of the present invention;
Fig. 2 is the method flow diagram of the embodiment of the present invention one;
Fig. 3 is the upgrading schematic diagram of the dual system client-side program of the embodiment of the present invention two.
Specific embodiment
To explain the technical content, the achieved purpose and the effect of the present invention in detail, below in conjunction with embodiment and cooperate attached
Figure is explained in detail.
It is tested the most critical design of the present invention is: carrying out signature to the upgrading data received in secure operating system
Card.
Explanation of nouns:
CAN module: being a intelligent electric-controlled equipment to realization communication data forwarding between each electronic control unit of vehicle,
To make vehicle realize controlled vehicle-mounted electrical device regional network control system.In the present invention, CAN module can be dynamically set to
The CAN module of safety also can be set into common CAN module, and when being arranged to common CAN module, two operating systems are all
This accessible CAN module, when being arranged to safe CAN module, only this accessible CAN mould of secure operating system
Block.
Trust-server: security application service provides service for secure operating system, and secure operating system passes through
Trust-server application program can operate the resource under normal operating system, such as the file system of read-write Android.
Trust-driver: the communication drive module of secure operating system, for the communication driving with normal operating system
Module Normal-driver is communicated, and the data communication function of secure operating system and normal operating system is completed.
Normal-driver: it is corresponding with Trust-driver module, it is the communication drive module under normal operating system,
For carrying out data communication with secure operating system.
Referring to Fig. 1, a kind of client-side program upgrade method based on dual system, comprising:
Public private key pair is generated, private key is saved to remote server, public key is saved to the safety operation system of local device
System;
Client-side program is encrypted and signed using the private key, obtains client ciphertext and client signature;
Remote server sends the secure operating system of upgrade request to the local device;
Secure operating system generates response data packet according to the upgrade request, and the response data packet is sent to
Remote server;
If remote server is verified the response data packet, by the client ciphertext and client signature
It is sent to secure operating system;
Secure operating system carries out legitimate verification to the client ciphertext and client signature, if being verified,
The data of the client-side program original in normal operating system are replaced with into the client ciphertext and client signature.
As can be seen from the above description, the beneficial effects of the present invention are: the client-side program that certifiable local device receives
Legitimacy, overcome the problem of being likely to be received illegal software in escalation process and cannot perceiving, accomplish to find in time
Prevention in time.
Further, described " secure operating system that remote server sends upgrade request to the local device " is specific
Are as follows:
Remote server sends the CAN module of upgrade request to the local device;
If current CAN module is in a safe condition, the upgrade request is forwarded to secure operating system;
If current CAN module is in non-secure states, the upgrade request is forwarded to normal operating system;
The upgrade request is forwarded to secure operating system by normal operating system;
CAN module is set safe condition by secure operating system.
Seen from the above description, secure operating system is then notified when CAN module is in non-secure states, make safety operation
CAN module is set safe condition by system, guarantees the transmission of subsequent response data packet and upgrades the safety of the transmission of data
Property.
Further, described " secure operating system according to the upgrade request, to generate response data packet, and by the sound
Data packet is answered to be sent to remote server " specifically:
Secure operating system generates response data packet according to the upgrade request;
The response data packet is encrypted using public key, and encrypted response data packet is sent to remote service
Device.
Further, described " if remote server is verified the response data packet, the client is close
Text and client signature are sent to secure operating system " specifically:
Remote server is decrypted the encrypted response data packet using private key;
If successful decryption, the client ciphertext and client signature are sent to secure operating system.
Seen from the above description, by carrying out encrypted transmission to response data packet, guarantee transmission security;By to response
Verifying is decrypted in data packet, guarantees the legitimacy of local device.
Further, described " secure operating system carries out legitimate verification to the client ciphertext and client signature "
Specifically:
Secure operating system receives the client ciphertext and client signature;
The client ciphertext is decrypted using public key, obtains client in plain text;
Abstract operation is carried out in plain text to the client, the first obtained digest value;
The client signature is decrypted using public key, obtains the second digest value;
If first digest value is consistent with second digest value, decision verification passes through.
Seen from the above description, according to receive client ciphertext and client signature to client-side program carry out signature test
Card, guarantees the legitimacy of client-side program received.
The invention also provides a kind of computer readable storage mediums, are stored thereon with computer program, described program quilt
Processor performs the steps of when executing
Public private key pair is generated, private key is saved to remote server, public key is saved to the safety operation system of local device
System;
Client-side program is encrypted and signed using the private key, obtains client ciphertext and client signature;
Remote server sends the secure operating system of upgrade request to the local device;
Secure operating system generates response data packet according to the upgrade request, and the response data packet is sent to
Remote server;
If remote server is verified the response data packet, by the client ciphertext and client signature
It is sent to secure operating system;
Secure operating system carries out legitimate verification to the client ciphertext and client signature, if being verified,
The data of the client-side program original in normal operating system are replaced with into the client ciphertext and client signature.
Further, described " secure operating system that remote server sends upgrade request to the local device " is specific
Are as follows:
Remote server sends the CAN module of upgrade request to the local device;
If current CAN module is in a safe condition, the upgrade request is forwarded to secure operating system;
If current CAN module is in non-secure states, the upgrade request is forwarded to normal operating system;
The upgrade request is forwarded to secure operating system by normal operating system;
CAN module is set safe condition by secure operating system.
Further, described " secure operating system according to the upgrade request, to generate response data packet, and by the sound
Data packet is answered to be sent to remote server " specifically:
Secure operating system generates response data packet according to the upgrade request;
The response data packet is encrypted using public key, and encrypted response data packet is sent to remote service
Device.
Further, described " if remote server is verified the response data packet, the client is close
Text and client signature are sent to secure operating system " specifically:
Remote server is decrypted the encrypted response data packet using private key;
If successful decryption, the client ciphertext and client signature are sent to secure operating system.
Further, described " secure operating system carries out legitimate verification to the client ciphertext and client signature "
Specifically:
Secure operating system receives the client ciphertext and client signature;
The client ciphertext is decrypted using public key, obtains client in plain text;
Abstract operation is carried out in plain text to the client, the first obtained digest value;
The client signature is decrypted using public key, obtains the second digest value;
If first digest value is consistent with second digest value, decision verification passes through.
Embodiment one
Referring to figure 2., the embodiment of the present invention one are as follows: a kind of client-side program upgrade method based on dual system, we
Method is based on trustzone technology, can be applied to include the following steps: the program upgrading in car-mounted terminal
S1: public private key pair is generated, private key is saved to remote server, public key is saved to the safety operation of local device
System;
S2: client-side program is encrypted and is signed using the private key, obtains client ciphertext and client signature;
Specifically, the private key, which encrypts client-side program, obtains client ciphertext;With hash algorithm to client-side program into
Row Hash operation can generate the numeric string of a regular length, referred to as digest value, then be added with private key to this digest value
It is close to get arrive client signature.
S3: remote server sends the secure operating system of upgrade request to the local device.
Specifically, remote server sends the CAN module of upgrade request to the local device;If at current CAN module
In safe condition, then the upgrade request is forwarded to secure operating system.If current CAN module is in non-secure states,
The upgrade request is forwarded to normal operating system;The upgrade request is forwarded to safety operation system by normal operating system
System;CAN module is set safe condition by secure operating system.
S4: secure operating system generates response data packet according to the upgrade request, and the response data packet is sent
To remote server;Further, secure operating system encrypts the response data packet using public key, and will be after encryption
Response data packet be sent to remote server.Further, encrypted response data packet is passed through into the CAN under safe condition
Module is sent to remote server.
S5: judge that remote server verifies whether to pass through to the response data packet, if so, thening follow the steps S6.Into
One step, remote server is decrypted the encrypted response data packet using private key, if successful decryption, judgement is tested
Card passes through.
S6: the client ciphertext and client signature are sent to secure operating system;
S7: secure operating system carries out legitimate verification to the client ciphertext and client signature, judges whether to test
Card passes through, if so, S8 is thened follow the steps, if it is not, then determining upgrading failure.
Specifically, after secure operating system receives the client ciphertext and client signature, first using public key to described
Client ciphertext is decrypted, and it is bright to obtain client, then carries out abstract operation in plain text to the client, first obtained is plucked
It is worth, it is consistent with the hash algorithm in step S2 calculates abstract operation used by digest value at this time.Then using public key to institute
It states client signature to be decrypted, obtains the second digest value.If the first digest value is consistent with the second digest value, then it represents that receive
To client-side program be it is legal, decision verification passes through.
S8: the data of the client-side program original in normal operating system are replaced with into the client ciphertext and visitor
Family end signature.Specifically, notify the trust-server service routine of normal operating system the client ciphertext that receives and
Client signature is loaded under file directory/data/ca of normal operating system, replaces original client ciphertext and client
Signature.
In the present embodiment, remote server guarantees response data packet from conjunction by verifying to response data packet
The local device of method;Local device according to receive client ciphertext and client signature to client-side program carry out signature test
Card, guarantees the legitimacy of client-side program received;Meanwhile response data and liter between remote server and local device
The transmitting and receiving of grade data is all completed by the CAN module under safe condition, the reception of upgrade request and testing for client-side program
Card is all completed in secure operating system, it is possible to reduce the interference from non-security aspect.The invention can ensure that local device connects
The legitimacy of the client-side program received overcomes and is likely to be received illegal software in escalation process and what cannot be perceived asks
Topic accomplishes to find prevention in time in time.
Embodiment two
The present embodiment is a concrete application scene of embodiment one.
Fig. 3 is the upgrading schematic diagram of the dual system client-side program of the present embodiment, including local device and remote server,
Local device uses trustzone technology, has secure operating system and normal operating system.
Wherein, local device refers to the equipment where the client that needs update;Remote server refers to storage client software
The server of upgrade package stores the signature for passing through encrypted client-side program He this client on this server,
Encrypted client-side program and signature can be sent to local device by remote server when update.
A CAN module is equipped in local device, CAN module can be dynamically set to common CAN module, can also be with
It is arranged to safe CAN module, when being arranged to common CAN module, two operating systems can access this CAN module,
When being arranged to safe CAN module, only this accessible CAN module of secure operating system.
Respectively there is a CAN data processing module in normal operating system and secure operating system.CAN in normal operating system
Data packet is sent to normal operations for receiving CAN data packet of the processing from common CAN module by data processing module 1
The corresponding module of system handles CAN data by CAN data processing module 1 when CAN module is in non-secure states.Safety behaviour
Make CAN data processing module 2 in system and be used to receive the CAN data packet from safe CAN module, and packet delivery to peace
The corresponding module of full operation system handles CAN data by CAN data processing module 2 when CAN module is in a safe condition.
Upgraded module in secure operating system makes for receiving the upgrading data packet from CAN data processing module
With the public key verifications client software being stored in secure operating system, client software is sent to commonly again after being verified
Operating system.
File system/data/ca in normal operating system is for storing client software.
Further, remote server is communicated to connect by go-between and local device.Go-between can be vehicle-mounted
Gateway tbox can be issued to the data of remote server by CAN network between remote server and CAN network
Local device.
Specific step is as follows:
1, before equipment factory, a public private key pair is first generated, private key is saved by remote server, and public key is protected by local device
It deposits;
2, the client-side program CA that needs update is stored in remote server, and with private key encryption at client ciphertext
CA*, and generate signature;
3, remote server sends the CAN data packet of request upgrading CA by CAN network;
If 4, current CAN module is in non-secure states, this CAN data packet can be connect by CAN data processing module 1
It receives, then CAN data processing module 1 forwards the data to trust-server, enters step 5;If current CAN device is in
Safe condition is then directly transferred to step 7.
5, trust-server receives the CAN data packet of the forwarding of CAN data processing module 1, notes that safe behaviour
There is client upgrade request as system, enters step 6.
6, secure operating system notifies upgraded module, upgraded module that CAN module is arranged to safe condition.
7, upgraded module generates a response data packet, and for notifying remote server, expression is currently set this data packet
It is standby to have been prepared for can receive upgrading data, it needs using the public key in equipment before sending this response data packet to this number
It is encrypted according to packet, then this encrypted response data packet is being sent by safe CAN module.
8, remote server receives encrypted response data packet, is just decrypted using private key, confirms this response
Data packet just passes through upgrading data (client ciphertext CA* and signature that step 2 generates) from legal safety equipment
CAN network is sent to the secure operating system of local device.
9, after the CAN data processing module 2 of secure operating system receives upgrading data, upgrading mould is distributed data to
Block.
10, upgraded module receives client ciphertext CA* and signature, after receiving complete client ciphertext CA* and signature, rises
The legitimacy of grade module verification client-side program CA.
11, after verifying client-side program CA is legal, upgraded module passes through the trust-server program of normal operating system
Corresponding CA* and signature under CA* and signature replacement data/tee/ catalogue.
The present embodiment passes through the safe CAN network of secure operating system, wraps first from distal end downloading client update to this
The secure operating system on ground, secure operating system are legal according to the client data and signature verification client-side program received
Property, only client is by signature verification, then client more new procedures are sent to normal operating system by secure operating system
Client directory under.Received data packet and verify data are all completed in secure operating system, it is possible to reduce from non-security
The interference of aspect, this mode can guarantee the client software that local device receives be it is legal, overcome and upgrading
It is likely to be received illegal software in journey and cannot perceive, accomplishes to find prevention in time in time.
Embodiment three
The present embodiment is a kind of computer readable storage medium of corresponding above-described embodiment, is stored thereon with computer journey
Sequence performs the steps of when described program is executed by processor
Public private key pair is generated, private key is saved to remote server, public key is saved to the safety operation system of local device
System;
Client-side program is encrypted and signed using the private key, obtains client ciphertext and client signature;
Remote server sends the secure operating system of upgrade request to the local device;
Secure operating system generates response data packet according to the upgrade request, and the response data packet is sent to
Remote server;
If remote server is verified the response data packet, by the client ciphertext and client signature
It is sent to secure operating system;
Secure operating system carries out legitimate verification to the client ciphertext and client signature, if being verified,
The data of the client-side program original in normal operating system are replaced with into the client ciphertext and client signature.
Further, described " secure operating system that remote server sends upgrade request to the local device " is specific
Are as follows:
Remote server sends the CAN module of upgrade request to the local device;
If current CAN module is in a safe condition, the upgrade request is forwarded to secure operating system;
If current CAN module is in non-secure states, the upgrade request is forwarded to normal operating system;
The upgrade request is forwarded to secure operating system by normal operating system;
CAN module is set safe condition by secure operating system.
Further, described " secure operating system according to the upgrade request, to generate response data packet, and by the sound
Data packet is answered to be sent to remote server " specifically:
Secure operating system generates response data packet according to the upgrade request;
The response data packet is encrypted using public key, and encrypted response data packet is sent to remote service
Device.
Further, described " if remote server is verified the response data packet, the client is close
Text and client signature are sent to secure operating system " specifically:
Remote server is decrypted the encrypted response data packet using private key;
If successful decryption, the client ciphertext and client signature are sent to secure operating system.
Further, described " secure operating system carries out legitimate verification to the client ciphertext and client signature "
Specifically:
Secure operating system receives the client ciphertext and client signature;
The client ciphertext is decrypted using public key, obtains client in plain text;
Abstract operation is carried out in plain text to the client, the first obtained digest value;
The client signature is decrypted using public key, obtains the second digest value;
If first digest value is consistent with second digest value, decision verification passes through.
In conclusion a kind of client-side program upgrade method based on dual system provided by the invention and computer-readable depositing
Storage media, remote server guarantee response data packet from legal local device by verifying to response data packet;
Local device carries out signature verification to client-side program according to receiving client ciphertext and client signature, guarantees to receive
The legitimacy of client-side program;Meanwhile the reception of upgrade request and the verifying of client-side program are complete all in secure operating system
At, it is possible to reduce the interference from non-security aspect.The invention can ensure that the client-side program that local device receives is legal
Property, the problem of being likely to be received illegal software in escalation process and cannot perceiving is overcome, accomplishes to find in time anti-in time
Model.
The above description is only an embodiment of the present invention, is not intended to limit the scope of the invention, all to utilize this hair
Equivalents made by bright specification and accompanying drawing content are applied directly or indirectly in relevant technical field, similarly include
In scope of patent protection of the invention.
Claims (10)
1. a kind of client-side program upgrade method based on dual system characterized by comprising
Public private key pair is generated, private key is saved to remote server, public key is saved to the secure operating system of local device;
Client-side program is encrypted and signed using the private key, obtains client ciphertext and client signature;
Remote server sends the secure operating system of upgrade request to the local device;
Secure operating system generates response data packet according to the upgrade request, and the response data packet is sent to distal end
Server;
If remote server is verified the response data packet, the client ciphertext and client signature are sent
To secure operating system;
Secure operating system carries out legitimate verification to the client ciphertext and client signature will be general if being verified
The data of the original client-side program replace with the client ciphertext and client signature in logical operating system.
2. the client-side program upgrade method according to claim 1 based on dual system, which is characterized in that " the distal end
Server sends the secure operating system of upgrade request to the local device " specifically:
Remote server sends the CAN module of upgrade request to the local device;
If current CAN module is in a safe condition, the upgrade request is forwarded to secure operating system;
If current CAN module is in non-secure states, the upgrade request is forwarded to normal operating system;
The upgrade request is forwarded to secure operating system by normal operating system;
CAN module is set safe condition by secure operating system.
3. the client-side program upgrade method according to claim 1 based on dual system, which is characterized in that " the safety
Operating system generates response data packet according to the upgrade request, and the response data packet is sent to remote server " tool
Body are as follows:
Secure operating system generates response data packet according to the upgrade request;
The response data packet is encrypted using public key, and encrypted response data packet is sent to remote server.
4. the client-side program upgrade method according to claim 3 based on dual system, which is characterized in that described " if remote
End server is verified the response data packet, then the client ciphertext and client signature is sent to safe behaviour
Make system " specifically:
Remote server is decrypted the encrypted response data packet using private key;
If successful decryption, the client ciphertext and client signature are sent to secure operating system.
5. the client-side program upgrade method according to claim 1 based on dual system, which is characterized in that " the safety
Operating system carries out legitimate verification to the client ciphertext and client signature " specifically:
Secure operating system receives the client ciphertext and client signature;
The client ciphertext is decrypted using public key, obtains client in plain text;
Abstract operation is carried out in plain text to the client, the first obtained digest value;
The client signature is decrypted using public key, obtains the second digest value;
If first digest value is consistent with second digest value, decision verification passes through.
6. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that described program is by processor
It is performed the steps of when execution
Public private key pair is generated, private key is saved to remote server, public key is saved to the secure operating system of local device;
Client-side program is encrypted and signed using the private key, obtains client ciphertext and client signature;
Remote server sends the secure operating system of upgrade request to the local device;
Secure operating system generates response data packet according to the upgrade request, and the response data packet is sent to distal end
Server;
If remote server is verified the response data packet, the client ciphertext and client signature are sent
To secure operating system;
Secure operating system carries out legitimate verification to the client ciphertext and client signature will be general if being verified
The data of the original client-side program replace with the client ciphertext and client signature in logical operating system.
7. computer readable storage medium according to claim 6, which is characterized in that described " remote server, which is sent, to be risen
Grade is requested to the secure operating system of the local device " specifically:
Remote server sends the CAN module of upgrade request to the local device;
If current CAN module is in a safe condition, the upgrade request is forwarded to secure operating system;
If current CAN module is in non-secure states, the upgrade request is forwarded to normal operating system;
The upgrade request is forwarded to secure operating system by normal operating system;
CAN module is set safe condition by secure operating system.
8. computer readable storage medium according to claim 6, which is characterized in that it is described " secure operating system according to
The upgrade request generates response data packet, and the response data packet is sent to remote server " specifically:
Secure operating system generates response data packet according to the upgrade request;
The response data packet is encrypted using public key, and encrypted response data packet is sent to remote server.
9. computer readable storage medium according to claim 8, which is characterized in that described " if remote server is to institute
Being verified for response data packet is stated, then the client ciphertext and client signature are sent to secure operating system " it is specific
Are as follows:
Remote server is decrypted the encrypted response data packet using private key;
If successful decryption, the client ciphertext and client signature are sent to secure operating system.
10. computer readable storage medium according to claim 6, which is characterized in that described " secure operating system is to institute
State client ciphertext and client signature carry out legitimate verification " specifically:
Secure operating system receives the client ciphertext and client signature;
The client ciphertext is decrypted using public key, obtains client in plain text;
Abstract operation is carried out in plain text to the client, the first obtained digest value;
The client signature is decrypted using public key, obtains the second digest value;
If first digest value is consistent with second digest value, decision verification passes through.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711146435.7A CN109802929B (en) | 2017-11-17 | 2017-11-17 | Client program upgrading method based on dual systems and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711146435.7A CN109802929B (en) | 2017-11-17 | 2017-11-17 | Client program upgrading method based on dual systems and computer readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109802929A true CN109802929A (en) | 2019-05-24 |
| CN109802929B CN109802929B (en) | 2022-09-30 |
Family
ID=66556008
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711146435.7A Active CN109802929B (en) | 2017-11-17 | 2017-11-17 | Client program upgrading method based on dual systems and computer readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109802929B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111427609A (en) * | 2020-04-01 | 2020-07-17 | 山东汇贸电子口岸有限公司 | Automatic application upgrading method based on multi-node server |
| CN111756714A (en) * | 2020-06-15 | 2020-10-09 | 国家计算机网络与信息安全管理中心 | Flow replay type test method and test engine for industrial control protocol |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103714459A (en) * | 2013-12-26 | 2014-04-09 | 电子科技大学 | Secure payment system and method of intelligent terminal |
| CN105260663A (en) * | 2015-09-15 | 2016-01-20 | 中国科学院信息工程研究所 | Secure storage service system and method based on TrustZone technology |
| CN105900104A (en) * | 2014-01-06 | 2016-08-24 | 苹果公司 | Applet migration in a secure element |
| WO2016168487A1 (en) * | 2015-04-14 | 2016-10-20 | Gigavation, Inc. | Paravirtualized security threat protection of a computer-driven system with networked devices |
| WO2017021738A1 (en) * | 2015-08-06 | 2017-02-09 | De La Rue International Limited | Puf based mobile user passport identification system and method |
| CN106599697A (en) * | 2016-11-30 | 2017-04-26 | 北京三未信安科技发展有限公司 | Method and system for safe upgrade of programs in PCI password card |
| CN106648626A (en) * | 2016-11-29 | 2017-05-10 | 郑州信大捷安信息技术股份有限公司 | Secure remote upgrade system and upgrade method for vehicles |
-
2017
- 2017-11-17 CN CN201711146435.7A patent/CN109802929B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103714459A (en) * | 2013-12-26 | 2014-04-09 | 电子科技大学 | Secure payment system and method of intelligent terminal |
| CN105900104A (en) * | 2014-01-06 | 2016-08-24 | 苹果公司 | Applet migration in a secure element |
| WO2016168487A1 (en) * | 2015-04-14 | 2016-10-20 | Gigavation, Inc. | Paravirtualized security threat protection of a computer-driven system with networked devices |
| WO2017021738A1 (en) * | 2015-08-06 | 2017-02-09 | De La Rue International Limited | Puf based mobile user passport identification system and method |
| CN105260663A (en) * | 2015-09-15 | 2016-01-20 | 中国科学院信息工程研究所 | Secure storage service system and method based on TrustZone technology |
| CN106648626A (en) * | 2016-11-29 | 2017-05-10 | 郑州信大捷安信息技术股份有限公司 | Secure remote upgrade system and upgrade method for vehicles |
| CN106599697A (en) * | 2016-11-30 | 2017-04-26 | 北京三未信安科技发展有限公司 | Method and system for safe upgrade of programs in PCI password card |
Non-Patent Citations (1)
| Title |
|---|
| SE WON KIM ET AL.: "Secure Device Access for Automotive Software", 《2013 INTERNATIONAL CONFERENCE ON CONNECTED VEHICLES AND EXPO》 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111427609A (en) * | 2020-04-01 | 2020-07-17 | 山东汇贸电子口岸有限公司 | Automatic application upgrading method based on multi-node server |
| CN111756714A (en) * | 2020-06-15 | 2020-10-09 | 国家计算机网络与信息安全管理中心 | Flow replay type test method and test engine for industrial control protocol |
| CN111756714B (en) * | 2020-06-15 | 2022-05-20 | 国家计算机网络与信息安全管理中心 | Flow replay type test method and test engine for industrial control protocol |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109802929B (en) | 2022-09-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107919955B (en) | Vehicle network security authentication method, system, vehicle, device and medium | |
| CN110708388B (en) | Vehicle body safety anchor node device, method and network system for providing safety service | |
| CN103166759B (en) | Use the method and apparatus downloaded for secure firmware of diagnosis link connector (DLC) and ONSTAR system | |
| JP5900007B2 (en) | VEHICLE DATA COMMUNICATION AUTHENTICATION SYSTEM AND VEHICLE GATEWAY DEVICE | |
| CN102413224B (en) | Methods, systems and equipment for binding and running security digital card | |
| CN112543927B (en) | Equipment upgrading method and related equipment | |
| CN110109443B (en) | Safe communication method and device for vehicle diagnosis, storage medium and equipment | |
| KR20200135775A (en) | Secure communication between electronic control units in the vehicle | |
| WO2015080108A1 (en) | Program update system and program update method | |
| CN110621014B (en) | Vehicle-mounted equipment, program upgrading method thereof and server | |
| CN107743067B (en) | Method, system, terminal and storage medium for issuing digital certificate | |
| CN110891257B (en) | Internet-connected vehicle remote upgrading system and method with anti-attack bidirectional authentication | |
| CN105978917A (en) | System and method for trusted application security authentication | |
| CN104904156B (en) | Authentication apparatus, authentication processing system and authentication method | |
| CN110768938A (en) | Vehicle safety communication method and device | |
| CN113596009A (en) | Zero trust access method, system, zero trust security proxy, terminal and medium | |
| CN113645590A (en) | Method, apparatus, device and medium for remotely controlling vehicle based on encryption algorithm | |
| CN109802929A (en) | Client-side program upgrade method and computer readable storage medium based on dual system | |
| CN111565182A (en) | Vehicle diagnosis method and device and storage medium | |
| CN109451504A (en) | Internet of Things mould group method for authenticating and system | |
| CN106096336B (en) | Software anti-crack method and system | |
| CN111104655B (en) | BMC login method and related device | |
| CN113766450A (en) | Vehicle virtual key sharing method, mobile terminal, server and vehicle | |
| JP6343928B2 (en) | Portable terminal, authentication system, authentication method, and authentication program | |
| CN115495123A (en) | Flash method and system of hardware security module |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |