CN110134424A - Firmware upgrade method and system, server, smart machine, readable storage medium storing program for executing - Google Patents

Firmware upgrade method and system, server, smart machine, readable storage medium storing program for executing Download PDF

Info

Publication number
CN110134424A
CN110134424A CN201910410888.9A CN201910410888A CN110134424A CN 110134424 A CN110134424 A CN 110134424A CN 201910410888 A CN201910410888 A CN 201910410888A CN 110134424 A CN110134424 A CN 110134424A
Authority
CN
China
Prior art keywords
data
information
smart machine
packet
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910410888.9A
Other languages
Chinese (zh)
Other versions
CN110134424B (en
Inventor
陈诚
赵启山
陈光胜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Eastsoft Microelectronics Co Ltd
Original Assignee
Shanghai Eastsoft Microelectronics Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Eastsoft Microelectronics Co Ltd filed Critical Shanghai Eastsoft Microelectronics Co Ltd
Priority to CN201910410888.9A priority Critical patent/CN110134424B/en
Publication of CN110134424A publication Critical patent/CN110134424A/en
Application granted granted Critical
Publication of CN110134424B publication Critical patent/CN110134424B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates
    • G06F8/654Updates using techniques specially adapted for alterable solid state memories, e.g. for EEPROM or flash memories
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/70Software maintenance or management
    • G06F8/71Version control; Configuration management

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Stored Programmes (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

A kind of firmware upgrade method and system, server, smart machine, readable storage medium storing program for executing, the firmware upgrade method, include: to be split the corresponding data of target firmware, obtains N number of data segment, there are one-to-one integrity verification information for each data segment;Each data segment and corresponding integrity verification information are formed into a data packet respectively, and encrypted using each data packet of packet key pair, N number of encrypted packet is obtained;Wherein, there is one-to-one packet key in each data packet;The corresponding data information of the target firmware is sent to smart machine, the data information includes: the version information of the target firmware capacity, the number N of encrypted packet and the target firmware;After the feedback information for receiving the successful reception data information that the smart machine is sent, Xiang Suoshu smart machine sends N number of encrypted packet.Using the above scheme, it can be improved the long-range safety for carrying out data transmission when firmware upgrade.

Description

Firmware upgrade method and system, server, smart machine, readable storage medium storing program for executing
Technical field
The present invention relates to firmware upgrade technical field more particularly to a kind of firmware upgrade method and system, server, intelligence Equipment, readable storage medium storing program for executing.
Background technique
Currently, embedded intelligent equipment has been widely used, application scenarios are also more complicated and changeable.In some applied fields Under scape, there is the demand that firmware upgrade is carried out to the fixer system of smart machine.
Traditional firmware updating is all that scene updates firmware, i.e. engineer carries out firmware update to hardware at the scene.It is this existing Field update mode has not adapted to the requirement of social productive forces development because of low efficiency at high cost.
Currently, more and more smart machines or the upgrading of hardware supported remote online, i.e. smart machine or hardware are from trend The server in cloud requests firmware updating.This long-range carry out firmware upgrade mode be not necessarily to user's operation or intervention, to user with It is convenient to have come.But the data transmission security of above-mentioned remote upgrade mode is lower.
Summary of the invention
Present invention solves the technical problem that data transmission security is lower when being long-range progress firmware upgrade.
In order to solve the above technical problems, the embodiment of the present invention provides a kind of firmware upgrade method, comprising: by target firmware pair The data answered are split, and obtain N number of data segment, there are one-to-one integrity verification information for each data segment;Point Each data segment and the corresponding integrity verification information data packet is not formed into, and each using packet key pair The data packet is encrypted, and N number of encrypted packet is obtained;Wherein, each data packet exists one-to-one described Packet key;The corresponding data information of the target firmware is sent to smart machine, the data information includes: the target firmware The version information of capacity, the number N of the encrypted packet and the target firmware;It is sent receiving the smart machine The successful reception data information feedback information after, Xiang Suoshu smart machine sends N number of encrypted packet.
Optionally, it is described the corresponding data of target firmware are split before, further includes: to the smart machine into Row certification.
Optionally, described that the smart machine is authenticated, comprising: to receive the first encryption that the smart machine is sent Data, first encryption data be the smart machine using the second public key to the first signed data, the first random number and The identification information of the smart machine is encrypted to obtain, and first signed data is that the smart machine uses the first private key Information relevant to current firmware is signed to obtain;First encryption data is decrypted using the second private key, is obtained The identification information and first signed data of the smart machine are taken, second private key is corresponding with second public key;Root The first public key that the smart machine is obtained according to the identification information of the smart machine, using first public key to described first Signed data is verified;After being proved to be successful to first signed data, using second private key to described first with Machine number, first signed data be proved to be successful information and server relevant information is signed to obtain the second number of signature According to;Second signed data and the second random number are encrypted using first public key, obtain the second encryption data, and Second encryption data is sent to the smart machine;So that the smart machine is using first private key to described the Two encryption datas are decrypted, and obtain second random number and second signed data, and use second public key Second signed data is verified;It receives the smart machine and information is proved to be successful to second signed data Afterwards, the certification to the smart machine is completed.
Optionally, it is described the corresponding data of target firmware are split before, further includes: with the smart machine into Row key agreement counts according to the first secret information, default random number and the first counter and generates the packet key;Wherein, First secret information is generated according to the first public key of the second private key and the smart machine.
Optionally, described to be encrypted using each data packet of packet key pair, comprising: using the packet key and base Each data packet is encrypted in symmetric encipherment algorithm.
Optionally, described in the feedback information for receiving the successful reception data information that the smart machine is sent Afterwards, Xiang Suoshu smart machine sends N number of encrypted packet, comprising: connects receiving the success that the smart machine is sent After the feedback information for receiving the data information, Xiang Suoshu smart machine sends the 1st encrypted packet;It is described receiving After the feedback information that i-th of encrypted packet of smart machine feedback is properly received, Xiang Suoshu smart machine sends i-th + 1 encrypted packet, wherein 1≤i≤N-1.
Optionally, described to be split the corresponding data of target firmware, obtain N number of data segment, comprising: by the target The corresponding data of firmware carry out average segmentation, obtain the identical data segment of N number of size.
Optionally, the integrity verification information is cryptographic Hash, and the cryptographic Hash is generated according to each data segment.
The embodiment of the present invention also provides another firmware upgrade method, comprising: the corresponding data information of target firmware is received, The data information is generated by server, comprising: the number N and the target of the target firmware capacity, encrypted packet The version information of firmware, wherein N is the number of the corresponding encrypted packet of the target firmware, and the server will be described The corresponding data of target firmware are split, and obtain N number of data segment, there are one-to-one integralities to test for each data segment Information is demonstrate,proved, each data segment and the corresponding integrity verification information are formed into a data packet respectively, and using packet The each data packet of key pair is encrypted, and N number of encrypted packet is obtained;Wherein, each data packet exists one by one The corresponding packet key;After being successfully received the data information, the transmission of Xiang Suoshu server has been properly received the number It is believed that the feedback information of breath, so that the server after the feedback information for receiving the data information, is sent out to smart machine Send N number of encrypted packet;Receive N number of encrypted packet.
Optionally, before receiving the corresponding data information of target firmware, further includes: authenticated to the server.
Optionally, described that the server is authenticated, comprising: using the second public key to the first signed data, first The identification information of random number and smart machine is encrypted to obtain the first encryption data, and first encryption data is sent To the server, first signed data is sign using the first private key pair information relevant to current firmware It arrives;So that after the server receives first encryption data, using the second private key corresponding with second public key First encryption data is decrypted, the identification information and first signed data of the smart machine are obtained, according to The identification information of the smart machine obtains the first public key of the smart machine, using first public key to first label Name data are verified;Receive the second encryption data;Second encryption data is the server to first number of signature After being proved to be successful, the second signed data and the second random number are encrypted to obtain using first public key, wherein described Second signed data is that the server tests first random number, first signed data using second private key Card successful information and server relevant information are signed to obtain;Using first private key to second encryption data into Row decryption obtains second random number and second signed data, and using second public key to second label Name data are verified, after being proved to be successful to second signed data, the second signature described in Xiang Suoshu server feedback Data are proved to be successful information, so that the server receives being proved to be successful after information of second signed data, it is complete The certification of the pairs of server.
Optionally, it is described reception server send the corresponding data information of target firmware before, further includes: with it is described Server carries out key agreement, counts according to the second secret information, default random number and the second counter and generates the Bao Mi The corresponding decruption key of key;Wherein, second secret information is raw according to the second public key of the first private key and the server At.
The embodiment of the present invention also provides a kind of server, comprising: cutting unit, be suitable for by the corresponding data of target firmware into Row segmentation, obtains N number of data segment, there are one-to-one integrity verification information for each data segment;Encryption unit is suitable for Each data segment and the corresponding integrity verification information are formed into a data packet respectively, and every using packet key pair A data packet is encrypted, and N number of encrypted packet is obtained;Wherein, there is one-to-one institute in each data packet State packet key;First transmission unit sends the corresponding data information of the target firmware, the data packets to smart machine It includes: the version information of the target firmware capacity, the number N of the encrypted packet and the target firmware;And it is connecing Receive after the smart machine is properly received the feedback information of the data information, Xiang Suoshu smart machine send it is N number of described plus Ciphertext data packet.
Optionally, the server further include: the first authentication unit, suitable for being authenticated to the smart machine.
Optionally, first authentication unit, the first encryption data sent suitable for receiving the smart machine, described the One encryption data is that the smart machine uses the second public key to the first signed data, the first random number and the smart machine Identification information encrypted to obtain, first signed data be the smart machine use the first private key pair and current firmware Relevant information is signed to obtain;First encryption data is decrypted using the second private key, the intelligence is obtained and sets Standby identification information and first signed data, second private key are corresponding with second public key;It is set according to the intelligence Standby identification information obtains the first public key of the smart machine, is carried out using first public key to first signed data Verifying;After being proved to be successful to first signed data, using second private key to first random number, described first Signed data be proved to be successful information and server relevant information is signed to obtain the second signed data;Using described first Public key encrypts second signed data and the second random number, obtains the second encryption data, and described second is encrypted Data are sent to the smart machine;So that the smart machine carries out second encryption data using first private key Decryption obtains second random number and second signed data, and using second public key to second signature Data are verified;Receive the smart machine to second signed data be proved to be successful information after, complete with it is described The certification of smart machine.
Optionally, the server further include: the first negotiation element, suitable for being divided by the corresponding data of target firmware Before cutting, key agreement is carried out with the smart machine, according to the first secret information, default random number and the first counter counts Number generates the packet key;Wherein, first secret information is according to the second private key and the first public key of the smart machine It generates.
Optionally, the encryption unit is suitable for using the packet key and based on symmetric encipherment algorithm to each number It is encrypted according to packet.
Optionally, first transmission unit, suitable in the successful reception number for receiving the smart machine transmission It is believed that Xiang Suoshu smart machine sends the 1st encrypted packet after the feedback information of breath;And receiving the intelligence After the feedback information that i-th of encrypted packet of equipment feedback is properly received, Xiang Suoshu smart machine sends i+1 The encrypted packet, wherein 1≤i≤N-1.
Optionally, the cutting unit obtains N number of suitable for the corresponding data of the target firmware are carried out average segmentation The identical data segment of size.
Optionally, the integrity verification information is cryptographic Hash, and the cryptographic Hash is generated according to each data segment.
The embodiment of the present invention also provides a kind of smart machine, comprising: the first receiving unit, suitable for receiving server transmission The corresponding data information of target firmware, the data information includes: the target firmware capacity, encrypted packet number N with And the version information of the target firmware, wherein N is the number of the corresponding encrypted packet of the target firmware, the clothes The corresponding data of the target firmware are split by business device, obtain N number of data segment, and each data segment, which exists, to be corresponded Integrity verification information, each data segment and the corresponding integrity verification information are formed into a data respectively Packet, and encrypted using each data packet of packet key pair, obtain N number of encrypted packet;Wherein, each data packet There is the one-to-one packet key;Second transmission unit, suitable for after being successfully received the data information, Xiang Suoshu Server sends the feedback information for being properly received the data information, so that the server is receiving the data information Feedback information after, send the N number of encrypted packet to smart machine;Second receiving unit is suitable for receiving N number of encryption Data packet.
Optionally, the smart machine further include: the second authentication unit, suitable for being authenticated to the server.
Optionally, second authentication unit, be suitable for using the second public key to the first signed data, the first random number and The identification information of smart machine is encrypted to obtain the first encryption data, and first encryption data is sent to the service Device, first signed data are to be signed to obtain using the first private key pair information relevant to current firmware;So that described After server receives first encryption data, added using the second private key corresponding with second public key to described first Ciphertext data is decrypted, and the identification information and first signed data of the smart machine is obtained, according to the smart machine Identification information obtain the first public key of the smart machine, first signed data is tested using first public key Card;Receive the second encryption data;After second encryption data is proved to be successful first signed data for the server, The second signed data and the second random number are encrypted to obtain using first public key, wherein second signed data For the server use second private key to first random number, first signed data be proved to be successful information with And server relevant information is signed to obtain;Second encryption data is decrypted using first private key, is obtained Second random number and second signed data, and second signed data is tested using second public key Card, after being proved to be successful to second signed data, the verifying of the second signed data described in Xiang Suoshu server feedback at Function information is completed so that the server receives being proved to be successful after information of second signed data to the service The certification of device.
Optionally, the server further include: the second negotiation element, suitable in the target firmware pair for receiving server transmission Before the data information answered, key agreement is carried out with the server, according to the second secret information, default random number and second Counter, which counts, generates the corresponding decruption key of the packet key;Wherein, second secret information according to the first private key and Second public key of the server generates.
The embodiment of the present invention also provides another server, including memory and processor, is stored on the memory The computer instruction that can be run on the processor, the processor execute any of the above-described kind when running the computer instruction The step of firmware upgrade method.
The embodiment of the present invention also provides another smart machine, including memory and processor, stores on the memory There is the computer instruction that can be run on the processor, the processor executes any of the above-described when running the computer instruction The step of kind firmware upgrade method.
The embodiment of the present invention also provides a kind of firmware upgrade system, including any of the above-described kind of server and any of the above-described kind of intelligence It can equipment.
The embodiment of the present invention also provides a kind of computer readable storage medium, is used for server, computer-readable storage medium Matter is non-volatile memory medium or non-transitory storage media, is stored thereon with computer instruction, the computer instruction operation The step of any of the above-described kind of firmware upgrade method of Shi Zhihang.
The embodiment of the present invention also provides another computer readable storage medium, is used for smart machine, computer-readable to deposit Storage media is non-volatile memory medium or non-transitory storage media, is stored thereon with computer instruction, the computer instruction The step of any of the above-described kind of firmware upgrade method is executed when operation.
Compared with prior art, the technical solution of the embodiment of the present invention has the advantages that
The corresponding data of target firmware are split to obtain N number of data segment, by each data segment and corresponding integrality Verification information forms a data packet, and is encrypted using the one-to-one packet key pair data packet of each data packet, and Encrypted N number of encrypted packet is sent to smart machine.By the way that the corresponding data of target firmware are divided into multiple data segments, And encrypted using different packet data key packets, it realizes " one-packet key ", so as to improve in firmware upgrade process In, the safety of the corresponding data of target firmware in the data transmission.
Detailed description of the invention
Fig. 1 is the flow chart of one of embodiment of the present invention firmware upgrade method;
Fig. 2 is the flow chart of another firmware upgrade method in the embodiment of the present invention;
Fig. 3 is one of embodiment of the present invention firmware upgrade schematic diagram;
Fig. 4 is the structural schematic diagram of one of embodiment of the present invention server;
Fig. 5 is the structural schematic diagram of one of embodiment of the present invention smart machine;
Fig. 6 is the verification process schematic diagram of one of the embodiment of the present invention server and smart machine.
Specific embodiment
As previously mentioned, currently, more and more smart machines or hardware supported remote online firmware upgrade, i.e. smart machine Or hardware requests firmware updating from the server in trend cloud.This long-range carry out firmware upgrade mode is without user's operation or does In advance, it is convenient to bring to user.But the data transmission security of above-mentioned remote upgrade mode is lower.
In the embodiment of the present invention, the corresponding data of target firmware are split to obtain N number of data segment, by each data segment And corresponding integrity verification information forms a data packet, and uses the one-to-one packet key pair data of each data packet Packet is encrypted, and encrypted N number of data packet is sent to smart machine.It is more by being divided into the corresponding data of target firmware A data segment, and encrypted using different packet data key packets, it realizes " one-packet key ", so as to improve in firmware In escalation process, the safety of the corresponding data of target firmware in the data transmission.
It is understandable to enable the above-mentioned purpose, feature and beneficial effect of the embodiment of the present invention to become apparent, below with reference to attached Figure is described in detail specific embodiments of the present invention.
The embodiment of the present invention provides a kind of firmware upgrade method, can be used for server.Referring to Fig.1, the present invention is given A kind of flow chart of firmware upgrade method, is illustrated below by way of specific steps in embodiment.
Step 11, the corresponding data of target firmware are split, obtain N number of data segment.
In specific implementation, firmware upgrade operation can be triggered using various ways.
In an embodiment of the present invention, smart machine regular visit server, obtaining whether there is some on server The corresponding more new version of firmware.It, can be to service when smart machine detects on server there are when the more new version of the firmware Device initiates firmware upgrade operation request, to trigger firmware upgrade operation.
In an alternative embodiment of the invention, when server detects that the corresponding firmware of smart machine exists compared with lowest version, Trigger firmware upgrade operation.
In the embodiment of the present invention, for ease of description, referred to as by the more new version of some firmware existing on server For target firmware.
In specific implementation, when carrying out firmware upgrade, the corresponding data of target firmware can be split by server, N number of data segment is obtained, and distributes one-to-one integrity verification information for each data segment.The corresponding integrality of data segment is tested Card information can verify the correctness of the data segment, whether mistake occur to verify the data segment in data transmission procedure.
In embodiments of the present invention, the corresponding integrity verification information of data segment can be Hash (HASH) value.It can manage Solution can also be able to verify that the information of data segment correctness is believed as integrity verification in practical applications using other Breath, can be selected according to practical application request.
In specific implementation, the corresponding data of target firmware can be carried out average segmentation by server, to obtain N number of big Small identical data segment;The corresponding data of target firmware can also be carried out non-average mark and cut by server, to obtain N number of size Different data segments.
Step 12, each data segment and corresponding integrity verification information are formed into a data packet respectively, and using packet The each data packet of key pair is encrypted, and N number of encrypted packet is obtained.
In specific implementation, server, can be a pair of by each data segment and its one respectively after obtaining N number of data segment The integrity verification information answered forms a data packet, so as to obtain N number of data packet.Later, using with data packet one by one Corresponding packet key pair data packet is encrypted, to obtain N number of encrypted packet.
In specific implementation, server can add each data packet using packet key and based on symmetric encipherment algorithm It is close.It is understood that server can also encrypt each data packet using other Encryption Algorithm, it need to only meet intelligence The data packet of encryption can be decrypted in equipment, and details are not described herein again.
Step 13, the corresponding data information of target firmware is sent to smart machine.
In specific implementation, for the accuracy of improve data transfer, server can be by the corresponding data of target firmware Information is sent to smart machine, with the related data information of target firmware needed for informing smart machine.In the embodiment of the present invention In, the data information of target firmware may include: the version of target firmware capacity, the number N of encrypted packet and target firmware This information.It is understood that data information can also include other information relevant to target firmware.
In embodiments of the present invention, in order to further increase data transmission security, the data information of target firmware can be with Including integrity verification information corresponding to data information.The corresponding integrity verification information of data information can be data information Corresponding HASH value.Later, server can also be encrypted using packet data key information, and by the data after encryption Information is sent to smart machine.
After smart machine receives data information, it can be sent to server and be properly received the data information Feedback information, feedback information have been successfully received data information for identifying smart machine.
Step 14, after receiving the feedback information of successful data reception information of smart machine transmission, to smart machine Send N number of encrypted packet.
It in specific implementation, can be by N number of encryption data after server receives the feedback information of smart machine transmission Packet is sent to smart machine.
In an embodiment of the present invention, it is the safety for further increasing data transmission, sends one to smart machine every time A encrypted packet.Specifically, when server receives the feedback for being successfully received data information of smart machine transmission After information, the 1st encrypted packet is sent to smart machine, and wait the feedback information of smart machine.When smart machine receives To after the 1st encrypted packet, the 1st encrypted packet can be fed back and receive successful information.For example, sending an ACK letter Number successful information is received as the 1st encrypted packet.Being successfully received for smart machine feedback is received in server After the feedback information of 1st encrypted packet, the 2nd encrypted packet is sent to smart machine.And so on, in server Being successfully received after the feedback information of i-th of encrypted packet for smart machine feedback is received, is sent to smart machine I+1 encrypted packet, and so on, until completing the transmission of N number of encrypted packet, wherein 1≤i≤N-1.
By above scheme it is found that the corresponding data of target firmware are split to obtain N number of data segment, by each data segment And corresponding integrity verification information forms a data packet, and uses the one-to-one packet key pair data of each data packet Packet is encrypted, and encrypted N number of data packet is sent to smart machine.It is more by being divided into the corresponding data of target firmware A data segment, and encrypted using different packet data key packets, it realizes " one-packet key ", so as to improve in firmware In escalation process, the safety of the corresponding data of target firmware in the data transmission.
In specific implementation, in order to further increase the safety that data are transmitted in firmware upgrade process, consolidate by target Before the corresponding data of part are split, smart machine can also be authenticated.
Referring to Fig. 6, the verification process signal between one of embodiment of the present invention server and smart machine is given Figure.Below with reference to Fig. 6, the verification process of server and smart machine is illustrated, can specifically include following steps:
Smart machine has the first private key and the first public key corresponding with the first private key.Server have the second private key with And the second public key corresponding with the second private key.Smart machine and server can carry out exchange of public keys, when the two carries out public key friendship After alternatively, available the second public key to server of smart machine, available the first public key to smart machine of server.
Step S601, smart machine generate the first encryption data.
In specific implementation, smart machine is signed to obtain the using the first private key pair information relevant to current firmware One signed data.Smart machine generates the first random number, using the second public key to the first signed data, the first random number and intelligence The identification information of energy equipment carries out encryption and generates the first encryption data.The identification information of smart machine can be smart machine ID, or other are capable of the information of unique identification smart machine.
First encryption data is sent to server by step S602, smart machine.
Step S603, server receive the first encryption data.
The first encryption data is decrypted in step S604, server, and verifies to the first signed data.
In specific implementation, after server receives the first encryption data, using the second private key to the first encryption data It is decrypted, obtains the identification information and the first signed data of smart machine.Believed according to the mark of accessed smart machine Breath, inquires the first public key of smart machine.Server is decrypted the first signed data using the first public key, and signs to first Name data are verified.
Step S605, server generate the second encryption data.
After server is proved to be successful the first signed data, using the second private key to the first random number, the first number of signature According to be proved to be successful information and server relevant information is signed to obtain the second signed data.It is random that server generates second Number, encrypts the second signed data and the second random number using the first public key, generates the second encryption data.
Second encryption data is sent to smart machine by step S606, server.
Step S607, smart machine receive the second encryption data.
The second encryption data is decrypted in step S608, smart machine, and verifies to the second signed data.
After smart machine receives the second encryption data, the second encryption data is decrypted using the first private key, is obtained The second random number and the second signed data are taken, and the second signed data is verified using the second public key.
Step S609, smart machine the second signed data of transmission are proved to be successful information to server.
After smart machine is proved to be successful the second signed data, send the second signed data is proved to be successful information extremely Server.
Step S610, server receive the information that is proved to be successful of the second signed data, complete the certification with smart machine.
When server receives smart machine to the second signed data after being proved to be successful information, complete and smart machine Certification.
In specific implementation, before step 11, namely before being split the corresponding data of target firmware, service Device can also carry out key agreement with smart machine, to determine the generating mode of packet key.
In specific implementation, server can be authenticated first with smart machine, after completing certification, be carried out with smart machine Key agreement executes step 11 after completing key agreement with smart machine.
In specific implementation, server can carry out exchange of public keys with smart machine, and server gives the second public key to intelligence Energy equipment, smart machine give the first public key to server.
In specific implementation, server can use Elliptic Curve Cryptography (Elliptic Curve Cryptography, ECC) algorithm obtains corresponding second public key and the second private key.Smart machine can obtain first using ECC Public key and the first private key.It is understood that server and smart machine can also be respective using the generation of other Encryption Algorithm Public key and private key.
Server can generate the first secret information according to the second private key and the first public key, and according to the first secret information, Default random number and the first counter, which count, generates packet key.The initial count of first counter is 0, and server is every to send one A data packet receives a data packet, and count is incremented for the first counter.With the transmission and reception of data packet, first Counter counts difference, therefore the corresponding packet key of each data packet that server generates is different.
Smart machine can generate the second secret information according to the first private key and the second public key, and according to the second secret letter Breath, default random number and the second counter, which count, generates the corresponding decruption key of packet key.The initial count of second counter is 0, smart machine one data packet of every transmission or a data packet is received, count is incremented for the second counter.With data packet Transmission and reception, the second counter counts different, therefore the corresponding packet key of each data packet that server generates is different.
In specific implementation, default random number can use the second random number, can also use the first random number, can be with The random number negotiated using other servers and smart machine, herein without limitation.
Using ECC key agreement, available first secret information of server, the secret letter of smart machine available second Breath, the secret information that the first secret information and the second secret information are shared each other.Simultaneously by being arranged corresponding with server the One counter, the second counter corresponding with smart machine can be with synchronous package key and decruption key corresponding with packet key Generation, the corresponding packet key of data packet may be implemented and decruption key, safety are higher.
Since the firmware of smart machine is normally stored in flash memory (FLASH), in firmware upgrade process, by target firmware Data be divided into N number of encrypted packet and sent, and individually each encrypted packet is handled, is received without disposable Complete firmware data, occupied memory when so as to reduce smart machine progress firmware upgrade.
The embodiment of the present invention also provides another firmware upgrade method, can be used for smart machine.Referring to Fig. 2, give The flow chart of another firmware upgrade method, can specifically include following steps in the embodiment of the present invention.
Step 21, the corresponding data information of target firmware is received.
In specific implementation, when carrying out firmware upgrade to smart machine, it is corresponding that smart machine can receive target firmware Data information.
The corresponding data information of target firmware can be generated by server.Data information may include: target firmware capacity, The number N of encrypted packet and the version information of target firmware, wherein N is the number of the corresponding encrypted packet of target firmware Mesh.
In specific implementation, the corresponding data of target firmware are split by server, obtain N number of data segment, and are every A data segment distributes one-to-one integrity verification information, respectively by each data segment and corresponding integrity verification information group At a data packet, N number of data packet is obtained.It is encrypted using with the one-to-one packet key pair data packet of data packet, from And obtain N number of encrypted packet.
After server generates corresponding N number of encrypted packet, the corresponding data information of target firmware can be further generated, Target firmware capacity, the number N of encrypted packet and version information of target firmware etc. are sent to intelligence by data information It can equipment.Smart machine can know the relevant information of target firmware after receiving data information.
Step 22, after being successfully received data information, the feedback letter for being properly received data information is sent to server Breath.
In specific implementation, after smart machine receives data information, data information can be decrypted and is confirmed. For example, confirming whether the data information received is correct according to the HASH value carried in data information.When confirmation is successfully received After data information, the feedback information for being successfully received data information is sent to server.
Step 23, N number of encrypted packet is received.
In specific implementation, server is in the feedback letter for being successfully received data information for receiving smart machine feedback After breath, N number of encrypted packet is sent to smart machine.
It in specific implementation, is the safety for further increasing data transmission, server can send N number of add as follows Ciphertext data packet:
Server sends an encrypted packet to smart machine every time.Specifically, being set when server receives intelligence After being successfully received the feedback information of data information for what is fed back, the 1st encrypted packet is sent to smart machine, and wait The feedback of smart machine.After smart machine is successfully received the 1st encrypted packet, it can feed back and be successfully received The feedback information of 1 encrypted packet.Receive smart machine feedback be successfully received the anti-of the 1st encrypted packet After feedforward information, the 2nd encrypted packet is sent to smart machine, and so on, receiving having become for smart machine feedback After function receives the feedback information of i-th of encrypted packet, i+1 encrypted packet is sent to smart machine, with such It pushes away, until completing the transmission of N number of encrypted packet, wherein 1≤i≤N-1.
In specific implementation, after smart machine receives N number of encrypted packet, it is also necessary to N number of encrypted packet It is decrypted, needs to use decruption key corresponding with packet key in decryption.Decruption key corresponding with packet key is intelligence Equipment and server carry out key agreement, and count and generate according to the second secret information, default random number and the second counter. Second secret information is generated according to the second public key of the first private key of smart machine and server, the initial count of the second counter It is 0, count is incremented for second counter of data packet of smart machine one data packet of every receipts or every transmission.
In specific implementation, in order to further increase the data transmission security in firmware upgrade process, step is being executed Before 21 namely smart machine is before receiving the corresponding data information of target firmware, can also authenticate to server.
In embodiments of the present invention, smart machine can in the following way authenticate server:
Smart machine is signed to obtain the first signed data using the first private key pair information relevant to current firmware.Intelligence Energy equipment generates the first random number, using the second public key to the mark of the first signed data, the first random number and smart machine Information is encrypted to obtain the first encryption data, and the first encryption data is sent to server.The identification information of smart machine It can be the ID of smart machine, or other are capable of the information of unique identification smart machine.
After server receives the first encryption data, the first encryption data is decrypted using the second private key, obtains intelligence The identification information of energy equipment.According to the identification information of accessed smart machine, the first public key of smart machine is inquired.Service Device is decrypted the first signed data using the first public key, and verifies to the first signed data.When to the first number of signature After being proved to be successful, information and server phase are proved to be successful to the first random number, the first signed data using the second private key Information is closed to be signed to obtain the second signed data.Server generates the second random number, and is signed using the first public key to second Data and the second random number are encrypted, and obtain the second encryption data, and the second encryption data is sent to smart machine.
After smart machine receives the second encryption data, the second encryption data is decrypted using the first private key, is obtained The second random number and the second signed data are taken, and the second signed data is verified using the second public key, and check first The consistency of random number.After being proved to be successful to the second signed data namely when the verification of the consistency of the first random number passes through, Send the second signed data is proved to be successful information to server, completes the certification to server.
When server receives smart machine to the second signed data after being proved to be successful information, completion is to smart machine Certification.
The embodiment of the present invention is better understood and realized for the ease of those skilled in the art, in conjunction with Fig. 3, gives this hair A kind of firmware upgrade schematic diagram, is described in detail below in bright embodiment.
Step 31, server and smart machine carry out mutual authentication.
In specific implementation, the verification process of server and smart machine can refer to Fig. 6 and the above embodiment of the present invention In to the description in the verification process of server and smart machine, details are not described herein again.
Step 32, server and smart machine carry out ECC key agreement.
In specific implementation, server and smart machine carry out ECC key agreement, and carry out exchange of public keys, to service Available the first public key to smart machine of device, and the first secret information is generated according to the first public key and the second private key.Service Device counts according to the first secret information, default random number and the first counter and generates packet key.Due to server it is every transmission or After person receives a data packet, the counting of the first counter can change, to carry out every time to sent data packet Packet key generated is different when encryption, so as to ensure that each data packet is corresponding with packet key one by one.
Available the second public key to server of smart machine, and it is secret according to the second public key and the generation second of the first private key Confidential information, smart machine are corresponding according to the second secret information, default random number and the second counter counting generation packet key Decruption key.
The count initialized of first counter and the second counter can be identical, such as can since 0 ing, server with In the normal transmission data procedures of smart machine, server is encrypted to obtain the using i-th of packet key pair, i-th of data packet I encrypted packet.Smart machine generates i-th of decruption key for decrypting i-th of encrypted packet, and i-th of decryption is close Key is corresponding with i-th of packet key, can decrypt i-th of encrypted packet using i-th of decruption key.
Step 33, the corresponding data of target firmware are split and are packaged processing by server.
For example, server by the corresponding packet segmentation of target firmware at 10 segments, obtain 10 data segments.Every number There is corresponding HASH value according to Duan Jun, each data segment forms a data packet with corresponding HASH value, obtains 10 data packets.
Step 34, server encrypts each data packet, encrypted packet is then sent to smart machine, each Data packet uses different packet keys.
In specific implementation, the corresponding data packet of data information that target firmware is sent to smart machine, can also use Corresponding packet key is encrypted, and includes corresponding HASH value in the corresponding data packet of data information of target firmware.
For example, data information includes: target firmware capacity is 1500M, and the number of encrypted packet is 10, V3 version.
Server is after receiving the feedback information of successful data reception information of smart machine transmission, the first counter counts Number plus 1.Server counts according to the first secret information, default random number and the first counter after adding 1 and generates the 1st data Corresponding packet key is wrapped, and the 1st data packet is encrypted, obtains the 1st encrypted packet, and be sent to smart machine. Smart machine is waited to feed back the reception of the 1st encrypted packet.When the reception for receiving the 1st encrypted packet is successfully fed back Later, the first counter counts adds 1 again.Server is according to the first secret information, default random number and the first meter again plus after 1 Rolling counters forward generates the corresponding packet key of the 2nd data packet, and encrypts to the 2nd data packet, obtains the 2nd encryption data Packet, and it is sent to smart machine, and so on, until completing the transmission of 10 encrypted packets.
Step 35, smart machine is decrypted the encrypted packet received and carries out HASH value verification.
After smart machine receives data information, data information is verified by HASH value, when verification result just When true, to the feedback information of server feedback successful data reception information.
When receiving the 1st encrypted packet, using generated corresponding with the 1st packet key of encrypted packet The 1st encrypted packet is decrypted in decruption key, and is verified by HASH value to the 1st encrypted packet.When testing When demonstrate,proving successfully, the feedback information for being properly received the 1st encrypted packet is sent to server.And so on, complete 10 encryptions The reception of data packet.
Referring to Fig. 4, the embodiment of the present invention also provides a kind of server.Server 40 may include: cutting unit 41, encryption Unit 42, the first transmission unit 43, in which:
Cutting unit 41 obtains N number of data segment, each number suitable for being split the corresponding data of target firmware According to section, there are one-to-one integrity verification information;
Encryption unit 42 is suitable for that each data segment and the corresponding integrity verification information are formed one respectively Data packet, and encrypted using each data packet of packet key pair, obtain N number of encrypted packet;Wherein, each number There is the one-to-one packet key according to Bao Jun;
First transmission unit 43 sends the corresponding data information of the target firmware, the data information to smart machine It include: the version information of the target firmware capacity, the number N of the encrypted packet and the target firmware;And It receives after the smart machine is properly received the feedback information of the data information, Xiang Suoshu smart machine sends N number of described Encrypted packet.
In specific implementation, the server 40 can also include: the first authentication unit 44, be suitable for the smart machine It is authenticated.
In specific implementation, first authentication unit 44, the first encryption number sent suitable for receiving the smart machine According to first encryption data is for the smart machine using the second public key to the first signed data, the first random number and institute The identification information for stating smart machine is encrypted to obtain, and first signed data is that the smart machine uses the first private key pair Information relevant to current firmware is signed to obtain;First encryption data is decrypted using the second private key, is obtained The identification information of the smart machine and first signed data, second private key are corresponding with second public key;According to The identification information of the smart machine obtains the first public key of the smart machine, using first public key to first label Name data are verified;It is random to described first using second private key after being proved to be successful to first signed data Several, described first signed data be proved to be successful information and server relevant information is signed to obtain the second signed data; Second signed data and the second random number are encrypted using first public key, obtain the second encryption data, and will Second encryption data is sent to the smart machine;So that the smart machine is using first private key to described second Encryption data is decrypted, and obtains second random number and second signed data, and use second public key pair Second signed data is verified;The smart machine is received to the feedback of second signed data being proved to be successful After information, the certification to the smart machine is completed.
In specific implementation, the server 40 can also include: the first negotiation element 45, suitable for consolidating target described Before the corresponding data of part are split, key agreement is carried out with the smart machine, according to the first secret information, is preset at random Several and the first counter, which counts, generates the packet key;Wherein, first secret information is according to the second private key and described First public key of smart machine generates.
In specific implementation, the encryption unit 42 is suitable for using the packet key and based on symmetric encipherment algorithm to every A data packet is encrypted.
In specific implementation, first transmission unit 43, suitable for being connect in the success for receiving the smart machine transmission After the feedback information for receiving the data information, Xiang Suoshu smart machine sends the 1st encrypted packet;And it is receiving After the feedback information that i-th of encrypted packet of the smart machine feedback is properly received, Xiang Suoshu smart machine hair Send i+1 the encrypted packet, wherein 1≤i≤N-1.
In specific implementation, the cutting unit 41, suitable for the corresponding data of the target firmware are carried out average segmentation, Obtain the identical data segment of N number of size.
In specific implementation, the integrity verification information is cryptographic Hash, and the cryptographic Hash is according to each data segment It generates.
In specific implementation, the working principle and workflow of the server 40 can refer to the above embodiment of the present invention Description in a kind of firmware upgrade method of middle offer, details are not described herein again.
Referring to Fig. 5, the embodiment of the present invention also provides a kind of smart machine.The smart machine 50 may include: first to connect Receive unit 51, the second transmission unit 52 and the second receiving unit 53, in which:
First receiving unit 51, the corresponding data information of target firmware sent suitable for receiving server, the data letter Breath includes: the version information of the target firmware capacity, the number N of encrypted packet and the target firmware, and wherein N is institute The number of the corresponding encrypted packet of target firmware is stated, the server is divided the corresponding data of the target firmware It cuts, obtains N number of data segment, there are one-to-one integrity verification information for each data segment, respectively by each number A data packet is formed according to section and the corresponding integrity verification information, and is carried out using each data packet of packet key pair Encryption, obtains N number of encrypted packet;Wherein, there is the one-to-one packet key in each data packet;
Second transmission unit 52, suitable for after being successfully received the data information, the transmission of Xiang Suoshu server has succeeded The feedback information of the data information is received, so that the server is after the feedback information for receiving the data information, to Smart machine sends N number of encrypted packet;
Second receiving unit 53 is suitable for receiving N number of encrypted packet.
In specific implementation, the smart machine 50 can also include: the second authentication unit 54, be suitable for the server It is authenticated.
In specific implementation, second authentication unit 54, be suitable for using the second public key to the first signed data, first with The identification information of machine number and smart machine is encrypted to obtain the first encryption data, and first encryption data is sent to The server, first signed data are to be signed to obtain using the first private key pair information relevant to current firmware; So that after the server receives first encryption data, using the second private key corresponding with second public key to institute It states the first encryption data to be decrypted, the identification information and first signed data of the smart machine is obtained, according to described The identification information of smart machine obtains the first public key of the smart machine, using first public key to first number of signature According to being verified;Receive the second encryption data;Second encryption data is that the server tests first signed data After demonstrate,proving successfully, the second signed data and the second random number are encrypted to obtain using first public key, wherein described second Signed data be the server using second private key to the verifying of first random number, first signed data at Function information and server relevant information are signed to obtain;Second encryption data is solved using first private key It is close, second random number and second signed data are obtained, and using second public key to second number of signature According to being verified, after being proved to be successful to second signed data, the second signed data described in Xiang Suoshu server feedback Be proved to be successful information so that the server receives being proved to be successful after information of second signed data, complete pair The certification of the server.
In specific implementation, the smart machine 50 can also include: the second negotiation element 55, be suitable for receiving server Before the corresponding data information of the target firmware of transmission, key agreement is carried out with the server, according to the second secret information, in advance If random number and the second counter, which count, generates the corresponding decruption key of the packet key;Wherein, second secret information It is generated according to the second public key of the first private key and the server.
In specific implementation, the working principle and workflow of the smart machine 50 can refer to the embodiment of the present invention The description in any of the above-described kind of firmware upgrade method provided, details are not described herein again.
The embodiment of the present invention also provides another server, including memory and processor, is stored on the memory The computer instruction that can be run on the processor, the processor, which executes the present invention when running the computer instruction, to be implemented The step of any of the above-described kind of example offer is used for the firmware upgrade method of server.
The embodiment of the present invention also provides another smart machine, including memory and processor, stores on the memory There is the computer instruction that can be run on the processor, it is real that the processor executes the present invention when running the computer instruction The step of applying any of the above-described kind that example the provides firmware upgrade method for smart machine.
The embodiment of the present invention also provides a kind of firmware upgrade system, including any of the above-described kind of clothes provided in an embodiment of the present invention Business device and any of the above-described kind of smart machine.
In specific implementation, the working principle and workflow of firmware upgrade system, can be with reference to the above-mentioned implementation of the present invention Description in description in example to server and smart machine, and the firmware upgrade method of offer, details are not described herein again.
The embodiment of the present invention also provides a kind of computer readable storage medium, is used for server, computer-readable storage medium Matter is non-volatile memory medium or non-transitory storage media, is stored thereon with computer instruction, the computer instruction operation Any of the above-described kind provided in an embodiment of the present invention of Shi Zhihang be used for server firmware upgrade method the step of.
The embodiment of the present invention also provides a kind of computer readable storage medium, is used for smart machine, computer-readable storage Medium is non-volatile memory medium or non-transitory storage media, is stored thereon with computer instruction, the computer instruction fortune The step of any of the above-described kind provided in an embodiment of the present invention firmware upgrade method for smart machine is executed when row.
Those of ordinary skill in the art will appreciate that all or part of the steps in the various methods of above-described embodiment is can It is completed with instructing relevant hardware by program, which can store in any computer readable storage medium storing program for executing, deposit Storage media may include: ROM, RAM, disk or CD etc..
Although present disclosure is as above, present invention is not limited to this.Anyone skilled in the art are not departing from this It in the spirit and scope of invention, can make various changes or modifications, therefore protection scope of the present invention should be with claim institute Subject to the range of restriction.

Claims (29)

1. a kind of firmware upgrade method characterized by comprising
The corresponding data of target firmware are split, N number of data segment is obtained, each data segment exists one-to-one complete Integrity verification information;
Each data segment and the corresponding integrity verification information are formed into a data packet respectively, and use packet key Each data packet is encrypted, N number of encrypted packet is obtained;Wherein, each data packet exists and corresponds The packet key;
The corresponding data information of the target firmware is sent to smart machine, the data information includes: the target firmware holds The version information of amount, the number N of the encrypted packet and the target firmware;
After the feedback information for receiving the successful reception data information that the smart machine is sent, Xiang Suoshu smart machine Send N number of encrypted packet.
2. firmware upgrade method according to claim 1, which is characterized in that it is described by the corresponding data of target firmware into Before row segmentation, further includes:
The smart machine is authenticated.
3. firmware upgrade method according to claim 2, which is characterized in that it is described that the smart machine is authenticated, Include:
The first encryption data that the smart machine is sent is received, first encryption data is that the smart machine uses second Public key is encrypted to obtain to the identification information of the first signed data, the first random number and the smart machine, and described first Signed data is that the smart machine is signed to obtain using the first private key pair information relevant to current firmware;
First encryption data is decrypted using the second private key, obtains the identification information and described of the smart machine One signed data, second private key are corresponding with second public key;
The first public key that the smart machine is obtained according to the identification information of the smart machine, using first public key to institute The first signed data is stated to be verified;
After being proved to be successful to first signed data, using second private key to first random number, described first Signed data be proved to be successful information and server relevant information is signed to obtain the second signed data;
Second signed data and the second random number are encrypted using first public key, obtain the second encryption data, And second encryption data is sent to the smart machine;So that the smart machine is using first private key to described Second encryption data is decrypted, and obtains second random number and second signed data, and public using described second Key verifies second signed data;
Receive the smart machine to second signed data be proved to be successful information after, complete to the smart machine Certification.
4. firmware upgrade method according to claim 1, which is characterized in that it is described by the corresponding data of target firmware into Before row segmentation, further includes:
Key agreement is carried out with the smart machine, is counted according to the first secret information, default random number and the first counter Generate the packet key;Wherein, first secret information is raw according to the first public key of the second private key and the smart machine At.
5. firmware upgrade method according to claim 1, which is characterized in that described to use each data of packet key pair Packet is encrypted, comprising:
Each data packet is encrypted using the packet key and based on symmetric encipherment algorithm.
6. firmware upgrade method according to any one of claims 1 to 5, which is characterized in that described to receive the intelligence After the feedback information for the successful reception data information that energy equipment is sent, Xiang Suoshu smart machine sends N number of encryption number According to packet, comprising:
After the feedback information for receiving the successful reception data information that the smart machine is sent, Xiang Suoshu smart machine Send the 1st encrypted packet;
After the feedback information that i-th of encrypted packet for receiving the smart machine feedback is properly received, to institute It states smart machine and sends the i+1 encrypted packet, wherein 1≤i≤N-1.
7. firmware upgrade method according to claim 1, which is characterized in that described to carry out the corresponding data of target firmware Segmentation, obtains N number of data segment, comprising:
The corresponding data of the target firmware are subjected to average segmentation, obtain the identical data segment of N number of size.
8. firmware upgrade method according to claim 1, which is characterized in that the integrity verification information is cryptographic Hash, The cryptographic Hash is generated according to each data segment.
9. a kind of firmware upgrade method characterized by comprising
The corresponding data information of target firmware is received, the data information is generated by server, comprising: the target firmware holds The version information of amount, the number N of encrypted packet and the target firmware, wherein N is that the target firmware is corresponding described The corresponding data of the target firmware are split by the number of encrypted packet, the server, obtain N number of data segment, often There are one-to-one integrity verification information for a data segment, respectively by each data segment and corresponding described complete Property verification information form a data packet, and encrypted using each data packet of packet key pair, obtain N number of encryption Data packet;Wherein, there is the one-to-one packet key in each data packet;
After being successfully received the data information, Xiang Suoshu server sends the feedback letter for being properly received the data information Breath, so that the server sends N number of encryption number after the feedback information for receiving the data information, to smart machine According to packet;
Receive N number of encrypted packet.
10. firmware upgrade method according to claim 9, which is characterized in that receiving the corresponding data letter of target firmware Before breath, further includes:
The server is authenticated.
11. firmware upgrade method according to claim 10, which is characterized in that it is described that the server is authenticated, Include:
It is encrypted to obtain using identification information of second public key to the first signed data, the first random number and smart machine One encryption data, and first encryption data is sent to the server, first signed data is using the first private Key pair information relevant to current firmware is signed to obtain;So that the server receive first encryption data it Afterwards, first encryption data is decrypted using the second private key corresponding with second public key, obtains the intelligence and sets Standby identification information and first signed data obtains the of the smart machine according to the identification information of the smart machine One public key verifies first signed data using first public key;
Receive the second encryption data;Second encryption data is that the server is proved to be successful first signed data Afterwards, the second signed data and the second random number are encrypted to obtain using first public key, wherein second number of signature Information is proved to be successful to first random number, first signed data using second private key according to for the server And server relevant information is signed to obtain;
Second encryption data is decrypted using first private key, obtains second random number and described second Signed data, and second signed data is verified using second public key, it is tested when to second signed data After demonstrate,proving successfully, the second signed data described in Xiang Suoshu server feedback is proved to be successful information, so that the server receives To second signed data be proved to be successful information after, complete certification to the server.
12. firmware upgrade method according to claim 9, which is characterized in that in the target that the reception server is sent Before the corresponding data information of firmware, further includes:
Key agreement is carried out with the server, life is counted according to the second secret information, default random number and the second counter At the corresponding decruption key of the packet key;Wherein, second secret information is according to the first private key and the server Second public key generates.
13. a kind of server characterized by comprising
Cutting unit obtains N number of data segment, each data segment is deposited suitable for being split the corresponding data of target firmware In one-to-one integrity verification information;
Encryption unit is suitable for that each data segment and the corresponding integrity verification information are formed a data respectively Packet, and encrypted using each data packet of packet key pair, obtain N number of encrypted packet;Wherein, each data packet There is the one-to-one packet key;
First transmission unit sends the corresponding data information of the target firmware to smart machine, and the data information includes: institute State the version information of target firmware capacity, the number N of the encrypted packet and the target firmware;And receiving It states after smart machine is properly received the feedback information of the data information, Xiang Suoshu smart machine sends N number of encryption data Packet.
14. server according to claim 13, which is characterized in that further include: the first authentication unit is suitable for the intelligence Energy equipment is authenticated.
15. server according to claim 14, which is characterized in that first authentication unit is suitable for receiving the intelligence The first encryption data that energy equipment is sent, first encryption data are that the smart machine is signed using the second public key to first The identification information of data, the first random number and the smart machine is encrypted to obtain, and first signed data is described Smart machine is signed to obtain using the first private key pair information relevant to current firmware;Using the second private key to described first Encryption data is decrypted, and obtains the identification information and first signed data of the smart machine, second private key with Second public key is corresponding;The first public key that the smart machine is obtained according to the identification information of the smart machine, using institute The first public key is stated to verify first signed data;After being proved to be successful to first signed data, using described Second private key carries out be proved to be successful information and the server relevant information of first random number, first signed data Signature obtains the second signed data;Second signed data and the second random number are encrypted using first public key, The second encryption data is obtained, and second encryption data is sent to the smart machine;So that the smart machine uses Second encryption data is decrypted in first private key, obtains second random number and second number of signature According to, and second signed data is verified using second public key;The smart machine is received to described second Signed data be proved to be successful information after, complete certification to the smart machine.
16. server according to claim 13, which is characterized in that further include: the first negotiation element is suitable for by target Before the corresponding data of firmware are split, carry out key agreement with the smart machine, according to the first secret information, it is default with Machine number and the first counter, which count, generates the packet key;Wherein, first secret information is according to the second private key and institute The first public key for stating smart machine generates.
17. server according to claim 13, which is characterized in that the encryption unit is suitable for using the packet key And each data packet is encrypted based on symmetric encipherment algorithm.
18. 3 to 17 described in any item servers according to claim 1, which is characterized in that first transmission unit is suitable for After the feedback information for receiving the successful reception data information that the smart machine is sent, Xiang Suoshu smart machine is sent 1st encrypted packet;And it is properly received in i-th of encrypted packet for receiving the smart machine feedback Feedback information after, Xiang Suoshu smart machine sends the i+1 encrypted packet, wherein 1≤i≤N-1.
19. server according to claim 13, which is characterized in that the cutting unit is suitable for the target firmware Corresponding data carry out average segmentation, obtain the identical data segment of N number of size.
20. server according to claim 13, which is characterized in that the integrity verification information is cryptographic Hash, described Cryptographic Hash is generated according to each data segment.
21. a kind of smart machine characterized by comprising
First receiving unit, the corresponding data information of target firmware sent suitable for receiving server, the data information includes: The version information of the target firmware capacity, the number N of encrypted packet and the target firmware, wherein N is the target The corresponding data of the target firmware are split, obtain by the number of the corresponding encrypted packet of firmware, the server To N number of data segment, there are one-to-one integrity verification information for each data segment, respectively by each data segment and The corresponding integrity verification information forms a data packet, and is encrypted using each data packet of packet key pair, Obtain N number of encrypted packet;Wherein, there is the one-to-one packet key in each data packet;
Second transmission unit, suitable for after being successfully received the data information, the transmission of Xiang Suoshu server has been properly received institute The feedback information of data information is stated, so that the server is set after the feedback information for receiving the data information to intelligence Preparation send N number of encrypted packet;
Second receiving unit is suitable for receiving N number of encrypted packet.
22. smart machine according to claim 21, which is characterized in that further include: the second authentication unit is suitable for described Server is authenticated.
23. smart machine according to claim 22, which is characterized in that second authentication unit is suitable for using second Public key encrypts the identification information of the first signed data, the first random number and smart machine to obtain the first encryption data, And first encryption data is sent to the server, first signed data is using the first private key pair and currently solid The relevant information of part is signed to obtain;So that after the server receives first encryption data, using with it is described First encryption data is decrypted in corresponding second private key of second public key, obtain the smart machine identification information and First signed data obtains the first public key of the smart machine according to the identification information of the smart machine, using institute The first public key is stated to verify first signed data;Receive the second encryption data;Second encryption data is described After server is proved to be successful first signed data, using first public key to the second signed data and the second random number It is encrypted to obtain, wherein second signed data is that the server is random to described first using second private key Several, described first signed data be proved to be successful information and server relevant information is signed to obtain;Using described first Second encryption data is decrypted in private key, obtains second random number and second signed data, and use Second public key verifies second signed data, after being proved to be successful to second signed data, to institute That states the second signed data described in server feedback is proved to be successful information, so that the server receives second number of signature According to be proved to be successful information after, complete certification to the server.
24. smart machine according to claim 21, which is characterized in that further include: the second negotiation element, suitable for receiving Before the corresponding data information of target firmware that server is sent, key agreement is carried out with the server, according to the second secret Information, default random number and the second counter, which count, generates the corresponding decruption key of the packet key;Wherein, described second is secret Confidential information is generated according to the second public key of the first private key and the server.
25. a kind of server, including memory and processor, be stored on the memory to run on the processor Computer instruction, which is characterized in that perform claim requires any one of 1 to 8 institute when the processor runs the computer instruction The step of firmware upgrade method stated.
26. a kind of smart machine, including memory and processor, it is stored with and can runs on the processor on the memory Computer instruction, which is characterized in that perform claim requires any one of 9 to 12 when the processor runs the computer instruction The step of described firmware upgrade method.
27. a kind of firmware upgrade system, which is characterized in that including the described in any item servers of such as claim 13 to 20 and such as The described in any item smart machines of claim 21 to 24.
28. a kind of computer readable storage medium is used for server, computer readable storage medium is non-volatile memory medium Or non-transitory storage media, it is stored thereon with computer instruction, which is characterized in that the perform claim when computer instruction is run It is required that the step of 1 to 8 described in any item firmware upgrade methods.
29. a kind of computer readable storage medium, is used for smart machine, computer readable storage medium is non-volatile memories Jie Matter or non-transitory storage media, are stored thereon with computer instruction, which is characterized in that the right of execution when computer instruction is run Benefit requires the step of 9 to 12 described in any item firmware upgrade methods.
CN201910410888.9A 2019-05-16 2019-05-16 Firmware upgrading method and system, server, intelligent device and readable storage medium Active CN110134424B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910410888.9A CN110134424B (en) 2019-05-16 2019-05-16 Firmware upgrading method and system, server, intelligent device and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910410888.9A CN110134424B (en) 2019-05-16 2019-05-16 Firmware upgrading method and system, server, intelligent device and readable storage medium

Publications (2)

Publication Number Publication Date
CN110134424A true CN110134424A (en) 2019-08-16
CN110134424B CN110134424B (en) 2023-06-06

Family

ID=67574766

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910410888.9A Active CN110134424B (en) 2019-05-16 2019-05-16 Firmware upgrading method and system, server, intelligent device and readable storage medium

Country Status (1)

Country Link
CN (1) CN110134424B (en)

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110719522A (en) * 2019-10-31 2020-01-21 广州视源电子科技股份有限公司 Video display method and device, storage medium and electronic equipment
CN111147461A (en) * 2019-12-13 2020-05-12 北京像素软件科技股份有限公司 Data transmission method, device, server and user terminal
CN111241522A (en) * 2020-01-07 2020-06-05 杭州涂鸦信息技术有限公司 Firmware signature method and device and storage medium
CN111538512A (en) * 2020-04-16 2020-08-14 山东正中信息技术股份有限公司 OTA (over the air) firmware upgrading method, device and equipment
CN111726247A (en) * 2020-05-29 2020-09-29 惠州拓邦电气技术有限公司 Electronic lock firmware updating method and device, electronic lock and storage medium
CN111970689A (en) * 2020-06-29 2020-11-20 百度在线网络技术(北京)有限公司 OTA data packet generation method and device and electronic equipment
CN112217796A (en) * 2020-09-07 2021-01-12 西安通软软件科技有限公司 Internet of things module software upgrading method based on encryption technology
CN112491879A (en) * 2020-11-26 2021-03-12 中电金融设备系统(深圳)有限公司 Method for remotely updating firmware, computer equipment and storage medium
CN112579128A (en) * 2020-12-23 2021-03-30 恒为科技(上海)股份有限公司 Data processing method, upper computer, single chip microcomputer and system
CN112600848A (en) * 2020-12-17 2021-04-02 上海芯安信息科技有限公司 Software upgrading package encapsulation method and device and software upgrading package decapsulation method and device
CN114006762A (en) * 2021-11-01 2022-02-01 明珠数字科技股份有限公司 Method, system and storage medium for safety verification among multiple servers
CN114281379A (en) * 2021-12-21 2022-04-05 上海银基信息安全技术股份有限公司 Software updating method and device based on OTA, equipment terminal, server terminal and storage medium
CN117009992A (en) * 2023-07-28 2023-11-07 广州汽车集团股份有限公司 Upgrade package processing method and device, electronic equipment and storage medium
CN117240478A (en) * 2023-11-13 2023-12-15 深圳合纵富科技有限公司 POS machine data transmission method and system
CN117492798A (en) * 2024-01-03 2024-02-02 广云物联网科技(广州)有限公司 Multi-chip multi-channel remote upgrading method and system
CN117556430A (en) * 2024-01-12 2024-02-13 上海芯联芯智能科技有限公司 Safe starting method, device, equipment and storage medium

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101373440A (en) * 2008-10-09 2009-02-25 北京飞天诚信科技有限公司 Method and device for processing firmware upgrading data
CN101630371A (en) * 2009-08-19 2010-01-20 广州钧易信息技术有限公司 Method and system for remotely realizing IC card service control and IC card reader
US20150180840A1 (en) * 2013-12-24 2015-06-25 Hyundai Motor Company Firmware upgrade method and system thereof
CN104991795A (en) * 2015-06-19 2015-10-21 北京汉王鹏泰科技有限公司 Firmware upgrading method and apparatus of active capacitive stylus
CN107222532A (en) * 2017-05-23 2017-09-29 努比亚技术有限公司 A kind of radio firmware upgrade method, device and computer-readable recording medium
CN108196867A (en) * 2018-03-08 2018-06-22 深圳市文鼎创数据科技有限公司 Device for upgrading firmware, equipment and its firmware upgrade method of equipment
CN109286599A (en) * 2017-07-20 2019-01-29 北京展讯高科通信技术有限公司 Data security protection method, smart machine, server and readable storage medium storing program for executing

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101373440A (en) * 2008-10-09 2009-02-25 北京飞天诚信科技有限公司 Method and device for processing firmware upgrading data
CN101630371A (en) * 2009-08-19 2010-01-20 广州钧易信息技术有限公司 Method and system for remotely realizing IC card service control and IC card reader
US20150180840A1 (en) * 2013-12-24 2015-06-25 Hyundai Motor Company Firmware upgrade method and system thereof
CN104991795A (en) * 2015-06-19 2015-10-21 北京汉王鹏泰科技有限公司 Firmware upgrading method and apparatus of active capacitive stylus
CN107222532A (en) * 2017-05-23 2017-09-29 努比亚技术有限公司 A kind of radio firmware upgrade method, device and computer-readable recording medium
CN109286599A (en) * 2017-07-20 2019-01-29 北京展讯高科通信技术有限公司 Data security protection method, smart machine, server and readable storage medium storing program for executing
CN108196867A (en) * 2018-03-08 2018-06-22 深圳市文鼎创数据科技有限公司 Device for upgrading firmware, equipment and its firmware upgrade method of equipment

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
焦占亚,胡予濮: "一种密钥的设计和管理方法", 微电子学与计算机, no. 10 *

Cited By (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110719522B (en) * 2019-10-31 2021-12-24 广州视源电子科技股份有限公司 Video display method and device, storage medium and electronic equipment
CN110719522A (en) * 2019-10-31 2020-01-21 广州视源电子科技股份有限公司 Video display method and device, storage medium and electronic equipment
CN111147461A (en) * 2019-12-13 2020-05-12 北京像素软件科技股份有限公司 Data transmission method, device, server and user terminal
CN111147461B (en) * 2019-12-13 2022-01-11 北京像素软件科技股份有限公司 Data transmission method, device, server and user terminal
CN111241522A (en) * 2020-01-07 2020-06-05 杭州涂鸦信息技术有限公司 Firmware signature method and device and storage medium
CN111538512A (en) * 2020-04-16 2020-08-14 山东正中信息技术股份有限公司 OTA (over the air) firmware upgrading method, device and equipment
CN111726247A (en) * 2020-05-29 2020-09-29 惠州拓邦电气技术有限公司 Electronic lock firmware updating method and device, electronic lock and storage medium
CN111970689A (en) * 2020-06-29 2020-11-20 百度在线网络技术(北京)有限公司 OTA data packet generation method and device and electronic equipment
CN112217796A (en) * 2020-09-07 2021-01-12 西安通软软件科技有限公司 Internet of things module software upgrading method based on encryption technology
CN112491879A (en) * 2020-11-26 2021-03-12 中电金融设备系统(深圳)有限公司 Method for remotely updating firmware, computer equipment and storage medium
CN112600848A (en) * 2020-12-17 2021-04-02 上海芯安信息科技有限公司 Software upgrading package encapsulation method and device and software upgrading package decapsulation method and device
CN112579128A (en) * 2020-12-23 2021-03-30 恒为科技(上海)股份有限公司 Data processing method, upper computer, single chip microcomputer and system
CN114006762B (en) * 2021-11-01 2024-03-12 明珠数字科技股份有限公司 Method, system and storage medium for security verification among multiple servers
CN114006762A (en) * 2021-11-01 2022-02-01 明珠数字科技股份有限公司 Method, system and storage medium for safety verification among multiple servers
CN114281379A (en) * 2021-12-21 2022-04-05 上海银基信息安全技术股份有限公司 Software updating method and device based on OTA, equipment terminal, server terminal and storage medium
CN117009992A (en) * 2023-07-28 2023-11-07 广州汽车集团股份有限公司 Upgrade package processing method and device, electronic equipment and storage medium
CN117009992B (en) * 2023-07-28 2024-04-16 广州汽车集团股份有限公司 Upgrade package processing method and device, electronic equipment and storage medium
CN117240478B (en) * 2023-11-13 2024-02-13 深圳合纵富科技有限公司 POS machine data transmission method and system
CN117240478A (en) * 2023-11-13 2023-12-15 深圳合纵富科技有限公司 POS machine data transmission method and system
CN117492798A (en) * 2024-01-03 2024-02-02 广云物联网科技(广州)有限公司 Multi-chip multi-channel remote upgrading method and system
CN117492798B (en) * 2024-01-03 2024-03-08 广云物联网科技(广州)有限公司 Multi-chip multi-channel remote upgrading method and system
CN117556430A (en) * 2024-01-12 2024-02-13 上海芯联芯智能科技有限公司 Safe starting method, device, equipment and storage medium
CN117556430B (en) * 2024-01-12 2024-03-29 上海芯联芯智能科技有限公司 Safe starting method, device, equipment and storage medium

Also Published As

Publication number Publication date
CN110134424B (en) 2023-06-06

Similar Documents

Publication Publication Date Title
CN110134424A (en) Firmware upgrade method and system, server, smart machine, readable storage medium storing program for executing
EP3742696B1 (en) Identity management method, equipment, communication network, and storage medium
CN111585749B (en) Data transmission method, device, system and equipment
CN110493261B (en) Verification code obtaining method based on block chain, client, server and storage medium
CN109067539B (en) Alliance chain transaction method, alliance chain transaction equipment and computer readable storage medium
CN110380852B (en) Bidirectional authentication method and communication system
CN103067401B (en) Method and system for key protection
CN103729941B (en) A kind of main cipher key T MK method for safely downloading of terminal and system
US9948624B2 (en) Key downloading method, management method, downloading management method, device and system
US20130129087A1 (en) Secure Key Generation
CN109347627A (en) Data encryption/decryption method, device, computer equipment and storage medium
CN106357396A (en) Digital signature method, digital signature system and quantum key card
CN106341228B (en) A kind of virtual machine migration method, system and virtual machine move into end and end of moving out
CN110830242A (en) Key generation and management method and server
CN105956855B (en) Transaction method and transaction system of electronic signature device
CN109861956B (en) Data verification system, method, device and equipment based on state channel
CN105049434B (en) Identity identifying method and encryption communication method under a kind of peer to peer environment
CN109544747A (en) Encryption key update method, system and the computer storage medium of intelligent door lock
CN112600667B (en) Key negotiation method, device, equipment and storage medium
CN106060078A (en) User information encryption method, user registration method and user validation method applied to cloud platform
CN109600224A (en) A kind of SM2 key generation, endorsement method, terminal, server and storage medium
CN113326525B (en) Data processing method and device based on intelligent contract
CN113868672B (en) Module wireless firmware upgrading method, security chip and wireless firmware upgrading platform
CN109302286B (en) Fido equipment key index generation method
CN104868994B (en) Method, device and system for managing cooperative key

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant