CN110134424A - Firmware upgrade method and system, server, smart machine, readable storage medium storing program for executing - Google Patents
Firmware upgrade method and system, server, smart machine, readable storage medium storing program for executing Download PDFInfo
- Publication number
- CN110134424A CN110134424A CN201910410888.9A CN201910410888A CN110134424A CN 110134424 A CN110134424 A CN 110134424A CN 201910410888 A CN201910410888 A CN 201910410888A CN 110134424 A CN110134424 A CN 110134424A
- Authority
- CN
- China
- Prior art keywords
- data
- information
- smart machine
- packet
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/65—Updates
- G06F8/654—Updates using techniques specially adapted for alterable solid state memories, e.g. for EEPROM or flash memories
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/70—Software maintenance or management
- G06F8/71—Version control; Configuration management
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Stored Programmes (AREA)
- Information Transfer Between Computers (AREA)
Abstract
A kind of firmware upgrade method and system, server, smart machine, readable storage medium storing program for executing, the firmware upgrade method, include: to be split the corresponding data of target firmware, obtains N number of data segment, there are one-to-one integrity verification information for each data segment;Each data segment and corresponding integrity verification information are formed into a data packet respectively, and encrypted using each data packet of packet key pair, N number of encrypted packet is obtained;Wherein, there is one-to-one packet key in each data packet;The corresponding data information of the target firmware is sent to smart machine, the data information includes: the version information of the target firmware capacity, the number N of encrypted packet and the target firmware;After the feedback information for receiving the successful reception data information that the smart machine is sent, Xiang Suoshu smart machine sends N number of encrypted packet.Using the above scheme, it can be improved the long-range safety for carrying out data transmission when firmware upgrade.
Description
Technical field
The present invention relates to firmware upgrade technical field more particularly to a kind of firmware upgrade method and system, server, intelligence
Equipment, readable storage medium storing program for executing.
Background technique
Currently, embedded intelligent equipment has been widely used, application scenarios are also more complicated and changeable.In some applied fields
Under scape, there is the demand that firmware upgrade is carried out to the fixer system of smart machine.
Traditional firmware updating is all that scene updates firmware, i.e. engineer carries out firmware update to hardware at the scene.It is this existing
Field update mode has not adapted to the requirement of social productive forces development because of low efficiency at high cost.
Currently, more and more smart machines or the upgrading of hardware supported remote online, i.e. smart machine or hardware are from trend
The server in cloud requests firmware updating.This long-range carry out firmware upgrade mode be not necessarily to user's operation or intervention, to user with
It is convenient to have come.But the data transmission security of above-mentioned remote upgrade mode is lower.
Summary of the invention
Present invention solves the technical problem that data transmission security is lower when being long-range progress firmware upgrade.
In order to solve the above technical problems, the embodiment of the present invention provides a kind of firmware upgrade method, comprising: by target firmware pair
The data answered are split, and obtain N number of data segment, there are one-to-one integrity verification information for each data segment;Point
Each data segment and the corresponding integrity verification information data packet is not formed into, and each using packet key pair
The data packet is encrypted, and N number of encrypted packet is obtained;Wherein, each data packet exists one-to-one described
Packet key;The corresponding data information of the target firmware is sent to smart machine, the data information includes: the target firmware
The version information of capacity, the number N of the encrypted packet and the target firmware;It is sent receiving the smart machine
The successful reception data information feedback information after, Xiang Suoshu smart machine sends N number of encrypted packet.
Optionally, it is described the corresponding data of target firmware are split before, further includes: to the smart machine into
Row certification.
Optionally, described that the smart machine is authenticated, comprising: to receive the first encryption that the smart machine is sent
Data, first encryption data be the smart machine using the second public key to the first signed data, the first random number and
The identification information of the smart machine is encrypted to obtain, and first signed data is that the smart machine uses the first private key
Information relevant to current firmware is signed to obtain;First encryption data is decrypted using the second private key, is obtained
The identification information and first signed data of the smart machine are taken, second private key is corresponding with second public key;Root
The first public key that the smart machine is obtained according to the identification information of the smart machine, using first public key to described first
Signed data is verified;After being proved to be successful to first signed data, using second private key to described first with
Machine number, first signed data be proved to be successful information and server relevant information is signed to obtain the second number of signature
According to;Second signed data and the second random number are encrypted using first public key, obtain the second encryption data, and
Second encryption data is sent to the smart machine;So that the smart machine is using first private key to described the
Two encryption datas are decrypted, and obtain second random number and second signed data, and use second public key
Second signed data is verified;It receives the smart machine and information is proved to be successful to second signed data
Afterwards, the certification to the smart machine is completed.
Optionally, it is described the corresponding data of target firmware are split before, further includes: with the smart machine into
Row key agreement counts according to the first secret information, default random number and the first counter and generates the packet key;Wherein,
First secret information is generated according to the first public key of the second private key and the smart machine.
Optionally, described to be encrypted using each data packet of packet key pair, comprising: using the packet key and base
Each data packet is encrypted in symmetric encipherment algorithm.
Optionally, described in the feedback information for receiving the successful reception data information that the smart machine is sent
Afterwards, Xiang Suoshu smart machine sends N number of encrypted packet, comprising: connects receiving the success that the smart machine is sent
After the feedback information for receiving the data information, Xiang Suoshu smart machine sends the 1st encrypted packet;It is described receiving
After the feedback information that i-th of encrypted packet of smart machine feedback is properly received, Xiang Suoshu smart machine sends i-th
+ 1 encrypted packet, wherein 1≤i≤N-1.
Optionally, described to be split the corresponding data of target firmware, obtain N number of data segment, comprising: by the target
The corresponding data of firmware carry out average segmentation, obtain the identical data segment of N number of size.
Optionally, the integrity verification information is cryptographic Hash, and the cryptographic Hash is generated according to each data segment.
The embodiment of the present invention also provides another firmware upgrade method, comprising: the corresponding data information of target firmware is received,
The data information is generated by server, comprising: the number N and the target of the target firmware capacity, encrypted packet
The version information of firmware, wherein N is the number of the corresponding encrypted packet of the target firmware, and the server will be described
The corresponding data of target firmware are split, and obtain N number of data segment, there are one-to-one integralities to test for each data segment
Information is demonstrate,proved, each data segment and the corresponding integrity verification information are formed into a data packet respectively, and using packet
The each data packet of key pair is encrypted, and N number of encrypted packet is obtained;Wherein, each data packet exists one by one
The corresponding packet key;After being successfully received the data information, the transmission of Xiang Suoshu server has been properly received the number
It is believed that the feedback information of breath, so that the server after the feedback information for receiving the data information, is sent out to smart machine
Send N number of encrypted packet;Receive N number of encrypted packet.
Optionally, before receiving the corresponding data information of target firmware, further includes: authenticated to the server.
Optionally, described that the server is authenticated, comprising: using the second public key to the first signed data, first
The identification information of random number and smart machine is encrypted to obtain the first encryption data, and first encryption data is sent
To the server, first signed data is sign using the first private key pair information relevant to current firmware
It arrives;So that after the server receives first encryption data, using the second private key corresponding with second public key
First encryption data is decrypted, the identification information and first signed data of the smart machine are obtained, according to
The identification information of the smart machine obtains the first public key of the smart machine, using first public key to first label
Name data are verified;Receive the second encryption data;Second encryption data is the server to first number of signature
After being proved to be successful, the second signed data and the second random number are encrypted to obtain using first public key, wherein described
Second signed data is that the server tests first random number, first signed data using second private key
Card successful information and server relevant information are signed to obtain;Using first private key to second encryption data into
Row decryption obtains second random number and second signed data, and using second public key to second label
Name data are verified, after being proved to be successful to second signed data, the second signature described in Xiang Suoshu server feedback
Data are proved to be successful information, so that the server receives being proved to be successful after information of second signed data, it is complete
The certification of the pairs of server.
Optionally, it is described reception server send the corresponding data information of target firmware before, further includes: with it is described
Server carries out key agreement, counts according to the second secret information, default random number and the second counter and generates the Bao Mi
The corresponding decruption key of key;Wherein, second secret information is raw according to the second public key of the first private key and the server
At.
The embodiment of the present invention also provides a kind of server, comprising: cutting unit, be suitable for by the corresponding data of target firmware into
Row segmentation, obtains N number of data segment, there are one-to-one integrity verification information for each data segment;Encryption unit is suitable for
Each data segment and the corresponding integrity verification information are formed into a data packet respectively, and every using packet key pair
A data packet is encrypted, and N number of encrypted packet is obtained;Wherein, there is one-to-one institute in each data packet
State packet key;First transmission unit sends the corresponding data information of the target firmware, the data packets to smart machine
It includes: the version information of the target firmware capacity, the number N of the encrypted packet and the target firmware;And it is connecing
Receive after the smart machine is properly received the feedback information of the data information, Xiang Suoshu smart machine send it is N number of described plus
Ciphertext data packet.
Optionally, the server further include: the first authentication unit, suitable for being authenticated to the smart machine.
Optionally, first authentication unit, the first encryption data sent suitable for receiving the smart machine, described the
One encryption data is that the smart machine uses the second public key to the first signed data, the first random number and the smart machine
Identification information encrypted to obtain, first signed data be the smart machine use the first private key pair and current firmware
Relevant information is signed to obtain;First encryption data is decrypted using the second private key, the intelligence is obtained and sets
Standby identification information and first signed data, second private key are corresponding with second public key;It is set according to the intelligence
Standby identification information obtains the first public key of the smart machine, is carried out using first public key to first signed data
Verifying;After being proved to be successful to first signed data, using second private key to first random number, described first
Signed data be proved to be successful information and server relevant information is signed to obtain the second signed data;Using described first
Public key encrypts second signed data and the second random number, obtains the second encryption data, and described second is encrypted
Data are sent to the smart machine;So that the smart machine carries out second encryption data using first private key
Decryption obtains second random number and second signed data, and using second public key to second signature
Data are verified;Receive the smart machine to second signed data be proved to be successful information after, complete with it is described
The certification of smart machine.
Optionally, the server further include: the first negotiation element, suitable for being divided by the corresponding data of target firmware
Before cutting, key agreement is carried out with the smart machine, according to the first secret information, default random number and the first counter counts
Number generates the packet key;Wherein, first secret information is according to the second private key and the first public key of the smart machine
It generates.
Optionally, the encryption unit is suitable for using the packet key and based on symmetric encipherment algorithm to each number
It is encrypted according to packet.
Optionally, first transmission unit, suitable in the successful reception number for receiving the smart machine transmission
It is believed that Xiang Suoshu smart machine sends the 1st encrypted packet after the feedback information of breath;And receiving the intelligence
After the feedback information that i-th of encrypted packet of equipment feedback is properly received, Xiang Suoshu smart machine sends i+1
The encrypted packet, wherein 1≤i≤N-1.
Optionally, the cutting unit obtains N number of suitable for the corresponding data of the target firmware are carried out average segmentation
The identical data segment of size.
Optionally, the integrity verification information is cryptographic Hash, and the cryptographic Hash is generated according to each data segment.
The embodiment of the present invention also provides a kind of smart machine, comprising: the first receiving unit, suitable for receiving server transmission
The corresponding data information of target firmware, the data information includes: the target firmware capacity, encrypted packet number N with
And the version information of the target firmware, wherein N is the number of the corresponding encrypted packet of the target firmware, the clothes
The corresponding data of the target firmware are split by business device, obtain N number of data segment, and each data segment, which exists, to be corresponded
Integrity verification information, each data segment and the corresponding integrity verification information are formed into a data respectively
Packet, and encrypted using each data packet of packet key pair, obtain N number of encrypted packet;Wherein, each data packet
There is the one-to-one packet key;Second transmission unit, suitable for after being successfully received the data information, Xiang Suoshu
Server sends the feedback information for being properly received the data information, so that the server is receiving the data information
Feedback information after, send the N number of encrypted packet to smart machine;Second receiving unit is suitable for receiving N number of encryption
Data packet.
Optionally, the smart machine further include: the second authentication unit, suitable for being authenticated to the server.
Optionally, second authentication unit, be suitable for using the second public key to the first signed data, the first random number and
The identification information of smart machine is encrypted to obtain the first encryption data, and first encryption data is sent to the service
Device, first signed data are to be signed to obtain using the first private key pair information relevant to current firmware;So that described
After server receives first encryption data, added using the second private key corresponding with second public key to described first
Ciphertext data is decrypted, and the identification information and first signed data of the smart machine is obtained, according to the smart machine
Identification information obtain the first public key of the smart machine, first signed data is tested using first public key
Card;Receive the second encryption data;After second encryption data is proved to be successful first signed data for the server,
The second signed data and the second random number are encrypted to obtain using first public key, wherein second signed data
For the server use second private key to first random number, first signed data be proved to be successful information with
And server relevant information is signed to obtain;Second encryption data is decrypted using first private key, is obtained
Second random number and second signed data, and second signed data is tested using second public key
Card, after being proved to be successful to second signed data, the verifying of the second signed data described in Xiang Suoshu server feedback at
Function information is completed so that the server receives being proved to be successful after information of second signed data to the service
The certification of device.
Optionally, the server further include: the second negotiation element, suitable in the target firmware pair for receiving server transmission
Before the data information answered, key agreement is carried out with the server, according to the second secret information, default random number and second
Counter, which counts, generates the corresponding decruption key of the packet key;Wherein, second secret information according to the first private key and
Second public key of the server generates.
The embodiment of the present invention also provides another server, including memory and processor, is stored on the memory
The computer instruction that can be run on the processor, the processor execute any of the above-described kind when running the computer instruction
The step of firmware upgrade method.
The embodiment of the present invention also provides another smart machine, including memory and processor, stores on the memory
There is the computer instruction that can be run on the processor, the processor executes any of the above-described when running the computer instruction
The step of kind firmware upgrade method.
The embodiment of the present invention also provides a kind of firmware upgrade system, including any of the above-described kind of server and any of the above-described kind of intelligence
It can equipment.
The embodiment of the present invention also provides a kind of computer readable storage medium, is used for server, computer-readable storage medium
Matter is non-volatile memory medium or non-transitory storage media, is stored thereon with computer instruction, the computer instruction operation
The step of any of the above-described kind of firmware upgrade method of Shi Zhihang.
The embodiment of the present invention also provides another computer readable storage medium, is used for smart machine, computer-readable to deposit
Storage media is non-volatile memory medium or non-transitory storage media, is stored thereon with computer instruction, the computer instruction
The step of any of the above-described kind of firmware upgrade method is executed when operation.
Compared with prior art, the technical solution of the embodiment of the present invention has the advantages that
The corresponding data of target firmware are split to obtain N number of data segment, by each data segment and corresponding integrality
Verification information forms a data packet, and is encrypted using the one-to-one packet key pair data packet of each data packet, and
Encrypted N number of encrypted packet is sent to smart machine.By the way that the corresponding data of target firmware are divided into multiple data segments,
And encrypted using different packet data key packets, it realizes " one-packet key ", so as to improve in firmware upgrade process
In, the safety of the corresponding data of target firmware in the data transmission.
Detailed description of the invention
Fig. 1 is the flow chart of one of embodiment of the present invention firmware upgrade method;
Fig. 2 is the flow chart of another firmware upgrade method in the embodiment of the present invention;
Fig. 3 is one of embodiment of the present invention firmware upgrade schematic diagram;
Fig. 4 is the structural schematic diagram of one of embodiment of the present invention server;
Fig. 5 is the structural schematic diagram of one of embodiment of the present invention smart machine;
Fig. 6 is the verification process schematic diagram of one of the embodiment of the present invention server and smart machine.
Specific embodiment
As previously mentioned, currently, more and more smart machines or hardware supported remote online firmware upgrade, i.e. smart machine
Or hardware requests firmware updating from the server in trend cloud.This long-range carry out firmware upgrade mode is without user's operation or does
In advance, it is convenient to bring to user.But the data transmission security of above-mentioned remote upgrade mode is lower.
In the embodiment of the present invention, the corresponding data of target firmware are split to obtain N number of data segment, by each data segment
And corresponding integrity verification information forms a data packet, and uses the one-to-one packet key pair data of each data packet
Packet is encrypted, and encrypted N number of data packet is sent to smart machine.It is more by being divided into the corresponding data of target firmware
A data segment, and encrypted using different packet data key packets, it realizes " one-packet key ", so as to improve in firmware
In escalation process, the safety of the corresponding data of target firmware in the data transmission.
It is understandable to enable the above-mentioned purpose, feature and beneficial effect of the embodiment of the present invention to become apparent, below with reference to attached
Figure is described in detail specific embodiments of the present invention.
The embodiment of the present invention provides a kind of firmware upgrade method, can be used for server.Referring to Fig.1, the present invention is given
A kind of flow chart of firmware upgrade method, is illustrated below by way of specific steps in embodiment.
Step 11, the corresponding data of target firmware are split, obtain N number of data segment.
In specific implementation, firmware upgrade operation can be triggered using various ways.
In an embodiment of the present invention, smart machine regular visit server, obtaining whether there is some on server
The corresponding more new version of firmware.It, can be to service when smart machine detects on server there are when the more new version of the firmware
Device initiates firmware upgrade operation request, to trigger firmware upgrade operation.
In an alternative embodiment of the invention, when server detects that the corresponding firmware of smart machine exists compared with lowest version,
Trigger firmware upgrade operation.
In the embodiment of the present invention, for ease of description, referred to as by the more new version of some firmware existing on server
For target firmware.
In specific implementation, when carrying out firmware upgrade, the corresponding data of target firmware can be split by server,
N number of data segment is obtained, and distributes one-to-one integrity verification information for each data segment.The corresponding integrality of data segment is tested
Card information can verify the correctness of the data segment, whether mistake occur to verify the data segment in data transmission procedure.
In embodiments of the present invention, the corresponding integrity verification information of data segment can be Hash (HASH) value.It can manage
Solution can also be able to verify that the information of data segment correctness is believed as integrity verification in practical applications using other
Breath, can be selected according to practical application request.
In specific implementation, the corresponding data of target firmware can be carried out average segmentation by server, to obtain N number of big
Small identical data segment;The corresponding data of target firmware can also be carried out non-average mark and cut by server, to obtain N number of size
Different data segments.
Step 12, each data segment and corresponding integrity verification information are formed into a data packet respectively, and using packet
The each data packet of key pair is encrypted, and N number of encrypted packet is obtained.
In specific implementation, server, can be a pair of by each data segment and its one respectively after obtaining N number of data segment
The integrity verification information answered forms a data packet, so as to obtain N number of data packet.Later, using with data packet one by one
Corresponding packet key pair data packet is encrypted, to obtain N number of encrypted packet.
In specific implementation, server can add each data packet using packet key and based on symmetric encipherment algorithm
It is close.It is understood that server can also encrypt each data packet using other Encryption Algorithm, it need to only meet intelligence
The data packet of encryption can be decrypted in equipment, and details are not described herein again.
Step 13, the corresponding data information of target firmware is sent to smart machine.
In specific implementation, for the accuracy of improve data transfer, server can be by the corresponding data of target firmware
Information is sent to smart machine, with the related data information of target firmware needed for informing smart machine.In the embodiment of the present invention
In, the data information of target firmware may include: the version of target firmware capacity, the number N of encrypted packet and target firmware
This information.It is understood that data information can also include other information relevant to target firmware.
In embodiments of the present invention, in order to further increase data transmission security, the data information of target firmware can be with
Including integrity verification information corresponding to data information.The corresponding integrity verification information of data information can be data information
Corresponding HASH value.Later, server can also be encrypted using packet data key information, and by the data after encryption
Information is sent to smart machine.
After smart machine receives data information, it can be sent to server and be properly received the data information
Feedback information, feedback information have been successfully received data information for identifying smart machine.
Step 14, after receiving the feedback information of successful data reception information of smart machine transmission, to smart machine
Send N number of encrypted packet.
It in specific implementation, can be by N number of encryption data after server receives the feedback information of smart machine transmission
Packet is sent to smart machine.
In an embodiment of the present invention, it is the safety for further increasing data transmission, sends one to smart machine every time
A encrypted packet.Specifically, when server receives the feedback for being successfully received data information of smart machine transmission
After information, the 1st encrypted packet is sent to smart machine, and wait the feedback information of smart machine.When smart machine receives
To after the 1st encrypted packet, the 1st encrypted packet can be fed back and receive successful information.For example, sending an ACK letter
Number successful information is received as the 1st encrypted packet.Being successfully received for smart machine feedback is received in server
After the feedback information of 1st encrypted packet, the 2nd encrypted packet is sent to smart machine.And so on, in server
Being successfully received after the feedback information of i-th of encrypted packet for smart machine feedback is received, is sent to smart machine
I+1 encrypted packet, and so on, until completing the transmission of N number of encrypted packet, wherein 1≤i≤N-1.
By above scheme it is found that the corresponding data of target firmware are split to obtain N number of data segment, by each data segment
And corresponding integrity verification information forms a data packet, and uses the one-to-one packet key pair data of each data packet
Packet is encrypted, and encrypted N number of data packet is sent to smart machine.It is more by being divided into the corresponding data of target firmware
A data segment, and encrypted using different packet data key packets, it realizes " one-packet key ", so as to improve in firmware
In escalation process, the safety of the corresponding data of target firmware in the data transmission.
In specific implementation, in order to further increase the safety that data are transmitted in firmware upgrade process, consolidate by target
Before the corresponding data of part are split, smart machine can also be authenticated.
Referring to Fig. 6, the verification process signal between one of embodiment of the present invention server and smart machine is given
Figure.Below with reference to Fig. 6, the verification process of server and smart machine is illustrated, can specifically include following steps:
Smart machine has the first private key and the first public key corresponding with the first private key.Server have the second private key with
And the second public key corresponding with the second private key.Smart machine and server can carry out exchange of public keys, when the two carries out public key friendship
After alternatively, available the second public key to server of smart machine, available the first public key to smart machine of server.
Step S601, smart machine generate the first encryption data.
In specific implementation, smart machine is signed to obtain the using the first private key pair information relevant to current firmware
One signed data.Smart machine generates the first random number, using the second public key to the first signed data, the first random number and intelligence
The identification information of energy equipment carries out encryption and generates the first encryption data.The identification information of smart machine can be smart machine
ID, or other are capable of the information of unique identification smart machine.
First encryption data is sent to server by step S602, smart machine.
Step S603, server receive the first encryption data.
The first encryption data is decrypted in step S604, server, and verifies to the first signed data.
In specific implementation, after server receives the first encryption data, using the second private key to the first encryption data
It is decrypted, obtains the identification information and the first signed data of smart machine.Believed according to the mark of accessed smart machine
Breath, inquires the first public key of smart machine.Server is decrypted the first signed data using the first public key, and signs to first
Name data are verified.
Step S605, server generate the second encryption data.
After server is proved to be successful the first signed data, using the second private key to the first random number, the first number of signature
According to be proved to be successful information and server relevant information is signed to obtain the second signed data.It is random that server generates second
Number, encrypts the second signed data and the second random number using the first public key, generates the second encryption data.
Second encryption data is sent to smart machine by step S606, server.
Step S607, smart machine receive the second encryption data.
The second encryption data is decrypted in step S608, smart machine, and verifies to the second signed data.
After smart machine receives the second encryption data, the second encryption data is decrypted using the first private key, is obtained
The second random number and the second signed data are taken, and the second signed data is verified using the second public key.
Step S609, smart machine the second signed data of transmission are proved to be successful information to server.
After smart machine is proved to be successful the second signed data, send the second signed data is proved to be successful information extremely
Server.
Step S610, server receive the information that is proved to be successful of the second signed data, complete the certification with smart machine.
When server receives smart machine to the second signed data after being proved to be successful information, complete and smart machine
Certification.
In specific implementation, before step 11, namely before being split the corresponding data of target firmware, service
Device can also carry out key agreement with smart machine, to determine the generating mode of packet key.
In specific implementation, server can be authenticated first with smart machine, after completing certification, be carried out with smart machine
Key agreement executes step 11 after completing key agreement with smart machine.
In specific implementation, server can carry out exchange of public keys with smart machine, and server gives the second public key to intelligence
Energy equipment, smart machine give the first public key to server.
In specific implementation, server can use Elliptic Curve Cryptography (Elliptic Curve
Cryptography, ECC) algorithm obtains corresponding second public key and the second private key.Smart machine can obtain first using ECC
Public key and the first private key.It is understood that server and smart machine can also be respective using the generation of other Encryption Algorithm
Public key and private key.
Server can generate the first secret information according to the second private key and the first public key, and according to the first secret information,
Default random number and the first counter, which count, generates packet key.The initial count of first counter is 0, and server is every to send one
A data packet receives a data packet, and count is incremented for the first counter.With the transmission and reception of data packet, first
Counter counts difference, therefore the corresponding packet key of each data packet that server generates is different.
Smart machine can generate the second secret information according to the first private key and the second public key, and according to the second secret letter
Breath, default random number and the second counter, which count, generates the corresponding decruption key of packet key.The initial count of second counter is
0, smart machine one data packet of every transmission or a data packet is received, count is incremented for the second counter.With data packet
Transmission and reception, the second counter counts different, therefore the corresponding packet key of each data packet that server generates is different.
In specific implementation, default random number can use the second random number, can also use the first random number, can be with
The random number negotiated using other servers and smart machine, herein without limitation.
Using ECC key agreement, available first secret information of server, the secret letter of smart machine available second
Breath, the secret information that the first secret information and the second secret information are shared each other.Simultaneously by being arranged corresponding with server the
One counter, the second counter corresponding with smart machine can be with synchronous package key and decruption key corresponding with packet key
Generation, the corresponding packet key of data packet may be implemented and decruption key, safety are higher.
Since the firmware of smart machine is normally stored in flash memory (FLASH), in firmware upgrade process, by target firmware
Data be divided into N number of encrypted packet and sent, and individually each encrypted packet is handled, is received without disposable
Complete firmware data, occupied memory when so as to reduce smart machine progress firmware upgrade.
The embodiment of the present invention also provides another firmware upgrade method, can be used for smart machine.Referring to Fig. 2, give
The flow chart of another firmware upgrade method, can specifically include following steps in the embodiment of the present invention.
Step 21, the corresponding data information of target firmware is received.
In specific implementation, when carrying out firmware upgrade to smart machine, it is corresponding that smart machine can receive target firmware
Data information.
The corresponding data information of target firmware can be generated by server.Data information may include: target firmware capacity,
The number N of encrypted packet and the version information of target firmware, wherein N is the number of the corresponding encrypted packet of target firmware
Mesh.
In specific implementation, the corresponding data of target firmware are split by server, obtain N number of data segment, and are every
A data segment distributes one-to-one integrity verification information, respectively by each data segment and corresponding integrity verification information group
At a data packet, N number of data packet is obtained.It is encrypted using with the one-to-one packet key pair data packet of data packet, from
And obtain N number of encrypted packet.
After server generates corresponding N number of encrypted packet, the corresponding data information of target firmware can be further generated,
Target firmware capacity, the number N of encrypted packet and version information of target firmware etc. are sent to intelligence by data information
It can equipment.Smart machine can know the relevant information of target firmware after receiving data information.
Step 22, after being successfully received data information, the feedback letter for being properly received data information is sent to server
Breath.
In specific implementation, after smart machine receives data information, data information can be decrypted and is confirmed.
For example, confirming whether the data information received is correct according to the HASH value carried in data information.When confirmation is successfully received
After data information, the feedback information for being successfully received data information is sent to server.
Step 23, N number of encrypted packet is received.
In specific implementation, server is in the feedback letter for being successfully received data information for receiving smart machine feedback
After breath, N number of encrypted packet is sent to smart machine.
It in specific implementation, is the safety for further increasing data transmission, server can send N number of add as follows
Ciphertext data packet:
Server sends an encrypted packet to smart machine every time.Specifically, being set when server receives intelligence
After being successfully received the feedback information of data information for what is fed back, the 1st encrypted packet is sent to smart machine, and wait
The feedback of smart machine.After smart machine is successfully received the 1st encrypted packet, it can feed back and be successfully received
The feedback information of 1 encrypted packet.Receive smart machine feedback be successfully received the anti-of the 1st encrypted packet
After feedforward information, the 2nd encrypted packet is sent to smart machine, and so on, receiving having become for smart machine feedback
After function receives the feedback information of i-th of encrypted packet, i+1 encrypted packet is sent to smart machine, with such
It pushes away, until completing the transmission of N number of encrypted packet, wherein 1≤i≤N-1.
In specific implementation, after smart machine receives N number of encrypted packet, it is also necessary to N number of encrypted packet
It is decrypted, needs to use decruption key corresponding with packet key in decryption.Decruption key corresponding with packet key is intelligence
Equipment and server carry out key agreement, and count and generate according to the second secret information, default random number and the second counter.
Second secret information is generated according to the second public key of the first private key of smart machine and server, the initial count of the second counter
It is 0, count is incremented for second counter of data packet of smart machine one data packet of every receipts or every transmission.
In specific implementation, in order to further increase the data transmission security in firmware upgrade process, step is being executed
Before 21 namely smart machine is before receiving the corresponding data information of target firmware, can also authenticate to server.
In embodiments of the present invention, smart machine can in the following way authenticate server:
Smart machine is signed to obtain the first signed data using the first private key pair information relevant to current firmware.Intelligence
Energy equipment generates the first random number, using the second public key to the mark of the first signed data, the first random number and smart machine
Information is encrypted to obtain the first encryption data, and the first encryption data is sent to server.The identification information of smart machine
It can be the ID of smart machine, or other are capable of the information of unique identification smart machine.
After server receives the first encryption data, the first encryption data is decrypted using the second private key, obtains intelligence
The identification information of energy equipment.According to the identification information of accessed smart machine, the first public key of smart machine is inquired.Service
Device is decrypted the first signed data using the first public key, and verifies to the first signed data.When to the first number of signature
After being proved to be successful, information and server phase are proved to be successful to the first random number, the first signed data using the second private key
Information is closed to be signed to obtain the second signed data.Server generates the second random number, and is signed using the first public key to second
Data and the second random number are encrypted, and obtain the second encryption data, and the second encryption data is sent to smart machine.
After smart machine receives the second encryption data, the second encryption data is decrypted using the first private key, is obtained
The second random number and the second signed data are taken, and the second signed data is verified using the second public key, and check first
The consistency of random number.After being proved to be successful to the second signed data namely when the verification of the consistency of the first random number passes through,
Send the second signed data is proved to be successful information to server, completes the certification to server.
When server receives smart machine to the second signed data after being proved to be successful information, completion is to smart machine
Certification.
The embodiment of the present invention is better understood and realized for the ease of those skilled in the art, in conjunction with Fig. 3, gives this hair
A kind of firmware upgrade schematic diagram, is described in detail below in bright embodiment.
Step 31, server and smart machine carry out mutual authentication.
In specific implementation, the verification process of server and smart machine can refer to Fig. 6 and the above embodiment of the present invention
In to the description in the verification process of server and smart machine, details are not described herein again.
Step 32, server and smart machine carry out ECC key agreement.
In specific implementation, server and smart machine carry out ECC key agreement, and carry out exchange of public keys, to service
Available the first public key to smart machine of device, and the first secret information is generated according to the first public key and the second private key.Service
Device counts according to the first secret information, default random number and the first counter and generates packet key.Due to server it is every transmission or
After person receives a data packet, the counting of the first counter can change, to carry out every time to sent data packet
Packet key generated is different when encryption, so as to ensure that each data packet is corresponding with packet key one by one.
Available the second public key to server of smart machine, and it is secret according to the second public key and the generation second of the first private key
Confidential information, smart machine are corresponding according to the second secret information, default random number and the second counter counting generation packet key
Decruption key.
The count initialized of first counter and the second counter can be identical, such as can since 0 ing, server with
In the normal transmission data procedures of smart machine, server is encrypted to obtain the using i-th of packet key pair, i-th of data packet
I encrypted packet.Smart machine generates i-th of decruption key for decrypting i-th of encrypted packet, and i-th of decryption is close
Key is corresponding with i-th of packet key, can decrypt i-th of encrypted packet using i-th of decruption key.
Step 33, the corresponding data of target firmware are split and are packaged processing by server.
For example, server by the corresponding packet segmentation of target firmware at 10 segments, obtain 10 data segments.Every number
There is corresponding HASH value according to Duan Jun, each data segment forms a data packet with corresponding HASH value, obtains 10 data packets.
Step 34, server encrypts each data packet, encrypted packet is then sent to smart machine, each
Data packet uses different packet keys.
In specific implementation, the corresponding data packet of data information that target firmware is sent to smart machine, can also use
Corresponding packet key is encrypted, and includes corresponding HASH value in the corresponding data packet of data information of target firmware.
For example, data information includes: target firmware capacity is 1500M, and the number of encrypted packet is 10, V3 version.
Server is after receiving the feedback information of successful data reception information of smart machine transmission, the first counter counts
Number plus 1.Server counts according to the first secret information, default random number and the first counter after adding 1 and generates the 1st data
Corresponding packet key is wrapped, and the 1st data packet is encrypted, obtains the 1st encrypted packet, and be sent to smart machine.
Smart machine is waited to feed back the reception of the 1st encrypted packet.When the reception for receiving the 1st encrypted packet is successfully fed back
Later, the first counter counts adds 1 again.Server is according to the first secret information, default random number and the first meter again plus after 1
Rolling counters forward generates the corresponding packet key of the 2nd data packet, and encrypts to the 2nd data packet, obtains the 2nd encryption data
Packet, and it is sent to smart machine, and so on, until completing the transmission of 10 encrypted packets.
Step 35, smart machine is decrypted the encrypted packet received and carries out HASH value verification.
After smart machine receives data information, data information is verified by HASH value, when verification result just
When true, to the feedback information of server feedback successful data reception information.
When receiving the 1st encrypted packet, using generated corresponding with the 1st packet key of encrypted packet
The 1st encrypted packet is decrypted in decruption key, and is verified by HASH value to the 1st encrypted packet.When testing
When demonstrate,proving successfully, the feedback information for being properly received the 1st encrypted packet is sent to server.And so on, complete 10 encryptions
The reception of data packet.
Referring to Fig. 4, the embodiment of the present invention also provides a kind of server.Server 40 may include: cutting unit 41, encryption
Unit 42, the first transmission unit 43, in which:
Cutting unit 41 obtains N number of data segment, each number suitable for being split the corresponding data of target firmware
According to section, there are one-to-one integrity verification information;
Encryption unit 42 is suitable for that each data segment and the corresponding integrity verification information are formed one respectively
Data packet, and encrypted using each data packet of packet key pair, obtain N number of encrypted packet;Wherein, each number
There is the one-to-one packet key according to Bao Jun;
First transmission unit 43 sends the corresponding data information of the target firmware, the data information to smart machine
It include: the version information of the target firmware capacity, the number N of the encrypted packet and the target firmware;And
It receives after the smart machine is properly received the feedback information of the data information, Xiang Suoshu smart machine sends N number of described
Encrypted packet.
In specific implementation, the server 40 can also include: the first authentication unit 44, be suitable for the smart machine
It is authenticated.
In specific implementation, first authentication unit 44, the first encryption number sent suitable for receiving the smart machine
According to first encryption data is for the smart machine using the second public key to the first signed data, the first random number and institute
The identification information for stating smart machine is encrypted to obtain, and first signed data is that the smart machine uses the first private key pair
Information relevant to current firmware is signed to obtain;First encryption data is decrypted using the second private key, is obtained
The identification information of the smart machine and first signed data, second private key are corresponding with second public key;According to
The identification information of the smart machine obtains the first public key of the smart machine, using first public key to first label
Name data are verified;It is random to described first using second private key after being proved to be successful to first signed data
Several, described first signed data be proved to be successful information and server relevant information is signed to obtain the second signed data;
Second signed data and the second random number are encrypted using first public key, obtain the second encryption data, and will
Second encryption data is sent to the smart machine;So that the smart machine is using first private key to described second
Encryption data is decrypted, and obtains second random number and second signed data, and use second public key pair
Second signed data is verified;The smart machine is received to the feedback of second signed data being proved to be successful
After information, the certification to the smart machine is completed.
In specific implementation, the server 40 can also include: the first negotiation element 45, suitable for consolidating target described
Before the corresponding data of part are split, key agreement is carried out with the smart machine, according to the first secret information, is preset at random
Several and the first counter, which counts, generates the packet key;Wherein, first secret information is according to the second private key and described
First public key of smart machine generates.
In specific implementation, the encryption unit 42 is suitable for using the packet key and based on symmetric encipherment algorithm to every
A data packet is encrypted.
In specific implementation, first transmission unit 43, suitable for being connect in the success for receiving the smart machine transmission
After the feedback information for receiving the data information, Xiang Suoshu smart machine sends the 1st encrypted packet;And it is receiving
After the feedback information that i-th of encrypted packet of the smart machine feedback is properly received, Xiang Suoshu smart machine hair
Send i+1 the encrypted packet, wherein 1≤i≤N-1.
In specific implementation, the cutting unit 41, suitable for the corresponding data of the target firmware are carried out average segmentation,
Obtain the identical data segment of N number of size.
In specific implementation, the integrity verification information is cryptographic Hash, and the cryptographic Hash is according to each data segment
It generates.
In specific implementation, the working principle and workflow of the server 40 can refer to the above embodiment of the present invention
Description in a kind of firmware upgrade method of middle offer, details are not described herein again.
Referring to Fig. 5, the embodiment of the present invention also provides a kind of smart machine.The smart machine 50 may include: first to connect
Receive unit 51, the second transmission unit 52 and the second receiving unit 53, in which:
First receiving unit 51, the corresponding data information of target firmware sent suitable for receiving server, the data letter
Breath includes: the version information of the target firmware capacity, the number N of encrypted packet and the target firmware, and wherein N is institute
The number of the corresponding encrypted packet of target firmware is stated, the server is divided the corresponding data of the target firmware
It cuts, obtains N number of data segment, there are one-to-one integrity verification information for each data segment, respectively by each number
A data packet is formed according to section and the corresponding integrity verification information, and is carried out using each data packet of packet key pair
Encryption, obtains N number of encrypted packet;Wherein, there is the one-to-one packet key in each data packet;
Second transmission unit 52, suitable for after being successfully received the data information, the transmission of Xiang Suoshu server has succeeded
The feedback information of the data information is received, so that the server is after the feedback information for receiving the data information, to
Smart machine sends N number of encrypted packet;
Second receiving unit 53 is suitable for receiving N number of encrypted packet.
In specific implementation, the smart machine 50 can also include: the second authentication unit 54, be suitable for the server
It is authenticated.
In specific implementation, second authentication unit 54, be suitable for using the second public key to the first signed data, first with
The identification information of machine number and smart machine is encrypted to obtain the first encryption data, and first encryption data is sent to
The server, first signed data are to be signed to obtain using the first private key pair information relevant to current firmware;
So that after the server receives first encryption data, using the second private key corresponding with second public key to institute
It states the first encryption data to be decrypted, the identification information and first signed data of the smart machine is obtained, according to described
The identification information of smart machine obtains the first public key of the smart machine, using first public key to first number of signature
According to being verified;Receive the second encryption data;Second encryption data is that the server tests first signed data
After demonstrate,proving successfully, the second signed data and the second random number are encrypted to obtain using first public key, wherein described second
Signed data be the server using second private key to the verifying of first random number, first signed data at
Function information and server relevant information are signed to obtain;Second encryption data is solved using first private key
It is close, second random number and second signed data are obtained, and using second public key to second number of signature
According to being verified, after being proved to be successful to second signed data, the second signed data described in Xiang Suoshu server feedback
Be proved to be successful information so that the server receives being proved to be successful after information of second signed data, complete pair
The certification of the server.
In specific implementation, the smart machine 50 can also include: the second negotiation element 55, be suitable for receiving server
Before the corresponding data information of the target firmware of transmission, key agreement is carried out with the server, according to the second secret information, in advance
If random number and the second counter, which count, generates the corresponding decruption key of the packet key;Wherein, second secret information
It is generated according to the second public key of the first private key and the server.
In specific implementation, the working principle and workflow of the smart machine 50 can refer to the embodiment of the present invention
The description in any of the above-described kind of firmware upgrade method provided, details are not described herein again.
The embodiment of the present invention also provides another server, including memory and processor, is stored on the memory
The computer instruction that can be run on the processor, the processor, which executes the present invention when running the computer instruction, to be implemented
The step of any of the above-described kind of example offer is used for the firmware upgrade method of server.
The embodiment of the present invention also provides another smart machine, including memory and processor, stores on the memory
There is the computer instruction that can be run on the processor, it is real that the processor executes the present invention when running the computer instruction
The step of applying any of the above-described kind that example the provides firmware upgrade method for smart machine.
The embodiment of the present invention also provides a kind of firmware upgrade system, including any of the above-described kind of clothes provided in an embodiment of the present invention
Business device and any of the above-described kind of smart machine.
In specific implementation, the working principle and workflow of firmware upgrade system, can be with reference to the above-mentioned implementation of the present invention
Description in description in example to server and smart machine, and the firmware upgrade method of offer, details are not described herein again.
The embodiment of the present invention also provides a kind of computer readable storage medium, is used for server, computer-readable storage medium
Matter is non-volatile memory medium or non-transitory storage media, is stored thereon with computer instruction, the computer instruction operation
Any of the above-described kind provided in an embodiment of the present invention of Shi Zhihang be used for server firmware upgrade method the step of.
The embodiment of the present invention also provides a kind of computer readable storage medium, is used for smart machine, computer-readable storage
Medium is non-volatile memory medium or non-transitory storage media, is stored thereon with computer instruction, the computer instruction fortune
The step of any of the above-described kind provided in an embodiment of the present invention firmware upgrade method for smart machine is executed when row.
Those of ordinary skill in the art will appreciate that all or part of the steps in the various methods of above-described embodiment is can
It is completed with instructing relevant hardware by program, which can store in any computer readable storage medium storing program for executing, deposit
Storage media may include: ROM, RAM, disk or CD etc..
Although present disclosure is as above, present invention is not limited to this.Anyone skilled in the art are not departing from this
It in the spirit and scope of invention, can make various changes or modifications, therefore protection scope of the present invention should be with claim institute
Subject to the range of restriction.
Claims (29)
1. a kind of firmware upgrade method characterized by comprising
The corresponding data of target firmware are split, N number of data segment is obtained, each data segment exists one-to-one complete
Integrity verification information;
Each data segment and the corresponding integrity verification information are formed into a data packet respectively, and use packet key
Each data packet is encrypted, N number of encrypted packet is obtained;Wherein, each data packet exists and corresponds
The packet key;
The corresponding data information of the target firmware is sent to smart machine, the data information includes: the target firmware holds
The version information of amount, the number N of the encrypted packet and the target firmware;
After the feedback information for receiving the successful reception data information that the smart machine is sent, Xiang Suoshu smart machine
Send N number of encrypted packet.
2. firmware upgrade method according to claim 1, which is characterized in that it is described by the corresponding data of target firmware into
Before row segmentation, further includes:
The smart machine is authenticated.
3. firmware upgrade method according to claim 2, which is characterized in that it is described that the smart machine is authenticated,
Include:
The first encryption data that the smart machine is sent is received, first encryption data is that the smart machine uses second
Public key is encrypted to obtain to the identification information of the first signed data, the first random number and the smart machine, and described first
Signed data is that the smart machine is signed to obtain using the first private key pair information relevant to current firmware;
First encryption data is decrypted using the second private key, obtains the identification information and described of the smart machine
One signed data, second private key are corresponding with second public key;
The first public key that the smart machine is obtained according to the identification information of the smart machine, using first public key to institute
The first signed data is stated to be verified;
After being proved to be successful to first signed data, using second private key to first random number, described first
Signed data be proved to be successful information and server relevant information is signed to obtain the second signed data;
Second signed data and the second random number are encrypted using first public key, obtain the second encryption data,
And second encryption data is sent to the smart machine;So that the smart machine is using first private key to described
Second encryption data is decrypted, and obtains second random number and second signed data, and public using described second
Key verifies second signed data;
Receive the smart machine to second signed data be proved to be successful information after, complete to the smart machine
Certification.
4. firmware upgrade method according to claim 1, which is characterized in that it is described by the corresponding data of target firmware into
Before row segmentation, further includes:
Key agreement is carried out with the smart machine, is counted according to the first secret information, default random number and the first counter
Generate the packet key;Wherein, first secret information is raw according to the first public key of the second private key and the smart machine
At.
5. firmware upgrade method according to claim 1, which is characterized in that described to use each data of packet key pair
Packet is encrypted, comprising:
Each data packet is encrypted using the packet key and based on symmetric encipherment algorithm.
6. firmware upgrade method according to any one of claims 1 to 5, which is characterized in that described to receive the intelligence
After the feedback information for the successful reception data information that energy equipment is sent, Xiang Suoshu smart machine sends N number of encryption number
According to packet, comprising:
After the feedback information for receiving the successful reception data information that the smart machine is sent, Xiang Suoshu smart machine
Send the 1st encrypted packet;
After the feedback information that i-th of encrypted packet for receiving the smart machine feedback is properly received, to institute
It states smart machine and sends the i+1 encrypted packet, wherein 1≤i≤N-1.
7. firmware upgrade method according to claim 1, which is characterized in that described to carry out the corresponding data of target firmware
Segmentation, obtains N number of data segment, comprising:
The corresponding data of the target firmware are subjected to average segmentation, obtain the identical data segment of N number of size.
8. firmware upgrade method according to claim 1, which is characterized in that the integrity verification information is cryptographic Hash,
The cryptographic Hash is generated according to each data segment.
9. a kind of firmware upgrade method characterized by comprising
The corresponding data information of target firmware is received, the data information is generated by server, comprising: the target firmware holds
The version information of amount, the number N of encrypted packet and the target firmware, wherein N is that the target firmware is corresponding described
The corresponding data of the target firmware are split by the number of encrypted packet, the server, obtain N number of data segment, often
There are one-to-one integrity verification information for a data segment, respectively by each data segment and corresponding described complete
Property verification information form a data packet, and encrypted using each data packet of packet key pair, obtain N number of encryption
Data packet;Wherein, there is the one-to-one packet key in each data packet;
After being successfully received the data information, Xiang Suoshu server sends the feedback letter for being properly received the data information
Breath, so that the server sends N number of encryption number after the feedback information for receiving the data information, to smart machine
According to packet;
Receive N number of encrypted packet.
10. firmware upgrade method according to claim 9, which is characterized in that receiving the corresponding data letter of target firmware
Before breath, further includes:
The server is authenticated.
11. firmware upgrade method according to claim 10, which is characterized in that it is described that the server is authenticated,
Include:
It is encrypted to obtain using identification information of second public key to the first signed data, the first random number and smart machine
One encryption data, and first encryption data is sent to the server, first signed data is using the first private
Key pair information relevant to current firmware is signed to obtain;So that the server receive first encryption data it
Afterwards, first encryption data is decrypted using the second private key corresponding with second public key, obtains the intelligence and sets
Standby identification information and first signed data obtains the of the smart machine according to the identification information of the smart machine
One public key verifies first signed data using first public key;
Receive the second encryption data;Second encryption data is that the server is proved to be successful first signed data
Afterwards, the second signed data and the second random number are encrypted to obtain using first public key, wherein second number of signature
Information is proved to be successful to first random number, first signed data using second private key according to for the server
And server relevant information is signed to obtain;
Second encryption data is decrypted using first private key, obtains second random number and described second
Signed data, and second signed data is verified using second public key, it is tested when to second signed data
After demonstrate,proving successfully, the second signed data described in Xiang Suoshu server feedback is proved to be successful information, so that the server receives
To second signed data be proved to be successful information after, complete certification to the server.
12. firmware upgrade method according to claim 9, which is characterized in that in the target that the reception server is sent
Before the corresponding data information of firmware, further includes:
Key agreement is carried out with the server, life is counted according to the second secret information, default random number and the second counter
At the corresponding decruption key of the packet key;Wherein, second secret information is according to the first private key and the server
Second public key generates.
13. a kind of server characterized by comprising
Cutting unit obtains N number of data segment, each data segment is deposited suitable for being split the corresponding data of target firmware
In one-to-one integrity verification information;
Encryption unit is suitable for that each data segment and the corresponding integrity verification information are formed a data respectively
Packet, and encrypted using each data packet of packet key pair, obtain N number of encrypted packet;Wherein, each data packet
There is the one-to-one packet key;
First transmission unit sends the corresponding data information of the target firmware to smart machine, and the data information includes: institute
State the version information of target firmware capacity, the number N of the encrypted packet and the target firmware;And receiving
It states after smart machine is properly received the feedback information of the data information, Xiang Suoshu smart machine sends N number of encryption data
Packet.
14. server according to claim 13, which is characterized in that further include: the first authentication unit is suitable for the intelligence
Energy equipment is authenticated.
15. server according to claim 14, which is characterized in that first authentication unit is suitable for receiving the intelligence
The first encryption data that energy equipment is sent, first encryption data are that the smart machine is signed using the second public key to first
The identification information of data, the first random number and the smart machine is encrypted to obtain, and first signed data is described
Smart machine is signed to obtain using the first private key pair information relevant to current firmware;Using the second private key to described first
Encryption data is decrypted, and obtains the identification information and first signed data of the smart machine, second private key with
Second public key is corresponding;The first public key that the smart machine is obtained according to the identification information of the smart machine, using institute
The first public key is stated to verify first signed data;After being proved to be successful to first signed data, using described
Second private key carries out be proved to be successful information and the server relevant information of first random number, first signed data
Signature obtains the second signed data;Second signed data and the second random number are encrypted using first public key,
The second encryption data is obtained, and second encryption data is sent to the smart machine;So that the smart machine uses
Second encryption data is decrypted in first private key, obtains second random number and second number of signature
According to, and second signed data is verified using second public key;The smart machine is received to described second
Signed data be proved to be successful information after, complete certification to the smart machine.
16. server according to claim 13, which is characterized in that further include: the first negotiation element is suitable for by target
Before the corresponding data of firmware are split, carry out key agreement with the smart machine, according to the first secret information, it is default with
Machine number and the first counter, which count, generates the packet key;Wherein, first secret information is according to the second private key and institute
The first public key for stating smart machine generates.
17. server according to claim 13, which is characterized in that the encryption unit is suitable for using the packet key
And each data packet is encrypted based on symmetric encipherment algorithm.
18. 3 to 17 described in any item servers according to claim 1, which is characterized in that first transmission unit is suitable for
After the feedback information for receiving the successful reception data information that the smart machine is sent, Xiang Suoshu smart machine is sent
1st encrypted packet;And it is properly received in i-th of encrypted packet for receiving the smart machine feedback
Feedback information after, Xiang Suoshu smart machine sends the i+1 encrypted packet, wherein 1≤i≤N-1.
19. server according to claim 13, which is characterized in that the cutting unit is suitable for the target firmware
Corresponding data carry out average segmentation, obtain the identical data segment of N number of size.
20. server according to claim 13, which is characterized in that the integrity verification information is cryptographic Hash, described
Cryptographic Hash is generated according to each data segment.
21. a kind of smart machine characterized by comprising
First receiving unit, the corresponding data information of target firmware sent suitable for receiving server, the data information includes:
The version information of the target firmware capacity, the number N of encrypted packet and the target firmware, wherein N is the target
The corresponding data of the target firmware are split, obtain by the number of the corresponding encrypted packet of firmware, the server
To N number of data segment, there are one-to-one integrity verification information for each data segment, respectively by each data segment and
The corresponding integrity verification information forms a data packet, and is encrypted using each data packet of packet key pair,
Obtain N number of encrypted packet;Wherein, there is the one-to-one packet key in each data packet;
Second transmission unit, suitable for after being successfully received the data information, the transmission of Xiang Suoshu server has been properly received institute
The feedback information of data information is stated, so that the server is set after the feedback information for receiving the data information to intelligence
Preparation send N number of encrypted packet;
Second receiving unit is suitable for receiving N number of encrypted packet.
22. smart machine according to claim 21, which is characterized in that further include: the second authentication unit is suitable for described
Server is authenticated.
23. smart machine according to claim 22, which is characterized in that second authentication unit is suitable for using second
Public key encrypts the identification information of the first signed data, the first random number and smart machine to obtain the first encryption data,
And first encryption data is sent to the server, first signed data is using the first private key pair and currently solid
The relevant information of part is signed to obtain;So that after the server receives first encryption data, using with it is described
First encryption data is decrypted in corresponding second private key of second public key, obtain the smart machine identification information and
First signed data obtains the first public key of the smart machine according to the identification information of the smart machine, using institute
The first public key is stated to verify first signed data;Receive the second encryption data;Second encryption data is described
After server is proved to be successful first signed data, using first public key to the second signed data and the second random number
It is encrypted to obtain, wherein second signed data is that the server is random to described first using second private key
Several, described first signed data be proved to be successful information and server relevant information is signed to obtain;Using described first
Second encryption data is decrypted in private key, obtains second random number and second signed data, and use
Second public key verifies second signed data, after being proved to be successful to second signed data, to institute
That states the second signed data described in server feedback is proved to be successful information, so that the server receives second number of signature
According to be proved to be successful information after, complete certification to the server.
24. smart machine according to claim 21, which is characterized in that further include: the second negotiation element, suitable for receiving
Before the corresponding data information of target firmware that server is sent, key agreement is carried out with the server, according to the second secret
Information, default random number and the second counter, which count, generates the corresponding decruption key of the packet key;Wherein, described second is secret
Confidential information is generated according to the second public key of the first private key and the server.
25. a kind of server, including memory and processor, be stored on the memory to run on the processor
Computer instruction, which is characterized in that perform claim requires any one of 1 to 8 institute when the processor runs the computer instruction
The step of firmware upgrade method stated.
26. a kind of smart machine, including memory and processor, it is stored with and can runs on the processor on the memory
Computer instruction, which is characterized in that perform claim requires any one of 9 to 12 when the processor runs the computer instruction
The step of described firmware upgrade method.
27. a kind of firmware upgrade system, which is characterized in that including the described in any item servers of such as claim 13 to 20 and such as
The described in any item smart machines of claim 21 to 24.
28. a kind of computer readable storage medium is used for server, computer readable storage medium is non-volatile memory medium
Or non-transitory storage media, it is stored thereon with computer instruction, which is characterized in that the perform claim when computer instruction is run
It is required that the step of 1 to 8 described in any item firmware upgrade methods.
29. a kind of computer readable storage medium, is used for smart machine, computer readable storage medium is non-volatile memories Jie
Matter or non-transitory storage media, are stored thereon with computer instruction, which is characterized in that the right of execution when computer instruction is run
Benefit requires the step of 9 to 12 described in any item firmware upgrade methods.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910410888.9A CN110134424B (en) | 2019-05-16 | 2019-05-16 | Firmware upgrading method and system, server, intelligent device and readable storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910410888.9A CN110134424B (en) | 2019-05-16 | 2019-05-16 | Firmware upgrading method and system, server, intelligent device and readable storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110134424A true CN110134424A (en) | 2019-08-16 |
CN110134424B CN110134424B (en) | 2023-06-06 |
Family
ID=67574766
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910410888.9A Active CN110134424B (en) | 2019-05-16 | 2019-05-16 | Firmware upgrading method and system, server, intelligent device and readable storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110134424B (en) |
Cited By (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110719522A (en) * | 2019-10-31 | 2020-01-21 | 广州视源电子科技股份有限公司 | Video display method and device, storage medium and electronic equipment |
CN111147461A (en) * | 2019-12-13 | 2020-05-12 | 北京像素软件科技股份有限公司 | Data transmission method, device, server and user terminal |
CN111241522A (en) * | 2020-01-07 | 2020-06-05 | 杭州涂鸦信息技术有限公司 | Firmware signature method and device and storage medium |
CN111538512A (en) * | 2020-04-16 | 2020-08-14 | 山东正中信息技术股份有限公司 | OTA (over the air) firmware upgrading method, device and equipment |
CN111726247A (en) * | 2020-05-29 | 2020-09-29 | 惠州拓邦电气技术有限公司 | Electronic lock firmware updating method and device, electronic lock and storage medium |
CN111970689A (en) * | 2020-06-29 | 2020-11-20 | 百度在线网络技术(北京)有限公司 | OTA data packet generation method and device and electronic equipment |
CN112217796A (en) * | 2020-09-07 | 2021-01-12 | 西安通软软件科技有限公司 | Internet of things module software upgrading method based on encryption technology |
CN112491879A (en) * | 2020-11-26 | 2021-03-12 | 中电金融设备系统(深圳)有限公司 | Method for remotely updating firmware, computer equipment and storage medium |
CN112579128A (en) * | 2020-12-23 | 2021-03-30 | 恒为科技(上海)股份有限公司 | Data processing method, upper computer, single chip microcomputer and system |
CN112600848A (en) * | 2020-12-17 | 2021-04-02 | 上海芯安信息科技有限公司 | Software upgrading package encapsulation method and device and software upgrading package decapsulation method and device |
CN114006762A (en) * | 2021-11-01 | 2022-02-01 | 明珠数字科技股份有限公司 | Method, system and storage medium for safety verification among multiple servers |
CN114281379A (en) * | 2021-12-21 | 2022-04-05 | 上海银基信息安全技术股份有限公司 | Software updating method and device based on OTA, equipment terminal, server terminal and storage medium |
CN117009992A (en) * | 2023-07-28 | 2023-11-07 | 广州汽车集团股份有限公司 | Upgrade package processing method and device, electronic equipment and storage medium |
CN117240478A (en) * | 2023-11-13 | 2023-12-15 | 深圳合纵富科技有限公司 | POS machine data transmission method and system |
CN117492798A (en) * | 2024-01-03 | 2024-02-02 | 广云物联网科技(广州)有限公司 | Multi-chip multi-channel remote upgrading method and system |
CN117556430A (en) * | 2024-01-12 | 2024-02-13 | 上海芯联芯智能科技有限公司 | Safe starting method, device, equipment and storage medium |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101373440A (en) * | 2008-10-09 | 2009-02-25 | 北京飞天诚信科技有限公司 | Method and device for processing firmware upgrading data |
CN101630371A (en) * | 2009-08-19 | 2010-01-20 | 广州钧易信息技术有限公司 | Method and system for remotely realizing IC card service control and IC card reader |
US20150180840A1 (en) * | 2013-12-24 | 2015-06-25 | Hyundai Motor Company | Firmware upgrade method and system thereof |
CN104991795A (en) * | 2015-06-19 | 2015-10-21 | 北京汉王鹏泰科技有限公司 | Firmware upgrading method and apparatus of active capacitive stylus |
CN107222532A (en) * | 2017-05-23 | 2017-09-29 | 努比亚技术有限公司 | A kind of radio firmware upgrade method, device and computer-readable recording medium |
CN108196867A (en) * | 2018-03-08 | 2018-06-22 | 深圳市文鼎创数据科技有限公司 | Device for upgrading firmware, equipment and its firmware upgrade method of equipment |
CN109286599A (en) * | 2017-07-20 | 2019-01-29 | 北京展讯高科通信技术有限公司 | Data security protection method, smart machine, server and readable storage medium storing program for executing |
-
2019
- 2019-05-16 CN CN201910410888.9A patent/CN110134424B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101373440A (en) * | 2008-10-09 | 2009-02-25 | 北京飞天诚信科技有限公司 | Method and device for processing firmware upgrading data |
CN101630371A (en) * | 2009-08-19 | 2010-01-20 | 广州钧易信息技术有限公司 | Method and system for remotely realizing IC card service control and IC card reader |
US20150180840A1 (en) * | 2013-12-24 | 2015-06-25 | Hyundai Motor Company | Firmware upgrade method and system thereof |
CN104991795A (en) * | 2015-06-19 | 2015-10-21 | 北京汉王鹏泰科技有限公司 | Firmware upgrading method and apparatus of active capacitive stylus |
CN107222532A (en) * | 2017-05-23 | 2017-09-29 | 努比亚技术有限公司 | A kind of radio firmware upgrade method, device and computer-readable recording medium |
CN109286599A (en) * | 2017-07-20 | 2019-01-29 | 北京展讯高科通信技术有限公司 | Data security protection method, smart machine, server and readable storage medium storing program for executing |
CN108196867A (en) * | 2018-03-08 | 2018-06-22 | 深圳市文鼎创数据科技有限公司 | Device for upgrading firmware, equipment and its firmware upgrade method of equipment |
Non-Patent Citations (1)
Title |
---|
焦占亚,胡予濮: "一种密钥的设计和管理方法", 微电子学与计算机, no. 10 * |
Cited By (23)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110719522B (en) * | 2019-10-31 | 2021-12-24 | 广州视源电子科技股份有限公司 | Video display method and device, storage medium and electronic equipment |
CN110719522A (en) * | 2019-10-31 | 2020-01-21 | 广州视源电子科技股份有限公司 | Video display method and device, storage medium and electronic equipment |
CN111147461A (en) * | 2019-12-13 | 2020-05-12 | 北京像素软件科技股份有限公司 | Data transmission method, device, server and user terminal |
CN111147461B (en) * | 2019-12-13 | 2022-01-11 | 北京像素软件科技股份有限公司 | Data transmission method, device, server and user terminal |
CN111241522A (en) * | 2020-01-07 | 2020-06-05 | 杭州涂鸦信息技术有限公司 | Firmware signature method and device and storage medium |
CN111538512A (en) * | 2020-04-16 | 2020-08-14 | 山东正中信息技术股份有限公司 | OTA (over the air) firmware upgrading method, device and equipment |
CN111726247A (en) * | 2020-05-29 | 2020-09-29 | 惠州拓邦电气技术有限公司 | Electronic lock firmware updating method and device, electronic lock and storage medium |
CN111970689A (en) * | 2020-06-29 | 2020-11-20 | 百度在线网络技术(北京)有限公司 | OTA data packet generation method and device and electronic equipment |
CN112217796A (en) * | 2020-09-07 | 2021-01-12 | 西安通软软件科技有限公司 | Internet of things module software upgrading method based on encryption technology |
CN112491879A (en) * | 2020-11-26 | 2021-03-12 | 中电金融设备系统(深圳)有限公司 | Method for remotely updating firmware, computer equipment and storage medium |
CN112600848A (en) * | 2020-12-17 | 2021-04-02 | 上海芯安信息科技有限公司 | Software upgrading package encapsulation method and device and software upgrading package decapsulation method and device |
CN112579128A (en) * | 2020-12-23 | 2021-03-30 | 恒为科技(上海)股份有限公司 | Data processing method, upper computer, single chip microcomputer and system |
CN114006762B (en) * | 2021-11-01 | 2024-03-12 | 明珠数字科技股份有限公司 | Method, system and storage medium for security verification among multiple servers |
CN114006762A (en) * | 2021-11-01 | 2022-02-01 | 明珠数字科技股份有限公司 | Method, system and storage medium for safety verification among multiple servers |
CN114281379A (en) * | 2021-12-21 | 2022-04-05 | 上海银基信息安全技术股份有限公司 | Software updating method and device based on OTA, equipment terminal, server terminal and storage medium |
CN117009992A (en) * | 2023-07-28 | 2023-11-07 | 广州汽车集团股份有限公司 | Upgrade package processing method and device, electronic equipment and storage medium |
CN117009992B (en) * | 2023-07-28 | 2024-04-16 | 广州汽车集团股份有限公司 | Upgrade package processing method and device, electronic equipment and storage medium |
CN117240478B (en) * | 2023-11-13 | 2024-02-13 | 深圳合纵富科技有限公司 | POS machine data transmission method and system |
CN117240478A (en) * | 2023-11-13 | 2023-12-15 | 深圳合纵富科技有限公司 | POS machine data transmission method and system |
CN117492798A (en) * | 2024-01-03 | 2024-02-02 | 广云物联网科技(广州)有限公司 | Multi-chip multi-channel remote upgrading method and system |
CN117492798B (en) * | 2024-01-03 | 2024-03-08 | 广云物联网科技(广州)有限公司 | Multi-chip multi-channel remote upgrading method and system |
CN117556430A (en) * | 2024-01-12 | 2024-02-13 | 上海芯联芯智能科技有限公司 | Safe starting method, device, equipment and storage medium |
CN117556430B (en) * | 2024-01-12 | 2024-03-29 | 上海芯联芯智能科技有限公司 | Safe starting method, device, equipment and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN110134424B (en) | 2023-06-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110134424A (en) | Firmware upgrade method and system, server, smart machine, readable storage medium storing program for executing | |
EP3742696B1 (en) | Identity management method, equipment, communication network, and storage medium | |
CN111585749B (en) | Data transmission method, device, system and equipment | |
CN110493261B (en) | Verification code obtaining method based on block chain, client, server and storage medium | |
CN109067539B (en) | Alliance chain transaction method, alliance chain transaction equipment and computer readable storage medium | |
CN110380852B (en) | Bidirectional authentication method and communication system | |
CN103067401B (en) | Method and system for key protection | |
CN103729941B (en) | A kind of main cipher key T MK method for safely downloading of terminal and system | |
US9948624B2 (en) | Key downloading method, management method, downloading management method, device and system | |
US20130129087A1 (en) | Secure Key Generation | |
CN109347627A (en) | Data encryption/decryption method, device, computer equipment and storage medium | |
CN106357396A (en) | Digital signature method, digital signature system and quantum key card | |
CN106341228B (en) | A kind of virtual machine migration method, system and virtual machine move into end and end of moving out | |
CN110830242A (en) | Key generation and management method and server | |
CN105956855B (en) | Transaction method and transaction system of electronic signature device | |
CN109861956B (en) | Data verification system, method, device and equipment based on state channel | |
CN105049434B (en) | Identity identifying method and encryption communication method under a kind of peer to peer environment | |
CN109544747A (en) | Encryption key update method, system and the computer storage medium of intelligent door lock | |
CN112600667B (en) | Key negotiation method, device, equipment and storage medium | |
CN106060078A (en) | User information encryption method, user registration method and user validation method applied to cloud platform | |
CN109600224A (en) | A kind of SM2 key generation, endorsement method, terminal, server and storage medium | |
CN113326525B (en) | Data processing method and device based on intelligent contract | |
CN113868672B (en) | Module wireless firmware upgrading method, security chip and wireless firmware upgrading platform | |
CN109302286B (en) | Fido equipment key index generation method | |
CN104868994B (en) | Method, device and system for managing cooperative key |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |