CN111143856A - PLC remote firmware upgrading system and method - Google Patents

PLC remote firmware upgrading system and method Download PDF

Info

Publication number
CN111143856A
CN111143856A CN201911375770.3A CN201911375770A CN111143856A CN 111143856 A CN111143856 A CN 111143856A CN 201911375770 A CN201911375770 A CN 201911375770A CN 111143856 A CN111143856 A CN 111143856A
Authority
CN
China
Prior art keywords
upper computer
plc
security module
data packet
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201911375770.3A
Other languages
Chinese (zh)
Inventor
梁松涛
穆佩红
李鑫
刘武忠
彭金辉
马骥
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhengzhou Xinda Jiean Information Technology Co Ltd
Original Assignee
Zhengzhou Xinda Jiean Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhengzhou Xinda Jiean Information Technology Co Ltd filed Critical Zhengzhou Xinda Jiean Information Technology Co Ltd
Priority to CN201911375770.3A priority Critical patent/CN111143856A/en
Publication of CN111143856A publication Critical patent/CN111143856A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/572Secure firmware programming, e.g. of basic input output system [BIOS]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • G06F21/445Program or device authentication by mutual authentication, e.g. between devices or programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Abstract

The invention provides a PLC remote firmware upgrading method.A host computer performs user authorized login authentication through a first security module, and performs bidirectional identity authentication and key agreement with PLC equipment through a second security module via an upgrading server to obtain a session key; the upper computer calculates summary information of the upgrade data packet and signs the summary information through the first security module, encrypts the digest information by using a session key and sends the digest information to the upgrade server; the upgrade server sends the encrypted upgrade data packet and the signed abstract information to the PLC equipment; the PLC equipment decrypts the encrypted upgrade data packet and the signed abstract information by using the session key through the second security module to obtain the upgrade data packet and the signed abstract information; the PLC equipment verifies the signed abstract information through the second safety module and executes the upgrading data packet; the invention realizes the remote firmware upgrade of the PLC equipment and the confidentiality and integrity of the upgrade data packet.

Description

PLC remote firmware upgrading system and method
Technical Field
The invention relates to the technical field of information security, in particular to a PLC remote firmware upgrading system and method.
Background
A plc (programmable Logic controller), a programmable Logic controller, which is a common control product in the field of automation, and which employs a program memory and a system memory, wherein the program memory is used for storing programs therein, executing user-oriented instructions such as Logic operation, sequence control, timing, counting, and arithmetic operation, and controlling various types of machinery or production process devices through digital or analog input/output; the system memory is used to store operating system firmware programs, system parameters, and the like.
With the introduction of PLC in the field of computer science and network related technology, the control and calculation capabilities of PLC are greatly improved, the size of PLC is reduced, the reliability is high, and the PLC gradually permeates into various fields of industrial control. However, the PLC still has a plurality of information security holes, the earthquake network virus invades Siemens PLC to destroy the safe operation of facilities, namely a symbolic event in the PLC industrial control field, which indicates that the information security of the PLC needs to be effectively strengthened, the system firmware program of the PLC is vital to the reliable operation of the PLC, and the firmware program of the PLC needs to be updated and upgraded to make up for the existing holes; in addition, network communication between the PLC and the upper computer has potential safety hazards, and communication information is easy to leak and tamper.
Therefore, how to improve the safety of the PLC equipment and conveniently carry out remote upgrade on the firmware program of the PLC, and ensure the information safety during the upgrade and communication between the PLC and the upper computer is a problem which needs to be solved urgently at present.
Disclosure of Invention
In view of the above problems, the present invention is needed to provide a PLC remote firmware upgrade system and method, which can remotely upgrade a firmware program of a PLC device through an upper computer, and can also ensure confidentiality and integrity of information interaction between the upper computer and the PLC device, thereby improving security of firmware upgrade and the PLC device itself.
The invention provides a PLC remote firmware upgrading system in a first aspect, which comprises: the system comprises at least one upper computer, an upgrading server and at least one PLC device; a first safety module is embedded in the upper computer or a safety memory card internally provided with the first safety module is externally connected with the upper computer, and the PLC equipment comprises a microprocessor MCU and a second safety module; the upgrading server is in communication connection with the upper computer and the PLC equipment through a network respectively;
the upper computer and the PLC equipment respectively send own equipment identification information to an upgrade server for registration and relation binding;
the upper computer is used for performing user authorization login authentication through the first security module, and performing bidirectional identity authentication and key agreement with the PLC equipment through the upgrade server after the authentication is passed to obtain a session key; the first security module is used for calculating summary information of the upgrade data packet and signing the summary information; the first security module is used for encrypting the upgrade data packet and the signed abstract information by using the session key and then sending the encrypted upgrade data packet and the signed abstract information to the upgrade server; the upgrading data packet comprises a version number and a PLC device model;
the upgrading server is used for generating a relation binding strategy of the upper computer and the PLC equipment and storing the encrypted upgrading data packet and signed abstract information;
the PLC equipment is used for performing bidirectional identity authentication and key agreement with the upper computer through the upgrading server through the second security module to obtain a session key; the microprocessor MCU is also used for acquiring the encrypted upgrade data packet and the signed abstract information from the upgrade server through the microprocessor MCU and sending the upgrade data packet and the signed abstract information to the second security module for decryption; and the second security module is used for decrypting the encrypted upgrade data packet and the signed abstract information by using the session key to obtain the upgrade data packet and the signed abstract information, verifying the signed abstract information, and transmitting the upgrade data packet to the microprocessor MCU for execution after the signature and the abstract information are verified.
Further, the upgrade server is further configured to send an upgrade data packet to the bound corresponding PLC device according to the upgrade instruction of the upper computer authorized user; and the relation binding strategy is used for judging whether the upgrading instruction of the upper computer authorized user to the PLC equipment is correspondingly bound to the PLC equipment.
Further, the first security module at least comprises a digital certificate of the upper computer user, a digital certificate of the PLC device and a private key of the first security module, and the second security module at least comprises a digital certificate of the PLC device, a digital certificate of the upper computer user and a private key of the second security module;
the upper computer carries out user authorization login authentication through the first security module and comprises the following steps: the upper computer firstly verifies the PIN code input by the user, and calls the digital certificate in the first security module to authenticate the identity of the user after the verification is passed, and the authentication is passed to indicate that the user is legal;
the upper computer performs bidirectional identity authentication and key agreement with the PLC equipment through the upgrade server through the first security module to obtain a session key, and the session key comprises: the upper computer and the PLC equipment respectively send identity information comprising respective digital certificates to the other party for identity authentication through the upgrading server, the upper computer respectively authenticates the digital certificates of the other party received by the upper computer through the first security module and the PLC equipment through the second security module, and the authentication is passed to indicate that the identity of the other party is legal; after the identity authentication is passed, the upper computer and the PLC equipment respectively send the information including respective key agreement information to the other party for key agreement through the upgrade server, and the upper computer respectively carries out key calculation according to the received key agreement information and a preset key exchange protocol through the first security module and the PLC equipment through the second security module to obtain a session key.
Further, the upper computer calculates summary information of the upgrade data packet and performs signature processing on the summary information through the first security module, and the signature processing includes: the upper computer calculates the summary information of the upgrade data packet through the first security module and signs the summary information by using a private key in the first security module;
the PLC equipment verifies the signed abstract information, and after the signature and the abstract information are verified, the PLC equipment transmits the upgrading data packet to the microprocessor MCU to execute the steps of: and the PLC equipment checks the signed abstract information through the public key of the digital certificate of the upper computer in the second security module, calculates the abstract information after the signature passes the check, and transmits the upgrading data packet to the microprocessor MCU for execution after the comparison and the verification pass.
Furthermore, the secure memory card with the built-in first secure module at least comprises a USB secure memory card and an SD secure memory card.
Further, the PLC device further includes a system storage module, configured to store the upgrade data packet and the firmware data packet, the version number, and the system parameter information of the current PLC device.
The invention also provides a PLC remote firmware upgrading method, which comprises the following steps: a preparation stage and an upgrading stage;
the preparation phase comprises the following steps:
s101, after an upper computer and a PLC device respectively send own device identification information to an upgrade server for registration, the upgrade server generates a relation binding strategy of the upper computer and the PLC device;
and S102, the upper computer sends an upgrading instruction for the PLC equipment to the remote upgrading server, the upgrading server judges whether the upper computer is allowed to send the upgrading instruction for the bound corresponding PLC equipment according to the relation binding strategy, if the upgrading instruction is allowed to be sent, the upgrading instruction is transmitted to the corresponding PLC equipment, the PLC equipment receives the upgrading instruction, response information is returned to the upper computer, and communication connection between the upper computer and the PLC equipment is established.
The upgrading stage comprises the following steps:
s201, the upper computer performs user authorization login authentication through a first security module, and performs bidirectional identity authentication and key agreement with the PLC equipment through a second security module through the upgrade server after the authentication is passed to obtain a session key;
s202, the upper computer calculates summary information of the upgrade data packet and signs the summary information through the first security module;
s203, the upper computer encrypts the upgrade data packet and the signed abstract information by using the session key through the first security module and then sends the encrypted upgrade data packet and the signed abstract information to the upgrade server; the upgrading data packet comprises a version number and a PLC device model;
s204, the upgrade server stores the encrypted upgrade data packet and the signed abstract information and sends the encrypted upgrade data packet and the signed abstract information to the PLC equipment;
s205, the PLC equipment acquires the encrypted upgrade data packet and the signed abstract information from the upgrade server through a microprocessor MCU of the PLC equipment, and sends the encrypted upgrade data packet and the signed abstract information to a second safety module of the PLC equipment for decryption;
s206, the PLC equipment decrypts the encrypted upgrade data packet and the signed abstract information by using the session key through the second security module to obtain the upgrade data packet and the signed abstract information;
and S207, the PLC equipment verifies the signed abstract information through the second safety module, and transmits the upgrading data packet to the microprocessor MCU for execution after the signature and the abstract information are verified.
Further, the first security module at least comprises a digital certificate of the upper computer user, a digital certificate of the PLC device and a private key of the first security module, and the second security module at least comprises a digital certificate of the PLC device, a digital certificate of the upper computer user and a private key of the second security module;
the S201 specifically includes:
the upper computer firstly verifies the PIN code input by the user, and calls the digital certificate in the first security module to authenticate the identity of the user after the verification is passed, and the authentication is passed to indicate that the user is legal;
the upper computer sends identity information including a digital certificate of the upper computer to corresponding PLC equipment through the upgrading server through the first security module for identity authentication, the PLC equipment verifies through the digital certificate of the upper computer user in the second security module, and the verification shows that the identity of the upper computer user is legal;
the PLC equipment sends identity information including a digital certificate of the PLC equipment to the corresponding upper computer through the second security module and the upgrading server for identity authentication, the upper computer verifies the identity information through the digital certificate of the PLC equipment in the first security module, and the verification result shows that the identity of the PLC equipment is legal;
the upper computer sends key negotiation information including the key negotiation information to corresponding PLC equipment through the upgrading server through the first safety module to perform key negotiation, the PLC equipment performs key calculation according to the received key negotiation information and a preset key exchange protocol through the second safety module to obtain a session key, and key negotiation reply information is returned to the upper computer through the upgrading server;
and the upper computer performs key calculation according to the received key negotiation reply message and a preset key exchange protocol through the first security module to obtain a session key.
Further, the S202 includes: the upper computer calculates the summary information of the upgrade data packet through the first security module and signs the summary information by using a private key in the first security module;
the S207 includes: and the PLC equipment checks the signed abstract information through the public key of the digital certificate of the upper computer in the second security module, calculates the abstract information after the signature passes the check, and transmits the upgrading data packet to the microprocessor MCU for execution after the comparison and the verification pass.
Further, the secure memory card with the built-in first secure module at least comprises a USB secure memory card and an SD secure memory card; the PLC equipment also comprises a system storage module which is used for storing the upgrading data packet and the firmware data packet, the version number and the system parameter information of the current PLC equipment.
The invention has prominent substantive characteristics and remarkable progress, in particular to the following steps:
(1) the upper computer is internally embedded with a first security module or externally connected with a security memory card internally provided with the first security module, the first security module comprises a digital certificate of an upper computer user, and different users of the upper computer can be authorized to log in and authenticate by PIN code input and identity authentication of the digital certificate, so that only legal upper computer users can perform subsequent firmware upgrading operation; the PLC equipment comprises a second safety module, so that the safety and the legality of the PLC equipment are ensured;
(2) the upper computer performs bidirectional identity authentication with the PLC equipment through the second security module through the first security module via the upgrade server, so that the identities of both communication parties are legal, and only a legal upper computer user can perform firmware upgrade on the bound corresponding PLC equipment; the upper computer performs key agreement with the PLC equipment through the second security module via the upgrade server through the first security module to obtain a session key, and the session key is used for encrypting and decrypting a firmware upgrade packet transmitted by the upper computer and the PLC equipment before, so that the transmission security of the upgrade data packet is ensured;
(3) the upper computer calculates and signs the upgrade data packet through the first safety module, and the PLC equipment signs and verifies the upgrade data packet through the second safety module, so that the integrity of the upgrade data packet is ensured.
Additional aspects and advantages of the invention will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention.
Drawings
The above and/or additional aspects and advantages of the present invention will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings of which:
FIG. 1 is a block diagram illustrating a PLC remote firmware upgrade system according to the present invention;
fig. 2 is a flowchart illustrating an upgrading stage method in a PLC remote firmware upgrading method according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It will be understood that when an element is referred to as being "connected" to another element, it can be directly connected to the other element or intervening elements may also be present.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. The terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention.
As shown in fig. 1, a first aspect of the present invention provides a PLC remote firmware upgrade system, including: the system comprises at least one upper computer, an upgrading server and at least one PLC device; a first safety module is embedded in the upper computer or a safety memory card internally provided with the first safety module is externally connected with the upper computer, and the PLC equipment comprises a microprocessor MCU and a second safety module; the upgrading server is in communication connection with the upper computer and the PLC equipment through a network respectively;
the upper computer and the PLC equipment respectively send own equipment identification information to an upgrade server for registration and relation binding;
the upper computer is used for performing user authorization login authentication through the first security module, and performing bidirectional identity authentication and key agreement with the PLC equipment through the upgrade server after the authentication is passed to obtain a session key; the first security module is used for calculating summary information of the upgrade data packet and signing the summary information; the first security module is used for encrypting the upgrade data packet and the signed abstract information by using the session key and then sending the encrypted upgrade data packet and the signed abstract information to the upgrade server; the upgrading data packet comprises a version number and a PLC device model;
the upgrading server is used for generating a relation binding strategy of the upper computer and the PLC equipment and storing the encrypted upgrading data packet and signed abstract information;
the PLC equipment is used for performing bidirectional identity authentication and key agreement with the upper computer through the upgrading server through the second security module to obtain a session key; the microprocessor MCU is also used for acquiring the encrypted upgrade data packet and the signed abstract information from the upgrade server through the microprocessor MCU and sending the upgrade data packet and the signed abstract information to the second security module for decryption; and the second security module is used for decrypting the encrypted upgrade data packet and the signed abstract information by using the session key to obtain the upgrade data packet and the signed abstract information, verifying the signed abstract information, and transmitting the upgrade data packet to the microprocessor MCU for execution after the signature and the abstract information are verified.
Further, the upgrade server is further configured to send an upgrade data packet to the bound corresponding PLC device according to the upgrade instruction of the upper computer authorized user; and the relation binding strategy is used for judging whether the upgrading instruction of the upper computer authorized user to the PLC equipment is correspondingly bound to the PLC equipment.
The upgrading method comprises the steps that an upgrading server generates a relation binding strategy of an upper computer and the PLC equipment, judges whether an upgrading instruction of an authorized user of the upper computer to the PLC equipment corresponds to the bound PLC equipment or not, ensures that a legal upper computer user carries out firmware upgrading and other access control operations on the PLC equipment with the binding relation, and prevents unauthorized and illegal operations; in addition, the relation binding strategy can be updated and maintained according to the actual situation.
It should be noted that the upgrade server may send an upgrade data packet to the bound corresponding PLC device according to an upgrade instruction of an authorized user of the upper computer, and may also obtain a current firmware state, device identification information, and the like of the PLC device according to an actual situation, and actively push upgrade information to the relevant PLC device, thereby performing firmware upgrade; in addition, the relation binding strategy can also be encrypted and stored in the upgrading server, so that the safety of the relation binding strategy is improved.
Further, the first security module at least comprises a digital certificate of the upper computer user, a digital certificate of the PLC device and a private key of the first security module, and the second security module at least comprises a digital certificate of the PLC device, a digital certificate of the upper computer user and a private key of the second security module;
the upper computer carries out user authorization login authentication through the first security module and comprises the following steps: the upper computer firstly verifies the PIN code input by the user, and calls the digital certificate in the first security module to authenticate the identity of the user after the verification is passed, and the authentication is passed to indicate that the user is legal;
the upper computer performs bidirectional identity authentication and key agreement with the PLC equipment through the upgrade server through the first security module to obtain a session key, and the session key comprises: the upper computer and the PLC equipment respectively send identity information comprising respective digital certificates to the other party for identity authentication through the upgrading server, the upper computer respectively authenticates the digital certificates of the other party received by the upper computer through the first security module and the PLC equipment through the second security module, and the authentication is passed to indicate that the identity of the other party is legal; after the identity authentication is passed, the upper computer and the PLC equipment respectively send the information including respective key agreement information to the other party for key agreement through the upgrade server, and the upper computer respectively carries out key calculation according to the received key agreement information and a preset key exchange protocol through the first security module and the PLC equipment through the second security module to obtain a session key.
The method has the advantages that the first security module is embedded in the upper computer or the security memory card internally embedded with the first security module is externally connected, the first security module comprises a digital certificate of an upper computer user, authorized login authentication can be performed on different users of the upper computer by performing PIN code input and identity authentication of the digital certificate, subsequent firmware upgrading operation can be performed only by legal upper computer users, and illegal operation of other malicious users by using the upper computer is prevented; the PLC equipment comprises a second safety module, so that the safety and the legality of the PLC equipment are guaranteed.
Further, the upper computer calculates summary information of the upgrade data packet and performs signature processing on the summary information through the first security module, and the signature processing includes: the upper computer calculates the summary information of the upgrade data packet through the first security module and signs the summary information by using a private key in the first security module;
the PLC equipment verifies the signed abstract information, and after the signature and the abstract information are verified, the PLC equipment transmits the upgrading data packet to the microprocessor MCU to execute the steps of: and the PLC equipment checks the signed abstract information through the public key of the digital certificate of the upper computer in the second security module, calculates the abstract information after the signature passes the check, and transmits the upgrading data packet to the microprocessor MCU for execution after the comparison and the verification pass.
Furthermore, the secure memory card with the built-in first secure module at least comprises a USB secure memory card and an SD secure memory card.
Further, the PLC device further includes a system storage module, configured to store the upgrade data packet and the firmware data packet, the version number, and the system parameter information of the current PLC device.
It should be noted that, the relevant information in the storage module in the PLC device may be encrypted by the second security module and then stored, thereby preventing leakage and tampering, and improving the security of the PLC device itself; and the stored current firmware data packet can be backed up so as to be recovered by using the backed-up firmware data packet when the new updating data packet fails to be updated, thereby ensuring the normal use of the PLC equipment.
As shown in fig. 2, the present invention further provides a PLC remote firmware upgrading method, where the method includes: a preparation stage and an upgrading stage;
the preparation phase comprises the following steps:
s101, after the upper computer and the PLC equipment respectively send own equipment identification information to an upgrade server for registration, the upgrade server generates a relation binding strategy of the upper computer and the PLC equipment;
and S102, the upper computer sends an upgrading instruction for the PLC equipment to the remote upgrading server, the upgrading server judges whether the upper computer is allowed to send the upgrading instruction for the bound corresponding PLC equipment according to the relation binding strategy, if the upgrading instruction is allowed to be sent, the upgrading instruction is transmitted to the corresponding PLC equipment, the PLC equipment receives the upgrading instruction, response information is returned to the upper computer, and communication connection between the upper computer and the PLC equipment is established.
The upgrading stage comprises the following steps:
s201, the upper computer performs user authorization login authentication through a first security module, and performs bidirectional identity authentication and key agreement with the PLC equipment through a second security module through the upgrade server after the authentication is passed to obtain a session key;
s202, the upper computer calculates summary information of the upgrade data packet and signs the summary information through the first security module;
s203, the upper computer encrypts the upgrade data packet and the signed abstract information by using the session key through the first security module and then sends the encrypted upgrade data packet and the signed abstract information to the upgrade server; the upgrading data packet comprises a version number and a PLC device model;
s204, the upgrade server stores the encrypted upgrade data packet and the signed abstract information and sends the encrypted upgrade data packet and the signed abstract information to the PLC equipment;
s205, the PLC equipment acquires the encrypted upgrade data packet and the signed summary information from the upgrade server through the microprocessor MCU and sends the upgrade data packet and the signed summary information to the second safety module for decryption;
s206, the PLC equipment decrypts the encrypted upgrade data packet and the signed abstract information by using the session key through the second security module to obtain the upgrade data packet and the signed abstract information;
and S207, the PLC equipment verifies the signed abstract information through the second safety module, and transmits the upgrading data packet to the microprocessor MCU for execution after the signature and the abstract information are verified.
The upper computer performs bidirectional identity authentication with the PLC equipment through the second security module through the first security module and the upgrade server to ensure that the identities of both communication parties are legal, so that only a legal upper computer user can perform firmware upgrade on the bound corresponding PLC equipment; and the upper computer performs key agreement with the PLC equipment through the second security module via the upgrade server through the first security module to obtain a session key, and the session key is used for encrypting and decrypting a firmware upgrade package transmitted before the upper computer and the PLC equipment, so that the transmission security of the upgrade data package is ensured, and the firmware upgrade package is a cipher text in the transmission process and cannot be stolen and tampered by illegal molecules.
It should be noted that, after the PLC device executes the upgrade data packet to complete the firmware upgrade, the PLC device may encrypt the completion status information with the session key in the second security module and then send the encrypted completion status information to the corresponding upper computer via the upgrade server, and a user of the upper computer obtains the completion status information after decrypting with the session key in the first security module, thereby obtaining that the firmware upgrade is successful; or when an error occurs in the firmware upgrading process and the firmware upgrading cannot be normally completed, the error state information needs to be informed to the upper computer user in the same encryption and decryption processing mode.
Further, the first security module at least comprises a digital certificate of the upper computer user, a digital certificate of the PLC device and a private key of the first security module, and the second security module at least comprises a digital certificate of the PLC device, a digital certificate of the upper computer user and a private key of the second security module;
the S201 specifically includes:
the upper computer firstly verifies the PIN code input by the user, and calls the digital certificate in the first security module to authenticate the identity of the user after the verification is passed, and the authentication is passed to indicate that the user is legal;
the upper computer sends identity information including a digital certificate of the upper computer to corresponding PLC equipment through the upgrading server through the first security module for identity authentication, the PLC equipment verifies through the digital certificate of the upper computer user in the second security module, and the verification shows that the identity of the upper computer user is legal;
the PLC equipment sends identity information including a digital certificate of the PLC equipment to the corresponding upper computer through the second security module and the upgrading server for identity authentication, the upper computer verifies the identity information through the digital certificate of the PLC equipment in the first security module, and the verification result shows that the identity of the PLC equipment is legal;
the upper computer sends key negotiation information including the key negotiation information to corresponding PLC equipment through the upgrading server through the first safety module to perform key negotiation, the PLC equipment performs key calculation according to the received key negotiation information and a preset key exchange protocol through the second safety module to obtain a session key, and key negotiation reply information is returned to the upper computer through the upgrading server;
and the upper computer performs key calculation according to the received key negotiation reply message and a preset key exchange protocol through the first security module to obtain a session key.
Further, the S202 includes: the upper computer calculates the summary information of the upgrade data packet through the first security module and signs the summary information by using a private key in the first security module;
the S207 includes: and the PLC equipment checks the signed abstract information through the public key of the digital certificate of the upper computer in the second security module, calculates the abstract information after the signature passes the check, and transmits the upgrading data packet to the microprocessor MCU for execution after the comparison and the verification pass.
It can be understood that the upper computer performs summary information calculation and signature processing on the upgrade data packet through the first security module, and the PLC device performs signature and summary information verification on the upgrade data packet through the second security module, thereby ensuring the validity of the source of the upgrade data packet and ensuring the integrity of the upgrade data packet.
Further, the secure memory card with the built-in first secure module at least comprises a USB secure memory card and an SD secure memory card; the PLC equipment also comprises a system storage module which is used for storing the upgrading data packet and the firmware data packet, the version number and the system parameter information of the current PLC equipment.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (10)

1. A PLC remote firmware upgrade system, comprising: the system comprises at least one upper computer, an upgrading server and at least one PLC device;
a first safety module is embedded in the upper computer or a safety memory card internally provided with the first safety module is externally connected with the upper computer, and the PLC equipment comprises a microprocessor MCU and a second safety module;
the upgrading server is in communication connection with the upper computer and the PLC equipment through a network respectively;
the upper computer and the PLC equipment respectively send own equipment identification information to the upgrade server for registration and relation binding;
the upper computer is used for performing user authorization login authentication through the first security module, and performing bidirectional identity authentication and key agreement with the PLC equipment through the upgrade server after the authentication is passed to obtain a session key; the first security module is used for calculating summary information of the upgrade data packet and signing the summary information; the first security module is used for encrypting the upgrade data packet and the signed abstract information by using the session key and then sending the encrypted upgrade data packet and the signed abstract information to the upgrade server; the upgrading data packet comprises a version number and a PLC device model;
the upgrading server is used for generating a relation binding strategy of the upper computer and the PLC equipment and storing the encrypted upgrading data packet and signed abstract information;
the PLC equipment is used for performing bidirectional identity authentication and key agreement with the upper computer through the upgrading server through the second security module to obtain a session key; the microprocessor MCU is also used for acquiring the encrypted upgrade data packet and the signed abstract information from the upgrade server through the microprocessor MCU and sending the upgrade data packet and the signed abstract information to the second security module for decryption; and the second security module is used for decrypting the encrypted upgrade data packet and the signed abstract information by using the session key to obtain the upgrade data packet and the signed abstract information, verifying the signed abstract information, and transmitting the upgrade data packet to the microprocessor MCU for execution after the signature and the abstract information are verified.
2. The PLC remote firmware upgrade system according to claim 1, wherein the upgrade server is further configured to send an upgrade data packet to the bound corresponding PLC device according to an upgrade instruction of an authorized user of the upper computer; and the relation binding strategy is used for judging whether the upgrading instruction of the upper computer authorized user to the PLC equipment is correspondingly bound to the PLC equipment.
3. The PLC remote firmware upgrade system according to claim 1, wherein the first security module comprises at least a digital certificate of the upper computer user, a digital certificate of the PLC device, and a private key thereof, and the second security module comprises at least a digital certificate of the PLC device, a digital certificate of the upper computer user, and a private key thereof;
the upper computer carries out user authorization login authentication through the first security module and comprises the following steps: the upper computer firstly verifies the PIN code input by the user, and calls the digital certificate in the first security module to authenticate the identity of the user after the verification is passed, and the authentication is passed to indicate that the user is legal;
the upper computer performs bidirectional identity authentication and key agreement with the PLC equipment through the upgrade server through the first security module to obtain a session key, and the session key comprises: the upper computer and the PLC equipment respectively send identity information comprising respective digital certificates to the other party for identity authentication through the upgrading server, the upper computer respectively authenticates the digital certificates of the other party received by the upper computer through the first security module and the PLC equipment through the second security module, and the authentication is passed to indicate that the identity of the other party is legal;
after the identity authentication is passed, the upper computer and the PLC equipment respectively send the information including respective key agreement information to the other party for key agreement through the upgrade server, and the upper computer respectively carries out key calculation according to the received key agreement information and a preset key exchange protocol through the first security module and the PLC equipment through the second security module to obtain a session key.
4. The PLC remote firmware upgrade system according to claim 3, wherein the upper computer performing summary information calculation and signature processing on the upgrade data packet through the first security module comprises: the upper computer calculates the summary information of the upgrade data packet through the first security module and signs the summary information by using a private key in the first security module;
the PLC equipment verifies the signed abstract information, and after the signature and the abstract information are verified, the PLC equipment transmits the upgrading data packet to the microprocessor MCU to execute the steps of: and the PLC equipment checks the signed abstract information through the public key of the digital certificate of the upper computer in the second security module, calculates the abstract information after the signature passes the check, and transmits the upgrading data packet to the microprocessor MCU for execution after the comparison and the verification pass.
5. The PLC remote firmware upgrade system according to claim 1, wherein the secure memory card with the built-in first security module comprises at least a USB secure memory card, a SD secure memory card.
6. The PLC remote firmware upgrade system according to claim 1, further comprising a system storage module in the PLC device for storing the upgrade data packet and the firmware data packet, version number and system parameter information of the current PLC device.
7. A PLC remote firmware upgrade method, characterized in that the method comprises: a preparation stage and an upgrading stage;
the preparation phase comprises the following steps:
s101, after an upper computer and a PLC device respectively send own device identification information to an upgrade server for registration, the upgrade server generates a relation binding strategy of the upper computer and the PLC device;
s102, the upper computer sends an upgrading instruction for the PLC equipment to the remote upgrading server, the upgrading server judges whether the upper computer is allowed to send the upgrading instruction for the bound corresponding PLC equipment according to the relation binding strategy, if the upgrading instruction is allowed to be sent to the corresponding PLC equipment, the PLC equipment receives the upgrading instruction, returns response information to the upper computer and establishes communication connection between the upper computer and the PLC equipment;
the upgrading stage comprises the following steps:
s201, the upper computer performs user authorization login authentication through a first security module, and performs bidirectional identity authentication and key agreement with the PLC equipment through a second security module through the upgrade server after the authentication is passed to obtain a session key;
s202, the upper computer calculates summary information of the upgrade data packet and signs the summary information through the first security module;
s203, the upper computer encrypts the upgrade data packet and the signed abstract information by using the session key through the first security module and then sends the encrypted upgrade data packet and the signed abstract information to the upgrade server; the upgrading data packet comprises a version number and a PLC device model;
s204, the upgrade server stores the encrypted upgrade data packet and the signed abstract information and sends the encrypted upgrade data packet and the signed abstract information to the PLC equipment;
s205, the PLC equipment acquires the encrypted upgrade data packet and the signed abstract information from the upgrade server through a microprocessor MCU of the PLC equipment, and sends the encrypted upgrade data packet and the signed abstract information to a second safety module of the PLC equipment for decryption;
s206, the PLC equipment decrypts the encrypted upgrade data packet and the signed abstract information by using the session key through the second security module to obtain the upgrade data packet and the signed abstract information;
and S207, the PLC equipment verifies the signed abstract information through the second safety module, and transmits the upgrading data packet to the microprocessor MCU for execution after the signature and the abstract information are verified.
8. The PLC remote firmware upgrade method according to claim 7, wherein the first security module at least comprises a digital certificate of the upper computer user, a digital certificate of the PLC device and a private key thereof, and the second security module at least comprises a digital certificate of the PLC device, a digital certificate of the upper computer user and a private key thereof;
the S201 specifically includes:
the upper computer firstly verifies the PIN code input by the user, and calls the digital certificate in the first security module to authenticate the identity of the user after the verification is passed, and the authentication is passed to indicate that the user is legal;
the upper computer sends identity information including a digital certificate of the upper computer to corresponding PLC equipment through the upgrading server through the first security module for identity authentication, the PLC equipment verifies through the digital certificate of the upper computer user in the second security module, and the verification shows that the identity of the upper computer user is legal;
the PLC equipment sends identity information including a digital certificate of the PLC equipment to the corresponding upper computer through the second security module and the upgrading server for identity authentication, the upper computer verifies the identity information through the digital certificate of the PLC equipment in the first security module, and the verification result shows that the identity of the PLC equipment is legal;
the upper computer sends key negotiation information including the key negotiation information to corresponding PLC equipment through the upgrading server through the first safety module to perform key negotiation, the PLC equipment performs key calculation according to the received key negotiation information and a preset key exchange protocol through the second safety module to obtain a session key, and key negotiation reply information is returned to the upper computer through the upgrading server;
and the upper computer performs key calculation according to the received key negotiation reply message and a preset key exchange protocol through the first security module to obtain a session key.
9. The PLC remote firmware upgrade method according to claim 8, wherein the S202 includes: the upper computer calculates the summary information of the upgrade data packet through the first security module and signs the summary information by using a private key in the first security module;
the S207 includes: and the PLC equipment checks the signed abstract information through the public key of the digital certificate of the upper computer in the second security module, calculates the abstract information after the signature passes the check, and transmits the upgrading data packet to the microprocessor MCU for execution after the comparison and the verification pass.
10. The PLC remote firmware upgrade method according to claim 7, wherein the secure memory card with the built-in first security module at least comprises a USB secure memory card, a SD secure memory card; the PLC equipment also comprises a system storage module which is used for storing the upgrading data packet and the firmware data packet, the version number and the system parameter information of the current PLC equipment.
CN201911375770.3A 2019-12-27 2019-12-27 PLC remote firmware upgrading system and method Pending CN111143856A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911375770.3A CN111143856A (en) 2019-12-27 2019-12-27 PLC remote firmware upgrading system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911375770.3A CN111143856A (en) 2019-12-27 2019-12-27 PLC remote firmware upgrading system and method

Publications (1)

Publication Number Publication Date
CN111143856A true CN111143856A (en) 2020-05-12

Family

ID=70520865

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911375770.3A Pending CN111143856A (en) 2019-12-27 2019-12-27 PLC remote firmware upgrading system and method

Country Status (1)

Country Link
CN (1) CN111143856A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111832011A (en) * 2020-07-09 2020-10-27 郑州信大捷安信息技术股份有限公司 IAP-based firmware security upgrading method and device
CN112861156A (en) * 2021-02-26 2021-05-28 上海升途智能系统有限公司 Secure communication method and device for display data, electronic equipment and storage medium
CN112883382A (en) * 2021-03-03 2021-06-01 一汽解放汽车有限公司 Vehicle flashing method, vehicle networking box, vehicle and storage medium
CN113468559A (en) * 2021-06-18 2021-10-01 中国电子产品可靠性与环境试验研究所((工业和信息化部电子第五研究所)(中国赛宝实验室)) Firmware verification method and system
CN114167804A (en) * 2021-11-10 2022-03-11 汤臣智能科技(深圳)有限公司 Authentication method and system for PLC encryption program
CN114928486A (en) * 2022-05-18 2022-08-19 浙江木链物联网科技有限公司 Industrial control protocol safety ferrying method, device and system based on digital certificate and storage medium

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108182072A (en) * 2017-12-28 2018-06-19 上汽通用五菱汽车股份有限公司 Remote upgrade method, server and the storage medium of vehicle electronics
CN108390851A (en) * 2018-01-05 2018-08-10 郑州信大捷安信息技术股份有限公司 A kind of secure remote control system and method for industrial equipment
CN108874432A (en) * 2018-08-17 2018-11-23 深圳市优驰科技有限公司 Radio firmware upgrade-system
CN109104724A (en) * 2018-06-30 2018-12-28 江苏恒宝智能系统技术有限公司 A kind of data ciphering method and device for device upgrade
CN109302476A (en) * 2018-09-30 2019-02-01 珠海汇众能源科技有限公司 A kind of PLC program upgrade method and system based on mobile terminal
CN109309592A (en) * 2018-11-14 2019-02-05 无锡信捷电气股份有限公司 The method and apparatus of remote upgrade PLC firmware
CN110532735A (en) * 2018-05-23 2019-12-03 霍尼韦尔环境自控产品(天津)有限公司 Firmware upgrade method

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108182072A (en) * 2017-12-28 2018-06-19 上汽通用五菱汽车股份有限公司 Remote upgrade method, server and the storage medium of vehicle electronics
CN108390851A (en) * 2018-01-05 2018-08-10 郑州信大捷安信息技术股份有限公司 A kind of secure remote control system and method for industrial equipment
CN110532735A (en) * 2018-05-23 2019-12-03 霍尼韦尔环境自控产品(天津)有限公司 Firmware upgrade method
CN109104724A (en) * 2018-06-30 2018-12-28 江苏恒宝智能系统技术有限公司 A kind of data ciphering method and device for device upgrade
CN108874432A (en) * 2018-08-17 2018-11-23 深圳市优驰科技有限公司 Radio firmware upgrade-system
CN109302476A (en) * 2018-09-30 2019-02-01 珠海汇众能源科技有限公司 A kind of PLC program upgrade method and system based on mobile terminal
CN109309592A (en) * 2018-11-14 2019-02-05 无锡信捷电气股份有限公司 The method and apparatus of remote upgrade PLC firmware

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111832011A (en) * 2020-07-09 2020-10-27 郑州信大捷安信息技术股份有限公司 IAP-based firmware security upgrading method and device
CN111832011B (en) * 2020-07-09 2022-03-15 郑州信大捷安信息技术股份有限公司 IAP-based firmware security upgrading method and device
CN112861156A (en) * 2021-02-26 2021-05-28 上海升途智能系统有限公司 Secure communication method and device for display data, electronic equipment and storage medium
CN112883382A (en) * 2021-03-03 2021-06-01 一汽解放汽车有限公司 Vehicle flashing method, vehicle networking box, vehicle and storage medium
CN113468559A (en) * 2021-06-18 2021-10-01 中国电子产品可靠性与环境试验研究所((工业和信息化部电子第五研究所)(中国赛宝实验室)) Firmware verification method and system
CN113468559B (en) * 2021-06-18 2024-01-05 中国电子产品可靠性与环境试验研究所((工业和信息化部电子第五研究所)(中国赛宝实验室)) Firmware verification method and system
CN114167804A (en) * 2021-11-10 2022-03-11 汤臣智能科技(深圳)有限公司 Authentication method and system for PLC encryption program
CN114928486A (en) * 2022-05-18 2022-08-19 浙江木链物联网科技有限公司 Industrial control protocol safety ferrying method, device and system based on digital certificate and storage medium
CN114928486B (en) * 2022-05-18 2023-10-17 浙江木链物联网科技有限公司 Industrial control protocol security ferrying method, device and system based on digital certificate and storage medium

Similar Documents

Publication Publication Date Title
CN109309565B (en) Security authentication method and device
CN111143856A (en) PLC remote firmware upgrading system and method
CN110677418B (en) Trusted voiceprint authentication method and device, electronic equipment and storage medium
EP2887576B1 (en) Software key updating method and device
CN101828357B (en) Credential provisioning method and device
CN107743067B (en) Method, system, terminal and storage medium for issuing digital certificate
US8495383B2 (en) Method for the secure storing of program state data in an electronic device
EP3001598B1 (en) Method and system for backing up private key in electronic signature token
CN101272301B (en) Safety access method of wireless metropolitan area network
EP2378414A2 (en) Remote update method for firmware
CN105872848B (en) A kind of credible mutual authentication method suitable for asymmetric resource environment
CN103136463A (en) System and method for temporary secure boot process of an electronic device
CN111162911B (en) PLC firmware upgrading system and method
CN107733636B (en) Authentication method and authentication system
CN105099705B (en) A kind of safety communicating method and its system based on usb protocol
US11811939B2 (en) Advanced crypto token authentication
JP2017152880A (en) Authentication system, key processing coordination method, and key processing coordination program
CN104410641A (en) Security-controlled online activation method and device for POS terminals
CN110838919B (en) Communication method, storage method, operation method and device
CN111654503A (en) Remote control method, device, equipment and storage medium
CN115795446A (en) Method for processing data in trusted computing platform and management device
KR102288444B1 (en) Firmware updating method, apparatus and program of authentication module
CN107343276B (en) Method and system for protecting SIM card locking data of terminal
CN108235807B (en) Software encryption terminal, payment terminal, software package encryption and decryption method and system
CN114124362A (en) Key distribution method, device and computer readable medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20200512

RJ01 Rejection of invention patent application after publication