CN111814139A - Automobile motor controller program safe loading system and method - Google Patents

Automobile motor controller program safe loading system and method Download PDF

Info

Publication number
CN111814139A
CN111814139A CN202010624439.7A CN202010624439A CN111814139A CN 111814139 A CN111814139 A CN 111814139A CN 202010624439 A CN202010624439 A CN 202010624439A CN 111814139 A CN111814139 A CN 111814139A
Authority
CN
China
Prior art keywords
burning
data
motor controller
verification
code
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010624439.7A
Other languages
Chinese (zh)
Other versions
CN111814139B (en
Inventor
张伟
李�浩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Faraday Electric Drive Co ltd
Original Assignee
Shenzhen Faraday Electric Drive Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Faraday Electric Drive Co ltd filed Critical Shenzhen Faraday Electric Drive Co ltd
Priority to CN202010624439.7A priority Critical patent/CN111814139B/en
Publication of CN111814139A publication Critical patent/CN111814139A/en
Application granted granted Critical
Publication of CN111814139B publication Critical patent/CN111814139B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/02Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)
  • Stored Programmes (AREA)

Abstract

The embodiment of the invention discloses a system and a method for safely loading a program of an automobile motor controller, wherein the system comprises a burning upper computer, the automobile motor controller and a CAN network, the motor controller comprises FLASH, the burning upper computer sends out a burning application, the motor controller interacts according to safety verification logic after receiving the application, and if the handshake fails, the upgrading is abandoned; if the handshake is successful, the upper burning computer encrypts the target program in batches and transmits the encrypted target program to the motor controller; loading logic in the motor controller for processing, and if the data frame is analyzed correctly, encrypting and storing the data frame into FLASH; and if the analysis fails, requesting the upper computer to retransmit. The invention ensures the data security when the program is loaded, ensures that the data is not intercepted and analyzed in the loading process, and effectively prevents the third-party security threat code from being inserted in the loading process.

Description

Automobile motor controller program safe loading system and method
Technical Field
The invention relates to the technical field of new energy automobiles, in particular to an automobile motor controller program safe loading system and method.
Background
In recent years, the automobile market is gradually turning to a new energy electric automobile from a traditional fuel oil automobile, and the power core and an engine are changed into 'motor + electric control'. Among them, the electronic control (called motor controller entirely) is a typical embedded system, and is composed of embedded hardware and embedded software. The motor and the embedded hardware are dead objects, and can normally work according to design generally without damage; embedded software may be cracked after production is completed or may be embedded into a back door program during later upgrade, thereby inducing car safety problems.
In order to solve the problem of program safety of an automobile motor controller, the conventional method has the following points:
1. the safety function of the main control chip in the embedded hardware is started, so that the risk that non-related technicians directly read/modify the built-in program through JTAG/serial port/CAN port and other ways CAN be reduced;
2. a chip auxiliary loader (also called BootLoader) is independently developed, and some security policies such as handshake authentication, data verification and the like can be added according to requirements by utilizing the chip auxiliary loader. The problems that the burning is directly started and the data link layer is in error in the non-safety state can be solved;
3. the unique identification code of the chip is introduced for data encryption during program loading and storage, and the cracking difficulty is increased.
The method has the advantages that the coded lock of the chip is opened, cracking personnel can be prevented from directly reading the controller program through means such as a JTAG port of the chip, the chip is universal in encryption rule, the application range is wide, a large number of professionals/companies can successfully crack the chip, and the target related files which can be produced or analyzed can be obtained only by paying a little reward.
Although the chip identification code is unique, the chip identification code is fixed and can be directly read through a public technology, if the chip identification code is simply used for encrypting when a program is loaded and stored, a secret key is disclosed, and the cracking difficulty is low. The public key is used for protecting the program, so that a professional can directly replace or add some dangerous codes when the program is upgraded, and can also completely analyze a cracked target related file to obtain all technical details.
Disclosure of Invention
The technical problem to be solved by the embodiments of the present invention is to provide a system and a method for safely loading a program of an automotive motor controller, so as to ensure data safety during program loading.
In order to solve the technical problems, the embodiment of the invention provides a safe loading system for an automobile motor controller program, which comprises a burning upper computer, an automobile motor controller and a CAN network, wherein the motor controller comprises FLASH,
the upper burning computer sends out a burning application, the motor controller interacts according to the safety verification logic after receiving the application, and if the handshake fails, the upgrading is abandoned; if the handshake is successful, the upper burning computer encrypts the target program in batches and transmits the encrypted target program to the motor controller;
loading logic in the motor controller for processing, and if the data frame is analyzed correctly, encrypting and storing the data frame into FLASH; and if the analysis fails, requesting the upper computer to retransmit.
Further, after initiating a burning application, the burning upper computer firstly carries out safety verification with the motor controller through a preset application scene B, then carries out burning operation after the safety verification passes, then reads and analyzes a burning target program, divides the target program into a plurality of fragments with fixed length of 128 bits, and calculates target program verification according to a preset application scene BC; only one fragment is sent each time, before sending, the fragment data is encrypted according to a preset application scene BA, then the fragment data is assembled into a complete data frame which accords with loading logic, and the complete data frame is checked and calculated according to a preset application scene BB; the current segment is sent to check the complete data frame and the data frame, and the motor controller is waited to reply after the sending is finished; if the reply is successful, the next fragment is sent; if the reply fails, triggering the current segment to send again; after all the fragments are sent, carrying out BC verification on a preset application scene, and after the motor controller replies that the verification is successful, completing the burning; if the reply fails, whether the burning application is triggered again is prompted.
Further, after receiving a burning application for burning the upper computer, the motor controller firstly generates a 128-bit key and 64-bit seeds, and then performs security verification according to a preset application scene B; if the verification is passed, entering a fragment frame data receiving waiting state; if the verification fails, clearing the related data and exiting the upgrade; during the normal upgrading process, after the current fragment frame data is received, judging whether the current fragment frame data is a preset application scene BC check frame, if not, checking the current frame data according to a preset application scene BB; if the frame is the last frame, checking all application data according to a preset application scene BC; if the BB check of the preset application scene does not pass, requesting the burning upper computer to retransmit the current segment frame; the verification is passed, data decryption is carried out according to a preset application scene BA, the data is encrypted according to a preset application scene A, then the data is stored in a designated position of the FLASH, the processing of the current fragment frame is finished, and the next fragment frame data is continuously waited; if the preset application scene BC is not checked, clearing the current cache data, and quitting the burning, wherein the burning fails; and if the verification is passed, the burning request is processed, and the corresponding flag bit is set to exit the burning.
Further, the application scenario a: the method comprises the steps that a key with the total length of 128 bits is formed by adopting a unique code and a self-increment code and other fixed elements, and is used for encryption when the key is burnt into an internal FLASH of a chip for storage, and a preset encryption algorithm A is adopted;
the application scenario B: adopting a 64-bit seed consisting of a unique code II, an incremental code II and a random number for safety verification before program loading, and adopting a preset verification docking algorithm A and a preset verification docking algorithm B;
the application scenario BA: the unique code II and the random number are used for encrypting application data in single transmission data in the program loading process, and a preset encryption algorithm B is adopted;
the application scene BB: the unique code II and the self-adding code II are used for overall verification of single transmission data, and a preset data verification algorithm A is adopted;
application scenario BC: the self-adding code II is used for checking the integrity of all transmission data in the loading process, and a preset data checking algorithm B is adopted;
the self-increment code is stored in a motor controller FALSH, the self-increment code is assigned before being subjected to secondary burning, the assignment result is random, and the following formula k (t) = k (t-1) + A (random) is followed, wherein k (t) is the current burning time value of the self-increment code, k (t-1) is the last burning time value of the self-increment code, and A (random) is a random integer and ranges from 1 to 10;
the self-increment code II is obtained by disguising the self-increment code, and k2(t) = f (k (t)), wherein k is2(t) isF (k) (t)) is a mapping function;
the unique code II is obtained by processing the unique code SN2=f2(SN) wherein SN is a unique code, SN2Is a unique code II, f2(SN) is a mapping function.
Further, after receiving the burning application of the burning upper computer, the controller reads the current self-increment code k (t-1) from the FLASH, generates the current self-increment code according to a formula of k (t) = k (t-1) + A (random), and writes the current self-increment code k (t) into a designated area of the FLASH along with a large number of random numbers; according to formula k2(t) = f (k (t)) generated self-increasing code ii; generating random number B (random), reading unique code SN, and obtaining formula SN2=f2(SN) generating a unique code II; finally, a 128-bit key and a 64-bit seed are assembled, wherein the 128-bit key consists of SN + k (t) + fixed data, and the 64-bit seed consists of SN2+ k2(t) + B (random).
Correspondingly, the embodiment of the invention also provides a safe loading method of the program of the automobile motor controller, which comprises the following steps:
step 1: the upper burning computer sends out a burning application, the motor controller interacts according to the safety verification logic after receiving the application, and if the handshake fails, the upgrading is abandoned; if the handshake is successful, the upper burning computer encrypts the target program in batches and transmits the encrypted target program to the motor controller;
step 2: loading logic in the motor controller for processing, and if the data frame is analyzed correctly, encrypting and storing the data frame into FLASH; and if the analysis fails, requesting the upper computer to retransmit.
Further, in the step 1, after initiating a burning application, the burning upper computer firstly performs safety verification with the motor controller through a preset application scene B, then performs burning operation after the safety verification passes, then reads and analyzes a burning target program, divides the target program into a plurality of fragments with fixed length of 128 bits, and calculates target program verification according to a preset application scene BC; only one fragment is sent each time, before sending, the fragment data is encrypted according to a preset application scene BA, then the fragment data is assembled into a complete data frame which accords with loading logic, and the complete data frame is checked and calculated according to a preset application scene BB; the current segment is sent to check the complete data frame and the data frame, and the motor controller is waited to reply after the sending is finished; if the reply is successful, the next fragment is sent; if the reply fails, triggering the current segment to send again; after all the fragments are sent, carrying out BC verification on a preset application scene, and after the motor controller replies that the verification is successful, completing the burning; if the reply fails, whether the burning application is triggered again is prompted.
Further, in step 2, after receiving a burning application for burning an upper computer, the motor controller firstly generates a 128-bit key and 64-bit seeds, and then performs security verification according to a preset application scene B; if the verification is passed, entering a fragment frame data receiving waiting state; if the verification fails, clearing the related data and exiting the upgrade; during the normal upgrading process, after the current fragment frame data is received, judging whether the current fragment frame data is a preset application scene BC check frame, if not, checking the current frame data according to a preset application scene BB; if the frame is the last frame, checking all application data according to a preset application scene BC; if the BB check of the preset application scene does not pass, requesting the burning upper computer to retransmit the current segment frame; the verification is passed, data decryption is carried out according to a preset application scene BA, the data is encrypted according to a preset application scene A, then the data is stored in a designated position of the FLASH, the processing of the current fragment frame is finished, and the next fragment frame data is continuously waited; if the preset application scene BC is not checked, clearing the current cache data, and quitting the burning, wherein the burning fails; and if the verification is passed, the burning request is processed, and the corresponding flag bit is set to exit the burning.
Further, the application scenario a: the method comprises the steps that a key with the total length of 128 bits is formed by adopting a unique code and a self-increment code and other fixed elements, and is used for encryption when the key is burnt into an internal FLASH of a chip for storage, and a preset encryption algorithm A is adopted;
the application scenario B: adopting a 64-bit seed consisting of a unique code II, an incremental code II and a random number for safety verification before program loading, and adopting a preset verification docking algorithm A and a preset verification docking algorithm B;
the application scenario BA: the unique code II and the random number are used for encrypting application data in single transmission data in the program loading process, and a preset encryption algorithm B is adopted;
the application scene BB: the unique code II and the self-adding code II are used for overall verification of single transmission data, and a preset data verification algorithm A is adopted;
application scenario BC: the self-adding code II is used for checking the integrity of all transmission data in the loading process, and a preset data checking algorithm B is adopted;
the self-increment code is stored in a motor controller FALSH, the self-increment code is assigned before being subjected to secondary burning, the assignment result is random, and the following formula k (t) = k (t-1) + A (random) is followed, wherein k (t) is the current burning time value of the self-increment code, k (t-1) is the last burning time value of the self-increment code, and A (random) is a random integer and ranges from 1 to 10;
the self-increment code II is obtained by disguising the self-increment code, and k2(t) = f (k (t)), wherein k is2(t) is the current order of the self-increment code II, and f (k) (t) is the mapping function;
the unique code II is obtained by processing the unique code SN2=f2(SN) wherein SN is a unique code, SN2Is a unique code II, f2(SN) is a mapping function.
Further, in the step 2, after receiving the burning application of the burning upper computer, the controller reads the current self-increment code k (t-1) from the FLASH, generates the current self-increment code according to a formula of k (t) = k (t-1) + A (random), and writes the current self-increment code k (t) into a designated area of the FLASH along with a large number of random numbers; according to formula k2(t) = f (k (t)) generated self-increasing code ii; generating random number B (random), reading unique code SN, and obtaining formula SN2=f2(SN) generating a unique code II; finally, a 128-bit key and a 64-bit seed are assembled, wherein the 128-bit key consists of SN + k (t) + fixed data, and the 64-bit seed consists of SN2+ k2(t) + B (random).
The invention has the beneficial effects that: the invention ensures the data security when the program is loaded, ensures that the data is not intercepted and analyzed in the loading process, and effectively prevents a third-party security threat code from being inserted in the loading process; the invention also ensures the storage safety after the program is loaded, and avoids the situation that professional personnel can directly bypass the chip logic to read the FLASH content and restore the program content.
Drawings
Fig. 1 is a schematic structural diagram of a program loading system of a motor controller of an automobile according to an embodiment of the present invention.
Fig. 2 is a flowchart of a method for loading a program of a motor controller of an automobile according to an embodiment of the present invention.
FIG. 3 is a logic flow diagram of burning an upper computer during a loading operation according to an embodiment of the present invention.
Fig. 4 is a schematic view of a safety scene of a burning upper computer during a loading operation according to an embodiment of the present invention.
FIG. 5 is a logic flow diagram of a motor controller during a load operation in accordance with an embodiment of the present invention.
Fig. 6 is a schematic diagram of a safety scenario of a motor controller during a loading operation according to an embodiment of the present invention.
FIG. 7 is a flowchart of key generation during a load operation according to an embodiment of the present invention.
Fig. 8 is a flowchart of security verification of application scenario B during a load operation according to an embodiment of the present invention.
Detailed Description
It should be noted that the embodiments and features of the embodiments in the present application can be combined with each other without conflict, and the present invention is further described in detail with reference to the drawings and specific embodiments.
If directional indications (such as up, down, left, right, front, and rear … …) are provided in the embodiment of the present invention, the directional indications are only used to explain the relative position relationship between the components, the movement, etc. in a specific posture (as shown in the drawing), and if the specific posture is changed, the directional indications are changed accordingly.
In addition, the descriptions related to "first", "second", etc. in the present invention are only used for descriptive purposes and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature.
Referring to fig. 1, the program loading system for the automobile motor controller according to the embodiment of the invention includes a burning upper computer, the automobile motor controller and a CAN network.
The motor controller is mainly characterized by comprising FLASH, the embodiment of the invention divides the FLASH into an auxiliary loading function area and an application control function area, wherein the application control function area is subdivided into a general storage area and an encryption storage area. The chip of part of the motor controller is not provided with built-in FALSH, and the program needs to be stored in an externally-hung FLASH, so that the safety loading method needs to be matched with a safety chip for use. The chip reads from the FLASH and writes into the FALSH through the switching of the security chip, and the data finally stored in the FLASH are all data after encryption processing.
The self-increment code mentioned in the embodiment of the invention is stored in a certain position of the auxiliary loading functional area, and the whole area is an unerasable area. In order to prevent the decoding contrast mode from extracting self-increment codes, a large number of random numbers are written into the self-increment codes at the same time when updating and writing are carried out each time.
The control program loading of the embodiment of the present invention generally refers to updating of the application control function area. In order to balance rapidity and security, the encrypted storage is only performed on data which is agreed to be stored in the encrypted storage area, and the following description is not particularly distinguished.
The basic flow chart of the safe loading related to the embodiment of the invention is shown in fig. 2, after a motor controller is electrified, a burning application is sent by a burning upper computer, and after the controller receives the application, the interaction is carried out according to the safety verification logic. If the handshake fails, the upgrade is abandoned. If the handshake is successful, the burning upper computer encrypts the target program in batches and transmits the encrypted target program to the controller, and the controller loads logic (boot logic) for processing. If the data frame is analyzed correctly, the data frame is encrypted and then stored into FLASH; and if the analysis fails, requesting the upper computer to retransmit.
The loading scheme is explained in detail from the perspective of the programming upper computer and the motor controller respectively.
Fig. 3 is a logic flow diagram of the upper computer side in the loading process, in which the upper computer initiates a burning application, performs security verification with the controller through an application scene B, and can perform burning operation after the application scene B passes the security verification. And then reading and analyzing the burning target program, dividing the target program into a plurality of fragments with fixed length of 128 bits, and calculating the verification of the target program according to the application scene BC. Only one fragment is sent each time, before sending, the fragment data needs to be encrypted according to the application scene BA, then the fragment data is assembled into a complete data frame which accords with the loading logic, and the complete data frame is checked and calculated according to the application scene BB. And the sending of the current segment comprises the verification of the complete data frame and the data frame, and the controller waits for the reply after the sending is finished. If the reply is successful, the next fragment is sent; if the reply fails, the current fragment is triggered to be sent again. After all the fragments are sent, carrying out application scene BC verification, and the controller replies that the verification is successful and the burning is finished; if the reply fails, whether the burning application is triggered again is prompted.
Fig. 5 is a logic flow diagram of a controller side in a loading process, and after receiving an upper computer burning application, first generates a 128-bit key and a 64-bit seed (i.e., seed), and then performs security verification according to an application scenario B. The verification is passed, and a fragment frame data receiving waiting state is entered; if the verification fails, the relevant data is cleared to exit the upgrade. During the normal upgrading process, after the current fragment frame data is received, judging whether the current fragment frame data is an application scene BC check frame, namely whether the current fragment frame data is the last frame, and if not, checking the current fragment frame data according to the application scene BB; if it is the last frame, all application data checks are performed according to scene 23. If the application scene BB check fails, requesting the burning upper computer to retransmit the current segment frame; and after the verification is passed, data are decrypted according to the application scene BA, encrypted according to the application scene A and then stored in the appointed position of the FLASH, the current fragment frame is processed, and the next fragment frame data is continuously waited. If the application scene BC is not checked, clearing the current cache data, and quitting the burning, wherein the burning fails; and if the verification is passed, the burning request is processed, and the corresponding flag bit is set to exit the burning.
Fig. 4 and fig. 6 are schematic diagrams of security scenarios at the upper computer side and the controller side during a loading operation, which extract key points of the method in terms of security and ensure that a secure state enters loading, process data security and stored data security. The encryption algorithm can balance security and efficiency according to actual requirements, and make a proper choice. As recommended only below, application scenario A may use the AES-128 encryption algorithm, application scenario B and application scenario BA may use the byte rotation and bit-mix simple encryption algorithm, and application scenario BB and application scenario BC may use the MD5 check algorithm.
The main flow of key generation during the loading process of the embodiment of the present invention is shown in fig. 7. After receiving the burning application of the upper computer, the controller reads the current self-increment code k (t-1) from the FLASH, generates the current self-increment code according to a formula of k (t) = k (t-1) + A (random), and writes the current self-increment code k (t) into a designated area of the FLASH along with a large number of random numbers. According to formula k2(t) = f (k (t)) is generated from the incremental code ii. A random number b (random) is generated. Reading the unique code SN of the chip according to the formula SN2=f2(SN) generating a unique code II. All key sources are obtained at this time, and finally a 128-bit key and a 64-bit seed are assembled. The 128-bit key is composed of "SN + k (t) + fixed data", and the 64-bit seed is composed of "SN2+ k2(t) + B (random), the sequence and whether variation is needed after assembly are finished, and the concrete engineering is selected according to the needs. It is emphasized that the key generation step is performed as long as the upper computer burning application is received, and a new key is generated in the next burning even if the burning is requested to be quitted in midway or the final burning fails. The fixed data can be any 128-bit constant, for example, 0x 26433832502884.
The main flow of the security verification logic of the application scenario B of the embodiment of the present invention is shown in fig. 8. After the upper computer initiates burning, the upper computer receives data including the seeds and then performs double verification according to the docking algorithm 1 and the docking algorithm 2. The docking algorithm 1 is a seed Key verification algorithm implementation process, namely, corresponding keys are calculated according to seeds and sent to the controller core pair to confirm that the burning upper computer is consistent with loading logic contained in the motor controller. And the step 2 of the butt-joint algorithm is that data after random data X is encrypted according to an application scene BA are sent, after the data are received by the controller, the data are processed according to the sequence of 'application scene BA decryption- > application scene A encryption- > application scene A decryption- > application scene A encryption', and then sent back to the upper computer, the upper computer decrypts the data according to the application scene BA to obtain data Y, and whether the correctness of the data can be ensured after the data are encrypted and decrypted for multiple times is verified by comparing whether the Y is consistent with the X.
In the embodiment of the invention, for enhancing safety and increasing decoding difficulty, an encryption algorithm key combination introduces three elements of a chip unique identification code (a 'unique code' or SN for short), a burning self-increment identification code (a 'self-increment code' for short) and a burning handshake random number (a 'random number' for short).
The unique code is the inherent property of the chip, has non-repeatability, but can be directly read by utilizing the public technology of the chip.
The self-increment code is stored in a certain position of an unerasable area in the chip FALSH, and is unique in the life cycle of the embedded system, but the values of different controllers can be the same. The self-increment code is assigned before the secondary burning, the assignment result is random, but the following formula k (t) = k (t-1) + A (random) (t) is the self-increment code current burning value, k (t-1) is the self-increment code last burning value, A (random) is a random integer, and the range is between 1 and 10.
In order to avoid the situation that the self-increment code is cracked, contrasted and read out from the FLASH, a large number of random numbers are added in each writing process. Because the self-adding code has two application scenes of FLASH data encryption and data verification during loading, the self-adding code is disguised to obtain a self-adding code II to meet the application requirement, and the formula is specifically k2(t)=f(k(t))(k2(t) is the value of the second order of the self-increment code II, and f () is the mapping function). The unique code is processed into a unique code II, SN2=f2(SN)。
The random number b (random) is software random, and is randomly generated each time software burning is initiated, which cannot be predicted, but the same value can still appear with a large probability.
The three codes have respective advantages and defects, safety and reliability cannot be guaranteed when the codes are used independently, and the cracking loopholes can be blocked through matching use modes according to different application scenes.
And an application scene A, a unique code, a self-increment code and other fixed elements are added to form a key with the total length of 128 bits, the key is used for encryption when the key is burnt into the internal FLASH of the chip for storage, and an encryption algorithm A is adopted. The encryption algorithm a is preferably an AES128 encryption algorithm, which is a standard algorithm.
And applying a 64-bit seed consisting of a scene B, a unique code II, an incremental code II and a random number to the safety verification before program loading, and adopting a verification docking algorithm A and a verification docking algorithm B. Verification docking algorithm a: simple XOR, such as data D ^ constant C; and (3) verifying a docking algorithm B: simple XOR, such as seed ^ constant C.
And in the application scene BA, the unique code II and the random number are used for encrypting the application data in single-time data transmission in the program loading process, and an encryption algorithm B is adopted. The encryption algorithm B employs a simple substitute cipher.
And applying a scene BB, and using the unique code II and the self-increment code II for the overall verification of single-time transmission data by adopting a data verification algorithm A. The data checking algorithm a is preferably a CRC16 checking algorithm.
And applying a scene BC, using a self-increment code II for the integrity check of all transmission data in the loading process, and adopting a data check algorithm B. The data checking algorithm B is preferably a CRC8 checking algorithm.
In the application scenario A, a key with the total length of 128 bits is used for encrypting FALSH storage data, the key has uniqueness and unpredictability, even developers do not know the current specific value, the complete key does not appear in the subsequent upgrading process, and the value is continuously iterated inside. Secondly, a professional cracks the FALSH chip, only the encrypted data can be obtained, files which can be used on other hardware with the same type of chip cannot be obtained, and brute force cracking is meaningless.
And in the application scene B, the safety verification is carried out by adopting a seed key mode, so that the controller can be ensured to be in a safe state at present, and the upgrading operation can be carried out. Through double verification of the docking algorithm 1 and the docking algorithm 2, matching verification of the controller and the upgrade software can be achieved, and burning error programs and other illegal upgrade applications can be prevented.
The application scene BA can ensure the diversity of data in the burning process, and even if the same program is burnt, the data on the data link is different every time, so that the situation that the data are cracked by the plug-in monitoring equipment in an upgrading data stream mode is avoided.
By applying the scenes BB and 23, the consistency of process transmission data can be ensured, and the data are not modified in the middle or misplaced due to hardware interference. The application scene BB can enable the two parties to know that the error occurs in time and can retransmit the error data in time.
Referring to fig. 2, the method for loading a program of a motor controller of an automobile according to an embodiment of the present invention includes the following steps 1 and 2.
Step 1: the upper burning computer sends out a burning application, the motor controller interacts according to the safety verification logic after receiving the application, and if the handshake fails, the upgrading is abandoned; and if the handshake is successful, the burning upper computer encrypts the target program in batches and transmits the encrypted target program to the motor controller.
Step 2: loading logic in the motor controller for processing, and if the data frame is analyzed correctly, encrypting and storing the data frame into FLASH; and if the analysis fails, requesting the upper computer to retransmit.
Referring to fig. 3, as an implementation manner, in step 1, after initiating a burning application, a burning upper computer performs security verification with a motor controller through a preset application scene B, performs burning operation after the security verification passes, reads and analyzes a burning target program, divides the target program into a plurality of fragments with fixed length of 128 bits, and calculates target program verification according to a preset application scene BC; only one fragment is sent each time, before sending, the fragment data is encrypted according to a preset application scene BA, then the fragment data is assembled into a complete data frame which accords with loading logic, and the complete data frame is checked and calculated according to a preset application scene BB; the current segment is sent to check the complete data frame and the data frame, and the motor controller is waited to reply after the sending is finished; if the reply is successful, the next fragment is sent; if the reply fails, triggering the current segment to send again; after all the fragments are sent, carrying out BC verification on a preset application scene, and after the motor controller replies that the verification is successful, completing the burning; if the reply fails, whether the burning application is triggered again is prompted.
Referring to fig. 5, as an implementation manner, in step 2, after receiving a burning application for burning an upper computer, the motor controller first generates a 128-bit key and 64-bit seeds, and then performs security verification according to a preset application scenario B; if the verification is passed, entering a fragment frame data receiving waiting state; if the verification fails, clearing the related data and exiting the upgrade; during the normal upgrading process, after the current fragment frame data is received, judging whether the current fragment frame data is a preset application scene BC check frame, if not, checking the current frame data according to a preset application scene BB; if the frame is the last frame, checking all application data according to a preset application scene BC; if the BB check of the preset application scene does not pass, requesting the burning upper computer to retransmit the current segment frame; the verification is passed, data decryption is carried out according to a preset application scene BA, the data is encrypted according to a preset application scene A, then the data is stored in a designated position of the FLASH, the processing of the current fragment frame is finished, and the next fragment frame data is continuously waited; if the preset application scene BC is not checked, clearing the current cache data, and quitting the burning, wherein the burning fails; and if the verification is passed, the burning request is processed, and the corresponding flag bit is set to exit the burning.
As an embodiment, the application scenario a: the unique code and the self-increment code, and other fixed elements are added to form a key with the total length of 128 bits, and the key is used for encryption when being burned into a FLASH inside a chip for storage, and an encryption algorithm A is adopted;
the application scenario B: a 64-bit seed consisting of the unique code II, the self-increment code II and the random number is used for safety verification before program loading, and a verification butt joint algorithm A and a verification butt joint algorithm B are adopted;
the application scenario BA: the unique code II and the random number are used for encrypting the application data in single transmission data in the program loading process, and an encryption algorithm B is adopted;
the application scene BB: the unique code II and the self-adding code II are used for overall verification of single transmission data, and a data verification algorithm A is adopted;
application scenario BC: the self-adding code II is used for verifying the integrity of all transmission data in the loading process, and a data verification algorithm B is adopted;
the self-increment code is stored in a motor controller FALSH, the self-increment code is assigned before being subjected to secondary burning, the assignment result is random, and the following formula k (t) = k (t-1) + A (random) is followed, wherein k (t) is the current burning time value of the self-increment code, k (t-1) is the last burning time value of the self-increment code, and A (random) is a random integer and ranges from 1 to 10;
the self-increment code II is obtained by disguising the self-increment code, and k2(t) = f (k (t)), wherein k is2(t) is the value of the self-increment code II, and f () is a mapping function;
the unique code II is obtained by processing the unique code SN2=f2(SN) wherein SN is a unique code, SN2Is a unique code II, f2() Is a mapping function.
As an implementation manner, in step 2, after receiving a burning application of the burning upper computer, the controller reads a current self-increment code k (t-1) from the FLASH, generates a current self-increment code according to a formula of k (t) = k (t-1) + a (random), and writes the current self-increment code k (t) into a designated area of the FLASH along with a large number of random numbers; according to formula k2(t) = f (k (t)) generated self-increasing code ii; generating random number B (random), reading unique code SN, and obtaining formula SN2=f2(SN) generating a unique code II; finally, a 128-bit key and a 64-bit seed are assembled, wherein the 128-bit key consists of SN + k (t) + fixed data, and the 64-bit seed consists of SN2+ k2(t) + B (random). The fixed data can be any 128-bit constant, for example, 0x 26433832502884.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.

Claims (10)

1. A safe program loading system for an automobile motor controller comprises a burning upper computer, the automobile motor controller and a CAN network, and is characterized in that the motor controller comprises a FLASH,
the upper burning computer sends out a burning application, the motor controller interacts according to the safety verification logic after receiving the application, and if the handshake fails, the upgrading is abandoned; if the handshake is successful, the upper burning computer encrypts the target program in batches and transmits the encrypted target program to the motor controller;
loading logic in the motor controller for processing, and if the data frame is analyzed correctly, encrypting and storing the data frame into FLASH; and if the analysis fails, requesting the upper computer to retransmit.
2. The automobile motor controller program safe loading system according to claim 1, wherein after the burning upper computer initiates the burning application, firstly, the burning upper computer performs safety verification with the motor controller through a preset application scene B, after the safety verification passes, burning operation is performed, then, a burning target program is read and analyzed, the target program is divided into a plurality of fragments with fixed length of 128 bits, and target program verification is calculated according to a preset application scene BC; only one fragment is sent each time, before sending, the fragment data is encrypted according to a preset application scene BA, then the fragment data is assembled into a complete data frame which accords with loading logic, and the complete data frame is checked and calculated according to a preset application scene BB; the current segment is sent to check the complete data frame and the data frame, and the motor controller is waited to reply after the sending is finished; if the reply is successful, the next fragment is sent; if the reply fails, triggering the current segment to send again; after all the fragments are sent, carrying out BC verification on a preset application scene, and after the motor controller replies that the verification is successful, completing the burning; if the reply fails, whether the burning application is triggered again is prompted.
3. The automobile motor controller program safe loading system according to claim 2, wherein after receiving a burning application for burning an upper computer, the motor controller firstly generates a 128-bit key and 64-bit seeds, and then performs safe verification according to a preset application scene B; if the verification is passed, entering a fragment frame data receiving waiting state; if the verification fails, clearing the related data and exiting the upgrade; during the normal upgrading process, after the current fragment frame data is received, judging whether the current fragment frame data is a preset application scene BC check frame, if not, checking the current frame data according to a preset application scene BB; if the frame is the last frame, checking all application data according to a preset application scene BC; if the BB check of the preset application scene does not pass, requesting the burning upper computer to retransmit the current segment frame; the verification is passed, data decryption is carried out according to a preset application scene BA, the data is encrypted according to a preset application scene A, then the data is stored in a designated position of the FLASH, the processing of the current fragment frame is finished, and the next fragment frame data is continuously waited; if the preset application scene BC is not checked, clearing the current cache data, and quitting the burning, wherein the burning fails; and if the verification is passed, the burning request is processed, and the corresponding flag bit is set to exit the burning.
4. The automotive motor controller program safe loading system of claim 3,
the application scenario a: the method comprises the steps that a key with the total length of 128 bits is formed by adopting a unique code and a self-increment code and other fixed elements, and is used for encryption when the key is burnt into an internal FLASH of a chip for storage, and a preset encryption algorithm A is adopted;
the application scenario B: adopting a 64-bit seed consisting of a unique code II, an incremental code II and a random number for safety verification before program loading, and adopting a preset verification docking algorithm A and a preset verification docking algorithm B;
the application scenario BA: the unique code II and the random number are used for encrypting application data in single transmission data in the program loading process, and a preset encryption algorithm B is adopted;
the application scene BB: the unique code II and the self-adding code II are used for overall verification of single transmission data, and a preset data verification algorithm A is adopted;
application scenario BC: the self-adding code II is used for checking the integrity of all transmission data in the loading process, and a preset data checking algorithm B is adopted;
the self-increment code is stored in a motor controller FALSH, the self-increment code is assigned before being subjected to secondary burning, the assignment result is random, and the following formula k (t) = k (t-1) + A (random) is followed, wherein k (t) is the current burning time value of the self-increment code, k (t-1) is the last burning time value of the self-increment code, and A (random) is a random integer and ranges from 1 to 10;
the self-increment code II is obtained by disguising the self-increment code, and k2(t) = f (k (t)), wherein k is2(t) is the current order of the self-increment code II, and f (k) (t) is the mapping function;
the unique code II is obtained by processing the unique code SN2=f2(SN) wherein SN is a unique code, SN2Is a unique code II, f2(SN) is a mapping function.
5. The automobile motor controller program safety loading system according to claim 4, wherein after receiving the burning application of the burning upper computer, the controller reads the current self-increment code k (t-1) from the FLASH, generates the current self-increment code according to the formula of k (t) = k (t-1) + A (random), and writes the current self-increment code k (t) into the designated area of the FLASH along with a large number of random numbers; according to formula k2(t) = f (k (t)) generated self-increasing code ii; generating random number B (random), reading unique code SN, and obtaining formula SN2=f2(SN) generating a unique code II; finally, a 128-bit key and a 64-bit seed are assembled, wherein the 128-bit key consists of SN + k (t) + fixed data, and the 64-bit seed consists of SN2+ k2(t) + B (random).
6. A safe loading method for an automobile motor controller program is characterized by comprising the following steps:
step 1: the upper burning computer sends out a burning application, the motor controller interacts according to the safety verification logic after receiving the application, and if the handshake fails, the upgrading is abandoned; if the handshake is successful, the upper burning computer encrypts the target program in batches and transmits the encrypted target program to the motor controller;
step 2: loading logic in the motor controller for processing, and if the data frame is analyzed correctly, encrypting and storing the data frame into FLASH; and if the analysis fails, requesting the upper computer to retransmit.
7. The automobile motor controller program safe loading method according to claim 6, characterized in that in step 1, after the burning upper computer initiates the burning application, firstly, the burning upper computer performs safety verification with the motor controller through a preset application scene B, after the safety verification is passed, burning operation is performed, then, a burning target program is read and analyzed, the target program is divided into a plurality of fragments with fixed length of 128 bits, and target program verification is calculated according to a preset application scene BC; only one fragment is sent each time, before sending, the fragment data is encrypted according to a preset application scene BA, then the fragment data is assembled into a complete data frame which accords with loading logic, and the complete data frame is checked and calculated according to a preset application scene BB; the current segment is sent to check the complete data frame and the data frame, and the motor controller is waited to reply after the sending is finished; if the reply is successful, the next fragment is sent; if the reply fails, triggering the current segment to send again; after all the fragments are sent, carrying out BC verification on a preset application scene, and after the motor controller replies that the verification is successful, completing the burning; if the reply fails, whether the burning application is triggered again is prompted.
8. The automobile motor controller program safe loading method according to claim 7, characterized in that in step 2, after receiving a burning application for burning an upper computer, the motor controller firstly generates a 128-bit key and 64-bit seeds, and then performs safety verification according to a preset application scene B; if the verification is passed, entering a fragment frame data receiving waiting state; if the verification fails, clearing the related data and exiting the upgrade; during the normal upgrading process, after the current fragment frame data is received, judging whether the current fragment frame data is a preset application scene BC check frame, if not, checking the current frame data according to a preset application scene BB; if the frame is the last frame, checking all application data according to a preset application scene BC; if the BB check of the preset application scene does not pass, requesting the burning upper computer to retransmit the current segment frame; the verification is passed, data decryption is carried out according to a preset application scene BA, the data is encrypted according to a preset application scene A, then the data is stored in a designated position of the FLASH, the processing of the current fragment frame is finished, and the next fragment frame data is continuously waited; if the preset application scene BC is not checked, clearing the current cache data, and quitting the burning, wherein the burning fails; and if the verification is passed, the burning request is processed, and the corresponding flag bit is set to exit the burning.
9. The method for safely loading the program of the motor controller of the automobile according to claim 8, wherein the application scenario a: the method comprises the steps that a key with the total length of 128 bits is formed by adopting a unique code and a self-increment code and other fixed elements, and is used for encryption when the key is burnt into an internal FLASH of a chip for storage, and a preset encryption algorithm A is adopted;
the application scenario B: adopting a 64-bit seed consisting of a unique code II, an incremental code II and a random number for safety verification before program loading, and adopting a preset verification docking algorithm A and a preset verification docking algorithm B;
the application scenario BA: the unique code II and the random number are used for encrypting application data in single transmission data in the program loading process, and a preset encryption algorithm B is adopted;
the application scene BB: the unique code II and the self-adding code II are used for overall verification of single transmission data, and a preset data verification algorithm A is adopted;
application scenario BC: the self-adding code II is used for checking the integrity of all transmission data in the loading process, and a preset data checking algorithm B is adopted;
the self-increment code is stored in a motor controller FALSH, the self-increment code is assigned before being subjected to secondary burning, the assignment result is random, and the following formula k (t) = k (t-1) + A (random) is followed, wherein k (t) is the current burning time value of the self-increment code, k (t-1) is the last burning time value of the self-increment code, and A (random) is a random integer and ranges from 1 to 10;
the self-increment code II is obtained by disguising the self-increment code, and k2(t) = f (k (t)), wherein k is2(t) is the current order of the self-increment code II, and f (k) (t) is the mapping function;
the unique code II is obtained by processing the unique code SN2=f2(SN) wherein SN is a unique code, SN2Is a unique code II, f2(SN) is a mapping function.
10. The automobile motor controller program safety loading method according to claim 9, wherein in step 2, after receiving the burning application of the burning upper computer, the controller reads the current self-increment code k (t-1) from the FLASH, generates the current self-increment code according to the formula of k (t) = k (t-1) + a (random), and writes the current self-increment code k (t) into the designated area of the FLASH along with a large number of random numbers; according to formula k2(t) = f (k (t)) generated self-increasing code ii; generating random number B (random), reading unique code SN, and obtaining formula SN2=f2(SN) generating a unique code II; finally, a 128-bit key and a 64-bit seed are assembled, wherein the 128-bit key consists of SN + k (t) + fixed data, and the 64-bit seed consists of SN2+ k2(t) + B (random).
CN202010624439.7A 2020-07-02 2020-07-02 System and method for safely loading program of automobile motor controller Active CN111814139B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010624439.7A CN111814139B (en) 2020-07-02 2020-07-02 System and method for safely loading program of automobile motor controller

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010624439.7A CN111814139B (en) 2020-07-02 2020-07-02 System and method for safely loading program of automobile motor controller

Publications (2)

Publication Number Publication Date
CN111814139A true CN111814139A (en) 2020-10-23
CN111814139B CN111814139B (en) 2023-05-09

Family

ID=72855972

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010624439.7A Active CN111814139B (en) 2020-07-02 2020-07-02 System and method for safely loading program of automobile motor controller

Country Status (1)

Country Link
CN (1) CN111814139B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112965726A (en) * 2021-02-03 2021-06-15 深圳市法拉第电驱动有限公司 Embedded program burning method and system of chip
CN113806774A (en) * 2021-09-15 2021-12-17 惠州市德赛电池有限公司 Encryption method, decryption method and system

Citations (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102280133A (en) * 2011-08-16 2011-12-14 杭州晟元芯片技术有限公司 Anti-interception code encryption burning method
US20130318357A1 (en) * 2011-02-11 2013-11-28 Siemens Health Care Diagnostics Inc. System and Method for Secure Software Update
CN104765632A (en) * 2015-04-15 2015-07-08 南京汽车集团有限公司 BootLoader management method
CN105069350A (en) * 2015-08-24 2015-11-18 上海繁易电子科技有限公司 Encryption method and apparatus for embedded operating system
CN105302612A (en) * 2015-11-18 2016-02-03 西南技术物理研究所 Method for quick upgrading of software program of single-chip microcomputer in electronic system case
CN106407814A (en) * 2016-08-31 2017-02-15 福建联迪商用设备有限公司 Burnt chip mirror image signature verification method and terminal and burnt chip mirror image burning method and system
CN107193567A (en) * 2017-05-25 2017-09-22 湖北航天技术研究院总体设计所 Missile-borne dsp software clean boot generation patterns and its realize system, system preparation method
CN108279910A (en) * 2018-01-17 2018-07-13 珠海市杰理科技股份有限公司 Program code programming method, apparatus, computer equipment and storage medium
CN108762791A (en) * 2018-06-07 2018-11-06 深圳市元征科技股份有限公司 Firmware upgrade method and device
CN109800565A (en) * 2017-11-16 2019-05-24 深圳市优必选科技有限公司 Method for upgrading software and terminal device
CN109828763A (en) * 2018-12-24 2019-05-31 惠州市蓝微电子有限公司 A kind of method of closed loop burning calibration
CN109918933A (en) * 2019-03-15 2019-06-21 广州市星翼电子科技有限公司 A method of prevent stolen listen of burning data from stealing by encryption programming port
CN110351314A (en) * 2018-04-03 2019-10-18 厦门雅迅网络股份有限公司 The remote upgrade method and computer readable storage medium of automobile controller
CN110414216A (en) * 2019-07-29 2019-11-05 武汉光庭信息技术股份有限公司 A kind of method for secure loading and system of vehicle-mounted T-Box program code
CN110829903A (en) * 2019-11-06 2020-02-21 深圳市法拉第电驱动有限公司 Control system and method for suppressing current harmonic waves of permanent magnet synchronous motor
CN110909366A (en) * 2018-09-18 2020-03-24 珠海格力电器股份有限公司 Anti-flashing method and system based on software end encryption

Patent Citations (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130318357A1 (en) * 2011-02-11 2013-11-28 Siemens Health Care Diagnostics Inc. System and Method for Secure Software Update
CN102280133A (en) * 2011-08-16 2011-12-14 杭州晟元芯片技术有限公司 Anti-interception code encryption burning method
CN104765632A (en) * 2015-04-15 2015-07-08 南京汽车集团有限公司 BootLoader management method
CN105069350A (en) * 2015-08-24 2015-11-18 上海繁易电子科技有限公司 Encryption method and apparatus for embedded operating system
CN105302612A (en) * 2015-11-18 2016-02-03 西南技术物理研究所 Method for quick upgrading of software program of single-chip microcomputer in electronic system case
CN106407814A (en) * 2016-08-31 2017-02-15 福建联迪商用设备有限公司 Burnt chip mirror image signature verification method and terminal and burnt chip mirror image burning method and system
CN107193567A (en) * 2017-05-25 2017-09-22 湖北航天技术研究院总体设计所 Missile-borne dsp software clean boot generation patterns and its realize system, system preparation method
CN109800565A (en) * 2017-11-16 2019-05-24 深圳市优必选科技有限公司 Method for upgrading software and terminal device
CN108279910A (en) * 2018-01-17 2018-07-13 珠海市杰理科技股份有限公司 Program code programming method, apparatus, computer equipment and storage medium
CN110351314A (en) * 2018-04-03 2019-10-18 厦门雅迅网络股份有限公司 The remote upgrade method and computer readable storage medium of automobile controller
CN108762791A (en) * 2018-06-07 2018-11-06 深圳市元征科技股份有限公司 Firmware upgrade method and device
CN110909366A (en) * 2018-09-18 2020-03-24 珠海格力电器股份有限公司 Anti-flashing method and system based on software end encryption
CN109828763A (en) * 2018-12-24 2019-05-31 惠州市蓝微电子有限公司 A kind of method of closed loop burning calibration
CN109918933A (en) * 2019-03-15 2019-06-21 广州市星翼电子科技有限公司 A method of prevent stolen listen of burning data from stealing by encryption programming port
CN110414216A (en) * 2019-07-29 2019-11-05 武汉光庭信息技术股份有限公司 A kind of method for secure loading and system of vehicle-mounted T-Box program code
CN110829903A (en) * 2019-11-06 2020-02-21 深圳市法拉第电驱动有限公司 Control system and method for suppressing current harmonic waves of permanent magnet synchronous motor

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
李猛: "无纸记录仪验证平台引导加载程序的设计与实现", 《无纸记录仪验证平台引导加载程序的设计与实现 *
黄诚: "基于OR1200的SoC无线程序加载系统设计与验证", 《基于OR1200的SOC无线程序加载系统设计与验证》 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112965726A (en) * 2021-02-03 2021-06-15 深圳市法拉第电驱动有限公司 Embedded program burning method and system of chip
CN112965726B (en) * 2021-02-03 2023-12-26 深圳市法拉第电驱动有限公司 Method and system for burning embedded program of chip
CN113806774A (en) * 2021-09-15 2021-12-17 惠州市德赛电池有限公司 Encryption method, decryption method and system
CN113806774B (en) * 2021-09-15 2024-02-13 惠州市德赛电池有限公司 Encryption method, decryption method and system

Also Published As

Publication number Publication date
CN111814139B (en) 2023-05-09

Similar Documents

Publication Publication Date Title
CN102426640B (en) For the fail-safe software product identifiers of Product Validation and activation
CN107566407B (en) Bidirectional authentication data secure transmission and storage method based on USBKey
US10013365B2 (en) Method for programming a control unit of a motor vehicle
JP4598857B2 (en) IC card and access control method thereof
US11791984B2 (en) Local ledger block chain for secure updates
CN112231647A (en) Software authorization verification method
US11409872B2 (en) Confirming a version of firmware loaded to a processor-based device
US10423401B2 (en) Method for updating software of a control device of a vehicle
CN113179240B (en) Key protection method, device, equipment and storage medium
CN111814139B (en) System and method for safely loading program of automobile motor controller
CN111475824A (en) Data access method, device, equipment and storage medium
US11397814B2 (en) Local ledger block chain for secure electronic control unit updates
CN109684789B (en) Method and device for software security protection in embedded product and computer equipment
US7353386B2 (en) Method and device for authenticating digital data by means of an authentication extension module
CN108199827A (en) Client code integrity checking method, storage medium, electronic equipment and system
KR20230122003A (en) Storing secret data on the blockchain
CN115514492A (en) BIOS firmware verification method, device, server, storage medium and program product
CN105357012A (en) Authentication method for mobile application not depending on local private key
CN113378206A (en) Software authorization encryption method, software authorization decryption method, software authorization encryption device, software authorization decryption device and software authorization decryption system
CN111385083B (en) Key protection method and key protection system
CN112270010B (en) Remote safe loading method for executable file
CN114637985A (en) Android application login counterfeiting identification method based on multi-environment parameters
TW200841212A (en) Systems and methods for protection of data integrity of updatable data against unauthorized modification
CN113595731A (en) Protection method and device for shared link and computer readable storage medium
CN107085693A (en) A kind of data preventing decryption method in big data environment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant