CN112836230B - Mirror image encryption method and system in industrial router - Google Patents
Mirror image encryption method and system in industrial router Download PDFInfo
- Publication number
- CN112836230B CN112836230B CN202110229263.XA CN202110229263A CN112836230B CN 112836230 B CN112836230 B CN 112836230B CN 202110229263 A CN202110229263 A CN 202110229263A CN 112836230 B CN112836230 B CN 112836230B
- Authority
- CN
- China
- Prior art keywords
- industrial router
- information
- preset
- level
- verification information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 34
- 238000012795 verification Methods 0.000 claims abstract description 50
- 238000010586 diagram Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000002411 adverse Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000007789 sealing Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/72—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/61—Installation
- G06F8/63—Image based installation; Cloning; Build to order
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/70—Software maintenance or management
- G06F8/71—Version control; Configuration management
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Mathematical Physics (AREA)
- Stored Programmes (AREA)
Abstract
The invention discloses a mirror image encryption method and a system in an industrial router, which carry out encryption protection in a mode of cooperation of software and hardware, wherein the method comprises the following steps: step 1: when the mirror image is generated: in terms of hardware, presetting the starting level of a plurality of designated input/output pins to be high level or low level; in terms of software, adding corresponding preset verification information in the head of an image file in a file writing mode; step 2: starting an industrial router system, and verifying the level values of a plurality of appointed input/output pins after starting through a micro control unit; step 3: and carrying out image upgrading, and verifying verification information preset in the head of the image file to be upgraded through software.
Description
Technical Field
The invention relates to the field of industrial router encryption, in particular to a method and a system for encrypting an image in an industrial router, and more particularly relates to a method and a system for encrypting an image applied to remote upgrading of an industrial router.
Background
The industrial router is applied to the industrial field, can be used in a severe and complex factory environment, and is an Internet of things terminal for data acquisition by directly connecting industrial machine equipment. The industrial router can enable a manager to easily grasp production and operation conditions at different times and regions through real-time and massive data transmission.
The mirror image of the industrial router is usually operated by an SD card (Secure Digital Memory Card/SD card), and when the mirror image is operated, the mirror image file is firstly burnt in the SD card, and then the SD card is put into the industrial router and started. However, by using the SD card to perform mirroring, other people can copy the hardware and copy the mirror image file for use, which causes the adverse consequences of disclosure of the mirror image content, loss of related technology of the enterprise, illegal stealing of labor results by others, and the like, so that the mirror image needs to be encrypted.
Currently, encryption methods commonly adopted are methods of thoroughly and physically sealing an industrial router, fixedly programming a mirror image in a flash memory, and the like. However, for the industrial router, the methods have the problems of poor flexibility, difficult upgrading and debugging and the like, and cannot meet the application requirements of the industrial router in various industrial scenes.
Disclosure of Invention
In order to solve the problems, the invention provides a method and a system for encrypting the mirror image in the industrial router, which aim at the characteristics of the industrial router, and protect the mirror image of the router from being stolen by others through a software and hardware collaborative encryption method, thereby not only protecting the safety of codes, but also meeting the reliability requirement in industrial scenes.
In order to achieve the above objective, the present invention provides a method for encrypting a mirror image in an industrial router, which performs encryption protection in a software and hardware cooperative manner, comprising the following steps:
Step 1: when the mirror image is generated:
in terms of hardware, presetting the starting level of a plurality of designated input/output pins to be high level or low level;
In terms of software, adding corresponding preset verification information in the head of an image file in a file writing mode;
Step 2: starting an industrial router system, and verifying the level values of a plurality of appointed input/output pins after starting through a micro control unit;
step 3: and carrying out image upgrading, and verifying verification information preset in the head of the image file to be upgraded through software.
In an embodiment of the present invention, the preset verification information in step 1 includes: version information, hardware information, company or unit information, and key information.
In an embodiment of the present invention, the preset verification information in step 1 is set in a fixed byte.
In one embodiment of the present invention, the specific process of verifying the level values after the start of the plurality of designated input/output pins by the micro control unit in step 2 is as follows:
Step 201: after the industrial router system is started, each input/output pin is automatically electrified;
step 202: the micro control unit detects the level value of each appointed input/output pin after power-on:
If the level value of each appointed input/output pin is detected to be the same as the preset level, the industrial router system is started normally;
if the level value of any appointed input/output pin is detected to be different from the preset level, entering the next step;
step 203: the micro control unit communicates with a reset pin of the industrial router, controls the industrial router to restart, and repeats step 202.
In an embodiment of the present invention, the specific process of verifying the verification information preset at the header of the image file to be upgraded in the software verification in the step3 is:
Step 301: acquiring verification information preset in the head of an image file to be upgraded in an industrial router;
Step 302: detecting whether verification information preset at the head of an image file to be upgraded accords with:
if the verification information meets the upgrading requirement, entering the next step;
if the verification information does not meet the upgrading requirement, restarting the industrial router and detecting the preset verification information of the head of the image file to be upgraded again;
Step 303: and replacing the image file upgrade of the industrial router with a new image file, and waiting for the image upgrade to be completed.
In order to achieve the above object, the present invention further provides a mirror image encryption system in an industrial router, for implementing the above encryption method, which includes:
the hardware encryption module is used for verifying the level value of the industrial router after the appointed input/output pin is electrified;
and the software encryption module is used for verifying verification information preset in the head of the industrial router image file.
In an embodiment of the invention, the hardware encryption module includes a micro control unit.
In an embodiment of the invention, the software encryption module includes header verification information.
In an embodiment of the present invention, the header verification information includes: version information, hardware information, company or unit information, and key information.
According to the image encryption method and system in the industrial router, the images in the industrial router are encrypted and protected in a software-hardware cooperative mode, so that the problems of low image encryption protection efficiency and weak safety of the industrial router system in the prior art are solved, the risk of technology theft is reduced, and the safety and reliability of the system are improved.
Drawings
In order to more clearly illustrate the embodiments of the invention or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, it being obvious that the drawings in the following description are only some embodiments of the invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of an embodiment of the present invention;
FIG. 2 is a flow chart of verifying the GPIO level in an embodiment of the present invention;
FIG. 3 is a flow chart of verifying header verification information in an embodiment of the invention;
FIG. 4 is a system architecture diagram of an embodiment of the present invention.
Reference numerals illustrate: 10-a hardware encryption module; 20-a software encryption module; 30-an industrial router; 11-a micro control unit; 21-preset authentication information.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without any inventive effort, are intended to be within the scope of the invention.
Example 1
Fig. 1 is a flowchart of an embodiment of the present invention, as shown in fig. 1, the embodiment of the present invention provides a method for encrypting a mirror image in an industrial router, which performs encryption protection in a manner of cooperation of software and hardware, and includes the following steps:
Step 1: when the mirror image is generated:
in terms of hardware, presetting the starting level of a plurality of designated input/output pins (GPIOs) to be a high level or a low level;
In terms of software, adding corresponding preset verification information in the head of an image file in a file writing mode;
In this embodiment, the preset verification information in step 1 includes: version information (version), hardware information (hard_info), company or unit information (info), key information, and the like.
In this embodiment, the preset verification information in step 1 is set in a fixed byte, so as to facilitate verification execution.
Step 2: starting an industrial router system, and verifying the level values of a plurality of designated input/output (GPIO) pins after starting through a micro control unit (Microcontroller Unit, MCU for short);
Fig. 2 is a flowchart of detecting a GPIO level according to an embodiment of the present invention, as shown in fig. 2, in this embodiment, a specific process of verifying a level value after a plurality of designated input/output (GPIO) pins are started by a Micro Control Unit (MCU) in step2 is as follows:
step 201: after the industrial router system is started, each input/output (GPIO) pin is automatically electrified;
step 202: a Micro Control Unit (MCU) detects the level value of each appointed input/output (GPIO) pin after power-on:
if the level value of each designated input/output (GPIO) pin is detected to be the same as a preset level, normally starting the industrial router system;
if the level value of any appointed input/output (GPIO) pin is detected to be different from the preset level, entering the next step;
Step 203: a Micro Control Unit (MCU) communicates with a reset pin of the industrial router, controls the industrial router to restart, and repeats step 202.
Step 3: and carrying out image upgrading, and verifying verification information preset in the head of the image file to be upgraded through software.
Fig. 3 is a flowchart of verifying header verification information in an embodiment of the present invention, as shown in fig. 3, in this embodiment, a specific process of verifying header preset verification information of an image file to be upgraded by software in step 3 is as follows:
Step 301: acquiring verification information preset in the head of an image file to be upgraded in an industrial router;
Step 302: detecting whether verification information preset at the head of an image file to be upgraded accords with:
if the verification information meets the upgrading requirement, entering the next step;
if the verification information does not meet the upgrading requirement, restarting the industrial router to detect the preset verification information of the head of the image file to be upgraded again;
Step 303: and replacing the image file upgrade of the industrial router with a new image file, and waiting for the image upgrade to be completed.
Example two
Fig. 4 is a system architecture diagram of an embodiment of the present invention, as shown in fig. 4, where an embodiment of the present invention provides a mirror image encryption system in an industrial router, for implementing an encryption method in an embodiment, where the encryption method includes:
The hardware encryption module (10) is used for verifying the level value of the industrial router (30) after the specified input/output (GPIO) pin is electrified;
And the software encryption module (20) is used for verifying verification information preset in the head of the mirror image file of the industrial router (30).
In this embodiment, the hardware encryption module (10) includes a Micro Control Unit (MCU). The hardware encryption module (10) verifies the level value of the industrial router (30) after the appointed input/output (GPIO) pin is powered on through a Micro Control Unit (MCU).
In this embodiment, wherein the software encryption module (20) includes header authentication information, the header authentication information includes: version information (version), hardware information (hard_info), company or unit information (info), key information, and the like. The verification of the preset verification information of the mirror image header of the industrial router (30) by the software encryption module (20) is realized through the comparison verification of the header verification information.
Example III
In the present embodiment, a total of 6 input/output (GPIO) pins are specified, and a specific procedure for encrypting hardware based on these 6 pins will be described below:
The first step: when the mirror image is generated, the starting level of 6 appointed input/output pins (GPIO) is preset to be low-high-low-high in sequence, namely, a 0-1 sequence is used for expressing 011011;
And a second step of: starting an industrial router to electrify a system, and obtaining high or low level values (1 or 0) given by the system after the 6 specified input/output pins (GPIO) are electrified, so that the high or low level of each input/output pin (GPIO) is different;
and a third step of: the Micro Control Unit (MCU) sequentially detects the level values of the 6 appointed input/output pins (GPIO) after power-on to obtain a level sequence;
Fourth step: comparing whether the obtained level sequence is consistent with a preset low-high-low-high (011011), and if the comparison result is consistent, normally starting the industrial router system; if the comparison result is inconsistent, the Micro Control Unit (MCU) is communicated with a reset pin of the industrial router, controls the industrial router to restart, and detects the level value of the 6 designated input/output pins (GPIO) after power-on again.
Thus completing the process of the industrial router mirror image hardware encryption protection.
In this embodiment, the preset verification information is version information (version), hardware information (hard_info) and company or unit information (info), and the specific process of encrypting the software according to these verification information will be described below:
The first step: when generating an image, writing version information (version), hardware information (hard_info) and company or unit information (info) into the head of an image file;
And a second step of: when an image upgrade is performed, detecting whether the three verification information accords with the known verification information:
If the verification information is consistent, the image file upgrading of the industrial router is replaced by a new image file, and the upgrading process is completed;
if the verification information does not accord with the preset verification information, restarting the industrial router to detect the preset verification information of the head of the image file to be upgraded again.
Thereby completing the process of industrial router mirror software protection.
According to the image encryption method and system in the industrial router, the images in the industrial router are encrypted and protected in a software-hardware cooperative mode, so that the problems of low image encryption protection efficiency and weak safety of the industrial router system in the prior art are solved, the risk of technology theft is reduced, and the safety and reliability of the system are improved.
Those of ordinary skill in the art will appreciate that: the drawing is a schematic diagram of one embodiment and the modules or flows in the drawing are not necessarily required to practice the invention.
Those of ordinary skill in the art will appreciate that: the modules in the apparatus of the embodiments may be distributed in the apparatus of the embodiments according to the description of the embodiments, or may be located in one or more apparatuses different from the present embodiments with corresponding changes. The modules of the above embodiments may be combined into one module, or may be further split into a plurality of sub-modules.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and are not limiting; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some of the technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.
Claims (6)
1. The image encryption method in the industrial router is characterized by carrying out encryption protection in a software-hardware cooperative mode, and comprises the following steps of:
Step 1: when the mirror image is generated:
in terms of hardware, presetting the starting level of a plurality of appointed input/output pins to be high level or low level in sequence to form a sequence;
In terms of software, adding corresponding preset verification information to the head of the mirror image file in a file writing mode, wherein the preset verification information comprises the following steps: version information, hardware information, company or unit information, and key information;
Step 2: the industrial router system is started, and the level values of a plurality of appointed input/output pins after being started are verified through the micro control unit, and the specific process is as follows:
Step 201: after the industrial router system is started, each input/output pin is automatically electrified;
step 202: the micro control unit sequentially detects the level value of each appointed input/output pin after power-on to obtain a level sequence, and compares the level sequence with the sequence in the step 1:
If the level value of each appointed input/output pin is detected to be the same as the preset level, the industrial router system is started normally;
if the level value of any appointed input/output pin is detected to be different from the preset level, entering the next step;
step 203: the micro control unit is communicated with a reset pin of the industrial router, controls the industrial router to restart, and repeats step 202;
thus, the process of the industrial router mirror image hardware encryption protection is completed;
Step 3: when the image is upgraded, verifying the verification information preset at the head of the image file to be upgraded through software, wherein the specific process is as follows:
Step 301: acquiring verification information preset in the head of an image file to be upgraded in an industrial router;
Step 302: detecting whether verification information preset at the head of an image file to be upgraded accords with:
if the verification information meets the upgrading requirement, entering the next step;
if the verification information does not meet the upgrading requirement, restarting the industrial router and detecting the preset verification information of the head of the image file to be upgraded again;
step 303: the image file upgrading of the industrial router is replaced by a new image file, and the image upgrading is waited to be completed;
Thereby completing the process of industrial router mirror software protection.
2. The encryption method according to claim 1, wherein the preset authentication information in step 1 is set in a fixed byte.
3. A mirrored encryption system in an industrial router for performing the encryption method of any one of claims 1-2, comprising:
the hardware encryption module is used for verifying the level value of the industrial router after the appointed input/output pin is electrified;
and the software encryption module is used for verifying verification information preset in the head of the industrial router image file.
4. An encryption system according to claim 3, wherein the hardware encryption module comprises a micro control unit.
5. A cryptographic system according to claim 3, wherein the software cryptographic module includes header authentication information.
6. The encryption system of claim 5, wherein the header authentication information comprises: version information, hardware information, company or unit information, and key information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110229263.XA CN112836230B (en) | 2021-03-02 | 2021-03-02 | Mirror image encryption method and system in industrial router |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110229263.XA CN112836230B (en) | 2021-03-02 | 2021-03-02 | Mirror image encryption method and system in industrial router |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112836230A CN112836230A (en) | 2021-05-25 |
| CN112836230B true CN112836230B (en) | 2024-05-03 |
Family
ID=75934296
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110229263.XA Active CN112836230B (en) | 2021-03-02 | 2021-03-02 | Mirror image encryption method and system in industrial router |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112836230B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104298532A (en) * | 2014-11-04 | 2015-01-21 | 上海斐讯数据通信技术有限公司 | Upgrading method and upgrading system for software |
| CN108108174A (en) * | 2016-11-24 | 2018-06-01 | 青岛海信宽带多媒体技术有限公司 | Optical module and its method of firmware upgrade |
| CN108376077A (en) * | 2018-02-11 | 2018-08-07 | 广东美的厨房电器制造有限公司 | The upgrade method and device of control unit |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10103882B2 (en) * | 2016-03-03 | 2018-10-16 | Dell Products, L.P. | Encryption key lifecycle management |
-
2021
- 2021-03-02 CN CN202110229263.XA patent/CN112836230B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104298532A (en) * | 2014-11-04 | 2015-01-21 | 上海斐讯数据通信技术有限公司 | Upgrading method and upgrading system for software |
| CN108108174A (en) * | 2016-11-24 | 2018-06-01 | 青岛海信宽带多媒体技术有限公司 | Optical module and its method of firmware upgrade |
| CN108376077A (en) * | 2018-02-11 | 2018-08-07 | 广东美的厨房电器制造有限公司 | The upgrade method and device of control unit |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112836230A (en) | 2021-05-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| DE60202605T2 (en) | METHOD FOR PROTECTING AN ELECTRONIC DEVICE, SAFETY SYSTEM AND ELECTRONIC DEVICE | |
| US20230020278A1 (en) | Secure boot assist for devices, and related systems, methods and devices | |
| CN110688660B (en) | Method and device for safely starting terminal and storage medium | |
| US11443043B2 (en) | Automatic verification method and system | |
| EP3929780A1 (en) | Communication method for consumables chip, consumables chip, and consumable | |
| CN111538517A (en) | Server firmware upgrading method and system, electronic equipment and storage medium | |
| CN111143854A (en) | Device, system and method for starting chip secure download | |
| WO2017076051A1 (en) | Method and apparatus for acquiring superuser permission | |
| WO2022028057A1 (en) | Tpm-based apparatus and method for multi-layer protection of server asset information | |
| CN109120584B (en) | Terminal security protection method and system based on UEFI and WinPE | |
| CN112148314A (en) | Mirror image verification method, device, equipment and storage medium of embedded system | |
| CN114329479B (en) | RISC-V architecture-oriented start verification method | |
| CN112836230B (en) | Mirror image encryption method and system in industrial router | |
| CN112632481A (en) | Method for authorizing software, terminal device and storage medium | |
| WO2023098671A1 (en) | Chip licensing and verification method and apparatus, and electronic device | |
| CN112585608A (en) | Embedded equipment, legality identification method, controller and encryption chip | |
| CN114925336A (en) | Method and system for activating software | |
| CN107491669B (en) | Super user permission obtaining method and device | |
| CN112612721B (en) | Method, system, equipment and storage medium for testing terminal fingerprint identification function | |
| CN112165706B (en) | Equipment connection management method and device and Bluetooth equipment | |
| CN110781527B (en) | Control register protection method and device | |
| CN111125710B (en) | Information processing method and device, electronic equipment and storage medium | |
| CN114691397A (en) | Disk repairing method and device, electronic equipment and storage medium | |
| CN111600732B (en) | Method and device for automatically activating and adding front-end equipment by front-end management equipment | |
| CN114650175B (en) | Verification method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: Room 711c, 7 / F, block a, building 1, yard 19, Ronghua Middle Road, Beijing Economic and Technological Development Zone, Daxing District, Beijing 102600 Applicant after: Beijing Zhongke Flux Technology Co.,Ltd. Address before: Room 711c, 7 / F, block a, building 1, yard 19, Ronghua Middle Road, Beijing Economic and Technological Development Zone, Daxing District, Beijing 102600 Applicant before: Beijing Ruixin high throughput technology Co.,Ltd. |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |