CN113468559B - Firmware verification method and system - Google Patents
Firmware verification method and system Download PDFInfo
- Publication number
- CN113468559B CN113468559B CN202110677552.6A CN202110677552A CN113468559B CN 113468559 B CN113468559 B CN 113468559B CN 202110677552 A CN202110677552 A CN 202110677552A CN 113468559 B CN113468559 B CN 113468559B
- Authority
- CN
- China
- Prior art keywords
- module
- trusted
- firmware file
- verification
- firmware
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000012795 verification Methods 0.000 title claims abstract description 115
- 238000000034 method Methods 0.000 title claims abstract description 24
- 238000007796 conventional method Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000003014 reinforcing effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
Abstract
The application relates to a firmware verification method and a firmware verification system. A firmware verification system, comprising: the verification upper computer comprises a compiling module and a first trusted module, wherein the compiling module is used for acquiring a firmware file, and the first trusted module is used for carrying out trusted signature on the firmware file; the verification device comprises a gateway module and a second trusted module, wherein the gateway module is connected with the first trusted module and used for receiving and forwarding the firmware file after the trusted signature, the second trusted module is connected with the gateway module and used for carrying out trusted authentication on the firmware file, the second trusted module controls the gateway module to send the firmware file when the trusted authentication is passed, and controls the gateway module not to send the firmware file when the trusted authentication is not passed. The safety of the industrial control system can be effectively improved.
Description
Technical Field
The present disclosure relates to the field of firmware verification technologies, and in particular, to a firmware verification method and system.
Background
With the development of network technology, the safety requirements for industrial control systems are gradually increased. However, programmable logic controllers (Programmable Logic Controller, PLC) in some industrial control systems today suffer from hardware design limitations and cannot directly obtain trusted verification capability by upgrading critical components.
Especially when the PLC is faced with firmware update, the PLC firmware information data sent by the upper system can only be judged by checking the integrity of the data, so that the information security protection capability is weaker, the security risk of the industrial control system is higher, and the data and information resources of the industrial control system are possibly exposed.
Disclosure of Invention
In view of the above, it is desirable to provide a firmware verification method and system capable of improving the safety of an industrial control system.
A firmware verification system, comprising:
the verification upper computer comprises a compiling module and a first trusted module, wherein the compiling module is used for acquiring a firmware file, and the first trusted module is used for carrying out trusted signature on the firmware file;
the verification device comprises a gateway module and a second trusted module, wherein the gateway module is connected with the first trusted module and is used for receiving and forwarding a firmware file after trusted signature, the second trusted module is connected with the gateway module and is used for carrying out trusted authentication on the firmware file, the second trusted module controls the gateway module to send the firmware file when the trusted authentication is passed, and controls the gateway module not to send the firmware file when the trusted authentication is not passed.
In one embodiment, the second trusted module further reports the result of the trusted authentication to the verification host when the trusted authentication fails.
In one of the embodiments of the present invention,
the verification upper computer further comprises an encryption module, wherein the encryption module is connected with the compiling module and the first trusted module and used for encrypting the firmware file and sending the encrypted firmware file to the first trusted module;
the verification device further comprises a decryption module, which is connected with the second trusted module and the gateway module and is used for decrypting the firmware file and sending the decrypted firmware file to the gateway module when the trusted authentication passes.
In one embodiment, the encryption module further generates a public key and a private key of the verification upper computer, signs and encrypts through the private key, and the decryption module verifies and decrypts through the public key.
In one embodiment, the verification device further includes an integrity verification module, where the integrity verification module is connected to the second trusted module and the gateway module, and is configured to perform integrity verification on the firmware file when the trusted authentication is passed, and when the integrity verification is passed, control the gateway module to send the firmware file, and when the integrity verification is not passed, control the gateway module not to send the firmware file.
A firmware verification method, comprising:
the method comprises the steps that a firmware file after trusted signing is obtained through a gateway module;
performing trusted authentication on the firmware file according to the trusted signature;
when the trusted authentication is passed, controlling the gateway module to send the firmware file;
and when the trusted authentication is not passed, controlling the gateway module not to send the firmware file.
In one of the embodiments of the present invention,
and when the trusted authentication fails, reporting the result of the trusted authentication to the verification upper computer.
In one of the embodiments of the present invention,
decrypting the firmware file when the trusted authentication passes;
and sending the decrypted firmware file to the gateway module.
In one embodiment, said decrypting said firmware file when said trusted authentication passes further comprises:
when the trusted authentication passes, the public key of the upper computer is checked to perform signature removal;
decrypting the firmware file by checking the public key of the upper computer.
In one embodiment, when the trusted authentication passes, controlling the gateway module to send the firmware file includes:
when the trusted authentication is passed, carrying out integrity verification on the firmware file;
when the integrity verification is passed, controlling the gateway module to send the firmware file;
when the integrity verification fails, controlling the gateway module not to send the firmware file
According to the firmware verification method and system, the verification equipment is additionally arranged between the verification upper computer and the PLC, and the verification equipment can realize the safety verification of the PLC firmware in the form of the gateway, so that the PLC in the industrial control system does not need to be updated and modified, the safety verification can be effectively carried out, and the modification difficulty of the safety verification service system in the industrial control system is reduced.
In addition, in the present embodiment, the verification upper computer 100 is provided with the first trusted module 120, and the verification device 200 is provided with the second trusted module 220, so that a complete trusted chain is constructed. Therefore, the embodiment can ensure the source credibility of the firmware file, further prevent receiving the firmware file sent by the unspecified upper computer, and further ensure the security of the firmware file.
Drawings
In order to more clearly illustrate the technical solutions of embodiments or conventional techniques of the present application, the drawings required for the descriptions of the embodiments or conventional techniques will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present application, and other drawings may be obtained according to these drawings without inventive effort for a person of ordinary skill in the art.
FIG. 1 is a block diagram of a firmware verification system in one embodiment;
FIG. 2 is a schematic diagram of a trusted authentication process for verifying a host computer in one embodiment;
FIG. 3 is a flow chart of a firmware verification method in one embodiment;
FIG. 4 is a flowchart of a firmware verification method according to another embodiment.
Detailed Description
In order to facilitate an understanding of the present application, a more complete description of the present application will now be provided with reference to the relevant figures. Examples of the present application are given in the accompanying drawings. This application may, however, be embodied in many different forms and is not limited to the embodiments described herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. The terminology used herein in the description of the application is for the purpose of describing particular embodiments only and is not intended to be limiting of the application.
It will be understood that the terms "first," "second," and the like, as used herein, may be used to describe various elements, but these elements are not limited by these terms. These terms are only used to distinguish one element from another element.
It will be understood that when an element is referred to as being "connected" to another element, it can be directly connected to the other element or be connected to the other element through intervening elements. Further, "connection" in the following embodiments should be understood as "electrical connection", "communication connection", and the like if there is transmission of electrical signals or data between objects to be connected.
As used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms "comprises" and/or "comprising," and/or the like, specify the presence of stated features, integers, steps, operations, elements, components, or groups thereof, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, or groups thereof.
In one embodiment, referring to FIG. 1, a firmware verification system is provided that may be used to securely verify PLC firmware in an industrial control system. It comprises the following steps: the host computer 100 and the verification device 200 are verified.
The verification host 100 includes a compiling module 110 and a first trusted module 120, which may be an industrial control host.
The compiling module 110 may perform file compiling to obtain a firmware file in a format that can be recognized by the PLC firmware. Specifically, the verification upper computer 100 may compile the PLC ladder program through the compiling module 110, thereby obtaining a firmware file in ST format that can be identified by the PLC firmware.
The first trusted module 120 may trusted sign the firmware file. By way of example, the format of the trusted signature for the firmware file may be as shown in the following table:
| file header | Signature length | Signature value | Firmware file |
Of course, other formats may be used to trusted sign the firmware file (e.g., the signature length may be included in the header), which is not limiting in this application.
The verification device 200 comprises a gateway module 210 and a second trusted module 220.
The gateway module 210 is connected to the first trusted module 120, and may further receive the firmware file sent by the first trusted module 120 after performing the trusted signature. Meanwhile, the gateway module 210 has a function of forwarding the firmware file to the PLC firmware.
The second trusted module 220 is connected to the gateway module 210 so that the firmware file can be trusted authenticated. Specifically, the first trusted module 120 and the second trusted module 220 may be in an industrial control system that actually operates, and a complete trusted chain may be constructed. The second trusted module 220 may perform trusted computing on the firmware file that is trusted signed by the first trusted module 120 through the trusted metrics root and may transmit the trusted computing result through the trusted reporting root. The second trusted module 220 may then check the trusted computing result via the trusted storage root to determine whether the source of the firmware file is trusted, i.e., whether the firmware file originated from a check host.
When the trusted storage root checks that the trusted computing result is correct, and thus the source of the firmware file is determined to be trusted, the trusted authentication is passed. At this time, the second trusted module 220 controls the gateway module 210 to transmit the firmware file to the PLC firmware.
Specifically, if the trusted authentication passes, the verification upper computer can store the content of the firmware file. Meanwhile, at this time, the second trusted module 220 controls the gateway module 210 to transmit the firmware file to the PLC firmware of the industrial control lower computer through the Http port.
After receiving the firmware file through the Http port, the lower computer PLC firmware can be converted into a C language program and the like through a compiler and run, so that a binary code executable by the PLC is obtained.
When the trusted storage root checks that the trusted computing result is incorrect, and thus the source of the firmware file is determined to be not trusted, the trusted authentication is failed. At this time, the second trusted module 220 controls the gateway module 210 not to transmit the firmware file to the PLC firmware, thereby ensuring the security of the firmware file.
In the embodiment, the verification device is additionally arranged between the verification upper computer and the PLC, and the verification device can realize the safety verification of the PLC firmware in a gateway mode, so that the PLC in the industrial control system does not need to be upgraded and improved, the safety verification can be effectively carried out, and the improvement difficulty of the safety verification service system in the industrial control system is reduced.
In addition, in the present embodiment, the verification upper computer 100 is provided with the first trusted module 120, and the verification device 200 is provided with the second trusted module 220, so that a complete trusted chain is constructed. Therefore, the embodiment can ensure the source credibility of the firmware file, further prevent receiving the firmware file sent by the unspecified upper computer, and further ensure the security of the firmware file.
In one embodiment, the second trusted module 220 further reports the result of the trusted authentication to the verification host 100 when the trusted authentication fails.
At this time, the verification upper computer 100 can perform security protection measures on the firmware file by receiving the result of the trusted authentication.
In one embodiment, referring to fig. 1, the verification host computer 100 further includes an encryption module 130. The encryption module 130 is connected to the compiling module 110, thereby acquiring the firmware file compiled by the compiling module 110 and encrypting it.
Meanwhile, the encryption module 130 is further connected to the first trusted module 120, so that the encrypted firmware file is transmitted to the first trusted module 120. At this time, the first trusted module 120 performs a trusted signature on the encrypted firmware file.
Meanwhile, in the present embodiment, the verification apparatus 200 further includes a decryption module 230. The decryption module 230 is connected to the second trusted module 220, so that the firmware file encrypted by the encryption module 130 is decrypted when the second trusted module 220 determines that the trusted authentication is passed.
It is understood that, at this time, the second trusted module 220 performs trusted authentication on the firmware file refers to performing trusted authentication on the encrypted firmware file.
At this time, referring to fig. 2, the verification of the trusted authentication procedure of the upper computer may be that the ST format firmware file is compiled according to the PLC ladder program, the ST format firmware file is encrypted, and the encrypted firmware file is trusted and signed.
Meanwhile, the decryption module 230 is further connected to the gateway module 210, so that the decrypted firmware file can be sent to the gateway module when the trusted authentication passes.
In this embodiment, the verification host 100 encrypts the firmware file before performing the trusted signature. Then, after the verification device 200 performs the trusted authentication, the encrypted firmware file is decrypted, so that the firmware file is kept in an encrypted state in the trusted authentication process, and thus the firmware file can be effectively prevented from being stolen.
In one embodiment, the encryption module 130 may also generate a public key and a private key that verify the host computer 100. Specifically, the encryption module 130 may select a gmsl domestic commercial cipher library or the like as a firmware encryption tool to generate a corresponding public key-private key.
At this time, the encryption module 130 may sign by a private key and encrypt the firmware file by the private key. Correspondingly, the decryption module 230 may perform signature authentication by performing signature signing on the private key through the public key, thereby reinforcing security. Meanwhile, the decryption module 230 may decrypt the encrypted firmware file with the public key.
In one embodiment, referring to FIG. 1, the verification device 200 further includes an integrity verification module 240. The integrity verification module 240 is connected to the second trusted module 220, so that the integrity verification of the firmware file can be performed when the second trusted module 220 determines that the trusted authentication is passed.
Specifically, the integrity checking module 240 may perform integrity checking by means of Hash checking or the like.
Meanwhile, the integrity check module 240 is connected to the gateway module 210, so that when the integrity verification is passed, the gateway module 210 is controlled to transmit the firmware file to the PLC firmware, and when the integrity verification is not passed, the gateway module 210 is controlled not to transmit the firmware file.
When the verification device includes both the decryption module 230 and the integrity verification module 240, the decryption module may decrypt the firmware file after the integrity verification module 240 confirms that the integrity verification is passed.
It should be understood that, at this time, the integrity verification module 240 performs integrity verification on the firmware file, which refers to performing integrity verification on the encrypted firmware file.
In this embodiment, the integrity check and the trust check can be performed on the firmware file at the same time, so that the security of the firmware file is improved.
In one embodiment, referring to fig. 3, a firmware verification method is provided and is applied to a verification device 200.
Referring to the figure, the firmware verification method includes:
step 100, obtaining a firmware file after trusted signing through a gateway module;
step 200, performing trusted authentication on the firmware file according to the trusted signature;
step 300, when the trusted authentication is passed, the control gateway module sends a firmware file;
in step 400, when the trusted authentication fails, the control gateway module does not send the firmware file.
In one embodiment, after step 200, further comprising:
and 500, reporting the result of the trusted authentication to the verification upper computer when the trusted authentication fails.
In one embodiment, after step 200, further comprising:
step S600, when the trusted authentication is passed, the firmware file is also decrypted;
step S700, the decrypted firmware file is sent to the gateway module.
In one embodiment, step S600 includes:
step S610, when the trusted authentication is passed, the public key of the upper computer is checked to perform signature removal;
step S620, decrypting the firmware file by checking the public key of the upper computer.
In one embodiment, step S300 includes:
step S310, when the trusted authentication is passed, carrying out integrity verification on the firmware file;
step S320, when the integrity verification passes, the control gateway module sends a firmware file;
in step S330, when the integrity verification is not passed, the control gateway module does not send the firmware file.
In one embodiment, referring to fig. 4, a firmware verification method is provided, which includes:
the method comprises the steps that a firmware file after trusted signing is obtained through a gateway module;
performing trusted authentication on the firmware file according to the trusted signature;
when the trusted authentication is passed, carrying out integrity verification on the firmware file;
when the integrity verification is passed, decrypting the firmware file, sending the decrypted firmware file to the gateway module, and controlling the gateway module to send the firmware file;
and when the integrity verification is not passed, the control gateway module does not send the firmware file, and reports the result of the integrity verification to the verification upper computer.
When the trusted authentication fails, the control gateway module does not send the firmware file, and reports the result of the trusted authentication to the verification upper computer.
It will be understood that, for the "firmware file" mentioned in the present application, it may have different meanings in different cases, for example, it may respectively represent an unencrypted firmware file, an encrypted firmware file, a decrypted firmware file, an untrustworthy signed firmware file, an encrypted and trusted signed firmware file, a trusted authenticated but not integrity verified and not decrypted firmware file, a trusted authenticated and integrity verified but not decrypted firmware file, a trusted authenticated and integrity verified and decrypted firmware file, and so on. This is for simplicity of illustration only and is not to be construed as limiting the present application.
It should be understood that, although the steps in the flowcharts of fig. 3 to 4 are shown in order as indicated by the arrows, these steps are not necessarily performed in order as indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least a portion of the steps of fig. 3-4 may include multiple steps or stages that are not necessarily performed at the same time, but may be performed at different times, nor does the order in which the steps or stages are performed necessarily occur sequentially, but may be performed alternately or alternately with at least a portion of the steps or stages in other steps or other steps.
For specific limitations of the firmware verification method, reference may be made to the above limitation of the firmware verification system, and the description thereof will not be repeated here. The various modules in the firmware verification system described above may be implemented in whole or in part by software, hardware, and combinations thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules. It should be noted that, in the embodiment of the present application, the division of the modules is schematic, which is merely a logic function division, and other division manners may be implemented in actual implementation.
Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in embodiments provided herein may include at least one of non-volatile and volatile memory. The nonvolatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical Memory, or the like. Volatile memory can include random access memory (Random Access Memory, RAM) or external cache memory. By way of illustration, and not limitation, RAM can be in the form of a variety of forms, such as static random access memory (Static Random Access Memory, SRAM) or dynamic random access memory (Dynamic Random Access Memory, DRAM), and the like.
In the description of the present specification, reference to the term "one embodiment" or the like means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, schematic descriptions of the above terms do not necessarily refer to the same embodiment or example.
The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The above examples merely represent a few embodiments of the present application, which are described in more detail and are not to be construed as limiting the scope of the invention. It should be noted that it would be apparent to those skilled in the art that various modifications and improvements could be made without departing from the spirit of the present application, which would be within the scope of the present application. Accordingly, the scope of protection of the present application is to be determined by the claims appended hereto.
Claims (6)
1. A firmware verification system, comprising:
the verification upper computer comprises a compiling module and a first trusted module, wherein the compiling module is used for acquiring a firmware file, and the first trusted module is used for carrying out trusted signature on the firmware file;
the verification device comprises a gateway module and a second trusted module, wherein the gateway module is connected with the first trusted module and is used for receiving and forwarding a firmware file after trusted signature, the second trusted module is connected with the gateway module and is used for carrying out trusted authentication on the firmware file, the second trusted module controls the gateway module to send the firmware file when the trusted authentication is passed, and controls the gateway module not to send the firmware file when the trusted authentication is not passed;
the verification upper computer further comprises an encryption module, the encryption module is connected with the compiling module so as to acquire a firmware file compiled by the compiling module, the encryption module signs the firmware file through a private key and encrypts the firmware file through the private key, the encryption module is also connected with a first trusted module so as to send the encrypted firmware file to the first trusted module, and the first trusted module carries out trusted signature on the encrypted firmware file;
the verification device further comprises a decryption module, wherein the decryption module is connected with the second trusted module, so that when the second trusted module determines that the trusted authentication is passed, the firmware file encrypted by the encryption module is decrypted, the decryption module signs the signature of the private key through the public key, signature authentication is performed, meanwhile, the decryption module decrypts the encrypted firmware file through the public key, and the decrypted firmware file is sent to the gateway module.
2. The firmware verification system of claim 1, wherein the second trusted module further reports the result of the trusted authentication to the verification host when the trusted authentication fails.
3. The firmware verification system of claim 1, wherein the verification device further comprises an integrity verification module, the integrity verification module connecting the second trusted module with the gateway module for integrity verification of the firmware file when the trusted authentication is passed, and wherein the integrity verification module controls the gateway module to send the firmware file when the integrity verification is passed, and controls the gateway module not to send the firmware file when the integrity verification is not passed.
4. A firmware verification method applied to the firmware verification system of any one of claims 1 to 3, comprising:
the method comprises the steps that a firmware file after trusted signing is obtained through a gateway module;
performing trusted authentication on the firmware file according to the trusted signature;
when the trusted authentication is passed, controlling the gateway module to send the firmware file;
when the trusted authentication is not passed, controlling the gateway module not to send the firmware file;
when the trusted authentication passes, the public key of the upper computer is checked to conduct signature decoding, and the public key of the upper computer is checked to decrypt the firmware file;
and sending the decrypted firmware file to the gateway module.
5. The firmware verification method of claim 4, wherein,
and when the trusted authentication fails, reporting the result of the trusted authentication to the verification upper computer.
6. The firmware verification method of claim 5, wherein controlling the gateway module to send the firmware file when the trusted authentication passes comprises:
when the trusted authentication is passed, carrying out integrity verification on the firmware file;
when the integrity verification is passed, controlling the gateway module to send the firmware file;
and when the integrity verification is not passed, controlling the gateway module not to send the firmware file.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110677552.6A CN113468559B (en) | 2021-06-18 | 2021-06-18 | Firmware verification method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110677552.6A CN113468559B (en) | 2021-06-18 | 2021-06-18 | Firmware verification method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113468559A CN113468559A (en) | 2021-10-01 |
| CN113468559B true CN113468559B (en) | 2024-01-05 |
Family
ID=77870403
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110677552.6A Active CN113468559B (en) | 2021-06-18 | 2021-06-18 | Firmware verification method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113468559B (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107403098A (en) * | 2017-06-13 | 2017-11-28 | 北京溢思得瑞智能科技研究院有限公司 | The active safety means of defence and credible industrial control computer of credible industrial control computer startup stage |
| CN108347332A (en) * | 2017-06-06 | 2018-07-31 | 清华大学 | Verify the method and device of firmware signature |
| CN111143856A (en) * | 2019-12-27 | 2020-05-12 | 郑州信大捷安信息技术股份有限公司 | PLC remote firmware upgrading system and method |
| CN111162911A (en) * | 2019-12-27 | 2020-05-15 | 郑州信大捷安信息技术股份有限公司 | PLC firmware upgrading system and method |
| CN111880824A (en) * | 2020-07-24 | 2020-11-03 | 欧姆龙(上海)有限公司 | Firmware data verification device and method, firmware update device and method and system |
| CN112187544A (en) * | 2020-09-30 | 2021-01-05 | 深圳忆联信息系统有限公司 | Firmware upgrading method and device, computer equipment and storage medium |
| CN112464243A (en) * | 2020-11-16 | 2021-03-09 | 微讯智造(广州)电子有限公司 | Firmware tamper-proofing method and device based on android system |
-
2021
- 2021-06-18 CN CN202110677552.6A patent/CN113468559B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108347332A (en) * | 2017-06-06 | 2018-07-31 | 清华大学 | Verify the method and device of firmware signature |
| CN107403098A (en) * | 2017-06-13 | 2017-11-28 | 北京溢思得瑞智能科技研究院有限公司 | The active safety means of defence and credible industrial control computer of credible industrial control computer startup stage |
| CN111143856A (en) * | 2019-12-27 | 2020-05-12 | 郑州信大捷安信息技术股份有限公司 | PLC remote firmware upgrading system and method |
| CN111162911A (en) * | 2019-12-27 | 2020-05-15 | 郑州信大捷安信息技术股份有限公司 | PLC firmware upgrading system and method |
| CN111880824A (en) * | 2020-07-24 | 2020-11-03 | 欧姆龙(上海)有限公司 | Firmware data verification device and method, firmware update device and method and system |
| CN112187544A (en) * | 2020-09-30 | 2021-01-05 | 深圳忆联信息系统有限公司 | Firmware upgrading method and device, computer equipment and storage medium |
| CN112464243A (en) * | 2020-11-16 | 2021-03-09 | 微讯智造(广州)电子有限公司 | Firmware tamper-proofing method and device based on android system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113468559A (en) | 2021-10-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101828357B (en) | Credential provisioning method and device | |
| EP3499790B1 (en) | Management system, key-generating device, on-board computer, management method, and computer program | |
| JP4638912B2 (en) | Method for transmitting a direct proof private key in a signed group to a device using a distribution CD | |
| CN113805908A (en) | Firmware update system and method | |
| CN114662087B (en) | Multi-terminal verification security chip firmware updating method and device | |
| US20170093816A1 (en) | Remote encryption method and cryptographic center | |
| CN114637987A (en) | Security chip firmware downloading method and system based on platform verification | |
| CN113438205B (en) | Block chain data access control method, node and system | |
| CN109960935B (en) | Method, device and storage medium for determining trusted state of TPM (trusted platform Module) | |
| CN113468559B (en) | Firmware verification method and system | |
| CN116881936A (en) | Trusted computing method and related equipment | |
| CN116132041A (en) | Key processing method and device, storage medium and electronic equipment | |
| CN115935379A (en) | Service processing method, device, equipment and computer readable storage medium | |
| CN114153672A (en) | Chip verification method, system, equipment and storage medium | |
| CN112929871A (en) | OTA upgrade package acquisition method, electronic device and storage medium | |
| CN117714513B (en) | Method and system for controlling target equipment based on cloud server | |
| CN113381855B (en) | Communication method and system | |
| CN116226886B (en) | Information security management method and system for software information system | |
| KR102644153B1 (en) | Apparatus and method for data security | |
| CN114124542B (en) | Method for exporting confidential data to shared security area after approval by research and development network | |
| CN115549910B (en) | Data transmission method, equipment and storage medium | |
| EP3975020A1 (en) | System and method for securely transmitting electronic information | |
| CN115550040A (en) | Data processing method, server and medium | |
| CN116722985A (en) | Sensitive data protection method and system | |
| CN112862483A (en) | Identity verification method and device based on intelligent contract |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |