CN113946841A - Software safety protection method, clothes processing equipment and readable storage medium - Google Patents

Software safety protection method, clothes processing equipment and readable storage medium Download PDF

Info

Publication number
CN113946841A
CN113946841A CN202111079715.7A CN202111079715A CN113946841A CN 113946841 A CN113946841 A CN 113946841A CN 202111079715 A CN202111079715 A CN 202111079715A CN 113946841 A CN113946841 A CN 113946841A
Authority
CN
China
Prior art keywords
identification
embedded chip
stored
abstract
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111079715.7A
Other languages
Chinese (zh)
Inventor
邹宝智
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ganwei Intelligent Technology Shenzhen Co ltd
Original Assignee
Ganwei Intelligent Technology Shenzhen Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ganwei Intelligent Technology Shenzhen Co ltd filed Critical Ganwei Intelligent Technology Shenzhen Co ltd
Priority to CN202111079715.7A priority Critical patent/CN113946841A/en
Publication of CN113946841A publication Critical patent/CN113946841A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a software security protection method, clothes processing equipment and a readable storage medium, wherein when judging whether two embedded chips are the same chip, the identification codes are not directly compared, but are encrypted to generate an identification abstract and then are compared, so that the identification code for uniquely identifying the first embedded chip can be prevented from being acquired by a copyer, and the identification code of the first embedded chip can be encrypted and protected, thereby further improving the software security of the first embedded chip.

Description

Software safety protection method, clothes processing equipment and readable storage medium
Technical Field
The invention relates to the technical field of embedded systems, in particular to a software safety protection method, clothes processing equipment and a readable storage medium.
Background
For embedded chips: ARM, DSP, singlechip etc. if the embedded software (also called as "embedded software" hereinafter) of writing into the chip is not encrypted, very easily acquireed and cracked, lead to the core design and key technology to be stolen, threaten the legal rights and interests of software development company.
In order to prevent unauthorized access or copying of software in an embedded chip, a security protection method generally used for an embedded chip including an embedded chip includes: polishing the chip and hiding the model information of the chip; this encryption is too simple and does not work for the decryptor familiar with the chip; the method has the advantages that physical copy prevention is realized, the mask ROM is adopted to store embedded software codes, the price of the encryption mode is high, and subsequent software code upgrading cannot be supported.
Disclosure of Invention
The invention mainly aims to provide a method for protecting software safety in an embedded chip, aiming at solving the technical problem of how to improve the software safety in the embedded chip.
In order to achieve the above object, the method for protecting software security in an embedded chip provided by the invention comprises the following steps:
acquiring a first identification code of a first embedded chip in which a system program is burned, wherein the first identification code is used for uniquely identifying the first embedded chip, and the system program comprises a system driving program and a system function program;
performing first encryption operation on the first identification code to obtain a pre-stored identification abstract and pre-stored key data;
performing secondary encryption operation on the pre-stored identification abstract and the pre-stored key data to obtain encrypted data;
acquiring product registration information, and packaging prestored secret key data, encrypted data and product registration information through a communication protocol to obtain a data packet;
sending the data packet to a system driver;
running a system driver in the second embedded chip;
extracting the encrypted data and the pre-stored key data in the data packet through a system driver, and carrying out decryption operation on the encrypted data and the pre-stored key data to obtain the pre-stored identification abstract;
acquiring a second identification code of the second embedded chip through a system driving program, and calculating the second identification code to obtain a first current identification abstract;
comparing the first current identification abstract with a prestored identification abstract;
and determining that the first current identification abstract is different from the pre-stored identification abstract, judging that the first embedded chip and the second embedded chip are different chips, and deleting the system function program of the second embedded chip.
Optionally, the step of performing a first encryption operation on the first identification code to obtain a pre-stored identification digest and pre-stored key data includes:
calculating the first identification code by using an MD5 message digest algorithm to obtain a prestored identification digest;
calculating the first identification code by using a HASH algorithm to obtain a prestored identification key;
and (4) operating the pre-stored identification key by using an MD5 message digest algorithm to obtain pre-stored key data.
Optionally, the step of performing a second encryption operation on the pre-stored identification digest and the pre-stored key data to obtain encrypted data includes:
and calculating the pre-stored identification abstract and the pre-stored key data by using an AES encryption algorithm to obtain encrypted data.
Optionally, the step of sending the data packet to the system driver includes:
the data packet is operated by using a CRC algorithm to obtain a check code, and the data packet and the check code are sent to a system driver;
before the step of extracting the encrypted data and the pre-stored key data in the data packet by the system driver, and performing decryption operation on the encrypted data and the pre-stored key data to obtain the pre-stored identification digest, the method further comprises the following steps: and checking the integrity of the data packet by using the check code.
Optionally, after the step of extracting the encrypted data and the pre-stored key data in the data packet by the system driver, and performing decryption operation on the encrypted data and the pre-stored key data to obtain the pre-stored identification digest, the method further includes:
running a system function program in the second embedded chip;
carrying out decryption operation on the encrypted data and prestored secret key data to obtain the prestored identification abstract;
acquiring a second identification code of the second embedded chip through a system function program, and calculating the second identification code to obtain a second current identification abstract;
comparing the second current identification abstract with a prestored identification abstract;
and determining that the second current identification abstract is different from the pre-stored identification abstract, judging that the second embedded chip and the first embedded chip are different chips, and deleting the system function program.
Optionally, before the step of extracting the encrypted data and the pre-stored key data in the data packet by the system driver, and performing a decryption operation on the encrypted data and the pre-stored key data to obtain the pre-stored identification digest, the method further includes:
the data packets are stored in different address units of a FLASH region by using a random algorithm.
Optionally, the step of storing the data packet in different address units of one FLASH area by using a random algorithm includes:
and storing the data packet in different address units of a 2KB FLASH region by using a random algorithm according to the last two bits of the 16-system character string of the prestored identification code.
Optionally, after the step of comparing the first current identification digest with the pre-stored identification digest, the method further includes:
and determining that the second current identification abstract is the same as the pre-stored identification abstract, judging that the second embedded chip and the first embedded chip are the same chip, and operating a system function program.
Optionally, the determining that the first current identification abstract is different from the pre-stored identification abstract, determining that the first embedded chip and the second embedded chip are different chips, and deleting the system function program of the second embedded chip includes:
calculating the similarity between the first current identification abstract and the pre-stored identification abstract;
determining that the similarity between the first current identification abstract and the pre-stored identification abstract is smaller than a preset value, and judging that the first embedded chip and the second embedded chip are different chips;
and determining that the similarity between the first current identification abstract and the pre-stored identification abstract is greater than a preset value, calculating the second identification code again to obtain a third current identification abstract, comparing the third current identification abstract with the pre-stored identification abstract, determining that the third current identification abstract is different from the pre-stored identification abstract, and judging that the first embedded chip and the second embedded chip are different chips.
Optionally, after the step of determining that the first current identification digest is different from the pre-stored identification digest, determining that the first embedded chip and the second embedded chip are different chips, and deleting the system function program of the second embedded chip, the method further includes:
and deleting the data packet, the encrypted data, the pre-stored key data and the pre-stored identification abstract in the system driver.
Optionally, after the step of determining that the first current identification digest is different from the pre-stored identification digest, determining that the first embedded chip and the second embedded chip are different chips, and deleting the system function program of the second embedded chip, the method further includes:
storing the pre-stored identification abstract as an invalid identification abstract in a storage unit of the second embedded chip;
running a latest system driver in the second embedded chip, extracting latest encrypted data and latest pre-stored key data in a latest data packet through the latest system driver, and carrying out decryption operation on the latest encrypted data and the latest pre-stored key data to obtain a latest identification abstract;
comparing the latest identification abstract with the invalid identification abstract in the storage unit one by one;
and determining that the latest identification abstract is the same as one invalid identification abstract, and deleting the latest system function program.
The present invention also proposes a laundry treating apparatus comprising: the device comprises a device body, a memory, a processor and a computer program which is stored on the memory and can run on the processor, wherein when the computer program is executed by the processor, the steps of the method for protecting the software in the embedded chip are realized.
The present invention also proposes a readable storage medium storing a control program of a laundry treatment apparatus, which when executed by a processor implements the steps of the method for software security protection in an embedded chip as described above.
The method for software safety protection in the embedded chip of the invention carries out encryption operation on the first identification code of the first embedded chip to obtain the pre-stored identification abstract, the pre-stored identification abstract is sent to the system driving program of the first embedded chip, when the system driving program is operated by the second embedded chip, the system driving program can automatically obtain the second identification code of the second embedded chip, then the encryption operation is automatically carried out to obtain the first current identification abstract, if the pre-stored identification abstract is different from the first current identification abstract, the second identification code is different from the first identification code, because the identification code is used for uniquely identifying the embedded chip, the second embedded chip and the first embedded chip can be known to be different chips, at the moment, the program of the second embedded chip can be judged to be copied from the first embedded chip, so the system driving program can automatically delete the system function program in the second embedded chip, the system function program is prevented from being stolen, and the safety protection of the software in the embedded chip is realized. When judging whether the two embedded chips are the same chip, the identification codes are not directly compared, but are encrypted to generate an identification abstract and then are compared, so that the identification code for uniquely identifying the first embedded chip can be prevented from being acquired by a copyist, the encryption protection effect on the identification code of the first embedded chip can be realized, and the software safety of the first embedded chip can be further improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the structures shown in the drawings without creative efforts.
FIG. 1 is a flowchart illustrating an embodiment of a method for securing software in an embedded chip according to the present invention;
FIG. 2 is a flowchart illustrating a method for securing software in an embedded chip according to another embodiment of the present invention;
FIG. 3 is a flowchart illustrating a method for securing software in an embedded chip according to another embodiment of the present invention;
FIG. 4 is a flowchart illustrating a method for securing software in an embedded chip according to yet another embodiment of the present invention;
fig. 5 is a flowchart illustrating a method for software security protection in an embedded chip according to another embodiment of the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that, if directional indications (such as up, down, left, right, front, and back … …) are involved in the embodiment of the present invention, the directional indications are only used to explain the relative positional relationship between the components, the movement situation, and the like in a specific posture (as shown in the drawing), and if the specific posture is changed, the directional indications are changed accordingly.
In addition, if there is a description of "first", "second", etc. in an embodiment of the present invention, the description of "first", "second", etc. is for descriptive purposes only and is not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature. In addition, the meaning of "and/or" appearing throughout is to include three juxtapositions, exemplified by "A and/or B," including either the A or B arrangement, or both A and B satisfied arrangement. In addition, technical solutions between various embodiments may be combined with each other, but must be realized by a person skilled in the art, and when the technical solutions are contradictory or cannot be realized, such a combination should not be considered to exist, and is not within the protection scope of the present invention.
The invention provides a method for software safety protection in an embedded chip, wherein the embedded chip is applied to an embedded product such as clothes treatment equipment, namely, the clothes treatment equipment can operate according to a program stored in the chip by embedding the chip.
In the embodiment of the present invention, as shown in fig. 1 to 5, the method for protecting software security in an embedded chip includes:
s1, acquiring a first identification code of a first embedded chip in which a system program is burned, wherein the first identification code is used for uniquely identifying the first embedded chip, and the system program comprises a system driver and a system function program;
s2, carrying out first encryption operation on the first identification code to obtain a pre-stored identification abstract and pre-stored key data;
s3, performing secondary encryption operation on the pre-stored identification abstract and the pre-stored key data to obtain encrypted data;
s4, acquiring product registration information, and packaging pre-stored key data, encrypted data and the product registration information through a communication protocol to obtain a data packet;
s5, sending the data packet to a system driver;
s6, operating a system driver in the second embedded chip;
s7, extracting the encrypted data and the pre-stored key data in the data packet through a system driver, and carrying out decryption operation on the encrypted data and the pre-stored key data to obtain the pre-stored identification digest;
s8, acquiring a second identification code of the second embedded chip through a system driving program, and calculating the second identification code to obtain a first current identification abstract;
s9, comparing the first current identification abstract with a prestored identification abstract;
s10, determining that the first current identification abstract is different from the pre-stored identification abstract, judging that the first embedded chip and the second embedded chip are different chips, and deleting the system function program of the second embedded chip.
It should be noted that the program in the embedded chip is divided into two parts: a system driver (bootloader) and a system function program. In the production stage of embedded products, a chip burning device is used to write a system driver into a chip (bare chip). After the embedded product is produced, the program upgrading tool of the upper computer is communicated with the system driving program of the embedded chip, the system function program is transmitted to the system driving program through the program upgrading tool, and then the system driving program writes the system function program into the embedded chip. After the embedded chip is restarted, firstly operating a system driving program, verifying the system function program by the system driving program, and if the verification is passed, executing the system function program to enable the function system of the embedded product to normally work, such as heating, blowing and the like; if the verification fails, the system function program cannot be executed, that is, the embedded product cannot work normally.
Embedded products generally have an internal ROM for a user to store system function programs and some may also provide EEPROM memory. When the embedded product system runs, the embedded chip directly reads and executes the system function program in the ROM, or the system function program stored in the ROM is loaded into a memory (RAM) and then executed.
It can be understood that the system function program is a core program in the chip for controlling the operation of the embedded product, and if the system function program is directly stolen and recorded to another chip and can be effectively driven, the other chip can directly control another embedded product without authorization of a program developer. The purpose of this embodiment is to prevent the system function program in the original chip from being directly executed after being stolen and recorded in another chip.
In this embodiment, serial communication with the first embedded chip may be implemented by the upper computer to encrypt or update the program of the first embedded chip. That is, steps S1 to S5 are realized by serial communication. The first embedded chip refers to an original chip storing authorized system function programs.
The first identification code is the unique identification code of the first embedded chip, namely, another chip with the same identification code as the first identification code does not exist. The specific algorithm of the first encryption operation is not limited, and only the pre-stored identification digest and the pre-stored key data can be generated, for example, the pre-stored identification digest can be a 128-bit digest parameter. The first identification code is encrypted to generate a pre-stored identification abstract, so that the first identification code can be prevented from being directly acquired by a person who is logged by a recorder; and the pre-stored identification abstract and the pre-stored key data are subjected to secondary encryption operation, so that the cracking difficulty of the pirate on the first identification code can be further improved, and the confidentiality effect on the first identification code is improved.
The product registration information is parameter information of the product embedded in the first embedded core, such as registration time, temperature unit, software version, and the like. The product registration information, the pre-stored key data and the encrypted data are packaged together to form a data packet and then sent to a system driver, so that the one-to-one corresponding relation between the chip and a specific product can be conveniently marked.
After sending the data packet to the system driver, a verification procedure needs to be written in the first embedded chip, and the verification procedure is executed before the system function procedure is executed, i.e., steps S6 to S10.
It should be noted that the second embedded chip may be the same chip as the first embedded chip or may be different chips, depending on whether the first identification code of the second embedded chip is the same as the second identification code of the second embedded chip. The second embedded chip includes the above-mentioned driver, and when the second embedded chip embedded product runs, the system driver will first load and start the verification procedure of steps S6 to S10.
In the verification process, because the first identification code used as the comparison standard is in the form of the encrypted identification abstract, the system driver firstly calculates the second identification code of the second embedded chip through the same encryption algorithm to obtain a first current identification abstract, if the first current identification abstract is the same as the pre-stored identification abstract, the second identification code is the same as the first identification code, namely the second embedded chip and the first embedded chip are judged to be the same chip, at the moment, the system function program can be considered not to be illegally recorded but executed on the original authorized chip, so that the system function program can be operated to enable the embedded product to normally work.
If the first current identification abstract is different from the pre-stored identification abstract, the second identification code is different from the first identification code, namely the second embedded chip and the first embedded chip are judged to be different chips, at the moment, the software of the authorized first embedded chip can be considered to be stolen and recorded into the unauthorized other chip, so that the system function program can be deleted, the system function program can not be executed and can not be stored in the unauthorized chip, and the encryption effect on the system function program is improved.
The method for software safety protection in the embedded chip of the invention carries out encryption operation on the first identification code of the first embedded chip to obtain the pre-stored identification abstract, the pre-stored identification abstract is sent to the system driving program of the first embedded chip, when the system driving program is operated by the second embedded chip, the system driving program can automatically obtain the second identification code of the second embedded chip, then the encryption operation is automatically carried out to obtain the first current identification abstract, if the pre-stored identification abstract is different from the first current identification abstract, the second identification code is different from the first identification code, because the identification code is used for uniquely identifying the embedded chip, the second embedded chip and the first embedded chip can be known to be different chips, at the moment, the program of the second embedded chip can be judged to be copied from the first embedded chip, so the system driving program can automatically delete the system function program in the second embedded chip, the system function program is prevented from being stolen, and the safety protection of the software in the embedded chip is realized. When judging whether the two embedded chips are the same chip, the identification codes are not directly compared, but are encrypted to generate an identification abstract and then are compared, so that the identification code for uniquely identifying the first embedded chip can be prevented from being acquired by a copyist, the encryption protection effect on the identification code of the first embedded chip can be realized, and the software safety of the first embedded chip can be further improved.
Specifically, as shown in fig. 2, the step of performing a first encryption operation on the first identification code to obtain a pre-stored identification digest and pre-stored key data includes:
s21, calculating the first identification code by using an MD5 message digest algorithm to obtain a pre-stored identification digest;
s22, calculating the first identification code by using a HASH algorithm to obtain a prestored identification key;
and S23, calculating the pre-stored identification key by using the MD5 message digest algorithm to obtain the pre-stored key data.
The MD5 message digest algorithm can calculate a first identification code with any length to obtain a pre-stored identification digest with a fixed length, and can obtain the same identification digest only when the first identification code is the same, and the algorithm is irreversible, and even if the pre-stored identification digest after encryption is obtained, it is impossible to reverse the first identification code by a decryption algorithm. Therefore, the first identification code can be stored in the MD5 value mode, the first identification code of the user can be prevented from being known by a person with a pirate, and the difficulty of cracking the first identification code is increased to a certain extent.
The HASH algorithm can convert the first identification code into a pre-stored identification key with a fixed length, the pre-stored identification key corresponds to the pre-stored identification abstract, and the HASH algorithm has independence and autonomy and can further improve the production difficulty of the pre-stored identification key. And the MD5 message digest algorithm is used for operating the pre-stored identification key, so that the irreversibility of the pre-stored key data can be ensured, namely, a pirate cannot obtain the first identification code through reverse operation.
In practical application, the step of performing a second encryption operation on the pre-stored identification digest and the pre-stored key data to obtain encrypted data includes:
and calculating the pre-stored identification abstract and the pre-stored key data by using an AES encryption algorithm to obtain encrypted data.
AES is fast in both software and hardware, relatively easy to implement, and requires little memory.
In one embodiment, the step of sending the data packet to the system driver includes:
the data packet is operated by using a CRC algorithm to obtain a check code, and the data packet and the check code are sent to a system driver;
before the step of extracting the encrypted data and the pre-stored key data in the data packet by the system driver, and performing decryption operation on the encrypted data and the pre-stored key data to obtain the pre-stored identification digest, the method further comprises the following steps: and checking the integrity of the data packet by using the check code.
The CRC (Cyclic Redundancy Check) is a channel coding technique for generating a short fixed-bit Check code according to data such as a network data packet or a computer file, and is mainly used to detect or Check errors that may occur after data transmission or storage. The error detection capability is extremely strong, and the detection cost is low; by using the CRC algorithm to transmit the data packet, the transmitted data can be ensured to be accurate.
In an embodiment, as shown in fig. 3, after the step of extracting the encrypted data and the pre-stored key data in the data packet by the system driver, and performing a decryption operation on the encrypted data and the pre-stored key data to obtain the pre-stored identification digest, the method further includes:
s20, operating a system function program in the second embedded chip;
s30, carrying out decryption operation on the encrypted data and the pre-stored key data to obtain the pre-stored identification abstract;
s40, acquiring a second identification code of the second embedded chip through a system function program, and calculating the second identification code to obtain a second current identification abstract;
s50, comparing the second current identification abstract with a prestored identification abstract;
and S60, determining that the second current identification abstract is different from the pre-stored identification abstract, judging that the second embedded chip and the first embedded chip are different chips, and deleting the system function program.
Steps S20 to S60 are the second check program, and even if the software pirate directly skips the check program of steps S6 to S10 through illegal means, the second check program will be run before the system function program is run. The verification process of the second verification program is the same as that of the first verification program, and if the second embedded chip and the first embedded chip are finally judged to be different chips, the system function program can be directly deleted. This can further improve the security of the system function program.
In an embodiment, before the step of extracting the encrypted data and the pre-stored key data in the data packet by the system driver, and performing a decryption operation on the encrypted data and the pre-stored key data to obtain the pre-stored identification digest, the method further includes:
the data packets are stored in different address units of a FLASH region by using a random algorithm.
Specifically, the step of storing the data packet in different address units of one FLASH area by using a random algorithm includes:
storing the data packet in different address units of a 2KB FLASH region by using a random algorithm according to the last two bits of the 16-system character string of the prestored identification code; for example, the FLASH area is divided into different address units with 0-100 marks, assuming that the last two bits of the pre-stored identification code 16 system character string are 21, the random algorithm and the last two bits of the pre-stored identification code 16 system character string are subjected to parallel operation to generate a numerical value of 0-100, and if the numerical value is 63 after the parallel operation, the data packet is stored in the address unit with the mark number of 63.
Therefore, the difficulty of directly extracting the pre-stored key data and the encrypted data from the inside of the first embedded chip can be improved, and the first identification code is further prevented from being cracked.
In an embodiment, as shown in fig. 4, the step of determining that the first current identification digest is different from the pre-stored identification digest, determining that the first embedded chip and the second embedded chip are different chips, and deleting the system function program of the second embedded chip includes:
s11, calculating the similarity between the first current identification abstract and the pre-stored identification abstract;
s12, determining that the similarity between the first current identification abstract and the pre-stored identification abstract is smaller than a preset value, and judging that the first embedded chip and the second embedded chip are different chips;
and S13, determining that the similarity between the first current identification abstract and the pre-stored identification abstract is greater than a preset value, calculating the second identification code again to obtain a third current identification abstract, comparing the third current identification abstract with the pre-stored identification abstract, determining that the third current identification abstract is different from the pre-stored identification abstract, and judging that the first embedded chip and the second embedded chip are different chips.
After the system driver obtains the second identification code of the second embedded chip, when the second identification code is operated, an operation error may occur, which results in obtaining an erroneous first current identification digest. That is, the second identification code may be the same as the first identification code, and when the encryption operation process is wrong, the obtained first current identification digest is different from the pre-stored identification digest, so that the second embedded chip is determined to be a different chip from the first embedded chip by mistake.
In order to avoid the above misjudgment process, after the first current identification abstract is determined to be different from the pre-stored identification abstract for the first time, the similarity between the first current identification abstract and the pre-stored identification abstract can be calculated, and if the similarity is smaller, the second identification code is actually different from the first identification code. If the similarity is greater, it indicates that the second identification code may be the same as the first identification code, and at this time, it is necessary to perform the operation on the second identification code again to obtain a third current identification summary, compare the third current identification summary, and if the third current identification summary is still different from the pre-stored identification summary, it indicates that the second identification code is indeed different from the first identification code. If the third current identification abstract is the same as the pre-stored identification abstract, the second identification code is the same as the first identification code, and only dislocation occurs in the first operation. Therefore, the system function program can be prevented from being deleted mistakenly due to errors in the operation process, so that the system function program is effectively protected.
In an embodiment, after the step of determining that the first current identification digest is different from the pre-stored identification digest, determining that the first embedded chip and the second embedded chip are different chips, and deleting the system function program of the second embedded chip, the method further includes:
and deleting the data packet, the encrypted data, the pre-stored key data and the pre-stored identification abstract in the system driver.
When the first embedded chip and the second embedded chip are judged to be different chips, the program in the second embedded chip can be considered to be illegally recorded from the first embedded chip, and at the moment, the system driving program can delete the data packet, the encrypted data, the pre-stored key data and the pre-stored identification abstract in the second embedded chip together so as to prevent the data packet, the encrypted data, the pre-stored key data and the pre-stored identification abstract from being tried to decrypt continuously, so that the encryption protection effect on the software in the embedded chip can be further improved.
In an embodiment, as shown in fig. 5, after the step of determining that the first current identification digest is different from the pre-stored identification digest, determining that the first embedded chip and the second embedded chip are different chips, and deleting the system function program of the second embedded chip, the method further includes:
s110, storing the pre-stored identification abstract as an invalid identification abstract in a storage unit of the second embedded chip;
s120, running a latest system driver in the second embedded chip, extracting latest encrypted data and latest pre-stored key data in the latest data packet through the latest system driver, and carrying out decryption operation on the latest encrypted data and the latest pre-stored key data to obtain a latest identification abstract;
s130, comparing the latest identification abstract with the invalid identification abstract in the storage unit one by one;
s140, determining that the latest identification abstract is the same as one invalid identification abstract, and deleting the latest system function program.
After the system function program copied to the second embedded chip is deleted, the embezzler may copy the software of the first embedded chip to the second embedded chip again and continue to try to crack. At this time, the prestored identification abstract obtained by the operation of the first embedded chip is stored in the storage unit of the second embedded chip as the invalid identification abstract, after the software of the first embedded chip is copied to the second embedded chip again, before the verification program is operated, the latest identification abstract of the first embedded chip and the invalid identification abstract stored in the second embedded chip can be compared one by one, and as long as the latest identification abstract is the same as one invalid identification abstract, the current software is judged to belong to the software which is copied before, so that the system function program of the software can be directly deleted by the system driving program without executing the verification process. That is, if the same unauthorized chip is copied with the same software many times, the system function program can be directly deleted before the unauthorized chip runs the software for the second time, thereby omitting the subsequent verification step and simplifying the verification process.
The invention also proposes a laundry treatment apparatus comprising an apparatus body, a memory, a processor and a computer program stored on said memory and operable on said processor, said computer program, when executed by said processor, implementing the steps of the method for software security protection in an embedded chip as described above; the specific steps of the method for software safety protection in the embedded chip refer to the above embodiments, and since the clothes treatment device adopts all the technical solutions of all the above embodiments, at least all the beneficial effects brought by the technical solutions of the above embodiments are achieved, and no further description is given here.
The invention also proposes a readable storage medium storing a control program of a laundry treatment apparatus, which when executed by a processor implements the steps of the method for software security protection in an embedded chip as described above; the specific steps of the method for protecting software security in an embedded chip refer to the above embodiments, and since the readable storage medium adopts all the technical solutions of all the above embodiments, at least all the beneficial effects brought by the technical solutions of the above embodiments are achieved, and are not described in detail herein.
The above description is only an alternative embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications and equivalents of the present invention, which are made by the contents of the present specification and the accompanying drawings, or directly/indirectly applied to other related technical fields, are included in the scope of the present invention.

Claims (13)

1. A method for software security protection in an embedded chip is characterized by comprising the following steps:
acquiring a first identification code of a first embedded chip in which a system program is burned, wherein the first identification code is used for uniquely identifying the first embedded chip, and the system program comprises a system driving program and a system function program;
performing first encryption operation on the first identification code to obtain a pre-stored identification abstract and pre-stored key data;
performing secondary encryption operation on the pre-stored identification abstract and the pre-stored key data to obtain encrypted data;
acquiring product registration information, and packaging prestored secret key data, encrypted data and product registration information through a communication protocol to obtain a data packet;
sending the data packet to a system driver;
running a system driver in the second embedded chip;
extracting the encrypted data and the pre-stored key data in the data packet through a system driver, and carrying out decryption operation on the encrypted data and the pre-stored key data to obtain the pre-stored identification abstract;
acquiring a second identification code of the second embedded chip through a system driving program, and calculating the second identification code to obtain a first current identification abstract;
comparing the first current identification abstract with a prestored identification abstract;
and determining that the first current identification abstract is different from the pre-stored identification abstract, judging that the first embedded chip and the second embedded chip are different chips, and deleting the system function program of the second embedded chip.
2. The method of claim 1, wherein the step of performing a first encryption operation on the first identification code to obtain a pre-stored identification digest and pre-stored key data comprises:
calculating the first identification code by using an MD5 message digest algorithm to obtain a prestored identification digest;
calculating the first identification code by using a HASH algorithm to obtain a prestored identification key;
and (4) operating the pre-stored identification key by using an MD5 message digest algorithm to obtain pre-stored key data.
3. The method of software security protection in an embedded chip according to claim 1, wherein the step of performing a second encryption operation on the pre-stored identification digest and the pre-stored key data to obtain the encrypted data comprises:
and calculating the pre-stored identification abstract and the pre-stored key data by using an AES encryption algorithm to obtain encrypted data.
4. The method for software security protection in an embedded chip of claim 1, wherein the step of sending the data packet to the system driver comprises:
the data packet is operated by using a CRC algorithm to obtain a check code, and the data packet and the check code are sent to a system driver;
before the step of extracting the encrypted data and the pre-stored key data in the data packet by the system driver, and performing decryption operation on the encrypted data and the pre-stored key data to obtain the pre-stored identification digest, the method further comprises the following steps: and checking the integrity of the data packet by using the check code.
5. The method for software security protection in an embedded chip according to claim 1, wherein after the steps of extracting the encrypted data and the pre-stored key data in the data packet by the system driver, and performing the decryption operation on the encrypted data and the pre-stored key data to obtain the pre-stored identification digest, the method further comprises:
running a system function program in the second embedded chip;
carrying out decryption operation on the encrypted data and prestored secret key data to obtain the prestored identification abstract;
acquiring a second identification code of the second embedded chip through a system function program, and calculating the second identification code to obtain a second current identification abstract;
comparing the second current identification abstract with a prestored identification abstract;
and determining that the second current identification abstract is different from the pre-stored identification abstract, judging that the second embedded chip and the first embedded chip are different chips, and deleting the system function program.
6. The method for software security protection in an embedded chip according to claim 1, wherein before the step of extracting the encrypted data and the pre-stored key data in the data packet by the system driver, and performing the decryption operation on the encrypted data and the pre-stored key data to obtain the pre-stored identification digest, the method further comprises:
the data packets are stored in different address units of a FLASH region by using a random algorithm.
7. The method for software security protection in an embedded chip according to claim 6, wherein the step of storing the data packets in different address locations of a FLASH area using a random algorithm comprises:
and storing the data packet in different address units of a 2KB FLASH region by using a random algorithm according to the last two bits of the 16-system character string of the prestored identification code.
8. The method of software security protection in an embedded chip according to claim 1, wherein the step of comparing the first current identification digest with the pre-stored identification digest further comprises:
and determining that the second current identification abstract is the same as the pre-stored identification abstract, judging that the second embedded chip and the first embedded chip are the same chip, and operating a system function program.
9. The method according to claim 1, wherein the step of determining that the first current identification digest is different from the pre-stored identification digest, determining that the first embedded chip and the second embedded chip are different chips, and deleting the system function program of the second embedded chip comprises:
calculating the similarity between the first current identification abstract and the pre-stored identification abstract;
determining that the similarity between the first current identification abstract and the pre-stored identification abstract is smaller than a preset value, and judging that the first embedded chip and the second embedded chip are different chips;
and determining that the similarity between the first current identification abstract and the pre-stored identification abstract is greater than a preset value, calculating the second identification code again to obtain a third current identification abstract, comparing the third current identification abstract with the pre-stored identification abstract, determining that the third current identification abstract is different from the pre-stored identification abstract, and judging that the first embedded chip and the second embedded chip are different chips.
10. The method according to claim 1, wherein after the steps of determining that the first current identification digest is different from the pre-stored identification digest, determining that the first embedded chip and the second embedded chip are different chips, and deleting the system function program of the second embedded chip, the method further comprises:
and deleting the data packet, the encrypted data, the pre-stored key data and the pre-stored identification abstract in the system driver.
11. The method according to claim 1, wherein after the steps of determining that the first current identification digest is different from the pre-stored identification digest, determining that the first embedded chip and the second embedded chip are different chips, and deleting the system function program of the second embedded chip, the method further comprises:
storing the pre-stored identification abstract as an invalid identification abstract in a storage unit of the second embedded chip;
running a latest system driver in the second embedded chip, extracting latest encrypted data and latest pre-stored key data in a latest data packet through the latest system driver, and carrying out decryption operation on the latest encrypted data and the latest pre-stored key data to obtain a latest identification abstract;
comparing the latest identification abstract with the invalid identification abstract in the storage unit one by one;
and determining that the latest identification abstract is the same as one invalid identification abstract, and deleting the latest system function program.
12. A laundry treating apparatus, comprising:
device body, memory, processor and computer program stored on said memory and executable on said processor, said computer program, when executed by said processor, implementing the steps of the method for software security protection in an embedded chip according to any of claims 1 to 11.
13. A readable storage medium storing a control program of a laundry treatment apparatus, which when executed by a processor implements the steps of the method for software security protection in an embedded chip according to any one of claims 1 to 11.
CN202111079715.7A 2021-09-15 2021-09-15 Software safety protection method, clothes processing equipment and readable storage medium Pending CN113946841A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111079715.7A CN113946841A (en) 2021-09-15 2021-09-15 Software safety protection method, clothes processing equipment and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111079715.7A CN113946841A (en) 2021-09-15 2021-09-15 Software safety protection method, clothes processing equipment and readable storage medium

Publications (1)

Publication Number Publication Date
CN113946841A true CN113946841A (en) 2022-01-18

Family

ID=79328504

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111079715.7A Pending CN113946841A (en) 2021-09-15 2021-09-15 Software safety protection method, clothes processing equipment and readable storage medium

Country Status (1)

Country Link
CN (1) CN113946841A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116070293A (en) * 2023-03-09 2023-05-05 深圳市好盈科技股份有限公司 Processing method and device for firmware protection through chip encryption

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116070293A (en) * 2023-03-09 2023-05-05 深圳市好盈科技股份有限公司 Processing method and device for firmware protection through chip encryption

Similar Documents

Publication Publication Date Title
US8533492B2 (en) Electronic device, key generation program, recording medium, and key generation method
EP3612968B1 (en) Method and apparatus to quickly authenticate program using a security element
CN109388961B (en) Security control method of storage device and storage device
US20180204004A1 (en) Authentication method and apparatus for reinforced software
CN112511549B (en) Data transmission method, device, equipment and computer readable storage medium
CN110008659B (en) Software license offline management method and device, computer equipment and storage medium
WO2006075355A1 (en) Programmable logic controller peripheral device
CN113946841A (en) Software safety protection method, clothes processing equipment and readable storage medium
JP6888122B2 (en) Semiconductor device, update data provision method, update data reception method and program
CN112417422A (en) Security chip upgrading method and computer readable storage medium
JP2004282391A (en) Information processor having authentication function and method for applying authentication function
TWI729236B (en) Method, system and computer program for verifying data, electronic device, equipment able to communicate with a server and computer readable storage medium
JP2002014871A (en) Contents check method, contents update method and processor
CN111385083B (en) Key protection method and key protection system
CN109740321B (en) Method for revoking manager lock of encryption machine, encryption machine and manufacturer server
JP6961553B2 (en) Information processing equipment, systems and methods
JP2000047866A (en) Program executing protecting method, ic card and storage medium
KR101711926B1 (en) SoC having security features, and security method for SoC
CN117290874B (en) Circuit board program cracking prevention method, storage medium and circuit board
CN112597449B (en) Software encryption method, device, equipment and storage medium
WO2022176164A1 (en) Program processing device, program processing method, and program
CN117633733A (en) Method for acquiring software by chip product, computer equipment and storage medium
CN118051919A (en) Data processing method, chip, electronic device and storage medium
JP2024011421A (en) Memory abnormality determination method and common key writing system
CN117290874A (en) Circuit board program cracking prevention method, storage medium and circuit board

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination