CN114329353A - Preprocessing method, processing method, decryption and reading method, device and medium - Google Patents

Preprocessing method, processing method, decryption and reading method, device and medium Download PDF

Info

Publication number
CN114329353A
CN114329353A CN202011066189.6A CN202011066189A CN114329353A CN 114329353 A CN114329353 A CN 114329353A CN 202011066189 A CN202011066189 A CN 202011066189A CN 114329353 A CN114329353 A CN 114329353A
Authority
CN
China
Prior art keywords
data
reading
version file
related instruction
instruction
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011066189.6A
Other languages
Chinese (zh)
Inventor
刘季
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN202011066189.6A priority Critical patent/CN114329353A/en
Priority to PCT/CN2021/120296 priority patent/WO2022068693A1/en
Publication of CN114329353A publication Critical patent/CN114329353A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/70Software maintenance or management
    • G06F8/71Version control; Configuration management

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Technology Law (AREA)
  • Multimedia (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The present disclosure provides a method for preprocessing a basic system of an embedded system, including: receiving a modification instruction; and processing the source code of the preset reading related instruction in the source code file of the basic system according to the modification instruction to obtain the reading related instruction carrying the verification data. The present disclosure also provides a method for generating an encrypted version file of an embedded system, a method for decrypting data in an encrypted version file of an embedded system, a method for reading data in an encrypted version file of an embedded system, an electronic device, and a computer-readable storage medium. After the preprocessing method provided by the disclosure is used for preprocessing the basic system of the embedded system, the encrypted version file can be generated by using a preset encryption algorithm, the storage space occupied by the encrypted version file is small, and the data is safer when being decrypted.

Description

Preprocessing method, processing method, decryption and reading method, device and medium
Technical Field
The present disclosure relates to the field of embedded systems, and in particular, to a method for preprocessing a base system of an embedded system, a method for processing a version file of an embedded system, a method for decrypting data in a version file of an embedded system, a method for reading data in a version file of an embedded system, an electronic device, and a computer-readable storage medium.
Background
At present, the security problem of the version file of the embedded system is more and more emphasized by operators and users, and how to ensure the security of the version file in the releasing process and the using process without being maliciously cracked or damaged by other people becomes an important subject.
Disclosure of Invention
The present disclosure provides a preprocessing method of a basic system of an embedded system, a processing method of a version file of the embedded system, a decryption method of data in the version file of the embedded system, a reading method of data in the version file of the embedded system, an electronic device, and a computer-readable storage medium.
As an aspect of the present disclosure, there is provided a preprocessing method of a base system of an embedded system, including:
receiving a modification instruction;
and processing the source code of the preset reading related instruction in the source code file of the basic system according to the modification instruction to obtain the reading related instruction carrying the verification data.
Optionally, the basic system is a Linux system.
Optionally, the predetermined read-related instruction comprises a cat instruction and/or an ls instruction.
As a second aspect of the present disclosure, there is provided a method for generating an encrypted version file of an embedded system, including:
compressing the initial version file to obtain a binary file;
encrypting the binary file by using a preset encryption algorithm to obtain an encrypted version file;
and storing the encrypted version file on a storage device, wherein the storage device is provided with a basic system preprocessed by the preprocessing method.
Optionally, the generating method further includes, before the step of compressing the initial version file:
and compiling to manufacture the initial version file.
Optionally, the initial version file includes a plurality of application programs, in the step of compiling and making the initial version file, a part of the application programs is configured with a right to read decrypted data, and the rest of the application programs are not configured with a right to read decrypted data.
As a third aspect of the present disclosure, there is provided a decryption method of data in an encrypted version file of an embedded system, wherein the encrypted version file is generated by the generation method, the decryption method including:
judging whether the received reading related instruction carries the check data or not;
and when the received reading related instruction carries the verification data, decrypting the data pointed by the received reading related instruction according to a preset decryption algorithm corresponding to the preset encryption algorithm.
Optionally, the decryption method further includes, before the step of determining whether the received read related instruction carries the check data:
judging whether the received reading related instruction has the authority of acquiring the decrypted data;
and when the received reading related instruction has the right of acquiring the decrypted data, executing the step of judging whether the received reading related instruction carries the verification data.
Optionally, the decryption method further includes, before the step of determining whether the received read-related instruction has the right to acquire decrypted data:
and reading the encrypted data pointed by the relevant instruction from the storage device.
As a fourth aspect of the present disclosure, there is provided a method for reading data in an encrypted version file of an embedded system, wherein the encrypted version file is generated by the generation method, and the reading method includes:
after receiving and reading the relevant instruction, executing the decryption method;
and when the decrypted data exists, returning the decrypted data to the upper-layer application which sends the reading related instruction.
Optionally, when the received read-related instruction does not carry the check data, returning the encrypted data pointed by the read-related instruction to the upper layer application sending the read-related instruction.
As a fifth aspect of the present disclosure, there is provided an electronic apparatus including:
a storage device having at least one of a first executable program, a second executable program, a third executable program, and a fourth executable program stored thereon;
one or more processors implementing said preprocessing method when said one or more processors call said first executable program, implementing said generation method when said one or more processors call said second executable program, implementing said decryption method when said one or more processors call said third executable program, and implementing said reading method when said one or more processors call said fourth executable program.
As a sixth aspect of the present disclosure, there is provided a computer-readable storage medium having stored thereon an executable program capable of implementing any one of the following methods when the executable program is called:
the pretreatment method;
the generation method;
the decryption method;
the reading method.
In the present disclosure, a basic system (e.g., a Linux system) of an electronic device is first preprocessed, so that a predetermined read-write related instruction in the processed basic system carries verification data.
When the initial version file of the embedded system is encrypted, the binary file obtained by compressing the initial version file can be directly encrypted by using an encryption algorithm to obtain an encrypted version file. The size of the encrypted version file is not increased, so that the storage space of the embedded system can be saved. When the encrypted version file runs, only when a reading related instruction carrying verification data is received, the step of decrypting the data pointed by the reading related instruction is executed. If the received reading related instruction does not carry the verification data, the related data is not decrypted, so that the data security in the version file can be ensured.
Drawings
FIG. 1 is a flow chart of one embodiment of a pretreatment method provided by the present disclosure;
FIG. 2 is a flow chart of one embodiment of a method for generating an encrypted version file of an embedded system provided by the present disclosure;
FIG. 3 is a flow chart of another embodiment of a method for generating an encrypted version file of an embedded system provided by the present disclosure;
FIG. 4 is a flowchart of one embodiment of a method for decrypting data in an encrypted version file of an embedded system provided by the present disclosure;
FIG. 5 is a flow chart of another embodiment of a method for decrypting data in an encrypted version file of an embedded system provided by the present disclosure;
FIG. 6 is a flowchart of a method for reading data in an encrypted version file of an embedded system provided by the present disclosure;
FIG. 7 is a block diagram of one embodiment of an embedded system.
Detailed Description
Example embodiments will be described more fully hereinafter with reference to the accompanying drawings, but which may be embodied in different forms and should not be construed as limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
As used herein, the term "and/or" includes any and all combinations of one or more of the associated listed items.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. As used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
Embodiments described herein may be described with reference to plan and/or cross-sectional views in light of idealized schematic illustrations of the disclosure. Accordingly, the example illustrations can be modified in accordance with manufacturing techniques and/or tolerances. Accordingly, the embodiments are not limited to the embodiments shown in the drawings, but include modifications of configurations formed based on a manufacturing process. Thus, the regions illustrated in the figures have schematic properties, and the shapes of the regions shown in the figures illustrate specific shapes of regions of elements, but are not intended to be limiting.
Unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the relevant art and the present disclosure, and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.
The following detailed description of embodiments of the invention refers to the accompanying drawings. It should be understood that the detailed description and specific examples, while indicating the present invention, are given by way of illustration and explanation only, not limitation.
In the related art, a version file is encrypted by an Enterprise-level encrypted file system (eCryptfs, Enterprise Cryptographic file system) file system. Specifically, eCryptfs is an encrypted File System of Linux, and is another virtual File System superimposed on a Virtual File System (VFS), and may encapsulate a read-write function for encryption and decryption into the VFS, and finally present decrypted data to a user.
However, when each file in the version file of the embedded system is encrypted by using eCryptfs, 8k of encryption extension headers are added to each file, and the size of the version file increases greatly with the increase of the number of encrypted files, thereby occupying a storage space. Moreover, when the eCryptfs is used, a user needs to decrypt and encrypt the file through the eCryptfs when reading and writing the file, so that the read-write performance is greatly influenced. In particular, the read performance may be reduced by around 29%, while the write performance may be reduced by orders of magnitude.
In view of the above, the present disclosure provides a series of processing methods for an embedded system, and specifically includes a preprocessing method for a basic system, a processing method for a version file of the embedded system, a decryption method for data in the version file of the embedded system, and a reading method for data in the version file of the embedded system.
Firstly, the preprocessing method provided by the present disclosure is needed to process the basic system of the embedded system, and then the processing method provided by the present disclosure is used to encrypt the version file based on the preprocessed basic system. And when the subsequent application program runs, decrypting the data required by the application program by using the decryption method provided by the disclosure, and then reading the data provided by the disclosure.
Various aspects of the disclosure are described in detail below with reference to the figures.
As a first aspect of the present disclosure, there is provided a preprocessing method of a base system of an embedded system, as shown in fig. 1, the preprocessing method including:
in step S110, a modification instruction is received;
in step S120, a predetermined source code of a read-related instruction in the source code file of the base system is processed according to the modification instruction, so as to obtain a read-related instruction carrying verification data.
The basic system is an embedded system operation environment, and the version file of the embedded system operates in the basic system.
In step S120, the source code file of the base system is modified, so that the source code file of the read related instruction carries the check code. When the embedded system provided with the basic system preprocessed by the method receives the reading related instruction, the received reading related instruction needs to be verified, and whether the received reading related instruction carries a verification code or not is confirmed. And when the received reading related instruction does not carry the check code, not decrypting the related data. For example, the encrypted data may be directly returned to the application that sent the read-related instruction. In this way, the real content is not visible to the application sending the read-related instruction.
Optionally, the step of decrypting the encrypted data is performed at a driver layer of the embedded system.
And when the reading related instruction carries the check code, returning the decrypted data, so that the real content can be seen by the application program sending the reading related instruction.
In the present disclosure, the source of the modification instruction is not particularly limited. The modification instructions may be input to the embedded system via an input device, for example.
In the present disclosure, the basic system is not particularly limited, and as an alternative embodiment, the basic system may be a Linux system.
In the present disclosure, the predetermined read-related instruction is not limited, for example, when the base system is a Linux system, the predetermined read-related instruction includes a cat instruction and/or an ls instruction.
Specifically, the cat instruction is a Linux command, which is a shorthand of "concatemate" for displaying or linking a plurality of text files, similar to a type command under dos.
The ls instruction is a Linux command to write to the standard output every Directory specified by a Directory parameter or every name specified by a File parameter, along with other information required by the customer and flags. If the File or Directory parameter is not specified, the ls command displays the contents of the current Directory.
For convenience of description, the cat instruction carrying the check code is denoted as cat-hd, and the ls instruction carrying the check code is denoted as ls-hd.
As a second aspect of the present disclosure, there is provided a method for generating an encrypted version file of an embedded system, as shown in fig. 2, the method including:
in step S210, compressing the initial version file to obtain a binary file;
in step S220, the binary file is encrypted by using a predetermined encryption algorithm to obtain an encrypted version file;
in step S230, the encrypted version file is stored on a storage device, wherein the storage device is installed with a base system processed by the preprocessing method provided by the first aspect of the present disclosure.
In the processing method provided by the present disclosure, a binary file of an initial version file is encrypted by using a predetermined algorithm to obtain an encrypted version file, and the size of the file before and after encryption is not changed, that is, the size of the initial version file is the same as that of the encrypted version file. Compared with the prior art that each file in the initial version file of the embedded system is encrypted by using eCryptfs, the processing method provided by the disclosure occupies a smaller space for the encrypted version file obtained after each file in the initial version file is encrypted.
For a home gateway or other smart home products, the storage device is a flash, and the flash storage space is small, for example, eCryptfs is used to encrypt an initial version file of an embedded system of the home gateway or other smart home products, and a finally generated encrypted version file is large, which may affect normal operation and use of the home gateway or other smart home products. As described above, the processing method provided by the present disclosure is used to encrypt the initial version file of the embedded system, so that the obtained smaller encrypted version file is more suitable for devices with smaller flash storage space, such as home gateways or smart home products.
It should be noted that in the present disclosure, the encrypted version file is stored on the storage medium device installed with the preprocessed base system, as described above, in the base system, the source code file of the predetermined read-related instruction carries the check code. And when the received reading related instruction does not carry the check code, returning the encrypted data instead of the decrypted data. Therefore, even if someone maliciously logs in the corresponding electronic device or board, the decrypted key information (e.g., factory configuration information, device root user name, password, etc.) cannot be acquired.
Because the encrypted version file is obtained by encrypting the preset encryption algorithm and the corresponding key, the corresponding data in the encrypted version file can be decrypted by using the preset decryption algorithm corresponding to the preset encryption algorithm and the corresponding key, so that the decrypted data can be obtained, and the decryption method is relatively simple.
As described above, the decrypted data can be read by using the cat-hd instruction or ls-hd instruction, but the instruction which does not carry the verification data, such as the cat instruction or ls instruction, can only read the undecrypted data.
For home gateway products, the key index is throughput. In the related art, encrypting each file in the initial version file of the embedded system by using eCryptfs generates redundant data such as a file header. When the embedded system processes data, the file header generated by encryption also needs to be processed, thereby reducing the throughput of the embedded system. In the present disclosure, the embedded system is configured with the encrypted version file generated by the generation method provided by the present disclosure, and only protocol data needs to be processed when processing data, and redundant data does not need to be processed, thereby improving the throughput of the embedded system. In other words, the encrypted version file generated by the generation method provided by the present disclosure has no influence on the performance such as the throughput of the home gateway.
Optionally, as shown in fig. 3, the generating method may further include, before step S210:
in step S200, the initial version file is compiled and produced.
In the present disclosure, the content of the initial version file is not particularly limited, for example, the initial version file includes a plurality of system files including any of a kernel, an application, a library file, and a database file.
As an alternative, when the initial version file is compiled, the authority of the application program may also be defined, for example, part of the application program has the authority to read the decrypted data, and part of the application program does not have the authority to read the decrypted data.
That is, in step S200, the initial version file includes a plurality of application programs, a part of the plurality of application programs is configured with the right to read the decrypted data, and the rest of the plurality of application programs are not configured with the right to read the decrypted data.
When the encrypted data in the encrypted version file is read, whether the application program sending the reading related instruction has the permission to read the decrypted data or not is judged. If the read related instruction has the authority of reading the decrypted data, whether the read related instruction has the check data or not is judged, and when the read related instruction has the check data, the data pointed by the read related instruction is decrypted. When the reading related instruction does not have the right of reading the decrypted data, the subsequent decryption step is not executed.
In the present disclosure, how to perform step S210 is not particularly limited, and optionally, a compression tool is obtained by a compression method, and the initial version file is compressed by the compression tool (e.g., jffs2, squashfs) to generate the binary file.
In the related art, the original version file is compressed using a standard compression tool. Tools for cracking binary files compressed by standard compression tools also exist in the related art. For example, the compressed binary file may be content extracted using binwalk.
However, in the present disclosure, since the binary file of the initial version is encrypted, even if the encrypted version file generated by the generation method provided in the second aspect of the present disclosure is acquired, the encrypted version file cannot be decrypted and the binary file content of the version file cannot be extracted by using a decryption tool such as binwalk.
In the present disclosure, how to perform step S220 is not limited in particular, for example, an encryption algorithm may be selected, a corresponding key is configured, an encryption tool is made, and then the encryption tool is used to encrypt the binary file in units of a fixed size (e.g., 512 or 2048) to generate an encrypted version binary file (i.e., the encrypted version file).
In the present disclosure, the predetermined Encryption algorithm is not particularly limited, and as an optional algorithm, the predetermined Encryption algorithm may be an Advanced Encryption Standard (AES) algorithm. The key of the AES algorithm is longer, and the security of encryption by using the AES algorithm is higher.
As a third aspect of the present disclosure, there is provided a decryption method for data in an encrypted version file of an embedded system, wherein the encrypted version file is generated by the generation method provided in the second aspect of the present disclosure, as shown in fig. 4, the decryption method includes:
in step S310, it is determined whether the received read-related instruction carries the check data;
in step S320, when the received read related instruction carries the check data, the data pointed by the received read related instruction is decrypted according to a predetermined decryption algorithm corresponding to the predetermined encryption algorithm.
When the encrypted version file of the embedded system runs, the system driver reads the reading related instruction sent by the upper application from the hardware, and judges the reading related instruction through step S310. Only when the read-related instruction carries the check data, the read-related instruction is legal, and in this case, the data can be decrypted.
When it is determined in step S310 that the received read-related instruction does not carry the check data, the data pointed by the read-related instruction is not decrypted.
When someone maliciously logs in the single board (i.e. an embedded system) through a serial port or controls the single board through a Telnet or other remote control protocols, the read related instruction sent by the person does not carry the check data, so that the decrypted data cannot be obtained.
As an optional implementation manner, in the present disclosure, when it is determined that decryption of data is required, decryption is performed according to the predetermined decryption algorithm and the key in units of pages at the driver layer of the embedded system, without going through an encryption system such as eCryptfs system, which is related in the related art, which is equivalent to data in a bare-operation embedded system, not only is the algorithm simplified, but also the operation speed can be increased.
Therefore, compared with an embedded system provided with an eCryptfs system, the decryption method provided by the disclosure has smaller influence on the read-write speed of the embedded system.
In the present disclosure, step S320 is performed at the driving layer.
As described above, when the initial version file corresponding to the encrypted version file is created, some application programs have permission to read the decrypted data, and some application programs have no permission to read the decrypted data. This results in some processes requiring data decryption while the embedded system is running, but some processes do not. In order to increase the operating speed of the embedded system, optionally, as shown in fig. 5, the decryption method further includes, before step S310:
in step S300, it is determined whether the received read-related instruction has the right to acquire decrypted data.
When the received read-related instruction has the permission to acquire the decrypted data, the step of judging whether the received read-related instruction carries the check data is continuously executed (i.e. the step S310 is executed), and when the received read-related instruction does not have the permission to acquire the decrypted data (for example, an instruction sent by a non-root user does not have the permission to acquire the decrypted data), the step S310 may not be executed, so that unnecessary operations may be avoided, and the operating speed of the embedded system is improved.
In the related art, the version file is encrypted by using eCryptfs, in which case decryption is necessary when the version file is running as long as eCryptfs is configured, and compared with this, the decryption method for determining whether to decrypt according to the authority of the application program sending the read instruction provided by the present disclosure is more flexible.
In the present disclosure, the step of decrypting the data may be performed in the driver layer, and accordingly, the decryption method may further include, before step S300:
and reading the encrypted data pointed by the relevant instruction from the storage device.
And when the judgment result of the step S300 is no or the judgment result of the step S310 is no, directly returning the read encrypted data to the upper layer application.
As a fourth aspect of the present disclosure, there is provided a reading method in an encrypted version file of an embedded system, wherein the encrypted version file is generated by the generation method provided in the second aspect of the present disclosure, as shown in fig. 6, the reading method includes:
in step S410, after receiving the reading related instruction, the decryption method provided by the present disclosure is executed;
in step S420, when the decrypted data exists, the decrypted data is returned to the upper application that sent the read-related instruction.
When reading data, firstly judging the reading related instruction, when the reading related instruction meets the corresponding condition, decrypting the data pointed by the reading related instruction, and returning the decrypted data to the upper application sending the reading related instruction. When the received reading related instruction carries the check data, the reading related instruction is generated by the embedded system and is not generated by others maliciously logging in the embedded system, so the data in the encrypted version file of the embedded system can be prevented from being maliciously stolen by using the reading method provided by the disclosure.
Optionally, the following two cases are included when the received read-related instruction meets the corresponding condition:
in the first case, the received reading related instruction carries the check data;
in the second case, the received read-related instruction has the right to read data, and the received read-related instruction carries the check data.
The specific steps performed by the reading method when "decrypted data exists" are described above.
Accordingly, when the received read-related instruction does not meet the corresponding condition, there is no decrypted data.
In the present disclosure, no particular limitation is imposed on what kind of steps are performed after the decryption data does not exist. For example, when decrypted data is not present, an alert message or other prompt message may be generated directly. Alternatively, when there is no decrypted data, the encrypted data may be directly returned (step S430).
In the present disclosure, whether to decrypt data may be determined according to a received read-related instruction. Specifically, when the received reading related instruction does not have the right to read the decrypted data, the data is not decrypted; when the received reading related instruction has the right of reading the decrypted data but does not carry the verification data, the data is not decrypted.
In the present disclosure, whether the read-related instruction has a right to read decrypted data is determined according to an application program that issues the read-related instruction. When the application program has the right to read the decrypted data, the read instruction sent by the application program also has the right to read the decrypted data; when the application program does not have the right to read the decrypted data, the read instruction sent by the application program does not have the right to read the decrypted data.
The preprocessing method of the basic system, the generation method of the encrypted version, the decryption method of the data in the encrypted version file, and the reading method of the data in the encrypted version file provided by the present disclosure will be briefly described below with reference to a specific embedded system.
As shown in fig. 7, the embedded system includes an instruction receiving module 510, an encapsulating module 520, a compiling module 530, a compressing module 540, an encrypting module 550, a storage 560, a rights confirming module 570, a verifying module 580, and a data returning module 590.
After the instruction receiving module 510 receives the modification instruction, the encapsulation module 520 processes the source code file of the basic system, so that the predetermined reading related instruction carries the verification data, and finally obtains a preprocessed basic system, and installs the preprocessed basic system on the storage medium 560.
The encrypted version of the embedded system file runs in the context of the preprocessed base system.
How to generate the version file is described below:
the compiling module 530 compiles and makes an initial version file to generate various system files such as a kernel, an application program, a library file, a database file and the like;
the compression module 540 compresses the initial version file by using a compression tool to obtain a binary file;
the encryption module 550 encrypts the binary file by using an encryption tool corresponding to a predetermined encryption algorithm and configured with a corresponding key to obtain the encrypted version file;
the encrypted version file is stored on the storage 560.
When the encrypted version file runs, the driver of the embedded system reads data from the storage device 560 according to a reading related instruction sent by the upper layer application, and the method comprises the following steps:
the permission confirmation module 570 judges whether the received reading related instruction has permission to acquire decrypted data;
when the determination result of the right confirmation module 570 is yes, the check module 580 determines whether the received read-related instruction carries check data;
when the judgment result of the checking module 580 is yes, decrypting the data pointed by the received reading related instruction, and returning the decrypted data to the upper layer application;
when the judgment result of the right confirmation module 570 is negative, directly returning the undecrypted data;
when the judgment result of the check module 580 is negative, the undecrypted data is directly returned.
In this disclosure, a specific type of the embedded system is not particularly limited, and optionally, the embedded system may be at least one of a home gateway, a router, a smart home device, and the like.
As a sixth aspect of the present disclosure, there is provided an electronic apparatus including:
a storage device having at least one of a first executable program, a second executable program, a third executable program, and a fourth executable program stored thereon;
one or more processors, when the one or more processors call the first executable program, implementing the preprocessing method provided by the first aspect of the present disclosure, when the one or more processors call the second executable program, implementing the generation method provided by the second aspect of the present disclosure, when the one or more processors call the third executable program, implementing the decryption method provided by the fourth aspect of the present disclosure, and when the one or more processors call the fourth executable program, implementing the reading method provided by the fifth aspect of the present disclosure.
The electronic equipment is an embedded system. In the present disclosure, a basic system (e.g., a Linux system) of an electronic device is first preprocessed, so that a predetermined read-write related instruction in the processed basic system carries verification data.
When the initial version file of the embedded system is encrypted, the binary file obtained by compressing the initial version file can be directly encrypted by using an encryption algorithm to obtain an encrypted version file. The size of the encrypted version file is not increased, so that the storage space of the embedded system can be saved. When the encrypted version file runs, only when a reading related instruction carrying verification data is received, the step of decrypting the data pointed by the reading related instruction is executed. If the received reading related instruction does not carry the verification data, the related data is not decrypted, so that the data security in the version file can be ensured.
Optionally, the electronic device may further include one or more I/O interfaces connected between the processor and the memory, and configured to implement information interaction between the processor and the memory.
Wherein, the processor is a device with data processing capability, including but not limited to a Central Processing Unit (CPU) and the like; storage devices are devices with data storage capabilities including, but not limited to, random access memory (RAM, more specifically SDRAM, DDR, etc.), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), FLASH memory (FLASH); the I/O interface (read/write interface) is connected between the processor and the memory, and can realize information interaction between the processor and the memory, including but not limited to a data Bus (Bus) and the like.
In some embodiments, the processor, storage, and I/O interfaces are interconnected via a bus, which in turn connects with other components of the computing device.
As a seventh aspect of the present disclosure, there is provided a computer-readable storage medium having stored thereon an executable program capable of implementing any one of the following methods when the executable program is called:
the pretreatment method provided by the first aspect of the present disclosure;
the generation method provided by the second aspect of the disclosure;
the decryption method provided by the third aspect of the present disclosure;
the reading method provided by the fourth aspect of the present disclosure.
It will be understood by those of ordinary skill in the art that all or some of the steps of the methods disclosed above, functional modules/units in the apparatus, may be implemented as software, firmware, hardware, and suitable combinations thereof. In a hardware implementation, the division between functional modules/units mentioned in the above description does not necessarily correspond to the division of physical components; for example, one physical component may have multiple functions, or one function or step may be performed by several physical components in cooperation. Some or all of the physical components may be implemented as software executed by a processor, such as a central processing unit, digital signal processor, or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on computer readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media). The term computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data, as is well known to those of ordinary skill in the art. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, Digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can accessed by a computer. In addition, communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media as known to those skilled in the art.
Example embodiments have been disclosed herein, and although specific terms are employed, they are used and should be interpreted in a generic and descriptive sense only and not for purposes of limitation. In some instances, features, characteristics and/or elements described in connection with a particular embodiment may be used alone or in combination with features, characteristics and/or elements described in connection with other embodiments, unless expressly stated otherwise, as would be apparent to one skilled in the art. It will, therefore, be understood by those skilled in the art that various changes in form and details may be made therein without departing from the scope of the invention encompassed by the appended claims.

Claims (13)

1. A preprocessing method of a basic system of an embedded system comprises the following steps:
receiving a modification instruction;
and processing the source code of the preset reading related instruction in the source code file of the basic system according to the modification instruction to obtain the reading related instruction carrying the verification data.
2. The pre-processing method according to claim 1, wherein the base system is a Linux system.
3. The preprocessing method according to claim 2, wherein the predetermined read-related instruction comprises a cat instruction and/or an ls instruction.
4. A method for generating an encrypted version file of an embedded system comprises the following steps:
compressing the initial version file to obtain a binary file;
encrypting the binary file by using a preset encryption algorithm to obtain an encrypted version file;
storing the encrypted version file on a storage device, wherein the storage device is provided with a basic system preprocessed by the preprocessing method of any one of claims 1 to 3.
5. The generation method of claim 4, wherein the generation method further comprises, prior to the step of compressing the initial version file:
and compiling to manufacture the initial version file.
6. The generation method according to claim 5, wherein the initial version file includes a plurality of application programs, and in the compiling step of creating the initial version file, some of the plurality of application programs are configured with a right to read the decrypted data, and the remaining application programs are not configured with a right to read the decrypted data.
7. A decryption method of data in an encrypted version file of an embedded system, wherein the encrypted version file is generated by the generation method provided by any one of claims 4 to 6, the decryption method comprising:
judging whether the received reading related instruction carries the check data or not;
and when the received reading related instruction carries the verification data, decrypting the data pointed by the received reading related instruction according to a preset decryption algorithm corresponding to the preset encryption algorithm.
8. The decryption method according to claim 7, wherein the encrypted version file is generated by the generation method of claim 6, and the decryption method further comprises, before the step of determining whether the received read-related instruction carries the check data:
judging whether the received reading related instruction has the authority of acquiring the decrypted data;
and when the received reading related instruction has the right of acquiring the decrypted data, executing the step of judging whether the received reading related instruction carries the verification data.
9. The decryption method according to claim 8, wherein the decryption method further comprises, before the step of determining whether the received read-related instruction has the right to acquire the decrypted data:
and reading the encrypted data pointed by the relevant instruction from the storage device.
10. A method for reading data in an encrypted version file of an embedded system, wherein the encrypted version file is generated by the generation method provided in any one of claims 4 to 6, and the reading method comprises:
after receiving the reading related instruction, executing the decryption method of any one of claims 7 to 9;
and when the decrypted data exists, returning the decrypted data to the upper-layer application which sends the reading related instruction.
11. The reading method according to claim 10, wherein when the received reading-related instruction does not carry the check data, the encrypted data pointed by the reading-related instruction is returned to an upper-layer application that sent the reading-related instruction.
12. An electronic device, the electronic device comprising:
a storage device having at least one of a first executable program, a second executable program, a third executable program, and a fourth executable program stored thereon;
one or more processors implementing the preprocessing method of any one of claims 1 to 3 when said one or more processors call said first executable program, implementing the generation method of any one of claims 4 to 6 when said one or more processors call said second executable program, implementing the decryption method of any one of claims 7 to 9 when said one or more processors call said third executable program, and implementing the reading method of claim 10 or 11 when said one or more processors call said fourth executable program.
13. A computer readable storage medium having stored thereon an executable program which, when invoked, enables any one of the following methods:
the pretreatment method according to any one of claims 1 to 3;
the generation method of any one of claims 4 to 6;
the decryption method of any one of claims 7 to 9;
the reading method of claim 10 or 11.
CN202011066189.6A 2020-09-30 2020-09-30 Preprocessing method, processing method, decryption and reading method, device and medium Pending CN114329353A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202011066189.6A CN114329353A (en) 2020-09-30 2020-09-30 Preprocessing method, processing method, decryption and reading method, device and medium
PCT/CN2021/120296 WO2022068693A1 (en) 2020-09-30 2021-09-24 Preprocessing method, processing method, decrypting and reading methods, device, and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011066189.6A CN114329353A (en) 2020-09-30 2020-09-30 Preprocessing method, processing method, decryption and reading method, device and medium

Publications (1)

Publication Number Publication Date
CN114329353A true CN114329353A (en) 2022-04-12

Family

ID=80951118

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011066189.6A Pending CN114329353A (en) 2020-09-30 2020-09-30 Preprocessing method, processing method, decryption and reading method, device and medium

Country Status (2)

Country Link
CN (1) CN114329353A (en)
WO (1) WO2022068693A1 (en)

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9342705B1 (en) * 2014-01-13 2016-05-17 Symantec Corporation Systems and methods for searching shared encrypted files on third-party storage systems
CN104268483B (en) * 2014-09-19 2017-04-19 福州瑞芯微电子股份有限公司 Data protecting system, device and method
CN106375466A (en) * 2016-09-14 2017-02-01 金蝶软件(中国)有限公司 Data file transmission method and device
CN106506493A (en) * 2016-10-27 2017-03-15 摩登大道时尚电子商务有限公司 Data processing method based on block platform chain
CN111538995B (en) * 2020-04-26 2021-10-29 支付宝(杭州)信息技术有限公司 Data storage method and device and electronic equipment

Also Published As

Publication number Publication date
WO2022068693A1 (en) 2022-04-07

Similar Documents

Publication Publication Date Title
CN111723383B (en) Data storage and verification method and device
US8844049B2 (en) Method for generating a cryptographic key for a protected digital data object on the basis of current components of a computer
US7360241B1 (en) Cryptographic policy filters and policy control method and apparatus
US10650168B2 (en) Data processing device
CN111680305A (en) Data processing method, device and equipment based on block chain
US20070028115A1 (en) Method for guaranteeing the integrity and authenticity of flashware for control devices
CN109445705A (en) Firmware authentication method and solid state hard disk
CN109787768A (en) A kind of authentication configuration method, device and computer readable storage medium
CN111259364B (en) Method, device, equipment and storage medium for using national secret encryption card
CN116522358A (en) Data encryption method, device, computing equipment and storage medium
CN108416224A (en) A kind of data encryption/decryption method and device
CN110533128B (en) Encryption-based anti-counterfeiting traceability data processing method, device, system and medium
CN114189862A (en) Wireless terminal and interface access authentication method of wireless terminal in Uboot mode
CN116644485A (en) Anti-counterfeiting authentication method and device for server memory, electronic equipment and storage medium
CN114329353A (en) Preprocessing method, processing method, decryption and reading method, device and medium
CN116049318A (en) Data storage method and communication device
CN112118109B (en) Method and device for authenticating port of removable disk and removable disk
CN113642046A (en) Method and equipment for issuing operation and maintenance lists in batches
CN113159952A (en) Method, system, device and storage medium for storing digital assets based on block chain
US10318766B2 (en) Method for the secured recording of data, corresponding device and program
CN117113437B (en) File tampering detection method and device, computer equipment and storage medium
CN116451257B (en) Encryption method and system for database data and electronic equipment
US11899776B2 (en) Electronic device and method for authenticating software based on blockchain
US20230153470A1 (en) Method for processing digital information
CN117540348A (en) Method for generating and verifying software authorization file

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination