CN115016819A - Method for realizing firmware upgrade, authority management equipment and chip - Google Patents

Method for realizing firmware upgrade, authority management equipment and chip Download PDF

Info

Publication number
CN115016819A
CN115016819A CN202210708664.8A CN202210708664A CN115016819A CN 115016819 A CN115016819 A CN 115016819A CN 202210708664 A CN202210708664 A CN 202210708664A CN 115016819 A CN115016819 A CN 115016819A
Authority
CN
China
Prior art keywords
chip
firmware
upgraded
authority management
random number
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210708664.8A
Other languages
Chinese (zh)
Inventor
张同
刘波
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Datang Microelectronics Technology Co Ltd
Original Assignee
Datang Microelectronics Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Datang Microelectronics Technology Co Ltd filed Critical Datang Microelectronics Technology Co Ltd
Priority to CN202210708664.8A priority Critical patent/CN115016819A/en
Publication of CN115016819A publication Critical patent/CN115016819A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • G06F21/445Program or device authentication by mutual authentication, e.g. between devices or programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The document discloses a method, a permission management device and a chip for realizing firmware upgrade, comprising: performing bidirectional authentication on the authority management equipment in which the firmware file is stored in advance and the chip to be upgraded; when the two-way authentication is passed, the authority management equipment and the chip to be upgraded perform key agreement to obtain a temporary key for encrypting the firmware file; the authority management equipment encrypts the firmware file stored in the authority management equipment through the obtained temporary secret key to obtain firmware ciphertext data; and the authority management equipment sends the encrypted firmware ciphertext data to the chip to be upgraded so that the chip to be upgraded performs firmware upgrade according to the firmware ciphertext data. The embodiment of the invention carries out bidirectional authentication and key agreement with the chip to be upgraded through the newly added authority management equipment, thereby avoiding the firmware file leakage caused by man-in-the-middle attack when only the key agreement is adopted and improving the security of firmware upgrade.

Description

Method for realizing firmware upgrade, authority management equipment and chip
Technical Field
The present disclosure relates to, but not limited to, embedded chip technologies, and in particular, to a method, an authority management device, and a chip for upgrading firmware.
Background
Most of embedded chips in the market at present do not support ciphertext downloading, and an attacker can easily recover the firmware of the chip by collecting, arranging and transmitting data in the process of transmission, steal the achievements of a firmware developer and infringe the legal rights and interests of the developer.
With the development of embedded chip technology, the design and production process of embedded products is subdivided; and (4) carrying out application design by a chip application designer, and carrying out final product production by a manufacturer. Chip application design manufacturers wish to control the entire life cycle of embedded products; the method mainly comprises an online or offline downloading mode provided according to whether the embedded chip supports the upgrade of the security firmware. Fig. 1 and 2 are schematic diagrams of firmware downloading in the related art, and referring to fig. 1 and 2, if an embedded chip cannot support secure firmware downloading upgrade, an unsecured downloaded embedded chip is connected with a downloading device to realize firmware downloading; part of embedded chips provide a firmware downloading mode, before downloading, key negotiation is carried out in a key Exchange (ECDH) mode, but the ECDH mode cannot prevent a man-in-the-middle attack mode from leaking firmware codes; at this time, the chip application design manufacturer may have a risk of firmware code leakage during online upgrade or offline upgrade. Before downloading the firmware, the embedded chip which is safely downloaded downloads the firmware after carrying out communication authentication with downloading equipment; the embedded chip with the safe downloading function can protect the integrity and the privacy of the firmware of the embedded chip in the transmission process, but the firmware code needs to be provided for a third party when the third party is entrusted to produce, so that the risk of firmware code leakage is increased, and the life cycle of firmware downloading cannot be effectively managed by controlling the downloading times of the firmware.
In summary, how to realize the secure downloading of the firmware and perform the lifecycle management on the firmware becomes a problem to be solved.
Disclosure of Invention
The following is a summary of the subject matter described in detail herein. This summary is not intended to limit the scope of the claims.
The embodiment of the invention provides a method for realizing firmware upgrading, an authority management device and a chip, which can realize the safe downloading of firmware.
The embodiment of the invention provides a method for realizing firmware upgrading, which comprises the following steps:
performing bidirectional authentication on the authority management equipment in which the firmware file is stored in advance and the chip to be upgraded;
when the two-way authentication is passed, the authority management equipment and the chip to be upgraded perform key agreement to obtain a temporary key for encrypting the firmware file;
the authority management equipment encrypts the firmware file stored in the authority management equipment through the obtained temporary secret key to obtain firmware ciphertext data;
and the authority management equipment sends the encrypted firmware ciphertext data to the chip to be upgraded so that the chip to be upgraded performs firmware upgrade according to the firmware ciphertext data.
On the other hand, an embodiment of the present invention further provides a method for implementing firmware upgrade, including:
the chip to be upgraded and the authority management equipment in which the firmware file is stored in advance carry out bidirectional authentication;
when the two-way authentication is passed, the chip to be upgraded and the authority management equipment perform key agreement to obtain a temporary key for encrypting the firmware file;
the chip to be upgraded receives the firmware ciphertext data from the authority management equipment and upgrades the firmware according to the received firmware ciphertext data;
wherein the firmware ciphertext data are: and the authority management equipment encrypts the firmware file according to the temporary key to obtain data.
In another aspect, an embodiment of the present invention further provides an authority management device, storing a firmware file for firmware upgrade of a chip to be upgraded, including: the system comprises a first bidirectional authentication unit, a first key negotiation unit, a first encryption unit and a sending unit; wherein,
the first bidirectional authentication unit is configured to: performing bidirectional authentication with a chip to be upgraded;
the first key agreement unit is arranged to: when the first bidirectional authentication unit and the chip to be upgraded pass the bidirectional authentication, performing key agreement with the chip to be upgraded to obtain a temporary key for encrypting the firmware file;
the first encryption unit is configured to: encrypting the obtained temporary key firmware file to obtain firmware ciphertext data;
the sending unit is configured to: and sending the encrypted firmware ciphertext data to the chip to be upgraded so that the chip to be upgraded performs firmware upgrade according to the firmware ciphertext data.
In another aspect, an embodiment of the present invention further provides a chip, including: the second bidirectional authentication unit, the second key negotiation unit and the upgrading unit; wherein,
the second bidirectional authentication unit is configured to: performing bidirectional authentication with authority management equipment in which firmware files are stored in advance;
the second key negotiation unit is arranged to: when the second bidirectional authentication unit passes the bidirectional authentication, the chip to be upgraded and the authority management device perform key agreement to obtain a temporary key for encrypting the firmware file;
the upgrading unit is set as follows: receiving firmware ciphertext data from the authority management equipment, and upgrading the firmware according to the received firmware ciphertext data;
wherein the firmware ciphertext data are: and the authority management equipment encrypts the firmware file according to the temporary key to obtain data.
The technical scheme of the application includes: performing bidirectional authentication on the authority management equipment in which the firmware file is stored in advance and the chip to be upgraded; when the two-way authentication is passed, the authority management equipment and the chip to be upgraded perform key agreement to obtain a temporary key for encrypting the firmware file; the authority management equipment encrypts the firmware file stored in the authority management equipment through the obtained temporary secret key to obtain firmware ciphertext data; and the authority management equipment sends the encrypted firmware ciphertext data to the chip to be upgraded so that the chip to be upgraded performs firmware upgrade according to the firmware ciphertext data. The embodiment of the invention carries out bidirectional authentication and key agreement with the chip to be upgraded through the newly added authority management equipment, thereby avoiding the firmware file leakage caused by man-in-the-middle attack when only the key agreement is adopted and improving the security of firmware upgrade.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by the practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
Drawings
The accompanying drawings are included to provide a further understanding of the present invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the example serve to explain the principles of the invention and are not intended to limit the invention.
FIG. 1 is a diagram illustrating a related art firmware download;
FIG. 2 is a diagram illustrating another firmware download according to the related art;
FIG. 3 is a flowchart of a method for upgrading firmware according to an embodiment of the present invention;
FIG. 4 is a diagram illustrating the components of a rights management device according to an embodiment of the present invention;
FIG. 5 is an interaction diagram of mutual authentication and key agreement according to an embodiment of the present invention;
FIG. 6 is a diagram of a firmware upgrade system according to an embodiment of the present invention;
FIG. 7 is a flowchart of another method for implementing firmware upgrade according to an embodiment of the present invention;
FIG. 8 is a diagram illustrating firmware upgrade according to an embodiment of the present invention;
FIG. 9 is a block diagram of a rights management device according to an embodiment of the present invention;
FIG. 10 is a block diagram of a chip according to an embodiment of the invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, embodiments of the present invention will be described in detail below with reference to the accompanying drawings. It should be noted that the embodiments and features of the embodiments in the present application may be arbitrarily combined with each other without conflict.
The steps illustrated in the flow charts of the figures may be performed in a computer system such as a set of computer-executable instructions. Also, while a logical order is shown in the flow diagrams, in some cases, the steps shown or described may be performed in an order different than here.
Fig. 3 is a flowchart of a method for implementing firmware upgrade according to an embodiment of the present invention, as shown in fig. 3, including:
301, performing bidirectional authentication on the authority management device with the firmware file stored in advance and the chip to be upgraded;
step 302, when the bidirectional authentication is passed, the authority management device and the chip to be upgraded perform key agreement to obtain a temporary key for encrypting the firmware file;
step 303, encrypting the firmware file stored in the authority management device by the obtained temporary key to obtain firmware ciphertext data;
and step 304, the authority management device sends the encrypted firmware ciphertext data to the chip to be upgraded so that the chip to be upgraded performs firmware upgrade according to the firmware ciphertext data.
In an exemplary embodiment, a chip to be upgraded according to an embodiment of the present invention includes: and (4) an embedded chip to be upgraded.
The embodiment of the invention takes the authority management equipment as a safety carrier for downloading the firmware file, can be used as a KEY (KEY) of an online downloading server during online downloading, and can be used as offline downloading equipment during offline downloading. The embodiment of the invention carries out bidirectional authentication and key agreement with the chip to be upgraded through the newly added authority management equipment, thereby avoiding the firmware file leakage caused by man-in-the-middle attack when only the key agreement is adopted and improving the security of firmware upgrade.
In an exemplary embodiment, the bidirectional authentication between the rights management device and the chip to be upgraded according to the embodiment of the present invention includes:
and the authority management equipment performs bidirectional authentication with the chip to be upgraded through a symmetric algorithm.
The embodiment of the invention adopts a symmetric algorithm to carry out bidirectional authentication based on the process of upgrading the firmware of the chip to be upgraded, and improves the safety of upgrading the firmware through a high-speed and simple bidirectional authentication process. In an illustrative example, embodiments of the invention may perform mutual authentication based on an asymmetric algorithm.
In an exemplary example, the rights management device according to the embodiment of the present invention may include a memory chip and a security chip, and fig. 4 is a schematic diagram of the rights management device according to the embodiment of the present invention, where as shown in fig. 4, the memory chip is used to store a firmware file, and the security chip is used to perform mutual authentication and key agreement. The secure chip internally supports functions such as asymmetric algorithms (error correction code (ECC), elliptic curve public key cryptography algorithm (SM2) and RSA (RSA is an algorithm proposed by lenard-li witter (Ron Rivest), addi samor (Adi Shamir) and lenard-Adleman (leonarard Adleman)), symmetric algorithms (advanced encryption standard (AES), Data Encryption Standard (DES), triple data encryption algorithm (3DES) and block cipher algorithm (SM4)), digest algorithms (HASH) and cipher HASH algorithm (SM3)), random numbers, and the like.
In an illustrative example, the rights management device in the embodiment of the invention is composed of the storage chip and the security chip shown in fig. 4, and the lifecycle management function may be executed by the security chip. In an exemplary embodiment, the data related to the life cycle management may be stored by a security chip, and the security of the critical data is ensured by the security chip.
In an illustrative example, a method of an embodiment of the present invention further includes:
the authority management equipment encrypts the stored firmware file through a pre-configured storage key; the firmware file is decrypted through the storage key before being encrypted through the temporary key, and the storage safety of the firmware file is improved through the encryption processing of the storage key.
In an exemplary embodiment, embodiments of the present invention may perform key agreement based on the result of mutual authentication.
In an illustrative example, a method of an embodiment of the present invention further includes:
and the authority management device performs life cycle management on the stored firmware file.
In an exemplary embodiment, the bidirectional authentication between the rights management device and the chip to be upgraded through a symmetric algorithm in the embodiments of the present invention includes:
the rights management device reads first data (EKr1(R1+ SN)) encrypted according to a first root key (Kr1) from the chip to be upgraded and decrypts the first data (EKr1(R1+ SN)) by means of a second root key (Kr2) to obtain a first random number (R1) and a chip unique identifier (SN); the first root key and the second root key are the same preset root key; the second root key is stored in the authority management equipment, and the first root key is stored in the chip to be upgraded; the first data is data obtained by encrypting the first random number and the chip unique identifier by the first root key (EKr1(R1+ SN));
when the authority management device determines that the chip unique identifier obtained by decryption is valid according to the chip unique identifier of the chip to be upgraded, which is stored in advance, a second random number (R2) is generated;
the right management device encrypts the first random number (R1) and the generated second random number (R2) by decrypting the obtained first random number (R1) to generate first encrypted data ER1(R1+ R2); transmitting the generated first encrypted data (ER1(R1+ R2)) to the chip to be upgraded;
the authority management device receives the second encrypted data ER2(R2) from the chip to be upgraded and decrypts the received second encrypted data ER2(R2) according to the generated second random number to obtain the second random number in the second encrypted data ER2(R2), and when the second random number obtained by decrypting the second encrypted data ER2(R2) is the same as the second random number generated by the authority management device, the bidirectional authentication is determined to be passed;
wherein the second encrypted data is: the chip to be upgraded decrypts the first encrypted data by the first random number of the chip to be upgraded, and encrypts data obtained by the second random number according to the second random number (R2) obtained by decryption when the first random number of the chip to be upgraded is the same as the first random number obtained by decryption.
In an exemplary embodiment, the performing, by an authority management device and a chip to be upgraded, key agreement according to the embodiment of the present invention includes:
the authority management equipment and the chip to be upgraded perform cross transposition processing on the first random number and the second random number to obtain a third random number;
and calculating the third random number according to a preset calculation rule to obtain a temporary secret key.
In an exemplary embodiment, the embodiment of the present invention performs hash calculation on the third random number to obtain the temporary key. Fig. 5 is an interaction schematic diagram of mutual authentication and key agreement according to an embodiment of the present invention, and as shown in fig. 5, the rights management device and the chip to be upgraded perform mutual authentication through a first root key, a second root key, a first random number, a second random number, and a chip unique identifier according to an embodiment of the present invention.
In an illustrative example, a method of an embodiment of the present invention further includes:
the authority management equipment sends interaction information between the authority management equipment and a chip to be upgraded to a preset terminal so that the preset terminal can transmit the received interaction information;
wherein, the mutual information includes: and carrying out bidirectional authentication on the communication information and/or transmitting the firmware ciphertext data to the transmission instruction information of the chip to be upgraded.
The embodiment of the invention visually displays the progress of firmware upgrading by sending the interactive information to the preset terminal and transmitting the interactive information.
The firmware upgrading system comprises a terminal for transmitting interactive information, a chip to be upgraded and an authority management device; when the firmware is upgraded, the system is delivered to a third-party producer.
Fig. 6 is a schematic diagram of a firmware upgrading system according to an embodiment of the present invention, and as shown in fig. 6, a terminal for transparently transmitting interactive information is connected between an authority management device and a chip to be upgraded; in an illustrative example, the terminal for transmitting the interactive information is connected with the authority management device through a multi-bus communication interface; and the terminal for transmitting the interactive information is connected with the chip to be upgraded through an interface supporting firmware downloading.
In an illustrative example, a rights management device in accordance with embodiments of the invention provides a variety of bus interfaces including, but not limited to: and the communication receiving is carried out by an integrated circuit bus (IIC), a Serial Peripheral Interface (SPI), an asynchronous serial interface (UART), a Universal Serial Bus (USB) and the like.
The firmware file in the embodiment of the invention can be stored after being encrypted by the security chip in the authority management equipment, so that the security of the firmware file is protected. The authority management device can support online and offline firmware downloading, so that the authority management device can be adapted to various use scenes; through the control and the transmission control of the firmware downloading life cycle, the leakage of the firmware file is avoided, and the safety of the firmware file in the firmware upgrading process is improved.
Fig. 7 is a flowchart of another method for implementing firmware upgrade according to an embodiment of the present invention, as shown in fig. 7, including:
step 701, performing bidirectional authentication on a chip to be upgraded and an authority management device in which a firmware file is stored in advance;
step 702, when the bidirectional authentication is passed, the chip to be upgraded and the authority management device perform key agreement to obtain a temporary key for encrypting the firmware file;
703, receiving the firmware ciphertext data from the authority management equipment by the chip to be upgraded, and upgrading the firmware according to the received firmware ciphertext data;
the firmware ciphertext data is as follows: and the authority management device encrypts the firmware file according to the temporary key to obtain data.
The embodiment of the invention carries out bidirectional authentication and key agreement with the chip to be upgraded through the newly added authority management equipment, thereby avoiding the firmware file leakage caused by man-in-the-middle attack when only the key agreement is adopted and improving the security of firmware upgrade.
Fig. 8 is a schematic diagram of firmware upgrade according to an embodiment of the present invention, and as shown in fig. 8, for a chip to be upgraded having a secure ciphertext download function, the firmware upgrade according to the embodiment of the present invention includes:
step 801, performing bidirectional authentication and key agreement on a chip to be upgraded and an authority management device to determine a temporary key;
step 802, a security chip in the authority management device reads a firmware file from a storage chip and decrypts the firmware file through a storage key;
step 803, the authority management device encrypts the firmware file obtained by decryption through the temporary key to obtain firmware ciphertext data;
step 804, downloading the firmware cipher text data by the chip to be upgraded, and carrying out integrity detection after downloading the firmware cipher text data; in an exemplary embodiment, the integrity check may be performed by a digest algorithm; including but not limited to: and carrying out integrity check according to the abstract value of the firmware ciphertext data.
And 805, after the integrity of the firmware ciphertext data is detected by the chip to be upgraded, upgrading the firmware through the firmware ciphertext data after the integrity detection.
In an exemplary embodiment, before bidirectional authentication is performed between a chip to be upgraded and an authority management device in which a firmware file is stored in advance, the method in the embodiment of the present invention further includes:
when the chip to be upgraded is an unsecure downloaded chip, loading a preset secondary Boot file in the chip to be upgraded so that the chip to be upgraded has one or any combination of the following functions: bidirectional authentication, key agreement and firmware ciphertext data downloading;
it should be noted that, in the embodiment of the present invention, a secondary Boot file may be designed and implemented according to the security requirement of firmware download and the chip characteristics; how to realize ciphertext downloading and integrity detection can be realized by referring to related technology design.
In an exemplary embodiment, a preset secondary Boot file is loaded in a chip to be upgraded according to the embodiment of the present invention, and the chip to be upgraded has a function of detecting integrity of firmware.
In an exemplary embodiment, when a chip to be upgraded is a chip supporting secure downloading, a source Boot file in the chip to be upgraded enables the chip to be upgraded to have one or any combination of the following functions: bidirectional authentication, key agreement, firmware cipher text downloading and integrity detection of firmware.
In an exemplary embodiment, after the chip to be upgraded performs key agreement with the rights management device, the method according to the embodiment of the present invention further includes:
after receiving the first encrypted data from the authority management device, the chip to be upgraded decrypts the first encrypted data ER1(R1+ R2) by using a first random number (R1) of the chip to be upgraded;
comparing that the first random number of the user is the same as the first random number obtained by decryption, and reading a second random number (R2) in the data obtained by decryption;
encrypting the second random number (R2) according to the second random number (R2) obtained by the decryption, obtaining second encrypted data ER2(R2), and transmitting the obtained second encrypted data ER2(R2) to the rights management device;
in an exemplary embodiment, when the chip to be upgraded is a chip that does not support secure downloading, the method according to the embodiment of the present invention further includes:
and calculating to obtain a first random number according to the unique Serial Number (SN) of the chip to be upgraded and the dispersion factor in the secondary boot.
In an exemplary embodiment, the first random number is obtained by a hash calculation from the SN and the dispersion factor.
The chip which does not support the safe downloading of the embodiment of the invention obtains the first random number through calculation, and provides data support for realizing the bidirectional authentication.
Fig. 9 is a block diagram of an authority management device according to an embodiment of the present invention, which stores a firmware file for firmware upgrade of a chip to be upgraded, and includes: the system comprises a first bidirectional authentication unit, a first key negotiation unit, a first encryption unit and a sending unit; wherein,
the first bidirectional authentication unit is configured to: performing bidirectional authentication with a chip to be upgraded;
the first key agreement unit is arranged to: when the first bidirectional authentication unit and the chip to be upgraded pass the bidirectional authentication, performing key agreement with the chip to be upgraded to obtain a temporary key for encrypting the firmware file;
the first encryption unit is configured to: encrypting the obtained temporary key firmware file to obtain firmware ciphertext data;
the sending unit is configured to: and sending the encrypted firmware ciphertext data to the chip to be upgraded so that the chip to be upgraded performs firmware upgrade according to the firmware ciphertext data.
In an exemplary embodiment, the rights management device in the embodiment of the present invention further includes a lifecycle management unit, configured to:
and performing life cycle management on the stored firmware file.
In an exemplary embodiment, the first bidirectional authentication unit of the embodiment of the present invention is configured to: and the authority management equipment performs bidirectional authentication with the chip to be upgraded through a symmetric algorithm.
In an exemplary embodiment, the first bidirectional authentication unit of the embodiment of the present invention is configured to:
the authority management equipment reads first data encrypted according to the first root secret key from the chip to be upgraded and decrypts the first data through the second root secret key to obtain a first random number and a chip unique identifier;
the authority management equipment generates a second random number when determining that the chip unique identifier obtained by decryption is valid according to the chip unique identifier of the chip to be upgraded which is stored in advance;
the authority management equipment encrypts the first random number obtained by decryption and the generated second random number through the first random number obtained by decryption to generate first encrypted data; sending the generated first encrypted data to a chip to be upgraded;
the authority management equipment receives second encrypted data from the chip to be upgraded and decrypts the received second encrypted data according to the generated second random number to obtain a second random number in the second encrypted data, and when the second random number obtained by decrypting the second encrypted data is the same as the second random number generated by the authority management equipment, the two-way authentication is determined to be passed;
the first root key and the second root key are the same preset root key; the second root secret key is stored in the authority management equipment; the first data is obtained by encrypting a first random number and a chip unique identifier by a first root key; the second encrypted data is: and the chip to be upgraded decrypts the first encrypted data through the first random number of the chip to be upgraded, and encrypts the data obtained by the second random number according to the second random number obtained by decryption when the first random number of the chip to be upgraded is the same as the first random number obtained by decryption.
In an exemplary embodiment, a first key agreement unit according to an embodiment of the present invention is configured to:
the authority management equipment and the chip to be upgraded perform cross transposition processing on the first random number and the second random number to obtain a third random number;
and calculating the third random number according to a preset calculation rule to obtain a temporary secret key.
FIG. 10 is a block diagram of a chip according to an embodiment of the present invention, including: the second bidirectional authentication unit, the second key negotiation unit and the upgrading unit; wherein,
the second bidirectional authentication unit is configured to: performing bidirectional authentication with authority management equipment in which firmware files are stored in advance;
the second key agreement unit is arranged to: when the second bidirectional authentication unit passes the bidirectional authentication, the chip to be upgraded and the authority management equipment perform key agreement to obtain a temporary key for encrypting the firmware file;
the upgrading unit is set as follows: receiving firmware ciphertext data from the authority management equipment, and upgrading the firmware according to the received firmware ciphertext data;
the firmware ciphertext data is as follows: and the authority management device encrypts the firmware file according to the temporary key to obtain data.
In an exemplary embodiment, the chip to be upgraded according to the embodiment of the present invention further includes a loading unit, configured to:
loading a preset secondary Boot file to ensure that the chip to be upgraded has the following functions or any combination: bidirectional authentication, key agreement and firmware ciphertext data download.
In an exemplary embodiment, the chip to be upgraded according to the embodiment of the present invention further includes a second encryption unit, configured to:
after receiving the first encrypted data from the authority management device, decrypting the first encrypted data by using a first random number of the first encrypted data; comparing that the first random number of the user is the same as the first random number obtained by decryption, and reading a second random number in the data obtained by decryption; and encrypting the second random number according to the decrypted second random number to obtain second encrypted data, and sending the obtained second encrypted data to the authority management device.
It will be understood by those of ordinary skill in the art that all or some of the steps of the methods, systems, functional modules/units in the devices disclosed above may be implemented as software, firmware, hardware, and suitable combinations thereof. In a hardware implementation, the division between functional modules/units mentioned in the above description does not necessarily correspond to the division of physical components; for example, one physical component may have multiple functions, or one function or step may be performed by several physical components in cooperation. Some or all of the components may be implemented as software executed by a processor, such as a digital signal processor or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on computer readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media). The term computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data, as is well known to those skilled in the art. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, Digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can accessed by a computer. In addition, communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media as known to those skilled in the art.

Claims (10)

1. A method of implementing a firmware upgrade, comprising:
performing bidirectional authentication on the authority management equipment in which the firmware file is stored in advance and the chip to be upgraded;
when the two-way authentication is passed, the authority management equipment and the chip to be upgraded perform key agreement to obtain a temporary key for encrypting the firmware file;
the authority management equipment encrypts the firmware file stored in the authority management equipment through the obtained temporary secret key to obtain firmware ciphertext data;
and the authority management equipment sends the encrypted firmware ciphertext data to the chip to be upgraded so that the chip to be upgraded performs firmware upgrade according to the firmware ciphertext data.
2. The method of claim 1, further comprising:
and the authority management equipment performs life cycle management on the stored firmware file.
3. The method according to claim 1 or 2, wherein the authorization management device performs mutual authentication with the chip to be upgraded, and the method comprises the following steps:
and the authority management equipment performs the bidirectional authentication with the chip to be upgraded through a symmetric algorithm.
4. The method according to claim 3, wherein the bidirectional authentication between the rights management device and the chip to be upgraded is performed through a symmetric algorithm, and comprises:
the authority management equipment reads first data encrypted according to a first root key from the chip to be upgraded and decrypts the first data through a second root key to obtain a first random number and a chip unique identifier;
the authority management equipment generates a second random number when determining that the chip unique identifier obtained by decryption is valid according to the chip unique identifier of the chip to be upgraded which is stored in advance;
the authority management equipment encrypts the first random number obtained by decryption and the generated second random number through the first random number obtained by decryption to generate first encrypted data; sending the generated first encrypted data to the chip to be upgraded;
the authority management equipment receives second encrypted data from the chip to be upgraded and decrypts the received second encrypted data according to the generated second random number to obtain a second random number in the second encrypted data, and when the second random number obtained by decrypting the second encrypted data is the same as the second random number generated by the authority management equipment, the two-way authentication is determined to be passed;
the first root key and the second root key are preset same root keys; the second root key is stored in the authority management device; the first data is obtained by encrypting a first random number and a chip unique identifier by a first root key; the second encrypted data is: and the chip to be upgraded decrypts the first encrypted data through the first random number of the chip to be upgraded, and encrypts data obtained by the second random number according to the second random number obtained by decryption when the first random number of the chip to be upgraded is the same as the first random number obtained by decryption.
5. The method of claim 4, wherein the performing key agreement between the rights management device and the chip to be upgraded comprises:
the authority management device and the chip to be upgraded perform cross transposition processing on the first random number and the second random number to obtain a third random number;
and calculating the third random number according to a preset calculation rule to obtain the temporary secret key.
6. A method of implementing a firmware upgrade, comprising:
the chip to be upgraded and the authority management equipment in which the firmware file is stored in advance carry out bidirectional authentication;
when the two-way authentication is passed, the chip to be upgraded and the authority management equipment perform key agreement to obtain a temporary key for encrypting the firmware file;
the chip to be upgraded receives the firmware ciphertext data from the authority management equipment and upgrades the firmware according to the received firmware ciphertext data;
wherein the firmware ciphertext data is: and the authority management equipment encrypts the firmware file according to the temporary key to obtain data.
7. The method as claimed in claim 6, wherein before the chip to be upgraded performs mutual authentication with the rights management device in which the firmware file is stored in advance, the method further comprises:
when the chip to be upgraded is an unsecured downloaded chip, loading a preset secondary Boot file in the chip to be upgraded so that the chip to be upgraded has one or any combination of the following functions: bidirectional authentication, key agreement and firmware ciphertext data downloading.
8. The method according to claim 6 or 7, wherein after the chip to be upgraded performs key agreement with the rights management device, the method further comprises:
after the chip to be upgraded receives the first encrypted data from the authority management equipment, decrypting the first encrypted data by using a first random number of the chip to be upgraded;
comparing that the first random number of the user is the same as the first random number obtained by decryption, and reading a second random number in the data obtained by decryption;
and encrypting the second random number according to the second random number obtained by decryption to obtain second encrypted data, and sending the obtained second encrypted data to the authority management equipment.
9. An authority management device for storing a firmware file for firmware upgrade of a chip to be upgraded, comprising: the system comprises a first bidirectional authentication unit, a first key negotiation unit, a first encryption unit and a sending unit; wherein,
the first bidirectional authentication unit is configured to: performing bidirectional authentication with a chip to be upgraded;
the first key agreement unit is arranged to: when the first bidirectional authentication unit and the chip to be upgraded pass the bidirectional authentication, performing key agreement with the chip to be upgraded to obtain a temporary key for encrypting the firmware file;
the first encryption unit is configured to: encrypting the obtained temporary key firmware file to obtain firmware ciphertext data;
the sending unit is configured to: and sending the encrypted firmware ciphertext data to the chip to be upgraded so that the chip to be upgraded performs firmware upgrade according to the firmware ciphertext data.
10. A chip, comprising: the second bidirectional authentication unit, the second key negotiation unit and the upgrading unit; wherein,
the second bidirectional authentication unit is configured to: performing bidirectional authentication with authority management equipment in which firmware files are stored in advance;
the second key agreement unit is arranged to: when the second bidirectional authentication unit passes the bidirectional authentication, the chip to be upgraded and the authority management equipment perform key agreement to obtain a temporary key for encrypting the firmware file;
the upgrading unit is set as follows: receiving firmware ciphertext data from the authority management equipment, and upgrading the firmware according to the received firmware ciphertext data;
wherein the firmware ciphertext data is: and the authority management equipment encrypts the firmware file according to the temporary key to obtain data.
CN202210708664.8A 2022-06-21 2022-06-21 Method for realizing firmware upgrade, authority management equipment and chip Pending CN115016819A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210708664.8A CN115016819A (en) 2022-06-21 2022-06-21 Method for realizing firmware upgrade, authority management equipment and chip

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210708664.8A CN115016819A (en) 2022-06-21 2022-06-21 Method for realizing firmware upgrade, authority management equipment and chip

Publications (1)

Publication Number Publication Date
CN115016819A true CN115016819A (en) 2022-09-06

Family

ID=83077691

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210708664.8A Pending CN115016819A (en) 2022-06-21 2022-06-21 Method for realizing firmware upgrade, authority management equipment and chip

Country Status (1)

Country Link
CN (1) CN115016819A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115412244A (en) * 2022-10-31 2022-11-29 中孚信息股份有限公司 Method, system and equipment for updating encrypted firmware on line

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115412244A (en) * 2022-10-31 2022-11-29 中孚信息股份有限公司 Method, system and equipment for updating encrypted firmware on line

Similar Documents

Publication Publication Date Title
US9043604B2 (en) Method and apparatus for key provisioning of hardware devices
EP2221742B1 (en) Authenticated communication between security devices
US7502946B2 (en) Using hardware to secure areas of long term storage in CE devices
CN109639427B (en) Data sending method and equipment
EP3082356A1 (en) Method to check and prove the authenticity of an ephemeral public key
CN108768963B (en) Communication method and system of trusted application and secure element
EP1733504A1 (en) Authentication between device and portable storage
CN101470789A (en) Encryption and decryption method and device of computer
US20140040631A1 (en) Memory controller, nonvolatile memory device, nonvolatile memory system, and access device
CN114662087B (en) Multi-terminal verification security chip firmware updating method and device
CN115859267A (en) Method for safely starting application program, storage control chip and electronic equipment
CN115016819A (en) Method for realizing firmware upgrade, authority management equipment and chip
CN114223176A (en) Certificate management method and device
WO2022052665A1 (en) Wireless terminal and interface access authentication method for wireless terminal in uboot mode
EP4174695A1 (en) Method to store data persistently by a software payload
EP4175218A1 (en) Method to establish a secure channel
CN111246480A (en) Application communication method, system, equipment and storage medium based on SIM card
CN115361140B (en) Method and device for verifying security chip key
CN113796058B (en) Key transmission method and device
KR20110066826A (en) Method for downloading conditional access system/digital right management by using trusted platform module
EP2958265B1 (en) Revocation of a root certificate stored in a device
CN118923077A (en) Apparatus and method for controlling use of encryption key
CN115437673A (en) Vehicle-mounted MCU (microprogrammed control Unit) upgrading method, vehicle-mounted MCU upgrading system and server group
CN102301372B (en) Method and terminal for receiving rights object for content on behalf of memory card
CN116743375A (en) Key transmission method, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination