CN116418511A - Firmware integrity checking method and system of QKD (quality of service) equipment based on cryptographic algorithm - Google Patents
Firmware integrity checking method and system of QKD (quality of service) equipment based on cryptographic algorithm Download PDFInfo
- Publication number
- CN116418511A CN116418511A CN202111674808.4A CN202111674808A CN116418511A CN 116418511 A CN116418511 A CN 116418511A CN 202111674808 A CN202111674808 A CN 202111674808A CN 116418511 A CN116418511 A CN 116418511A
- Authority
- CN
- China
- Prior art keywords
- signature
- firmware
- hash value
- equipment
- result
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004422 calculation algorithm Methods 0.000 title claims abstract description 68
- 238000000034 method Methods 0.000 title claims abstract description 39
- 238000012795 verification Methods 0.000 claims abstract description 84
- 238000012545 processing Methods 0.000 claims abstract description 12
- 230000007547 defect Effects 0.000 abstract description 4
- 238000012360 testing method Methods 0.000 abstract description 4
- 238000013500 data storage Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 238000012797 qualification Methods 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000004806 packaging method and process Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Abstract
The invention provides a firmware integrity checking method of QKD equipment based on a national encryption algorithm, which comprises the following steps: generating an SM2 public key and an SM2 private key of the equipment firmware by using an SM2 algorithm through signature software deployed on a special PC; operating equipment firmware by using an SM3 algorithm to obtain a first hash value, and signing the first hash value by using an SM2 private key to obtain a first signature result; executing SM3 operation on the device firmware to be protected on the quantum key distribution device to obtain a second hash value, and performing signature verification processing on the second hash value by using an SM2 public key and the first signature result to obtain a signature verification result; and acquiring a specific file according to the signature verification result, and starting a service program of the quantum key distribution equipment. The invention has the following advantages: the method has the advantages that the national encryption algorithm is used for signature verification test of the file to be protected, the integrity and the safety of the device firmware are protected through hardware and the national encryption algorithm, and the phenomenon that QKD devices are attacked due to the defect of the device firmware is avoided.
Description
Technical Field
The invention relates to a quantum key distribution device security technology, in particular to a firmware integrity verification technology of a QKD device.
Background
In Quantum Key Distribution (QKD) devices, in order to ensure the security and integrity of device firmware and prevent malicious tampering, it is important to protect the security and integrity of the device firmware of the QKD device, usually, a device firmware package is put into the device, and the device is protected by some hardware anti-disassembly methods, but in the aspects of integrity and firmware verification, there is no excessive method, and the protection of the device firmware is weaker by comparing whether the firmware version numbers are consistent or not, and the like. The existing equipment or the equipment firmware is not checked on the software level and is only protected by hardware anti-disassembly methods and the like; or simply comparing the software level, the tamper protection measures to the firmware are very weak, and effective verification and security protection cannot be achieved.
The invention patent with application number of CN201910061487, namely an APK integrity verification method based on a cryptographic algorithm SM3, a computer program, carries out integrity calculation on an APK installed on an Android mobile phone through a message digest to obtain a Hash value, compares the obtained Hash value with a correct Hash value stored in a mobile phone database, if a comparison result is correct, the APK is complete, no attacker falsifies and no malicious virus exists, if the comparison result is incorrect, the two Hash values are inconsistent, the APK is not a correct version, and the APK program can be unloaded or prohibited from being installed after being changed. The invention patent with the application number of CN201910396746 discloses an off-line industrial control software authentication method based on national security, which is characterized in that hardware information of installation equipment is collected by software to generate a unique registration sequence code; then, carrying out symmetric encryption on the national cipher SM4 to generate an encrypted registration sequence code, and providing the encrypted registration sequence code to a software provider; SM4 decryption is carried out on the received encrypted registration sequence code, and the validity of the registration sequence code after decryption is checked; adding the version configuration information into the decrypted registration sequence code, and recombining the registration code information; s3, performing SM3 HASH operation on the recombined registration code information, performing SM2 signature on a HASH result by adopting a private key, and submitting the signature result to a user as a registration code; s4, the client receives the registration codes, the system reorganizes the generated registration codes into a registration sequence according to a stipulated mode, and then SM3 operation is carried out; and finally, adopting a public key to check the signature, and starting the software version of the corresponding configuration if the verification is passed. The invention patent with application number of CN202110641297, namely a keyword matching method based on SM2 and SM3 algorithms, sends a keyword to be queried to a data storage service provider through a data receiver. The data sender then sends the encrypted data and the ciphertext of the corresponding key to the data storage service provider. Finally, the data storage service provider performs keyword matching on the encrypted data received by the data sender and the ciphertext decryption of the corresponding keywords according to the requirement of the data receiver. The invention patent with the application number of CN202110704620, namely a system image signature verification method based on a cryptographic algorithm under UBOOT, receives a system image file, and performs image signature packaging to generate a signature image file; s2, in UBOOT, the SM2 and the SM3 in the cryptographic algorithm are used for checking the signature image file. In the prior art, the integrity protection of a firmware package is weak, in QKD equipment, equipment firmware is not checked, even if the equipment firmware is tampered, the equipment firmware cannot be known, and calculation check comparison is not performed on the equipment firmware through algorithm measures, so that the protection of the equipment firmware cannot be achieved.
Disclosure of Invention
The technical problem to be solved by the present invention is how to enhance the protection of the QKD device firmware integrity.
The invention solves the technical problems by the following technical means: a method of firmware integrity verification for a QKD device based on a cryptographic algorithm, the method comprising:
generating an SM2 public key and an SM2 private key of the equipment firmware by using an SM2 algorithm through signature software deployed on a special PC;
operating equipment firmware by using an SM3 algorithm to obtain a first hash value, and signing the first hash value by using an SM2 private key to obtain a first signature result;
executing SM3 operation on the device firmware to be protected on the quantum key distribution device to obtain a second hash value, and performing signature verification processing on the second hash value by using an SM2 public key and the first signature result to obtain a signature verification result;
and acquiring a specific file according to the signature verification result, and starting a service program of the quantum key distribution equipment.
As a more specific technical solution, the step of generating the SM2 public key and the SM2 private key of the device firmware by using the SM2 algorithm includes:
generating the SM2 public key and the SM2 private key of the device firmware by signature software in a special PC using the SM2 algorithm;
and storing the SM2 private key to the special PC by signature software. As a more specific technical scheme, signature and signature verification operations are combined in the SM2 algorithm, encryption and decryption operations are used, and public and private key pairs, private key signature and public key signature verification are used for each combination; public key encryption and private key decryption.
As a more specific technical solution, the step of performing an operation on the device firmware by using the SM3 algorithm to obtain a first hash value by using the SM2 private key to perform signature processing on the first hash value to obtain a first signature result includes:
starting;
generating a public and private key of SM2 equipment by signature software, and storing the private key by the signature software;
reading equipment firmware, and executing an SM3 algorithm on the equipment firmware to obtain the first hash value;
signing the first hash value by signature software by using an SM2 private key to obtain a first signature result;
the signature result and the SM2 public key are programmed into a security chip;
and (5) ending.
As a more specific solution, the security chip is embedded in the QKD device.
As a more specific technical solution, the corresponding relationship between the hash value generated by the SM3 algorithm and the device firmware state is unique.
As a more specific technical solution, the step of performing SM3 operation on the device firmware to be protected on the quantum key distribution device to obtain a second hash value, and performing signature verification processing on the second hash value by using an SM2 public key and the first signature result to obtain a signature verification result includes:
starting;
the method comprises the steps that compliance detection software is deployed in QKD equipment, SM3 operation is executed on equipment firmware to be protected after the compliance detection software is started, and a second hash value is obtained;
the compliance detection software sends the second hash value to the security chip;
the security chip reads the SM2 public key and the first signature result from the inside of the security chip, performs signature verification operation on the second hash value to obtain the signature verification result, and returns the signature verification result to compliance detection software.
As a more specific technical solution, the step of acquiring a specific file according to the signature verification result, and starting a service program of the quantum key distribution device according to the specific file includes:
returning the signature verification result to compliance detection software in the quantum key distribution equipment by using a security chip;
judging whether the signature verification is successful or not according to the signature verification result by using the compliance detection software;
if yes, starting the service program of the quantum key distribution equipment;
if not, judging that the quantum key distribution equipment is in a to-be-overhauled state.
As a more specific technical solution, if the signature verification is successful, the step of starting the service program of the quantum key distribution device further includes:
generating a specific file by the compliance detection software;
detecting and acquiring the specific file, and processing the equipment firmware according to the specific file, so as to obtain a normal service program;
and starting the normal service program.
The invention also provides a system for verifying the firmware integrity of QKD equipment based on a cryptographic algorithm, which comprises:
the public key private key generation module is used for generating an SM2 public key and an SM2 private key of the equipment firmware by using an SM2 algorithm through a special PC;
the hash signing module is used for operating the equipment firmware by using an SM3 algorithm to obtain a first hash value, and signing the first hash value by using an SM2 private key to obtain a first signing result;
the signature verification module is used for executing SM3 operation on the device firmware to be protected on the quantum key distribution device to obtain a second hash value, and utilizing an SM2 public key and the first signature result to carry out signature verification processing on the second hash value to obtain a signature verification result;
and the service starting module is used for acquiring a specific file according to the signature verification result so as to start the service program of the quantum key distribution equipment.
Compared with the prior art, the invention has the following advantages:
the invention uses a security chip with commercial secret qualification, uses a national secret algorithm (SM 2 and SM 3) to carry out signature verification test on the file to be protected, protects the integrity and safety of equipment firmware by a hardware (security chip) method and a software (national secret algorithm) method, and avoids the phenomenon that QKD equipment is attacked caused by equipment firmware defect. The invention calculates the hash value by using SM3 algorithm to the equipment firmware, then signs the hash value by using equipment private key (SM 2 algorithm private key) to obtain signature result, and writes SM2 public key and signature result into the security chip; at the QKD device end, the SM3 algorithm is used for calculating the hash value for the device firmware, the security chip is called to execute the signature verification operation for the hash value, and the accuracy of the SM2 and SM3 algorithms is utilized to ensure the integrity and the security of the device firmware.
Drawings
FIG. 1 is a schematic diagram of a signature verification of an embodiment of the present invention;
FIG. 2 is a schematic diagram of a signature flow in an embodiment of the invention;
fig. 3 is a schematic diagram of a signature verification process in an embodiment of the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions in the embodiments of the present invention will be clearly and completely described in the following in conjunction with the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Embodiment one:
SM2 algorithm introduction:
the SM2 algorithm is an elliptic curve public key cryptographic algorithm, and the algorithm is divided into a public key pair, a private key pair, a signature function, a signature verification function, an encryption function and a decryption function.
In use, the signature and signature verification function are combined, encryption and decryption are combined, and each combination uses public and private key pairs, private key signature and public key signature verification; public key encryption and private key decryption; if the public and private keys are changed, the signature verification or encryption and decryption cannot be used correctly, and the public and private keys are respectively located at the home terminal and the opposite terminal, so that in actual use, the home terminal and the opposite terminal cooperate to use the signature verification or encryption and decryption functions.
Detailed description of the implementation scheme:
as shown in fig. 1, the scheme proposes a firmware verification scheme of a QKD device based on a cryptographic algorithm, signature operation is performed on device firmware through signature software deployed on a dedicated PC, then signature verification operation is completed on the QKD device, and after signature verification of the QKD device passes, a QKD service function is operated, otherwise, if signature verification does not pass, the QKD device cannot be operated.
The signing and signature verification processes are described below:
as shown in fig. 2, the signature operation flow of the device firmware by the signature software deployed in the dedicated PC is as follows:
starting;
generating a public and private key of SM2 equipment by signature software, and storing the private key by the signature software;
reading equipment firmware, and executing an SM3 algorithm on the equipment firmware to obtain a first hash value of 32 bytes;
signing the first hash value by using an SM2 private key by signature software to obtain a first signature result;
the first signature result and the SM2 public key are programmed into a security chip;
and (5) ending.
The secure chip is embedded in the QKD device. And the SM3 algorithm generates a unique corresponding relation between the first hash value and the device firmware state.
As shown in fig. 3, the signature verification operation flow is completed on the QKD device as follows:
starting;
the method comprises the steps that compliance detection software is deployed in QKD equipment, SM3 operation is executed on equipment firmware to be protected after the compliance detection software is started, and a second hash value of 32 bytes is obtained;
the compliance detection software sends the second hash value to the security chip;
the security chip reads the SM2 public key and the first signature result from the inside of the security chip, performs signature verification operation on the second hash value to obtain a signature verification result, and returns the signature verification result to compliance detection software;
if the compliance detection software judges that the signature verification is successful, the compliance detection software generates a specific file, and after the operating system detects the specific file, the device firmware is processed to obtain a QKD normal service program and is started; if the signature verification fails, the compliance detection software does not generate a specific file, the operating system does not process the equipment firmware, and the equipment enters a manual maintenance state.
Compared with the prior art, the firmware integrity checking method of the QKD equipment based on the cryptographic algorithm has the following beneficial effects: the invention uses a security chip with commercial secret qualification, uses a national secret algorithm (SM 2 and SM 3) to carry out signature verification test on the file to be protected, protects the integrity and safety of equipment firmware by a hardware (security chip) method and a software (national secret algorithm) method, and avoids the phenomenon that QKD equipment is attacked caused by equipment firmware defect. The invention calculates the hash value by using SM3 algorithm to the equipment firmware, then signs the hash value by using equipment private key (SM 2 algorithm private key) to obtain signature result, and writes SM2 public key and signature result into the security chip; at the QKD device end, the SM3 algorithm is used for calculating the hash value for the device firmware, the security chip is called to execute the signature verification operation for the hash value, and the accuracy of the SM2 and SM3 algorithms is utilized to ensure the integrity and the security of the device firmware.
Embodiment two:
the embodiment provides a firmware verification system of a QKD device based on a cryptographic algorithm, which includes:
the public key private key generation module is used for generating an SM2 public key and an SM2 private key of the equipment firmware by using an SM2 algorithm through a special PC;
the hash signature module is used for reading the equipment firmware, executing an SM3 algorithm on the equipment firmware, and obtaining a first hash value of 32 bytes; signing the first hash value by using an SM2 private key by signature software to obtain a first signature result;
the module specifically performs the following operations:
starting;
generating a public and private key of SM2 equipment by signature software, and storing the private key by the signature software;
reading equipment firmware, and executing an SM3 algorithm on the equipment firmware to obtain a first hash value of 32 bytes;
signing the first hash value by using an SM2 private key by signature software to obtain a first signature result;
the first signature result and the SM2 public key are programmed into a security chip;
and (5) ending.
The secure chip is embedded in the QKD device. And the SM3 algorithm generates a unique corresponding relation between the first hash value and the device firmware state.
The signature verification module is used for executing SM3 operation on the device firmware to be protected on the quantum key distribution device to obtain a second hash value, and performing signature verification processing on the second hash by using an SM2 public key and the first signature result to obtain a signature verification result;
the module specifically performs the following operations:
starting;
the method comprises the steps that compliance detection software is deployed in QKD equipment, SM3 operation is executed on equipment firmware to be protected after the compliance detection software is started, and a second hash value of 32 bytes is obtained;
the compliance detection software sends the second hash value to the security chip;
the security chip reads the SM2 public key and the first signature result from the inside of the security chip, performs signature verification processing on the second hash value to obtain a signature verification result, and returns the signature verification result to compliance detection software;
the service starting module is used for acquiring a specific file according to the signing verification result so as to start a service program of the quantum key distribution equipment; the module specifically performs the following operations:
if the compliance detection software judges that the signature verification is successful, the compliance detection software generates a specific file, and after the operating system detects the specific file, the device firmware is processed to obtain a QKD normal service program and is started;
if the signature verification fails, the compliance detection software does not generate a specific file, the operating system does not process the equipment firmware, and the equipment enters a manual maintenance state.
The invention uses a security chip with commercial secret qualification, uses a national secret algorithm (SM 2 and SM 3) to carry out signature verification test on the file to be protected, protects the integrity and safety of equipment firmware by a hardware (security chip) method and a software (national secret algorithm) method, and avoids the phenomenon that QKD equipment is attacked caused by equipment firmware defect. The invention calculates the hash value by using SM3 algorithm to the equipment firmware, then signs the hash value by using equipment private key (SM 2 algorithm private key) to obtain signature result, and writes SM2 public key and signature result into the security chip; at the QKD device end, the SM3 algorithm is used for calculating the hash value for the device firmware, the security chip is called to execute the signature verification operation for the hash value, and the accuracy of the SM2 and SM3 algorithms is utilized to ensure the integrity and the security of the device firmware.
The above embodiments are only for illustrating the technical solution of the present invention, and are not limiting; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.
Claims (10)
1. A method for verifying firmware integrity of a QKD device based on a cryptographic algorithm, the method comprising:
generating an SM2 public key and an SM2 private key of the equipment firmware by using an SM2 algorithm through signature software deployed on a special PC;
the signature result is operated on the equipment firmware by using an SM3 algorithm to obtain a first hash value, and the first hash value is subjected to signature processing by using an SM2 private key to obtain a first signature result;
executing SM3 operation on the device firmware to be protected on the quantum key distribution device to obtain a second hash value, and performing signature verification processing on the second hash value by using an SM2 public key and the first signature result to obtain a signature verification result;
and acquiring a specific file according to the signature verification result, and starting a service program of the quantum key distribution equipment.
2. The method of claim 1, wherein the step of generating the SM2 public key and the SM2 private key of the device firmware using the SM2 algorithm comprises:
generating the SM2 public key and the SM2 private key of the device firmware by signature software in a special PC using the SM2 algorithm;
and storing the SM2 private key to the special PC by signature software.
3. The method for verifying the firmware integrity of a QKD device based on a cryptographic algorithm of claim 1, wherein the SM2 algorithm uses signature and signature verification operations in combination, and uses encryption and decryption operations, each combination using public-private key pairs, private key signatures, and public key signature verification; public key encryption and private key decryption.
4. The method of claim 1, wherein the step of operating the device firmware with the SM3 algorithm to obtain a first hash value, and signing the first hash value with the SM2 private key to obtain a first signature result comprises:
starting;
generating a public and private key of SM2 equipment by signature software, and storing the private key by the signature software;
reading equipment firmware, and executing an SM3 algorithm on the equipment firmware to obtain the first hash value;
signing the first hash value by signature software by using an SM2 private key to obtain a first signature result;
the first signature result and the SM2 public key are programmed into a security chip;
and (5) ending.
5. The method of claim 4, wherein the security chip is embedded in the QKD device.
6. The method of claim 1, wherein the SM3 algorithm generates a hash value that uniquely corresponds to the device firmware state.
7. The method for verifying the integrity of firmware of a QKD device according to claim 1, wherein the step of performing an SM3 operation on the device firmware to be protected on a quantum key distribution device to obtain a second hash value, and performing a signature verification process on the second hash value using an SM2 public key and the first signature result to obtain a signature verification result, comprises:
starting;
the method comprises the steps that compliance detection software is deployed in QKD equipment, SM3 operation is executed on equipment firmware to be protected after the compliance detection software is started, and a second hash value is obtained;
the compliance detection software sends the second hash value to the security chip;
the security chip reads the SM2 public key and the first signature result from the inside of the security chip, performs signature verification operation on the second hash value to obtain the signature verification result, and returns the signature verification result to compliance detection software.
8. The method for verifying the firmware integrity of a QKD device according to claim 1, wherein the step of acquiring a specific file according to the signature verification result, thereby starting a service program of the quantum key distribution device, comprises:
returning the signature verification result to compliance detection software in the quantum key distribution equipment by using a security chip;
judging whether the signature verification is successful or not according to the signature verification result by using the compliance detection software;
if yes, starting the service program of the quantum key distribution equipment;
if not, judging that the quantum key distribution equipment is in a to-be-overhauled state.
9. The method of claim 8, wherein the step of starting the business program of the quantum key distribution device if the verification is successful, further comprises:
generating a specific file by the compliance detection software;
detecting and acquiring the specific file, and processing the equipment firmware according to the specific file, so as to obtain a normal service program;
and starting the normal service program.
10. A firmware integrity verification system of a QKD device based on a cryptographic algorithm, the system comprising:
the public key private key generation module is used for generating an SM2 public key and an SM2 private key of the equipment firmware by using an SM2 algorithm through a special PC;
the hash signing module is used for operating the equipment firmware by using an SM3 algorithm to obtain a first hash value, and signing the first hash value by using an SM2 private key to obtain a first signing result;
the signature verification module is used for executing SM3 operation on the device firmware to be protected on the quantum key distribution device to obtain a second hash value, and utilizing an SM2 public key and the first signature result to carry out signature verification processing on the second hash value to obtain a signature verification result;
and the service starting module is used for acquiring a specific file according to the signature verification result so as to start the service program of the quantum key distribution equipment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111674808.4A CN116418511A (en) | 2021-12-31 | 2021-12-31 | Firmware integrity checking method and system of QKD (quality of service) equipment based on cryptographic algorithm |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111674808.4A CN116418511A (en) | 2021-12-31 | 2021-12-31 | Firmware integrity checking method and system of QKD (quality of service) equipment based on cryptographic algorithm |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116418511A true CN116418511A (en) | 2023-07-11 |
Family
ID=87058480
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111674808.4A Pending CN116418511A (en) | 2021-12-31 | 2021-12-31 | Firmware integrity checking method and system of QKD (quality of service) equipment based on cryptographic algorithm |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116418511A (en) |
-
2021
- 2021-12-31 CN CN202111674808.4A patent/CN116418511A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11258792B2 (en) | Method, device, system for authenticating an accessing terminal by server, server and computer readable storage medium | |
| CN110519309B (en) | Data transmission method, device, terminal, server and storage medium | |
| EP2659373B1 (en) | System and method for secure software update | |
| CN112000975B (en) | Key management system | |
| US9571289B2 (en) | Methods and systems for glitch-resistant cryptographic signing | |
| US20180204004A1 (en) | Authentication method and apparatus for reinforced software | |
| CN108496323B (en) | Certificate importing method and terminal | |
| CN114662087B (en) | Multi-terminal verification security chip firmware updating method and device | |
| WO2005052768A1 (en) | Secret information processing system and lsi | |
| JP2017011491A (en) | Authentication system | |
| CN115242397A (en) | OTA upgrade security verification method and readable storage medium for vehicle EUC | |
| CN111654378B (en) | Data security self-checking method based on electric power security gateway | |
| CN112613033A (en) | Method and device for safely calling executable file | |
| CN105873043B (en) | Method and system for generating and applying network private key for mobile terminal | |
| CN108376212B (en) | Execution code security protection method and device and electronic device | |
| CN108242997B (en) | Method and apparatus for secure communication | |
| CN107343276B (en) | Method and system for protecting SIM card locking data of terminal | |
| CN115514492A (en) | BIOS firmware verification method, device, server, storage medium and program product | |
| CN113297563B (en) | Method and device for accessing privileged resources of system on chip and system on chip | |
| CN116418511A (en) | Firmware integrity checking method and system of QKD (quality of service) equipment based on cryptographic algorithm | |
| CN112165396A (en) | Method for updating safety firmware | |
| CN107292172B (en) | Method for automatically verifying a target computer file with respect to a reference computer file | |
| CN105554033B (en) | A kind of authentic authentication method and its image input device of image input device | |
| CN113553125B (en) | Method, device and equipment for calling trusted application program and computer storage medium | |
| CN112597449B (en) | Software encryption method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |