CN116775365A - Lossless upgrading method for loadable execution file, security chip and storage medium - Google Patents
Lossless upgrading method for loadable execution file, security chip and storage medium Download PDFInfo
- Publication number
- CN116775365A CN116775365A CN202311036449.9A CN202311036449A CN116775365A CN 116775365 A CN116775365 A CN 116775365A CN 202311036449 A CN202311036449 A CN 202311036449A CN 116775365 A CN116775365 A CN 116775365A
- Authority
- CN
- China
- Prior art keywords
- data
- upgrade
- source data
- packet
- compression
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 82
- 238000003860 storage Methods 0.000 title claims abstract description 22
- 238000013144 data compression Methods 0.000 claims abstract description 65
- 238000007906 compression Methods 0.000 claims abstract description 63
- 230000006835 compression Effects 0.000 claims abstract description 63
- 230000008569 process Effects 0.000 claims abstract description 36
- 238000011084 recovery Methods 0.000 claims abstract description 21
- 230000002159 abnormal effect Effects 0.000 claims abstract description 19
- 238000012795 verification Methods 0.000 claims description 17
- 230000006870 function Effects 0.000 claims description 13
- 230000006837 decompression Effects 0.000 claims description 9
- 230000009467 reduction Effects 0.000 claims description 4
- 238000010586 diagram Methods 0.000 description 10
- 238000004891 communication Methods 0.000 description 6
- 230000015572 biosynthetic process Effects 0.000 description 3
- 239000002131 composite material Substances 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000007726 management method Methods 0.000 description 3
- 238000003786 synthesis reaction Methods 0.000 description 3
- 230000005856 abnormality Effects 0.000 description 2
- 238000004422 calculation algorithm Methods 0.000 description 2
- 238000004140 cleaning Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 238000007781 pre-processing Methods 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 230000002441 reversible effect Effects 0.000 description 2
- 108700026244 Open Reading Frames Proteins 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 238000013524 data verification Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000009795 derivation Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
- 230000008439 repair process Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000000717 retained effect Effects 0.000 description 1
- 230000035945 sensitivity Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Abstract
The application relates to the technical field of security chips, and discloses a lossless upgrading method for loadable execution files, a security chip and a storage medium, wherein the lossless upgrading method comprises the following steps: responding to an upgrade session request of a user to enter an upgrade process, and acquiring and caching an upgrade session check code carried in the upgrade session request; carrying out multistage lossless compression coding on the source data packet analyzed before upgrading to obtain a source data compressed packet and storing the source data compressed packet into a nonvolatile memory; encrypting the source data compression packet by a session key derived from the root key to generate an encrypted source data compression packet; under the condition that abnormal interruption occurs in the software upgrading process, triggering an abnormal interruption manager, and entering a source data restoring stage or a conventional recovery flow according to different interruption conditions so as to recover a source data compression packet to a source data packet before upgrading according to an upgrading session check code.
Description
Technical Field
The present application relates to the field of security chips, and for example, to a lossless upgrade method for loadable execution files, a security chip, and a storage medium.
Background
Modern digital devices (e.g., notebook computers, cell phones, etc.) currently allow software upgrades to be made with network connections, for reasons including error repair or addition of new functionality, etc.
The Secure Element (SE) is typically deployed in the form of a Secure chip within the smart card. The software deployed in the security chip itself is limited to the needs of the service provider and the correctness of the user, and the presence of the upgrade function is unavoidable. Because of the existence of persistent application instances (APPlet) by software programs in the security chip, these application instances are created and personalized by the service provider using user data and confidential or sensitive data. At the same time, the personalization process is complex and expensive and should not be repeated, generally in the case of software upgrades.
In the process of implementing the embodiments of the present disclosure, it is found that at least the following problems exist in the related art:
in the process of upgrading an existing executable loading file (Executable Load File, ELF), the data packet of the ELF needs to be stored, cleaned, deleted and the like in a storage stage. If an abort (e.g., an abnormal power down, crash, etc.) occurs during a data clean up sequence or a delete sequence, there is a risk of losing sensitive data and the ELF for the user. Meanwhile, the application instance is in an error state, and the original data packet cannot be recovered normally.
It should be noted that the information disclosed in the above background section is only for enhancing understanding of the background of the application and thus may include information that does not form the prior art that is already known to those of ordinary skill in the art.
Disclosure of Invention
The following presents a simplified summary in order to provide a basic understanding of some aspects of the disclosed embodiments. This summary is not an extensive overview, and is intended to neither identify key/critical elements nor delineate the scope of such embodiments, but is intended as a prelude to the more detailed description that follows.
The embodiment of the disclosure provides a lossless upgrading method, a security chip and a storage medium for loadable execution files, which can improve the security and confidentiality of confidential or sensitive data and reduce the chip space resources occupied by a lossless upgrading process under the condition of realizing lossless upgrading of application examples.
In some embodiments, the lossless upgrade method of the loadable execution file is applied to a security chip and comprises the following steps:
responding to an upgrade session request of a user to enter an upgrade process, and acquiring and caching an upgrade session check code carried in the upgrade session request;
carrying out multistage lossless compression coding on the source data packet analyzed before upgrading to obtain a source data compressed packet and storing the source data compressed packet into a nonvolatile memory;
Encrypting the source data compression packet by a session key derived from the root key to generate an encrypted source data compression packet;
under the condition that abnormal interruption occurs in the software upgrading process, triggering an abnormal interruption manager, and entering a source data restoring stage or a conventional recovery flow according to different interruption conditions so as to recover a source data compression packet to a source data packet before upgrading according to an upgrading session check code.
Optionally, the step of performing multi-level lossless compression encoding on the source data packet parsed before upgrading to obtain a source data compressed packet includes:
performing first-stage compression coding on source data in the source data packet according to a preset first compression coding rule to obtain first-stage compression data;
performing second-stage compression encoding on the first-stage compression data according to a preset second compression encoding rule to obtain second-stage compression data;
and carrying out statistic coding based on the data probability, and carrying out third-stage compression coding on the second-stage compression data to obtain the source data compression packet.
Optionally, the performing first-stage compression encoding on the source data in the source data packet according to a preset first compression encoding rule to obtain first-stage compressed data includes:
Under the condition that two adjacent data in the source data are smaller than a first threshold value, compressing and merging the two adjacent data into one data;
under the condition that any one data in the source data is larger than or equal to a first threshold value, original data are reserved;
and setting a first data head zone bit corresponding to each data according to the big end rule to obtain first-stage compressed data with a fixed byte number.
Optionally, the performing second-stage compression encoding on the first-stage compressed data according to a preset second compression encoding rule to obtain second-stage compressed data includes:
selecting one of the data as compressed and combined data under the condition that the difference value of two adjacent data in the first-stage compressed data is smaller than or equal to a second threshold value;
under the condition that the difference value of two adjacent data in the first-stage compressed data is larger than a second threshold value, original data are reserved;
setting a second data head flag bit for recording the data compression process to obtain second-stage compressed data with a fixed byte number.
Optionally, the performing statistical coding based on the data probability performs third-stage compression coding on the second-stage compressed data to obtain the source data compression packet, including:
Dividing a probability interval [0,1 ] into a plurality of subintervals according to characters corresponding to all data in the second-stage compressed data and the occurrence probability of each character in all characters; wherein each subinterval corresponds to a character, and the size of each subinterval is proportional to the probability of the corresponding character in the total characters;
sequentially reading characters corresponding to all data in the second-stage compressed data, and obtaining subintervals [ L, R ] corresponding to each character, wherein L is more than or equal to 0 and less than or equal to 1;
calculating left=left+ (right-left) ×l and right=left+ (right-left) ×r to obtain a coding section [ left, right ] after compression coding of each character; wherein, the initial value of left is 0, and the initial value of right is 1;
and storing any decimal in a coding interval [ left, right ] corresponding to each character in a binary form to obtain the source data compression packet.
Optionally, the encrypting the source data compression packet by the session key derived from the root key generates an encrypted source data compression packet, including:
according to the built-in root key and the random number generated by the true random number generator, a group of session keys only supporting the preset bit of the current upgrading session request are discretely recombined and derived;
And carrying out Advanced Encryption Standard (AES) encryption on the session key and the source data compression packet together to generate an encrypted source data compression packet.
Optionally, the source data reduction stage includes an active mode and a passive mode:
in the active mode, under the condition that the upgrade termination request of the user is correct and the upgrade termination check code and the label verification result of the upgrade session check code contained in the upgrade termination request pass, decrypting and multi-stage decompressing are carried out on the source data compression packet;
in the passive mode, directly acquiring an upgrading session check code in a cache, and under the condition that a signature verification result passes, decrypting and multi-stage decompressing the source data compression packet.
Optionally, in the case that the user's termination upgrade request is correct and the upgrade termination check code included in the termination upgrade request passes the signature verification result of the upgrade session check code, decrypting and multi-stage decompressing the source data compression packet includes:
responding to an upgrade termination request of a user, and acquiring an upgrade termination check code of a preset bit attached to the upgrade termination request;
checking the upgrade termination check code with the upgrade session check code stored in the cache;
Under the condition that the upgrade termination request is correct in format and the verification result passes, performing AES decryption on the encrypted source data compression packet to obtain the source data compression packet;
and performing multistage decompression on the source data compression packet to restore the source data to the upgrade address and clear the upgrade session check code and the session key.
Optionally, the upgrade session request is accompanied by an upgrade session check code of a preset bit, which is validated only in the current upgrade session request for decryption function verification in the active mode of the source data restore phase.
In some embodiments, the secure chip includes a processor integrated within the secure chip and a memory storing program instructions, the processor being configured to perform a lossless upgrade method of loadable execution files according to the present application when the program instructions are executed.
In some embodiments, the storage medium stores program instructions that, when executed, perform a lossless upgrade method for loadable execution files according to the present application.
The lossless upgrading method, the security chip and the storage medium for the loadable execution file provided by the embodiment of the disclosure can realize the following technical effects:
Before the upgrade process is executed, the security chip of the application configures the upgrade session check code for the source data and encrypts the upgrade session check code, thereby improving the confidentiality of sensitive data and the upgrade process in the source data. By carrying out multistage lossless compression coding on the encrypted source data, the resource space occupied by the upgrading process is reduced. Meanwhile, under the condition that abnormal interruption occurs in the software upgrading process, scheduling is performed through an upgrading abnormal manager, and after the abnormality occurs, decryption and multistage decompression are performed on the encrypted source data compression packet, so that the state before the upgrading is normally recovered. After normal upgrading, the source data can be ensured to be covered in the upgraded application example, and finally, safe and low-consumption lossless upgrading is realized.
The foregoing general description and the following description are exemplary and explanatory only and are not restrictive of the application.
Drawings
One or more embodiments are illustrated by way of example and not limitation in the figures of the accompanying drawings, in which like references indicate similar elements, and in which like reference numerals refer to similar elements, and in which:
FIG. 1 is a schematic diagram of a lossless upgrade method for a loadable execution file provided by an embodiment of the present disclosure;
FIG. 2 is a schematic diagram of another lossless upgrade method for loadable execution files provided by an embodiment of the present disclosure;
FIG. 3 is a schematic diagram of another lossless upgrade method for loadable execution files provided by an embodiment of the present disclosure;
FIG. 4 is a schematic diagram of another lossless upgrade method for loadable execution files in an embodiment of the present disclosure;
FIG. 5 is a schematic illustration of one application provided by an embodiment of the present disclosure;
FIG. 6 is another application schematic provided by an embodiment of the present disclosure;
FIG. 7 is another application schematic provided by an embodiment of the present disclosure;
fig. 8 is a schematic diagram of a security chip provided in an embodiment of the disclosure.
Detailed Description
So that the manner in which the features and techniques of the disclosed embodiments can be understood in more detail, a more particular description of the embodiments of the disclosure, briefly summarized below, may be had by reference to the appended drawings, which are not intended to be limiting of the embodiments of the disclosure. In the following description of the technology, for purposes of explanation, numerous details are set forth in order to provide a thorough understanding of the disclosed embodiments. However, one or more embodiments may still be practiced without these details. In other instances, well-known structures and devices may be shown simplified in order to simplify the drawing.
The terms first, second and the like in the description and in the claims of the embodiments of the disclosure and in the above-described figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate in order to describe embodiments of the present disclosure. Furthermore, the terms "comprise" and "have," as well as any variations thereof, are intended to cover a non-exclusive inclusion.
The term "plurality" means two or more, unless otherwise indicated.
In the embodiment of the present disclosure, the character "/" indicates that the front and rear objects are an or relationship. For example, A/B represents: a or B.
The term "and/or" is an associative relationship that describes an object, meaning that there may be three relationships. For example, a and/or B, represent: a or B, or, A and B.
The term "corresponding" may refer to an association or binding relationship, and the correspondence between a and B refers to an association or binding relationship between a and B.
Because of the importance and sensitivity of personalized user data, ELF upgrades need to be supported as a security chip, and lossless upgrades are also required. At this time, an upgrade protection mechanism is needed, and the confidentiality of data is improved on the premise of ensuring lossless ELF upgrade. In addition, under the existing equipment cost, the occupied space resource of the security chip in the lossless upgrading process is required to be reduced. Therefore, in view of the above-mentioned existing technical problems, the embodiments of the present disclosure provide a safe and efficient manner to implement a lossless upgrade function of a loadable execution file, and main functional modules thereof can implement the following functions: the system comprises a root key for generating a session key, a session key for encrypting and decrypting, data compression and decompression, power-down management, key derivation, check code verification, data encryption and decryption, data restoration and storage and lossless upgrading instructions.
Meanwhile, referring to fig. 1, an embodiment of the present disclosure provides a lossless upgrade method for loadable execution files, which is applied to a security chip, and includes:
step 101: the security chip responds to an upgrade session request of a user to enter an upgrade process, acquires an upgrade session check code carried in the upgrade session request and caches the upgrade session check code.
Step 102: and the security chip performs multistage lossless compression coding on the source data packet analyzed before upgrading to obtain a source data compressed packet and stores the source data compressed packet into a nonvolatile memory.
Step 103: the security chip encrypts the source data compression packet by a session key derived from the root key to generate an encrypted source data compression packet.
Step 104: under the condition that the software is abnormally interrupted in the upgrading process, the safety chip triggers an abnormal interruption manager to enter a source data restoring stage or a conventional recovery flow according to different interruption conditions so as to recover the source data compression packet to the source data packet before upgrading according to the upgrading session check code.
By adopting the lossless upgrading method of the loadable execution file, which is provided by the embodiment of the invention, the security chip is used for configuring and encrypting the upgrading session check code for the source data, so that the confidentiality of sensitive data and upgrading flow in the source data is improved. By carrying out multistage lossless compression coding on the encrypted source data, the resource space occupied by the upgrading process is reduced. Meanwhile, under the condition that abnormal interruption occurs in the software upgrading process, scheduling is performed through an upgrading abnormal manager, and after the abnormality occurs, decryption and multistage decompression are performed on the encrypted source data compression packet, so that the state before the upgrading is normally recovered. After normal upgrading, the source data can be ensured to be covered in the upgraded application example, and finally, safe and low-consumption lossless upgrading is realized.
Referring to fig. 2, another method for lossless upgrade of loadable execution files is provided in an embodiment of the present disclosure, including:
step 201: the security chip responds to an upgrade session request of a user to enter an upgrade process, acquires an upgrade session check code carried in the upgrade session request and caches the upgrade session check code.
Optionally, the upgrade session request of the present application is accompanied by an upgrade session check code of a preset bit, which is validated only in the current upgrade session request for decryption function verification in the active mode of the source data restore phase.
Step 202: and the security chip performs first-stage compression coding on the source data in the source data packet according to a preset first compression coding rule to obtain first-stage compression data.
Step 203: and the security chip performs second-stage compression encoding on the first-stage compression data according to a preset second compression encoding rule to obtain second-stage compression data.
Step 204: and the security chip performs statistic coding based on the data probability, and performs third-stage compression coding on the second-stage compressed data to obtain a source data compressed packet.
Step 205: the security chip encrypts the source data compression packet by a session key derived from the root key to generate an encrypted source data compression packet.
Step 206: under the condition that the software is abnormally interrupted in the upgrading process, the safety chip triggers an abnormal interruption manager to enter a source data restoring stage or a conventional recovery flow according to different interruption conditions so as to recover the source data compression packet to the source data packet before upgrading according to the upgrading session check code.
In an embodiment of the present application, performing first-stage compression encoding on source data in a source data packet according to a preset first compression encoding rule to obtain first-stage compressed data, including:
under the condition that two adjacent data in the source data are smaller than a first threshold value, compressing and merging the two adjacent data into one data;
under the condition that any one data in the source data is larger than or equal to a first threshold value, the original data is reserved;
and setting a first data head zone bit corresponding to each data according to the big end rule to obtain first-stage compressed data with a fixed byte number.
Specifically, for two adjacent hexadecimal data, if both data are smaller than a first threshold (e.g., 0x 10), the two data are merged, otherwise, the original data are retained without merging. After synthesis, a group of data with a fixed byte number (for example, 8 bytes) is formed, and each group of data has a first data head flag bit with 1 byte. The first data head zone bit is used for recording whether the corresponding pair is synthesized data or not, wherein the first data head zone bit corresponds to each data according to the big end rule. If the source data fails to form a group in the synthesis process, the bit corresponding to the first data head flag bit is set to 0. In decoding, 9 bytes can be taken as a group, and if the last group is less than 9 bytes, whether the position with the subsequent bit of 0 is provided with data is checked according to the bit mark with the last 1 of the first data head mark bit.
In one specific application, as shown in table 1 and table 2 below, the source data may include hexadecimal data that is: 0x01, 0x02, 0xFE, 0x03, 0x04, 0x0f, 0x0a, 0x10, 0xEE, 0x5, 0x06, 0x08, and 0x09. After the first threshold value is 0x10, 0xD3, 0x12, 0xfe, 0x34, 0xfa, 0x10, 0xee, 0x56 and 0x89 are obtained, wherein binary expression of the first data head zone bit 0xD3 is 11010011,1 representing data which is synthesized, 0 representing data is original data and corresponds from left to right according to a big end rule.
TABLE 1
TABLE 2
In an embodiment of the present application, performing second-stage compression encoding on the first-stage compressed data according to a preset second compression encoding rule to obtain second-stage compressed data, including:
selecting one of the data as compressed and combined data under the condition that the difference value of two adjacent data in the first-stage compressed data is smaller than or equal to a second threshold value;
under the condition that the difference value of two adjacent data in the first-stage compressed data is larger than a second threshold value, original data are reserved;
setting a second data head flag bit for recording the data compression process to obtain second-stage compressed data with a fixed byte number.
Specifically, the security chip performs second-stage compression encoding on the first-stage compressed data according to a preset second compression encoding rule. And when the difference value of the two adjacent data is less than or equal to a second threshold value (for example, the two data are within 3 different), taking the data positioned on the left side in the two adjacent data as the data after compression and combination. Meanwhile, 4 bits are added as the second header flag bit. Otherwise, the original data is reserved, 3 combined data are taken as a group, and the maximum compression rate is 1.33. If the source data is insufficient to form a group in the synthesis process, the data head is set to 0 corresponding to 4 bits; decoding takes 3 bytes as a group, and if the last group is less than 3 bytes, checking whether data exists according to the position of the all 0 mark of 4 bits of the data head.
In one specific application, as shown in connection with Table 3 below, the hexadecimal data included in the first stage of compressed data may be: 0x12, 0x13, 0x59, and 0x56, and combining with the second threshold value of 3 to obtain 0xDB, 0x12, and 0x56, wherein the binary expression of 0xDB is 1101 1011. Wherein the 4 bit effects are respectively: bit 4 indicates whether it is a composite number, bit 3 indicates the difference plus or minus (0 minus, 1 plus), bit 2 and bit 1 indicate the difference. Correspondingly, the high 4 bits record the composite data of 0x12 and 0x13, and the low 4 bits record the composite data of 0x59 and 0x 56.
TABLE 3 Table 3
In an embodiment of the present application, performing statistical encoding based on data probability, performing third-stage compression encoding on second-stage compressed data to obtain a source data compression packet, including:
dividing a probability interval [0,1 ] into a plurality of subintervals according to characters corresponding to all data in the second-stage compressed data and the occurrence probability of each character in all characters; wherein each subinterval corresponds to a character, and the size of each subinterval is proportional to the probability of the corresponding character in the total characters;
sequentially reading characters corresponding to all data in the second-stage compressed data, and obtaining subintervals [ L, R ] corresponding to each character, wherein L is more than or equal to 0 and less than or equal to 1;
calculating left=left+ (right-left) ×l and right=left+ (right-left) ×r to obtain a coding section [ left, right ] after compression coding of each character; wherein, the initial value of left is 0, and the initial value of right is 1;
and storing any decimal in a coding interval [ left, right ] corresponding to each character in a binary form to obtain a source data compression packet.
Specifically, all data in the second-stage compressed data are counted, and the occurrence frequency of all characters is counted, so that the occurrence probability of each character in the total characters is obtained. The higher the character out frequency, the larger the ratio in the total interval, and the sum of all intervals of the character is [0,1 ]. Starting with an initial probability interval 0, 1), let=0, right=1. And continuously reading in characters of the original data, and finding out subintervals [ L, R ] where the current characters are located. Then, by calculating left=left+ (right-left) ×l and right=left+ (right-left) ×r, a coded section [ left, right ] after compression coding of each character is obtained, wherein L, R is a character probability section, right, left is a coded section of the character to be converted, and the coded section of each character after conversion is obtained after calculation. And finally, outputting any decimal in the obtained coding interval [ left, right) in a binary form to obtain coded data.
In one specific application, as shown in connection with FIG. 3, the data in the second stage of compressed data includes: 0x12, 0x13, 0x59, and 0x13, the number of occurrences of each character is counted, wherein 0x12 occurs 1 time, 0x13 occurs 2 times, and 0x59 occurs 1 time. The probabilities are arranged from small to large, respectively, 0x12:0.25,0x59:0.25,0x13:0.5, then subintervals 0x12, 0x59 and 0x13 are [0,0.25 ], [0.25,5) and [0.5, 1), respectively.
Code is fetched according to data: the coding interval of character 0x12 is [0,0.25); the code is fetched again, because the subinterval of 0x13 is [0.5, 1), then the code is continued in the code interval [0,0.25 ], and the code interval of 0x13 is [0.125,0.25 ]. Similarly, if the subinterval of 0x59 is [0.25,0.5 ], the encoding is continued in the encoding interval [0.125, 0.25), and the encoding interval of 0x59 is [0.15625,0.1875 ]. The last data 0x13 is [0.171875,0.1875 ] in the [0.15625,0.1875 ] coding section. Thus, any fraction in the interval need only be stored in binary, and this example is stored in 0.171875, corresponding to binary 0.001011.
Decoding: by last stored [0.171875,0.1875) encoding the section, [0,0.25 ], [0.25,0.5 ], [0.5, 1) can know that the section falls within [0,0.25 ], i.e., represents the first data is 0x 12. [0,0.25) has three coding regions, respectively [0,0.0625 ], [0.0625,0.125 ], [0.125, 0.25), and [0.171875,0.1875 ] falling at [0.125,0.25 ], representing the second data as 0x13. [0.125, 0.25) has three coding intervals, [0.125,0.15626 ], [0.15626,0.1875 ], [0.1875,0.25 ], [0.171875,0.1875) falling at [0.15625,0.1875 ], i.e., representing a third data of 0x 59. [0.15625,0.1875) has three coding intervals, respectively [0.15625,0.1640625 ], [0.1640625,0.171875 ], [0.171875,0.1875), and the data interval [0.171875,0.1875) coincides with the last coding interval [0.171875,0.1875), representing the last data, having a value of 0x13. Parsing is complete from 0.001011 to source data 0x12, 0x13, 0x59,0x 13. Thus, 4×8=32 bits of data can be stored with 6 bits without loss, and the compression ratio is 5.33. Meanwhile, the application uses three-level compression algorithm to source data, and reduces the space resource occupancy rate to the security chip in the upgrading process.
Referring to fig. 4, another method for lossless upgrade of loadable execution files is provided in an embodiment of the present disclosure, including:
step 401: and the security chip responds to the upgrading session request of the user and acquires an upgrading session check code carried in the upgrading session request.
Step 402: and the security chip performs multistage lossless compression coding on the source data packet analyzed before upgrading to obtain a source data compressed packet and stores the source data compressed packet into a nonvolatile memory.
Step 403: the security chip discretely reorganizes and derivatives a group of session keys only supporting preset bits of the current upgrading session request according to the built-in root key and the random number generated by the true random number generator.
Step 404: and the security chip jointly carries out Advanced Encryption Standard (AES) encryption on the session key and the source data compression packet to generate an encrypted source data compression packet.
Step 405: under the condition that the software is abnormally interrupted in the upgrading process, the safety chip triggers an abnormal interruption manager to enter a source data restoring stage or a conventional recovery flow according to different interruption conditions so as to recover the source data compression packet to the source data packet before upgrading according to the upgrading session check code.
In an embodiment of the present application, as shown in connection with fig. 5, the security chip checks the current state and starts the upgrade process in response to the upgrade session request of the user. The security chip generates an 8-byte upgrade Session check code, a Root Key of a Root Key built in the security chip is used for discretely recombining and deriving a group of 128-bit Session keys according to random numbers generated by a true random number generator, and two groups of data are stored in a cache of the security chip. The session key only supports the current upgrade process, is stored in the upgrade cache after being derived, and is disabled after the upgrade process is completed/terminated. The security chip reads the source data before upgrading and outputs a source data compressed packet after three-level lossless compression coding. The security chip takes out 128-bit session key from the upgrade cache, and enters an encryptor with the source data compression packet to be encrypted by AES (Advanced Encryption Standard ) to obtain the final encrypted source data compression packet.
In an embodiment of the application, the source data reduction phase includes an active mode and a passive mode: in the active mode, under the condition that the user's termination upgrading request is correct and the upgrading termination check code and the verification result of the upgrading session check code contained in the termination upgrading request pass, the source data compression packet is decrypted and decompressed in multiple stages. In the passive mode, directly acquiring an upgrading session check code in a cache, and under the condition that a signature verification result passes, decrypting and multi-stage decompressing the source data compression packet.
In the active mode, the security chip responds to an upgrade termination request of a user to acquire an upgrade termination check code of a preset bit attached to the upgrade termination request. Then, the upgrade termination check code is checked against the upgrade session check code stored in the cache. And under the condition that the upgrade termination request is correct in format and the verification result passes, performing AES decryption on the encrypted source data compression packet to obtain the source data compression packet. And finally, carrying out multistage decompression on the source data compression packet so as to restore the source data to the upgrade address and clear the upgrade session check code and the session key.
In the passive mode, the security chip directly acquires the upgrade session check code in the internal cache, and after the signature verification result passes, decompresses the source data compression packet after decryption to recover the source data packet to a state before upgrade.
In addition, the conventional recovery flow is a Global Platform standard upgrade interrupt recovery flow.
Specifically, as shown in fig. 6, if the security chip is powered off or other anomalies cause compression/encryption failure in the preprocessing stage of the software upgrading process, the security chip enters a passive recovery mode through the abort manager, and the upgrading session is terminated to notify the user of re-upgrading. If the security chip is abnormally interrupted in the save stage of ELF upgrading and is in a cleaning or deleting sequence interruption, the abnormal interruption management after the power-on again triggers a reduction mode to restore data, and if the recovery process is interrupted, the abnormal interruption management after the power-on again executes the recovery process again until the recovery is completed. If the power is off during the sequence saving, the upgrade session recovery request can be used to enter the conventional recovery flow, or the upgrade session termination request without check code is sent to terminate the flow, the session data and the data packet are deleted directly, and the security chip restores the state before upgrade after completion. And then entering a loading stage, waiting for loading to be completed, and entering a recovery stage. If the recovery stage is powered off, the upgrade session recovery request can be used to enter a conventional recovery flow, or an upgrade termination request termination flow with an upgrade termination check code is sent, a recovery mode is executed, and after the completion, the security chip recovers the state before upgrade. And after the recovery stage is completed, the ELF lossless upgrading process is completed.
Optionally, the restoration mode of the secure chip refers to that the secure chip takes out the 128-bit session key from the cache, and AES decrypts the encrypted source data compression packet to obtain the source data compression packet plaintext. And (3) entering a decompression stage, and obtaining source data after 3 times of decompression. Restoring the source data to the upgrade address, clearing all session data including session key, check code, cache object, compressed package and other data, terminating the upgrade flow, and restoring the state before upgrade by the security chip.
Alternatively, as shown in connection with fig. 7, the recovery mode includes a passive mode and an active mode, where the passive mode refers to an abnormal interrupt (such as a preprocessing stage) occurring in some important stages, and the process must be restarted. At this time, the security chip obtains the upgrade session check code from the internal upgrade cache, and performs a decryption operation on the source data by checking the upgrade session check code with the source data compression packet. The active mode is to respond to the upgrade termination request of the user, obtain the upgrade termination check code contained in the upgrade termination request, check the upgrade termination check code with the upgrade session check code stored in the cache, decrypt and decompress the encrypted source data compression packet in multiple stages under the condition that the upgrade termination request is in a correct format and the label verification result is passed, so as to restore the source data to the upgrade address and clear all session data.
Thus, the present application can function by manufacturing verification of data integrity and reliability after an anomaly interrupt. Compared with the existing upgrading scheme, if the package upgrading is required, 3 sequences need to be saved, cleaned and deleted in the saving stage, and if the data is abnormally interrupted (abnormal power failure, dead halt and the like) during the data cleaning/deleting sequence, the data and the ELF have the risk of losing. At this time, the application instance may be in an incorrect state, and the original packet cannot be recovered normally. By using the data compression encryption backup method, even if various abnormal interrupts are encountered, the source data can be normally recovered after decryption and decompression, and after upgrading is completed, the compression packet is deleted, so that excessive space resources are not occupied.
As shown in connection with fig. 8, an embodiment of the present disclosure provides a secure chip including a processor (processor) 800 and a memory (memory) 801 integrated within the secure chip. Optionally, the apparatus may further comprise a communication interface (Communication Interface) 802 and a bus 803. The processor 800, the communication interface 802, and the memory 801 may communicate with each other via the bus 803. The communication interface 802 may be used for information transfer. The processor 800 may call logic instructions in the memory 801 to perform the lossless upgrade method of the loadable execution file of the above-described embodiment.
Further, the logic instructions in the memory 801 described above may be implemented in the form of software functional units and sold or used as a separate product, and may be stored in a computer readable storage medium.
The memory 801 is a computer readable storage medium that may be used to store a software program, a computer executable program, and program instructions/modules corresponding to the methods in the embodiments of the present disclosure. The processor 800 executes the functional applications and data processing by running the program instructions/modules stored in the memory 801, i.e. the lossless upgrade method of loadable execution files in the above-described embodiment is implemented.
The memory 801 may include a storage program area that may store an operating system, at least one application program required for functions, and a storage data area; the storage data area may store data created according to the use of the terminal device, etc. In addition, the memory 801 may include a high-speed random access memory, and may also include a nonvolatile memory.
Embodiments of the present disclosure provide a computer-readable storage medium storing computer-executable instructions configured to perform a lossless upgrade method of a loadable execution file as described above.
The computer readable storage medium may be a transitory computer readable storage medium or a non-transitory computer readable storage medium.
Embodiments of the present disclosure may be embodied in a software product stored on a storage medium, including one or more instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of a method of embodiments of the present disclosure. And the aforementioned storage medium may be a non-transitory storage medium including: a plurality of media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or a transitory storage medium.
The above description and the drawings illustrate embodiments of the disclosure sufficiently to enable those skilled in the art to practice them. Other embodiments may involve structural, logical, electrical, process, and other changes. The embodiments represent only possible variations. Individual components and functions are optional unless explicitly required, and the sequence of operations may vary. Portions and features of some embodiments may be included in, or substituted for, those of others. Moreover, the terminology used in the present application is for the purpose of describing embodiments only and is not intended to limit the claims. As used in the description of the embodiments and the claims, the singular forms "a," an, "and" (the) are intended to include the plural forms as well, unless the context clearly indicates otherwise. Similarly, the term "and/or" as used in this disclosure is meant to encompass any and all possible combinations of one or more of the associated listed. Furthermore, when used in the present disclosure, the terms "comprises," "comprising," and/or variations thereof, mean that the recited features, integers, steps, operations, elements, and/or components are present, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. Without further limitation, an element defined by the phrase "comprising one …" does not exclude the presence of other like elements in a process, method or apparatus comprising such elements. In this context, each embodiment may be described with emphasis on the differences from the other embodiments, and the same similar parts between the various embodiments may be referred to each other. For the methods, products, etc. disclosed in the embodiments, if they correspond to the method sections disclosed in the embodiments, the description of the method sections may be referred to for relevance.
Those of skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. The skilled person may use different methods for each particular application to achieve the described functionality, but such implementation should not be considered to be beyond the scope of the embodiments of the present disclosure. It will be clearly understood by those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described systems, apparatuses and units may refer to corresponding procedures in the foregoing method embodiments, which are not described herein again.
In the embodiments disclosed herein, the disclosed methods, articles of manufacture (including but not limited to devices, apparatuses, etc.) may be practiced in other ways. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of elements may be merely a logical functional division, and there may be additional divisions when actually implemented, e.g., multiple elements or components may be combined or integrated into another system, or some features may be omitted or not performed. In addition, the coupling or direct coupling or communication connection shown or discussed with each other may be through some interface, device or unit indirect coupling or communication connection, which may be in electrical, mechanical or other form. The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed over a plurality of network units. Some or all of the units may be selected according to actual needs to implement the present embodiment. In addition, each functional unit in the embodiments of the present disclosure may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit.
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). In some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. In the description corresponding to the flowcharts and block diagrams in the figures, operations or steps corresponding to different blocks may also occur in different orders than that disclosed in the description, and sometimes no specific order exists between different operations or steps. For example, two consecutive operations or steps may actually be performed substantially in parallel, they may sometimes be performed in reverse order, which may be dependent on the functions involved. Each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Claims (11)
1. The lossless upgrading method of loadable execution file is applied to a security chip and is characterized by comprising the following steps:
responding to an upgrade session request of a user to enter an upgrade process, and acquiring and caching an upgrade session check code carried in the upgrade session request;
carrying out multistage lossless compression coding on the source data packet analyzed before upgrading to obtain a source data compressed packet and storing the source data compressed packet into a nonvolatile memory;
encrypting the source data compression packet by a session key derived from the root key to generate an encrypted source data compression packet;
under the condition that abnormal interruption occurs in the software upgrading process, triggering an abnormal interruption manager, and entering a source data restoring stage or a conventional recovery flow according to different interruption conditions so as to recover a source data compression packet to a source data packet before upgrading according to an upgrading session check code.
2. The lossless upgrade method according to claim 1, wherein the performing multi-level lossless compression encoding on the source data packet parsed before upgrade to obtain a source data compressed packet comprises:
performing first-stage compression coding on source data in the source data packet according to a preset first compression coding rule to obtain first-stage compression data;
Performing second-stage compression encoding on the first-stage compression data according to a preset second compression encoding rule to obtain second-stage compression data;
and carrying out statistic coding based on the data probability, and carrying out third-stage compression coding on the second-stage compression data to obtain the source data compression packet.
3. The lossless upgrade method according to claim 2, wherein the first-stage compression coding of the source data in the source data packet according to a preset first compression coding rule, to obtain first-stage compressed data, comprises:
under the condition that two adjacent data in the source data are smaller than a first threshold value, compressing and merging the two adjacent data into one data;
under the condition that any one data in the source data is larger than or equal to a first threshold value, original data are reserved;
and setting a first data head zone bit corresponding to each data according to the big end rule to obtain first-stage compressed data with a fixed byte number.
4. The lossless upgrade method according to claim 3, wherein the performing second-stage compression coding on the first-stage compressed data according to a preset second compression coding rule to obtain second-stage compressed data comprises:
Selecting one of the data as compressed and combined data under the condition that the difference value of two adjacent data in the first-stage compressed data is smaller than or equal to a second threshold value;
under the condition that the difference value of two adjacent data in the first-stage compressed data is larger than a second threshold value, original data are reserved;
setting a second data head flag bit for recording the data compression process to obtain second-stage compressed data with a fixed byte number.
5. The lossless upgrade method according to claim 4, wherein the performing the statistical encoding based on the data probability performs third-stage compression encoding on the second-stage compressed data to obtain the source data compression packet, comprises:
dividing a probability interval [0,1 ] into a plurality of subintervals according to characters corresponding to all data in the second-stage compressed data and the occurrence probability of each character in all characters; wherein each subinterval corresponds to a character, and the size of each subinterval is proportional to the probability of the corresponding character in the total characters;
sequentially reading characters corresponding to all data in the second-stage compressed data, and obtaining subintervals [ L, R ] corresponding to each character, wherein L is more than or equal to 0 and less than or equal to 1;
Calculating left=left+ (right-left) ×l and right=left+ (right-left) ×r to obtain a coding section [ left, right ] after compression coding of each character; wherein, the initial value of left is 0, and the initial value of right is 1;
and storing any decimal in a coding interval [ left, right ] corresponding to each character in a binary form to obtain the source data compression packet.
6. The lossless upgrade method according to claim 1, wherein the encrypting the source data compression packet by the session key derived from the root key, generating an encrypted source data compression packet, comprises:
according to the built-in root key and the random number generated by the true random number generator, a group of session keys only supporting the preset bit of the current upgrading session request are discretely recombined and derived;
and carrying out Advanced Encryption Standard (AES) encryption on the session key and the source data compression packet together to generate an encrypted source data compression packet.
7. The lossless upgrade method according to claim 1, wherein the source data reduction phase comprises an active mode and a passive mode:
in the active mode, under the condition that the upgrade termination request of the user is correct and the upgrade termination check code and the label verification result of the upgrade session check code contained in the upgrade termination request pass, decrypting and multi-stage decompressing are carried out on the source data compression packet;
In the passive mode, directly acquiring an upgrading session check code in a cache, and under the condition that a signature verification result passes, decrypting and multi-stage decompressing the source data compression packet.
8. The lossless upgrade method according to claim 7, wherein the decrypting and multi-stage decompressing the source data compression packet in the case that the user's termination upgrade request is correct and the upgrade termination check code and the verification result of the upgrade session check code included in the termination upgrade request pass, comprises:
responding to an upgrade termination request of a user, and acquiring an upgrade termination check code of a preset bit attached to the upgrade termination request;
checking the upgrade termination check code with the upgrade session check code stored in the cache;
under the condition that the upgrade termination request is correct in format and the verification result passes, performing AES decryption on the encrypted source data compression packet to obtain the source data compression packet;
and performing multistage decompression on the source data compression packet to restore the source data to the upgrade address and clear the upgrade session check code and the session key.
9. A lossless upgrade method according to any one of claims 1 to 8, wherein the upgrade session request is accompanied by an upgrade session check code of a preset bit, which is only valid in the current upgrade session request for decryption function verification in active mode of the source data restore phase.
10. A security chip comprising a processor integrated within the security chip and a memory storing program instructions, wherein the processor is configured to perform a lossless upgrade method of a loadable execution file according to any of claims 1 to 9 when the program instructions are executed.
11. A storage medium storing program instructions which, when executed, perform a method of lossless upgrade of loadable execution files as claimed in any one of claims 1 to 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311036449.9A CN116775365B (en) | 2023-08-17 | 2023-08-17 | Lossless upgrading method for loadable execution file, security chip and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311036449.9A CN116775365B (en) | 2023-08-17 | 2023-08-17 | Lossless upgrading method for loadable execution file, security chip and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116775365A true CN116775365A (en) | 2023-09-19 |
| CN116775365B CN116775365B (en) | 2023-12-22 |
Family
ID=88011883
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311036449.9A Active CN116775365B (en) | 2023-08-17 | 2023-08-17 | Lossless upgrading method for loadable execution file, security chip and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116775365B (en) |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20020065269A (en) * | 2001-02-06 | 2002-08-13 | 주식회사 케이티프리텔 | A system for upgrading softwares in a terminal using printed code images |
| CN101901160A (en) * | 2010-08-11 | 2010-12-01 | 中兴通讯股份有限公司 | Packing method and device of version upgrading software package |
| CN101984405A (en) * | 2010-10-11 | 2011-03-09 | 中兴通讯股份有限公司 | Method of software version upgrade and terminal and system |
| CN104394144A (en) * | 2014-11-24 | 2015-03-04 | 蔡志明 | Secure transmission method for medical data of cloud storage |
| CN111158719A (en) * | 2019-12-26 | 2020-05-15 | 湖南快乐阳光互动娱乐传媒有限公司 | Application software upgrading method and device |
| CN111831482A (en) * | 2020-07-20 | 2020-10-27 | 上海金脉电子科技有限公司 | Self-rollback data refreshing method and system based on compressed backup |
| US20210256114A1 (en) * | 2018-11-09 | 2021-08-19 | Huawei Technologies Co., Ltd. | Over-The-Air Upgrade Method and Related Apparatus |
| CN114095037A (en) * | 2022-01-17 | 2022-02-25 | 浙江地芯引力科技有限公司 | Application program updating method, updating data compression method, device and equipment |
| WO2023285399A1 (en) * | 2021-07-12 | 2023-01-19 | Giesecke+Devrient Mobile Security Gmbh | Replacement of executable load files in secure elements |
| CN116521210A (en) * | 2023-04-18 | 2023-08-01 | 宁夏隆基宁光仪表股份有限公司 | Method for upgrading firmware difference of Internet of things water meter |
-
2023
- 2023-08-17 CN CN202311036449.9A patent/CN116775365B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20020065269A (en) * | 2001-02-06 | 2002-08-13 | 주식회사 케이티프리텔 | A system for upgrading softwares in a terminal using printed code images |
| CN101901160A (en) * | 2010-08-11 | 2010-12-01 | 中兴通讯股份有限公司 | Packing method and device of version upgrading software package |
| CN101984405A (en) * | 2010-10-11 | 2011-03-09 | 中兴通讯股份有限公司 | Method of software version upgrade and terminal and system |
| CN104394144A (en) * | 2014-11-24 | 2015-03-04 | 蔡志明 | Secure transmission method for medical data of cloud storage |
| US20210256114A1 (en) * | 2018-11-09 | 2021-08-19 | Huawei Technologies Co., Ltd. | Over-The-Air Upgrade Method and Related Apparatus |
| CN111158719A (en) * | 2019-12-26 | 2020-05-15 | 湖南快乐阳光互动娱乐传媒有限公司 | Application software upgrading method and device |
| CN111831482A (en) * | 2020-07-20 | 2020-10-27 | 上海金脉电子科技有限公司 | Self-rollback data refreshing method and system based on compressed backup |
| WO2023285399A1 (en) * | 2021-07-12 | 2023-01-19 | Giesecke+Devrient Mobile Security Gmbh | Replacement of executable load files in secure elements |
| CN114095037A (en) * | 2022-01-17 | 2022-02-25 | 浙江地芯引力科技有限公司 | Application program updating method, updating data compression method, device and equipment |
| CN116521210A (en) * | 2023-04-18 | 2023-08-01 | 宁夏隆基宁光仪表股份有限公司 | Method for upgrading firmware difference of Internet of things water meter |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116775365B (en) | 2023-12-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| WO2019153867A1 (en) | Two-dimensional code generation and identification | |
| CN110716895B (en) | Target data archiving method, device, computer equipment and medium | |
| CN109885256B (en) | Data storage method, device and medium based on data slicing | |
| CN111385084A (en) | Key management method and device for digital assets and computer readable storage medium | |
| CN111984987A (en) | Method, device, system and medium for desensitization and reduction of electronic medical record | |
| CN102624545A (en) | Data backup method, data backup device, data recovery method and data recovery device of network management system | |
| CN116775365B (en) | Lossless upgrading method for loadable execution file, security chip and storage medium | |
| CN113688399A (en) | Firmware digital signature protection method and device, computer equipment and storage medium | |
| CN112437060B (en) | Data transmission method and device, computer equipment and storage medium | |
| CN108710804A (en) | A kind of band hardware encryption Rapid Updating of computer UEFI firmwares | |
| CN111881480A (en) | Private data encryption method and device, computer equipment and storage medium | |
| US9773243B1 (en) | System for structured encryption of payment card track data with additional security data | |
| CN116208420B (en) | Monitoring information safety transmission method, system, equipment and storage medium | |
| CN110674511A (en) | Offline data protection method and system based on elliptic curve encryption algorithm | |
| CN115567212A (en) | File processing method and device, computer equipment and computer readable storage medium | |
| CN113922968A (en) | Access token generation and verification method and device, electronic equipment and storage medium | |
| CN116391185A (en) | Method and system for differential deduplication in untrusted storage | |
| CN111459899A (en) | Log sharing method and device and terminal equipment | |
| EP3588841A1 (en) | Method and device for executing an authentication scheme | |
| CN115001665B (en) | Data reinforcement method and data transmission system based on data isolation exchange scene | |
| CN114239091B (en) | Disk encryption method and system based on trusted chip | |
| CN116880778B (en) | User privacy protection method based on regenerative coding and distributed storage | |
| CN109240849B (en) | Data backup method and device and multipoint control unit for video conference system | |
| CN113283215B (en) | Data confusion method and device based on UTF-32 coding | |
| CN111753316B (en) | Object storage metadata encryption method, system, terminal and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |