CN116992474A - Firmware encryption method and device - Google Patents
Firmware encryption method and device Download PDFInfo
- Publication number
- CN116992474A CN116992474A CN202311098491.3A CN202311098491A CN116992474A CN 116992474 A CN116992474 A CN 116992474A CN 202311098491 A CN202311098491 A CN 202311098491A CN 116992474 A CN116992474 A CN 116992474A
- Authority
- CN
- China
- Prior art keywords
- key
- encryption algorithm
- firmware
- encryption
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 49
- 238000012545 processing Methods 0.000 claims abstract description 10
- 238000004590 computer program Methods 0.000 claims description 24
- 230000006870 function Effects 0.000 claims description 17
- 230000000739 chaotic effect Effects 0.000 claims description 10
- 238000012795 verification Methods 0.000 claims description 7
- 238000006243 chemical reaction Methods 0.000 claims description 4
- 230000008569 process Effects 0.000 abstract description 12
- 239000000969 carrier Substances 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 8
- 230000004044 response Effects 0.000 description 4
- 238000004891 communication Methods 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000012544 monitoring process Methods 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 235000019800 disodium phosphate Nutrition 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0602—Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
- G06F3/062—Securing storage systems
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/001—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using chaotic signals
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Power Engineering (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Human Computer Interaction (AREA)
- Storage Device Security (AREA)
Abstract
The application is applicable to the technical field of processing of record carriers, and provides a firmware encryption method, a device and terminal equipment, wherein the method comprises the following steps: generating an asymmetric encryption algorithm key and a symmetric encryption algorithm key; encrypting the firmware to be encrypted based on the symmetric encryption algorithm private key to obtain encrypted firmware; extracting an asymmetric encryption algorithm public key from the asymmetric encryption algorithm key; encrypting the symmetric encryption algorithm key based on the asymmetric encryption algorithm public key to obtain a target key; and storing the target key and the encrypted firmware to a target memory. According to the scheme, the asymmetric encryption algorithm key is used for carrying out secondary encryption on the symmetric encryption algorithm key, the matched asymmetric encryption algorithm private key is not required to be exposed and is directly stored in an external encryption chip, and the symmetric encryption algorithm key is used for decrypting in the starting process of the embedded system. Therefore, the encryption and decryption security and efficiency can be simultaneously considered.
Description
Technical Field
The application belongs to the technical field of processing of record carriers, and particularly relates to a firmware encryption method and device.
Background
For the volatile type FPGA based on SRAM, when the system is powered on, FPGA firmware needs to be loaded from an external nonvolatile memory (such as FLASH) to normally operate. However, since the FPGA firmware is stored in the nonvolatile memory, the acquisition of data from the nonvolatile memory (e.g., reading FLASH data using a burner) cannot be completely prevented, which may present a risk of exposing the FPGA firmware data. For commercial products, this means that the product is easily duplicated and intellectual property and commercial value cannot be protected.
At present, AES encryption and decryption or RSA encryption and decryption are integrated in the existing FPGA chip. Because the encryption and decryption efficiency of the RSA asymmetric encryption algorithm is low, and the data length is limited, for example: 1024-bit keys can only encrypt 128B-length data (including 11B padding) at most at a time, if the FPGA firmware is to be encrypted and decrypted, the FPGA firmware is generally MB-level in size, so that the FPGA firmware needs to be subjected to block processing, and then the processed data blocks are spliced together, so that the efficiency is relatively low, but if an AES algorithm is adopted, the efficiency is high, the size of the firmware data does not need to be considered, and the block processing is not needed. However, the AES algorithm has a disadvantage that the security is not as high as RSA, because it is a symmetric encryption algorithm, encryption and decryption keys must be consistent, so that the encryption and decryption keys must be mutually communicated, and there is a risk of leakage. Therefore, how to solve the problem between AES encryption and decryption and RSA encryption and decryption becomes a technical problem to be solved.
Disclosure of Invention
In view of this, the embodiments of the present application provide a firmware encryption method, apparatus, terminal device, and computer readable storage medium, so as to solve the technical problem between AES encryption and RSA encryption and decryption.
A first aspect of an embodiment of the present application provides a firmware encryption method, including:
generating an asymmetric encryption algorithm key and a symmetric encryption algorithm key;
encrypting the firmware to be encrypted based on the symmetric encryption algorithm private key to obtain encrypted firmware;
extracting an asymmetric encryption algorithm public key from the asymmetric encryption algorithm key;
encrypting the symmetric encryption algorithm key based on the asymmetric encryption algorithm public key to obtain a target key;
and storing the asymmetric encryption algorithm public key to an encryption chip, and storing the target key and the encryption firmware to a target memory.
Further, the step of storing the asymmetric encryption algorithm public key to an encryption chip and storing the target key and the encryption firmware to a target memory includes:
calculating an MD5 check code of the encrypted firmware;
and storing the asymmetric encryption algorithm public key to an encryption chip, and storing the MD5 check code, the target key and the encryption firmware to the target memory.
Further, after the step of storing the asymmetric encryption algorithm public key to an encryption chip and storing the target key and the encryption firmware to a target memory, the method further includes:
extracting the asymmetric encryption algorithm key from the encryption chip;
decrypting the target key based on the asymmetric encryption algorithm key to obtain the symmetric encryption algorithm key;
decrypting the encrypted firmware based on the symmetric encryption algorithm key to obtain the current firmware;
checking the current firmware based on the MD5 check code;
and if the current firmware passes the verification, determining that the current firmware is the firmware to be encrypted.
Further, the step of generating the asymmetric encryption algorithm key and the symmetric encryption algorithm key includes:
acquiring a first random number generated by a random number generator;
generating a second random number based on the current time;
performing exclusive OR operation on the first random number and the second random number to obtain a target random number;
performing iterative operation on the target random number through a hash function to obtain a candidate value;
acquiring a first prime number and a second prime number positioned at two sides of the candidate value;
calculating and generating the asymmetric encryption algorithm key based on the first prime number and the second prime number;
a symmetric encryption algorithm key is generated.
Further, the step of generating the asymmetric encryption algorithm key based on the first prime number and the second prime number includes:
taking the first prime number and the second prime number as initial seed values;
based on the encryption chaotic function, carrying out iterative updating on the initial seed value to obtain a plurality of chaotic values;
mixing a plurality of chaos values with a preset entropy value to obtain a value set;
and converting the numerical value set into the asymmetric encryption algorithm key based on a preset conversion rule.
Further, the step of iteratively updating the initial seed value based on the encrypted chaotic function to obtain a plurality of chaotic values includes:
substituting the initial seed value into the following formula to obtain a plurality of chaos values;
wherein X is n+1 Representing the chaos value, X n And (3) representing the initial seed value, wherein R represents a preset control parameter, a represents an influence factor parameter, and pi represents a circumference ratio.
Further, the step of generating the symmetric encryption algorithm key includes:
generating a random number with a preset number of bits;
dividing the random number according to a preset bit length to obtain a plurality of sub-random numbers;
obtaining a plurality of mantissas corresponding to the sub-random numbers respectively;
summing the mantissas to obtain a target value;
replacing a plurality of mantissas corresponding to the sub-random numbers with the target numerical values to obtain a plurality of mixed values;
and splicing the mixed values into the symmetric encryption algorithm keys in sequence.
A second aspect of an embodiment of the present application provides a firmware encryption apparatus, including:
a generation unit configured to generate an asymmetric encryption algorithm key and a symmetric encryption algorithm key;
the first encryption unit is used for encrypting the firmware to be encrypted based on the symmetric encryption algorithm private key to obtain encrypted firmware;
an extracting unit, configured to extract an asymmetric encryption algorithm public key from the asymmetric encryption algorithm key;
the second encryption unit is used for carrying out encryption processing on the symmetric encryption algorithm key based on the asymmetric encryption algorithm public key to obtain a target key;
and the storage unit is used for storing the asymmetric encryption algorithm public key to an encryption chip and storing the target key and the encryption firmware to a target memory.
A third aspect of an embodiment of the present application provides a terminal device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, the processor implementing the steps of the method of the first aspect when executing the computer program.
A fourth aspect of the embodiments of the present application provides a computer-readable storage medium storing a computer program which, when executed by a processor, implements the steps of the method of the first aspect.
Compared with the prior art, the embodiment of the application has the beneficial effects that: the application generates an asymmetric encryption algorithm key and a symmetric encryption algorithm key; encrypting the firmware to be encrypted based on the symmetric encryption algorithm private key to obtain encrypted firmware; extracting an asymmetric encryption algorithm public key from the asymmetric encryption algorithm key; encrypting the symmetric encryption algorithm key based on the asymmetric encryption algorithm public key to obtain a target key; and storing the asymmetric encryption algorithm public key to an encryption chip, and storing the target key and the encryption firmware to a target memory. According to the scheme, the asymmetric encryption algorithm key is used for carrying out secondary encryption on the symmetric encryption algorithm key, the matched asymmetric encryption algorithm private key is not required to be exposed and is directly stored in an external encryption chip, and the symmetric encryption algorithm key is used for decrypting in the starting process of the embedded system. Therefore, the encryption and decryption security and efficiency can be simultaneously considered.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments or the related technical descriptions will be briefly described, and it is apparent that the drawings in the following description are only some embodiments of the present application, and other drawings may be obtained according to the drawings without inventive effort for those skilled in the art.
FIG. 1 is a schematic diagram of a firmware-encrypted device architecture according to the present application;
FIG. 2 is a schematic diagram of an encryption process provided by the present application;
FIG. 3 is a schematic diagram of a firmware encryption apparatus according to an embodiment of the present application;
fig. 4 shows a schematic diagram of a terminal device according to an embodiment of the present application.
Description of the embodiments
In the following description, for purposes of explanation and not limitation, specific details are set forth such as the particular system architecture, techniques, etc., in order to provide a thorough understanding of the embodiments of the present application. It will be apparent, however, to one skilled in the art that the present application may be practiced in other embodiments that depart from these specific details. In other instances, detailed descriptions of well-known systems, devices, circuits, and methods are omitted so as not to obscure the description of the present application with unnecessary detail.
The embodiment of the application provides a firmware encryption method, a firmware encryption device, terminal equipment and a computer readable storage medium, which are used for solving the technical problem between AES encryption and decryption and RSA encryption and decryption.
First, the application provides a firmware encryption method. The execution main body of the firmware encryption method is a terminal device. Referring to fig. 1, fig. 1 is a schematic flowchart of a firmware encryption method provided by the present application. As shown in fig. 1, the firmware encryption method may include the steps of:
step 101: generating an asymmetric encryption algorithm key and a symmetric encryption algorithm key;
the asymmetric encryption algorithm key and the symmetric encryption algorithm key may be generated using opensl. Wherein OpenSSL is an open-source software library that provides encryption functions and tools. It is widely used in various applications for secure communication, data encryption and authentication. It provides a comprehensive set of encryption algorithms and utilities for implementing secure connections, generating digital certificates, and performing encryption operations.
Wherein the asymmetric encryption algorithm key comprises an RSA private key and the symmetric encryption algorithm key comprises an AES key.
Specifically, step 101 specifically includes steps 1011 to 1017:
step 1011: acquiring a first random number generated by a random number generator;
step 1012: generating a second random number based on the current time;
step 1013: performing exclusive OR operation on the first random number and the second random number to obtain a target random number;
step 1014: performing iterative operation on the target random number through a hash function to obtain a candidate value;
step 1015: acquiring a first prime number and a second prime number positioned at two sides of the candidate value;
step 1016: calculating and generating the asymmetric encryption algorithm key based on the first prime number and the second prime number;
specifically, step 1016 specifically includes steps A1 through A4:
step A1: taking the first prime number and the second prime number as initial seed values;
step A2: based on the encryption chaotic function, carrying out iterative updating on the initial seed value to obtain a plurality of chaotic values;
specifically, step A2 is implemented by:
substituting the initial seed value into the following formula to obtain a plurality of chaos values;
wherein X is n+1 Representing the chaos value, X n And (3) representing the initial seed value, wherein R represents a preset control parameter, a represents an influence factor parameter, and pi represents a circumference ratio.
The application comprehensively considers the influence of various factors, and can increase the complexity of the key due to the initial seed value, the preset control parameter, the influence factor parameter and the circumference ratio. Therefore, the application calculates a plurality of chaos values based on the initial seed value, the preset control parameter, the influence factor parameter and the circumference ratio to calculate the final asymmetric encryption key. The above formula is based on a large amount of experimental data and verification, but is not limited to the above mathematical expression.
Step A3: mixing a plurality of chaos values with a preset entropy value to obtain a value set;
in order to further increase the complexity of the key, the application mixes a plurality of chaos values with a preset entropy value to obtain a value set.
Step A4: and converting the numerical value set into the asymmetric encryption algorithm key based on a preset conversion rule.
The preset conversion rule means that the value sets are spliced to obtain two intermediate values according to the value sizes. Multiplying the two values to obtain the target value. The first intermediate value and the target value are used as public keys, and the second intermediate value and the target value are used as private keys. The asymmetric encryption algorithm key comprises an asymmetric encryption algorithm public key and an asymmetric encryption algorithm private key.
Step 1017: a symmetric encryption algorithm key is generated.
In this embodiment, a first random number generated by a random number generator and a current time are used to generate a second random number, a target random number is obtained according to the first random number and the second random number, and a candidate value is obtained by performing iterative operation on the target random number through a hash function. Then, adjacent prime numbers on both sides of the candidate value are selected as two prime numbers required for generating the asymmetric encryption algorithm key. Finally, the two prime numbers are used to calculate the private key of the asymmetric encryption algorithm and generate the secret key of the symmetric encryption algorithm. To ensure the security and validity of the generated private key and secret key.
Step 102: encrypting the firmware to be encrypted based on the symmetric encryption algorithm private key to obtain encrypted firmware;
step 103: extracting an asymmetric encryption algorithm public key from the asymmetric encryption algorithm key;
step 104: encrypting the symmetric encryption algorithm key based on the asymmetric encryption algorithm public key to obtain a target key;
step 105: and storing the asymmetric encryption algorithm public key to an encryption chip, and storing the target key and the encryption firmware to a target memory.
Specifically, step 105 specifically includes calculating an MD5 check code of the encrypted firmware; and storing the asymmetric encryption algorithm public key to an encryption chip, and storing the MD5 check code, the target key and the encryption firmware to the target memory.
In order to facilitate the subsequent verification of the decrypted file, the method calculates the MD5 verification code of the encrypted firmware, and stores the MD5 verification code, the target key and the encrypted firmware into the target memory, so that the decrypted file is subsequently verified, and the decryption accuracy is improved.
Optionally, step 105 further includes steps 106 to 110:
step 106: extracting the asymmetric encryption algorithm key from the encryption chip;
step 107: decrypting the target key based on the asymmetric encryption algorithm key to obtain the symmetric encryption algorithm key;
step 108: decrypting the encrypted firmware based on the symmetric encryption algorithm key to obtain the current firmware;
step 109: checking the current firmware based on the MD5 check code;
step 110: and if the current firmware passes the verification, determining that the current firmware is the firmware to be encrypted.
The steps 106 to 110 are the opposite processes of the steps 101 to 105, and are not described herein.
For further understanding of the technical solution of the present application, the detailed description is provided herein with reference to the accompanying drawings, as shown in fig. 2, and fig. 2 shows a schematic diagram of the encryption flow provided by the present application. Assuming that the asymmetric encryption algorithm key is an RSA key and the symmetric encryption algorithm key is an AES key, as shown in fig. 2, the openssl server randomly generates the RSA key and the AES key. And storing the public key in the RSA key to an encryption chip, and encrypting the RSA key through the private key in the RSA key. And encrypting the firmware through the encrypted RSA key, generating an MD5 of the encrypted firmware, and finally storing the MD5, the encrypted firmware and the RSA public key into a system to complete the encryption process.
In this embodiment, by generating an asymmetric encryption algorithm key and a symmetric encryption algorithm key; encrypting the firmware to be encrypted based on the symmetric encryption algorithm private key to obtain encrypted firmware; extracting an asymmetric encryption algorithm public key from the asymmetric encryption algorithm key; encrypting the symmetric encryption algorithm key based on the asymmetric encryption algorithm public key to obtain a target key; and storing the asymmetric encryption algorithm public key to an encryption chip, and storing the target key and the encryption firmware to a target memory. According to the scheme, the asymmetric encryption algorithm key is used for carrying out secondary encryption on the symmetric encryption algorithm key, the matched asymmetric encryption algorithm private key is not required to be exposed and is directly stored in an external encryption chip, and the symmetric encryption algorithm key is used for decrypting in the starting process of the embedded system. Therefore, the encryption and decryption security and efficiency can be simultaneously considered.
Referring to fig. 3, fig. 3 is a schematic diagram of a firmware encryption apparatus provided by the present application, and fig. 3 is a schematic diagram of the firmware encryption apparatus provided by the present application, where the firmware encryption apparatus shown in fig. 3 includes:
a generation unit 31 for generating an asymmetric encryption algorithm key and a symmetric encryption algorithm key;
a first encryption unit 32, configured to encrypt the firmware to be encrypted based on the symmetric encryption algorithm private key, to obtain encrypted firmware;
an extracting unit 33 for extracting an asymmetric encryption algorithm public key from the asymmetric encryption algorithm keys;
a second encryption unit 34, configured to encrypt the symmetric encryption algorithm key based on the asymmetric encryption algorithm public key to obtain a target key;
and a storage unit 35, configured to store the asymmetric encryption algorithm public key to an encryption chip, and store the target key and the encryption firmware to a target memory.
The application provides a firmware encryption device, which generates an asymmetric encryption algorithm key and a symmetric encryption algorithm key; encrypting the firmware to be encrypted based on the symmetric encryption algorithm private key to obtain encrypted firmware; extracting an asymmetric encryption algorithm public key from the asymmetric encryption algorithm key; encrypting the symmetric encryption algorithm key based on the asymmetric encryption algorithm public key to obtain a target key; and storing the asymmetric encryption algorithm public key to an encryption chip, and storing the target key and the encryption firmware to a target memory. According to the scheme, the asymmetric encryption algorithm key is used for carrying out secondary encryption on the symmetric encryption algorithm key, the matched asymmetric encryption algorithm private key is not required to be exposed and is directly stored in an external encryption chip, and the symmetric encryption algorithm key is used for decrypting in the starting process of the embedded system. Therefore, the encryption and decryption security and efficiency can be simultaneously considered.
Fig. 4 is a schematic diagram of a terminal device according to an embodiment of the present application. As shown in fig. 4, a terminal device 4 of this embodiment includes: a processor 40, a memory 41 and a computer program 42, e.g. a firmware encrypted program, stored in said memory 41 and executable on said processor 40. The steps of each of the firmware encryption method embodiments described above, such as steps 101 through 105 shown in fig. 1, are implemented when the processor 40 executes the computer program 42. Alternatively, the processor 40, when executing the computer program 42, performs the functions of the units in the above-described device embodiments, such as the functions of the units 31 to 35 shown in fig. 3.
Illustratively, the computer program 42 may be partitioned into one or more units that are stored in the memory 41 and executed by the processor 40 to complete the present application. The one or more units may be a series of computer program instruction segments capable of performing a specific function describing the execution of the computer program 42 in the one terminal device 4. For example, the specific functions of the computer program 42 that may be partitioned into units are as follows:
a generation unit configured to generate an asymmetric encryption algorithm key and a symmetric encryption algorithm key;
the first encryption unit is used for encrypting the firmware to be encrypted based on the symmetric encryption algorithm private key to obtain encrypted firmware;
an extracting unit, configured to extract an asymmetric encryption algorithm public key from the asymmetric encryption algorithm key;
the second encryption unit is used for carrying out encryption processing on the symmetric encryption algorithm key based on the asymmetric encryption algorithm public key to obtain a target key;
and the storage unit is used for storing the asymmetric encryption algorithm public key to an encryption chip and storing the target key and the encryption firmware to a target memory.
Including but not limited to a processor 40 and a memory 41. It will be appreciated by those skilled in the art that fig. 4 is merely an example of one type of terminal device 4 and is not meant to be limiting as to one type of terminal device 4, and may include more or fewer components than shown, or may combine certain components, or different components, e.g., the one type of terminal device may also include input and output devices, network access devices, buses, etc.
The processor 40 may be a central processing unit (Central Processing Unit, CPU), but may also be other general purpose processors, digital signal processors (Digital Signal Processor, DSPs), application specific integrated circuits (Application Specific Integrated Circuit, ASICs), off-the-shelf programmable gate arrays (Field-Programmable Gate Array, FPGAs) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory 41 may be an internal storage unit of the terminal device 4, for example a hard disk or a memory of the terminal device 4. The memory 41 may also be an external storage device of the terminal device 4, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card) or the like, which are provided on the terminal device 4. Further, the memory 41 may also include both an internal storage unit and an external storage device of the one terminal device 4. The memory 41 is used for storing the computer program and other programs and data required for the one roaming control device. The memory 41 may also be used for temporarily storing data that has been output or is to be output.
It should be understood that the sequence number of each step in the foregoing embodiment does not mean that the execution sequence of each process should be determined by the function and the internal logic, and should not limit the implementation process of the embodiment of the present application.
It should be noted that, because the content of information interaction and execution process between the above devices/units is based on the same concept as the method embodiment of the present application, specific functions and technical effects thereof may be referred to in the method embodiment section, and will not be described herein.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-described division of the functional units and modules is illustrated, and in practical application, the above-described functional distribution may be performed by different functional units and modules according to needs, that is, the internal structure of the apparatus is divided into different functional units or modules, so as to perform all or part of the functions described above. The functional units and modules in the embodiment may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit, where the integrated units may be implemented in a form of hardware or a form of a software functional unit. In addition, the specific names of the functional units and modules are only for distinguishing from each other, and are not used for limiting the protection scope of the present application. The specific working process of the units and modules in the above system may refer to the corresponding process in the foregoing method embodiment, which is not described herein again.
Embodiments of the present application also provide a computer readable storage medium storing a computer program which, when executed by a processor, implements steps for implementing the various method embodiments described above.
Embodiments of the present application provide a computer program product which, when run on a mobile terminal, causes the mobile terminal to perform steps that enable the implementation of the method embodiments described above.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the present application may implement all or part of the flow of the method of the above embodiments, and may be implemented by a computer program to instruct related hardware, where the computer program may be stored in a computer readable storage medium, and when the computer program is executed by a processor, the computer program may implement the steps of each of the method embodiments described above. Wherein the computer program comprises computer program code which may be in source code form, object code form, executable file or some intermediate form etc. The computer readable medium may include at least: any entity or device capable of carrying computer program code to a photographing device/terminal apparatus, recording medium, computer Memory, read-Only Memory (ROM), random access Memory (Random Access Memory, RAM), electrical carrier signals, telecommunications signals, and software distribution media. Such as a U-disk, removable hard disk, magnetic or optical disk, etc. In some jurisdictions, computer readable media may not be electrical carrier signals and telecommunications signals in accordance with legislation and patent practice.
In the foregoing embodiments, the descriptions of the embodiments are emphasized, and in part, not described or illustrated in any particular embodiment, reference is made to the related descriptions of other embodiments.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus/network device and method may be implemented in other manners. For example, the apparatus/network device embodiments described above are merely illustrative, e.g., the division of the modules or units is merely a logical functional division, and there may be additional divisions in actual implementation, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection via interfaces, devices or units, which may be in electrical, mechanical or other forms.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed over a plurality of network units.
It should be understood that the terms "comprises" and/or "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It should also be understood that the term "and/or" as used in the present specification and the appended claims refers to any and all possible combinations of one or more of the associated listed items, and includes such combinations.
As used in the present description and the appended claims, the term "if" may be interpreted as "when..once" or "in response to a determination" or "in response to a detection" depending on the context. Similarly, the phrase "if a determination" or "if a [ described condition or event ] is monitored" may be interpreted in the context of meaning "upon determination" or "in response to determination" or "upon monitoring a [ described condition or event ]" or "in response to monitoring a [ described condition or event ]".
Furthermore, the terms "first," "second," "third," and the like in the description of the present specification and in the appended claims, are used for distinguishing between descriptions and not necessarily for indicating or implying a relative importance.
Reference in the specification to "one embodiment" or "some embodiments" or the like means that a particular feature, structure, or characteristic described in connection with the embodiment is included in one or more embodiments of the application. Thus, appearances of the phrases "in one embodiment," "in some embodiments," "in other embodiments," and the like in the specification are not necessarily all referring to the same embodiment, but mean "one or more but not all embodiments" unless expressly specified otherwise. The terms "comprising," "including," "having," and variations thereof mean "including but not limited to," unless expressly specified otherwise.
The above embodiments are only for illustrating the technical solution of the present application, and not for limiting the same; although the application has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present application, and are intended to be included in the scope of the present application.
Claims (10)
1. A firmware encryption method, characterized in that the firmware encryption method comprises:
generating an asymmetric encryption algorithm key and a symmetric encryption algorithm key;
encrypting the firmware to be encrypted based on the symmetric encryption algorithm private key to obtain encrypted firmware;
extracting an asymmetric encryption algorithm public key from the asymmetric encryption algorithm key;
encrypting the symmetric encryption algorithm key based on the asymmetric encryption algorithm public key to obtain a target key;
and storing the asymmetric encryption algorithm public key to an encryption chip, and storing the target key and the encryption firmware to a target memory.
2. The firmware encryption method as recited in claim 1, wherein the step of storing the asymmetric encryption algorithm public key to an encryption chip and storing the target key and the encrypted firmware to a target memory comprises:
calculating an MD5 check code of the encrypted firmware;
and storing the asymmetric encryption algorithm public key to an encryption chip, and storing the MD5 check code, the target key and the encryption firmware to the target memory.
3. The firmware encryption method of claim 2, further comprising, after the step of storing the asymmetric encryption algorithm public key to an encryption chip and storing the target key and the encrypted firmware to a target memory:
extracting the asymmetric encryption algorithm key from the encryption chip;
decrypting the target key based on the asymmetric encryption algorithm key to obtain the symmetric encryption algorithm key;
decrypting the encrypted firmware based on the symmetric encryption algorithm key to obtain the current firmware;
checking the current firmware based on the MD5 check code;
and if the current firmware passes the verification, determining that the current firmware is the firmware to be encrypted.
4. The firmware encryption method of claim 1, wherein the generating of the asymmetric encryption algorithm key and the symmetric encryption algorithm key comprises:
acquiring a first random number generated by a random number generator;
generating a second random number based on the current time;
performing exclusive OR operation on the first random number and the second random number to obtain a target random number;
performing iterative operation on the target random number through a hash function to obtain a candidate value;
acquiring a first prime number and a second prime number positioned at two sides of the candidate value;
calculating and generating the asymmetric encryption algorithm key based on the first prime number and the second prime number;
a symmetric encryption algorithm key is generated.
5. The firmware encryption method of claim 4, wherein the step of computationally generating the asymmetric encryption algorithm key based on the first prime number and the second prime number comprises:
taking the first prime number and the second prime number as initial seed values;
based on the encryption chaotic function, carrying out iterative updating on the initial seed value to obtain a plurality of chaotic values;
mixing a plurality of chaos values with a preset entropy value to obtain a value set;
and converting the numerical value set into the asymmetric encryption algorithm key based on a preset conversion rule.
6. The firmware encryption method as recited in claim 5, wherein the step of iteratively updating the initial seed value based on the encrypted chaotic function to obtain a plurality of chaotic values comprises:
substituting the initial seed value into the following formula to obtain a plurality of chaos values;
wherein X is n+1 Representing the chaos value, X n And (3) representing the initial seed value, wherein R represents a preset control parameter, a represents an influence factor parameter, and pi represents a circumference ratio.
7. The firmware encryption method of claim 4, wherein the step of generating a symmetric encryption algorithm key comprises:
generating a random number with a preset number of bits;
dividing the random number according to a preset bit length to obtain a plurality of sub-random numbers;
obtaining a plurality of mantissas corresponding to the sub-random numbers respectively;
summing the mantissas to obtain a target value;
replacing a plurality of mantissas corresponding to the sub-random numbers with the target numerical values to obtain a plurality of mixed values;
and splicing the mixed values into the symmetric encryption algorithm keys in sequence.
8. A firmware encryption apparatus, characterized in that the firmware encryption apparatus comprises:
a generation unit configured to generate an asymmetric encryption algorithm key and a symmetric encryption algorithm key;
the first encryption unit is used for encrypting the firmware to be encrypted based on the symmetric encryption algorithm private key to obtain encrypted firmware;
an extracting unit, configured to extract an asymmetric encryption algorithm public key from the asymmetric encryption algorithm key;
the second encryption unit is used for carrying out encryption processing on the symmetric encryption algorithm key based on the asymmetric encryption algorithm public key to obtain a target key;
and the storage unit is used for storing the asymmetric encryption algorithm public key to an encryption chip and storing the target key and the encryption firmware to a target memory.
9. A terminal device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor implements the steps of the method according to any of claims 1 to 7 when the computer program is executed.
10. A computer readable storage medium storing a computer program, characterized in that the computer program when executed by a processor implements the steps of the method according to any one of claims 1 to 7.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202311098491.3A CN116992474A (en) | 2023-08-29 | 2023-08-29 | Firmware encryption method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202311098491.3A CN116992474A (en) | 2023-08-29 | 2023-08-29 | Firmware encryption method and device |
Publications (1)
Publication Number | Publication Date |
---|---|
CN116992474A true CN116992474A (en) | 2023-11-03 |
Family
ID=88526749
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202311098491.3A Pending CN116992474A (en) | 2023-08-29 | 2023-08-29 | Firmware encryption method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN116992474A (en) |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR970060761A (en) * | 1996-01-18 | 1997-08-12 | 구자홍 | A deterministic chaotic random number generation system, and a data encryption method and apparatus using the same |
EP1467514A1 (en) * | 2003-04-07 | 2004-10-13 | STMicroelectronics S.r.l. | Encryption process employing modified chaotic maps and relative digital signature process |
CN101470789A (en) * | 2007-12-28 | 2009-07-01 | 中国长城计算机深圳股份有限公司 | Encryption and decryption method and device of computer |
US20100034377A1 (en) * | 2008-08-08 | 2010-02-11 | Universiti Putra Malaysia | Chaotic asymmetric encryption process for data security |
CN108491215A (en) * | 2018-02-11 | 2018-09-04 | 苏州光之翼智能科技有限公司 | A kind of unmanned plane firmware protection system |
US20180351749A1 (en) * | 2017-06-01 | 2018-12-06 | Silicon Motion, Inc. | Data Storage Devices and Methods for Encrypting and Decrypting a Firmware File Thereof |
CN109583189A (en) * | 2018-12-13 | 2019-04-05 | 深圳忆联信息系统有限公司 | Firmware method for secure loading, device, computer equipment and storage medium |
CN112165490A (en) * | 2020-09-29 | 2021-01-01 | 鹏元征信有限公司 | Encryption method, decryption method, storage medium and terminal equipment |
WO2022142038A1 (en) * | 2020-12-29 | 2022-07-07 | 平安普惠企业管理有限公司 | Data transmission method and related device |
CN115277225A (en) * | 2022-07-29 | 2022-11-01 | 京东方科技集团股份有限公司 | Data encryption method, data decryption method and related equipment |
-
2023
- 2023-08-29 CN CN202311098491.3A patent/CN116992474A/en active Pending
Patent Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR970060761A (en) * | 1996-01-18 | 1997-08-12 | 구자홍 | A deterministic chaotic random number generation system, and a data encryption method and apparatus using the same |
EP1467514A1 (en) * | 2003-04-07 | 2004-10-13 | STMicroelectronics S.r.l. | Encryption process employing modified chaotic maps and relative digital signature process |
CN101470789A (en) * | 2007-12-28 | 2009-07-01 | 中国长城计算机深圳股份有限公司 | Encryption and decryption method and device of computer |
US20100034377A1 (en) * | 2008-08-08 | 2010-02-11 | Universiti Putra Malaysia | Chaotic asymmetric encryption process for data security |
US20180351749A1 (en) * | 2017-06-01 | 2018-12-06 | Silicon Motion, Inc. | Data Storage Devices and Methods for Encrypting and Decrypting a Firmware File Thereof |
CN108491215A (en) * | 2018-02-11 | 2018-09-04 | 苏州光之翼智能科技有限公司 | A kind of unmanned plane firmware protection system |
CN109583189A (en) * | 2018-12-13 | 2019-04-05 | 深圳忆联信息系统有限公司 | Firmware method for secure loading, device, computer equipment and storage medium |
CN112165490A (en) * | 2020-09-29 | 2021-01-01 | 鹏元征信有限公司 | Encryption method, decryption method, storage medium and terminal equipment |
WO2022142038A1 (en) * | 2020-12-29 | 2022-07-07 | 平安普惠企业管理有限公司 | Data transmission method and related device |
CN115277225A (en) * | 2022-07-29 | 2022-11-01 | 京东方科技集团股份有限公司 | Data encryption method, data decryption method and related equipment |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110378139B (en) | Data key protection method, system, electronic equipment and storage medium | |
CN108809646B (en) | Secure shared key sharing system | |
FI125736B (en) | Software controlled radio, and procedure to renew a software, and software controlled radio system | |
CN110457945B (en) | List query method, query party device, service party device and storage medium | |
CN109274644B (en) | Data processing method, terminal and watermark server | |
US11023621B2 (en) | System and method for authenticating and IP licensing of hardware modules | |
CN209803788U (en) | PCIE credible password card | |
US20230325516A1 (en) | Method for file encryption, terminal, electronic device and computer-readable storage medium | |
CN111404892B (en) | Data supervision method and device and server | |
CN112346759A (en) | Firmware upgrading method and device and computer readable storage medium | |
CN117640256B (en) | Data encryption method, recommendation device and storage medium of wireless network card | |
CN106100823B (en) | Password protection device | |
US11128455B2 (en) | Data encryption method and system using device authentication key | |
CN102270285B (en) | Key authorization information management method and device | |
CN109299944B (en) | Data encryption method, system and terminal in transaction process | |
CN113542187A (en) | File uploading and downloading method and device, computer device and medium | |
US20220345292A1 (en) | Method and device for encryption of video stream, communication equipment, and storage medium | |
CN108242997B (en) | Method and apparatus for secure communication | |
CN116992474A (en) | Firmware encryption method and device | |
CN115941304A (en) | Data encryption method and device, terminal equipment and computer readable storage medium | |
CN109255225A (en) | Hard disc data security control apparatus based on dual-identity authentication | |
CN114297673A (en) | Password verification method, solid state disk and upper computer | |
CN114091072A (en) | Data processing method and device | |
CN114331648A (en) | Bid file processing method, device, equipment and storage medium | |
CN118200049B (en) | Encryption method, encryption device, equipment and medium for financial data |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |