CN116992474A - Firmware encryption method and device - Google Patents

Firmware encryption method and device Download PDF

Info

Publication number
CN116992474A
CN116992474A CN202311098491.3A CN202311098491A CN116992474A CN 116992474 A CN116992474 A CN 116992474A CN 202311098491 A CN202311098491 A CN 202311098491A CN 116992474 A CN116992474 A CN 116992474A
Authority
CN
China
Prior art keywords
key
encryption algorithm
firmware
encryption
target
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311098491.3A
Other languages
Chinese (zh)
Inventor
何莹
周宇
吴永飞
曾钺
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
M & C Shenzhen Telecom Co ltd
Original Assignee
M & C Shenzhen Telecom Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by M & C Shenzhen Telecom Co ltd filed Critical M & C Shenzhen Telecom Co ltd
Priority to CN202311098491.3A priority Critical patent/CN116992474A/en
Publication of CN116992474A publication Critical patent/CN116992474A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0602Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
    • G06F3/062Securing storage systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/001Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using chaotic signals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Power Engineering (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Human Computer Interaction (AREA)
  • Storage Device Security (AREA)

Abstract

The application is applicable to the technical field of processing of record carriers, and provides a firmware encryption method, a device and terminal equipment, wherein the method comprises the following steps: generating an asymmetric encryption algorithm key and a symmetric encryption algorithm key; encrypting the firmware to be encrypted based on the symmetric encryption algorithm private key to obtain encrypted firmware; extracting an asymmetric encryption algorithm public key from the asymmetric encryption algorithm key; encrypting the symmetric encryption algorithm key based on the asymmetric encryption algorithm public key to obtain a target key; and storing the target key and the encrypted firmware to a target memory. According to the scheme, the asymmetric encryption algorithm key is used for carrying out secondary encryption on the symmetric encryption algorithm key, the matched asymmetric encryption algorithm private key is not required to be exposed and is directly stored in an external encryption chip, and the symmetric encryption algorithm key is used for decrypting in the starting process of the embedded system. Therefore, the encryption and decryption security and efficiency can be simultaneously considered.

Description

Firmware encryption method and device
Technical Field
The application belongs to the technical field of processing of record carriers, and particularly relates to a firmware encryption method and device.
Background
For the volatile type FPGA based on SRAM, when the system is powered on, FPGA firmware needs to be loaded from an external nonvolatile memory (such as FLASH) to normally operate. However, since the FPGA firmware is stored in the nonvolatile memory, the acquisition of data from the nonvolatile memory (e.g., reading FLASH data using a burner) cannot be completely prevented, which may present a risk of exposing the FPGA firmware data. For commercial products, this means that the product is easily duplicated and intellectual property and commercial value cannot be protected.
At present, AES encryption and decryption or RSA encryption and decryption are integrated in the existing FPGA chip. Because the encryption and decryption efficiency of the RSA asymmetric encryption algorithm is low, and the data length is limited, for example: 1024-bit keys can only encrypt 128B-length data (including 11B padding) at most at a time, if the FPGA firmware is to be encrypted and decrypted, the FPGA firmware is generally MB-level in size, so that the FPGA firmware needs to be subjected to block processing, and then the processed data blocks are spliced together, so that the efficiency is relatively low, but if an AES algorithm is adopted, the efficiency is high, the size of the firmware data does not need to be considered, and the block processing is not needed. However, the AES algorithm has a disadvantage that the security is not as high as RSA, because it is a symmetric encryption algorithm, encryption and decryption keys must be consistent, so that the encryption and decryption keys must be mutually communicated, and there is a risk of leakage. Therefore, how to solve the problem between AES encryption and decryption and RSA encryption and decryption becomes a technical problem to be solved.
Disclosure of Invention
In view of this, the embodiments of the present application provide a firmware encryption method, apparatus, terminal device, and computer readable storage medium, so as to solve the technical problem between AES encryption and RSA encryption and decryption.
A first aspect of an embodiment of the present application provides a firmware encryption method, including:
generating an asymmetric encryption algorithm key and a symmetric encryption algorithm key;
encrypting the firmware to be encrypted based on the symmetric encryption algorithm private key to obtain encrypted firmware;
extracting an asymmetric encryption algorithm public key from the asymmetric encryption algorithm key;
encrypting the symmetric encryption algorithm key based on the asymmetric encryption algorithm public key to obtain a target key;
and storing the asymmetric encryption algorithm public key to an encryption chip, and storing the target key and the encryption firmware to a target memory.
Further, the step of storing the asymmetric encryption algorithm public key to an encryption chip and storing the target key and the encryption firmware to a target memory includes:
calculating an MD5 check code of the encrypted firmware;
and storing the asymmetric encryption algorithm public key to an encryption chip, and storing the MD5 check code, the target key and the encryption firmware to the target memory.
Further, after the step of storing the asymmetric encryption algorithm public key to an encryption chip and storing the target key and the encryption firmware to a target memory, the method further includes:
extracting the asymmetric encryption algorithm key from the encryption chip;
decrypting the target key based on the asymmetric encryption algorithm key to obtain the symmetric encryption algorithm key;
decrypting the encrypted firmware based on the symmetric encryption algorithm key to obtain the current firmware;
checking the current firmware based on the MD5 check code;
and if the current firmware passes the verification, determining that the current firmware is the firmware to be encrypted.
Further, the step of generating the asymmetric encryption algorithm key and the symmetric encryption algorithm key includes:
acquiring a first random number generated by a random number generator;
generating a second random number based on the current time;
performing exclusive OR operation on the first random number and the second random number to obtain a target random number;
performing iterative operation on the target random number through a hash function to obtain a candidate value;
acquiring a first prime number and a second prime number positioned at two sides of the candidate value;
calculating and generating the asymmetric encryption algorithm key based on the first prime number and the second prime number;
a symmetric encryption algorithm key is generated.
Further, the step of generating the asymmetric encryption algorithm key based on the first prime number and the second prime number includes:
taking the first prime number and the second prime number as initial seed values;
based on the encryption chaotic function, carrying out iterative updating on the initial seed value to obtain a plurality of chaotic values;
mixing a plurality of chaos values with a preset entropy value to obtain a value set;
and converting the numerical value set into the asymmetric encryption algorithm key based on a preset conversion rule.
Further, the step of iteratively updating the initial seed value based on the encrypted chaotic function to obtain a plurality of chaotic values includes:
substituting the initial seed value into the following formula to obtain a plurality of chaos values;
wherein X is n+1 Representing the chaos value, X n And (3) representing the initial seed value, wherein R represents a preset control parameter, a represents an influence factor parameter, and pi represents a circumference ratio.
Further, the step of generating the symmetric encryption algorithm key includes:
generating a random number with a preset number of bits;
dividing the random number according to a preset bit length to obtain a plurality of sub-random numbers;
obtaining a plurality of mantissas corresponding to the sub-random numbers respectively;
summing the mantissas to obtain a target value;
replacing a plurality of mantissas corresponding to the sub-random numbers with the target numerical values to obtain a plurality of mixed values;
and splicing the mixed values into the symmetric encryption algorithm keys in sequence.
A second aspect of an embodiment of the present application provides a firmware encryption apparatus, including:
a generation unit configured to generate an asymmetric encryption algorithm key and a symmetric encryption algorithm key;
the first encryption unit is used for encrypting the firmware to be encrypted based on the symmetric encryption algorithm private key to obtain encrypted firmware;
an extracting unit, configured to extract an asymmetric encryption algorithm public key from the asymmetric encryption algorithm key;
the second encryption unit is used for carrying out encryption processing on the symmetric encryption algorithm key based on the asymmetric encryption algorithm public key to obtain a target key;
and the storage unit is used for storing the asymmetric encryption algorithm public key to an encryption chip and storing the target key and the encryption firmware to a target memory.
A third aspect of an embodiment of the present application provides a terminal device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, the processor implementing the steps of the method of the first aspect when executing the computer program.
A fourth aspect of the embodiments of the present application provides a computer-readable storage medium storing a computer program which, when executed by a processor, implements the steps of the method of the first aspect.
Compared with the prior art, the embodiment of the application has the beneficial effects that: the application generates an asymmetric encryption algorithm key and a symmetric encryption algorithm key; encrypting the firmware to be encrypted based on the symmetric encryption algorithm private key to obtain encrypted firmware; extracting an asymmetric encryption algorithm public key from the asymmetric encryption algorithm key; encrypting the symmetric encryption algorithm key based on the asymmetric encryption algorithm public key to obtain a target key; and storing the asymmetric encryption algorithm public key to an encryption chip, and storing the target key and the encryption firmware to a target memory. According to the scheme, the asymmetric encryption algorithm key is used for carrying out secondary encryption on the symmetric encryption algorithm key, the matched asymmetric encryption algorithm private key is not required to be exposed and is directly stored in an external encryption chip, and the symmetric encryption algorithm key is used for decrypting in the starting process of the embedded system. Therefore, the encryption and decryption security and efficiency can be simultaneously considered.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments or the related technical descriptions will be briefly described, and it is apparent that the drawings in the following description are only some embodiments of the present application, and other drawings may be obtained according to the drawings without inventive effort for those skilled in the art.
FIG. 1 is a schematic diagram of a firmware-encrypted device architecture according to the present application;
FIG. 2 is a schematic diagram of an encryption process provided by the present application;
FIG. 3 is a schematic diagram of a firmware encryption apparatus according to an embodiment of the present application;
fig. 4 shows a schematic diagram of a terminal device according to an embodiment of the present application.
Description of the embodiments
In the following description, for purposes of explanation and not limitation, specific details are set forth such as the particular system architecture, techniques, etc., in order to provide a thorough understanding of the embodiments of the present application. It will be apparent, however, to one skilled in the art that the present application may be practiced in other embodiments that depart from these specific details. In other instances, detailed descriptions of well-known systems, devices, circuits, and methods are omitted so as not to obscure the description of the present application with unnecessary detail.
The embodiment of the application provides a firmware encryption method, a firmware encryption device, terminal equipment and a computer readable storage medium, which are used for solving the technical problem between AES encryption and decryption and RSA encryption and decryption.
First, the application provides a firmware encryption method. The execution main body of the firmware encryption method is a terminal device. Referring to fig. 1, fig. 1 is a schematic flowchart of a firmware encryption method provided by the present application. As shown in fig. 1, the firmware encryption method may include the steps of:
step 101: generating an asymmetric encryption algorithm key and a symmetric encryption algorithm key;
the asymmetric encryption algorithm key and the symmetric encryption algorithm key may be generated using opensl. Wherein OpenSSL is an open-source software library that provides encryption functions and tools. It is widely used in various applications for secure communication, data encryption and authentication. It provides a comprehensive set of encryption algorithms and utilities for implementing secure connections, generating digital certificates, and performing encryption operations.
Wherein the asymmetric encryption algorithm key comprises an RSA private key and the symmetric encryption algorithm key comprises an AES key.
Specifically, step 101 specifically includes steps 1011 to 1017:
step 1011: acquiring a first random number generated by a random number generator;
step 1012: generating a second random number based on the current time;
step 1013: performing exclusive OR operation on the first random number and the second random number to obtain a target random number;
step 1014: performing iterative operation on the target random number through a hash function to obtain a candidate value;
step 1015: acquiring a first prime number and a second prime number positioned at two sides of the candidate value;
step 1016: calculating and generating the asymmetric encryption algorithm key based on the first prime number and the second prime number;
specifically, step 1016 specifically includes steps A1 through A4:
step A1: taking the first prime number and the second prime number as initial seed values;
step A2: based on the encryption chaotic function, carrying out iterative updating on the initial seed value to obtain a plurality of chaotic values;
specifically, step A2 is implemented by:
substituting the initial seed value into the following formula to obtain a plurality of chaos values;
wherein X is n+1 Representing the chaos value, X n And (3) representing the initial seed value, wherein R represents a preset control parameter, a represents an influence factor parameter, and pi represents a circumference ratio.
The application comprehensively considers the influence of various factors, and can increase the complexity of the key due to the initial seed value, the preset control parameter, the influence factor parameter and the circumference ratio. Therefore, the application calculates a plurality of chaos values based on the initial seed value, the preset control parameter, the influence factor parameter and the circumference ratio to calculate the final asymmetric encryption key. The above formula is based on a large amount of experimental data and verification, but is not limited to the above mathematical expression.
Step A3: mixing a plurality of chaos values with a preset entropy value to obtain a value set;
in order to further increase the complexity of the key, the application mixes a plurality of chaos values with a preset entropy value to obtain a value set.
Step A4: and converting the numerical value set into the asymmetric encryption algorithm key based on a preset conversion rule.
The preset conversion rule means that the value sets are spliced to obtain two intermediate values according to the value sizes. Multiplying the two values to obtain the target value. The first intermediate value and the target value are used as public keys, and the second intermediate value and the target value are used as private keys. The asymmetric encryption algorithm key comprises an asymmetric encryption algorithm public key and an asymmetric encryption algorithm private key.
Step 1017: a symmetric encryption algorithm key is generated.
In this embodiment, a first random number generated by a random number generator and a current time are used to generate a second random number, a target random number is obtained according to the first random number and the second random number, and a candidate value is obtained by performing iterative operation on the target random number through a hash function. Then, adjacent prime numbers on both sides of the candidate value are selected as two prime numbers required for generating the asymmetric encryption algorithm key. Finally, the two prime numbers are used to calculate the private key of the asymmetric encryption algorithm and generate the secret key of the symmetric encryption algorithm. To ensure the security and validity of the generated private key and secret key.
Step 102: encrypting the firmware to be encrypted based on the symmetric encryption algorithm private key to obtain encrypted firmware;
step 103: extracting an asymmetric encryption algorithm public key from the asymmetric encryption algorithm key;
step 104: encrypting the symmetric encryption algorithm key based on the asymmetric encryption algorithm public key to obtain a target key;
step 105: and storing the asymmetric encryption algorithm public key to an encryption chip, and storing the target key and the encryption firmware to a target memory.
Specifically, step 105 specifically includes calculating an MD5 check code of the encrypted firmware; and storing the asymmetric encryption algorithm public key to an encryption chip, and storing the MD5 check code, the target key and the encryption firmware to the target memory.
In order to facilitate the subsequent verification of the decrypted file, the method calculates the MD5 verification code of the encrypted firmware, and stores the MD5 verification code, the target key and the encrypted firmware into the target memory, so that the decrypted file is subsequently verified, and the decryption accuracy is improved.
Optionally, step 105 further includes steps 106 to 110:
step 106: extracting the asymmetric encryption algorithm key from the encryption chip;
step 107: decrypting the target key based on the asymmetric encryption algorithm key to obtain the symmetric encryption algorithm key;
step 108: decrypting the encrypted firmware based on the symmetric encryption algorithm key to obtain the current firmware;
step 109: checking the current firmware based on the MD5 check code;
step 110: and if the current firmware passes the verification, determining that the current firmware is the firmware to be encrypted.
The steps 106 to 110 are the opposite processes of the steps 101 to 105, and are not described herein.
For further understanding of the technical solution of the present application, the detailed description is provided herein with reference to the accompanying drawings, as shown in fig. 2, and fig. 2 shows a schematic diagram of the encryption flow provided by the present application. Assuming that the asymmetric encryption algorithm key is an RSA key and the symmetric encryption algorithm key is an AES key, as shown in fig. 2, the openssl server randomly generates the RSA key and the AES key. And storing the public key in the RSA key to an encryption chip, and encrypting the RSA key through the private key in the RSA key. And encrypting the firmware through the encrypted RSA key, generating an MD5 of the encrypted firmware, and finally storing the MD5, the encrypted firmware and the RSA public key into a system to complete the encryption process.
In this embodiment, by generating an asymmetric encryption algorithm key and a symmetric encryption algorithm key; encrypting the firmware to be encrypted based on the symmetric encryption algorithm private key to obtain encrypted firmware; extracting an asymmetric encryption algorithm public key from the asymmetric encryption algorithm key; encrypting the symmetric encryption algorithm key based on the asymmetric encryption algorithm public key to obtain a target key; and storing the asymmetric encryption algorithm public key to an encryption chip, and storing the target key and the encryption firmware to a target memory. According to the scheme, the asymmetric encryption algorithm key is used for carrying out secondary encryption on the symmetric encryption algorithm key, the matched asymmetric encryption algorithm private key is not required to be exposed and is directly stored in an external encryption chip, and the symmetric encryption algorithm key is used for decrypting in the starting process of the embedded system. Therefore, the encryption and decryption security and efficiency can be simultaneously considered.
Referring to fig. 3, fig. 3 is a schematic diagram of a firmware encryption apparatus provided by the present application, and fig. 3 is a schematic diagram of the firmware encryption apparatus provided by the present application, where the firmware encryption apparatus shown in fig. 3 includes:
a generation unit 31 for generating an asymmetric encryption algorithm key and a symmetric encryption algorithm key;
a first encryption unit 32, configured to encrypt the firmware to be encrypted based on the symmetric encryption algorithm private key, to obtain encrypted firmware;
an extracting unit 33 for extracting an asymmetric encryption algorithm public key from the asymmetric encryption algorithm keys;
a second encryption unit 34, configured to encrypt the symmetric encryption algorithm key based on the asymmetric encryption algorithm public key to obtain a target key;
and a storage unit 35, configured to store the asymmetric encryption algorithm public key to an encryption chip, and store the target key and the encryption firmware to a target memory.
The application provides a firmware encryption device, which generates an asymmetric encryption algorithm key and a symmetric encryption algorithm key; encrypting the firmware to be encrypted based on the symmetric encryption algorithm private key to obtain encrypted firmware; extracting an asymmetric encryption algorithm public key from the asymmetric encryption algorithm key; encrypting the symmetric encryption algorithm key based on the asymmetric encryption algorithm public key to obtain a target key; and storing the asymmetric encryption algorithm public key to an encryption chip, and storing the target key and the encryption firmware to a target memory. According to the scheme, the asymmetric encryption algorithm key is used for carrying out secondary encryption on the symmetric encryption algorithm key, the matched asymmetric encryption algorithm private key is not required to be exposed and is directly stored in an external encryption chip, and the symmetric encryption algorithm key is used for decrypting in the starting process of the embedded system. Therefore, the encryption and decryption security and efficiency can be simultaneously considered.
Fig. 4 is a schematic diagram of a terminal device according to an embodiment of the present application. As shown in fig. 4, a terminal device 4 of this embodiment includes: a processor 40, a memory 41 and a computer program 42, e.g. a firmware encrypted program, stored in said memory 41 and executable on said processor 40. The steps of each of the firmware encryption method embodiments described above, such as steps 101 through 105 shown in fig. 1, are implemented when the processor 40 executes the computer program 42. Alternatively, the processor 40, when executing the computer program 42, performs the functions of the units in the above-described device embodiments, such as the functions of the units 31 to 35 shown in fig. 3.
Illustratively, the computer program 42 may be partitioned into one or more units that are stored in the memory 41 and executed by the processor 40 to complete the present application. The one or more units may be a series of computer program instruction segments capable of performing a specific function describing the execution of the computer program 42 in the one terminal device 4. For example, the specific functions of the computer program 42 that may be partitioned into units are as follows:
a generation unit configured to generate an asymmetric encryption algorithm key and a symmetric encryption algorithm key;
the first encryption unit is used for encrypting the firmware to be encrypted based on the symmetric encryption algorithm private key to obtain encrypted firmware;
an extracting unit, configured to extract an asymmetric encryption algorithm public key from the asymmetric encryption algorithm key;
the second encryption unit is used for carrying out encryption processing on the symmetric encryption algorithm key based on the asymmetric encryption algorithm public key to obtain a target key;
and the storage unit is used for storing the asymmetric encryption algorithm public key to an encryption chip and storing the target key and the encryption firmware to a target memory.
Including but not limited to a processor 40 and a memory 41. It will be appreciated by those skilled in the art that fig. 4 is merely an example of one type of terminal device 4 and is not meant to be limiting as to one type of terminal device 4, and may include more or fewer components than shown, or may combine certain components, or different components, e.g., the one type of terminal device may also include input and output devices, network access devices, buses, etc.
The processor 40 may be a central processing unit (Central Processing Unit, CPU), but may also be other general purpose processors, digital signal processors (Digital Signal Processor, DSPs), application specific integrated circuits (Application Specific Integrated Circuit, ASICs), off-the-shelf programmable gate arrays (Field-Programmable Gate Array, FPGAs) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory 41 may be an internal storage unit of the terminal device 4, for example a hard disk or a memory of the terminal device 4. The memory 41 may also be an external storage device of the terminal device 4, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card) or the like, which are provided on the terminal device 4. Further, the memory 41 may also include both an internal storage unit and an external storage device of the one terminal device 4. The memory 41 is used for storing the computer program and other programs and data required for the one roaming control device. The memory 41 may also be used for temporarily storing data that has been output or is to be output.
It should be understood that the sequence number of each step in the foregoing embodiment does not mean that the execution sequence of each process should be determined by the function and the internal logic, and should not limit the implementation process of the embodiment of the present application.
It should be noted that, because the content of information interaction and execution process between the above devices/units is based on the same concept as the method embodiment of the present application, specific functions and technical effects thereof may be referred to in the method embodiment section, and will not be described herein.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-described division of the functional units and modules is illustrated, and in practical application, the above-described functional distribution may be performed by different functional units and modules according to needs, that is, the internal structure of the apparatus is divided into different functional units or modules, so as to perform all or part of the functions described above. The functional units and modules in the embodiment may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit, where the integrated units may be implemented in a form of hardware or a form of a software functional unit. In addition, the specific names of the functional units and modules are only for distinguishing from each other, and are not used for limiting the protection scope of the present application. The specific working process of the units and modules in the above system may refer to the corresponding process in the foregoing method embodiment, which is not described herein again.
Embodiments of the present application also provide a computer readable storage medium storing a computer program which, when executed by a processor, implements steps for implementing the various method embodiments described above.
Embodiments of the present application provide a computer program product which, when run on a mobile terminal, causes the mobile terminal to perform steps that enable the implementation of the method embodiments described above.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the present application may implement all or part of the flow of the method of the above embodiments, and may be implemented by a computer program to instruct related hardware, where the computer program may be stored in a computer readable storage medium, and when the computer program is executed by a processor, the computer program may implement the steps of each of the method embodiments described above. Wherein the computer program comprises computer program code which may be in source code form, object code form, executable file or some intermediate form etc. The computer readable medium may include at least: any entity or device capable of carrying computer program code to a photographing device/terminal apparatus, recording medium, computer Memory, read-Only Memory (ROM), random access Memory (Random Access Memory, RAM), electrical carrier signals, telecommunications signals, and software distribution media. Such as a U-disk, removable hard disk, magnetic or optical disk, etc. In some jurisdictions, computer readable media may not be electrical carrier signals and telecommunications signals in accordance with legislation and patent practice.
In the foregoing embodiments, the descriptions of the embodiments are emphasized, and in part, not described or illustrated in any particular embodiment, reference is made to the related descriptions of other embodiments.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus/network device and method may be implemented in other manners. For example, the apparatus/network device embodiments described above are merely illustrative, e.g., the division of the modules or units is merely a logical functional division, and there may be additional divisions in actual implementation, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection via interfaces, devices or units, which may be in electrical, mechanical or other forms.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed over a plurality of network units.
It should be understood that the terms "comprises" and/or "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It should also be understood that the term "and/or" as used in the present specification and the appended claims refers to any and all possible combinations of one or more of the associated listed items, and includes such combinations.
As used in the present description and the appended claims, the term "if" may be interpreted as "when..once" or "in response to a determination" or "in response to a detection" depending on the context. Similarly, the phrase "if a determination" or "if a [ described condition or event ] is monitored" may be interpreted in the context of meaning "upon determination" or "in response to determination" or "upon monitoring a [ described condition or event ]" or "in response to monitoring a [ described condition or event ]".
Furthermore, the terms "first," "second," "third," and the like in the description of the present specification and in the appended claims, are used for distinguishing between descriptions and not necessarily for indicating or implying a relative importance.
Reference in the specification to "one embodiment" or "some embodiments" or the like means that a particular feature, structure, or characteristic described in connection with the embodiment is included in one or more embodiments of the application. Thus, appearances of the phrases "in one embodiment," "in some embodiments," "in other embodiments," and the like in the specification are not necessarily all referring to the same embodiment, but mean "one or more but not all embodiments" unless expressly specified otherwise. The terms "comprising," "including," "having," and variations thereof mean "including but not limited to," unless expressly specified otherwise.
The above embodiments are only for illustrating the technical solution of the present application, and not for limiting the same; although the application has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present application, and are intended to be included in the scope of the present application.

Claims (10)

1. A firmware encryption method, characterized in that the firmware encryption method comprises:
generating an asymmetric encryption algorithm key and a symmetric encryption algorithm key;
encrypting the firmware to be encrypted based on the symmetric encryption algorithm private key to obtain encrypted firmware;
extracting an asymmetric encryption algorithm public key from the asymmetric encryption algorithm key;
encrypting the symmetric encryption algorithm key based on the asymmetric encryption algorithm public key to obtain a target key;
and storing the asymmetric encryption algorithm public key to an encryption chip, and storing the target key and the encryption firmware to a target memory.
2. The firmware encryption method as recited in claim 1, wherein the step of storing the asymmetric encryption algorithm public key to an encryption chip and storing the target key and the encrypted firmware to a target memory comprises:
calculating an MD5 check code of the encrypted firmware;
and storing the asymmetric encryption algorithm public key to an encryption chip, and storing the MD5 check code, the target key and the encryption firmware to the target memory.
3. The firmware encryption method of claim 2, further comprising, after the step of storing the asymmetric encryption algorithm public key to an encryption chip and storing the target key and the encrypted firmware to a target memory:
extracting the asymmetric encryption algorithm key from the encryption chip;
decrypting the target key based on the asymmetric encryption algorithm key to obtain the symmetric encryption algorithm key;
decrypting the encrypted firmware based on the symmetric encryption algorithm key to obtain the current firmware;
checking the current firmware based on the MD5 check code;
and if the current firmware passes the verification, determining that the current firmware is the firmware to be encrypted.
4. The firmware encryption method of claim 1, wherein the generating of the asymmetric encryption algorithm key and the symmetric encryption algorithm key comprises:
acquiring a first random number generated by a random number generator;
generating a second random number based on the current time;
performing exclusive OR operation on the first random number and the second random number to obtain a target random number;
performing iterative operation on the target random number through a hash function to obtain a candidate value;
acquiring a first prime number and a second prime number positioned at two sides of the candidate value;
calculating and generating the asymmetric encryption algorithm key based on the first prime number and the second prime number;
a symmetric encryption algorithm key is generated.
5. The firmware encryption method of claim 4, wherein the step of computationally generating the asymmetric encryption algorithm key based on the first prime number and the second prime number comprises:
taking the first prime number and the second prime number as initial seed values;
based on the encryption chaotic function, carrying out iterative updating on the initial seed value to obtain a plurality of chaotic values;
mixing a plurality of chaos values with a preset entropy value to obtain a value set;
and converting the numerical value set into the asymmetric encryption algorithm key based on a preset conversion rule.
6. The firmware encryption method as recited in claim 5, wherein the step of iteratively updating the initial seed value based on the encrypted chaotic function to obtain a plurality of chaotic values comprises:
substituting the initial seed value into the following formula to obtain a plurality of chaos values;
wherein X is n+1 Representing the chaos value, X n And (3) representing the initial seed value, wherein R represents a preset control parameter, a represents an influence factor parameter, and pi represents a circumference ratio.
7. The firmware encryption method of claim 4, wherein the step of generating a symmetric encryption algorithm key comprises:
generating a random number with a preset number of bits;
dividing the random number according to a preset bit length to obtain a plurality of sub-random numbers;
obtaining a plurality of mantissas corresponding to the sub-random numbers respectively;
summing the mantissas to obtain a target value;
replacing a plurality of mantissas corresponding to the sub-random numbers with the target numerical values to obtain a plurality of mixed values;
and splicing the mixed values into the symmetric encryption algorithm keys in sequence.
8. A firmware encryption apparatus, characterized in that the firmware encryption apparatus comprises:
a generation unit configured to generate an asymmetric encryption algorithm key and a symmetric encryption algorithm key;
the first encryption unit is used for encrypting the firmware to be encrypted based on the symmetric encryption algorithm private key to obtain encrypted firmware;
an extracting unit, configured to extract an asymmetric encryption algorithm public key from the asymmetric encryption algorithm key;
the second encryption unit is used for carrying out encryption processing on the symmetric encryption algorithm key based on the asymmetric encryption algorithm public key to obtain a target key;
and the storage unit is used for storing the asymmetric encryption algorithm public key to an encryption chip and storing the target key and the encryption firmware to a target memory.
9. A terminal device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor implements the steps of the method according to any of claims 1 to 7 when the computer program is executed.
10. A computer readable storage medium storing a computer program, characterized in that the computer program when executed by a processor implements the steps of the method according to any one of claims 1 to 7.
CN202311098491.3A 2023-08-29 2023-08-29 Firmware encryption method and device Pending CN116992474A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311098491.3A CN116992474A (en) 2023-08-29 2023-08-29 Firmware encryption method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311098491.3A CN116992474A (en) 2023-08-29 2023-08-29 Firmware encryption method and device

Publications (1)

Publication Number Publication Date
CN116992474A true CN116992474A (en) 2023-11-03

Family

ID=88526749

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311098491.3A Pending CN116992474A (en) 2023-08-29 2023-08-29 Firmware encryption method and device

Country Status (1)

Country Link
CN (1) CN116992474A (en)

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR970060761A (en) * 1996-01-18 1997-08-12 구자홍 A deterministic chaotic random number generation system, and a data encryption method and apparatus using the same
EP1467514A1 (en) * 2003-04-07 2004-10-13 STMicroelectronics S.r.l. Encryption process employing modified chaotic maps and relative digital signature process
CN101470789A (en) * 2007-12-28 2009-07-01 中国长城计算机深圳股份有限公司 Encryption and decryption method and device of computer
US20100034377A1 (en) * 2008-08-08 2010-02-11 Universiti Putra Malaysia Chaotic asymmetric encryption process for data security
CN108491215A (en) * 2018-02-11 2018-09-04 苏州光之翼智能科技有限公司 A kind of unmanned plane firmware protection system
US20180351749A1 (en) * 2017-06-01 2018-12-06 Silicon Motion, Inc. Data Storage Devices and Methods for Encrypting and Decrypting a Firmware File Thereof
CN109583189A (en) * 2018-12-13 2019-04-05 深圳忆联信息系统有限公司 Firmware method for secure loading, device, computer equipment and storage medium
CN112165490A (en) * 2020-09-29 2021-01-01 鹏元征信有限公司 Encryption method, decryption method, storage medium and terminal equipment
WO2022142038A1 (en) * 2020-12-29 2022-07-07 平安普惠企业管理有限公司 Data transmission method and related device
CN115277225A (en) * 2022-07-29 2022-11-01 京东方科技集团股份有限公司 Data encryption method, data decryption method and related equipment

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR970060761A (en) * 1996-01-18 1997-08-12 구자홍 A deterministic chaotic random number generation system, and a data encryption method and apparatus using the same
EP1467514A1 (en) * 2003-04-07 2004-10-13 STMicroelectronics S.r.l. Encryption process employing modified chaotic maps and relative digital signature process
CN101470789A (en) * 2007-12-28 2009-07-01 中国长城计算机深圳股份有限公司 Encryption and decryption method and device of computer
US20100034377A1 (en) * 2008-08-08 2010-02-11 Universiti Putra Malaysia Chaotic asymmetric encryption process for data security
US20180351749A1 (en) * 2017-06-01 2018-12-06 Silicon Motion, Inc. Data Storage Devices and Methods for Encrypting and Decrypting a Firmware File Thereof
CN108491215A (en) * 2018-02-11 2018-09-04 苏州光之翼智能科技有限公司 A kind of unmanned plane firmware protection system
CN109583189A (en) * 2018-12-13 2019-04-05 深圳忆联信息系统有限公司 Firmware method for secure loading, device, computer equipment and storage medium
CN112165490A (en) * 2020-09-29 2021-01-01 鹏元征信有限公司 Encryption method, decryption method, storage medium and terminal equipment
WO2022142038A1 (en) * 2020-12-29 2022-07-07 平安普惠企业管理有限公司 Data transmission method and related device
CN115277225A (en) * 2022-07-29 2022-11-01 京东方科技集团股份有限公司 Data encryption method, data decryption method and related equipment

Similar Documents

Publication Publication Date Title
CN110378139B (en) Data key protection method, system, electronic equipment and storage medium
CN108809646B (en) Secure shared key sharing system
FI125736B (en) Software controlled radio, and procedure to renew a software, and software controlled radio system
CN110457945B (en) List query method, query party device, service party device and storage medium
CN109274644B (en) Data processing method, terminal and watermark server
US11023621B2 (en) System and method for authenticating and IP licensing of hardware modules
CN209803788U (en) PCIE credible password card
US20230325516A1 (en) Method for file encryption, terminal, electronic device and computer-readable storage medium
CN111404892B (en) Data supervision method and device and server
CN112346759A (en) Firmware upgrading method and device and computer readable storage medium
CN117640256B (en) Data encryption method, recommendation device and storage medium of wireless network card
CN106100823B (en) Password protection device
US11128455B2 (en) Data encryption method and system using device authentication key
CN102270285B (en) Key authorization information management method and device
CN109299944B (en) Data encryption method, system and terminal in transaction process
CN113542187A (en) File uploading and downloading method and device, computer device and medium
US20220345292A1 (en) Method and device for encryption of video stream, communication equipment, and storage medium
CN108242997B (en) Method and apparatus for secure communication
CN116992474A (en) Firmware encryption method and device
CN115941304A (en) Data encryption method and device, terminal equipment and computer readable storage medium
CN109255225A (en) Hard disc data security control apparatus based on dual-identity authentication
CN114297673A (en) Password verification method, solid state disk and upper computer
CN114091072A (en) Data processing method and device
CN114331648A (en) Bid file processing method, device, equipment and storage medium
CN118200049B (en) Encryption method, encryption device, equipment and medium for financial data

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination