CN117215621A - Method, device and system for updating firmware of electronic equipment - Google Patents
Method, device and system for updating firmware of electronic equipment Download PDFInfo
- Publication number
- CN117215621A CN117215621A CN202311444433.1A CN202311444433A CN117215621A CN 117215621 A CN117215621 A CN 117215621A CN 202311444433 A CN202311444433 A CN 202311444433A CN 117215621 A CN117215621 A CN 117215621A
- Authority
- CN
- China
- Prior art keywords
- chip module
- firmware
- new firmware
- module
- electronic device
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 70
- 230000005540 biological transmission Effects 0.000 claims abstract description 55
- 238000012795 verification Methods 0.000 claims abstract description 50
- 238000013524 data verification Methods 0.000 claims abstract description 27
- 238000004891 communication Methods 0.000 claims description 82
- 230000008569 process Effects 0.000 abstract description 17
- 238000012790 confirmation Methods 0.000 abstract description 5
- 230000006870 function Effects 0.000 description 11
- 238000010586 diagram Methods 0.000 description 9
- 230000002452 interceptive effect Effects 0.000 description 5
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 230000001413 cellular effect Effects 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000009977 dual effect Effects 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000008054 signal transmission Effects 0.000 description 1
Landscapes
- Stored Programmes (AREA)
Abstract
The application relates to the technical field of integrated circuits, and discloses a method for updating firmware of electronic equipment, wherein the electronic equipment comprises a first chip module and a second chip module which stores the firmware, and the method comprises the following steps: receiving new firmware; the first chip module performs data verification on the new firmware; in case the verification is passed, the new firmware is transferred to the second chip module; and the second chip module updates the firmware according to the new firmware. According to the method provided by the embodiment of the application, the first chip module with higher security level is used for carrying out security verification such as integrity, source confirmation and the like on the new firmware, and after the new firmware passes the verification of the first chip module, the second chip module carries out firmware update according to the new firmware, so that the new firmware can be prevented from being maliciously tampered and attacked in the transmission process, and the security and the integrity of the new firmware in the transmission and storage processes are ensured. The application also discloses a device for updating the firmware of the electronic equipment and a system for updating the firmware of the electronic equipment.
Description
Technical Field
The present application relates to the technical field of integrated circuits, for example, to a method for updating firmware of an electronic device, an apparatus for updating firmware of an electronic device, and a system for updating firmware of an electronic device.
Background
At present, with the rapid development and wide application of electronic devices, firmware data serves as a tie between hardware and an operating system in the electronic devices, and contains basic operation instructions of the devices, so that the devices can be ensured to operate in an expected mode. Therefore, it is necessary to update the firmware data in the terminal device in a safe and reliable manner.
In the process of implementing the embodiment of the application, the related art is found to have at least the following problems:
in the related art, the firmware update mainly relies on wireless communication technology (e.g., a network side server sends an encrypted firmware update packet to an electronic device through Wi-Fi, bluetooth or cellular network) so that a terminal device updates the firmware according to the encrypted firmware update packet. The encrypted firmware update package can be prevented from being tampered with in the data transmission process, but such encryption means are easily broken by experienced attackers. If an attacker performs malicious tampering on the firmware update package, after the firmware is updated by using the modified firmware update package, malicious software or a backdoor can be put in the electronic equipment, so that the data security and privacy of the electronic equipment can not be ensured, and the security and reliability of the electronic equipment are affected and reduced.
It should be noted that the information disclosed in the above background section is only for enhancing understanding of the background of the application and thus may include information that does not form the prior art that is already known to those of ordinary skill in the art.
Disclosure of Invention
The following presents a simplified summary in order to provide a basic understanding of some aspects of the disclosed embodiments. The summary is not an extensive overview, and is intended to neither identify key/critical elements nor delineate the scope of such embodiments, but is intended as a prelude to the more detailed description that follows.
The embodiment of the application provides a method for updating electronic equipment firmware, a device for updating the electronic equipment firmware and a system for updating the electronic equipment firmware.
In some embodiments, an electronic device includes a first chip module and a second chip module storing firmware, the method for updating the firmware of the electronic device including: receiving new firmware; the first chip module performs data verification on the new firmware; in case the verification is passed, the new firmware is transferred to the second chip module; and the second chip module updates the firmware according to the new firmware.
In some embodiments, an electronic device includes a first chip module and a second chip module storing firmware, the means for updating the firmware of the electronic device comprising: a storage module configured to store the received new firmware; the first chip module is configured to perform data verification on the new firmware; the first chip module is further configured to transmit the new firmware to the second chip module if the verification passes; the second chip module is further configured to perform firmware update according to the new firmware.
In some embodiments, a system for updating electronic device firmware includes: the updating server is used for transmitting the new firmware to the storage module of the electronic equipment; the electronic equipment comprises a first chip module and a second chip module, wherein the first chip module is used for carrying out data verification on the new firmware, and transmitting the new firmware to the second chip module when the first chip module passes the verification on the new firmware, and the second chip module carries out firmware updating according to the new firmware.
In some embodiments, the device body includes: an equipment body; the device for updating the firmware of the electronic equipment provided by the embodiment of the application is arranged on the equipment body.
In some embodiments, a computer readable storage medium stores program instructions that, when executed, cause a computer to perform a method for updating electronic device firmware as provided by embodiments of the present application.
According to the method for updating the firmware of the electronic equipment, the first chip module with higher security level is used for carrying out security verification such as integrity, data source confirmation and the like on the new firmware, after the new firmware passes through the verification of the first chip module, the first chip module transmits the new firmware to the second chip module through the internal communication channel, and the second chip module carries out firmware updating according to the new firmware passing through the security verification, so that the firmware updating of the electronic equipment is completed. The firmware in the second chip module is updated by the firmware updating method, so that the new firmware can be prevented from being maliciously tampered and attacked in the transmission process, and the safety and the integrity of the new firmware in the transmission and verification processes are ensured, thereby improving the safety and the reliability of the firmware updating of the electronic equipment.
The foregoing general description and the following description are exemplary and explanatory only and are not restrictive of the application.
Drawings
One or more embodiments are illustrated by way of example and not limitation in the figures of the accompanying drawings, in which like references indicate similar elements, and in which like reference numerals refer to similar elements, and in which:
FIG. 1 is a system environment schematic diagram of a method for updating firmware of an electronic device according to an embodiment of the present application;
FIG. 2 is a flowchart of a method for updating firmware of an electronic device according to an embodiment of the present application;
FIG. 3 is a second flowchart of a method for updating firmware of an electronic device according to an embodiment of the present application;
FIG. 4 is a third flowchart of a method for updating firmware of an electronic device according to an embodiment of the present application;
FIG. 5 is a schematic diagram of an apparatus for updating firmware of an electronic device according to an embodiment of the present application;
FIG. 6 is a second schematic diagram of an apparatus for updating firmware of an electronic device according to an embodiment of the present application;
fig. 7 is a schematic diagram of an electronic device according to an embodiment of the present application.
Detailed Description
For a more complete understanding of the nature and the technical content of the embodiments of the present application, reference should be made to the following detailed description of embodiments of the application, taken in conjunction with the accompanying drawings, which are meant to be illustrative only and not limiting of the embodiments of the application. In the following description of the technology, for purposes of explanation, numerous details are set forth in order to provide a thorough understanding of the disclosed embodiments. However, one or more embodiments may still be practiced without these details. In other instances, well-known structures and devices may be shown simplified in order to simplify the drawing.
The terms first, second and the like in the description and in the claims of embodiments of the application and in the above-described figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate in order to describe embodiments of the application herein. Furthermore, the terms "comprise" and "have," as well as any variations thereof, are intended to cover a non-exclusive inclusion.
The term "plurality" means two or more, unless otherwise indicated.
In the embodiment of the application, the character "/" indicates that the front object and the rear object are in an OR relationship. For example, A/B represents: a or B.
The term "and/or" is an associative relationship that describes an object, meaning that there may be three relationships. For example, a and/or B, represent: a or B, or, A and B.
The term "corresponding" may refer to an association or binding relationship, and the correspondence between a and B refers to an association or binding relationship between a and B.
The embodiment of the application can have the following application scenes. As shown in fig. 1, the application scenario includes: update server 200, and electronic device 100 in communication with update server 200. The update server 200 may provide the electronic device with the latest version of the new firmware, and after receiving the new firmware, the electronic device 100 updates the original firmware stored in the electronic device 100 with the new firmware. The specific type of electronic device 100 may not be limiting and may be, for example, a cell phone, a tablet computer, a wearable smart device, etc.
The electronic device 100 may be provided with a first chip module and a second chip module, and an interface capable of direct communication is provided between the first chip module and the second chip module, and an internal communication channel is established through the interface. The first chip module and the second chip module may be independent chip modules or may be two-in-one arranged on the same chip carrier.
The first chip module may be a secure chip module, which may be an embedded secure element (eSE, embedded Secure Element). The embedded security unit is a tamper-proof chip unit, can ensure the secure storage of data, and the information stored in the embedded security unit is only opened to an authorized main body, so that the security of important information can be ensured. The first chip module may serve applications with high security requirements, such as: wallet applications, traffic card applications, and the like.
The second chip module may be an NFC chip module, and since NFC (Near Field Communication ) has become one of the most commonly used functions in mobile electronic devices, new NFC functions may be continuously updated as the user needs since the functions are typically used in a mobile payment scenario. Therefore, the firmware stored on the second chip module needs to be updated from time to ensure the use safety of the NFC chip module and the electronic device.
Alternatively, the second chip module may also be an Ultra Wide Band (UWB) chip, which may transmit a large amount of data in a short time. UWB chips are commonly used in high precision ranging, positioning scenarios. For example, in the need to ensure positioning accuracy of positioning applications in electronic devices, firmware stored on UWB chips also needs to be updated from time to ensure the performance of UWB chips.
An embodiment of the present application provides a method for updating firmware of an electronic device, as shown in fig. 2, the method includes:
s201, receiving new firmware.
Firmware (firmware) may include an underlying program written to a chip memory of an electronic device to implement at least the basic functions of the chip, such as a driver, a secure encryption program, a communication program, or an operating system program. When the update server issues new firmware, the update server signs the firmware file by using an encryption key according to an encryption signature algorithm, and finally the issued new firmware can simultaneously comprise the firmware file and the signature.
The signature may be decrypted by a verification body configured with a corresponding decryption key to verify the signature. The signature obtained without the encryption key cannot pass through the signature verification of the verification main body, and the verification main body without the decryption key cannot verify the signature, so that the security of the firmware file is ensured.
An interactive communication module for communicating with the update server may be provided in the electronic device, the interactive communication module receiving new firmware issued by the update server. The electronic device receives the new firmware and stores it in a storage module (internal storage or RAM of the electronic device) of the electronic device.
S202, data verification is carried out on the new firmware through the first chip module.
In the embodiment provided by the application, the verification subject for verifying the signature is the first chip module. As previously described, the first chip module may provide a higher level of security assurance. Therefore, in the process of updating the firmware of the second chip module, the first chip module is utilized to carry out safety authentication on the new firmware, so that the new firmware can be ensured not to be tampered in the process of data transmission, and the integrity and the authenticity of the new firmware are further ensured.
The first chip module can store a preset decryption key, and can perform data verification on the signature in the firmware file through the decryption key. The data verification can ensure the integrity and data source security of the new firmware. In the event that the signature in the new firmware is verified by the data, it is an indication that the new firmware is a file that is not tampered with maliciously and that is secure in origin.
In the related art, in the case that the second chip module needs to perform firmware update, the update server generally sends the new firmware to the electronic device, and the electronic device transmits the new firmware to the second chip module. The second chip module independently verifies the new firmware, and under the condition that the new firmware passes the verification of the second chip module, the second chip module updates the original firmware into the new firmware. However, since the second chip module does not have a high security level of data verification capability, the above-mentioned new firmware may be exposed to potential security risks, such as: man-in-the-middle attacks, replay attacks, or other malicious acts, etc., result in the possibility that the new firmware may be tampered with maliciously or that sensitive data is stolen. The method for updating the firmware of the electronic device provided by the embodiment of the application can ensure the integrity of the new firmware before being transmitted to the second chip module by verifying the new firmware through the first chip module with higher security level, so that the second chip module can update the firmware more safely, and the fund theft or information leakage of a user using the electronic device caused by the fact that the firmware is tampered can be avoided.
S203, in the case that the verification is passed, the new firmware is transmitted to the second chip module.
The first chip module and the second chip module may have a dedicated internal communication channel therebetween through which the first chip module transmits the new firmware to the second chip module in case the new firmware passes the authentication of the first chip module. The data transmission safety of the new firmware is further ensured, and the new firmware is prevented from being tampered maliciously in the data transmission process, so that the safety of updating the firmware of the electronic equipment is further improved.
And S204, the second chip module updates the firmware according to the new firmware.
When the second chip module receives the new firmware transmitted by the first chip module, the second chip module can place the second chip module in a firmware update mode, then update the firmware according to the new firmware, burn the firmware file in the new firmware in the storage area of the second chip module, so that the electronic equipment completes the firmware update to obtain a new function after the firmware update.
In this way, according to the method for updating the firmware of the electronic device provided by the embodiment of the application, the first chip module with higher security level is used for carrying out security verification such as integrity, data source confirmation and the like on the new firmware, after the new firmware passes the verification of the first chip module, the first chip module transmits the new firmware to the second chip module through the internal communication channel, and the second chip module carries out firmware updating according to the new firmware passing the security verification, so that the firmware updating of the electronic device is completed. The firmware in the second chip module is updated by the firmware updating method, so that the new firmware can be prevented from being maliciously tampered and attacked in the transmission process, and the safety and the integrity of the new firmware in the transmission and storage processes are ensured, thereby improving the safety and the reliability of the firmware updating of the electronic equipment.
Optionally, the electronic device further includes a contact communication module, and before the first chip module performs data verification on the new firmware, the method for updating the firmware of the electronic device provided by the embodiment of the application further includes:
s2011, the contact type communication module establishes an encryption transmission channel with the first chip module.
The electronic device may be configured with a contact communication module, which may be a DM (Device Management) protocol based communication module of OMA (Open Mobile Alliance). The contact communication module has an open mobile interface in communication with the first chip module. An encryption transmission channel can be established between the first chip module and the open mobile interface, so that the safety of data transmission between the contact communication module and the first chip module is further ensured.
And S2012, the contact communication module transmits the new firmware in the storage module of the electronic device to the first chip module through the encryption transmission channel.
After receiving the new firmware, the electronic device stores the new firmware into a storage module of the electronic device. The operating system of the electronic device or the application software with the authority can read the new firmware from the storage module and call the contact communication module to transmit the new firmware to the first chip module through the encrypted transmission channel so as to ensure that the new firmware is prevented from being attacked or tampered maliciously in the process.
By way of example, an application having the right to invoke a contact communication module may be installed in an electronic device, for example: wallet applications. In the process of updating the firmware, the application may send a request for updating the firmware to the update server, and the update server sends the new firmware to the electronic device in response to the request for updating the firmware, and the electronic device stores the new firmware in the storage module. The application can call the contact communication module, transmit the new firmware to the first chip module through the encrypted transmission channel of the contact communication module, and verify the integrity and the security of the new firmware through the first chip module.
Therefore, the encryption transmission channel established by the contact communication module is used for data transmission in the electronic equipment, so that the safety and the integrity of the new firmware in the data transmission process can be further ensured.
Optionally, the contact communication module establishes an encrypted transmission channel with the first chip module, and specifically includes:
s20111, the contact type communication module and the first chip module are in communication connection.
An application system or an application in the electronic device recognizes a scenario that data transmission with the first chip module is required, for example: firmware update scenario. At this time, the contact communication module is activated.
After the contact communication module is activated, a handshake operation is performed between the contact communication module and the first chip module, and a predefined data packet or information is exchanged to confirm that normal communication is possible between the contact communication module and the first chip module.
And S20112, the first chip module performs identity authentication on the contact type communication module.
After the handshake between the first chip module and the contact communication module is successful, the first chip module may send an authentication request to the contact communication module. The authentication request may include a request for the contact communication module to provide its credentials or identity information, or a request for a specific authentication operation by the contact communication module.
The contact communication module provides corresponding certificates or identity information according to the request of the first chip module so as to carry out identity authentication on the integrity, the validity and the authenticity of the certificates or the identity information by the first chip module.
And S20113, under the condition that the identity authentication is passed, the contact type communication module establishes an encryption transmission channel with the first chip module according to a key stored in advance by the first chip module.
In the case of passing the authentication, the first chip module provides the contact communication module with its prestored key, which is used by the contact communication module to encrypt an encrypted transmission channel, which can ensure that the data transmitted through it is protected from attacks. The above-mentioned contact communication module and the first chip module are communicated with the open mobile interface established between them, namely the interface of the encryption transmission channel.
In this way, the method for updating the firmware of the electronic device provided by the embodiment of the application is characterized in that the contact communication module and the first chip module are configured in the electronic device, the transmission of the new firmware is performed in the electronic device through the contact communication module in the established encryption transmission channel, and the verification of the new firmware is performed through the tamper-proof first chip module with higher security level. Through the dual security guarantee, the high security and the integrity of data transmission are ensured, so that potential security threat of the electronic equipment in the firmware updating process is effectively prevented, and the reliability of the firmware updating of the electronic equipment is improved.
Optionally, after the second chip module performs the firmware update, the method further includes:
s205, restarting the second chip module and confirming the integrity of the updated firmware.
After the firmware is updated, the second chip module can be restarted to verify whether the new firmware can normally run or not after being updated. If the second chip module can normally operate after restarting, the updated firmware is the complete firmware.
S206, sending the first message to the update server.
And when the second chip module is restarted and the updated firmware is confirmed to be complete firmware, namely, the second chip module can normally operate, the interactive communication module in the electronic equipment informs the updating server that the updating server has completed firmware updating.
Specifically, the second chip module may send a first message to the contact communication module, where the first message is used to indicate that the firmware in the second chip module is updated. The contact communication module then sends a first message to the update server via an interactive communication module in the electronic device for communicating with the update server.
After the second chip module performs firmware update, the second chip module can inform the update server that the electronic device has completed the firmware update by sending the first message, so that the update server obtains the update result of the electronic device.
Optionally, before the second chip module performs the firmware update, the method further includes:
s207, the second chip module performs data verification on the new firmware, and determines that the new firmware passes the data verification.
The second chip module may have stored therein a verification function that verifies the new firmware to perform security verification on the new firmware.
It is understood that there are triple security guarantees for secure transmission and verification of new firmware before the second chip module performs firmware update. The first re-security assurance is to transmit new firmware between an encryption transmission channel established through the contact communication module and the first chip module, the second re-security assurance is to verify the integrity and data sources of the new firmware through the first chip module, the third re-security assurance is to verify the new firmware through the second chip module, and the second chip module updates the firmware according to the new firmware under the condition that the re-verification is passed.
Therefore, the method for updating the firmware of the electronic equipment provided by the embodiment of the application has a triple security guarantee mechanism in the transmission and verification processes of the new firmware, and ensures the security of the electronic equipment in the process of updating the firmware to a higher degree.
Optionally, the first chip module performs data verification on the new firmware, including:
s2021, decrypting the new firmware.
After the first chip module receives the new firmware through the encrypted transmission channel, the new firmware can be decrypted according to a pre-stored decryption key, so that a subsequent signature verification program is performed.
And S2022, performing signature verification on the signature of the new firmware through a pre-stored key.
When the update server issues new firmware, the update server signs the firmware file by using the encryption key according to the encryption signature algorithm. The first chip module stores a preset decryption key. The pre-stored decryption key may decrypt the signature and compare it to the expected data format and content to confirm its authenticity and integrity. If the comparison results are the same, the signature passes verification; if not, the signature verification fails.
Therefore, the first chip module is used for carrying out safety verification on the new firmware, ensuring that the new firmware is not tampered and maintaining the original integrity of the new firmware, and greatly reducing the risk of interception or tampering of the new firmware.
With reference to fig. 3, an embodiment of the present application provides a method for updating firmware of an electronic device, where the method includes:
s301, the update server transmits new firmware;
s302, the first chip module performs data verification on the new firmware;
s303, under the condition that the first chip module passes the verification of the new firmware, the first chip module transmits the new firmware to the second chip module;
s304, the second chip module updates the firmware according to the new firmware.
In this way, the update server sends the new firmware to the storage module in the electronic device, the first chip module with higher security level in the electronic device performs security verification such as integrity, data source confirmation and the like on the new firmware, after the new firmware passes through the verification of the first chip module, the first chip module transmits the new firmware to the second chip module through an internal communication channel between the first chip module and the second chip module, and the second chip module performs firmware update according to the new firmware passing the security verification, so that the firmware update of the electronic device is completed. The firmware updating method can prevent the new firmware from being maliciously tampered and attacked in the internal transmission process of the electronic equipment, and ensure the safety and the integrity of the new firmware in the transmission and storage processes, thereby improving the safety and the reliability of the firmware updating of the electronic equipment.
In connection with fig. 4, an embodiment of the present application provides a method for updating firmware of an electronic device, where the method includes:
s401, the update server transmits new firmware to a storage module of the electronic equipment;
s402, the contact communication module reads the new firmware stored in the storage module and transmits the new firmware to the first chip module through the encryption transmission channel;
s403, the first chip module decrypts the new firmware and performs signature verification on the signature of the new firmware through a prestored secret key;
s404, the first chip module transmits the new firmware through the internal communication channel;
s405, the second chip module verifies the new firmware;
s406, the second chip module updates the firmware according to the new firmware;
s407, restarting the second chip module and confirming the integrity of the new firmware;
s408, the second chip module sends a first message to the contact communication module;
s409, the contact communication module sends a first message to the update server through the interactive communication module.
In this way, the method provided by the application carries out the transmission of the new firmware through the encryption transmission channel established between the contact communication module and the first chip module, carries out primary verification on the new firmware through the tamper-proof first chip module with higher security level, and carries out secondary verification on the new firmware through the second chip module. Through the triple security guarantee, the high security and the integrity of data transmission are ensured, so that potential security threat of the electronic equipment in the firmware updating process is effectively prevented, and the reliability of the firmware updating of the electronic equipment is improved. After the second chip module finishes updating the firmware, the second chip module also sends the message of finishing updating to the updating server through the contact communication module so that the updating server can acquire the latest situation of updating the firmware of the electronic equipment.
Referring to fig. 5, an apparatus 500 for updating firmware of an electronic device according to an embodiment of the present application includes a memory module 501, a first chip module 502, and a second chip module 503. The memory module 501 is configured to store the received new firmware; the first chip module 502 is configured to perform data verification on the new firmware; the first chip module 502 is further configured to transmit the new firmware to the second chip module if the verification passes; the second chip module 503 is configured to perform a firmware update according to the new firmware.
According to the device for updating the firmware of the electronic equipment, the first chip module with higher security level is used for carrying out security verification such as integrity, data source confirmation and the like on the new firmware, after the new firmware passes through the verification of the first chip module, the first chip module transmits the new firmware to the second chip module through the internal communication channel, and the second chip module carries out firmware updating according to the new firmware passing through the security verification, so that the firmware updating of the electronic equipment is completed. The firmware in the second chip module is updated by the firmware updating device, so that the new firmware can be prevented from being maliciously tampered and attacked in the transmission process, and the safety and the integrity of the new firmware in the transmission and storage processes are ensured, thereby improving the safety and the reliability of the firmware updating of the electronic equipment.
Optionally, as shown in fig. 6, the apparatus 500 for updating electronic device firmware further includes a contact communication module 504. The contact communication module 504 is configured to establish an encrypted transmission channel with the first chip module 502; and transmitting the new firmware in the memory module 501 to the first chip module 502 through the encrypted transmission channel.
Optionally, the contact communication module 504 is further configured to establish a communication connection with the first chip module 502; the first chip module 502 is further configured to authenticate the identity of the contact communication module 504; in case the identity authentication is passed, the contact communication module 504 is further configured to establish an encrypted transmission channel with the first chip module 502 based on a key pre-stored by the first chip module 502.
Optionally, the second chip module 503 is further configured to restart and confirm the integrity of the updated firmware, and send a first message to the update server, where the first message is used to indicate that the firmware in the second chip module completes updating.
Optionally, the first chip module 502 is further configured to decrypt the new firmware, and to verify the signature of the new firmware by means of a pre-stored key.
Optionally, the second chip module 503 is further configured to perform data verification on the new firmware, and determine that the new firmware passes the data verification.
As shown in fig. 1, the present application also provides a system 10 for updating firmware of an electronic device 100, the system comprising: update server 200 and electronic device 100, update server 200 is used for transmitting new firmware to the storage module of electronic device 100; the electronic device 100 includes a first chip module and a second chip module, where the first chip module is configured to perform data verification on the new firmware, and transmit the new firmware to the second chip module when the first chip module passes the verification on the new firmware, and the second chip module performs firmware update according to the new firmware.
In the system for updating firmware of electronic device 100 provided by the embodiment of the present application, the updating device is configured to issue a new firmware, after receiving the new firmware, electronic device 100 performs security verification such as integrity and data source verification on the new firmware by using a first chip module with a higher security level, and after the new firmware passes the verification of the first chip module, the first chip module transmits the new firmware to a second chip module through an internal communication channel, and the second chip module performs firmware update according to the new firmware passing the security verification, thereby completing firmware update of electronic device 100. The system can prevent the new firmware from being tampered and attacked maliciously in the transmission process, and ensure the safety and the integrity of the new firmware in the transmission and storage processes, thereby improving the safety and the reliability of firmware updating.
Optionally, the electronic device 100 further includes a contact communication module, configured to establish an encrypted transmission channel with the first chip module, and transmit the new firmware in the storage module of the electronic device 100 to the first chip module through the encrypted transmission channel, so that the first chip module performs data verification on the new firmware.
Optionally, the contact communication module establishes a communication connection with the first chip module; the first chip module performs identity authentication on the contact type communication module; under the condition that the identity authentication is passed, the contact communication module establishes an encryption transmission channel with the first chip module according to a key stored in advance by the first chip module.
Optionally, the second chip module restarts and confirms the integrity of the updated firmware, and sends a first message to the update server 200, where the first message is used to indicate that the firmware in the second chip module is updated.
Optionally, the first chip module decrypts the new firmware and verifies the signature of the new firmware by using the pre-stored key.
Optionally, the second chip module performs data verification on the new firmware, and determines that the new firmware passes the data verification.
Referring to fig. 7, an embodiment of the present application provides an electronic device 100, including: the device body, and the above-described apparatus 500 for updating firmware of an electronic device. An apparatus 500 for updating firmware of an electronic device is installed in the device body 20. The mounting relationship described herein is not limited to being placed inside the device body 20, but also includes mounting connections with other components of the electronic device 100, including but not limited to physical connections, electrical connections, or signal transmission connections, etc. Those skilled in the art will appreciate that the apparatus 500 for updating electronic device firmware may be adapted to a viable device body 20 to implement other viable embodiments.
Embodiments of the present application provide a computer-readable storage medium storing computer-executable instructions configured to perform the above-described method for updating firmware of an electronic device.
The technical solution of the embodiment of the present application may be embodied in the form of a software product, where the software product is stored in a storage medium, and includes one or more instructions to cause a computer device (which may be a personal computer, a server, or a network device) to perform all or part of the steps of the method of the embodiment of the present application. While the aforementioned storage medium may be a non-transitory storage medium, such as: a usb disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk or an optical disk, or the like, which can store program codes.
The above description and the drawings illustrate embodiments of the application sufficiently to enable those skilled in the art to practice them. Other embodiments may involve structural, logical, electrical, process, and other changes. The embodiments represent only possible variations. Individual components and functions are optional unless explicitly required, and the sequence of operations may vary. Portions and features of some embodiments may be included in, or substituted for, those of others. Moreover, the terminology used in the present application is for the purpose of describing embodiments only and is not intended to limit the claims. As used in the description of the embodiments and the claims, the singular forms "a," "an," and "the" (the) are intended to include the plural forms as well, unless the context clearly indicates otherwise. Similarly, the term "and/or" as used in this disclosure is meant to encompass any and all possible combinations of one or more of the associated listed. Furthermore, when used in the present disclosure, the terms "comprises," "comprising," and/or variations thereof, mean that the recited features, integers, steps, operations, elements, and/or components are present, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. Without further limitation, an element defined by the phrase "comprising one …" does not exclude the presence of other like elements in a process, method or apparatus comprising such elements. In this context, each embodiment may be described with emphasis on the differences from the other embodiments, and the same similar parts between the various embodiments may be referred to each other. For the methods, products, etc. disclosed in the embodiments, if they correspond to the method sections disclosed in the embodiments, the description of the method sections may be referred to for relevance.
Those of skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. The skilled person may use different methods for each particular application to achieve the described functionality, but such implementation is not to be considered as beyond the scope of the embodiments of the application. It will be clearly understood by those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described systems, apparatuses and units may refer to corresponding procedures in the foregoing method embodiments, which are not described herein again.
In the embodiments disclosed herein, the disclosed methods, articles of manufacture (including but not limited to devices, apparatuses, etc.) may be practiced in other ways. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of elements may be merely a logical functional division, and there may be additional divisions when actually implemented, e.g., multiple elements or components may be combined or integrated into another system, or some features may be omitted or not performed. In addition, the coupling or direct coupling or communication connection shown or discussed with each other may be through some interface, device or unit indirect coupling or communication connection, which may be in electrical, mechanical or other form. The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed over a plurality of network units. Some or all of the units may be selected according to actual needs to implement the present embodiment. In addition, each functional unit in the embodiment of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit.
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). In some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. In the description corresponding to the flowcharts and block diagrams in the figures, operations or steps corresponding to different blocks may also occur in different orders than that disclosed in the description, and sometimes no specific order exists between different operations or steps. For example, two consecutive operations or steps may actually be performed substantially in parallel, they may sometimes be performed in reverse order, which may be dependent on the functions involved. Each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Claims (10)
1. A method for updating firmware of an electronic device, the electronic device comprising a first chip module and a second chip module storing firmware, the method comprising:
receiving new firmware;
the first chip module performs data verification on the new firmware;
in case the verification is passed, the new firmware is transferred to the second chip module;
and the second chip module updates the firmware according to the new firmware.
2. The method of claim 1, wherein the electronic device further comprises a contact communication module, the method further comprising, prior to the first chip module data verifying the new firmware:
the contact type communication module establishes an encryption transmission channel with the first chip module;
the contact communication module transmits the new firmware in the storage module of the electronic device to the first chip module through the encrypted transmission channel.
3. The method of claim 2, wherein the contact communication module establishes an encrypted transmission channel with the first chip module, comprising:
the contact type communication module establishes communication connection with the first chip module;
the first chip module performs identity authentication on the contact type communication module;
under the condition that the identity authentication is passed, the contact communication module establishes an encryption transmission channel with the first chip module according to a key stored in advance by the first chip module.
4. The method of claim 2, wherein after the second chip module performs a firmware update according to the new firmware, the method further comprises:
restarting the second chip module and confirming the integrity of the updated firmware;
and sending a first message to the update server, wherein the first message is used for indicating that the firmware in the second chip module is updated.
5. The method of any of claims 1 to 4, wherein the first chip module performs data verification on the new firmware, comprising:
decrypting the new firmware;
signature verification is performed on the signature of the new firmware through the prestored secret key.
6. The method of any of claims 1-4, wherein prior to the second chip module performing a firmware update, the method further comprises:
and the second chip module performs data verification on the new firmware and determines that the new firmware passes the data verification.
7. An apparatus for updating firmware of an electronic device, the electronic device comprising a first chip module and a second chip module storing firmware, the apparatus comprising:
a storage module configured to store the received new firmware;
the first chip module is configured to perform data verification on the new firmware;
the first chip module is further configured to transmit the new firmware to the second chip module if the verification passes;
and the second chip module is configured to update the firmware according to the new firmware.
8. The apparatus of claim 7, wherein the apparatus further comprises:
and the contact communication module is configured to establish an encryption transmission channel with the first chip module and transmit new firmware in the storage module of the electronic device to the first chip module through the encryption transmission channel.
9. A system for updating firmware of an electronic device, comprising:
the updating server is used for transmitting the new firmware to the storage module of the electronic equipment;
the electronic equipment comprises a first chip module and a second chip module, wherein the first chip module is used for carrying out data verification on the new firmware, and transmitting the new firmware to the second chip module when the first chip module passes the verification on the new firmware, and the second chip module carries out firmware updating according to the new firmware.
10. The system of claim 9, wherein the electronic device further comprises:
the contact communication module is used for establishing an encryption transmission channel between the contact communication module and the first chip module and transmitting the new firmware in the storage module of the electronic equipment to the first chip module through the encryption transmission channel so as to enable the first chip module to perform data verification on the new firmware.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311444433.1A CN117215621A (en) | 2023-11-02 | 2023-11-02 | Method, device and system for updating firmware of electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311444433.1A CN117215621A (en) | 2023-11-02 | 2023-11-02 | Method, device and system for updating firmware of electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117215621A true CN117215621A (en) | 2023-12-12 |
Family
ID=89041151
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311444433.1A Pending CN117215621A (en) | 2023-11-02 | 2023-11-02 | Method, device and system for updating firmware of electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117215621A (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106227503A (en) * | 2016-07-29 | 2016-12-14 | 苏州国芯科技有限公司 | Safety chip COS firmware update, service end, terminal and system |
| CN110532735A (en) * | 2018-05-23 | 2019-12-03 | 霍尼韦尔环境自控产品(天津)有限公司 | Firmware upgrade method |
| CN111625263A (en) * | 2020-05-22 | 2020-09-04 | 苏州浪潮智能科技有限公司 | Server component firmware updating method |
| CN115220762A (en) * | 2022-07-06 | 2022-10-21 | 中国第一汽车股份有限公司 | Vehicle-end firmware upgrading method, device, equipment and medium of digital key system |
| CN116070217A (en) * | 2023-02-22 | 2023-05-05 | 上海威固信息技术股份有限公司 | Safe starting system and method for chip module |
| CN116204211A (en) * | 2023-01-31 | 2023-06-02 | 联想(北京)有限公司 | Information processing method, device, equipment and computer readable storage medium |
| CN116628708A (en) * | 2023-07-25 | 2023-08-22 | 荣耀终端有限公司 | Method for starting chip, electronic equipment and readable storage medium |
| CN116909611A (en) * | 2023-04-27 | 2023-10-20 | 云鲸智能(深圳)有限公司 | Electronic device firmware updating method, cleaning device and storage medium |
-
2023
- 2023-11-02 CN CN202311444433.1A patent/CN117215621A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106227503A (en) * | 2016-07-29 | 2016-12-14 | 苏州国芯科技有限公司 | Safety chip COS firmware update, service end, terminal and system |
| CN110532735A (en) * | 2018-05-23 | 2019-12-03 | 霍尼韦尔环境自控产品(天津)有限公司 | Firmware upgrade method |
| CN111625263A (en) * | 2020-05-22 | 2020-09-04 | 苏州浪潮智能科技有限公司 | Server component firmware updating method |
| CN115220762A (en) * | 2022-07-06 | 2022-10-21 | 中国第一汽车股份有限公司 | Vehicle-end firmware upgrading method, device, equipment and medium of digital key system |
| CN116204211A (en) * | 2023-01-31 | 2023-06-02 | 联想(北京)有限公司 | Information processing method, device, equipment and computer readable storage medium |
| CN116070217A (en) * | 2023-02-22 | 2023-05-05 | 上海威固信息技术股份有限公司 | Safe starting system and method for chip module |
| CN116909611A (en) * | 2023-04-27 | 2023-10-20 | 云鲸智能(深圳)有限公司 | Electronic device firmware updating method, cleaning device and storage medium |
| CN116628708A (en) * | 2023-07-25 | 2023-08-22 | 荣耀终端有限公司 | Method for starting chip, electronic equipment and readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11265319B2 (en) | Method and system for associating a unique device identifier with a potential security threat | |
| EP3051855B1 (en) | Communication device, lsi, program, and communication system | |
| US10708062B2 (en) | In-vehicle information communication system and authentication method | |
| US10567428B2 (en) | Secure wireless ranging | |
| CN102510333B (en) | Authorization method and system | |
| CN111404696B (en) | Collaborative signature method, security service middleware, related platform and system | |
| US11757911B2 (en) | Method and system for providing security on in-vehicle network | |
| CN106227503A (en) | Safety chip COS firmware update, service end, terminal and system | |
| EP2278534A1 (en) | Ic card, ic card system, and method thereof | |
| CN110621014B (en) | Vehicle-mounted equipment, program upgrading method thereof and server | |
| KR20140126787A (en) | Puf-based hardware device for providing one time password, and method for 2-factor authenticating using thereof | |
| CN101325485A (en) | A method for processing information in an electronic device, a system, an electronic device and a processing block | |
| CN107733636B (en) | Authentication method and authentication system | |
| CN107733652B (en) | Unlocking method and system for shared vehicle and vehicle lock | |
| US11424915B2 (en) | Terminal registration system and terminal registration method with reduced number of communication operations | |
| CN101944170A (en) | Method, system and device for issuing software version | |
| CN103108323A (en) | Safety operation execution system and execution method | |
| CN113556230B (en) | Data security transmission method, certificate related method, server, system and medium | |
| CN113239363A (en) | Firmware updating method, device, equipment, readable storage medium and memory system | |
| CN106549934B (en) | Network equipment safety system | |
| CN112769789B (en) | Encryption communication method and system | |
| CN109302442B (en) | Data storage proving method and related equipment | |
| CN108900595B (en) | Method, device and equipment for accessing data of cloud storage server and computing medium | |
| CN107343276B (en) | Method and system for protecting SIM card locking data of terminal | |
| CN117215621A (en) | Method, device and system for updating firmware of electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |