CN117494197A - Authorized use method and device for electronic controller after file loading - Google Patents
Authorized use method and device for electronic controller after file loading Download PDFInfo
- Publication number
- CN117494197A CN117494197A CN202311444138.6A CN202311444138A CN117494197A CN 117494197 A CN117494197 A CN 117494197A CN 202311444138 A CN202311444138 A CN 202311444138A CN 117494197 A CN117494197 A CN 117494197A
- Authority
- CN
- China
- Prior art keywords
- electronic controller
- terminal
- key
- target file
- file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000011068 loading method Methods 0.000 title claims abstract description 52
- 238000000034 method Methods 0.000 title claims abstract description 36
- 230000004044 response Effects 0.000 claims abstract description 40
- 238000012795 verification Methods 0.000 claims abstract description 36
- 230000002159 abnormal effect Effects 0.000 claims abstract description 33
- 230000006870 function Effects 0.000 claims description 46
- 238000004422 calculation algorithm Methods 0.000 claims description 12
- 238000013475 authorization Methods 0.000 claims description 3
- 238000011084 recovery Methods 0.000 description 13
- 238000005516 engineering process Methods 0.000 description 12
- 238000004891 communication Methods 0.000 description 9
- 238000004364 calculation method Methods 0.000 description 5
- 238000012545 processing Methods 0.000 description 5
- 230000002829 reductive effect Effects 0.000 description 5
- 238000004590 computer program Methods 0.000 description 4
- 238000006731 degradation reaction Methods 0.000 description 4
- 238000003745 diagnosis Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 3
- 230000001360 synchronised effect Effects 0.000 description 3
- 239000000463 material Substances 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 230000001680 brushing effect Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000000802 evaporation-induced self-assembly Methods 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 230000000670 limiting effect Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000036961 partial effect Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000013024 troubleshooting Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B23/00—Testing or monitoring of control systems or parts thereof
- G05B23/02—Electric testing or monitoring
- G05B23/0205—Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults
- G05B23/0208—Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults characterized by the configuration of the monitoring system
- G05B23/0213—Modular or universal configuration of the monitoring system, e.g. monitoring system having modules that may be combined to build monitoring program; monitoring system that can be applied to legacy systems; adaptable monitoring system; using different communication protocols
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
- G06F9/44521—Dynamic linking or loading; Link editing at or after load time, e.g. Java class loading
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Automation & Control Theory (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Storage Device Security (AREA)
Abstract
The disclosure provides an authorized use method and device for an electronic controller after file loading, and relates to the technical field of computers. The specific implementation scheme is as follows: the electronic controller responds to an abnormal event and loads a first target file from a first terminal; the electronic controller responds to the success of the signature verification of the first target file, and executes the first target file; the electronic controller acquires a first secret key from the target server through the second terminal; and the electronic controller authorizes the second terminal to start the use authority of the function mode corresponding to the first target file in response to the matching of the first key and the local second key. According to the scheme disclosed by the invention, the safety of the function mode of starting the loaded file by the electronic controller can be improved, and the storage space of the electronic controller can be saved.
Description
Technical Field
The disclosure relates to the field of computer technology, and in particular, to a method, a device, equipment and a storage medium for loading a file of an electronic controller.
Background
Electronic controllers (ECU, electronic Control Unit) are an important electronic component and have wide application in electronic production. The electronic controller is a miniature computer management center, which takes signal (data) acquisition, calculation processing, analysis and judgment, decision countermeasures as input, and then takes control instructions and command executors as output.
Disclosure of Invention
The disclosure provides a method and a device for authorized use of an electronic controller after file loading, which are used for solving or relieving one or more technical problems in the prior art.
In a first aspect, the present disclosure provides a method for authorized use of an electronic controller after file loading, including:
the electronic controller loads a first target file from the first terminal in response to the abnormal event.
And the electronic controller responds to the success of the signature verification of the first target file and executes the first target file.
The electronic controller obtains the first key from the target server through the second terminal. And
And the electronic controller authorizes the second terminal to start the use authority of the functional mode corresponding to the first target file in response to the matching of the first key and the local second key.
In a second aspect, the present disclosure provides an authorized use device of an electronic controller after file loading, including:
and the loading module is used for responding to the abnormal event by the electronic controller and loading the first target file from the first terminal.
And the execution module is used for responding to the success of the signature verification of the first target file by the electronic controller and executing the first target file.
And the acquisition module is used for acquiring the first secret key from the target server through the second terminal by the electronic controller.
And
And the authorization module is used for the electronic controller to authorize the second terminal to start the use authority of the function mode corresponding to the first target file in response to the matching of the first key and the local second key.
In a third aspect, an electronic device is provided, comprising:
at least one processor. And
A memory communicatively coupled to the at least one processor. Wherein,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of the embodiments of the present disclosure.
In a fourth aspect, a non-transitory computer readable storage medium storing computer instructions is provided, wherein the computer instructions are for causing the computer to perform a method according to any of the embodiments of the present disclosure.
According to the scheme disclosed by the invention, the safety of the function mode of starting the loaded file by the electronic controller can be improved, and the storage space of the electronic controller can be saved.
It should be understood that the description in this section is not intended to identify key or critical features of the embodiments of the disclosure, nor is it intended to be used to limit the scope of the disclosure. Other features of the present disclosure will become apparent from the following specification.
Drawings
In the drawings, the same reference numerals refer to the same or similar parts or elements throughout the several views unless otherwise specified. The figures are not necessarily drawn to scale. It is appreciated that these drawings depict only some embodiments provided according to the disclosure and are not to be considered limiting of its scope.
Fig. 1 is a flow chart of a method of authorized use after file loading of an electronic controller according to an embodiment of the present disclosure.
Fig. 2 is a flow chart of a method of authorized use after file loading of an electronic controller according to an embodiment of the present disclosure.
Fig. 3 is a flow chart of a method of authorized use after file loading of an electronic controller according to an embodiment of the present disclosure.
Fig. 4 is a block diagram of an electronic controller according to an embodiment of the present disclosure.
Fig. 5 is a schematic diagram of an authorized use device after file loading of an electronic controller according to an embodiment of the present disclosure.
Fig. 6 is a block diagram of an electronic device used to implement a method of authorized use of an electronic controller after file loading in accordance with an embodiment of the present disclosure.
Detailed Description
The present disclosure will be described in further detail below with reference to the accompanying drawings. In the drawings, like reference numbers indicate identical or functionally similar elements. Although various aspects of the embodiments are illustrated in the accompanying drawings, the drawings are not necessarily drawn to scale unless specifically indicated.
In addition, numerous specific details are set forth in the following detailed description in order to provide a better understanding of the present disclosure. It will be understood by those skilled in the art that the present disclosure may be practiced without some of these specific details. In some instances, methods, means, elements, circuits, etc. well known to those skilled in the art have not been described in detail in order not to obscure the present disclosure.
As shown in fig. 1, a method for authorized use of an electronic controller after file loading of the present disclosure includes:
step S101: the electronic controller loads a first target file from the first terminal in response to the abnormal event.
Step S102: and the electronic controller responds to the success of the signature verification of the first target file and executes the first target file.
Step S103: the electronic controller obtains the first key from the target server through the second terminal.
Step S104: and the electronic controller authorizes the second terminal to start the use authority of the functional mode corresponding to the first target file in response to the matching of the first key and the local second key.
According to the embodiment of the disclosure, it is to be noted that:
the electronic controller may be understood as any ECU in the prior art, and is not specifically limited herein.
The abnormal events may be set according to the requirements, and are not particularly limited herein. For example, the abnormal event may include an event that the electronic controller fails to start the application, an event that the electronic controller is detected to be possibly attacked maliciously, and the like.
The first terminal is understood to be any terminal device connected to the electronic controller via a communication bus. The first terminal and the electronic controller may be connected by a wired connection or a wireless connection, and a network transmission protocol and an interface protocol between the two are not particularly limited herein. For example, both are data-transmitted via Ethernet (ETH), or both are data-transmitted via wireless network.
The second terminal is understood to be any terminal device connected to the electronic controller via a communication bus. The second terminal is a user terminal, and a user of the second terminal can control the electronic controller in a corresponding function mode under the condition that the electronic controller grants the use permission. The second terminal and the electronic controller may be connected by a wired connection or a wireless connection, and a network transmission protocol and an interface protocol between the two are not particularly limited herein. For example, both are data-transmitted via Ethernet (ETH), or both are data-transmitted via wireless network.
The first terminal and the second terminal may be the same terminal or may be different terminals, which is not specifically limited herein.
The first target file may be understood as a file that needs to be operated when the electronic controller enters the corresponding functional mode. The first object file may include a system file (e.g., email Linux such as Flash Linux and Recovery Linux) that is used to flush the electronic controller, or may include a new function file that runs additional functions on the electronic controller. The first object file may be directly stored in the first terminal. The first target file may also be indirectly stored in the first terminal, for example, when the electronic controller needs to load the first target file, the first terminal obtains the first target file from the corresponding server. The first target file may have a plurality of functions integrated therein, and the electronic controller may operate one or more functions in the first target file as needed after loading the first target file. For example, when the first object file integrates the function of the refresh recovery electronic controller system and the function of fault diagnosis, the electronic controller may perform only the function of refresh recovery, may perform only the function of fault diagnosis, and may perform both the function of refresh recovery and the function of fault diagnosis.
The electronic controller loads the first target file, which may be actively loaded, that is, in the case of detecting an abnormal event, the electronic controller then actively loads the first target file from the first terminal.
The electronic controller loads the first target file, or may be passive loading, that is, the electronic controller loads the first target file from the first terminal when an abnormal event is detected and the second terminal issues a user instruction for loading the first target file.
The electronic controller performs signature verification (signature verification) on the first target file, and any file signature verification method in the prior art can be adopted, which is not particularly limited herein.
The target server may be understood as a cloud server, an edge device, or a local server, which is not specifically limited herein.
The first key may be computationally generated on the target server or may be stored directly on the target server.
The local second key may be understood as a key stored in the electronic controller. The second key may be computationally generated on the electronic controller or may be stored directly in the electronic controller.
The first object file may enable the electronic controller to operate in a specific functional mode, so as to perform corresponding processing for the abnormal event. For example, in the event that the electronic controller fails to launch an application program, authorizing the second terminal may be to cause the electronic controller to enter a resume function mode of the emergency flush application, and/or the user instruction may be to cause the electronic controller to enter an additional function mode (e.g., troubleshoot the electronic controller, add a new function to the electronic controller, etc.). In the event that the electronic controller may be maliciously attacked, authorizing the second terminal may be to cause the electronic controller to enter a resume function mode of the emergency swipe application, and/or the user instruction may be to cause the electronic controller to enter an additional function mode (e.g., troubleshooting the electronic controller, adding new functions to the electronic controller, etc.).
It should be noted that, the steps of the embodiments of the present disclosure may be implemented by one or more functional modules in the electronic controller, which is not specifically limited herein.
According to the technology of the embodiment of the present disclosure, since the first target file required for the electronic controller to start the function mode is acquired from the first terminal, not acquired locally from the electronic controller (i.e., the first target file is not stored inside the electronic controller), the storage space (hard disk space) of the electronic controller can be saved. The first target file required by the electronic controller to start the functional mode is not stored locally in the electronic controller but is acquired from the first terminal, so that the compiled executable first target file is easier to be safely managed and controlled. Because the first target file is loaded from the first terminal and not acquired locally from the electronic controller, the first terminal can be used for loading the electronic controller with any pre-developed or post-developed first target file of a required function mode, so that the flexible function deployment of the electronic controller is realized, even if the electronic controller does not consider or realize the function in the development stage, the function can be added into the electronic controller at any time later, the constraint of a function development program node of the electronic controller is avoided, and the update of the existing function in the electronic controller, such as the update of a system, can be realized.
According to the technology of the embodiment of the disclosure, the electronic controller authorizes the second terminal to start the use authority of the function mode corresponding to the first target file only when the first target file is successfully checked and the first key and the second key are matched, so that the information security of the function mode of the electronic controller for starting the loaded file is improved through double authentication, the electronic controller can be safely started, and the possibility of malicious attack of the electronic controller is reduced. Meanwhile, the first secret key acquired through the target server and the second secret key acquired locally from the electronic controller are matched to authorize the second terminal to log in and acquire the use authority, so that the security authentication of the second terminal can be realized, the electronic controller can be ensured to enter a corresponding functional mode only by a legal authorizer (the second terminal), and the possibility that the electronic controller is maliciously attacked and utilized by other people is avoided.
In one implementation manner, as shown in fig. 2, the file loading method of the electronic controller in the embodiment of the disclosure includes steps S101 to S104, where step S101: the electronic controller responds to the abnormal event, and before loading the first target file from the first terminal, the electronic controller further comprises:
Step S105: and the electronic controller performs signature verification on the local second target file.
Step S106: and the electronic controller responds to the verification failure of the second target file, and determines that an abnormal event is generated.
According to the embodiment of the disclosure, it is to be noted that:
the local second object file may be understood as a file stored in the electronic controller. The second target file is used for initializing and starting a kernel in the electronic controller. The second object file may be one or more, and is not particularly limited herein. For example, the second object file may include at least one of an initial Boot program initializing a kernel, a Bootloader (Boot loader) starting an M Core (M Core) in the kernel, a U-Boot (Universal Bootloader, general purpose Boot loader) starting an a Core (a Core) in the kernel, and an application.
The electronic controller performs signature verification (signature verification) on the second target file, and any file signature verification method in the prior art can be adopted, which is not particularly limited herein. For example, the signature of the second target file may be signed by a signature verification public key stored locally by the electronic controller.
The reason for the failure of the second target file to verify the signature may be that the second target file is damaged or replaced by an external malicious attack.
According to the technology of the embodiment of the disclosure, the time for loading the file can be accurately obtained through the verification of the second target file, namely, the time for the electronic controller to respond to the abnormal event and enter the corresponding functional mode is determined.
In one implementation manner, the file loading method of the electronic controller in the embodiment of the present disclosure includes steps S101 to S103, where step S101: the electronic controller responds to the abnormal event, and before loading the first target file from the first terminal, the electronic controller further comprises:
the electronic controller determines second current version information of the local second target file.
The electronic controller determines second historical version information of a locally stored second target file.
The electronic controller determines to generate an exception event in response to the second current version information not matching the second historical version information.
According to the embodiment of the disclosure, it is to be noted that:
the local second object file may be understood as a file stored in the electronic controller. The second target file is used for initializing and starting a kernel in the electronic controller. The second object file may be one or more, and is not particularly limited herein. For example, the second object file may include at least one of an initial Boot program initializing the kernel, a Bootloader (Bootloader) starting an M Core (M Core) in the kernel, and a U-Boot (Universal Bootloader, generic Bootloader) starting an a Core (a Core) in the kernel.
The second current version information may be understood as version information of the second target file that is loaded to run.
The second historical version information can be understood as version information of a historical second target file that the electronic controller operates before an abnormal event occurs. The second historical version information is stored in the electronic controller (local to the electronic controller).
The reason for the mismatch of the version information of the second target file may be that the second target file is damaged or replaced by an external malicious attack.
According to the technology of the embodiment of the disclosure, through verifying the version information of the second target file, the time for loading the file can be accurately obtained, namely, the time for the electronic controller to respond to the abnormal event and enter the corresponding functional mode is determined.
In one implementation manner, the file loading method of the electronic controller in the embodiment of the present disclosure includes steps S101 to S103, where step S101: the electronic controller responds to the abnormal event, and before loading the first target file from the first terminal, the electronic controller further comprises:
the electronic controller determines second current version information of the local second target file.
The electronic controller determines second historical version information of a locally stored second target file.
And the electronic controller performs signature verification on the local second target file.
And the electronic controller determines to generate an abnormal event in response to the fact that the second current version information is not matched with the second historical version information and/or the second target file fails to verify the signature.
In one implementation manner, the file loading method of the electronic controller in the embodiment of the present disclosure includes steps S101 to S103, where step S101: the electronic controller responds to the abnormal event, and loads a first target file from the first terminal, wherein the first target file comprises:
and the electronic controller responds to the abnormal event and receives a user instruction sent by the second terminal, and loads the first target file from the first terminal.
Wherein the user instruction is for enabling the electronic controller to load the first target file.
In one implementation manner, as shown in fig. 3, the file loading method of the electronic controller in the embodiment of the disclosure includes steps S101 to S104, where step S102: the electronic controller responds to the success of the signature verification of the first target file, and executes the first target file, including:
step S1021: and the electronic controller responds to the success of the signature verification of the first target file, and determines the first current version information of the first target file.
Step S1022: and the electronic controller determines the first historical version information of the locally stored file corresponding to the first target file according to the first target file.
Step S1023: the electronic controller executes the first target file in response to the first current version information matching the first historical version information.
According to the embodiment of the disclosure, it is to be noted that:
the first current version information may be understood as version information of the first target file that is loaded to run.
The first historical version information can be understood as version information of a historical first target file that the electronic controller operates before an abnormal event occurs. The first historical version information is stored in the electronic controller (local to the electronic controller).
The first current version information matches the first historical version information, which may be understood as the same as the first historical version information, or which may be understood as the first historical version information being lower than the first current version information.
According to the technology of the embodiment of the disclosure, by detecting the first current version information and the first historical version information, the anti-degradation protection of the electronic controller can be realized, and the situation that the first file acquired from the first terminal is a system file with a low version and the original high version of the system file of the electronic controller is written down is avoided. The possibility of malicious attack on the electronic controller is prevented by loading the low-version system file into the electronic controller from the outside. Meanwhile, by matching the first current version information with the first historical version information, checking the signature of the first target file and matching the first key with the second key, the information security of the electronic controller loaded file is improved through triple authentication, the electronic controller can be started safely, and the possibility of malicious attack of the electronic controller is reduced. Only a legal authorizer (second terminal) can be ensured to enable the electronic controller to enter a corresponding functional mode, and the possibility that the electronic controller is maliciously attacked and utilized by other people is avoided.
In one implementation manner, the file loading method of the electronic controller in the embodiment of the present disclosure includes steps S101 to S104, where step S103: the electronic controller obtains a first secret key from a target server through a second terminal, and the method comprises the following steps:
step S1031: and the electronic controller responds to the login request of the second terminal to determine the identity information.
Step S1032: the electronic controller obtains a first key from the target server according to the identity information.
According to the embodiment of the disclosure, it is to be noted that:
identity information, which may be understood as a serial number or ID (Identity document, an identification number) of the electronic controller.
The identity information of each electronic controller is unique, and each identity information corresponds to a unique first key. That is, each electronic controller has a unique first key, i.e., a one-machine-to-one password.
The first key is obtained from the target server, which may be understood as that the electronic controller actively reads the first key from the target server, or may be understood as that the target server sends the first key to the electronic controller according to a request of the electronic controller.
The target server can be a high-reliability device authorized by the electronic controller, so that the possibility that the first secret key is stolen is avoided.
According to the technology of the embodiment of the disclosure, the electronic controller can realize one-machine one-key because the electronic controller is the first key acquired from the target server according to the identity information, and the exclusive and unique password of the electronic controller is ensured to be acquired from the target server. Since the electronic controller needs to acquire the first key from the trusted target server, others who want to attack the electronic controller maliciously cannot easily steal or decipher the first key.
In one implementation, the file loading method of the electronic controller of the embodiment of the disclosure includes steps S101 to S104, and steps S1031 and S1032, where step S1031: the electronic controller responds to the success of the first target file verification, and determines identity information, including:
the electronic controller loads a core file from the first terminal.
And the electronic controller performs signature verification on the core file and the first target file.
And the electronic controller responds to the success of the verification of the nuclear file and the first target file, and determines the identity information.
In one implementation, the file loading method of the electronic controller of the embodiment of the present disclosure includes steps S101 to S104, and steps S1031 and S1032, where step S1032: the electronic controller obtains a first secret key from a target server according to the identity information, and the method comprises the following steps:
Step S10321: the electronic controller sends the identity information and the locally generated random number to the second terminal, so that the target server generates a first key by using a first preset algorithm according to the random number sent by the second terminal and a first preset password corresponding to the identity information.
Step S10322: the electronic controller obtains the first key from the target server through the second terminal.
According to the embodiment of the disclosure, it is to be noted that:
the locally generated random number can be understood as a character randomly generated by the electronic controller itself, and the random number can be a single character or a character string. Characters include, but are not limited to, numbers, letters, and the like.
The first preset password may be understood as a fixed key preconfigured by the electronic controller. Each electronic controller of the identity information may be configured with a dedicated first preset password. The first preset passwords are stored in the target server, are associated with the identity information, and can be obtained from the target server according to the identity information.
The first secret key is a secret key obtained by calculating the first preset algorithm by taking the random number and the first preset password as calculation parameters for the target server. Since the random number is varied, the first key calculated by the target server each time may be different.
The second terminal receives the identity information and the random number which are sent by the electronic controller and are generated locally, then the second terminal sends the identity information and the random number to the target server, and the target server calculates and obtains a first key by utilizing a first preset algorithm based on a first preset password and the random number which correspond to the identity information. And the target server sends the first key to the second terminal, and the second terminal sends the first key to the electronic controller.
According to the technology of the embodiment of the disclosure, the target server uses the random number provided by the electronic controller when calculating the first secret key, so that the first secret key acquired by the electronic controller each time is different, the information security of the secret key is further improved, and the possibility that other people crack to obtain the first secret key can be effectively prevented. Adding a random number as a seed is mainly to limit the validity period of the generated first key. And only if the first secret key sent to the electronic controller by the second terminal is matched with the second secret key local to the electronic controller, the second terminal has permission to start the use permission of the function mode corresponding to the first target file.
In one implementation, the file loading method of the electronic controller of the embodiment of the disclosure includes steps S101 to S104, step S1031 and step S1032, and step S10321 and step S10322, where step S104: the electronic controller, in response to the first key matching with the local second key, further includes, before authorizing the second terminal to start the use authority of the function mode corresponding to the first target file:
The electronic controller generates a second secret key according to the first preset algorithm, the random number and the local second preset password.
According to the embodiment of the disclosure, it is to be noted that:
the locally generated random number can be understood as a character randomly generated by the electronic controller itself, and the random number can be a single character or a character string. Characters include, but are not limited to, numbers, letters, and the like. It should be noted that the random number sent by the electronic controller to the target server to calculate the first key is the same as the random number used to calculate the second key locally.
The second preset password may be understood as a fixed key pre-configured by the electronic controller. Each electronic controller of the identity information may be configured with a dedicated second preset password. The second preset password is stored in the electronic controller.
The second secret key is a secret key obtained by the electronic controller through calculation by using the random number and the second preset password as calculation parameters and using the first preset algorithm. Since the random number is varied, the second key calculated by the target server each time may be different. However, since the first preset algorithm used by the electronic controller and the target server for the same calculation is the same and the random number used by the electronic controller and the target server is the same, when the first preset password is matched with the second preset password, the second key generated by the electronic controller is matched with the first key generated by the target server based on the same random number.
According to the technology of the embodiment of the disclosure, the electronic controller uses the random number when calculating the first secret key, so that the second secret key obtained by the electronic controller each time is different, the information security of the secret key is further improved, and the possibility that other people crack the second secret key can be effectively prevented.
In one implementation manner, a file loading method of an electronic controller according to an embodiment of the present disclosure includes:
the electronic controller loads a first target file from the first terminal in response to the abnormal event.
And the electronic controller responds to the success of the signature verification of the first target file, and determines the first current version information of the first target file.
And the electronic controller determines the first historical version information of the locally stored file corresponding to the first target file according to the first target file.
The electronic controller executes the first target file in response to the first current version information matching the first historical version information.
And the electronic controller responds to the login request of the second terminal to determine the identity information.
The electronic controller sends the identity information and the locally generated random number to the second terminal, so that the target server generates a first key by using a first preset algorithm according to the random number sent by the second terminal and a first preset password corresponding to the identity information.
The electronic controller obtains the first key from the target server through the second terminal.
The electronic controller generates a second secret key according to the first preset algorithm, the random number and the local second preset password.
And the electronic controller authorizes the second terminal to start the use authority of the functional mode corresponding to the first target file in response to the matching of the first key and the local second key.
According to the technology of the embodiment of the disclosure, by detecting the first current version information and the first historical version information, the anti-degradation protection of the electronic controller can be realized, and the situation that the first file acquired from the first terminal is a system file with a low version and the original high version of the system file of the electronic controller is written down is avoided. The possibility of malicious attack on the electronic controller is prevented by loading the low-version system file into the electronic controller from the outside. By matching the first current version information with the first historical version information, checking the signature of the first target file and matching the first key with the second key, the information security of the electronic controller loaded file is improved through triple authentication, the electronic controller can be started safely, and the possibility of malicious attack of the electronic controller is reduced. Only a legal authorizer (second terminal) can be ensured to enable the electronic controller to enter a corresponding functional mode, and the possibility that the electronic controller is maliciously attacked and utilized by other people is avoided. The security of the authentication of the second terminal is improved by using the random number to generate the second key locally in the electronic controller and to generate the first key at the target server and match.
In one implementation, the file loading method of the electronic controller of the embodiment of the present disclosure includes steps S101 to S104, and steps S1031 and S1032, where step S1032: the electronic controller obtains a first secret key from a target server according to the identity information, and the method comprises the following steps:
step S10323: and the electronic controller sends the identity information to the second terminal so that the target server generates a first key according to a first preset password corresponding to the identity information sent by the second terminal.
Step S10324: the electronic controller obtains the first key from the target server through the second terminal.
According to the embodiment of the disclosure, it is to be noted that:
the first key may be a first preset password, and the first key may also be generated based on the first preset password.
The first preset password may be understood as a fixed key preconfigured by the electronic controller. Each electronic controller of the identity information may be configured with a dedicated first preset password. The first preset passwords are stored in the target server, are associated with the identity information, and can be obtained from the target server according to the identity information.
The second terminal receives the identity information sent by the electronic controller, then the second terminal sends the identity information to the target server, and the target server obtains a first key based on a first preset password corresponding to the identity information. And the target server sends the first key to the second terminal, and the second terminal sends the first key to the electronic controller.
According to the technology of the embodiment of the disclosure, the electronic controller can realize one-machine one-key because the electronic controller is the first key acquired from the target server according to the identity information, and the exclusive and unique password of the electronic controller is ensured to be acquired from the target server. Since the electronic controller needs to acquire the first key from the trusted target server, others who want to attack the electronic controller maliciously cannot easily steal or decipher the first key. And only if the first secret key sent to the electronic controller by the second terminal is matched with the second secret key local to the electronic controller, the second terminal has permission to start the use permission of the function mode corresponding to the first target file.
In one implementation, the file loading method of the electronic controller of the embodiment of the disclosure includes steps S101 to S104, step S1031 and step S1032, and step S10323 and step S10324, where step S104: the electronic controller, in response to the first key matching with the local second key, further includes, before authorizing the second terminal to start the use authority of the function mode corresponding to the first target file:
and the electronic controller generates a second secret key according to the local second preset password.
According to the embodiment of the disclosure, it is to be noted that:
the second key may be a second preset password, and the second key may be generated based on the second preset password.
The second preset password may be understood as a fixed key pre-configured by the electronic controller. Each electronic controller of the identity information may be configured with a dedicated second preset password. The second preset password is stored in the electronic controller.
In one implementation manner, a file loading method of an electronic controller according to an embodiment of the present disclosure includes:
the electronic controller loads a first target file from the first terminal in response to the abnormal event.
And the electronic controller responds to the success of the signature verification of the first target file, and determines the first current version information of the first target file.
And the electronic controller determines the first historical version information of the locally stored file corresponding to the first target file according to the first target file.
The electronic controller executes the first target file in response to the first current version information matching the first historical version information.
And the electronic controller responds to the login request of the second terminal to determine the identity information.
And the electronic controller sends the identity information to the second terminal so that the target server generates a first key according to a first preset password corresponding to the identity information sent by the second terminal.
The electronic controller obtains the first key from the target server through the second terminal.
And the electronic controller generates a second secret key according to the local second preset password.
And the electronic controller authorizes the second terminal to start the use authority of the functional mode corresponding to the first target file in response to the matching of the first key and the local second key.
According to the technology of the embodiment of the disclosure, by detecting the first current version information and the first historical version information, the anti-degradation protection of the electronic controller can be realized, and the situation that the first file acquired from the first terminal is a system file with a low version and the original high version of the system file of the electronic controller is written down is avoided. The possibility of malicious attack on the electronic controller is prevented by loading the low-version system file into the electronic controller from the outside. By matching the first current version information with the first historical version information, checking the signature of the first target file and matching the first key with the second key, the information security of the electronic controller loaded file is improved through triple authentication, the electronic controller can be started safely, and the possibility of malicious attack of the electronic controller is reduced. Only a legal authorizer (second terminal) can be ensured to enable the electronic controller to enter a corresponding functional mode, and the possibility that the electronic controller is maliciously attacked and utilized by other people is avoided. The security of the authentication of the second terminal is improved by using the random number to generate the second key locally in the electronic controller and to generate the first key at the target server and match.
In one implementation manner, the file loading method of the electronic controller in the embodiment of the present disclosure includes steps S101 to S104, where step S104: the electronic controller, in response to the first key matching with the local second key, authorizes the second terminal to start the use authority of the function mode corresponding to the first target file, including:
the electronic controller determines a user level of the second terminal in response to the first key matching the local second key.
And authorizing the second terminal to start the use authority of the function mode corresponding to the first target file according to the user level.
According to the embodiment of the disclosure, it is to be noted that:
according to the different user levels, the user of each second terminal has different use rights to the running first target file. For example, if the user level is a root user, it may obtain the usage rights of all the functional modes of the first target file. If the user level is a normal user, only the usage rights of the partial function mode of the first target file can be obtained.
In one embodiment, as shown in fig. 4, the electronic controller is internally provided with a main chip (including M core and a core), an external storage device, a security chip, an OTP (One Time Programmable ) memory, and an OBD (On-Board Diagnostics, on-board diagnostics) interface. The OBD interface is connected with the upper computer through the Ethernet ETH. The upper computer is in communication connection with a trusted server (target server). The upper computer comprises an SSH (secure shell protocol ) client and a TFTP (Trivial File Transfer Protocol, simple file transfer protocol) Server. The first terminal and the second terminal are the same terminal, and the upper computer is the second terminal.
Wherein the external storage device has stored therein a second object file including, but not limited to, a bootloader and an application. And the external storage device utilizes the signature verification public key in the security chip to verify the signature of the boot loader, and when any one of the three signature verification fails, the electronic controller is determined to generate an abnormal event. The external storage device performs version verification on the boot loader by using version number information (version information) in the security chip, and when version matching fails, it is determined that the electronic controller generates an abnormal event.
The electronic controller obtains a first target file (Emergency Linux) and a kernel file (kernel) from a TFTP Server of the upper computer through an OBD interface. And the first target file and the core file are checked by using a U-Boot (Universal Boot Loader, general Boot loader) in the Boot loader. And the U-Boot determines whether the first current version information and the first historical version information of the first file are matched.
The U-Boot obtains a login password (second key) from the security chip, and communicates with an SSH client of the upper computer through an SSH server of the A core, so that the upper computer is utilized to obtain the login password (first key) from the trusted server.
And loading the running core file and the first target file in the core A under the condition that the first key is matched with the second key, the first current version information is matched with the first historical version information and the first target file passes the verification. The first object file may implement an emergency swipe application function and a diagnostic application function of the electronic controller.
When the ECU fails to start the application or a possible malicious attack is detected, the ECU will enter a Recovery mode, the boot starts a U-boot, which will attempt to load Recovery Linux, for example, by TFTP. Once the file is successfully loaded into the corresponding Recovery Linux file, the U-boot performs signature verification on the file, and the file can be operated in the A core only after the signature verification passes. Then if the user wants to use the Recovery Linux to perform Recovery brushing or fault diagnosis, the precondition is that a one-machine-one-secret password of the ECU is found to log in with root (root user) identity. Meanwhile, in order to prevent security holes of the Recovery Linux of the old version, the vulnerable version can be utilized by an attacker, and anti-degradation protection is designed, namely, the latest version U-boot writes the version number of the Recovery Linux into the chip OTP, reads the version number in a Recovery mode, and compares the received version numbers of the Recovery Linux to prevent the system of the bottom version from being operated. Because Linux login is designed in a one-machine-one-password mode, in order to compare that each Linux is compiled into different files, independent signatures are needed, so that a one-machine-password key is injected into a security chip in advance when leaving a factory, and the security chip is used for authenticating a user during login, so that the same ECU (electronic control unit) where the Linux is located can be ensured, and the same signature can be used.
As shown in fig. 5, an embodiment of the present disclosure provides an authorized use device after file loading of an electronic controller, including:
and the loading module 510 is used for the electronic controller to load the first target file from the first terminal in response to the abnormal event.
The execution module 520 is configured to execute the first target file by the electronic controller in response to the first target file verifying.
An obtaining module 530, configured to obtain, by the electronic controller, the first key from the target server through the second terminal. And
And the authorization module 540 is configured to, in response to the first key matching the local second key, authorize the second terminal to start the use authority of the function mode corresponding to the first target file.
In one embodiment, the loading module 510 includes:
and the electronic controller responds to the abnormal event and receives a user instruction sent by the second terminal, and loads the first target file from the first terminal.
In one embodiment, execution module 520:
and the electronic controller responds to the success of the signature verification of the first target file, and determines the first current version information of the first target file.
And the electronic controller determines the first historical version information of the locally stored file corresponding to the first target file according to the first target file.
The electronic controller executes the first target file in response to the first current version information matching the first historical version information.
In one embodiment, the acquisition module 530 includes:
and the electronic controller responds to the login request of the second terminal to determine the identity information.
The electronic controller obtains a first key from the target server according to the identity information.
In one embodiment, the electronic controller obtains a first key from the target server based on the identity information, including:
the electronic controller sends the identity information and the locally generated random number to the second terminal, so that the target server generates a first key by using a first preset algorithm according to the random number sent by the second terminal and a first preset password corresponding to the identity information.
The electronic controller obtains the first key from the target server through the second terminal.
In one embodiment, the electronic controller obtains a first key from the target server based on the identity information, including:
and the electronic controller sends the identity information to the second terminal so that the target server generates a first key according to a first preset password corresponding to the identity information sent by the second terminal.
The electronic controller obtains the first key from the target server through the second terminal.
In one embodiment, before the electronic controller authorizes the second terminal to start the use authority of the function mode corresponding to the first target file in response to the first key matching the local second key, the electronic controller further includes:
the electronic controller generates a second secret key according to the first preset algorithm, the random number and the local second preset password.
In one embodiment, before the electronic controller authorizes the second terminal to start the use authority of the function mode corresponding to the first target file in response to the first key matching the local second key, the electronic controller further includes:
and the electronic controller generates a second secret key according to the local second preset password.
In one embodiment, the matching module includes:
the electronic controller determines a user level of the second terminal in response to the first key matching the local second key.
And authorizing the second terminal to start the use authority of the function mode corresponding to the first target file according to the user level.
In one embodiment, before the electronic controller loads the first target file from the first terminal in response to the abnormal event, the electronic controller further includes:
and the electronic controller performs signature verification on the local second target file.
And the electronic controller responds to the verification failure of the second target file, and determines that an abnormal event is generated.
In one embodiment, before the electronic controller loads the first target file from the first terminal in response to the abnormal event, the electronic controller further includes:
the electronic controller determines second current version information of the local second target file.
The electronic controller determines second historical version information of a locally stored second target file.
The electronic controller determines to generate an exception event in response to the second current version information not matching the second historical version information.
For descriptions of specific functions and examples of each module and sub-module of the apparatus in the embodiments of the present disclosure, reference may be made to the related descriptions of corresponding steps in the foregoing method embodiments, which are not repeated herein.
In the technical scheme of the disclosure, the acquisition, storage, application and the like of the related user personal information all conform to the regulations of related laws and regulations, and the public sequence is not violated.
Fig. 6 is a block diagram of an electronic device according to an embodiment of the present disclosure. As shown in fig. 6, the electronic device includes: a memory 610 and a processor 620, the memory 610 storing a computer program executable on the processor 620. The number of memory 610 and processors 620 may be one or more. The memory 610 may store one or more computer programs that, when executed by the electronic device, cause the electronic device to perform the methods provided by the method embodiments described above. The electronic device may further include: the communication interface 630 is used for communicating with external devices for data interactive transmission.
If the memory 610, the processor 620, and the communication interface 630 are implemented independently, the memory 610, the processor 620, and the communication interface 630 may be connected to each other and perform communication with each other through buses. The bus may be an industry standard architecture (Industry Standard Architecture, ISA) bus, an external device interconnect (Peripheral Component Interconnect, PCI) bus, or an extended industry standard architecture (Extended Industry Standard Architecture, EISA) bus, among others. The bus may be classified as an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in fig. 6, but not only one bus or one type of bus.
Alternatively, in a specific implementation, if the memory 610, the processor 620, and the communication interface 630 are integrated on a chip, the memory 610, the processor 620, and the communication interface 630 may communicate with each other through internal interfaces.
It should be appreciated that the processor may be a central processing unit (Central Processing Unit, CPU), but may also be other general purpose processors, digital signal processors (Digital Signal Processing, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), field programmable gate arrays (Field Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. A general purpose processor may be a microprocessor or any conventional processor or the like. It is noted that the processor may be a processor supporting an advanced reduced instruction set machine (Advanced RISC Machines, ARM) architecture.
Further, optionally, the memory may include a read-only memory and a random access memory, and may further include a nonvolatile random access memory. The memory may be volatile memory or nonvolatile memory, or may include both volatile and nonvolatile memory. The nonvolatile Memory may include Read-Only Memory (ROM), programmable ROM (PROM), erasable Programmable ROM (EPROM), electrically Erasable EPROM (EEPROM), or flash Memory, among others. Volatile memory can include random access memory (Random Access Memory, RAM), which acts as external cache memory. By way of example, and not limitation, many forms of RAM are available. For example, static RAM (SRAM), dynamic RAM (Dynamic Random Access Memory, DRAM), synchronous DRAM (SDRAM), double Data rate Synchronous DRAM (DDR SDRAM), enhanced SDRAM (ESDRAM), synchronous DRAM (SLDRAM), and Direct RAMBUS RAM (DR RAM).
In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When the computer instructions are loaded and executed on a computer, the processes or functions in accordance with embodiments of the present disclosure are produced in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in or transmitted from one computer-readable storage medium to another, for example, by wired (e.g., coaxial cable, fiber optic, data subscriber line (Digital Subscriber Line, DSL)), or wireless (e.g., infrared, bluetooth, microwave, etc.) means from one website, computer, server, or data center. Computer readable storage media can be any available media that can be accessed by a computer or data storage devices, such as servers, data centers, etc., that contain an integration of one or more of the available media. Usable media may be magnetic media (e.g., floppy disks, hard disks, magnetic tapes), optical media (e.g., digital versatile discs (Digital Versatile Disc, DVDs)), or semiconductor media (e.g., solid State Disks (SSDs)), etc. It is noted that the computer readable storage medium mentioned in the present disclosure may be a non-volatile storage medium, in other words, may be a non-transitory storage medium.
It will be understood by those skilled in the art that all or part of the steps for implementing the above embodiments may be implemented by hardware, or may be implemented by a program for instructing relevant hardware, where the program may be stored in a computer readable storage medium, and the storage medium may be a read-only memory, a magnetic disk or an optical disk, etc.
In the description of embodiments of the present disclosure, a description of reference to the terms "one embodiment," "some embodiments," "examples," "particular examples," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the present disclosure. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, the different embodiments or examples described in this specification and the features of the different embodiments or examples may be combined and combined by those skilled in the art without contradiction.
In the description of the embodiments of the present disclosure, unless otherwise indicated, "/" means or, for example, a/B may represent a or B. "and/or" herein is merely an association relationship describing an association object, and means that three relationships may exist, for example, a and/or B may mean: a exists alone, A and B exist together, and B exists alone.
In the description of the embodiments of the present disclosure, the terms "first," "second," and "second" are used for descriptive purposes only and are not to be construed as indicating or implying a relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include one or more such feature. In the description of the embodiments of the present disclosure, unless otherwise indicated, the meaning of "a plurality" is two or more.
The foregoing description of the exemplary embodiments of the present disclosure is not intended to limit the present disclosure, but rather, any modifications, equivalents, improvements, etc. that fall within the spirit and principles of the present disclosure are intended to be included within the scope of the present disclosure.
Claims (14)
1. An authorized use method of an electronic controller after file loading, comprising the following steps:
the electronic controller responds to an abnormal event and loads a first target file from a first terminal;
the electronic controller responds to the success of the signature verification of the first target file and executes the first target file;
the electronic controller acquires a first secret key from a target server through a second terminal; and
and the electronic controller authorizes the second terminal to start the use authority of the function mode corresponding to the first target file in response to the matching of the first key and the local second key.
2. The method of claim 1, wherein the electronic controller loading the first object file from the first terminal in response to the exception event comprises:
and the electronic controller responds to the abnormal event and receives a user instruction sent by the second terminal, and loads the first target file from the first terminal.
3. The method of claim 1, wherein the electronic controller executing the first target file in response to the first target file verifying success comprises:
the electronic controller responds to the success of the signature verification of the first target file, and determines first current version information of the first target file;
the electronic controller determines first historical version information of a file corresponding to the first target file which is stored locally according to the first target file;
the electronic controller executes the first target file in response to the first current version information matching the first historical version information.
4. The method of claim 1, wherein the electronic controller obtaining, by the second terminal, the first key from the target server, comprising:
the electronic controller responds to a login request of the second terminal to determine identity information;
And the electronic controller acquires the first secret key from the target server according to the identity information.
5. The method of claim 4, wherein the electronic controller obtaining the first key from the target server based on the identity information, comprises:
the electronic controller sends the identity information and the locally generated random number to the second terminal, so that the target server generates a first key by using a first preset algorithm according to the random number sent by the second terminal and a first preset password corresponding to the identity information;
the electronic controller obtains the first key from the target server through the second terminal.
6. The method of claim 4, wherein the electronic controller obtaining the first key from the target server based on the identity information, comprises:
the electronic controller sends the identity information to the second terminal so that the target server generates a first key according to a first preset password corresponding to the identity information sent by the second terminal;
the electronic controller obtains the first key from the target server through the second terminal.
7. The method of claim 5, wherein the electronic controller, in response to the first key matching a local second key, further comprises, before authorizing the second terminal to initiate the use authority of the functional mode corresponding to the first target file:
and the electronic controller generates a second secret key according to the first preset algorithm, the random number and a local second preset password.
8. The method of claim 6, wherein the electronic controller, in response to the first key matching a local second key, further comprises, before authorizing the second terminal to initiate the use authority of the functional mode corresponding to the first target file:
and the electronic controller generates a second secret key according to the local second preset password.
9. The method of claim 1, wherein the electronic controller, in response to the first key matching a local second key, authorizes the second terminal to initiate use of a functional mode corresponding to the first target file, comprising:
the electronic controller determining a user level of the second terminal in response to the first key matching a local second key;
And authorizing the second terminal to start the use permission of the function mode corresponding to the first target file according to the user level.
10. The method according to any one of claims 1 to 9, wherein, in response to an exception event, the electronic controller, prior to loading the first target file from the first terminal, further comprises:
the electronic controller performs signature verification on the local second target file;
and the electronic controller responds to the verification failure of the second target file and determines that an abnormal event is generated.
11. The method according to any one of claims 1 to 9, wherein, in response to an exception event, the electronic controller, prior to loading the first target file from the first terminal, further comprises:
the electronic controller determines second current version information of a local second target file;
the electronic controller determines second historical version information of the second target file stored locally;
the electronic controller determines to generate an exception event in response to the second current version information not matching the second historical version information.
12. An authorized use device of an electronic controller after file loading, comprising:
the loading module is used for responding to the abnormal event by the electronic controller and loading the first target file from the first terminal;
The execution module is used for responding to the success of the signature verification of the first target file by the electronic controller and executing the first target file;
the acquisition module is used for acquiring a first secret key from a target server through the second terminal by the electronic controller; and
and the authorization module is used for responding to the matching of the first key and the local second key by the electronic controller and authorizing the second terminal to start the use authority of the function mode corresponding to the first target file.
13. An electronic device, comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1 to 11.
14. A non-transitory computer readable storage medium storing computer instructions for causing the computer to perform the method of any one of claims 1 to 11.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311444138.6A CN117494197A (en) | 2023-11-01 | 2023-11-01 | Authorized use method and device for electronic controller after file loading |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311444138.6A CN117494197A (en) | 2023-11-01 | 2023-11-01 | Authorized use method and device for electronic controller after file loading |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117494197A true CN117494197A (en) | 2024-02-02 |
Family
ID=89675705
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311444138.6A Pending CN117494197A (en) | 2023-11-01 | 2023-11-01 | Authorized use method and device for electronic controller after file loading |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117494197A (en) |
-
2023
- 2023-11-01 CN CN202311444138.6A patent/CN117494197A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106855814B (en) | System and method for managing BIOS settings | |
| CN109446815B (en) | Management method and device for basic input/output system firmware and server | |
| US5444850A (en) | Method and apparatus for controlling network and workstation access prior to workstation boot | |
| US20090193211A1 (en) | Software authentication for computer systems | |
| US9514294B1 (en) | Accessing a computing resource | |
| JP6949064B2 (en) | Authentication and approval method and authentication server | |
| JP5373062B2 (en) | System and method for providing system management commands | |
| CN111131307B (en) | Method and system for controlling access authority | |
| CN107832616B (en) | Computer pre-boot security verification, enforcement and repair | |
| US9262631B2 (en) | Embedded device and control method thereof | |
| US10742412B2 (en) | Separate cryptographic keys for multiple modes | |
| US20170180139A1 (en) | Key revocation | |
| CN111625263A (en) | Server component firmware updating method | |
| CN111177709A (en) | Execution method and device of terminal trusted component and computer equipment | |
| CN118051919B (en) | Data processing method, chip, electronic device and storage medium | |
| JP2019185575A (en) | Controller and control method | |
| CN113226858A (en) | Information processing apparatus | |
| CN112613011B (en) | USB flash disk system authentication method and device, electronic equipment and storage medium | |
| US20210011734A1 (en) | Industrial internet of things gateway boot methods | |
| KR20170066231A (en) | Computer system and operating method therefor | |
| CN116032484A (en) | Method and device for safely starting communication equipment and electronic equipment | |
| CN117494197A (en) | Authorized use method and device for electronic controller after file loading | |
| CN109582454A (en) | Permission releasing control method, device and equipment in a kind of distributed storage cluster | |
| JP2023066353A (en) | Method and system for avoiding boot failure from platform firmware resilience execution | |
| CN114329444A (en) | System safety improving method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |