KR102132901B1 - Firmware packaging and unpackaging methods - Google Patents

Abstract

The present invention relates to a firmware packaging and unpacking method, and more particularly, to a firmware update method using a low power wireless network implemented to enable wirelessly updating a terminal mounted on a vehicle such as navigation using a low power wireless network. will be.

Description

Firmware packaging and unpackaging methods

The present invention relates to a firmware packaging and unpacking method, and more particularly, to a firmware update method using a low power wireless network implemented to enable wirelessly updating a terminal mounted on a vehicle such as navigation using a low power wireless network. will be.

2. Description of the Related Art With the development of wireless communication technology, terminals having various services and functions for user convenience have been provided. Due to the addition of various services and functions, the probability that many bugs also occur in the software mounted on the mobile terminal increases, and the demand for adding new functions is gradually increasing after the release of the mobile terminal.

Accordingly, FOTA (Firmware Over The Air), a solution to automatically upgrade the firmware of a mobile terminal wirelessly, was developed. Here, the firmware generally refers to a micro-program that controls the hardware stored in ROM, and in terms of the program, it is the same as the software, but it is distinct from general application software in that it has a close relationship with the hardware. It has the characteristics of.

Referring to the standards related to FOTA established by the Open Mobile Alliance (OMA), an international mobile standardization organization, the process of performing FOTA service of the mobile terminal includes receiving a notification message from a device management (DM) server, and DM It includes a discovery process, a process of performing communication between a server and a mobile communication terminal, and a download process of an update package.

Therefore, the FOTA service has the advantage that the user can download the modified program of the mobile terminal wirelessly and update immediately without visiting the A/S center.

On the other hand, M2M (Machine to Machine) is a remote management and control solution that supports communication between machines by interlocking M2M modules and devices using a wired/wireless communication method for serial user traffic data on a general wired/wireless network. In addition, various program updates such as NV (Non Volatile) setting values, firmware, drivers, and application applications are required due to performance improvement, error correction, etc. of the M2M module and devices connected thereto. However, even if each program is updated, an error occurs or an improved service cannot be used when one is not updated by managing each update program for each version.

Korean Registered Patent No. 10-1541112 Korean Patent Publication No. 10-2009-0004715

One aspect of the present invention provides a firmware update method using a low power wireless network implemented to wirelessly upgrade the firmware of a terminal mounted on a vehicle such as navigation using a low power wireless network.

In addition, it provides a firmware update method using a low-power wireless network implemented to receive and transmit firmware provided by a manufacturer even though the performance of the target device for FOTA (Firmware Over The Air) is not excellent by dividing the firmware file into a plurality of files.

The technical problems of the present invention are not limited to the technical problems mentioned above, and other technical problems not mentioned will be clearly understood by those skilled in the art from the following description.

A method for packaging and unpacking firmware according to an embodiment of the present invention includes: a download server dividing the firmware input from a manufacturer server into a plurality of blocks; And encrypting the divided blocks by the download server, and the divided blocks in the dividing step are first blocks including a firmware name and a firmware version, and are arranged in order after the first blocks, followed by firmware. Consisting of a plurality of firmware blocks, each of which is partially allocated to form one firmware data as a whole, and a last block disposed after the last firmware block to signal the end of packaging, and the encrypting step includes headering the firmware block. It is divided into (Header) and Body (Body), and in the header, the output value when the firmware data is input as the hash function or the output value when the firmware data is the input of the hash function is signed. And input the encrypted value of the firmware data into the body.

In one embodiment, after a target terminal communicating with the download server decodes the first block, reads whether a firmware update of the target terminal is necessary through an info value (info) included in the first block, and updates the firmware A version checking step of comparing the info value with which the sine and hash are canceled and the info value previously included in the first block if is necessary; And when the version check is completed in the version checking step, after downloading and decrypting the firmware blocks, the hash value of the unlocked firmware data and the hash value of the firmware data previously included in the firmware block are determined. In the same case, the data merging step includes merging the divided pieces of firmware data.

A firmware update method using a low-power wireless network according to an embodiment of the present invention includes: a terminal registration step of receiving and registering terminal information of a target terminal targeted for firmware update from an update manager server; A firmware version checking step of checking firmware version information of the target terminal using a low-power wireless network in a platform that manages firmware update of the target terminal; A firmware packaging step of receiving update firmware from the manufacturer server from the download server and packaging it for transmission to the target terminal; A firmware download step of downloading the packaged firmware from the download server from the target terminal through a low power wireless network; And a firmware update step of unpacking the firmware packaged in the target terminal to perform a firmware update.

In one embodiment, the terminal registration step comprises: the update manager server receiving and registering manufacturer information of the target terminal and vehicle terminal information on which the target terminal is installed from the manufacturer server; Storing manufacturer information and vehicle terminal information on which the update manager server is registered in a database; The platform receiving and registering manufacturer information and vehicle terminal information from the update manager server; Receiving, by the update manager server, a token that is a unique ID corresponding to vehicle terminal information from the platform; Transmitting the token received from the update manager server to the manufacturer server; And receiving, by the target terminal, a token from the manufacturer server, wherein the firmware version checking step comprises: the target terminal periodically transmitting its firmware version information to the platform; And checking, by the update manager server, firmware version information of the target terminal transmitted to the platform, wherein the firmware packaging step comprises: the download server receiving firmware from the manufacturer server; Packaging the firmware received by the download server to generate transmission firmware to which division and security are applied; Storing the transmission firmware generated by the download server in a database; Uploading a firmware download directory (URL) of the transmission firmware generated by the download server to the update manager server; Generating, by the update manager server, a firmware update notification; Delivering the firmware update notification generated by the update manager server to the platform; Transmitting a firmware update notification received from the platform to the target terminal; And transmitting, by the update manager server, a result of sending a firmware update notification to the manufacturer server, wherein the firmware download step comprises: the target terminal downloading the firmware for transmission from the download server; Transmitting, by the target terminal, a download result to the platform; Checking, by the update manager server, a download result through the platform; And transmitting, by the update manager server, the download result to the manufacturer server, wherein the firmware update step comprises: preparing a firmware update by unpackaging the receiving firmware received by the target terminal; When the preparation of the update is completed, the target terminal performing a firmware update; Transmitting, by the target terminal, the result of the firmware update to the platform; Checking, by the update manager server, a result of firmware update through the platform; And sending, by the update manager server, the result of the firmware update to the manufacturer server.

In one embodiment, the step of generating the firmware for transmission includes: dividing the firmware input from the manufacturer server into a plurality of blocks; And encrypting the divided blocks, wherein the divided blocks in the dividing step are first blocks including a firmware name and a firmware version, and are arranged in order after the first blocks, and a part of the firmware data is Consisting of a plurality of firmware blocks, each allocated and forming a single firmware data as a whole, and a last block disposed after the last firmware block to signal the end of packaging, and the encrypting step comprises the step of encrypting the firmware block with a header. It is divided into a body, and in the header, a sine value (Sign) is substituted for the output value when the firmware data is the input of the hash function or the output value when the firmware data is the input of the hash function, In the body, an encrypted data value may be used as an input.

In one embodiment, the step of preparing the update, after decoding the first block, reads whether the firmware update of the target terminal is necessary through the info value (info) included in the first block, and the firmware update is required A version checking step of comparing the info value in which the sine and the hash are released and the info value previously included in the first block; And when the version check is completed in the version checking step, after downloading and decrypting the firmware blocks, comparing the hash value of the unlocked firmware data with the hash value of the firmware data previously included in the firmware block. And a data merging step of merging the divided pieces of firmware data, and performing the firmware update may perform firmware update using the merged firmware data when decoding of the last block is completed.

According to one aspect of the present invention described above, by allowing the firmware update to be performed using a low-power wireless network, by dividing the firmware provided by the manufacturer and transmitting to the FOTA target terminal, the low-power wireless network situation, or FOTA target terminal Even if its performance is not excellent, it is possible to receive the firmware provided by the manufacturer without any burden.

1 is a view for explaining the relationship between an update manager server, a download server, a platform, a target terminal, and a manufacturer server.
2 is a flowchart illustrating a firmware update method using a low power wireless network according to an embodiment of the present invention.
FIG. 3 is a flowchart illustrating the terminal registration step of FIG. 2.
FIG. 4 is a flowchart illustrating the firmware version checking step of FIG. 2.
5 is a flowchart illustrating the firmware packaging step of FIG. 2.
FIG. 6 is a diagram illustrating generation of transmission firmware to which division and security are applied by generating the transmission firmware of FIG. 5.
FIG. 7 is a flowchart illustrating the firmware download step of FIG. 2.
8 is a flowchart illustrating the firmware update step of FIG. 2.

For a detailed description of the present invention, which will be described later, reference is made to the accompanying drawings that illustrate, by way of example, specific embodiments in which the present invention may be practiced. These examples are described in detail enough to enable those skilled in the art to practice the present invention. It should be understood that the various embodiments of the invention are different, but need not be mutually exclusive. For example, certain shapes, structures, and properties described herein may be implemented in other embodiments without departing from the spirit and scope of the invention in connection with one embodiment. In addition, it should be understood that the location or placement of individual components within each disclosed embodiment can be changed without departing from the spirit and scope of the invention. Therefore, the following detailed description is not intended to be taken in a limiting sense, and the scope of the present invention, if appropriately described, is limited only by the appended claims, along with all ranges equivalent to those claimed. Like reference numerals in the drawings refer to the same or similar functions throughout the several aspects.

Hereinafter, preferred embodiments of the present invention will be described in more detail with reference to the drawings.

1 is a view for explaining the relationship between the manager server, the download server, the platform, the target terminal and the manufacturer server of the updated invention.

In FIG. 1, a network is a low-power wireless network, and LTE Cat m.1 may correspond to this.

A method for packaging and unpacking firmware according to an embodiment of the present invention includes: a download server dividing the firmware input from a manufacturer server into a plurality of blocks; And encrypting the divided blocks by the download server, and the divided blocks in the dividing step are first blocks including a firmware name and a firmware version, and are arranged in order after the first blocks, followed by firmware. Consisting of a plurality of firmware blocks, each of which is partially allocated to form one firmware data as a whole, and a last block disposed after the last firmware block to signal the end of packaging, and the encrypting step includes headering the firmware block. It is divided into (Header) and Body (Body), and in the header, the output value when the firmware data is input as the hash function or the output value when the firmware data is the input of the hash function is signed. And input the encrypted value of the firmware data into the body.

In one embodiment, after a target terminal communicating with the download server decodes the first block, reads whether a firmware update of the target terminal is necessary through an info value (info) included in the first block, and updates the firmware A version checking step of comparing the info value with which the sine and hash are canceled and the info value previously included in the first block if is necessary; And when the version check is completed in the version checking step, after downloading and decrypting the firmware blocks, the hash value of the unlocked firmware data and the hash value of the firmware data previously included in the firmware block are determined. In the same case, the data merging step includes merging the divided pieces of firmware data.

It is obvious that the firmware packaging and unpackaging methods can correspond to the steps of generating the firmware for transmission of the firmware update method using a low-power wireless network and preparing the update.

2 is a diagram illustrating a firmware update method using a low power wireless network according to an embodiment of the present invention.

Referring to Figure 2, the firmware update method using a low-power wireless network according to an embodiment of the present invention, first, the update manager server 100, the terminal information of the target terminal 400 to be the target of the firmware update from the manufacturer server ( 500) and registers (S110).

Here, the target terminal 400 is a device that is mounted on a vehicle, such as a navigation device, and is a device that requires regular or irregular firmware update, for example, a V2X (vehicle to everything) information device of a smart car And so on.

Accordingly, the target terminal 400 is a communication function (for example, Cat m.1), F/W download client manager, update authentication, terminal authentication, Secure FOTA unpackaging API, Core Crypto, and functions such as a boot loader Will have to do

Referring to FIG. 3, in the terminal registration step (S110 ), the update manager server 100 displays manufacturer information of the target terminal 400 and vehicle terminal information (ie, model information) on which the target terminal 400 is installed, from the manufacturer server ( 500) receiving and registering (S111), the step of storing the manufacturer information and vehicle terminal information in which the update manager server 100 is registered in the database (S112), the platform 300 is the manufacturer from the update manager server 100 Step S113 of receiving and registering information and vehicle terminal information, step S114 in which the update manager server 100 receives a token, which is a unique ID corresponding to the vehicle terminal information, from the platform 300 (S114), update manager server 100 ) May include transmitting the token received from the manufacturer server 500 (S115) and the target terminal 400 receiving a token from the manufacturer server 500 (S116 ).

The platform 300 that manages the firmware update of the target terminal 400 checks the firmware version information of the target terminal 400 using a low power wireless network (for example, LTE Cat.M1) (S120).

At this time, the platform 300 may transmit and receive data through the update manager server 100 and the REST (Representational State ransfer) API.

Referring to FIG. 4, in the firmware version checking step (S120 ), first, the target terminal 400 periodically performs the step (S121) of transmitting its firmware version information to the platform 300.

In one embodiment, the target terminal 400 is transmitted to the platform 300 in addition to the firmware version information, as shown in Table 1 below.

In Table 1, the period report and the attribute report are information that the target terminal 400 transmits to the platform 300, and the period report is information that reports at regular intervals of minutes or more. Specifically, the period report is about once every 5 minutes. Information to be reported, and attribute reporting is information that is reported about once every 24 hours. At this time, the firmware version information transmitted by the target terminal 400 to the platform 300 is being reported in the attribute "attfwVer, string, firmware version "to be.

After the above-described step S121, the update manager server 100 performs a step (S122) of checking the firmware version information of the target terminal 400 transmitted to the platform 300 in the above-described step S121.

The download server 200 receives update firmware from the manufacturer server 500 and packages it for transmission to the target terminal 400 (S130).

Referring to FIG. 5, in the firmware packaging step (S130 ), the download server 200 receives the firmware input from the manufacturer server 500 (S131 ), and the download server 200 packages the received firmware (here, transmission) Packaging to generate the firmware for the firmware means that the firmware file is divided and applied by partitioning (S132), and the download server 200 generates the generated firmware for transmission. Storing in the database (S133), uploading the firmware download directory (URL) of the firmware for transmission generated by the download server 200 to the update manager server 100 (S134), and the update manager server 100 Step (S135) for generating a firmware update notification (Notice), step (S136) for delivering the firmware update notification generated by the update manager server 100 to the platform 300 (S136), and the firmware update notification received by the platform 300 The step of transmitting to the target terminal 400 (S137) and the update manager server 100 may include the step of transmitting the firmware update notification transmission result to the manufacturer server 500 (S137).

At this time, the information included in the firmware update notification transmitted from the platform 300 to the target terminal 400 is shown in Table 2 below.

In Table 2, the FOTA address is a URL generated in step S132 of generating the above-described firmware, and the number of firmware files means the number of divided files.

Conventionally, the firmware of a terminal targeted for FOTA is updated by wire, but in the present invention, a target is targeted for a low-performance FOTA in order to perform an update using a low power wireless network and implement the system itself at a low cost.

Accordingly, by the firmware packaging step (S130) according to the present invention, even if the performance of the low-power situation or the target terminal 400 of the FOTA is not excellent, it is possible to transmit the firmware provided by the manufacturer without burden.

In one embodiment, the step of generating firmware for transmission (S132) may first divide the firmware input from the manufacturer server 500 into a plurality of blocks, and then encrypt the divided blocks.

Existing firmware for update includes Header (Header) and Encrypt (Firmware), including encryption (Sign (H (firmware))), firmware name, firmware version, and sign key (manufacturer's private key), encryption key (derivation from the Seed key value). As it is composed of an included body, it not only increases the transmission burden through the network, but also has a drawback that the load on the download and execution can be increased even as a terminal receiving it.

Accordingly, in the present invention, by dividing the firmware into a plurality of blocks and encrypting and transmitting each block, the firmware provided by the manufacturer is transmitted even though the performance of the target terminal 400 of the firmware over the air (FOTA) is not excellent. Can receive

Here, the blocks divided in the step of dividing in the step of generating firmware for transmission (S132) are arranged in the following order of the first block and the first block including the firmware name and the firmware version, and a part of the firmware data is respectively It may be composed of a plurality of firmware blocks allocated to form one firmware data as a whole and a last block disposed after the last firmware block to signal the end of packaging.

At this time, the size of each firmware block depends on the wireless network. Specifically, the size of the firmware block may be 4 KB.

Next, in the step of encrypting in step S132 of generating the firmware for transmission, the firmware block is divided into a header and a body, and in the header, an output value when firmware data is input as a hash function or When the firmware data is input as a hash function, a sine value (Sign) is substituted for the output value, and an encrypted value is input to the body.

That is, each firmware block is composed of one header and one body.

FIG. 6 is a diagram illustrating generation of transmission firmware to which division and security are applied by the step (S132) of generating the transmission firmware of FIG. 5.

)가 저장되고, 각각의 펌웨어 블록에는 "펌웨어 명칭", "펌웨어 데이터를 해쉬함수의 입력으로 했을 때의 출력값"과 "펌웨어 데이터를 해쉬함수의 입력으로 했을 때의 출력값을 입력으로 대입한 사인값(Sign)"가 암호화된 데이터(즉, Encrypted

내지 Encrypted

)가 저장되고, 라스트 불록에는 "H(F/W)"와 "Sign(H(FW))"가 암호화된 데이터(즉, Encrypted

)가 저장된다.Referring to FIG. 6, "info" and "Sign(H(Info))" are encrypted data (ie, Encrypted) in the first block.

) Is stored, and in each firmware block, "firmware name", "output value when the firmware data is input to the hash function" and "signal value substituted by the output value when the firmware data is input to the hash function"(Sign)" is encrypted data (ie, Encrypted

Encrypted

) Is stored, and in the last block, "H(F/W)" and "Sign(H(FW))" are encrypted data (ie, Encrypted

) Is saved.

Here, the "signal value (Sign) substituted with the output value when the firmware data is the input of the hash function" is optional, that is, the firmware block in the present invention hash the firmware and then signs the firmware Any hashing can be included.

The target terminal 400 downloads the firmware packaged from the download server 200 through a low power wireless network (for example, LTE Cat.M1) (S140).

Referring to FIG. 7, in the firmware downloading step (S140 ), the target terminal 400 downloads the firmware for transmission from the download server 200 (S141 ), and the target terminal 400 displays the download result on the platform 300. Step (S142), the update manager server 100 checks the download result through the platform 300 (S143) and the update manager server 100 transmits the download result to the manufacturer server 500 It may include (S144).

At this time, the firmware download is performed automatically when the remote procedure call (RPC) protocol is performed at a specific time, for example, at 4 AM on the next day of transmission, and the firmware download is performed when the vehicle has finished driving, if the download has not been completed normally. In case of this, ignore the previously downloaded file and start downloading the file again, but if the download fails more than 3 times, the issue is managed separately.

The firmware packaged in the target terminal 400 is unpackaged to perform a firmware update (S150).

Referring to FIG. 8, in the firmware update step (S150 ), the target terminal 400 unpacks the received reception firmware to prepare a firmware update (S151 ), and when the update preparation is completed, the target terminal 400 ) Step of performing a firmware update (S152), the target terminal 400 transmits the result of the firmware update to the platform (S153), the update manager server 100 updates the firmware through the platform 300 Checking the result of the step (S154) and the update manager server 100 may include the step of transmitting the result of the firmware update to the manufacturer server 500 (S155).

At this time, when the vehicle is turned off, it is checked whether or not the firmware is updated, and the update is performed. At the same time as the firmware is unpackaged, the unpackaged firmware is loaded into the memory.

In one embodiment, the step of preparing the update (S151), after decoding the first block, reads whether the firmware update of the target terminal 400 is necessary through the info value (info) included in the first block, and the firmware update If necessary, check the version that compares the info value that was previously included in the first block with the info value that has been released from the sign and hash, and when version verification is completed, download and decrypt the firmware blocks, and then download the decrypted firmware data. By comparing the hash value with the hash value of the firmware data previously included in the firmware block, each divided firmware data may be merged.

Then, in step S152 of performing a firmware update, when decoding for the last block is completed, the firmware update may be performed using the merged firmware data.

According to the present invention, each server, communication function (for example, Cat m.1) F/W upload manager, F/W service web-based UI, firmware management (version, F/W), Secure FOTA packaging API And Core Crypto.

The update manager server 100 performing the above-described functions may include a backup file distribution module (not shown in the drawing for convenience of description).

The backup file decentralization module generates important information such as user information or system information to be protected from external attacks such as hacking or ransomware as a backup file, and then the generated backup file is the primary backup file containing the same data. Creates and saves the secondary backup in turn, but stores the primary backup file and secondary backup file in different storage locations.

However, the creation of the backup file is not limited to the primary and secondary, and multiple backup files of the third or higher may be generated in consideration of the performance of the system.

In addition, the backup file decentralization module is set at a preset cycle (for example, once every 3 hours, which is basically a set cycle on the system, once every 5 hours, etc.), but is not limited to the set cycle, and is a cycle specified by the user. It can be set even if it is set) Change the storage location of the saved primary backup file and secondary backup file to a preset location on the system or a newly created location.

At this time, it is preferable that the moving location of the backup file is designated as a folder or a sub-folder generated according to an arbitrary random variable, not a location previously set or designated by a user on the system.

Accordingly, it is possible to predict the existence of a folder in which an attacking program such as hacking or ransomware is located, or the location of the folder where the file to be attacked is located, and to easily attack it, as well as to prevent customer information that should not be deleted. The same important data can be prevented from being accidentally deleted or modified by the user.

In the present invention, the primary backup file and the secondary backup file are files that contain data of the same contents, and there is no superiority between them, and the secondary backup after the primary backup file is moved even when the files are moved. The file may be moved, or the primary backup file may be moved after the secondary backup file is moved.

In one embodiment, when the intrusion is detected from the outside, the backup file distribution module continuously performs replication from previously generated primary backup files and secondary backup files to generate a plurality of sub backup files of each backup file. In addition, the generated multiple sub-backup files may also be individually stored in different locations created according to random variables.

Accordingly, by dividing and storing a plurality of backup files sporadically generated on the system in arbitrary places, necessary data, etc., can be obtained by using backup files sporadically present on the system even when some backup files are lost or deleted by an attack. Can be easily recovered.

Next, the backup file decentralization module permanently deletes, on the system, a file determined to be an attacked backup file among a plurality of backup files.

Accordingly, in the present invention, a normal function on a system may not be performed due to a hacking or ransomware attack, or a zombie program that may expose other files on the system to risk due to the attack. By deleting the file on the system in advance, it is possible to prevent the entire system from being attacked by some files.

In one embodiment, when the backup file decentralization module stores a backup file in a synchronization folder linked to a cloud service, when the backup file is stored in the corresponding synchronization folder and the stored backup file is uploaded on the cloud, the corresponding synchronization You can turn off synchronization for a folder.

For example, when the cloud service for user synchronization is referred to as "Dropbox", the function of the backup file decentralization module as described above is implemented using the "optional synchronization service" provided by "Dropbox".

That is, when the backup file decentralization module creates a "backup folder" on the system as a space for storing the backup file, the cloud service creates the newly created "backup folder" on the cloud as well.

Next, the backup file decentralization module will store the backup file in the corresponding folder, and accordingly, the backup file is also uploaded on the cloud.

Finally, when the upload of the corresponding backup file on the cloud is completed, the backup file decentralization module selectively releases only the synchronization for the "backup folder" used for uploading the backup file, and deletes the "backup folder" on the system.

In this case, instead of disabling synchronization for the entire system, by disabling synchronization for only the "backup folder" that was temporarily created for use in uploading backup files, a stable synchronization service with the cloud service is continuously performed. On the other hand, as the backup file is uploaded on the cloud and then deleted on the system, the backup file is safely stored on the cloud, and it is possible to fundamentally prevent continuous exposure to attacks that have infiltrated the system.

In one embodiment, the backup file decentralization module downloads a backup file that has been uploaded to the cloud service by re-synchronizing a folder that has released selective synchronization when it is the order to change the storage location of the backup file that has been uploaded on the cloud. Thereafter, the downloaded backup file may be moved to a newly created location according to random variables as described above.

The update manager server 100 having the above-described configuration may be implemented on a development environment management system (not shown in the drawings for convenience of description).

In the development environment, multiple developers use multiple development systems for software development, and each development system can develop and manage software components and software under the control of the developer. Each development system uses the Trusted Platform Module (TPM) standard technology, so that software components can be used only in licensed development systems. The Trust Platform Module (TPM) is a kind of security device, and can generate and manage a security key for data encryption.

The development environment management system can restrict the developer's authority to use the software component and perform security authentication for the development system used by the developer.

When the development environment management system receives a request for permission to create or modify a software component from the development system, the development environment management system may process permission message for creation or modification of the software component by checking authorization information of the corresponding development system.

Here, the software component is configured to include at least one of source code, a binary containing debugging information, a pure binary containing no debugging information, a document for detailed description of the code, and a process formula model for understanding the code. Can.

The permission information may include at least one of a read permission to read the software component, a storage permission to create and modify the software component, and a permission adjustment permission to adjust the permission information.

When a software component is generated or modified by any one development system that satisfies authority information, the development environment management system can store it and control it so that it can be shared with other development systems. This is because a module built by one development system may need to be used in another development system.

The development environment management system can build a database that stores the history of creation or modification of these software components. This is because it is possible to track how the value of a specific variable has changed step by step through history information, and also to understand how the specific variable has changed the value of any other variable.

Specifically, the development environment management system is the type of software component, whether the software component is created/modified, the date of creation/modification of the software component, the frequency of creation/modification of the software component, and the development that creates/modifies the software component. It is possible to generate history information including the system's authority information.

The development environment management system may assign an index to each generation of history information and store it in the history information database.

At this time, the development environment management system may build a history information database for each type of software component. That is, the development environment management system can build a history information database according to the importance of the software component, and the history information database of the software component corresponding to the highest importance type is a database update target for storage space management as described below. It may be excluded.

Alternatively, the development environment management system may build a history information database for each creation/modification date of the software component. For example, the development environment management system may build a history information database on a specific date, and exclude the history information database from the database update target.

Alternatively, the development environment management system may establish a history information database for each authority information. For example, the development environment management system constructs a database of the history information of the software component by the development system corresponding to the authority to adjust the authority information regarded as the highest authority information, and excludes the history information database from the database update target. I can do it.

As described above, the development environment management system may update the history information database for efficient storage space management.

Specifically, the development environment management system may update the history information database when the index of the history information database reaches a preset index.

For example, the development environment management system may divide the entire index of the history information database into three sections in ascending order.

The development environment management system may delete the history information corresponding to the section including the lowest index among the three sections without condition. The history information corresponding to the section can be regarded as a long time after the creation/modification date. Therefore, it is unlikely that the history information will be referenced again, so it can be deleted without conditions.

The development environment management system may update the history information corresponding to the middle section among the three sections by determining whether to delete or maintain it according to the type of software component. That is, the development environment management system can classify the importance according to the type of the software component, and maintains only the history information corresponding to the type of the software component having the highest importance among the history information corresponding to the middle section among the three sections and the remaining history The history information database can be updated by deleting all information.

Alternatively, the development environment management system may update the history information corresponding to the middle section among the three sections by determining whether to delete or maintain it according to the frequency of creation/modification of the software component. That is, the history information database may be updated by deleting all of the history information corresponding to the middle section among the three sections whose generation/modification frequency is higher than a preset reference frequency and maintaining the remaining history information.

Alternatively, the development environment management system may update the history information corresponding to the middle section among the three sections by determining whether to delete or maintain it according to the authority information of the development system. In other words, the history information, which is the authority to adjust the authority information of which the authority information is regarded as the highest authority information among the history information corresponding to the middle section among the three sections, is maintained, and all the remaining history information is deleted. The history information database can be updated.

The development environment management system can maintain history information corresponding to the section including the highest index among the three sections. The history information corresponding to the corresponding section can be regarded as a relatively recent creation/modification date, and thus it is highly likely that the history information will be referenced again, so that it can be maintained.

Some of the configurations of the update manager server 100 having the above-described configuration may be implemented by artificial intelligence, and may further include a decision reason presentation unit (not illustrated in the drawings for convenience of description).

The reason for decision making is not only to classify and predict the data given or input by the user, but also to analyze the causality of the decision to find an appropriate basis, and why the artificial intelligence suggests the result. Can be explained at the user level. By enabling reliable decision-making between the user and artificial intelligence through the decision reason presentation unit, feedback from the user can be appropriately reflected in case of problems or errors. In addition, by placing a decision-making reason presentation unit, it is possible to clarify the cause of why such a result is not clearly explained about the result of artificial intelligence, so that the distrust of the user's artificial intelligence can be solved. In the case of learning, it is possible to prevent the overfitting problem that the optimal solution in the region may be selected rather than the optimal solution from the overall perspective.

In one embodiment, the decision reason presentation unit may further include a model building module and a reason description interface module. The model building module may be implemented as an in-depth description learning module, an interpretable model generation module, and a model induction module.

The deep description learning module is a modified deep learning technology that enables deep neural networks to learn features that can be described. Nodes in the hidden layer can be trained to represent meaningful properties. For example, if you are learning a model that distinguishes the images of the arms and legs, each hidden node can be a finger or toenail, finger or toe, palm or sole. By learning to indicate the location, etc., when the model determines that an image is a hand, it is possible to know the basis of the judgment through an activated hidden node. The basis for this determination may also be expressed linguistically through a natural language generation model such as RNN (Recurrent Neural Network). RNN is a model of deep learning and is a kind of artificial neural network. It is used to learn data that changes over time, such as time series data. It uses input control vectors, oblivion vectors, and output control vectors to input and output data. Get In the input control vector, the input signal accepts the value after going through the connection layer with the activation function, and the oblivion vector serves to reflect a part of the past input into the current input. And the output control vector takes in the value using the activation function considering the past value and the modified input value. And the final result goes back to the input. Such a circulatory neural network is mainly used to classify document emotions or recognize handwriting, and may also be mainly used for speech recognition, time series prediction, or waveform generation. This is because input data can be processed in a proper order even if it has a fixed shape without order.

In addition, in one embodiment, the in-depth description learning module may visually display a portion based on an image. For example, when the artificial intelligence system categorizes a cat image, the existing system derives only whether or not the input image is a cat, but the in-depth learning module derives whether it is a cat, and uses the basis image (hair, whiskers, etc.) of the user. Can provide.

The interpretable model generation module can construct structured data into an interpretable causality model. According to an embodiment, a model generation module that can be interpreted may be built using Bayesian program learning (BPL), and BPL is a method of learning to express a combination of small pieces, for example, learning a model that generates letters. When you do, divide the letters into strokes to create the most reasonable combination of strokes. BPL can be imitated as if it is a human being without a large amount of data, and it is an evolution of the Neural Network, and when a new event is given, the probability value can be changed based on the event. That is, BPL is not a method of changing only the weights of virtual variables, but also includes creating other virtual variables in the middle. When a new environment is given, it is to understand the phenomenon in a different way.For example, if you throw a coin 100 times, and you get 60% of the front and 40 times of the back, you get 60% of the probability that the front will come out. It is a method of lowering the probability that the head will come out to 59.4%.

In addition, in one embodiment, the interpretable model generation module may be implemented through a stochastic approach. The stochastic approach can be learned with just a few samples, and is similar to learning that, for example, showing long and short chairs, there are also chairs of medium length. In other words, it is a technique of learning by filling in insufficient data by itself. Depending on the embodiment, the stochastic approach may include the ability to calibrate the probability and program itself through mathematical calculations.

In addition, in one embodiment, the interpretable model generation module may be implemented using And-Or-Graph. And-Or-Graph is an AND/OR graph, which shows the condition and conclusion relationship of rule and AND/OR relationship in a graph form. As the intermediate and final data derived by artificial intelligence are structured, the model decision process is logically It has the advantage of being easy to explain. That is, the graph is represented by the AND node and the OR node, and all the AND nodes must be processed, and only one OR node can be processed. Using the AND/OR graph, a set of rules interspersed with each other can be viewed as a structure, and the logical relationship between each sentence can be easily identified.

The model induction module can infer any black box model into a descriptive model. In one embodiment, the model induction module may be implemented with local interpretable model-agnostic explanations (LIME), which makes any black box model locally descriptive through sparse linear combinations around already descriptive data. Can. For example, if a black box model classifying an image determines that an image is a heart, a description of the heart of another model that can already be explained, that is, the pixel representing the heart is compared to a given image to determine which part is the heart. Can be presented.

In addition, in one embodiment, the model induction module may be implemented as bayesian rule lists (BRL) representing a model as a series of if-then conditional statements. BRL divides high-dimensional, multi-variable feature spaces into simple and already interpretable conditional statements to understand complex models.

The above-described in-depth description learning module, an interpretable model generation module, and a model induction module may be operated independently of each other or in combination with each other, and the implementation order thereof may also vary according to embodiments.

Next, the reason description interface module can express the description of the artificial intelligence decision in a way that the user can understand. Reason Description The interface module may include essential items such that the presented description is repetitive, includes all necessary descriptions, does not include unnecessary descriptions, and appropriate amounts. That is, the user can easily provide the user with the language, tables, images, graphs, formulas, etc., which process and reason the artificial intelligence produced the final result and what factors or data affected each step. .

In addition, the reason description interface module may receive a user's correction command. To this end, the reason description interface module may include corrections as essential items such that the explanation is flexible, respects user feedback, and watches for gradual change. The user can evaluate and develop the effectiveness of the reason description interface module by receiving feedback from the user about the clarity and utilization of the description.

In another embodiment, the decision reason presentation unit may be formed as a causal relationship model. The causal model can be formed by combining deep learning and a Markov random field. First, the probability distribution of the deep Markov random field model is modeled from the training data, and the structure of the Markov random field indicating conditional independence between random variables is learned. Deducing the latent function of the structured Markov random field into a deep neural network alleviates the problem that the number of parameters required for the latent function increases exponentially as the number of input variables increases. You can learn the relationship. According to an exemplary embodiment, after class classification problems are learned as attributes and supercategories as auxiliary tasks, linear expression can be combined at the output stage to enable effective expression. It can also include an interactive learning algorithm that allows a person to check whether a causal relationship has been correctly learned and give feedback to correct it.

In another embodiment, the decision reason presentation unit may be implemented as an analysis module. As a technique for regressing a time series function to multivariate Gaussian based on various kernels, the optimal kernel combination representing the kernel in a Gaussian process can be learned to explain given time series data based on the kernel combination found above. Furthermore, by learning a combination of a kernel that is commonly expressed even when there are multiple time series data and a kernel that expresses characteristics of each time series data, features that are common in multiple time series data can be described. By writing the combination of kernels found through the time series data analysis model in natural language, it is possible to explain to users the process of deriving the decision made by artificial intelligence and the reason in natural language.

Through this decision-making reason presentation, it is possible to explain the components involved in the decision-making process by visualizing and texting the AI decision-making process from the user's point of view, and at the same time analyzing the correlation of complex models and causing factors Can be divided into and result elements. In particular, it is created in the form of an automatic report that can be easily understood by the user, thereby providing not only a result of analyzing data, but also a reason, so that artificial intelligence can interact with humans more precisely.

The firmware update method using the low-power wireless network having the steps as described above allows the firmware update to be performed using the low-power wireless network, thereby dividing the firmware provided by the manufacturer and transmitting it to the FOTA target terminal, thereby reducing the power Even if the performance of the terminal under the FOTA or network conditions is not excellent, the firmware provided by the manufacturer can be transmitted without burden.

Although described above with reference to embodiments, those skilled in the art can variously modify and change the present invention without departing from the spirit and scope of the present invention as set forth in the claims below. You will understand.

100: update manager server
200: download server
300: platform
400: target terminal
500: manufacturer server

Claims (2)

A terminal registration step of receiving and registering terminal information of a target terminal, which is a target of firmware update, from an update manager server; A firmware version checking step of checking firmware version information of the target terminal by using a low-power wireless network in a platform for managing firmware update of the target terminal; A firmware packaging step of receiving update firmware from the manufacturer server from the download server and packaging it for transmission to the target terminal; A firmware download step of downloading the packaged firmware from the download server from the target terminal through a low power wireless network; And a firmware update step of unpacking the firmware packaged in the target terminal to perform a firmware update. In the firmware update method using a low power wireless network,
The download server receiving firmware from the manufacturer server; Packaging the firmware received by the download server to generate transmission firmware with segmentation and security applied; Storing, by the download server, the generated firmware for transmission in a database; Uploading a firmware download directory (URL) of the firmware for transmission generated by the download server to the update manager server; Generating, by the update manager server, a firmware update notification; Delivering the firmware update notification generated by the update manager server to the platform; Transmitting a firmware update notification received from the platform to the target terminal; And transmitting, by the update manager server, a result of transmitting a firmware update notification to the manufacturer server.
To generate the firmware for transmission by the step of generating the firmware for transmission, the download server is divided into a plurality of blocks of firmware input from the manufacturer server; And a step in which the download server encrypts the divided blocks so that the firmware provided by the manufacturer can be transmitted even though the performance of the target terminal of the firmware over the air (FOTA) is not excellent.
In the dividing step, the divided blocks are arranged in the order of a first block including a firmware name and a firmware version, followed by the first block, and a part of the firmware data is allocated to form one firmware data as a whole. It consists of a number of firmware blocks and a last block that is placed after the last firmware block to signal the end of packaging.
In the encrypting step, the firmware block is divided into a header and a body, and in the header, when the firmware data is an input of a hash function or when the firmware data is an input of a hash function Enter the sine value (Sign) substituted with the output value as an input, and input the encrypted value of the firmware data to the body,
The firmware downloading step includes: the target terminal downloading firmware for transmission from the download server; Transmitting, by the target terminal, a download result to the platform; Checking, by the update manager server, a download result through the platform; And the update manager server transmitting the download result to the manufacturer server,
The firmware update step may include preparing a firmware update by unpackaging the receiving firmware received by the target terminal; When the preparation of the update is completed, the target terminal performing a firmware update; Transmitting, by the target terminal, the result of the firmware update to the platform; Checking, by the update manager server, a result of firmware update through the platform; And the update manager server transmitting the result of the firmware update to the manufacturer server,
The step of preparing the update, after decoding the first block, reads whether the firmware update of the target terminal is necessary through the info value included in the first block, and if a firmware update is required, sign and hash A version checking step of comparing the released info value with the info value previously included in the first block; And when the version check is completed in the version checking step, after downloading and decrypting the firmware blocks, comparing the hash value of the unlocked firmware data with the hash value of the firmware data previously included in the firmware block. And a data merging step of merging each divided firmware data,
In the step of performing the firmware update, when the decoding of the last block is completed, the firmware update is performed using the merged firmware data,
The update manager server generates user information or system information to be protected from external attacks as a backup file, and then generates and stores the generated backup file in a primary backup file and a secondary backup sequentially containing the same data. Includes a backup file decentralization module that stores the primary backup file and the secondary backup file in different storage locations.
The backup file decentralization module changes the storage location of the primary backup file and the secondary backup file, which have been stored at a predetermined period, to a preset location on the system or a newly created location, but a folder or sub generated according to an arbitrary random variable. Specify the location to move the backup file to a folder,
When the intrusion is detected from the outside, the backup file decentralization module continuously performs replication from the previously generated primary backup file and secondary backup file to generate a plurality of sub backup files of each backup file. Multiple sub backup files are also stored individually in different chapters created according to random variables.
The backup file decentralization module permanently deletes a plurality of backup files determined to be currently being attacked backup files on the system,
The update manager server is implemented on a development environment management system,
When the development environment management system receives a request for permission to create or modify a software component from the development system, the authorization information of the corresponding development system is checked to process a software component creation or modification permission request message,
The software component includes a source code, a binary including debugging information, a pure binary without debugging information, a document for detailed description of the code, and at least one of a process formula model for understanding the code,
The permission information includes at least one of a read permission to read the software component, a storage permission to create and modify the software component, and a permission adjustment permission to adjust the permission information,
The development environment management system, if a software component is created or modified by any one development system that satisfies the authority information so that a module built by one development system can be used in another development system, stores it and stores Control so that it can be shared in the development system,
The development environment management system may generate step-by-step tracking of how the value of a specific variable has changed through history information, and generate the software component so as to understand how the specific variable has changed the value of any other variable. Build a database that stores revision history,
The development environment management system includes the type of software component, whether the software component is created/modified, the date of creation/modification of the software component, the frequency of creation/modification of the software component, and the authority of the development system that created/modified the software component. Generate historical information including information,
The development environment management system assigns an index to each generation of history information and stores it in a history information database, but can build a history information database according to the importance of the software component, and the software component corresponding to the highest importance type. The history information database is excluded from the database update target for storage space management, the history information database is created for each creation/modification date of the software component, or the history information database is established for each authority information.
The development environment management system performs a history information database update when the index of the history information database reaches a preset index for storage space management,
In order to update the historical information database, the development environment management system divides the entire index of the historical information database into three sections in ascending order, and the history information corresponding to the section including the lowest index among the three sections is created/modified. It is considered that a long time has elapsed, and it is deleted without condition, and only the history information corresponding to the type of the most important software component among the history information corresponding to the middle section among the three sections is maintained, and all remaining history information is deleted and updated. Or, you can update the history information database by deleting all history information whose creation/modification frequency is higher than the preset reference frequency and maintaining the rest of the history information, or adjust the authority information for which the authority information is regarded as the highest authority information. The history information database, which is the authority to adjust the authority, is maintained, and all the remaining history information is deleted, the history information database is updated, and the history information corresponding to the section containing the highest index among the three sections is created/modified. A method of packaging and unpacking firmware that is considered relatively recent and remains intact.
delete

Images