TWI637322B - Method of updating firmware of closed storage device - Google Patents

Method of updating firmware of closed storage device Download PDF

Info

Publication number
TWI637322B
TWI637322B TW106143995A TW106143995A TWI637322B TW I637322 B TWI637322 B TW I637322B TW 106143995 A TW106143995 A TW 106143995A TW 106143995 A TW106143995 A TW 106143995A TW I637322 B TWI637322 B TW I637322B
Authority
TW
Taiwan
Prior art keywords
application
memory
storage device
boot loader
closed storage
Prior art date
Application number
TW106143995A
Other languages
Chinese (zh)
Other versions
TW201928659A (en
Inventor
莊佑邦
歐仕邁
Original Assignee
開曼群島商庫幣科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 開曼群島商庫幣科技有限公司 filed Critical 開曼群島商庫幣科技有限公司
Priority to TW106143995A priority Critical patent/TWI637322B/en
Application granted granted Critical
Publication of TWI637322B publication Critical patent/TWI637322B/en
Publication of TW201928659A publication Critical patent/TW201928659A/en

Links

Abstract

本發明韌體更新方法,包含以下步驟:將一電子裝置連接於內建有兩記憶體以及啟動載入器的一封閉式儲存裝置,且其中一記憶體設有一預設為啟動程式的第一應用程式;電子裝置載入一第二應用程式,該封閉式儲存裝置偵測到第二應用程式時,將把存有第一應用程式的記憶體轉變一鎖定樣態;電子裝置將第二應用程式傳輸至另一記憶體,使第二應用程式寫入另一個記憶體而進行更新,隨後,啟動載入器將第二應用程式設定為後續封閉式儲存裝置運作執行的啟動程式,藉此,封閉式儲存裝置內部會有兩種不同版本的應用程式輪流替換更新,當新的應用程式更新失敗時,啟動載入器仍以原始應用程式作為啟動程式來運作執行。The method for updating firmware according to the present invention comprises the steps of: connecting an electronic device to a closed storage device having two memories and a boot loader, and wherein one of the memories is provided with a first preset as a startup program. The electronic device loads a second application, and when the closed storage device detects the second application, the memory storing the first application is converted into a locked state; the electronic device uses the second application The program is transferred to another memory, and the second application is written to another memory for updating. Then, the boot loader sets the second application as a startup program for subsequent closed storage operation, whereby There are two different versions of the application in the closed storage device to replace the update in turn. When the new application fails to update, the boot loader still runs as the launcher with the original application.

Description

封閉式儲存裝置的韌體更新方法Firmware update method for closed storage device

本發明有關於一種韌體更新方法,特別是一種偵測到不同應用程式後,能將其中一個記憶體切換至無法進行更新的鎖定模式,並再將新版應用程式寫入另一個記憶體進行更新的韌體更新方法。The invention relates to a firmware update method, in particular to detecting a different application, switching one of the memories to a lock mode that cannot be updated, and then writing the new application to another memory for updating. Firmware update method.

隨著科技的進步,許多的交易及支付方式已漸由積體電路(Integrated Circuit, IC)卡所取代,舉例來說,像是信用卡、金融卡、電話卡、儲值卡等皆為目前常見的IC卡,而一般所使用的IC卡依據存、讀取資料的方式大致可分為接觸式介面、非接觸式介面以及複合式介面三種。With the advancement of technology, many transactions and payment methods have been gradually replaced by integrated circuit (IC) cards. For example, credit cards, financial cards, telephone cards, and stored value cards are common. IC cards, and generally used IC cards can be roughly classified into three types: contact interface, non-contact interface, and composite interface depending on how they are stored and read.

所謂接觸式介面的IC卡是利用金屬接點來進行資料的存取,例如一般的晶片金融卡等,而所謂非接觸式介面的IC卡是利用感應的方式進行資料的存取,例如適用於大眾交通運輸工具的儲值卡或是電子錢包等,後來,由於市面上出現了多種不同類型的卡片,因此,亦發展出所謂複合式介面的IC卡,將所有信用卡、金融卡、電子錢包、儲值卡等各種不同需求之功能整合於單一IC卡中,讓使用者僅須持有單一卡片即能享有多元化的服務。The so-called contact interface IC card uses metal contacts to access data, such as a general wafer financial card, and the so-called non-contact interface IC card uses sensing to access data, for example, The value-added card of the mass transit vehicle or the e-wallet, etc. Later, due to the emergence of many different types of cards on the market, the so-called composite interface IC card was developed, and all credit cards, financial cards, and electronic wallets were The functions of various needs such as stored value cards are integrated into a single IC card, allowing users to enjoy a wide range of services with only a single card.

目前一般所使用的IC卡具有一微處理器以及一記憶體,而上述記憶體內存有一可由微處理器執行的應用程式,當使用上述IC卡發生程式錯誤(Bug)的情況或是有改善程式的效能需求時,需要對上述應用程式進行韌體更新的動作,而上述應用程式通常進行韌體更新時,通常是將新版的韌體映像檔(Image)透過實體傳輸媒介(例如:隨身碟、光碟、記憶卡…等)或是透過網際網路傳輸協定(例如:超文件傳輸協定(Hype Text Transport Protocol,HTTP)、簡單檔案傳輸通訊協定(Trivial File Transfer Protocol,TFTP)…等)傳送到上述記憶體,使得上次記憶體依據新版的韌體映像檔來對上述應用程式進行更新作業,讓上述應用程式轉變為一更新後應用程式。At present, an IC card generally used has a microprocessor and a memory, and the memory has an application program executable by the microprocessor, and when the IC card is used to generate a bug or an improved program. For the performance requirements, the firmware update operation of the above application is required, and when the firmware update is usually performed, the new firmware image (Image) is usually transmitted through the physical transmission medium (for example, a flash drive, CDs, memory cards, etc.) are transmitted to the above via Internet Protocol (Hype Text Transport Protocol (HTTP), Trivial File Transfer Protocol (TFTP), etc.) The memory causes the last memory to update the application according to the new firmware image, and the application is converted into an updated application.

然而,當上述記憶體更新新版的韌體映像檔而發生更新失敗的情況時,上述更新後應用程式則會缺少部分的程式碼,使得上述微處理器無法執行上述更新後應用程式,進而使上述IC卡無法順利運作,致使為了讓上述IC卡能夠順利運作,則可讓上述記憶體再次依據新版的韌體映像檔進行更新,但是,情況嚴重者則必須將上述IC卡進行還原設定,讓上述應用程式還原至最初的樣態,再重新進行更新作業,藉此造成使用上的不方便。However, when the above-mentioned memory updates the firmware image of the new version and the update fails, the updated application may lack part of the code, so that the microprocessor cannot execute the updated application, thereby making the above The IC card cannot operate smoothly, so that in order to enable the above-mentioned IC card to operate smoothly, the memory can be updated again according to the new firmware image file. However, in the case of serious cases, the above IC card must be restored and set. The application is restored to its original state and then re-updated, which makes it inconvenient to use.

本發明的主要目的在於封閉式儲存裝置內部會具有兩種不同版本的應用程式輪流替換更新,使得新版應程式運行時出現程式錯誤而無法進行交易時,啟動載入器能將舊版應用程式設定為啟動程式來進行交易,進而能避免發生封閉式儲存裝置無法進行交易的情況。The main purpose of the present invention is to have two different versions of the application in the closed storage device to replace the update in turn, so that when the new version of the application runs with a program error and cannot be traded, the boot loader can set the old application. In order to start the program to trade, it can avoid the situation that the closed storage device cannot be traded.

本發明次要目的在於當其中一個應用程式更新失敗而無法運作時,啟動載入器會執行另一個應用程式,讓封閉式儲存裝置依然能進行交易動作,進而能避免發生因為更新失敗而讓封閉式儲存裝置無法進行交易或者要將應用程式回復到最初樣態的情況,致使達到方便使用封閉式儲存裝置的目的。The secondary objective of the present invention is that when one of the application updates fails and cannot be operated, the boot loader executes another application, so that the closed storage device can still perform the transaction action, thereby avoiding the closure due to the update failure. The storage device cannot be traded or the application is returned to its original state, resulting in the convenience of using a closed storage device.

為實現前述目的,本發明有關於一種封閉式儲存裝置的韌體更新方法,包含下列步驟:提供一電子裝置網路連線於一封閉式儲存裝置,上述封閉式儲存裝置具有一啟動載入器、一第一記憶體以及一第二記憶體,上述啟動載入器將一存放於上述第一記憶體的第一應用程式設定為啟動程式,並能執行上述第一應用程式,然而,上述電子裝置載入一版本不同於上述第一應用程式的第二應用程式,使得上述電子裝置偵測到上述第一應用程式的版本不同於上述第二應用程式,進而使上述電子裝置將上述第一記憶體切換至一無法進行程式更新的鎖定模式。In order to achieve the foregoing object, the present invention relates to a method for updating a firmware of a closed storage device, comprising the steps of: providing an electronic device network connection to a closed storage device, the closed storage device having a boot loader a first memory and a second memory, the boot loader sets a first application stored in the first memory as a boot program, and can execute the first application, however, the electronic The device loads a second application different from the first application, so that the electronic device detects that the version of the first application is different from the second application, so that the electronic device uses the first memory. Switch to a lock mode where program updates are not possible.

上述電子裝置將上述第二應用程式以及一電子簽章傳遞至上述啟動載入器,上述啟動載入器將上述第二應用程式傳遞至上述第二記憶體,並再將上述電子簽章傳遞至一位在上述封閉式儲存裝置內部的安全晶片,其中,當上述第一記憶體與第二記憶體兩者皆存有上述第一應用程式時,上述電子裝置將上述第一記憶體與第二記憶體兩者其中之一切換為上述鎖定狀態,使得上述啟動載入器將上述第二應用程式傳遞至另一者。The electronic device transmits the second application and an electronic signature to the boot loader, the boot loader transfers the second application to the second memory, and transmits the electronic signature to the a security chip inside the closed storage device, wherein when the first application and the second memory both have the first application, the electronic device uses the first memory and the second One of the memories is switched to the above-described locked state, so that the boot loader transfers the second application to the other.

最後,上述第二應用程式寫入於上述第二記憶體進行更新,使上述啟動載入器將上述第二應用程式設定為啟動程式,並執行上述第二應用程式,其中,當上述第二應用程式寫入於上述第二記憶體而更新完成後,上述第二記憶體形成一傳遞至上述啟動載入器的特徵值資訊,而上述啟動載入器儲存上述特徵值資訊,並將上述特徵值資訊傳遞至上述安全晶片,使得上述啟動載入器將由上述電子裝置傳遞至上述封閉儲存裝置的電子簽章透過上述特徵值資訊進行演算,而上述安全晶片會對演算後的上述電子簽章透過上述特徵值資訊進行驗證,此外,當上述第二記憶體更新上述第二應用程式失敗時,上述啟動載入器將上述第一應用程式設定為啟動程式,並執行上述第一應用程式,於此實施例中,當上述安全晶片存有上述特徵值資訊與上述電子簽章時,上述啟動載入器將上述第二應用程式設定為啟動程式。Finally, the second application is written in the second memory for updating, so that the boot loader sets the second application as a startup program, and executes the second application, wherein, when the second application is After the program is written in the second memory and the update is completed, the second memory forms a feature value information transmitted to the boot loader, and the boot loader stores the feature value information and the feature value The information is transmitted to the security chip, so that the boot loader calculates the electronic signature transmitted from the electronic device to the closed storage device through the feature value information, and the security chip transmits the electronic signature after the calculation The feature value information is verified. Further, when the second memory fails to update the second application, the boot loader sets the first application as a startup program, and executes the first application, and implements the first application. In the example, when the security chip stores the feature value information and the electronic signature, the booting The second is the application program is set to start.

本發明的特點在於進行更新作業之前,電子裝置偵測到第一用程式的版本不同於第二應用程式,使得電子裝置將裝有第一應用程式的記憶體切換為無法進行更新的鎖定模式,進而啟動載入器會將第二應用程式寫入於另一個記憶體進行更新,讓啟動載入器指定第二應用程式設定為啟動程式,藉此,封閉式儲存裝置則會具有兩種不同版本的應用程式(第一、二應用程式),並輪流針對兩個應用程式進行更新,使得第二應程式運行時出現程式錯誤而無法進行交易時,啟動載入器能將第一應用程式設定為啟動程式來進行交易,進而能避免發生封閉式儲存裝置無法進行交易的情況。The invention is characterized in that before the updating operation, the electronic device detects that the version of the first application is different from the second application, so that the electronic device switches the memory with the first application to the locking mode that cannot be updated. In turn, the boot loader writes the second application to another memory for updating, and the boot loader specifies that the second application is set as the launcher, whereby the closed storage device has two different versions. The application (first and second applications), and the two applications are updated in turn, so that when the second application runs with a program error and cannot be traded, the boot loader can set the first application to Start the program to trade, which in turn prevents the closed storage device from being able to trade.

此外,當更新第二應用程式失敗而無法運行時,啟動載入器能指定第一應用程式設定為啟動程式來進行交易,進而能避免發生因為更新失敗而讓封閉式儲存裝置無法進行交易或者要將應用程式回復到最初樣態的情況,致使能讓封閉式儲存裝置達到方便進行交易的目的。In addition, when the update of the second application fails and cannot be run, the boot loader can specify that the first application is set as the launcher to conduct the transaction, thereby avoiding the fact that the closed storage device cannot be traded due to the update failure or Reverting the application to its original state allows the closed storage device to be easily traded.

茲為便於更進一步對本發明之構造、使用及其特徵有更深一層明確、詳實的認識與瞭解,爰舉出較佳實施例,配合圖式詳細說明如下:In order to further clarify and understand the structure, the use and the features of the present invention, the preferred embodiment is described in detail with reference to the following drawings:

請參閱圖1與圖2所示,本發明封閉式儲存裝置的韌體更新方法1配合一韌體更新裝置2使用,韌體更新裝置2具有一電子裝置20以及一封閉式儲存裝置21,電子裝置20安裝一應用軟體201,其中,電子裝置20可設為手機、電腦或平板。Referring to FIG. 1 and FIG. 2, the firmware updating method 1 of the closed storage device of the present invention is used in conjunction with a firmware updating device 2 having an electronic device 20 and a closed storage device 21, and an electronic device. The device 20 is provided with an application software 201, wherein the electronic device 20 can be set as a mobile phone, a computer or a tablet.

封閉式儲存裝置21能透過網路、藍芽或紅外線選擇性連線或斷線於電子裝置20,使得封閉式儲存裝置21能透過電子裝置20而連線或斷線於應用軟體201,而封閉式儲存裝置21具有一微處理器211以及一安全晶片212,上述微處理器211設有一第一記憶體211a、一第二記憶體211b以及一啟動載入器211c,微處理器211電性連接於安全晶片212,而第一記憶體211a儲存一第一應用程式,此外,安全晶片212具有一處理單元212a,其中,啟動載入器211c將上述第一應用程式設定為啟動程式,並能執行上述第一應用程式來進行交易,此外,當應用軟體201安裝於電子裝置20時,應用軟體201會在電子裝置20的接觸式螢幕上顯示一電子簽章,並且,當應用軟體201初始連線於封閉式儲存裝置21時,電子裝置20的應用軟體201會將上述電子簽章儲存於安全晶片212,其中,儲存於安全晶片212的電子簽章用於作為判斷核對是否能進行交易或是軟體更新的資訊。The closed storage device 21 can be selectively connected or disconnected to the electronic device 20 through the network, the Bluetooth or the infrared, so that the closed storage device 21 can be connected or disconnected from the application software 201 through the electronic device 20, and is closed. The storage device 21 has a microprocessor 211 and a security chip 212. The microprocessor 211 is provided with a first memory 211a, a second memory 211b and a boot loader 211c. The microprocessor 211 is electrically connected. On the security chip 212, the first memory 211a stores a first application. In addition, the security chip 212 has a processing unit 212a. The boot loader 211c sets the first application as a startup program and can execute The first application is used to perform the transaction. In addition, when the application software 201 is installed on the electronic device 20, the application software 201 displays an electronic signature on the contact screen of the electronic device 20, and when the application software 201 is initially connected. When the storage device 21 is closed, the application software 201 of the electronic device 20 stores the electronic signature on the security chip 212, wherein the electronic signature stored in the security chip 212 As a check to determine whether the transaction can be information or software updates.

請參閱圖1、圖3與圖4所示,當封閉式儲存裝置21欲要更新作業時,電子裝置20網路連接於一網際網路22,並同時連線於封閉式儲存裝置21,而電子裝置20從網際網路22下載一版本不同於上述第一應用程式的第二應用程式,當電子裝置20存有上述第二應用程式時,即完成一預備更新步驟S1,於此實施例中,上述第二應用程式的版本較新於上述第一應用程式。Referring to FIG. 1 , FIG. 3 and FIG. 4 , when the closed storage device 21 is to be updated, the electronic device 20 is connected to an internet network 22 and simultaneously connected to the closed storage device 21 . The electronic device 20 downloads a second application different from the first application from the Internet 22. When the electronic device 20 stores the second application, a preliminary update step S1 is completed. In this embodiment, The version of the second application is newer than the first application.

請參閱圖1、圖3與圖5所示,完成預備更新步驟S1之後進行一鎖定步驟S2,當電子裝置20存有上述第二應用程式時,電子裝置20的應用軟體201會依據上述第一應用程式與上述第二應用程式而取得一第一版本序號以及一序號不相同於上述第一版本序號的第二版本序號,使得應用軟體201偵測得知上述第一應用程式的版本較舊於上述第二應用程式,進而使應用軟體201形成一傳遞至第一記憶體211a的鎖定資訊,讓第一記憶體211a切換至一無法進行程式更新的鎖定狀態,隨後,使用者在電子裝置20的接觸式螢幕上進行以形成一電子簽章,此時,上述電子簽章是用以授權進行更新的資訊。Referring to FIG. 1 , FIG. 3 and FIG. 5 , after the preliminary update step S1 is completed, a locking step S2 is performed. When the electronic device 20 stores the second application, the application software 201 of the electronic device 20 is configured according to the first The application and the second application obtain a first version number and a second version number that is different from the first version number, so that the application software 201 detects that the first application version is older than The second application program further causes the application software 201 to form a lock information transmitted to the first memory 211a, causing the first memory 211a to switch to a locked state in which the program update cannot be performed, and then the user is in the electronic device 20 The touch screen is performed to form an electronic signature. At this time, the electronic signature is used to authorize the update.

請參閱圖1、圖3及圖6所示,接下來進行一傳輸步驟S3,電子裝置20將上述第二應用程式與用以授權進行更新的上述電子簽章傳遞至封閉式儲存裝置21的啟動載入器211c,並且,由於第一記憶體211a呈現上述鎖定狀態,使得啟動載入器211c能將上述第二應用程式傳遞至第二記憶體211b,並再將上述電子簽章傳遞至安全晶片212。Referring to FIG. 1 , FIG. 3 and FIG. 6 , a transmission step S3 is performed, and the electronic device 20 transmits the second application and the electronic signature for authorizing the update to the startup of the closed storage device 21 . The loader 211c, and because the first memory 211a assumes the above locked state, the boot loader 211c can transfer the second application to the second memory 211b, and then transfer the electronic signature to the secure chip. 212.

於此實施例中,由於上述第一應用程式僅儲存於第一記憶體211a,而並沒有儲存於第二記憶體211b,使得電子裝置20由網際網路22載入上述第二應用程式之後,電子裝置20會將第一記憶體211a切換為鎖定狀態,進而將第二應用程式傳遞至上述第二記憶體211b,但是,若第一、二記憶體211a、211b兩者皆儲存有上述第一應用程式的情況下,當電子裝置20由網際網路22載入上述第二應用程式時,電子裝置20的應用軟體201可以選擇性將上述第一記憶體211a與第二記憶體211b兩者其中之一切換成上述鎖定狀態,並再將上述第二應用程式傳送至上述第一記憶體211a與第二記憶體211b兩者其中之另一者。In this embodiment, since the first application is stored in the first memory 211a and is not stored in the second memory 211b, after the electronic device 20 is loaded into the second application by the Internet 22, The electronic device 20 switches the first memory 211a to the locked state, and further transfers the second application to the second memory 211b. However, if both the first and second memory 211a, 211b are stored with the first In the case of the application, when the electronic device 20 loads the second application by the Internet 22, the application software 201 of the electronic device 20 can selectively select both the first memory 211a and the second memory 211b. One of the switches is switched to the locked state, and the second application is transferred to the other of the first memory 211a and the second memory 211b.

如圖所示,第二記憶體211b接收到上述第二應用程式之後,當安全晶片212接收到用以授權進行更新的上述電子簽章時,安全晶片212會將用以授權進行更新的上述電子簽章與內存於安全晶片212的上述電子簽章進行比對,進而當用以授權進行更新上述電子簽章與內存於安全晶片212的上述電子簽章兩者相互符合時,上述第二應用程式會寫入於第二記憶體211b,使得第二記憶體211b存有上述第二應用程式,藉此,完成一更新步驟S4,反之,當用以授權進行更新上述電子簽章與內存於安全晶片212的上述電子簽章兩者沒有相互符合時,上述第二應用程式將不能寫入於第二記憶體211b,使得第二記憶體211b無法存有上述第二應用程式,進而無法完成更新步驟S4。As shown, after the second memory 211b receives the second application, when the security chip 212 receives the electronic signature to authorize the update, the security chip 212 will use the above electronic device to authorize the update. The signature is compared with the electronic signature stored in the security chip 212, and when the electronic signature is authorized to update the electronic signature and the electronic signature stored in the security chip 212, the second application Will be written in the second memory 211b, so that the second memory 211b stores the second application program, thereby completing an update step S4, and vice versa, when authorized to update the electronic signature and the memory security chip When the two electronic signatures of 212 do not match each other, the second application cannot be written in the second memory 211b, so that the second application 211b cannot store the second application, and the update step S4 cannot be completed. .

當完成更新步驟S4時,第二記憶體211b會形成一傳遞至啟動載入器211c的特徵值資訊,而啟動載入器會儲存上述特徵值資訊,並將上述特徵值資訊傳遞至安全晶片212,讓安全晶片212將上述特徵值資訊進行儲存,此時,安全晶片212存有上述特徵值資訊與上述電子簽章,啟動載入器211c將上述第二應用程式設定為啟動程式,其中,上述特徵值資訊是一種能對資訊進行演算與進行驗證的運算方法,於此實施例中,上述特徵值資訊設為一雜湊函數。When the updating step S4 is completed, the second memory 211b forms a feature value information transmitted to the boot loader 211c, and the boot loader stores the feature value information and transmits the feature value information to the secure chip 212. The security chip 212 stores the feature value information. At this time, the security chip 212 stores the feature value information and the electronic signature, and the boot loader 211c sets the second application as a startup program. The feature value information is an arithmetic method capable of calculating and verifying information. In this embodiment, the feature value information is set as a hash function.

完成更新步驟S4之後進行一執行步驟S5,當欲要進行交易時,使用者透過電子裝置20輸入一交易資訊(例如:買賣雙方交易帳戶、買方收購金額、賣方出售金額),並在電子裝置20的接觸式螢幕上進行輸入以形成上述電子簽章,此時,上述電子簽章是用以授權進行交易的資訊,並會與儲存於安全晶片212的上述電子簽章進行驗證,隨後,電子裝置20將上述交易資訊與用以授權進行交易的上述電子簽章傳遞至封閉式儲存裝置21,而微處理器211會執行上述第二應用程式,使得微處理器211的啟動載入器211c將用以授權進行交易的上述電子簽章透過上述特徵值資訊進行演算,並於演算後傳送至安全晶片212,此時,安全晶片212的處理單元212a會透過上述特徵值資訊對演算後的上述電子簽章進行驗證,其中,當安全晶片212驗證儲存於內部的上述電子簽章相同於用以授權進行交易的上述電子簽章時,使得一數位資產會進行轉移以完成交易。After the update step S4 is completed, an execution step S5 is performed. When the transaction is to be performed, the user inputs a transaction information (for example, a buyer and a seller transaction account, a buyer purchase amount, a seller sale amount) through the electronic device 20, and the electronic device 20 The input screen is input to form the electronic signature. At this time, the electronic signature is used to authorize the transaction, and the electronic signature stored in the security chip 212 is verified, and then the electronic device 20 transmitting the transaction information and the electronic signature for authorizing the transaction to the closed storage device 21, and the microprocessor 211 executes the second application, so that the boot loader 211c of the microprocessor 211 is used. The electronic signature signed by the authorized transaction is calculated by the feature value information, and is transmitted to the security chip 212 after the calculation. At this time, the processing unit 212a of the security chip 212 transmits the calculated electronic signature through the feature value information. The verification is performed, wherein the security chip 212 verifies that the above-mentioned electronic signature stored inside is the same as that authorized for authorization. When the above electronic signature is traded, a number of assets will be transferred to complete the transaction.

然而,當第二應用程式無法寫入第二記憶體211b時,啟動載入器211c會將上述第一應用程式設定為啟動程式,使得微處理器211會執行上述第一應用程式來進行交易動作。However, when the second application cannot write to the second memory 211b, the boot loader 211c sets the first application as the startup program, so that the microprocessor 211 executes the first application to perform the transaction. .

以上所舉實施例,僅用為方便說明本發明並非加以限制,在不離本發明精神範疇,熟悉此一行業技藝人士依本發明申請專利範圍及發明說明所作之各種簡易變形與修飾,均仍應含括於以下申請專利範圍中。The above embodiments are intended to be illustrative only, and are not intended to limit the scope of the present invention. It is included in the scope of the following patent application.

1‧‧‧韌體更新方法1‧‧‧ firmware update method

2‧‧‧韌體更新裝置 2‧‧‧ Firmware update device

20‧‧‧電子裝置 20‧‧‧Electronic devices

201‧‧‧應用軟體 201‧‧‧Application software

21‧‧‧封閉式儲存裝置 21‧‧‧Closed storage device

211‧‧‧微處理器 211‧‧‧Microprocessor

211a‧‧‧第一記憶體 211a‧‧‧First memory

211b‧‧‧第二記憶體 211b‧‧‧Second memory

211c‧‧‧啟動載入器 211c‧‧‧ boot loader

212‧‧‧安全晶片 212‧‧‧Safety Wafer

212a‧‧‧處理單元 212a‧‧‧Processing unit

22‧‧‧網際網路 22‧‧‧Internet

S1‧‧‧預備更新步驟 S1‧‧‧Preparation update steps

S2‧‧‧鎖定步驟 S2‧‧‧ Locking step

S3‧‧‧傳輸步驟 S3‧‧‧Transfer steps

S4‧‧‧更新步驟 S4‧‧‧ update steps

S5‧‧‧執行步驟 S5‧‧‧Execution steps

圖1為本發明封閉式儲存裝置的韌體更新方法的步驟流程示意圖; 圖2為韌體更新裝置的模組示意圖; 圖3為由預報更新步驟至執行步驟的流程示意圖; 圖4為圖1中預備更新步驟的示意圖; 圖5為圖1中預備核對步驟的示意圖;以及 圖6為圖1中比對傳輸步驟的示意圖。1 is a schematic flow chart of steps of a firmware updating method for a closed storage device of the present invention; FIG. 2 is a schematic diagram of a module of a firmware updating device; FIG. 3 is a schematic flow chart of a forecast updating step to an executing step; FIG. 5 is a schematic diagram of the preparatory verification step in FIG. 1; and FIG. 6 is a schematic diagram of the comparison transmission step in FIG.

Claims (4)

一種封閉式儲存裝置的韌體更新方法,包含:提供一電子裝置網路連線於一封閉式儲存裝置,上述封閉式儲存裝置具有一啟動載入器、一第一記憶體以及一第二記憶體,上述啟動載入器將一存放於上述第一記憶體的第一應用程式設定為啟動程式,並能執行上述第一應用程式,而上述電子裝置具有一版本不同於上述第一應用程式的第二應用程式;上述電子裝置偵測到上述第一應用程式的版本不同於上述第二應用程式,進而將上述第一記憶體切換至一無法進行程式更新的鎖定模式;上述電子裝置將上述第二應用程式以及一用以授權進行更新的電子簽章傳遞至上述啟動載入器,上述啟動載入器將上述第二應用程式傳遞至上述第二記憶體,並再將上述電子簽章傳遞至一位在上述封閉式儲存裝置內部的安全晶片;當用以授權進行更新的上述電子簽章與一內存於上述安全晶片的電子簽章相互符合時,上述第二應用程式寫入於上述第二記憶體進行更新,使上述啟動載入器將上述第二應用程式設定為啟動程式,並執行上述第二應用程式。 A method for updating a firmware of a closed storage device includes: providing an electronic device network connection to a closed storage device, the closed storage device having a boot loader, a first memory, and a second memory The boot loader sets a first application stored in the first memory as an activation program and can execute the first application, and the electronic device has a version different from the first application. a second application; the electronic device detects that the version of the first application is different from the second application, and further switches the first memory to a lock mode in which the program update cannot be performed; the electronic device a second application and an electronic signature for authorizing the update are passed to the boot loader, the boot loader transferring the second application to the second memory, and transmitting the electronic signature to a security chip inside the enclosed storage device; the electronic signature and a memory used to authorize the update When the electronic signatures of the security chips are mutually consistent, the second application is written in the second memory for updating, so that the boot loader sets the second application as a startup program and executes the second application. Program. 如申請專利範圍第1項所述封閉式儲存裝置的韌體更新方法,其中,當上述第一記憶體與第二記憶體兩者皆存有上述第一應用程式時,上述電子裝置將上述第一記憶體與第二記憶體兩者其中之一切換為上述鎖定狀態,使得上述啟動載入器將上述第二應用程式傳遞至另一者。 The method for updating firmware of a closed storage device according to claim 1, wherein when the first application and the second memory are both stored in the first application, the electronic device One of the memory and the second memory is switched to the locked state, such that the boot loader transfers the second application to the other. 如申請專利範圍第1項所述封閉式儲存裝置的韌體更新方法,其中,當上述第二應用程式寫入於上述第二記憶體而更新完成後,上述第二記憶體形成一傳遞至上述啟動載入器的特徵值資訊,而上述啟動載入器儲存上述特徵值資訊,並將上述特徵值資訊傳遞至上述安全晶片,使得上述啟動載入器將 由上述電子裝置傳遞至上述封閉儲存裝置的電子簽章透過上述特徵值資訊進行演算,而上述安全晶片會對演算後的上述電子簽章透過上述特徵值資訊進行驗證。 The method for updating firmware of a closed storage device according to claim 1, wherein when the second application is written in the second memory and the update is completed, the second memory is formed into the above Starting the feature value information of the loader, and the boot loader stores the feature value information and transmitting the feature value information to the security chip, so that the boot loader will The electronic signature transmitted from the electronic device to the closed storage device is calculated by the feature value information, and the security chip verifies the electronic signature after the calculation through the feature value information. 如申請專利範圍第1項所述封閉式儲存裝置的韌體更新方法,其中,當上述第二記憶體更新上述第二應用程式失敗時,上述啟動載入器將上述第一應用程式設定為啟動程式,並執行上述第一應用程式。 The firmware update method of the closed storage device of claim 1, wherein the boot loader sets the first application to start when the second memory fails to update the second application Program and execute the first application above.
TW106143995A 2017-12-14 2017-12-14 Method of updating firmware of closed storage device TWI637322B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW106143995A TWI637322B (en) 2017-12-14 2017-12-14 Method of updating firmware of closed storage device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW106143995A TWI637322B (en) 2017-12-14 2017-12-14 Method of updating firmware of closed storage device

Publications (2)

Publication Number Publication Date
TWI637322B true TWI637322B (en) 2018-10-01
TW201928659A TW201928659A (en) 2019-07-16

Family

ID=64802763

Family Applications (1)

Application Number Title Priority Date Filing Date
TW106143995A TWI637322B (en) 2017-12-14 2017-12-14 Method of updating firmware of closed storage device

Country Status (1)

Country Link
TW (1) TWI637322B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW200704995A (en) * 2005-07-25 2007-02-01 Prodisc Technology Inc Image pickup lens module
TW201619866A (en) * 2014-11-20 2016-06-01 萬國商業機器公司 Method of customizing appliances
CN104376252B (en) * 2013-08-12 2017-03-01 陈杰 Content verification method based on digital signature code

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW200704995A (en) * 2005-07-25 2007-02-01 Prodisc Technology Inc Image pickup lens module
CN104376252B (en) * 2013-08-12 2017-03-01 陈杰 Content verification method based on digital signature code
TW201619866A (en) * 2014-11-20 2016-06-01 萬國商業機器公司 Method of customizing appliances

Also Published As

Publication number Publication date
TW201928659A (en) 2019-07-16

Similar Documents

Publication Publication Date Title
AU2021286355B2 (en) Trusted terminal platform
US10735427B2 (en) Method and apparatus for managing program of electronic device
US8910868B1 (en) Firmware management
TWI643130B (en) SYSTEM AND METHOD FOR AUTO-ENROLLING OPTION ROMs IN A UEFI SECURE BOOT DATABASE
US10776102B1 (en) Securing firmware installation on USB input device
US10459714B2 (en) Method of updating firmware of closed storage device
US11762646B2 (en) Securely updating software on connected electronic devices
US20140244993A1 (en) Method of updating the operating system of a secure microcircuit
US20060101310A1 (en) Device, system and method for verifying integrity of software programs
EP2988243A1 (en) Device and method to insure secure platform module services
US10635820B1 (en) Update policy-based anti-rollback techniques
US8650543B1 (en) Software compatibility checking
CN111581154B (en) Electronic device and method for managing a database
US9436828B2 (en) Systems and methods for command-based entry into basic input/output system setup from operating system
US20210325948A1 (en) Device and method for restoring application removed by factory data reset function
US9659171B2 (en) Systems and methods for detecting tampering of an information handling system
CN107567629A (en) Dynamic firmware module loader in credible performing environment container
US20140181495A1 (en) System on chip including boot shell debugging hardware and driving method thereof
JP2005293058A (en) Information processing terminal and information safety protecting method therefor
US11449644B2 (en) Electronic device operating encryption for user data
FR2987152A1 (en) METHOD AND SECURITY DEVICE FOR PERFORMING A TRANSACTION
TWI637322B (en) Method of updating firmware of closed storage device
JP6473527B1 (en) Software update method for closed storage device
KR102064660B1 (en) Method of updating firmware of closed storage device
JP6354438B2 (en) Information processing apparatus, information processing system, and processing program