WO2022116708A1 - Procédé et appareil de gestion de clé - Google Patents

Procédé et appareil de gestion de clé Download PDF

Info

Publication number
WO2022116708A1
WO2022116708A1 PCT/CN2021/123924 CN2021123924W WO2022116708A1 WO 2022116708 A1 WO2022116708 A1 WO 2022116708A1 CN 2021123924 W CN2021123924 W CN 2021123924W WO 2022116708 A1 WO2022116708 A1 WO 2022116708A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
update
storage area
secure storage
credential
Prior art date
Application number
PCT/CN2021/123924
Other languages
English (en)
Chinese (zh)
Inventor
吴涛
刘洪辉
冉懋良
陈战
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2022116708A1 publication Critical patent/WO2022116708A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage

Definitions

  • the present application relates to the field of communication technologies, and in particular, to a key management method and device.
  • the corresponding public key is required during the secure startup, software installation and software upgrade of the device to verify the modules to be started, the installation package to be installed, and the upgrade package. Upgrade software to ensure secure boot, software installation, and the security of the software upgrade process.
  • Secure boot refers to the fact that during the boot process of the device, the module that is started before (this module can be understood as a software module) verifies the module that needs to be started. The latter module that needs to be started is started, and if the verification fails, the startup is aborted.
  • the public key used to verify the module during the secure boot process is stored in the electronic fuse (eFuse) in the processor of the device. Since the content in the eFuse cannot be cleared or modified, it is impossible to easily change the information stored in the eFuse. The public key cannot be updated and the public key cannot be managed.
  • eFuse electronic fuse
  • the present application provides a key management method and device for updating the public key required in the process of secure boot, software installation and software upgrade.
  • an embodiment of the present application provides a key management method.
  • the method can be executed by a key management apparatus in a device.
  • the key management apparatus can store a key in a secure storage area in the device. , which is the key required by the device during secure boot, software installation, or software upgrade.
  • the secure storage area is located in the memory of the device, and in certain scenarios, data in the secure storage area can be updated.
  • the key management device After the key management device stores the key, it can receive a key update request, where the key update request is used to request to update the key, and the key update request includes an update certificate, and the update certificate is signed by the trusted platform , and issued; the key management device first verifies the update credential, and after the verification passes, updates the key according to the key update request.
  • the related information of the key (the operation value after the operation of the key can be a hash operation or a signature) can also be used in a similar way.
  • the key management device can update the key stored in the secure storage area, and the key can no longer be modified.
  • the update certificate needs to be verified.
  • the key can be updated only when the update certificate verification is passed, which also makes the key update method more secure.
  • the key stored in the secure storage area may be a key required to verify the software code to be run in the device.
  • the device needs to run firmware code in addition to the software code that needs to be run, and the fixed code needs to be started or run first during the device startup process.
  • the firmware key required to verify the firmware code that the device needs to run can be stored in a secure storage area or in the device's electronic fuse, i.e. the firmware key and the software key are stored in different areas, The firmware key stored in the electronic fuse cannot be modified.
  • the firmware key can also be stored in other storage areas that are not allowed to be modified.
  • the keys required for the verification of the software code and the firmware code are stored in different locations respectively. Since the key required for the verification of the software code is stored in the secure storage area, the key can be updated as needed, and the The binding relationship between the device and the manufacturer of the software code.
  • the key management device can read the firmware key from the electronic fuse, and use the firmware key to verify the firmware code.
  • the signature (which is generated using the private key corresponding to the firmware key) is verified.
  • the software code and the firmware code may be from different manufacturers.
  • the firmware code is allowed to run.
  • the key management device can read the key from the secure storage area, and use the key to verify the software code. , verifies the signature of the software code (the signature is generated by using the private key corresponding to the key). After the software code is verified through the key pair, the software code is allowed to run.
  • the key management device can obtain the key from the secure storage area, and verify the installation package of the software code, that is, verify the signature carried on the installation package. After that, the software code is allowed to be installed, that is, the software code is installed through the installation package.
  • the key management device can obtain the key from the secure storage area, and verify the upgrade package of the software code, that is, verify the signature carried on the upgrade package. After that, the software code is allowed to be upgraded, that is, the software code is upgraded through the upgrade package.
  • the device can obtain the key from the secure storage area, so that the software code can be verified, and the software code can be guaranteed to be running, installed and upgraded. safety in the process.
  • the key management apparatus may directly store the key in the secure storage area, or may first sign the key, and then key is stored in a secure storage area.
  • the private key used to sign the key is not limited here.
  • the key management device can store the key in the secure storage area in different ways, which are flexible and suitable for different scenarios.
  • the key management device can confirm whether the signature of the update certificate comes from a trusted platform, for example, by using the public key of the trusted platform to verify the signature. If the signature is from the trusted platform, the verification passes, otherwise the verification fails; if the update certificate also indicates the key that needs to be updated, when the key management device verifies the update certificate, in addition to confirming whether the signature of the update certificate comes from the trust platform, it can also confirm Whether the key to be updated indicated by the update credential is consistent with the key stored in the secure storage area, after determining that the signature of the update credential comes from the trusted platform and the key to be updated indicated by the update credential is consistent with the key stored in the secure storage area If it is determined that the update credential is verified to pass; if it is determined that the signature of the update credential does not come from the trusted platform or the key to be updated indicated by the update credential is inconsistent with the key stored in the secure storage area, it is determined to verify the update credential. fail.
  • the key management device when verifying the update certificate, can confirm the signature of the update certificate and the content indicated by the update certificate, which can ensure the validity of the update certificate, and further ensure that the key can be secured in the future. , a valid update.
  • the update credential may be identified as an invalid state. In this way, it is possible to avoid receiving a key update request for the same update credential again and perform invalid operations on the key.
  • the key management apparatus may also record the number of key updates, that is to say, after each update of the key in the secure storage area, the key management apparatus also records the current key update times. For key updates, add one to the recorded number of key updates.
  • the key management device records the number of updates of the key to facilitate subsequent management of the key, such as limiting the number of updates allowed by the key.
  • the key management device may first determine whether the number of key updates is not less than the preset number of times, if the number of times of key update is less than the preset number of times , the key management device can update the key. If the number of key updates is greater than or equal to the preset number, it means that the number of key updates has reached the upper limit, and the key management device can refuse to update the key.
  • the allowed number of updates of the key is limited by the preset number of times, which facilitates the key management device to manage the key and ensures that the key will not be modified infinitely.
  • the secure storage area further includes a key blacklist, where the key blacklist is used to indicate an expired key.
  • the key management device can use the key blacklist to restrict the keys used by the device in the process of secure booting, software installation and software upgrade.
  • the key used by the device in the process of secure booting, software installation and software upgrade is If the key indicated in the key blacklist is used, the use of the key is stopped, or the key is not allowed to be stored in the secure storage area (for example, the key is deleted or the key is rejected from being stored in the secure storage area).
  • directly recording the expired blacklist in the key blacklist the key is not allowed to be stored in the secure storage area, which means that the key is not allowed to be stored in the secure storage area except for storing the key blacklist. outside the area.
  • the secure storage area is located in the flash memory or the processor, and the data stored in the flash memory and the processor has high security, which can ensure that the key is not easily tampered, and the security of the key is ensured.
  • an embodiment of the present application further provides a key management device, which has the function of implementing the behavior in the method example of the first aspect.
  • the functions can be implemented by hardware, or can be implemented by hardware executing corresponding software.
  • the hardware or software includes one or more modules corresponding to the above functions.
  • the structure of the apparatus includes a transmission unit, a storage unit, an update unit, and a verification unit, and these units can perform the corresponding functions in the method examples of the first aspect. For details, refer to the detailed descriptions in the method examples, It is not repeated here.
  • an embodiment of the present application further provides an apparatus, which has a function of implementing the behavior in the method example of the first aspect.
  • the structure of the device includes a processor and a memory, and the processor is configured to support the device to perform the corresponding functions in the method of the first aspect.
  • the memory is coupled to the processor and holds program instructions and data necessary for the communication device.
  • the structure of the communication device further includes a communication interface for communicating with other devices, such as obtaining a key or receiving a key update request.
  • the present application further provides a computer-readable storage medium, where instructions are stored in the computer-readable storage medium, when the computer-readable storage medium runs on a computer, the computer executes the method described in the first aspect.
  • the present application further provides a computer program product comprising instructions, which, when run on a computer, cause the computer to perform the method described in the first aspect above.
  • the present application further provides a computer chip, wherein the chip is connected to a memory, and the chip is configured to read and execute a software program stored in the memory, and execute the method described in the first aspect.
  • 1A is a schematic diagram of the architecture of a system provided by the application.
  • FIG. 1B is a schematic diagram of a module that needs to be activated for safe activation according to the present application
  • FIG. 2 is a schematic diagram of a key management method provided by the application
  • FIG. 3 is a schematic structural diagram of a key management device provided by the application.
  • FIG. 4 is a schematic structural diagram of a key management apparatus provided by the present application.
  • a system provided by an embodiment of the present application includes a key management apparatus 100 and a key update apparatus 200 .
  • the key management apparatus 100 may be located in a device, and manage the keys required by the device during secure startup, software installation, or software upgrade.
  • the management operations include but are not limited to: The keys are stored in the secure storage area, and the keys stored in the secure storage area are updated.
  • the key update apparatus 200 may be an apparatus independent of the device, or may be a device deployed in the device. When it is determined that the key needs to be updated, it can send a key update request to the key management apparatus 100 to request the key The management device 100 updates the key.
  • the manner in which the key update device 200 determines that the key needs to be updated is not limited here.
  • the user can operate on the key update device 200, such as selecting the key to be updated, determining the updated key, and loading the update certificate. .
  • the key update device 200 can determine the key that needs to be updated and the updated key, and can also obtain the update certificate; after that, the key update device 200 can send the key to the key management device 100 An update request to request the key management apparatus 100 to update the key.
  • Secure boot requires that the previous module to be started needs to verify the next module that needs to be started during the device startup process, and the latter module is allowed to start only after the verification is passed.
  • module A The startup sequence of module A, module B, module C, and module D is module A->module B->module C->module D.
  • Module A can be the firmware code in the device, and it is the module that needs to be started first.
  • Module A can be a software module matching the processor of the device, or it can be produced by the manufacturer of the processor (here, the manufacturer of the processor is the manufacturer 1). example) configured in the processor.
  • Module B, module C, and module D may be software modules that need to run on the processor, or may be software modules from other manufacturers.
  • the manufacturer of module B is manufacturer 2
  • the manufacturer of module C is manufacturer 3
  • the manufacturer of module D is manufacturer 4.
  • Module B carries the signature B generated by manufacturer 2 using the private key corresponding to public key b
  • module C carries the signature C generated by manufacturer 3 using the private key corresponding to public key c
  • module D carries the signature C generated by manufacturer 4 using the public key The signature D generated by the private key corresponding to d.
  • the public keys of module B, module C, and module D pre-stored in the storage area of the device are public key b, public key c, and public key d, respectively.
  • module A is a fixed code, it is started first. After startup, module A will first obtain the public key b of module B from the storage area of the device, and use the public key b to verify the signature B carried in module B. After the verification is passed, Trigger module B to start.
  • the module B After the module B is started, the module B will first obtain the public key c of the module C from the storage area of the device, and use the public key c to verify the signature C carried in the module C. After the verification is passed, the module C is triggered to start.
  • the module C After the module C is started, the module C will first obtain the public key d of the module D from the storage area of the device, and use the public key d to verify the signature D carried in the module D. After the verification is passed, the module D is triggered to start.
  • modules A, B, C, and D all use a similar method to verify the subsequently activated modules when the device starts up.
  • the access area of the device will store multiple public key.
  • other methods are allowed to be used for verification between modules, that is, the device can use the methods described in the foregoing description to verify the modules that are subsequently started in combination with other methods during the startup process.
  • the public key b can be stored in the storage area of the device, the verification of module A to module B can be verified by the aforementioned method, and the verification between module B and module C, and module C and module D can be verified by other methods.
  • Other verification methods are not limited.
  • the storage area only stores the public key b.
  • the public key b, the public key c, or the public key d may be stored in the secure storage area of the device.
  • the secure storage area may be located in a flash memory (flash), such as an embedded Non-volatile flash embeded multimedia card replay protect memory block (flash EMMC RPMB), flash persistent protection bits (flash persistent protection bits, flash PPB), flash solid protection bits (flash solid protection bits, flash SPB), or a secure storage area located in the device processor.
  • flash memory such as an embedded Non-volatile flash embeded multimedia card replay protect memory block (flash EMMC RPMB), flash persistent protection bits (flash persistent protection bits, flash PPB), flash solid protection bits (flash solid protection bits, flash SPB), or a secure storage area located in the device processor.
  • the data (eg, the public key) stored in the secure storage area is allowed to be updated, such as deletion, modification, and the like.
  • the device When software (also referred to as software code) needs to be installed in the device, the device obtains an installation package of the software (the installation package can be understood as a module), and the installation package carries a private key generated by using the public key e.
  • the device first obtains the public key e.
  • the public key e can be stored in the storage area of the device. The method and time when the public key e is stored in the storage area is not limited here. If it is pre-configured in the storage area, it may also be written into the storage area by another device when it is determined that the software needs to be installed.
  • the public key e may also be carried in an installation package of the software, and when the installation package is acquired, the device may acquire the public key e from the installation package.
  • the device uses the public key e to verify the signature in the installation package, and after the verification is passed, the installation package is used to install the software.
  • the device When the software in the device needs to be upgraded, the device first obtains an upgrade package of the software (the upgrade package can be understood as a module), and the upgrade package carries a signature generated by using the private key corresponding to the public key f.
  • the device When upgrading the software, the device first obtains the public key f, which can be stored in the storage area of the device. The method and time when the public key f is stored in the storage area is not limited here. It can be pre-configured in the storage area. If it is determined that the software needs to be upgraded, the public key f is written into the storage area by another device. The public key f may also be carried in an upgrade package of the software. When the upgrade package is obtained, the device can obtain the public key f from the upgrade package.
  • the device uses the public key f to verify the signature in the upgrade package, and after the verification is passed, the upgrade package is used to upgrade the software.
  • the public key required by the device during the secure boot, software installation, or software upgrade process is usually stored in the eFuse in the processor. Since the data stored in the eFuse cannot be modified once written, the processor is located in the eFuse. The board is "bound" with the manufacturer corresponding to the public key stored in the eFuse (the manufacturer is also the manufacturer of the module).
  • the binding here refers to the binding relationship between the board and the manufacturer of module 2 (that is, manufacturer 2).
  • the data stored in this eFuse cannot be changed while the board is on. That is, manufacturer 1 cannot change the public key stored in the eFuse.
  • each board can be bound to one manufacturer, and different boards may be bound to different manufacturers.
  • Manufacturer 1 needs to maintain multiple boards bound to different manufacturers. This maintenance method is expensive and inflexible.
  • veneer A is the veneer bound to manufacturer 2
  • veneer B is the veneer bound to manufacturer 3.
  • manufacturer 1 receives veneer A and veneer After B, the maintenance of board A and board B can only be returned to user A after the maintenance of board A is completed, and returned to user B after the maintenance of board B is completed. If user B urgently needs board B, if board B has not been repaired and board A has been repaired, manufacturer 1 cannot rewrite the data stored in the eFuse, and cannot change the binding relationship between board A and manufacturer 2 to use to meet the needs of user B.
  • the key management apparatus 100 may store the public key required by the device in the process of secure booting, software installation, or software upgrading in the secure storage area of the device, and can also store the public key required by the device in the secure storage area of the device when receiving the key
  • the public key can be updated, that is to say, the public key required by the device during the secure boot, software installation, or software upgrade process is not fixed after it is saved to the device.
  • the software installed in the device When the module is changed, such as software module upgrade or replacement with another software module, etc., the public key can be updated to ensure that the device can still normally perform processes such as secure boot, software installation or software upgrade after the software module is changed. Improved flexibility of public key configuration.
  • the veneer maintenance manufacturer can change the public key stored in the secure storage area through the key management device 100, so as to change the binding relationship between the veneer and the manufacturer, and deal with different users. requirements, effectively improving the flexibility of veneer maintenance.
  • the management of public keys by the key management apparatus 100 is used as an example for description.
  • the method includes:
  • Step 201 The key management apparatus 100 obtains a public key, which is a public key required by the device during a secure boot, software installation, or software upgrade process.
  • This embodiment of the present application does not limit the manner in which the key management apparatus 100 obtains the public key.
  • the public key may be pre-configured to the key management apparatus 100 before the device exits the scene, or may be sent to the key management apparatus 100 after the device exits the scene. of the key management device 100.
  • Step 202 After acquiring the public key, the key management apparatus 100 may store the public key in a secure storage area in the device.
  • the key management apparatus 100 may directly store the public key in the secure storage area, or may first sign the public key, and after signing, store the signed public key in the secure storage area.
  • the public key After the public key is stored in the secure storage area, the public key can be updated.
  • Step 203 The key update device 200 sends a key update request to the key management device 100, and the key management device 100 receives the key update request.
  • the key update request is used to request to update the public key. Carry the renewal certificate.
  • the update credential is signed and issued by the trusted platform.
  • the type of the trusted platform is not limited here.
  • the trusted platform can be the manufacturer of the device or the processor in the device, or it can be a platform trusted by the manufacturer, such as other manufacturers trusted by the manufacturer, modules running on the device. It can also be an authoritative organization, such as a certificate authority (certificate authority).
  • the key update device 200 Before sending the key update request, the key update device 200 needs to obtain the update certificate first.
  • the update certificate can be loaded in the key update device 200 by the user, or the key update device 200 applies to the trusted platform.
  • the key update device 200 can send a credential acquisition request to the trusted platform, requesting the trusted platform to issue an update credential, the credential acquisition request can carry the identity information of the key update device 200, and the credential acquisition request can also indicate the key and password to be updated. How to update the key, etc.
  • the trust platform After receiving the certificate acquisition request, the trust platform can use the identity information of the key update device 200 to perform verification, and issue the update certificate after the verification is passed.
  • the embodiments of the present application do not limit the manner in which the key update apparatus 200 obtains the update certificate.
  • the update certificate may carry the signature information of the trust platform, and the signature information may be generated by using the private key of the trust platform.
  • the update credential also records the device or processor to which the update credential is applicable, which is not limited to the manner in which the update credential also records the device or processor to which the update credential is applicable.
  • the update credential may record the device or the device.
  • the model of the processor can also carry information that can uniquely identify the device or the processor of the device.
  • the update credential can also indicate which public key needs to be updated and how the public key is updated.
  • the manner in which the update credential indicates the public key that needs to be updated is not limited here.
  • the update credential may directly record the public key that needs to be updated.
  • the update credential may record the identification information of the public key to be updated, and the identification information may be pre-configured for the public key.
  • the key management apparatus 100 can know the identification information of the public key stored in the secure storage area, and the manner in which the key management apparatus 100 obtains the identification information of the public key is not limited here.
  • the key management apparatus 100 may query other apparatuses for the identification information of the public key by sending a query message.
  • the public key update methods include but are not limited to: modification, deletion, and addition.
  • the public key update method When the public key update method is modification, it means that the public key stored in the secure storage area needs to be modified, and the update certificate can also carry the modified public key.
  • the public key update method When the public key update method is delete, it means that the public key that needs to be updated needs to be deleted.
  • the public key update method When the public key update method is Add, it means that a new public key is added to the secure storage area, and the update certificate can also carry the public key that needs to be added.
  • the update credential may not indicate the public key that needs to be updated.
  • Step 204 After receiving the key update request, the key management apparatus 100 may first obtain the update certificate in the key update request, and verify the update certificate.
  • the key management device 100 When the key management device 100 verifies the update certificate, it can use the public key of the trusted platform to verify whether the signature in the update certificate comes from the trusted platform.
  • the method for the key management device 100 to obtain the public key of the trusted platform is not limited here.
  • the public key of the trusted platform may be stored in the key management apparatus 100 in advance, and the key management apparatus 100 may obtain the public key of the trusted platform locally.
  • the key management apparatus 100 may obtain the public key of the trusted platform from the trusted platform, for example, obtain the public key of the trusted platform from the website of the trusted platform when it is determined that the update credential needs to be verified.
  • the key management device 100 fails to verify the update certificate. If the signature of the update certificate comes from the trusted platform, the key management device 100 can determine that the update certificate is verified successfully, and also It can be further confirmed whether the public key to be updated indicated by the update credential is consistent with the public key stored in the secure storage area, and after confirming the agreement, it is determined that the update credential is verified successfully, otherwise, the verification fails.
  • the manner in which the key management apparatus 100 confirms whether the public key that needs to be updated indicated by the update credential is consistent with the public key stored in the secure storage area is related to the manner in which the update credential indicates the public key that needs to be updated; For the updated public key, the key management apparatus 100 may compare the public key recorded in the update certificate to be updated with the public key stored in the secure storage area to determine whether they are consistent. For example, the identification information of the public key to be updated is used in the update certificate to indicate the public key to be updated, and the key management apparatus 100 can determine whether the identification information recorded in the update certificate is consistent with the identification information of the public key stored in the secure storage area.
  • Step 205 After the key management apparatus 100 has passed the verification of the update credential, it can update the public key stored in the secure storage area according to the update credential.
  • the key management apparatus 100 may update the public key stored in the secure storage area to the modified public key indicated in the update credential.
  • the key management apparatus 100 may delete the public key stored in the secure storage area.
  • the key management apparatus 100 may add the public key carried in the update certificate and need to be added in the secure storage area.
  • the update operation of the public key can only be performed by a specific party holding the update certificate (for example, only by the manufacturer of the device). or a party trusted by the manufacturer), or only within a specific time period (such as during a return to the factory).
  • the valid state of the update certificate can be set.
  • An update certificate can only update the public key once.
  • the update certificate will not be able to continue. use. That is, after the key management apparatus 100 updates the public key stored in the secure storage area according to the update certificate, the update certificate becomes an invalid certificate, and the key management apparatus 100 can identify the update certificate as an invalid state.
  • the method of identifying the update certificate as an invalid state is not limited here.
  • the key management apparatus 100 may save the update certificate and identify the update certificate as an invalid certificate.
  • the key management apparatus 100 can first determine whether the update credential carried in the key update request is consistent with the stored and identified invalid credential. If they are consistent, it means that the update credential carried in the key update request is an invalid credential, and the key management device 100 can reject the key. key update request, refuse to update the public key.
  • the key management apparatus 100 may save the identification information of the update certificate (the identification information of the update certificate may be information allocated by the trust platform and can uniquely indicate the update certificate, and the identification information of the update certificate may be recorded in the update certificate certificate or carried in the key update request), after receiving the key update request again, the key management apparatus 100 may first determine whether the identification information of the update certificate carried in the key update request is the same as that of the stored or invalid certificate. If the identification information is consistent, it means that the update certificate carried in the key update request is an invalid certificate, and the key management apparatus 100 can reject the key update request and refuse to update the public key.
  • the identification information of the update certificate may be information allocated by the trust platform and can uniquely indicate the update certificate, and the identification information of the update certificate may be recorded in the update certificate certificate or carried in the key update request
  • the key management apparatus 100 may first determine whether the identification information of the update certificate carried in the key update request is the same as that of the stored or invalid certificate. If the identification information is consistent, it means that the update certificate carried in the key update request is an invalid
  • the key management device 100 can pre-configure the number of updates of the public key, set the number of updates of the public key to a preset number, and before each update of the public key in the secure storage area, also determine whether the number of updates of the public key exceeds The preset number of times, that is, to confirm whether the update number of the public key is greater than or equal to the preset number of times.
  • the number of updates of the public key here refers to the number of times the update has been completed for the public key stored in the secure storage area.
  • the key management apparatus 100 may set a fixed number of bits, each bit corresponds to one update of the public key, and one update of the public key occurs. Afterwards, the key management apparatus 100 can change the value of the bit to a set value (for example, the initial value of the bit is 0, and the set value is 1). When the value of the fixed number of bits is changed to the set value When the value is set, it means that the update times of the current public key has reached the preset times. For another example, the key management apparatus 100 may maintain a cumulative value, and set the initial value of the cumulative value to be equal to the preset number of times. Each pair of public keys stored in the secure storage area is updated once, and the cumulative value is reduced. When the accumulated value is reduced to 0, it means that the update times of the current public key has reached the preset times.
  • the key management apparatus 100 may reject the update of the public key stored in the secure storage area this time.
  • the key management apparatus 100 updates the public key stored in the secure storage area, and records the update of the public key this time, that is, after each completion of the update of the public key stored in the secure storage area.
  • the public key of the storage area is updated, the number of updates of the public key will increase by one, and the number of updates of the public key is accumulated along with the update of the public key stored in the secure storage area.
  • the number of updates of the public key may not be limited, but only the number of updates of the public key is recorded locally.
  • the key management apparatus 100 may set a fixed number of bits, each bit corresponding to the public key. and each bit corresponds to an update certificate. After the public key is updated once, the key management device 100 can change the value of the bit to the set value (for example, the initial value of the bit is 0, set The fixed value is 1), the setting value can either indicate that the public key has been updated once, or it can indicate that the update certificate corresponding to the bit is in an invalid state.
  • the value of the fixed number of bits When the value is set, it means that the update times of the current public key has reached the preset times, and each update certificate corresponding to the bits of the fixed data has also been in an invalid state.
  • the private key is likely to be exposed or stolen. If you continue to use the public key corresponding to the private key during the secure startup, software installation, and software upgrade of the device, the security of the device will be threatened. .
  • the key management apparatus 100 needs to be notified in time to prevent the use of the public key corresponding to the private key.
  • the safe storage area may include a public key blacklist
  • the public key blacklist may indicate an expired public key, which is a public key that has been deactivated (for example, a public key that has been explicitly instructed to no longer be used by the manufacturer of a software module running in the processor) ).
  • the public key blacklist indicates an expired public key.
  • the public key blacklist can directly record the public key that has expired.
  • the public key blacklist can directly record the identifier of the public key that has expired. information.
  • the key management apparatus 100 When the key management apparatus 100 receives a public key that needs to be stored in the secure storage area, it may first determine whether the public key is the public key indicated by the public key blacklist, and if so, refuse to store the public key in the secure storage area. area, otherwise, store the public key in a secure storage area.
  • the key management device 100 When the key management device 100 receives the key update request, it can first determine whether the updated public key carried in the key update request is the public key indicated by the public key blacklist, and if so, reject the public key stored in the security The public key in the storage area is updated, otherwise, the public key stored in the secure storage area is updated according to the update credential.
  • the public key blacklist can also be used to identify whether the public key used by the device in the process of secure boot, software installation and software upgrade has become invalid.
  • the device When the device starts securely, it obtains the public key required to verify the module to be started, such as the public key stored in the secure storage area or the public key carried in the installation package, and determines whether the public key is indicated by the public key blacklist. Public key, if so, stop starting the module, otherwise, start the module.
  • the device When installing the software, the device obtains the public key required to verify the installation package to be installed, such as the public key stored in the secure storage area or the public key carried in the installation package, to determine whether the public key is a public key blacklist indication If yes, stop installing the software, otherwise, install the software.
  • the public key required to verify the installation package to be installed, such as the public key stored in the secure storage area or the public key carried in the installation package, to determine whether the public key is a public key blacklist indication If yes, stop installing the software, otherwise, install the software.
  • the device When the device upgrades the software, it obtains the public key required to verify the software upgrade package, such as the public key stored in the secure storage area or the public key carried in the upgrade package, to determine whether the public key is a public key blacklist indication If it is, then stop upgrading the software, otherwise, upgrade the software.
  • the public key required to verify the software upgrade package, such as the public key stored in the secure storage area or the public key carried in the upgrade package, to determine whether the public key is a public key blacklist indication If it is, then stop upgrading the software, otherwise, upgrade the software.
  • the key is directly stored or updated as an example.
  • the associated information of the key can also be stored, such as the hash obtained by performing the hash operation on the key.
  • the function of the hash value of the key is the same as the function of the key, and the associated information of the key can be stored and updated in the manner of the embodiment shown in FIG. 2 .
  • an embodiment of the present application further provides a key management apparatus, which is used to execute the method performed by the key management apparatus in the method embodiment shown in FIG. 2, and the relevant features may be Refer to the above method embodiments, which are not repeated here.
  • the key management apparatus 300 includes a transmission unit 302 , a storage unit 301 , and an update unit 303 .
  • the storage unit 301 is configured to store a key in a secure storage area in the device, where the key is a key required by the device during secure startup, software installation, or software upgrade.
  • the transmission unit 302 is configured to receive a key update request, where the key update request includes an update certificate, and the update certificate is signed and issued by a trusted platform.
  • the updating unit 303 is configured to update the key after the verification of the update credential is passed.
  • the key stored in the secure storage area may be a key required to verify the software code to be run in the device.
  • the device may also include firmware code, and the fixed code needs to be started or run first during the device startup process.
  • the firmware key required to verify the firmware code that the device needs to run can be stored in a secure storage area or in the device's electronic fuse, i.e. the firmware key and the software key are stored in different areas, The firmware key stored in the electronic fuse cannot be modified. Of course, the firmware key can also be stored in other storage areas that are not allowed to be modified.
  • the key management apparatus when the device is securely booted, the key management apparatus further includes a verification unit 304, and the verification unit 304 can read the firmware key from the electronic fuse, and use the firmware key to perform a verification operation on the firmware code.
  • the verification specifically, is to verify the signature of the firmware code (the signature is generated by using the private key corresponding to the firmware key).
  • the software code and the firmware code may be from different manufacturers.
  • the verification unit 304 uses the firmware key to verify the firmware code, the firmware code is allowed to run. After running the firmware code, the verification unit 304 can also read the key from the secure storage area, and use the key to verify the software code. Specifically, the signature of the software code (the signature is generated by using the private key corresponding to the key) is verified. After the software code is verified through the key pair, the software code is allowed to run.
  • the verification unit 304 can obtain the key from the secure storage area, and verify the installation package of the software code, that is, verify the signature carried on the installation package. , allowing the software code to be installed, that is, installing the software code through the installation package.
  • the verification unit 304 can obtain the key from the secure storage area, and verify the upgrade package of the software code, that is, verify the signature carried on the upgrade package. , allowing to upgrade the software code, that is, to upgrade the software code through the upgrade package.
  • the storage unit 301 when the storage unit 301 stores the key in the secure storage area of the device, it may directly store the key in the secure storage area, or may first sign the key, and then sign the signed key.
  • the key is stored in a secure storage area.
  • the update unit 303 when the update unit 303 verifies the update certificate, it can confirm whether the signature of the update certificate comes from the trust platform; after determining that the signature of the update certificate comes from the trust platform, the update certificate is verified to pass, otherwise, verification failed. If the update certificate also indicates the key that needs to be updated, when the update unit passes the verification of the update certificate, in addition to confirming whether the signature of the update certificate comes from the trusted platform, it can also confirm that the key to be updated indicated by the update certificate is stored in the secure storage Whether the keys of the region are the same. If it is confirmed that the signature of the update credential comes from the trusted platform and the key to be updated indicated by the update credential is consistent with the key stored in the secure storage area, the verification of the update credential passes, otherwise the verification fails.
  • the updating unit 303 identifies the update credential as an invalid state.
  • the updating unit 303 may also record the number of times of updating the key.
  • the update unit 303 may determine whether the number of times of key update is less than a preset number of times, and if it is less than the number of times of updating the key in the secure storage area, update the key in the secure storage area. Update, otherwise, refuse to update the key.
  • the secure storage area further includes a key blacklist, where the blacklist is used to indicate expired keys.
  • the secure storage area is located in the flash memory or in the processor.
  • each functional unit in the embodiments of the present application may be integrated into one processing unit, or each unit may exist physically alone, or two or more units may be integrated into one unit.
  • the above-mentioned integrated units may be implemented in the form of hardware, or may be implemented in the form of software functional units.
  • the above embodiments may be implemented in whole or in part by software, hardware, firmware or any other combination.
  • the above-described embodiments may be implemented in whole or in part in the form of a computer program product.
  • the computer program product includes one or more computer instructions. When the computer program instructions are loaded or executed on a computer, all or part of the processes or functions described in the embodiments of the present invention are generated.
  • the computer may be a general purpose computer, special purpose computer, computer network, or other programmable device.
  • the computer instructions may be stored in or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be downloaded from a website site, computer, server, or data center Transmission to another website site, computer, server, or data center is by wire (eg, coaxial cable, optical fiber, digital subscriber line (DSL)) or wireless (eg, infrared, wireless, microwave, etc.).
  • the computer-readable storage medium may be any available medium that a computer can access, or a data storage device such as a server, a data center, or the like containing one or more sets of available media.
  • the usable media may be magnetic media (eg, floppy disks, hard disks, magnetic tapes), optical media (eg, DVDs), or semiconductor media.
  • the semiconductor medium may be a solid state drive (SSD).
  • the apparatus 400 shown in FIG. 4 includes at least one processor 401 , a memory 402 , and optionally, a communication interface 403 .
  • the memory 402 can be a volatile memory, such as random access memory; the memory 402 can also be a non-volatile memory, such as read-only memory, flash memory, hard disk drive (HDD) or solid-state drive (solid-state drive) , SSD), or memory 402 is any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer, but is not limited thereto. Memory 402 may be a combination of the above-described memories.
  • the secure storage area in this embodiment of the present application may be located in the memory 402 , for example, in a nonvolatile memory of the memory 402 .
  • connection medium between the above-mentioned processor 401 and the memory 402 is not limited in this embodiment of the present application.
  • the processor 401 may be a central processing unit (central processing unit, CPU), and the processor 401 may also be other general-purpose processors, digital signal processors (digital signal process, DSP), application specific integrated circuit (application specific integrated circuit, ASIC) ), field programmable gate array (FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, artificial intelligence chips, chips on a chip, etc.
  • a general purpose processor may be a microprocessor or any conventional processor or the like. It has the function of data sending and receiving, and can communicate with other devices.
  • an independent data sending and receiving module can also be set, such as the communication interface 403, which is used to send and receive data; when the processor 401 communicates with other devices, it can Data transmission, such as receiving a key or a key update request, is performed through the communication interface 403 .
  • the processor 401 in FIG. 4 can execute instructions by invoking the computer stored in the memory 402 , so that the key management apparatus can execute any of the above method embodiments The method performed by the key management apparatus in .
  • the functions/implementation processes of the transmission unit, the storage unit, the update unit, and the verification unit in FIG. 3 can all be implemented by the processor 401 in FIG. 4 calling the computer-executed instructions stored in the memory 402 .
  • the function/implementation process of the storage unit and the update unit in FIG. 3 can be implemented by calling the computer execution instructions stored in the memory 402 by the processor 401 in FIG. 4
  • the function/implementation process of the transmission unit in FIG. 3 can be implemented by The communication interface 403 in FIG. 4 is implemented.
  • the embodiments of the present application may be provided as a method, a system, or a computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
  • computer-usable storage media including, but not limited to, disk storage, CD-ROM, optical storage, etc.
  • These computer program instructions may also be stored in a computer-readable memory capable of directing a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory result in an article of manufacture comprising instruction means, the instructions
  • the apparatus implements the functions specified in the flow or flows of the flowcharts and/or the block or blocks of the block diagrams.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Stored Programmes (AREA)

Abstract

Procédé et appareil de gestion de clé. Dans la présente demande, l'appareil de gestion de clé peut stocker une clé dans une zone de stockage sécurisée d'un dispositif, la clé étant une clé requise par le dispositif pendant le démarrage sécurisé, l'installation de logiciel ou la mise à niveau de logiciel. Puis, une demande de mise à jour de clé peut être reçue, la demande de mise à jour de clé étant utilisée pour demander de mettre à jour la clé, la demande de mise à jour de clé comprenant un justificatif de mise à jour, et le justificatif de mise à jour étant signé et publié par une plate-forme de confiance ; l'appareil de gestion de clé vérifie d'abord le justificatif de mise à jour, et, après que la vérification a réussi, met à jour la clé selon la demande de mise à jour de clé. L'appareil de gestion de clé peut mettre à jour la clé stockée dans la zone de stockage sécurisée, de telle sorte que la clé n'est plus non modifiable ; en outre, avant la mise à jour de la clé, le justificatif de mise à jour doit également être vérifié, et la clé peut être mise à jour uniquement lorsque la vérification du justificatif de mise à jour est réussie, de telle sorte que le procédé de mise à jour de clé est également plus sûr.
PCT/CN2021/123924 2020-12-03 2021-10-14 Procédé et appareil de gestion de clé WO2022116708A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202011411476.6 2020-12-03
CN202011411476.6A CN114598456A (zh) 2020-12-03 2020-12-03 一种密钥管理方法及装置

Publications (1)

Publication Number Publication Date
WO2022116708A1 true WO2022116708A1 (fr) 2022-06-09

Family

ID=81802880

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/123924 WO2022116708A1 (fr) 2020-12-03 2021-10-14 Procédé et appareil de gestion de clé

Country Status (2)

Country Link
CN (1) CN114598456A (fr)
WO (1) WO2022116708A1 (fr)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103595530A (zh) * 2012-08-17 2014-02-19 华为技术有限公司 软件密钥更新方法和装置
US20140359268A1 (en) * 2013-06-03 2014-12-04 Broadcom Corporation Methods of Securely Changing the Root Key of a Chip, and Related Electronic Devices and Chips
US20180183590A1 (en) * 2016-12-27 2018-06-28 Realtek Semiconductor Corporation Electronic component of electronic device, method of starting electronic device and encryption method
CN108287999A (zh) * 2017-01-10 2018-07-17 厦门雅迅网络股份有限公司 一种基于TrustZone的系统可信启动方法

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103595530A (zh) * 2012-08-17 2014-02-19 华为技术有限公司 软件密钥更新方法和装置
US20140359268A1 (en) * 2013-06-03 2014-12-04 Broadcom Corporation Methods of Securely Changing the Root Key of a Chip, and Related Electronic Devices and Chips
US20180183590A1 (en) * 2016-12-27 2018-06-28 Realtek Semiconductor Corporation Electronic component of electronic device, method of starting electronic device and encryption method
CN108287999A (zh) * 2017-01-10 2018-07-17 厦门雅迅网络股份有限公司 一种基于TrustZone的系统可信启动方法

Also Published As

Publication number Publication date
CN114598456A (zh) 2022-06-07

Similar Documents

Publication Publication Date Title
FI114416B (fi) Menetelmä elektroniikkalaitteen varmistamiseksi, varmistusjärjestelmä ja elektroniikkalaite
US20170308705A1 (en) System, device and method for anti-rollback protection of over-the-air updated device images
JP5740646B2 (ja) ソフトウェアのダウンロード方法
JP5373062B2 (ja) システム管理コマンドを提供するシステム及び方法
US11269655B2 (en) Bare metal device management
JP6585072B2 (ja) 不揮発性メモリ又はセキュア素子へのデータの読み込みを安全に行うこと
CN105934751B (zh) 目标设备的数据擦除
TW201415280A (zh) 用於確保連網至雲端運算環境的系統免於惡意程式碼攻擊之方法及服務
JP6846457B2 (ja) 自動検証方法及びシステム
WO2014206170A1 (fr) Procédé et dispositif de vérification
KR100660641B1 (ko) 휴대 단말기의 부팅 보안 방법 및 그 휴대 단말기
JP5076110B2 (ja) データを保証するためのシステム及び方法
JP2003122588A (ja) ソフトウェア処理装置及びソフトウェア・インストール方法
US10855451B1 (en) Removable circuit for unlocking self-encrypting data storage devices
CN113505363B (zh) 通过软件方式实现存储空间防重放的方法和系统
CN112613011B (zh) U盘系统认证方法、装置、电子设备及存储介质
WO2022116708A1 (fr) Procédé et appareil de gestion de clé
EP3737129B1 (fr) Procédé de gestion pour une instruction de gestion hors ligne et terminal
JP6610060B2 (ja) 中継装置、プログラム及び情報処理システム
CN113132108B (zh) 一种数字证书的吊销、校验方法及装置
CN111506897B (zh) 数据处理方法和装置
CN109863480B (zh) 包括只能由所有者记录的引导区的存储器
US20240070329A1 (en) Applying trusted backup configuration to a node
CN115525933B (zh) 数据防篡改方法、装置、电子设备及存储介质
TWI740214B (zh) 伺服器啟動方法

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21899742

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21899742

Country of ref document: EP

Kind code of ref document: A1