CN113434165A - Patch updating method and system for embedded operating system - Google Patents
Patch updating method and system for embedded operating system Download PDFInfo
- Publication number
- CN113434165A CN113434165A CN202110614911.3A CN202110614911A CN113434165A CN 113434165 A CN113434165 A CN 113434165A CN 202110614911 A CN202110614911 A CN 202110614911A CN 113434165 A CN113434165 A CN 113434165A
- Authority
- CN
- China
- Prior art keywords
- patch
- operating system
- embedded operating
- intelligent terminal
- area
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 53
- 230000004913 activation Effects 0.000 claims description 20
- 230000008569 process Effects 0.000 claims description 17
- 239000006185 dispersion Substances 0.000 claims description 11
- 238000004891 communication Methods 0.000 claims description 6
- 238000012545 processing Methods 0.000 claims description 6
- 238000000638 solvent extraction Methods 0.000 claims description 4
- 230000003213 activating effect Effects 0.000 claims description 3
- 230000000694 effects Effects 0.000 claims description 3
- 230000006870 function Effects 0.000 description 8
- 238000010586 diagram Methods 0.000 description 6
- 238000004590 computer program Methods 0.000 description 3
- 238000013475 authorization Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/65—Updates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Stored Programmes (AREA)
Abstract
The invention discloses a patch updating method and a system of an embedded operating system, which relate to the field of intelligent terminals and intelligent cards, and the method comprises the steps of creating a BOOT area, an OS area, a user data area, a patch information area, a patch code area and a variable area in a storage space of the embedded operating system; generating a secret key based on the version number of the embedded operating system and a random number generated by the embedded operating system; encrypting a patch of the embedded operating system based on the secret key, and sending the encrypted patch to the intelligent terminal to which the embedded operating system belongs by the FOTA server; and the intelligent terminal receives the patch, decrypts the patch based on the secret key, and finishes the upgrading and updating of the embedded operating system based on the decrypted patch. The invention can effectively reduce the upgrading cost of the embedded operating system and ensure the normal use of the user.
Description
Technical Field
The invention relates to the field of intelligent terminals and intelligent cards, in particular to a patch updating method and a patch updating system for an embedded operating system.
Background
Along with the popularization of intelligent terminals and intelligent cards, the intelligent terminals and the intelligent cards are widely applied to various fields in life, and great convenience is provided for daily life. However, after the intelligent terminal device or the intelligent card is sold to the client, if it is found that the intelligent terminal device or the intelligent card has a bug (bug) or needs to be expanded, it is difficult to upgrade the intelligent terminal device or the intelligent card in a recall manner; furthermore, if a recall upgrade is made, the operating costs will be significant, and the recall process may also cause irreparable damage to the customer.
Disclosure of Invention
Aiming at the defects in the prior art, the invention aims to provide a patch updating method and a patch updating system for an embedded operating system, which can effectively reduce the upgrading cost of the embedded operating system and ensure the normal use of a user.
In order to achieve the above object, the patch updating method for an embedded operating system provided by the present invention specifically includes the following steps:
a BOOT area, an OS area, a user data area, a patch information area, a patch code area and a variable area are established in a storage space of an embedded operating system;
generating a secret key based on the version number of the embedded operating system and a random number generated by the embedded operating system;
encrypting a patch of the embedded operating system based on the secret key, and sending the encrypted patch to the intelligent terminal to which the embedded operating system belongs by the FOTA server;
and the intelligent terminal receives the patch, decrypts the patch based on the secret key, and finishes the upgrading and updating of the embedded operating system based on the decrypted patch.
On the basis of the technical proposal, the device comprises a shell,
the BOOT area is used for storing an interrupt vector table, a communication code, an encryption and decryption code and a FLASH/EEPROM read-write code;
the OS area is used for storing OS codes;
the user data area is used for storing data required to be stored in the OS operation process;
the patch information area is used for storing a patch effect mark, patch version information and patch length;
the patch code area is used for storing patches;
the variable area is used for storing a temporary scalar generated in the running process of the OS.
On the basis of the above technical solution, before generating the key based on the version number of the embedded operating system and the random number generated by the embedded operating system, the method further includes:
based on a network communication mode, the FOTA server inquires the version number of the embedded operating system;
the intelligent terminal sends the version number of the embedded operating system to the FOTA server;
the FOTA server judges whether the embedded operating system needs to be upgraded or not based on the version number of the embedded operating system:
if yes, generating a secret key based on the version number of the embedded operating system and a random number generated by the embedded operating system;
if not, the process is ended.
On the basis of the technical scheme, the key is generated based on the version number of the embedded operating system and the random number generated by the embedded operating system, and the specific steps comprise:
the embedded operating system generates a random number and sends the generated random number to the FOTA server;
the FOTA server fills the random number and the version number of the embedded operating system into dispersion factors, and disperses the patch downloading encryption and decryption keys to obtain keys for encrypting the patch;
and the embedded operating system fills the random number and the version number of the embedded operating system into dispersion factors, and disperses the patch downloading encryption and decryption keys to obtain keys for decrypting the patch.
On the basis of the above technical solution, before encrypting the patch of the embedded operating system based on the key, the method further includes:
the method comprises the following steps that an intelligent terminal manufacturer develops and generates a patch of an embedded operating system, and the patch is converted into an HEX or BIN file;
the FOTA server acquires the HEX or BIN file and packs the HEX or BIN file.
On the basis of the technical scheme, the patch of the embedded operating system is encrypted based on the secret key, the FOTA server sends the encrypted patch to the intelligent terminal to which the embedded operating system belongs, and the method specifically comprises the following steps:
the FOTA server encrypts the packed HEX or BIN file by using a key for encrypting the patch to obtain a patch frame;
and the FOTA server sends the patch frame to the intelligent terminal to which the embedded operating system belongs.
On the basis of the technical scheme, the intelligent terminal receives the patch and decrypts the patch based on the secret key, and the method specifically comprises the following steps:
the intelligent terminal receives a patch frame sent by the FOTA server;
the intelligent terminal decrypts the patch frames by using the temporary patch downloading decryption key to obtain patches until all the patch frames are received and decrypted;
the generation process of the temporary patch downloading decryption key comprises the following steps: and the intelligent terminal fills the random number and the version number of the embedded operating system into dispersion factors, and disperses the patch downloading encryption and decryption keys stored by the intelligent terminal to obtain the temporary patch downloading decryption keys.
On the basis of the above technical solution, after all patch frames are received and decrypted, the method further includes: and activating the patch program, and storing the patch effective mark, the patch version information and the patch length.
On the basis of the technical scheme, the updating of the embedded operating system based on the decrypted patch is completed, and the method specifically comprises the following steps:
the FOTA server sends a patch activation instruction to the intelligent terminal, wherein the patch activation instruction comprises a CRC32 check code;
the intelligent terminal receives the patch activation instruction and judges whether a patch CRC32 check code stored by the intelligent terminal is consistent with a CRC32 check code in the patch activation instruction:
if so, modifying the activation mark of the patch into activated, starting the patch, and then finishing the upgrading and updating of the embedded operating system based on the patch;
if not, the process is ended.
The invention provides a patch updating system of an embedded operating system, which comprises:
the system comprises a partitioning module, a processing module and a processing module, wherein the partitioning module is used for creating a BOOT area, an OS area, a user data area, a patch information area, a patch code area and a variable area in a storage space of an embedded operating system;
the generation module is used for generating a secret key based on the version number of the embedded operating system and the random number generated by the embedded operating system;
the sending module is used for encrypting the patch of the embedded operating system based on the secret key and driving the FOTA server to send the encrypted patch to the intelligent terminal to which the embedded operating system belongs;
and the updating module is used for driving the intelligent terminal to receive the patch and decrypt based on the secret key, and finishing the updating of the embedded operating system based on the decrypted patch.
Compared with the prior art, the invention has the advantages that: after the patch of the embedded operating system is encrypted, the FOTA server sends the encrypted patch to the intelligent terminal to which the embedded operating system belongs, the intelligent terminal receives and decrypts the patch, and the upgrade and update of the embedded operating system are completed based on the decrypted patch, namely, the upgrade and update of the embedded operating system are realized in a network mode, the intelligent terminal does not need to be recalled, the upgrade cost of the embedded operating system is effectively reduced, and the normal use of a user is ensured.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a flowchart of a patch updating method of an embedded operating system according to an embodiment of the present invention.
Detailed Description
The embodiment of the invention provides a patch updating method of an embedded operating system, which comprises the steps that after a patch of the embedded operating system is encrypted, an FOTA server sends the encrypted patch to an intelligent terminal to which the embedded operating system belongs, the intelligent terminal receives and decrypts the patch, and the updating of the embedded operating system is completed based on the decrypted patch, namely the updating of the embedded operating system is realized in a network mode, the intelligent terminal does not need to be recalled, the updating cost of the embedded operating system is effectively reduced, and the normal use of a user is ensured. The embodiment of the invention correspondingly provides a patch updating system of the embedded operating system.
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Referring to fig. 1, an embodiment of the present invention provides a patch update method for an embedded operating system, which is used for performing FOTA (Firmware Over the Air-Air) operation on an intelligent device or an intelligent card that satisfies the following characteristics: 1. the smart device or smart card is already in a normal use phase; 2. functional bugs need to be modified; 3. the function expansion needs to be supported, and the system function needs to be updated; 4. the operating system updates and supports the FOTA mode; 5. the operating system update process does not affect the user data. The embedded Operating System in the embodiment of the invention comprises a smart card COS (chip Operating System).
Specifically, the patch updating method for the embedded operating system in the embodiment of the present invention includes the following steps:
s1: a BOOT area, an OS (operating system) area, a user data area, a patch information area, a patch code area, and a variable area are created in a storage space of an embedded operating system.
In the embodiment of the present invention, the BOOT area is used to store an interrupt vector table, a communication code, an encryption/decryption code, and a FLASH Memory/EEPROM (Electrically Erasable Programmable Read-Only Memory) Read-write code, and the BOOT area may be a ROM (Read-Only Memory); the OS area is used for storing OS codes, the OS area further includes ECASD (Embedded-controlled authorization Security Domain), the download patch function of the entire system is completed by ECASD, and the OS area may be ROM; the user data area is used for storing data which needs to be stored in the operating process of the OS, and the power failure information of the nonvolatile storage area is not lost in the user data area; the patch information area is used for storing a patch effect mark, patch version information and patch length, and the patch information area is a nonvolatile storage area; the patch code area is used for storing patches, namely storing patch codes, and the patch code area is a nonvolatile storage area; the variable area is used for storing a temporary scalar quantity generated in the operating process of the OS, the variable area is an RAM (Random Access Memory) area, and power failure information is lost.
S2: generating a secret key based on the version number of the embedded operating system and a random number generated by the embedded operating system;
s3: encrypting a patch of the embedded operating system based on the secret key, and sending the encrypted patch to the intelligent terminal to which the embedded operating system belongs by the FOTA server;
s4: and the intelligent terminal receives the patch, decrypts the patch based on the secret key, and finishes the upgrading and updating of the embedded operating system based on the decrypted patch.
In the embodiment of the present invention, before generating the key based on the version number of the embedded operating system and the random number generated by the embedded operating system, the method further includes:
s201: based on a network communication mode, the FOTA server inquires the version number of the embedded operating system;
s202: the intelligent terminal sends the version number of the embedded operating system to the FOTA server;
specifically, the FOTA server queries, via the network, the version number, the OS checksum, the patch activation status, and the checksum of the embedded operating system, where the query command is as shown in table 1 below:
TABLE 1
| Value of | Length of | Description of the invention |
| 80 | 1 | CLA |
| CA | 1 | INS |
| 2A | 1 | P1 |
| 05 | 1 | P2 |
| 0E | 1 | Le |
In table 1, CLA indicates the instruction class, INS indicates the instruction code, P1 indicates the argument 1, P2 indicates the argument 2, and Le indicates the expected return data length of the instruction.
The intelligent terminal returns data aiming at the query command, and the data format is as follows: OS version number (2 bytes) + OS checksum (4 bytes) + patch active status (4 bytes) + patch checksum (4 bytes).
S203: the FOTA server judges whether the embedded operating system needs to be upgraded or not based on the version number of the embedded operating system: if yes, generating a secret key based on the version number of the embedded operating system and a random number generated by the embedded operating system; if not, the process is ended.
In the embodiment of the invention, a secret key is generated based on the version number of the embedded operating system and the random number generated by the embedded operating system, and the specific steps comprise:
s211: the embedded operating system generates a random number and sends the generated random number to the FOTA server; the generated random number is 8 bytes.
The FOTA server sends a random number generation command to the embedded operating system, and the embedded operating system generates a random number based on the random number generation command, wherein the random number generation command is shown in the following table 2:
TABLE 2
| Value of | Length of | Description of the invention |
| 80 | 1 | CLA |
| E2 | 1 | INS |
| 88 | 1 | P1 |
| 00 | 1 | P2 |
| 4 | 1 | Lc |
| Length | 4 | Total length of patch code |
| 8 | 1 | Le, take 8 bytes of random number |
S212: the FOTA server fills the random number and the version number of the embedded operating system into dispersion factors, and disperses the patch downloading encryption and decryption keys to obtain keys for encrypting the patch;
specifically, the FOTA server fills the random number of 8 bytes and the version number of the embedded operating system into dispersion factors of 16 bytes, and disperses the patch download encryption and decryption keys to obtain keys for encrypting the patch.
S213: and the embedded operating system fills the random number and the version number of the embedded operating system into dispersion factors, and disperses the patch downloading encryption and decryption keys to obtain keys for decrypting the patch.
Specifically, the embedded operating system fills the random number of 8 bytes and the version number of the embedded operating system into dispersion factors of 16 bytes, and disperses the patch download encryption and decryption keys to obtain keys for decrypting the patch.
In the embodiment of the invention: before encrypting the patch of the embedded operating system based on the key, the method further comprises the following steps:
s311: the method comprises the following steps that an intelligent terminal manufacturer develops and generates a patch of an embedded operating system, and the patch is converted into an HEX or BIN file; both HEX and BIN are a format for files.
S312: the FOTA server acquires the HEX or BIN file and packs the HEX or BIN file.
In the embodiment of the invention: encrypting the patch of the embedded operating system based on the key, and sending the encrypted patch to the intelligent terminal to which the embedded operating system belongs by the FOTA server, wherein the method specifically comprises the following steps:
s321: the FOTA server encrypts the packed HEX or BIN file by using a key for encrypting the patch to obtain a patch frame;
the format of the patch frame is shown in table 3 below:
TABLE 3
| Value of | Length of | Description of the invention |
| 80 | 1 | CLA |
| E2 | 1 | INS |
| 88 | 1 | P1 |
| 00 | 1 | P2 |
| xx | 1 | Lc |
| Offset of | 4 | Current frame patch data offset |
| Code | xx-4 | Current frame patch code (ciphertext) |
S322: and the FOTA server sends the patch frame to the intelligent terminal to which the embedded operating system belongs.
In the embodiment of the invention, the intelligent terminal receives the patch and decrypts based on the key, and the specific steps comprise:
s401: the intelligent terminal receives a patch frame sent by the FOTA server;
s402: and the intelligent terminal decrypts the patch frames by using the temporary patch downloading decryption key to obtain the patch until all the patch frames are received and decrypted.
The generation process of the temporary patch downloading decryption key comprises the following steps: and the intelligent terminal fills the random number and the version number of the embedded operating system into dispersion factors, and disperses the patch downloading encryption and decryption keys stored by the intelligent terminal to obtain the temporary patch downloading decryption keys.
The FOTA server encrypts the packed HEX or BIN file by using a key for encrypting the patch, a plurality of patch frames are obtained, only one patch frame is sent to the intelligent terminal every time, the intelligent terminal verifies the correctness and the integrity of the patch frame after receiving and decrypting the patch frame, the patch frame is stored if the verification is passed, then the FOTA server sends the next patch frame to the intelligent terminal until all the patch frames are sent and stored, and the checksum is verified after the patch frame is downloaded.
In this embodiment of the present invention, after all patch frames are received and decrypted, the method further includes: and activating the patch program, and storing the patch effective mark, the patch version information and the patch length.
In the embodiment of the invention, the updating of the embedded operating system is completed based on the decrypted patch, and the specific steps comprise:
s411: the FOTA server sends a patch activation instruction to the intelligent terminal, wherein the patch activation instruction comprises a CRC32 check code;
the patch activation instructions are shown in table 4 below:
TABLE 4
| Value of | Length of | Description of the invention |
| 80 | 1 | CLA |
| E2 | 1 | INS |
| 88 | 1 | P1 |
| 00 | 1 | P2 |
| 04 | 1 | Lc |
| CRC32 | 4 | CRC32 check code for all patches |
S412: the intelligent terminal receives the patch activation instruction and judges whether a patch CRC32 check code stored by the intelligent terminal is consistent with a CRC32 check code in the patch activation instruction: if so, modifying the activation mark of the patch into activated, starting the patch, and then finishing the upgrading and updating of the embedded operating system based on the patch; if not, the process is ended.
For the starting of the patch, the embedded operating system runs the related function, checks the activation mark of the patch, if the activation mark of the patch is invalid, the function is continuously run, and if the activation mark of the patch is valid, the embedded operating system jumps to the entry of the patch function to run the patch function.
According to the patch updating method of the embedded operating system, after the patch of the embedded operating system is encrypted, the FOTA server sends the encrypted patch to the intelligent terminal to which the embedded operating system belongs, the intelligent terminal receives and decrypts the patch, and the updating of the embedded operating system is completed based on the decrypted patch, namely the updating of the embedded operating system is realized in a network mode, the intelligent terminal does not need to be recalled, the updating cost of the embedded operating system is effectively reduced, and normal use of a user is guaranteed.
The patch updating system of the embedded operating system provided by the embodiment of the invention comprises a dividing module, a generating module, a sending module and an updating module.
The division module is used for creating a BOOT area, an OS area, a user data area, a patch information area, a patch code area and a variable area in the storage space of the embedded operating system; the generation module is used for generating a secret key based on the version number of the embedded operating system and a random number generated by the embedded operating system; the sending module is used for encrypting the patch of the embedded operating system based on the secret key and driving the FOTA server to send the encrypted patch to the intelligent terminal to which the embedded operating system belongs; and the updating module is used for driving the intelligent terminal to receive the patch and decrypt based on the secret key, and finishing the updating of the embedded operating system based on the decrypted patch.
The above description is merely exemplary of the present application and is presented to enable those skilled in the art to understand and practice the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Claims (10)
1. A patch updating method of an embedded operating system is characterized by comprising the following steps:
a BOOT area, an OS area, a user data area, a patch information area, a patch code area and a variable area are established in a storage space of an embedded operating system;
generating a secret key based on the version number of the embedded operating system and a random number generated by the embedded operating system;
encrypting a patch of the embedded operating system based on the secret key, and sending the encrypted patch to the intelligent terminal to which the embedded operating system belongs by the FOTA server;
and the intelligent terminal receives the patch, decrypts the patch based on the secret key, and finishes the upgrading and updating of the embedded operating system based on the decrypted patch.
2. A patch update method for an embedded operating system as claimed in claim 1, wherein:
the BOOT area is used for storing an interrupt vector table, a communication code, an encryption and decryption code and a FLASH/EEPROM read-write code;
the OS area is used for storing OS codes;
the user data area is used for storing data required to be stored in the OS operation process;
the patch information area is used for storing a patch effect mark, patch version information and patch length;
the patch code area is used for storing patches;
the variable area is used for storing a temporary scalar generated in the running process of the OS.
3. The patch update method of an embedded operating system as claimed in claim 1, wherein before generating the key based on the version number of the embedded operating system and the random number generated by the embedded operating system, further comprising:
based on a network communication mode, the FOTA server inquires the version number of the embedded operating system;
the intelligent terminal sends the version number of the embedded operating system to the FOTA server;
the FOTA server judges whether the embedded operating system needs to be upgraded or not based on the version number of the embedded operating system:
if yes, generating a secret key based on the version number of the embedded operating system and a random number generated by the embedded operating system;
if not, the process is ended.
4. The patch updating method of the embedded operating system according to claim 1, wherein the key is generated based on the version number of the embedded operating system and a random number generated by the embedded operating system, and the specific steps include:
the embedded operating system generates a random number and sends the generated random number to the FOTA server;
the FOTA server fills the random number and the version number of the embedded operating system into dispersion factors, and disperses the patch downloading encryption and decryption keys to obtain keys for encrypting the patch;
and the embedded operating system fills the random number and the version number of the embedded operating system into dispersion factors, and disperses the patch downloading encryption and decryption keys to obtain keys for decrypting the patch.
5. A patch update method for an embedded operating system as claimed in claim 4, wherein before encrypting the patch for the embedded operating system based on said key, further comprising:
the method comprises the following steps that an intelligent terminal manufacturer develops and generates a patch of an embedded operating system, and the patch is converted into an HEX or BIN file;
the FOTA server acquires the HEX or BIN file and packs the HEX or BIN file.
6. The method for updating the patch of the embedded operating system according to claim 5, wherein the patch of the embedded operating system is encrypted based on the secret key, and the FOTA server sends the encrypted patch to the intelligent terminal to which the embedded operating system belongs, and the method specifically comprises the following steps:
the FOTA server encrypts the packed HEX or BIN file by using a key for encrypting the patch to obtain a patch frame;
and the FOTA server sends the patch frame to the intelligent terminal to which the embedded operating system belongs.
7. The patch updating method of the embedded operating system according to claim 6, wherein the intelligent terminal receives the patch and decrypts based on the key, and the specific steps include:
the intelligent terminal receives a patch frame sent by the FOTA server;
the intelligent terminal decrypts the patch frames by using the temporary patch downloading decryption key to obtain patches until all the patch frames are received and decrypted;
the generation process of the temporary patch downloading decryption key comprises the following steps: and the intelligent terminal fills the random number and the version number of the embedded operating system into dispersion factors, and disperses the patch downloading encryption and decryption keys stored by the intelligent terminal to obtain the temporary patch downloading decryption keys.
8. A patch update method for an embedded operating system as claimed in claim 7, wherein when all patch frames are received and decrypted, further comprising: and activating the patch program, and storing the patch effective mark, the patch version information and the patch length.
9. The patch updating method of the embedded operating system according to claim 1, wherein the updating of the embedded operating system based on the decrypted patch is completed by the specific steps of:
the FOTA server sends a patch activation instruction to the intelligent terminal, wherein the patch activation instruction comprises a CRC32 check code;
the intelligent terminal receives the patch activation instruction and judges whether a patch CRC32 check code stored by the intelligent terminal is consistent with a CRC32 check code in the patch activation instruction:
if so, modifying the activation mark of the patch into activated, starting the patch, and then finishing the upgrading and updating of the embedded operating system based on the patch;
if not, the process is ended.
10. A patch update system for an embedded operating system, comprising:
the system comprises a partitioning module, a processing module and a processing module, wherein the partitioning module is used for creating a BOOT area, an OS area, a user data area, a patch information area, a patch code area and a variable area in a storage space of an embedded operating system;
the generation module is used for generating a secret key based on the version number of the embedded operating system and the random number generated by the embedded operating system;
the sending module is used for encrypting the patch of the embedded operating system based on the secret key and driving the FOTA server to send the encrypted patch to the intelligent terminal to which the embedded operating system belongs;
and the updating module is used for driving the intelligent terminal to receive the patch and decrypt based on the secret key, and finishing the updating of the embedded operating system based on the decrypted patch.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110614911.3A CN113434165A (en) | 2021-06-02 | 2021-06-02 | Patch updating method and system for embedded operating system |
| PCT/CN2021/104185 WO2022252330A1 (en) | 2021-06-02 | 2021-07-02 | Patch-based update method and system for embedded operating system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110614911.3A CN113434165A (en) | 2021-06-02 | 2021-06-02 | Patch updating method and system for embedded operating system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113434165A true CN113434165A (en) | 2021-09-24 |
Family
ID=77803598
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110614911.3A Pending CN113434165A (en) | 2021-06-02 | 2021-06-02 | Patch updating method and system for embedded operating system |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN113434165A (en) |
| WO (1) | WO2022252330A1 (en) |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1720715A (en) * | 2002-12-03 | 2006-01-11 | 纳格拉影像股份有限公司 | Method of securing software updates |
| CN103546576A (en) * | 2013-10-31 | 2014-01-29 | 中安消技术有限公司 | Remote automatic updating method and system of embedded equipment |
| US20160188317A1 (en) * | 2014-12-29 | 2016-06-30 | Paul Hilliar | Over-the-air-provisioning of application library |
| CN106251132A (en) * | 2016-07-28 | 2016-12-21 | 恒宝股份有限公司 | A kind of HCE security off-line promotes system and implementation method |
| CN109257327A (en) * | 2017-07-14 | 2019-01-22 | 中国电力科学研究院 | A kind of the communication message safety interacting method and device of electrical power distribution automatization system |
| CN109495307A (en) * | 2018-11-27 | 2019-03-19 | 北京车和家信息技术有限公司 | Method for upgrading system, OTA upgrade package encryption method, terminal device and vehicle |
| CN110147329A (en) * | 2019-05-24 | 2019-08-20 | 武汉瓯越网视有限公司 | A kind of method, apparatus and terminal of dynamic detection simulator |
| CN110351314A (en) * | 2018-04-03 | 2019-10-18 | 厦门雅迅网络股份有限公司 | The remote upgrade method and computer readable storage medium of automobile controller |
| WO2020014926A1 (en) * | 2018-07-19 | 2020-01-23 | 华为技术有限公司 | Patch package generation method and device |
| CN111399894A (en) * | 2020-03-23 | 2020-07-10 | 恒宝股份有限公司 | Smart card, smart card operating system upgrading method and system |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1632848A1 (en) * | 2004-09-06 | 2006-03-08 | Irdeto Access B.V. | Method of providing patches for software |
| CN110162328B (en) * | 2019-05-28 | 2023-11-03 | 东信和平科技股份有限公司 | Method and device for upgrading intelligent card operating system |
| CN112672342B (en) * | 2021-01-11 | 2023-03-24 | 金卡智能集团股份有限公司 | Data transmission method, device, equipment, system and storage medium |
-
2021
- 2021-06-02 CN CN202110614911.3A patent/CN113434165A/en active Pending
- 2021-07-02 WO PCT/CN2021/104185 patent/WO2022252330A1/en active Application Filing
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1720715A (en) * | 2002-12-03 | 2006-01-11 | 纳格拉影像股份有限公司 | Method of securing software updates |
| CN103546576A (en) * | 2013-10-31 | 2014-01-29 | 中安消技术有限公司 | Remote automatic updating method and system of embedded equipment |
| US20160188317A1 (en) * | 2014-12-29 | 2016-06-30 | Paul Hilliar | Over-the-air-provisioning of application library |
| CN106251132A (en) * | 2016-07-28 | 2016-12-21 | 恒宝股份有限公司 | A kind of HCE security off-line promotes system and implementation method |
| CN109257327A (en) * | 2017-07-14 | 2019-01-22 | 中国电力科学研究院 | A kind of the communication message safety interacting method and device of electrical power distribution automatization system |
| CN110351314A (en) * | 2018-04-03 | 2019-10-18 | 厦门雅迅网络股份有限公司 | The remote upgrade method and computer readable storage medium of automobile controller |
| WO2020014926A1 (en) * | 2018-07-19 | 2020-01-23 | 华为技术有限公司 | Patch package generation method and device |
| CN109495307A (en) * | 2018-11-27 | 2019-03-19 | 北京车和家信息技术有限公司 | Method for upgrading system, OTA upgrade package encryption method, terminal device and vehicle |
| CN110147329A (en) * | 2019-05-24 | 2019-08-20 | 武汉瓯越网视有限公司 | A kind of method, apparatus and terminal of dynamic detection simulator |
| CN111399894A (en) * | 2020-03-23 | 2020-07-10 | 恒宝股份有限公司 | Smart card, smart card operating system upgrading method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2022252330A1 (en) | 2022-12-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9916574B2 (en) | Secure computing device and method | |
| CN105573780B (en) | A kind of mobile terminal operating system upgrade method and device based on container | |
| CN109558160A (en) | Upgrade method, embedded system | |
| EP2879327A1 (en) | Encryption and decryption processing method, apparatus and device | |
| CN109862099B (en) | Upgrade checking method, device, terminal and system | |
| CN104166565A (en) | Intelligent display terminal firmware updating method | |
| US10977021B2 (en) | SE applet processing method, terminal, and server | |
| CN105511920B (en) | A kind of mobile terminal operating system upgrade method and device based on container | |
| CN111240709A (en) | Firmware upgrading method and system of POS equipment based on android system | |
| CN104166564A (en) | Display terminal program updating method | |
| KR102083751B1 (en) | Methods for Managing Objects in Security Elements | |
| CN107239299B (en) | Plug-in upgrading method and device | |
| CN110874467A (en) | Information processing method, device, system, processor and storage medium | |
| CN105279441A (en) | Methods and architecture for encrypting and decrypting data | |
| CN111026419A (en) | Application program upgrading method, device and system of single chip microcomputer | |
| CN101739530B (en) | Encryption method of advanced reduced instruction-set computer (RISC) machine (ARM) system in starting process | |
| CN102831357B (en) | Encryption and authentication protection method and system of secondary development embedded type application program | |
| EP3764224B1 (en) | Resource permission processing method and apparatus, and storage medium and chip | |
| CN111399894B (en) | Smart card, smart card operating system upgrading method and smart card operating system upgrading system | |
| CN107995230B (en) | A kind of method for down loading and terminal | |
| CN113434165A (en) | Patch updating method and system for embedded operating system | |
| CN113885907A (en) | Firmware upgrading system and method | |
| CN115242413A (en) | Internet of things equipment firmware safety upgrading method and device, electronic equipment and medium | |
| CN111064723A (en) | Over-the-air upgrading method and system based on backup system | |
| CN114143197B (en) | OTA (over the air) upgrading method, device and equipment for Internet of things equipment and readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |