Search

CN-114491420-B - Firmware encryption method and device, electronic equipment and storage medium

CN114491420BCN 114491420 BCN114491420 BCN 114491420BCN-114491420-B

Abstract

The application is applicable to the technical field of equipment management and provides a method, a device, electronic equipment and a storage medium for encrypting firmware, wherein the method comprises the steps of responding to a firmware encryption instruction of target equipment, and authenticating an encryption device through a server; if the encryption device is identified to be legal, a response request is sent to the target device, the response request comprises a first random number, response information fed back by the target device based on the response request is received, the response information comprises a second random number, and if the response information comprises the first random number, an encrypted ciphertext related to firmware installed on the target device is generated according to the first device identifier of the target device and the second random number, and the encrypted ciphertext is sent to the target device. By adopting the method, the firmware and the encrypted ciphertext are bound, so that if the first equipment identifier corresponding to the firmware is inconsistent with the second equipment identifier of the local equipment, the firmware can be determined to be applied to other equipment, and the confidentiality of the firmware is ensured.

Inventors

  • Shen rixin

Assignees

  • 深圳市优必选科技股份有限公司

Dates

Publication Date
20260508
Application Date
20211230

Claims (8)

  1. 1. A method for encrypting firmware applied to an encrypting device, comprising: responding to a firmware encryption instruction of target equipment, and authenticating the encryption device through a server; If the encryption device is identified to be legal, a response request is sent to the target equipment, wherein the response request contains a first random number; Receiving response information fed back by the target equipment based on the response request, wherein the response information comprises a second random number, and the second random number is generated when the target equipment receives the response request; If the response information contains the first random number, generating an encrypted ciphertext about firmware installed on the target device according to a first device identifier of the target device and the second random number, and sending the encrypted ciphertext to the target device, wherein the encrypted ciphertext is used for authenticating the firmware based on the first device identifier in the encrypted ciphertext and a second device identifier stored locally in the target device when the target device starts the device through the firmware; the responding to the firmware encryption instruction of the target equipment, the server authenticates the encryption device, and the method comprises the following steps: acquiring a program identifier of a client program installed in the encryption device and generating a third random number; the server is used for generating a handshake response instruction based on the third random number and sending the handshake response instruction to the encryption device when the encryption device is identified to be legal based on the handshake instruction; The generating a handshake instruction according to the program identifier and the third random number, and sending the handshake instruction to the server, includes: acquiring a handshake communication protocol corresponding to the server; And encapsulating the program identifier and the third random number in the handshake communication protocol, encrypting the encapsulated handshake communication protocol through a preset first encryption algorithm to obtain the handshake instruction, so that the server can compare the handshake communication protocol with a local protocol cluster after decrypting the handshake instruction through a first decryption algorithm associated with the first encryption algorithm, and when the handshake communication protocol is matched with the protocol cluster, identifying whether the program identifier is a legal identifier, and then feeding back the handshake response instruction to the encryption device when the program identifier is the legal identifier.
  2. 2. The method of claim 1, further comprising, after said generating a handshake instruction from said program identification and said third random number and sending said handshake instruction to said server: if the handshake response instruction fed back by the server is received in a preset first time, judging whether the handshake response instruction contains the third random number or not; If the handshake response instruction contains the third random number, judging that the encryption device is legal; if the handshake response instruction fed back by the server is not received in the first time, generating network abnormality prompt information.
  3. 3. The method of claim 1, further comprising, after said sending a reply request to said target device if said encryption device is identified as legitimate: If the response information fed back by the target equipment is received in a preset second time, judging whether the response information contains the first random number or not; If the response information contains the first random number, executing the first equipment identifier of the target equipment and the second random number to generate an encrypted ciphertext about firmware installed on the target equipment, and sending the encrypted ciphertext to the target equipment; And if the response information fed back by the target equipment is not received in the second time, generating equipment abnormality prompt information.
  4. 4. A method according to any of claims 1-3, wherein said sending a reply request to said target device if said encryption means is identified as legitimate comprises: packaging the first random number and a preset random number generation instruction to obtain a random number generation instruction packet packaged with the first random number; Encrypting the random number generation instruction packet through a preset second encryption algorithm to obtain the response request, so that the target equipment decrypts the response request through a second decryption algorithm corresponding to the second encryption algorithm, extracts the random number generation instruction, generates the second random number based on the random number generation instruction, packages the second random number and the response instruction to obtain the response information, and then sends the response information to the encryption device.
  5. 5. A method according to any of claims 1-3, characterized in that after said authenticating the encryption means by the server in response to the firmware encryption instruction of the target device, it further comprises: receiving an authentication failure instruction fed back by the server, wherein the authentication failure instruction is sent to the encryption device when the encryption device is detected to be a secret leakage device; and generating an encryption suspension instruction in response to the authentication failure instruction, and stopping the firmware encryption operation of the target device.
  6. 6. An apparatus for firmware encryption, comprising: the firmware encryption response unit is used for responding to the firmware encryption instruction of the target equipment and authenticating the encryption device through the server; A response request sending unit, configured to send a response request to the target device if the encryption device is identified to be legal; The response information receiving unit is used for receiving response information fed back by the target equipment based on the response request, wherein the response information comprises a second random number, and the second random number is generated when the target equipment receives the response request; The encryption ciphertext sending unit is used for generating an encryption ciphertext about firmware installed on the target equipment according to a first equipment identifier of the target equipment and the second random number and sending the encryption ciphertext to the target equipment if the response information contains the first random number, wherein the encryption ciphertext is used for authenticating the firmware based on the first equipment identifier in the encryption ciphertext and a second equipment identifier stored locally in the target equipment when the target equipment is started through the firmware; the firmware encryption response unit includes: the program target acquisition unit comprises a program identifier for acquiring a client program installed in the encryption device and generating a third random number; The program label packaging unit comprises a program identifier, a program label packaging unit and a program label packaging unit, wherein the program identifier is used for generating a handshake instruction according to the program identifier and the third random number and sending the handshake instruction to the server; the program label packaging unit includes: A handshake communication protocol acquisition unit that acquires a handshake communication protocol corresponding to the server; And the handshake communication protocol encapsulation unit is used for encapsulating the program identifier and the third random number in the handshake communication protocol, encrypting the encapsulated handshake communication protocol through a preset first encryption algorithm to obtain the handshake instruction, so that the server can compare the handshake communication protocol with a local protocol cluster after decrypting the handshake instruction through a first decryption algorithm associated with the first encryption algorithm, and identifying whether the program identifier is a legal identifier or not when the handshake communication protocol is matched with the protocol cluster, and feeding back the handshake response instruction to the encryption device when the program identifier is the legal identifier.
  7. 7. An electronic device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, wherein the processor implements the method of any one of claims 1 to 5 when executing the computer program.
  8. 8. A computer readable storage medium storing a computer program, characterized in that the computer program when executed by a processor implements the method according to any one of claims 1 to 5.

Description

Firmware encryption method and device, electronic equipment and storage medium Technical Field The present application belongs to the technical field of device management, and in particular, relates to a firmware encryption method, a firmware encryption device, an electronic device, and a storage medium. Background With the continuous development of electronic technology, electronic devices are becoming more and more powerful. The realization of most functions of the electronic equipment is finished by virtue of firmware installed locally on the equipment, so that the confidentiality and the non-portability of the firmware directly influence the information security of the equipment, and how to improve the confidentiality of the firmware becomes an important ring of the information security of the equipment. In the existing firmware encryption technology, an additional encryption chip is generally added in a processor for installing firmware in electronic equipment, and the encryption is carried out on the operation in the processor through the external encryption chip, so that the confidentiality degree of the firmware in the equipment is improved. However, the above manner increases the cost of the electronic device due to the additional encryption chip, and the additional chip increases the difficulty of arrangement of the device circuit and increases the volume of the device in the trend of the electronic device towards light weight. Disclosure of Invention The embodiment of the application provides a firmware encryption method, a device, electronic equipment and a storage medium, which can solve the problems that the existing firmware encryption technology needs to add an additional encryption chip, so that the manufacturing cost of the electronic equipment is increased, and the additional chip is added to increase the arrangement difficulty of equipment circuits and the volume of equipment under the trend of the electronic equipment towards light weight development. In a first aspect, an embodiment of the present application provides a firmware encryption method, which is applied to an encryption device, including: responding to a firmware encryption instruction of target equipment, and authenticating the encryption device through a server; If the encryption device is identified to be legal, a response request is sent to the target equipment, wherein the response request contains a first random number; Receiving response information fed back by the target equipment based on the response request, wherein the response information comprises a second random number, and the second random number is generated when the target equipment receives the response request; And if the response information contains the first random number, generating an encrypted ciphertext about firmware installed on the target device according to the first device identifier of the target device and the second random number, and sending the encrypted ciphertext to the target device, wherein the encrypted ciphertext is used for authenticating the firmware based on the first device identifier in the encrypted ciphertext and the second device identifier stored locally in the target device when the target device starts the device through the firmware. In a possible implementation manner of the first aspect, the authenticating, by the server, the encryption device in response to a firmware encryption instruction of the target device includes: acquiring a program identifier of a client program installed in the encryption device and generating a third random number; and the handshake instruction is used for generating a handshake response instruction based on the third random number and sending the handshake response instruction to the encryption device when the server recognizes that the encryption device is legal based on the handshake instruction. In a possible implementation manner of the first aspect, after the generating a handshake instruction according to the program identifier and the third random number and sending the handshake instruction to the server, the method further includes: if the handshake response instruction fed back by the server is received in a preset first time, judging whether the handshake response instruction contains the third random number or not; If the handshake response instruction contains the third random number, judging that the encryption device is legal; if the handshake response instruction fed back by the server is not received in the first time, generating network abnormality prompt information. In a possible implementation manner of the first aspect, the generating a handshake instruction according to the program identifier and the third random number, and sending the handshake instruction to the server, includes: acquiring a handshake communication protocol corresponding to the server; And encapsulating the program identifier and the third random number in the handshake communication protocol, en