CN108491229A - A kind of method that Femtocell equipment safeties start - Google Patents
A kind of method that Femtocell equipment safeties start Download PDFInfo
- Publication number
- CN108491229A CN108491229A CN201810101360.9A CN201810101360A CN108491229A CN 108491229 A CN108491229 A CN 108491229A CN 201810101360 A CN201810101360 A CN 201810101360A CN 108491229 A CN108491229 A CN 108491229A
- Authority
- CN
- China
- Prior art keywords
- image
- kernel
- mirror image
- bootloader
- original
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/4401—Bootstrapping
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/14—Error detection or correction of the data by redundancy in operation
- G06F11/1402—Saving, restoring, recovering or retrying
- G06F11/1415—Saving, restoring, recovering or retrying at system level
- G06F11/1417—Boot up procedures
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/4401—Bootstrapping
- G06F9/4416—Network booting; Remote initial program loading [RIPL]
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
- G06F9/44505—Configuring for program initiating, e.g. using registry, configuration files
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Quality & Reliability (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of methods that Femtocell equipment safeties start, and include the following steps:After Femtocell device powers, Boot Rom are loaded;Carry out mirror image verification successively in the following order:When Boot Rom guiding Starter, Starter mirror images are verified;When Starter guides FM Bootloader, FM Bootloader mirror images are verified;When FM Bootloader guide Kernel, Kernel mirror images are verified;In Kernel carry root file systems, Rootfs mirror images are verified;After above-mentioned verification passes through, Femtocell equipment normally starts.This invention ensures that the Femtocell equipment for being deployed in user side can identify and start the specific operating system by certification, so as to avoid user by carrying out third party system update to Flash to realize the complete control to Femtocell equipment, the safety of Femtocell equipment startup is improved.
Description
Technical Field
The invention relates to the technical field of communication, in particular to a safe starting method of Femtocell equipment.
Background
The Femtocell home base station, which can provide the mobile communication capability inside the house at the maximum data rate and does not need to install the microcellular node, is considered as one of the means for solving the indoor coverage in the industry and is a way for the convergence of the fixed network and the mobile network.
However, unlike the traditional macro base station high-reliability dedicated backhaul method, the Femtocell relies on a fixed network broadband, and needs to access the Internet through a fixed network resource via a public IP network, so that access security becomes a large hotspot, and a mobile operator must plan and deploy the Femtocell network security problem integrally.
The traditional security problem of the Femtocell mainly comprises an air interface, an IP public network and a user access terminal. Since the access point terminal of the Femtocell is deployed at the user side, the attack to the Femtocell device itself is becoming a new security threat compared with the traditional base station. The traditional mode for avoiding the security threat is to adopt a reserved debugging interface and reinforced security storage, but if a user updates a third-party system to obtain a control authority through Femtocell equipment, the user data can be obtained at will and further attacks can be carried out on a transmission link and a core network.
The embedded Linux operating system adopted by the Femtocell device mainly comprises Boot Rom (a section of unchangeable Boot code image solidified in the CPU), Starter (an image for performing identity verification with the Boot Rom and booting Bootloader), FM Bootloader (device vendor Bootloader), Kernel (operating system Kernel) and Rootfs (root file system).
The starting process of the traditional Femtocell equipment is as follows:
performing Boot Rom self-check, reading a Starter in Flash, and running the Starter in a memory;
the Starter reads the FM Bootloader in the Flash to run in the memory;
performing self-checking on the FM Bootloader, reading a Kernel in the Flash, and running the Kernel in the memory;
kernel mounts Rootfs.
In the above flow, the validity of the images of the Starter, the FM Bootloader, the Kernel, and the Rootfs cannot be guaranteed, and the images may be updated to a third party to tamper with the system.
In view of this, it is urgently needed to provide a method for safely starting a Femtocell device, so as to ensure that the Femtocell device deployed on a user side can identify and start a specific authenticated operating system, thereby preventing the user from performing third-party system update on Flash to achieve complete control over the Femtocell device.
Disclosure of Invention
The technical problem to be solved by the invention is to ensure that the Femtocell equipment deployed at the user side can identify and start a specific authenticated operating system, thereby avoiding the user from completely controlling the Femtocell equipment by updating a third-party system on Flash.
In order to solve the technical problem, the technical scheme adopted by the invention is to provide a safe starting method of Femtocell equipment, which comprises the following steps:
when the Femtocell equipment is started, mirror image verification is sequentially carried out according to the following sequence:
when Boot Rom guides the Starter, checking a Starter mirror image;
when the Starter guides the FM Bootloader, checking the FM Bootloader mirror image;
checking a Kernel mirror image when the FM Bootloader guides the Kernel;
when Kernel mounts a root file system, checking a Rootfs mirror image;
and after the verification passes, normally starting the Femtocell equipment.
In the method, the mirror image verification adopts a mirror image and digital signature mode.
In the method, the Starter mirror image, the FM Bootloader mirror image, the Kernel mirror image and the Rootfs mirror image are generated by combining an original mirror image and a digital signature.
In the method, each link guiding Starter from Root Rom, guiding FM Bootloader from Starter, guiding Kernel from FMbootloader, and mounting Rootfs on Kernel is subjected to mirror image verification in a mirror image and digital signature mode, and the method specifically comprises the following steps:
s01, reading mirror image data in Flash, wherein the mirror image data comprises an original mirror image and a digital signature;
s02, separating the mirror image data to obtain an original mirror image, transmitting the original mirror image into a hash function, and returning the hash abstract of the original mirror image;
s03, separating the mirror image data to obtain a digital signature, and decrypting the digital signature by using the public key of the Femtocell equipment to obtain the hash abstract of the original mirror image;
s04, comparing the hash digest values in S02 and S03, if equal, starting normally; otherwise, the start is stopped.
In the method, after the FM Bootloader mirror image is read into the RAM and normally operates, the FMbootloader reads the Kernel mirror image and the digital signature after the Kernel mirror image from the Flash, and checks by using the Kernel mirror image and the digital signature to judge the legality of the Kernel mirror image.
In the above method, the digital signature is 256 bytes after the Kernel image.
In the above method, the verifying the FM Bootloader image by using the Kernel image and the digital signature specifically includes the following steps:
s10, reading Kernel mirror image data in Flash by an FM Bootloader, wherein the Kernel mirror image data comprise an original Kernel mirror image uImage and a uImage digital signature;
s11, separating the kernel original image, transmitting the kernel original image into a hash function, and returning to the 32Byte hash abstract of the kernel original image;
s12, separating 256Byte digital signatures of the uinmage in the Kernel image, decrypting the uinmage digital signatures by using a public key in an FM Bootloader, and returning a 32Byte hash digest of the uinmage of the Kernel original image;
s13, comparing the hash digest values in S11 and S12, and if the hash digest values are equal, indicating that the Kernel image is an official image and normally starting; and if the images are not equal, the Kernel image is an illegal image, and the starting is stopped.
In the above method, the synthesizing of the Kernel image specifically includes the following steps:
s20, compiling to generate an original kernel image uImage;
s21, reading the kernel original image uImage, transmitting the kernel original image uImage into a hash function, and returning hash abstract data of 32 Byte;
s22, encrypting the hash digest data of the 32Byte returned in the S21 by using a private key, and returning the encrypted information of the 256Byte as a digital signature;
s23, adding the encrypted information returned in S22 into the Kernel original image uImage attached in S20, and synthesizing a Kernel image with a uImage digital signature for generating burning.
In the method, when signing and verifying the Starter mirror image, the FM Bootloader mirror image, the Kernel mirror image and the Rootfs mirror image respectively, the used key pairs are the same or different.
In the above-mentioned method, the first step of the method,
the public key of the Starter mirror image is stored in the Boot Rom mirror image in a variable form in a mirror image mode;
the public key of the FM Bootloader mirror image is stored in the Starter mirror image in a variable form;
the public key of the Kernel mirror image is stored in the FM Bootloader mirror image in a variable mode;
the public key of the Rootfs mirror image is stored in the Kernel mirror image in a variable form;
the private key corresponding to the public key is stored in the compiling server and used for the relevant mirror image signature when compiling the version.
The invention ensures that the Femtocell equipment deployed at the user side can identify and start the specific authenticated operating system, thereby avoiding the user from completely controlling the Femtocell equipment by updating the third-party system of the Flash and improving the starting safety of the Femtocell equipment.
Drawings
Fig. 1 is a flowchart of a method for securely booting a Femtocell device according to the present invention;
FIG. 2 is a flowchart of checking with a Kernel image and a digital signature according to an embodiment of the present invention;
fig. 3 is a flowchart of a method for synthesizing a Kernel image according to an embodiment of the present invention.
Detailed Description
The invention adopts a safe starting method of Femtocell equipment, adds unique identity identification information to an official (legal equipment manufacturer of the Femtocell equipment) embedded Linux operating system mirror image, generates a hash abstract by using a hash algorithm in the mirror image generation process by using a digital signature and verification mechanism, and appends the hash abstract after the mirror image is subjected to digital signature by a private key. When the equipment is started, the calling module firstly calculates a hash abstract for the mirror image by using a hash algorithm, then decrypts the digital signature attached to the mirror image by using a public key to generate another hash abstract, and finally compares the calculated hash abstract and the decrypted hash abstract, if the calculated hash abstract and the decrypted hash abstract are the same, the mirror image is legal, and if the calculated hash abstract and the decrypted hash abstract are different, the possibility that a third party updates the firmware exists.
The invention is described in detail below with reference to the drawings and the detailed description.
As shown in fig. 1, the invention provides a method for safely starting a Femtocell device, wherein after the Femtocell device is powered on, Boot Rom is loaded first, then the four mirror images of the Starter, the FM Bootloader, the Kernel and the Rootfs are checked and guided in sequence, and after the checks are passed, the Femtocell device is normally started; otherwise, the Femtocell device cannot start normally, such as allowing the Femtocell device to enter a dead cycle.
The invention checks the Starter mirror image by Boot Rom, and ensures the validity of the Starter mirror image; the Starter checks the FM Bootloader mirror image to ensure the legality of the FM Bootloader mirror image; checking the Kernel mirror image when the FMBootloader guides the Kernel mirror image to ensure the legality of the Kernel mirror image; finally, checking the Rootfs mirror image when the Kernel mounts the root file system, and ensuring the legality of the Rootfs mirror image; therefore, the legality of the whole system (including Starter, FM Bootloader, Kernel and Rootfs) of the Femtocell equipment is ensured, and the Femtocell equipment can be normally started after the verification is passed.
The first embodiment.
In this embodiment, mirror image verification is performed on the Starter mirror image, the FM Bootloader mirror image, the Kernel mirror image, and the Rootfs mirror image in a manner of mirror image and digital signature; the Starter mirror image, the FM Bootloader mirror image, the Kernel mirror image and the Rootfs mirror image are generated by combining an original mirror image and a digital signature.
Example two.
In this embodiment, when performing mirror image verification in a mirror image and digital signature manner, signing and verifying the Starter mirror image, the FMBootloader mirror image, the Kernel mirror image, and the Rootfs mirror image may be performed, and four mirror image verifications may all use the same key pair, or may respectively use different key pairs. Wherein,
the public key of the Starter mirror image is stored in a Boot Rom mirror image in a variable form;
the public key of the FM Bootloader mirror image is stored in the Starter mirror image in a variable form;
the public key of the Kernel mirror image is stored in the FM Bootloader mirror image in a variable mode;
the public key of the Rootfs mirror image is stored in the Kernel mirror image in a variable form;
the private key corresponding to the public key is stored in the compiling server and used for the relevant mirror image signature when compiling the version.
Taking signature and verification of a Kernel mirror image as an example, storing public key information for a verified public key file FM _ public.pem; storing the content of a public key file FM _ public.pem in an FM Bootloader mirror image in a variable form; and storing private key information in a private key file FM _ private.pem signed by the private key file FM _ private.pem, storing the private key information in a compiling server, and signing and using the private key information when compiling the version.
Example three.
In the embodiment, when each link of Root Rom guiding the Starter, the Starter guiding the FM Bootloader, the FMBootloader guiding the Kernel, and the Kernel mounting the Root fs adopts a mirror image and digital signature mode to perform mirror image verification, the method specifically includes the following steps:
and S01, reading mirror image data in the Flash, wherein the mirror image data comprises an original mirror image and a digital signature.
And S02, separating the mirror image data to obtain an original mirror image, introducing the original mirror image into a hash function, and returning the hash abstract of the original mirror image.
And S03, separating the mirror image data to obtain a digital signature, and decrypting the digital signature by using the public key of the Femtocell equipment to obtain the hash abstract of the original mirror image.
S04, comparing the hash digest values in S02 and S03, if the hash digest values are equal, indicating that the mirror image is an official mirror image and starting normally; if not, the mirror image is judged to be an illegal mirror image, and the starting is stopped.
Example four.
In this embodiment, after the FM Bootloader image is read into the RAM and normally operates, the FM Bootloader reads the Kernel image and the digital signature after the Kernel image from the Flash, and verifies the read digital signature by using the Kernel image and the digital signature to determine the validity of the Kernel image, wherein the Kernel image burned in the Flash is formed by merging the compiled Kernel original image uImage and the compiled Kernel original image uImage, and is used to provide data support for the verification of the FM Bootloader image.
Example five.
In this embodiment, the digital signature of the FM Bootloader after the Kernel image read from the Flash is 256Byte after the Kernel image; as shown in fig. 2, the FM Bootloader verifying by using the Kernel image and the digital signature specifically includes the following steps:
s10, reading Kernel image data in Flash by the FM Bootloader, wherein the Kernel image data comprise Kernel original images uImage and uImage digital signatures.
S11, separating the kernel original image, and introducing a hash function to return the 32Byte hash digest of the kernel original image.
S12, separating the 256Byte digital signature of the Kernel image uImage, decrypting the uImage digital signature by using a public key in the FM Bootloader, and returning to the 32Byte hash digest of the Kernel original image uImage.
S13, comparing the hash digest values in S11 and S12, and if the hash digest values are equal, indicating that the Kernel image is an official image and normally starting; and if the images are not equal, the Kernel image is an illegal image, and the starting is stopped.
Example six.
In this embodiment, as shown in fig. 3, the synthesizing of Kernel original image uImage and Kernel image digitally signed by uImage specifically includes the following steps:
and S20, compiling to generate the kernel original image uImage.
S21, reading the kernel original image uImage, transmitting the kernel original image uImage into a hash function, and returning the 32Byte hash digest data.
S22, the hash digest data of the 32Byte returned in the S21 is encrypted by a private key, and the encrypted information of the 256Byte, namely the digital signature, is returned.
S23, adding the encrypted information returned in S22 into the Kernel original image uImage attached in S20, and synthesizing a Kernel image with a uImage digital signature for generating burning.
The invention ensures that the Femtocell equipment deployed at the user side can identify and start the specific authenticated operating system, thereby avoiding the user from completely controlling the Femtocell equipment by updating the third-party system of the Flash and improving the starting safety of the Femtocell equipment.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.
Claims (10)
1. A safe starting method of a Femtocell device is characterized by comprising the following steps:
when the Femtocell equipment is started, mirror image verification is sequentially carried out according to the following sequence:
when Boot Rom guides the Starter, checking a Starter mirror image;
when the Starter guides the FM Bootloader, checking the FM Bootloader mirror image;
checking a Kernel mirror image when the FM Bootloader guides the Kernel;
when Kernel mounts a root file system, checking a Rootfs mirror image;
and after the verification passes, normally starting the Femtocell equipment.
2. The method of claim 1, wherein the image verification employs an image and a digital signature.
3. The method of claim 2, wherein the Starter image, the FMBootloader image, the Kernel image, and the Rootfs image are generated from a combination of an original image and a digital signature.
4. The method as claimed in claim 3, wherein each link guiding Starter from Root Rom, FMBootlader from Starter, Kernel from FM Bootlader, and Rootfs from Kernel mount adopts mirror image and digital signature for mirror image verification, which includes the following steps:
s01, reading mirror image data in Flash, wherein the mirror image data comprises an original mirror image and a digital signature;
s02, separating the mirror image data to obtain an original mirror image, transmitting the original mirror image into a hash function, and returning the hash abstract of the original mirror image;
s03, separating the mirror image data to obtain a digital signature, and decrypting the digital signature by using the public key of the Femtocell equipment to obtain the hash abstract of the original mirror image;
s04, comparing the hash digest values in S02 and S03, if equal, starting normally; otherwise, the start is stopped.
5. The method as claimed in claim 4, wherein when the FM Bootloader image is read into the RAM and normally operates, the FM Bootloader reads the Kernel image and the digital signature after the Kernel image from the Flash, and checks by using the Kernel image and the digital signature to judge the validity of the Kernel image.
6. The method of claim 5, wherein the digital signature is 256 bytes after the Kernel image.
7. The method of claim 6, wherein the checking of the FM Bootloader image with the Kernel image and the digital signature specifically comprises the steps of:
s10, reading Kernel mirror image data in Flash by an FM Bootloader, wherein the Kernel mirror image data comprise an original Kernel mirror image uImage and a uImage digital signature;
s11, separating the kernel original image, transmitting the kernel original image into a hash function, and returning to the 32Byte hash abstract of the kernel original image;
s12, separating 256Byte digital signatures of the uinmage in the Kernel image, decrypting the uinmage digital signatures by using a public key in an FM Bootloader, and returning a 32Byte hash digest of the uinmage of the Kernel original image;
s13, comparing the hash digest values in S11 and S12, and if the hash digest values are equal, indicating that the Kernel image is an official image and normally starting; and if the images are not equal, the Kernel image is an illegal image, and the starting is stopped.
8. The method of claim 6, wherein the compositing of the Kernel images specifically comprises the steps of:
s20, compiling to generate an original kernel image uImage;
s21, reading the kernel original image uImage, transmitting the kernel original image uImage into a hash function, and returning hash abstract data of 32 Byte;
s22, encrypting the hash digest data of the 32Byte returned in the S21 by using a private key, and returning the encrypted information of the 256Byte as a digital signature;
s23, adding the encrypted information returned in S22 into the Kernel original image uImage attached in S20, and synthesizing a Kernel image with a uImage digital signature for generating burning.
9. The method according to any of claims 2 to 8, wherein the key pairs used in signing and verifying the Starter image, the FMBootloader image, the Kernel image and the Rootfs image, respectively, are the same or different.
10. The method of claim 9,
the public key of the Starter mirror image is stored in the Boot Rom mirror image in a variable form in a mirror image mode;
the public key of the FM Bootloader mirror image is stored in the Starter mirror image in a variable form;
the public key of the Kernel mirror image is stored in the FM Bootloader mirror image in a variable mode;
the public key of the Rootfs mirror image is stored in the Kernel mirror image in a variable form;
the private key corresponding to the public key is stored in the compiling server and used for the relevant mirror image signature when compiling the version.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810101360.9A CN108491229A (en) | 2018-02-01 | 2018-02-01 | A kind of method that Femtocell equipment safeties start |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810101360.9A CN108491229A (en) | 2018-02-01 | 2018-02-01 | A kind of method that Femtocell equipment safeties start |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN108491229A true CN108491229A (en) | 2018-09-04 |
Family
ID=63344272
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810101360.9A Withdrawn CN108491229A (en) | 2018-02-01 | 2018-02-01 | A kind of method that Femtocell equipment safeties start |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108491229A (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109508529A (en) * | 2018-11-20 | 2019-03-22 | 艾体威尔电子技术(北京)有限公司 | A kind of implementation method of payment terminal clean boot verification |
| CN109614279A (en) * | 2018-12-07 | 2019-04-12 | 陕西瑞迅电子信息技术有限公司 | A kind of industrial personal computer self-checking system and its control method and relevant device |
| CN109766134A (en) * | 2019-01-08 | 2019-05-17 | 四川虹微技术有限公司 | System start method, device, electronic equipment and storage medium |
| CN110555309A (en) * | 2019-09-10 | 2019-12-10 | 深圳市英博超算科技有限公司 | Starting method, starting device, terminal and computer readable storage medium |
| CN111209572A (en) * | 2020-01-07 | 2020-05-29 | 杭州涂鸦信息技术有限公司 | Encryption and decryption-based safe startup method and system for Linux system |
| WO2021023312A1 (en) * | 2019-08-06 | 2021-02-11 | 晶晨半导体(上海)股份有限公司 | Method for rapidly starting memory of system on chip |
| CN114417360A (en) * | 2022-03-28 | 2022-04-29 | 青岛鼎信通讯股份有限公司 | System safety starting method applied to embedded power equipment |
| EP4390741A1 (en) * | 2022-12-21 | 2024-06-26 | Thales | Securing a file system of a remote autonomous system |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101147387A (en) * | 2005-04-19 | 2008-03-19 | 诺基亚公司 | Method, device and system for controlling application startup in mobile terminal equipment |
| CN103856961A (en) * | 2012-11-30 | 2014-06-11 | 埃森哲环球服务有限公司 | Communication network, computer architecture, computer implemented method and computer program product for the development and management of femtocell-based applications |
| US20160277186A1 (en) * | 2007-01-07 | 2016-09-22 | Apple Inc. | Securely recovering a computing device |
| CN106126377A (en) * | 2016-07-04 | 2016-11-16 | 广东欧珀移动通信有限公司 | The method and device of system start-up |
| US20160373258A1 (en) * | 2015-05-28 | 2016-12-22 | Vodafone Ip Licensing Limited | Setting a Password an a Device |
| CN106295318A (en) * | 2015-06-05 | 2017-01-04 | 北京壹人壹本信息科技有限公司 | A kind of system start-up bootstrap technique and device |
| CN106934289A (en) * | 2015-12-30 | 2017-07-07 | 北京展讯高科通信技术有限公司 | Verification and the method for forming signature image |
| CN107045611A (en) * | 2016-02-05 | 2017-08-15 | 中兴通讯股份有限公司 | Safe starting method and device |
-
2018
- 2018-02-01 CN CN201810101360.9A patent/CN108491229A/en not_active Withdrawn
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101147387A (en) * | 2005-04-19 | 2008-03-19 | 诺基亚公司 | Method, device and system for controlling application startup in mobile terminal equipment |
| US20160277186A1 (en) * | 2007-01-07 | 2016-09-22 | Apple Inc. | Securely recovering a computing device |
| CN103856961A (en) * | 2012-11-30 | 2014-06-11 | 埃森哲环球服务有限公司 | Communication network, computer architecture, computer implemented method and computer program product for the development and management of femtocell-based applications |
| US20160373258A1 (en) * | 2015-05-28 | 2016-12-22 | Vodafone Ip Licensing Limited | Setting a Password an a Device |
| CN106295318A (en) * | 2015-06-05 | 2017-01-04 | 北京壹人壹本信息科技有限公司 | A kind of system start-up bootstrap technique and device |
| CN106934289A (en) * | 2015-12-30 | 2017-07-07 | 北京展讯高科通信技术有限公司 | Verification and the method for forming signature image |
| CN107045611A (en) * | 2016-02-05 | 2017-08-15 | 中兴通讯股份有限公司 | Safe starting method and device |
| CN106126377A (en) * | 2016-07-04 | 2016-11-16 | 广东欧珀移动通信有限公司 | The method and device of system start-up |
Non-Patent Citations (1)
| Title |
|---|
| NYQ0321: "嵌入式 Linux OS 启动流程", 《HTTPS://BLOG.CSDN.NET/QQ_27840681/ARTICLE/DETAILS/77334951》 * |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109508529A (en) * | 2018-11-20 | 2019-03-22 | 艾体威尔电子技术(北京)有限公司 | A kind of implementation method of payment terminal clean boot verification |
| CN109508529B (en) * | 2018-11-20 | 2021-10-08 | 艾体威尔电子技术(北京)有限公司 | Method for realizing safety starting verification of payment terminal |
| CN109614279A (en) * | 2018-12-07 | 2019-04-12 | 陕西瑞迅电子信息技术有限公司 | A kind of industrial personal computer self-checking system and its control method and relevant device |
| CN109614279B (en) * | 2018-12-07 | 2022-03-15 | 陕西瑞迅电子信息技术有限公司 | Industrial personal computer self-checking system and control method thereof and related equipment |
| CN109766134A (en) * | 2019-01-08 | 2019-05-17 | 四川虹微技术有限公司 | System start method, device, electronic equipment and storage medium |
| WO2021023312A1 (en) * | 2019-08-06 | 2021-02-11 | 晶晨半导体(上海)股份有限公司 | Method for rapidly starting memory of system on chip |
| CN110555309A (en) * | 2019-09-10 | 2019-12-10 | 深圳市英博超算科技有限公司 | Starting method, starting device, terminal and computer readable storage medium |
| CN111209572A (en) * | 2020-01-07 | 2020-05-29 | 杭州涂鸦信息技术有限公司 | Encryption and decryption-based safe startup method and system for Linux system |
| CN114417360A (en) * | 2022-03-28 | 2022-04-29 | 青岛鼎信通讯股份有限公司 | System safety starting method applied to embedded power equipment |
| EP4390741A1 (en) * | 2022-12-21 | 2024-06-26 | Thales | Securing a file system of a remote autonomous system |
| FR3144342A1 (en) * | 2022-12-21 | 2024-06-28 | Thales | Securing a Standalone System File System Remotely |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108491229A (en) | A kind of method that Femtocell equipment safeties start | |
| CN109829294B (en) | Firmware verification method, system, server and electronic equipment | |
| KR101795457B1 (en) | Method of initializing device and method of updating firmware of device having enhanced security function | |
| CN107463838B (en) | SGX-based security monitoring method, device, system and storage medium | |
| JP5052349B2 (en) | How to update configuration parameters in mobile devices | |
| US12294657B2 (en) | Software integrity protection method and apparatus, and software integrity verification method and apparatus | |
| US20030014663A1 (en) | Method for securing an electronic device, a security system and an electronic device | |
| CN103577206A (en) | Method and device for installing application software | |
| CN104331658A (en) | Installing verification method for intelligent terminal application program and system | |
| CN106295350B (en) | identity verification method and device of trusted execution environment and terminal | |
| CN112632562B (en) | Device starting method, device management method and embedded device | |
| CN105117651A (en) | Method for controlling single board to be safely started and method and device for upgrading software package | |
| CN112417422B (en) | Security chip upgrading method and computer readable storage medium | |
| KR20170089352A (en) | Firmware integrity verification for performing the virtualization system | |
| CN113301107B (en) | Node computing platform, implementation method thereof and computer readable storage medium | |
| CN107086977A (en) | Applied security processing method and device | |
| JP4818824B2 (en) | Program management system and terminal device | |
| KR100453504B1 (en) | Method and system for authenticating a software | |
| CN113079023A (en) | File distribution management method and device and related equipment | |
| CN108737101A (en) | A kind of verification method of application program, device and cloud server | |
| CN112087303A (en) | Certificate presetting and issuing method, robot and server | |
| KR20180052479A (en) | System for updating firm ware of wire and wireless access point using signature chain, wire and wireless access point and method thereof | |
| CN111132149A (en) | Registration method of 5G user terminal, user terminal equipment and medium | |
| KR20150089696A (en) | Integrity Verification System and the method based on Access Control and Priority Level | |
| EP2343667A1 (en) | Method and system for platform integrality authentication, wireless access device and network device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WW01 | Invention patent application withdrawn after publication | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20180904 |