CN112560047B - Android platform firmware degradation prevention method and storage medium thereof - Google Patents
Android platform firmware degradation prevention method and storage medium thereof Download PDFInfo
- Publication number
- CN112560047B CN112560047B CN202011521371.6A CN202011521371A CN112560047B CN 112560047 B CN112560047 B CN 112560047B CN 202011521371 A CN202011521371 A CN 202011521371A CN 112560047 B CN112560047 B CN 112560047B
- Authority
- CN
- China
- Prior art keywords
- firmware
- file
- version information
- equipment
- information corresponding
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/572—Secure firmware programming, e.g. of basic input output system [BIOS]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
Abstract
The invention relates to the field of Android platform intelligent POS payment, in particular to an Android platform firmware degradation prevention method, application and a storage medium thereof, and the Android platform firmware degradation prevention method is characterized by comprising the following steps: s1: the encryption machine acquires compiled firmware binary file information and version information corresponding to the firmware; s2: the encryption machine fills the firmware version information to the tail of the firmware binary file; s3: the encryption machine uses an encryption algorithm to sign the file filled with the version information in the S2 and store the information authority at the tail of the file; the method and the device can prevent the customer-customized firmware from being randomly tampered to influence the equipment safety, further ensure the complete control of the customer on the intelligent equipment based on the Android system, and avoid the safety problem.
Description
Technical Field
The invention relates to the field of Android platform intelligent POS payment, in particular to an Android platform firmware degradation prevention method and a storage medium thereof.
Background
With the development of various payment forms such as mobile payment, new retail, face payment and the like, intelligent terminal equipment developed based on an Android system is more and more favored by merchants. Particularly, the intelligent terminal takes payment as a basic function, and realizes collection management, member management, shop management and the like for the merchant management cloud platform by utilizing the openness and convenience of an Android system. The Android system is open and convenient, meanwhile, security challenges are brought, new threats are brought to users by system vulnerabilities of various levels, and particularly, the security of the system is possibly damaged by installing unauthorized applications by utilizing vulnerabilities, user data is stolen, and transaction security is damaged. Only by updating the security loophole of the system in time and preventing the rollback degradation of the system, the security of the equipment can be ensured, and the security of data of customers, payment and the like can be ensured.
At present, more and more intelligent terminals are developed based on an Android system, security events of equipment threatened by vulnerabilities of the Android system frequently occur, and particularly, the equipment updates repaired vulnerabilities but does not prevent rollback of firmware versions, so that merchants or lawbreakers utilize rollback firmware, and thus customer data is threatened by security due to the utilization of the vulnerabilities of the firmware.
Disclosure of Invention
In view of this, the present invention provides an anti-downgrading method for Android platform firmware, an application thereof, and a storage medium thereof.
In order to achieve the technical purpose, the technical scheme adopted by the invention is as follows:
an Android platform firmware anti-downgrading method comprises the following steps:
s1: the encryption machine acquires compiled firmware binary file information and version information corresponding to the firmware;
s2: the encryption machine fills the firmware version information to the tail of the firmware binary file;
s3: the encryption machine uses an encryption algorithm to sign the file filled with the version information in the S2 and store the information authority at the tail of the file;
s4: when the equipment enters a firmware downloading mode, a PC (personal computer) downloading firmware tool loads the file signed by the S3;
s5: the PC downloading tool sends the loaded file to the equipment terminal;
s6: the equipment terminal receives data issued by the PC, performs signature verification on the issued data by using a preset public key certificate, if the signature verification is successful, S7 is entered, otherwise, S10 is executed:
s7: after the signature verification is successful, acquiring version information in a file issued by a PC;
s8: acquiring firmware version number information in a secure partition;
s9: comparing the version information respectively obtained in S7 and S8; if the version information of the S7 is larger than or equal to that of the S8, updating the file of the PC information into the equipment, and updating the version information in the security partition, otherwise, executing S10;
s10: after the PC downloading tool receives the error feedback information, the equipment terminal updates data sent by the PC to the equipment, and the PC sends an instruction to restart the equipment.
Further, the encryption algorithm used in S3 is RSA2048+ SHA256.
Preferably, the device is restarted after the file of the PC information and the version information in the secure partition are updated in S9.
Further, the error feedback information in S10 includes a signature error and a version too low error.
The Android platform firmware anti-downgrade method can be applied to a POS machine of an Android system.
On the basis, the invention further provides a computer-readable storage medium, wherein at least one instruction, at least one program, a code set or an instruction set is stored in the storage medium, and the at least one instruction, the at least one program, the code set or the instruction set is loaded by a processor and executed to implement the anti-downgrading method for the Android platform firmware.
By adopting the technical scheme, compared with the prior art, the invention has the beneficial effects that:
the Android platform firmware degradation prevention method provided by the invention can effectively prevent the customer-customized firmware from being tampered, and ensure the safety of data such as equipment data, payment data based on an Android system POS (point of sale), customer member management and the like.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the prior art descriptions will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
FIG. 1 is a schematic operational flow diagram of the inventive arrangements.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be noted that the following examples are only illustrative of the present invention, and do not limit the scope of the present invention. Likewise, the following examples are only some but not all examples of the present invention, and all other examples obtained by those skilled in the art without any inventive step are within the scope of the present invention.
As shown in fig. 1, the invention provides an anti-downgrading method for Android platform firmware, which includes the following steps:
s1: the encryption machine acquires compiled firmware binary file information and version information corresponding to the firmware;
s2: the encryption machine fills the firmware version information to the tail of the firmware binary file;
s3: the encryption machine uses RSA2048+ SHA256 to sign the file filled with the version information in S2, and the information authority is stored at the tail of the file;
s4: when the equipment enters a firmware downloading mode, a PC (personal computer) downloading firmware tool loads the file signed by the S3;
s5: the PC downloading tool sends the loaded file to the equipment terminal;
s6: the equipment terminal receives data issued by the PC, performs signature verification on the issued data by using a preset public key certificate, if the signature verification is successful, S7 is entered, otherwise, S10 is executed:
s7: after the signature verification is successful, acquiring version information in a file issued by a PC;
s8: acquiring firmware version number information in a secure partition;
s9: comparing the version information respectively obtained in S7 and S8; if the version information of the S7 is larger than or equal to that of the S8, updating the file of the PC information into the equipment, updating the version information in the safe partition, and restarting the equipment after updating the file of the PC information and the version information in the safe partition; otherwise, S10 is executed.
S10: after the PC downloading tool receives the error feedback information (including signature errors and version errors, which are too low), the equipment terminal updates data sent by the PC to the equipment, and the PC sends an instruction to restart the equipment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be substantially or partially implemented in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, a network device, or the like) or a processor (processor) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The above description is only a part of the embodiments of the present invention, and not intended to limit the scope of the present invention, and all equivalent devices or equivalent processes performed by the present invention through the contents of the specification and the drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (3)
1. An Android platform firmware degradation prevention method is applied to a POS machine of an Android system and comprises the following steps:
s1: the encryption machine acquires compiled firmware binary file information and version information corresponding to the firmware;
s2: the encryptor fills the version information corresponding to the firmware to the tail of the binary file of the firmware;
s3: the encryption machine uses an encryption algorithm to sign the file filled with the version information in the S2 and stores the information authority at the tail of the file;
s4: when the equipment enters a firmware downloading mode, the PC downloading tool loads the file signed by the S3;
s5: the PC downloading tool sends the loaded file to the equipment terminal;
s6: the device side receives data issued by the PC downloading tool, and uses a preset public key certificate to perform signature verification on the issued data, if the signature verification is successful, S7 is entered, otherwise, S10 is executed:
s7: after the signature verification is successful, acquiring version information corresponding to the firmware in the file issued by the PC downloading tool;
s8: acquiring version information corresponding to firmware in a secure partition;
s9: comparing the version information corresponding to the firmware respectively obtained in S7 and S8; if the version information corresponding to the firmware in the S7 is more than or equal to the version information corresponding to the firmware in the S8, updating a file issued by a PC downloading tool into the equipment, updating the version information corresponding to the firmware in the safe partition at the same time, and restarting the equipment, otherwise, executing S10;
s10: after the PC downloading tool receives the error feedback information, the equipment terminal updates data sent by the PC downloading tool to the equipment, and the PC downloading tool sends an instruction to restart the equipment; the error feedback information comprises signature errors and version too low errors.
2. The Android platform firmware anti-downgrading method of claim 1, wherein an encryption algorithm used in S3 is RSA2048+ SHA256.
3. A computer-readable storage medium, characterized in that: the storage medium stores at least one instruction, at least one program, a code set, or a set of instructions, which is loaded by a processor and executed to implement the anti-downgrading method for the Android platform firmware according to one of claims 1 to 2.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011521371.6A CN112560047B (en) | 2020-12-21 | 2020-12-21 | Android platform firmware degradation prevention method and storage medium thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011521371.6A CN112560047B (en) | 2020-12-21 | 2020-12-21 | Android platform firmware degradation prevention method and storage medium thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112560047A CN112560047A (en) | 2021-03-26 |
| CN112560047B true CN112560047B (en) | 2023-04-14 |
Family
ID=75030660
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011521371.6A Active CN112560047B (en) | 2020-12-21 | 2020-12-21 | Android platform firmware degradation prevention method and storage medium thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112560047B (en) |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108140074A (en) * | 2015-10-19 | 2018-06-08 | 微软技术许可有限责任公司 | Manage app-specific feature permissions |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140250290A1 (en) * | 2013-03-01 | 2014-09-04 | St-Ericsson Sa | Method for Software Anti-Rollback Recovery |
| US10049218B2 (en) * | 2016-12-07 | 2018-08-14 | Google Llc | Rollback resistant security |
| CN109508534A (en) * | 2017-09-14 | 2019-03-22 | 厦门雅迅网络股份有限公司 | Prevent method, the embedded system attacked that degrade by software |
| US10635820B1 (en) * | 2017-09-29 | 2020-04-28 | Square, Inc. | Update policy-based anti-rollback techniques |
-
2020
- 2020-12-21 CN CN202011521371.6A patent/CN112560047B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108140074A (en) * | 2015-10-19 | 2018-06-08 | 微软技术许可有限责任公司 | Manage app-specific feature permissions |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112560047A (en) | 2021-03-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112445537B (en) | Trusted starting method and device of operating system, mobile terminal and storage medium | |
| RU2385483C2 (en) | System and method for hypervisor use to control access to computed given for rent | |
| EP2681689B1 (en) | Protecting operating system configuration values | |
| US20160162686A1 (en) | Method for verifying integrity of dynamic code using hash background of the invention | |
| CN107077540B (en) | Method and system for providing cloud-based application security services | |
| CN106096418B (en) | SELinux-based startup security level selection method and device and terminal equipment | |
| CN112231702B (en) | Application protection method, device, equipment and medium | |
| US11170077B2 (en) | Validating the integrity of application data using secure hardware enclaves | |
| CN109804378A (en) | BIOS safety | |
| US20180054480A1 (en) | Interrupt synchronization of content between client device and cloud-based storage service | |
| JP2006512690A (en) | Protection of portable items against denial of service attacks | |
| US20230019196A1 (en) | Pre-os resiliency | |
| CN107315959A (en) | The support method and device of mobile terminal service safety | |
| CN115062307B (en) | Program integrity verification method, system, terminal and storage medium based on Open POWER | |
| CN112560047B (en) | Android platform firmware degradation prevention method and storage medium thereof | |
| CN116776317A (en) | System validity verification method and device and electronic equipment | |
| CN111062035B (en) | Lesu software detection method and device, electronic equipment and storage medium | |
| WO2020000753A1 (en) | Device security monitoring method and apparatus | |
| CN114036495A (en) | Method and device for updating privatized deployment verification code system | |
| CN114240436A (en) | Electronic certificate verification and cancellation method and device, computer equipment and storage medium | |
| CN115866542B (en) | Short message verification code application and verification method, device, equipment and storage medium | |
| CN106294017A (en) | A kind of information security back-up method | |
| CN109688158B (en) | Financial execution chain authentication method, electronic device and storage medium | |
| KR101019156B1 (en) | Security card generation and renewal system and method | |
| CN108200060B (en) | Single sign-on authentication method, server and storage medium based on web subsystem |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |