Processing

Please wait...

Settings

Settings

Goto Application

1. WO2020088516 - FIRMWARE SECURITY AUTHENTICATION METHOD, DEVICE AND PAYMENT TERMINAL

Publication Number WO/2020/088516
Publication Date 07.05.2020
International Application No. PCT/CN2019/114321
International Filing Date 30.10.2019
IPC
G06F 21/51 2013.01
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
51at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
G06F 21/57 2013.01
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
CPC
G06F 21/51
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
51at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
G06F 21/572
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
572Secure firmware programming, e.g. of basic input output system [BIOS]
Applicants
  • 百富计算机技术(深圳)有限公司 PAX COMPUTER TECHNOLOGY (SHENZHEN) CO.,LTD. [CN]/[CN]
Inventors
  • 刘绍海 LIU, Shaohai
  • 李坚强 LI, Jianqiang
Agents
  • 深圳中一联合知识产权代理有限公司 SHENZHEN ZHONGYI UNION INTELLECTUAL PROPERTY AGENCY CO.,LTD.
Priority Data
201811277132.330.10.2018CN
Publication Language Chinese (ZH)
Filing Language Chinese (ZH)
Designated States
Title
(EN) FIRMWARE SECURITY AUTHENTICATION METHOD, DEVICE AND PAYMENT TERMINAL
(FR) PROCÉDÉ D'AUTHENTIFICATION DE SÉCURITÉ DE MICROLOGICIEL, DISPOSITIF ET TERMINAL DE PAIEMENT
(ZH) 固件安全认证方法、装置和支付终端
Abstract
(EN)
A firmware security authentication method, device and payment terminal, which are applicable to the technical field of terminal processing. The method comprises: acquiring the security level of a firmware file to be downloaded, and determining whether the security level of the firmware file to be downloaded satisfies a preset security level (S101); downloading the firmware file when the security level of the firmware file to be downloaded satisfies the preset security level, wherein the firmware file comprises a BOOT file or an OS file (S102); starting the BOOT file, and acquiring the security level of the BOOT file (S103); determining whether the security level of the OS file satisfies the security level of the BOOT file, and if so, starting the OS file according to the BOOT file (S104). The described solution may guarantee that a firmware file may be switched from a lower version to a higher version, and that the firmware file cannot be downgraded from a higher version to a lower version; moreover, the described solution may prevent the firmware file from being tampered with, thereby improving the security of a system.
(FR)
L'invention concerne un procédé d'authentification de sécurité de micrologiciel, un dispositif et un terminal de paiement, qui s'appliquent au domaine technique du traitement de terminal. Le procédé consiste à : acquérir le niveau de sécurité d'un fichier de micrologiciel à télécharger, et déterminer si le niveau de sécurité du fichier de micrologiciel à télécharger se situe à un niveau de sécurité prédéfini (S101) ; télécharger le fichier de micrologiciel lorsque le niveau de sécurité du fichier de micrologiciel à télécharger se situe au niveau de sécurité prédéfini, le fichier de micrologiciel comprenant un fichier BOOT ou un fichier OS (S102) ; lancer le fichier BOOT, et acquérir le niveau de sécurité du fichier BOOT (S103) ; déterminer si le niveau de sécurité du fichier OS se situe au niveau de sécurité du fichier BOOT, et si tel est le cas, lancer le fichier OS conformément au fichier BOOT (S104). La solution de l'invention peut garantir qu'un fichier de micrologiciel peut passer d'une version inférieure à une version supérieure, et que le fichier de micrologiciel ne peut pas être dégradé d'une version supérieure à une version inférieure ; de plus, la solution de l'invention peut empêcher le fichier de micrologiciel d'être altéré, ce qui permet d'améliorer la sécurité d'un système.
(ZH)
一种固件安全认证方法、装置和支付终端,适用于终端处理技术领域。所述方法包括:获取待下载固件文件的安全等级,判断所述待下载固件文件的安全等级是否满足预设安全等级(S101);在所述待下载固件文件的安全等级满足所述预设安全等级时,下载所述固件文件,其中,所述固件文件包括BOOT文件或OS文件(S102);启动所述BOOT文件,获取所述BOOT文件的安全等级(S103);判断所述OS文件的安全等级是否满足所述BOOT文件的安全等级,若满足,则根据所述BOOT文件启动所述OS文件(S104)。该方案能够保证固件文件可以从低版本切换到高版本,不能从高版本回退到低版本;避免固件文件被篡改,提高系统的安全性。
Also published as
Latest bibliographic data on file with the International Bureau