Method for burning identification code of terminal, burning system, reading method and reading system
By encrypting the initial key to generate a key file and decrypting it into a plaintext identification code after the terminal is powered on, the security problem caused by the plaintext burning of license information in smart home devices is solved, and the security level of the terminal is improved.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- MIDEA GROUP CO LTD
- Filing Date
- 2020-12-30
- Publication Date
- 2026-07-03
AI Technical Summary
In existing technologies, the license information of smart home devices is burned in plaintext, which leads to data leakage, vulnerability to hacker attacks, and insufficient security.
An encryption system is used to process the initial key, generate a key file, and burn the encrypted production data and key file to the terminal. The plaintext identification code is decrypted through the decryption interface only after the terminal is powered on, which improves data security.
The security level of the terminal has been enhanced, increasing the difficulty and cost of reverse engineering and ensuring the security of data during the burning process.
Smart Images

Figure CN114691154B_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of terminal security protection technology, and in particular to a method for burning identification codes to terminals, a burning system, a reading method, and a reading system. Background Technology
[0002] A terminal typically includes mechanical, electronic, and networking components. Taking smart homes as an example, the networking component needs to interact with the cloud, thus involving identity authentication. Therefore, critical information often needs to be burned into the smart home system during the production line stage. For instance, the smart home license stores public / private key pairs and initial keys required by the relevant software, so the license needs to be burned into the smart home system during production. However, current technology directly burns the license into the smart home appliance networking module in plaintext, storing the data in plaintext in Flash memory. This lack of secure storage means that reverse engineering tools can directly read this information, leading to the leakage of critical device information and potentially causing hacker attacks. Summary of the Invention
[0003] This invention aims to at least solve one of the technical problems existing in the prior art. To this end, this invention proposes a method for burning identification codes into terminals, which can ensure that the identification codes are encrypted and burned into the terminals during the production line stage, achieving encrypted storage and improving the security level of the terminals.
[0004] The present invention also proposes a terminal identification code burning system.
[0005] The present invention also proposes a method for reading the identification code of a terminal.
[0006] The present invention also proposes a terminal identification code reading system.
[0007] The present invention also proposes an electronic device.
[0008] The present invention also proposes a non-transitory computer-readable storage medium.
[0009] A method for burning an identification code to a terminal according to a first aspect embodiment of the present invention includes:
[0010] Obtain a key file, which is obtained by encrypting the initial key using an encryption system;
[0011] Obtain production data, which is obtained by encrypting the plaintext identification code based on the initial key;
[0012] The production data and the key file are burned to the terminal.
[0013] According to the terminal identification code burning method of this invention, an initial key is used to encrypt the plaintext identification code, and the encrypted production data is securely burned to the terminal. Even if an unauthorized user obtains the production data during the burning stage, they cannot decrypt the plaintext identification code, thus ensuring data security during the burning process. Specifically, the initial key is encrypted to generate a key file and burned to the terminal. Therefore, the plaintext identification code can only be decrypted by calling the decryption interface after the terminal is powered on. This terminal identification code burning method increases the difficulty and cost of reverse engineering, thereby enhancing the security level of the device.
[0014] According to an embodiment of the present invention, in the step of obtaining the key file, the encryption system is a white-box management system, the key file includes a white-box key, and the white-box key is stored in string form.
[0015] According to an embodiment of the present invention, the step of burning the production data and the key file to the terminal includes:
[0016] The white-box key is converted into binary form and integrated into the source code;
[0017] Integrate the white-box SDK corresponding to the white-box key into the source code;
[0018] Compile the source code to generate firmware;
[0019] The firmware is burned into the network module of the terminal.
[0020] According to one embodiment of the present invention, in the step of obtaining the key file, the initial key is a symmetric key generated by the key management system.
[0021] According to an embodiment of the present invention, in the step of burning the production data and the key file to the terminal:
[0022] The production data and the key file are burned into the network module of the terminal and stored in the Flash memory.
[0023] According to one embodiment of the present invention, the plaintext identification code includes a plaintext license, a plaintext communication key, a plaintext signature, or a plaintext security certificate.
[0024] A terminal identification code burning system according to a second aspect embodiment of the present invention includes:
[0025] The first acquisition module is used to acquire a key file, which is obtained by encrypting an initial key using an encryption system;
[0026] The second acquisition module is used to acquire production data, which is obtained by encrypting the plaintext identification code based on the initial key.
[0027] The burning module is used to burn the production data and the key file to the terminal.
[0028] The identification code burning system for the terminal according to the embodiments of the present invention has the same technical effect as the identification code burning method for the terminal described above, and will not be repeated here.
[0029] A terminal identification code reading method according to a third aspect embodiment of the present invention includes:
[0030] The terminal-based identification code burning method burns the production data and the key file to the terminal:
[0031] Call the decryption interface of the module containing the production data and the key file burned to the terminal, and perform a decryption operation on the production data to obtain the plaintext identification code corresponding to the production data;
[0032] The plaintext identification code is stored in a random access memory;
[0033] The plaintext identification code is cleared upon power failure.
[0034] The terminal identification code reading method according to the embodiments of the present invention includes all the steps of the terminal identification code burning method described above, and therefore has all the technical effects of the terminal identification code burning method described above, which will not be repeated here.
[0035] A terminal identification code reading system according to a fourth aspect embodiment of the present invention includes:
[0036] The identification code burning system for the aforementioned terminals;
[0037] The plaintext acquisition module is used to call the decryption interface of the module of the production data and the key file burned to the terminal, and perform a decryption operation on the production data to obtain the plaintext identification code corresponding to the production data;
[0038] A storage module is used to store the plaintext identification code in a random access memory;
[0039] The clearing module is used to clear the plaintext identification code based on power failure.
[0040] The identification code reading system for the terminal according to the embodiments of the present invention has the same technical effect as the identification code reading method for the terminal described above, and will not be repeated here.
[0041] An electronic device according to a fifth aspect of the present invention includes a memory, a processor, and a computer program stored in the memory and executable on the processor. When the processor executes the computer program, it implements the steps of the above-described terminal identification code burning method or the steps of the above-described terminal identification code reading method.
[0042] The electronic device according to the embodiments of the present invention includes the technical effects of the identification code burning method of the terminal in the first aspect embodiment described above, and / or the technical effects of the identification code reading method of the terminal in the third aspect embodiment described above, which will not be repeated here.
[0043] According to a sixth aspect of the present invention, a non-transitory computer-readable storage medium stores a computer program thereon, which, when executed by a processor, implements the steps of the above-described terminal identification code burning method or the steps of the above-described terminal identification code reading method.
[0044] The non-transitory computer-readable storage medium according to the embodiments of the present invention includes the technical effects of the identification code burning method of the terminal in the first aspect embodiment described above, and / or the technical effects of the identification code reading method of the terminal in the third aspect embodiment described above, which will not be repeated here.
[0045] Additional aspects and advantages of the invention will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. Attached Figure Description
[0046] To more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings described below are only some embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.
[0047] Figure 1 This is a flowchart illustrating the terminal identification code burning method provided in an embodiment of the present invention;
[0048] Figure 2 This is a schematic diagram of the identification code burning method for the terminal in the prior art;
[0049] Figure 3 This is a schematic diagram of the identification code burning method for a terminal using encryption processing provided in an embodiment of the present invention;
[0050] Figure 4 This is a schematic diagram of the white-box processing structure provided in an embodiment of the present invention;
[0051] Figure 5This is a schematic diagram illustrating the method for burning identification codes based on a background system and smart home appliances provided in an embodiment of the present invention;
[0052] Figure 6 This is a schematic diagram of the structure of the smart home appliance provided in the embodiment of the present invention;
[0053] Figure 7 This is a schematic diagram of the structure of the electronic device provided in an embodiment of the present invention. Detailed Implementation
[0054] The embodiments of the present invention will be described in further detail below with reference to the accompanying drawings and examples. The following examples are for illustrative purposes only and should not be construed as limiting the scope of the invention.
[0055] In the description of the embodiments of the present invention, it should be noted that the terms "center," "longitudinal," "lateral," "upper," "lower," "front," "rear," "left," "right," "vertical," "horizontal," "top," "bottom," "inner," and "outer," etc., indicate the orientation or positional relationship based on the orientation or positional relationship shown in the accompanying drawings. They are only for the convenience of describing the embodiments of the present invention and simplifying the description, and do not indicate or imply that the device or element referred to must have a specific orientation, or be constructed and operated in a specific orientation. Therefore, they should not be construed as limitations on the embodiments of the present invention. In addition, the terms "first," "second," and "third" are used for descriptive purposes only and should not be construed as indicating or implying relative importance.
[0056] In the description of this specification, the references to terms such as "one embodiment," "some embodiments," "example," "specific example," or "some examples," etc., refer to specific features, structures, materials, or characteristics described in connection with that embodiment or example, which are included in at least one embodiment or example of the present invention. In this specification, the illustrative expressions of the above terms do not necessarily refer to the same embodiment or example. Furthermore, the specific features, structures, materials, or characteristics described may be combined in any suitable manner in one or more embodiments or examples. Moreover, without contradiction, those skilled in the art can combine and integrate the different embodiments or examples described in this specification, as well as the features of different embodiments or examples.
[0057] Please see Figure 1 According to an embodiment of the present invention, a method for burning an identification code into a terminal is provided, comprising:
[0058] Step 100: Obtain the key file. The key file is obtained by encrypting the initial key using an encryption system.
[0059] Step 200: Obtain production data. The production data is obtained by encrypting the plaintext identification code based on the initial key.
[0060] Step 300: Burn the production data and key files to the terminal.
[0061] According to the terminal identification code burning method of this invention, an initial key is used to encrypt the plaintext identification code, and the encrypted production data is securely burned to the terminal. Even if an unauthorized user obtains the production data during the burning stage, they cannot decrypt the plaintext identification code, thus ensuring data security during the burning process. Specifically, the initial key is encrypted to generate a key file and burned to the terminal. Therefore, the plaintext identification code can only be decrypted by calling the decryption interface after the terminal is powered on. This terminal identification code burning method increases the difficulty and cost of reverse engineering, thereby enhancing the security level of the device.
[0062] According to the embodiments of the present invention, the method of burning identification codes is described using smart home terminals as an example only, without loss of generality. The terminals in the embodiments of the present invention can also be financial terminals, public service terminals, consumer retail terminals, and medical service terminals, etc.
[0063] According to embodiments of the present invention, the specific type of the identification code is not limited. By burning the identification code to the terminal, the terminal can then perform subsequent services such as network configuration authentication. For example, the identification code can be a license, communication key, signature, or security certificate. The following description uses license burning as an example only; without loss of generality, the terminal identification code burning method of the present invention is also applicable to the burning of communication keys, signatures, and security certificates.
[0064] According to an embodiment of the present invention, in step 100, the encryption system is a white-box management system. In this case, the initial key is white-boxed using the white-box management system to obtain a key file and a white-box LIB library, which are then integrated to obtain a white-box key (i.e., License.key) and a white-box SDK. Of course, the encryption system is not limited to the examples given here; it can be any other system that has been disclosed in the prior art, such as an asymmetric encryption system.
[0065] In one embodiment, the user logs into the white-box management system and enters an initial key. After integration, a corresponding white-box key and white-box SDK are generated. The white-box key is stored as a string, and the white-box SDK is either a lib library (static data link library) or a so library (dynamic library file). The string key file is converted into a binary white-box key and integrated into the source code. At the same time, the white-box SDK library is also integrated into the source code. The source code is compiled to generate firmware, which is then burned into smart home devices, such as network modules.
[0066] According to embodiments of the present invention, the white-box key can be stored in Flash memory to ensure fast and secure storage. Of course, the white-box key can also be stored in other storage spaces within the smart home system.
[0067] In one embodiment, based on the above-mentioned terminal identification code burning method, after the smart home network module is powered on, it can decrypt and obtain the plaintext identification code by reading the white box key in the Flash and calling the white box SDK encryption interface.
[0068] Please see Figure 2 and Figure 3 The terminal identification code burning method of this invention can avoid sniffing attacks to obtain key data, thereby ensuring data processing security.
[0069] Figure 2 and Figure 3 Taking the identification code (license) as an example, the home appliance license management system exports licenses in batches. These exported licenses are then processed by a white-box management system, thus preventing sniffing attacks from obtaining critical data. The licenses can include different licenses such as License1, License2, and License3, depending on the needs of different business operations. Based on this, the licenses can be sent to the network module via UART (Universal Asynchronous Receiver / Transmitter) or SPI (Service Provider Interface).
[0070] In one embodiment, see Figure 4 The initial key is a 16-byte AES (Advanced Encryption Standard) symmetric key, which is then encrypted using an encryption algorithm. This encryption algorithm can be AES-128-bit symmetric encryption. Based on this, a white-box management system is established using a lookup table obfuscation method. The symmetric key and encryption algorithm are processed by the white-box management system to obtain the white-box key and white-box encryption algorithm. At this point, the white-box key is a 16-byte AES symmetric key, and the white-box encryption algorithm is a white-box AES-128-bit symmetric encryption. Of course, the initial key is not necessarily a symmetric key. Furthermore, even when using a symmetric key, it does not necessarily have to be a 16-byte AES (Advanced Encryption Standard) symmetric key; as long as the initial key can encrypt the plaintext identifier to obtain secure production data, it is acceptable.
[0071] According to an embodiment of the present invention, in step 300, the production data and key file are burned into the network module of the terminal and stored in the Flash memory.
[0072] It should be noted that steps 100 to 300 above are for ease of description and do not constitute a time sequence limitation for the steps in the terminal identification code burning method. Furthermore, some content is described in detail in the terminal identification code burning method provided in the first aspect embodiment, and the content of all terminal identification code burning methods is also applicable to the terminal identification code burning system provided in the second aspect embodiment. Therefore, to avoid repetition, the terminal identification code burning system provided in the second aspect embodiment is not described in detail. Similarly, the content of the above two aspects embodiments can be used to explain the content of all subsequent embodiments; therefore, repeated content will not be described in the following embodiments.
[0073] According to an embodiment of a second aspect of the present invention, a terminal identification code burning system is provided, comprising:
[0074] The first acquisition module is used to acquire the key file, which is obtained by encrypting the initial key using an encryption system;
[0075] The second acquisition module is used to acquire production data, which is obtained by encrypting the plaintext identification code based on the initial key.
[0076] The programming module is used to program production data and key files to the terminal.
[0077] According to the identification code burning system of the present invention, the key file and production data burned are obtained based on encryption processing. That is, from the production line stage, the identification code is encrypted and burned to the terminal to realize encrypted burning, thereby ensuring the security of the burning process and improving the security level of the terminal.
[0078] According to an embodiment of the present invention, the programming module includes:
[0079] The first integration submodule is used to convert the white-box key into binary form and integrate it into the source code;
[0080] The second integration submodule is used to integrate the white-box SDK corresponding to the white-box key into the source code;
[0081] The compilation submodule is used to compile the source code to generate firmware.
[0082] The burning submodule is used to burn firmware into the terminal's network module.
[0083] According to an embodiment of the present invention, the programming submodule is used to program production data and key files into the network module of the terminal and store them in the Flash memory.
[0084] According to an embodiment of a third aspect of the present invention, a method for reading the identification code of a terminal is provided, comprising:
[0085] Based on the above-mentioned terminal identification code burning method, production data and key files are burned to the terminal:
[0086] Call the decryption interface of the module containing the production data and key files burned to the terminal, and perform a decryption operation on the production data to obtain the plaintext identification code corresponding to the production data;
[0087] The plaintext identification code is stored in RAM (Random Access Memory);
[0088] The plaintext identifier is cleared upon power failure.
[0089] According to the terminal identification code reading method of the present invention, the identification code can be decrypted only after the terminal is powered on and the corresponding decryption interface is called, thus ensuring the storage security of the identification code. Furthermore, since the plaintext identification code (e.g., license) in the RAM is cleared after the smart home appliance's network module loses power, the secure encrypted storage of the identification code is further guaranteed.
[0090] According to an embodiment of a fourth aspect of the present invention, a terminal identification code reading system is provided, comprising:
[0091] The terminal identification code burning system mentioned above;
[0092] The plaintext acquisition module is used to call the decryption interface of the module that burns the production data and key files to the terminal, and perform decryption operation on the production data to obtain the plaintext identification code corresponding to the production data.
[0093] The storage module is used to store the plaintext identification code in the random access memory;
[0094] The clearing module is used to clear plaintext identification codes based on power loss.
[0095] According to one embodiment of the present invention, please refer to Figure 5 The present invention provides a smart home appliance device, including a network module, wherein the module stores a white-box key, a white-box SDK and an encrypted license.
[0096] According to the terminal identification code reading system of this invention, the generated plaintext license is temporarily stored in RAM. If lost after power failure, it needs to be retrieved upon power-on, thus achieving secure encrypted storage of the license. This method significantly increases the difficulty and cost of reverse engineering and enhances the security level of the device.
[0097] According to an embodiment of the present invention, a key management system, a white-box management system, and a license management system are deployed in the background, and the identification code is the license. For license burning instructions, please refer to [link to relevant documentation]. Figure 6 ,include:
[0098] The login key management system generates a symmetric key;
[0099] Log in to the License management system to generate a plaintext License, enter the symmetric key to symmetrically encrypt the plaintext License, and generate an encrypted License that can be used for production line production, namely the production data License.xls;
[0100] Log in to the white-box management system, enter the symmetric key, and generate a white-box key and a white-box SDK. The corresponding production line calls the white-box key a key file License.key, which is saved as a string. The white-box SDK is a lib library or a so library.
[0101] The production data License.xls is parsed and converted into binary data using a programming tool and then programmed into the Flash memory of the smart home appliance, thereby storing the encrypted license in the Flash memory.
[0102] The corresponding string-format key file License.key is converted into a binary white-box key and integrated into the source code. At the same time, the white-box SDK library is also integrated into the source code. After compilation, firmware is generated and burned into the smart home appliance network module. At this time, the white-box key is stored in Flash.
[0103] Based on the above, the methods for reading the identification code include:
[0104] After the smart home appliance network module is powered on, it reads the encrypted license and white-box key from the Flash, calls the white-box SDK decryption interface, performs white-box decryption operation, obtains the plaintext license, and temporarily stores it in RAM for home appliance business, such as network authentication and other operations.
[0105] When the network module of a smart home appliance loses power, the plaintext license in RAM is cleared and needs to be decrypted and retrieved after power is restored, thus achieving secure encrypted storage of the license.
[0106] Figure 7 An example is a schematic diagram of the physical structure of an electronic device, such as... Figure 7As shown, the electronic device may include: a processor 710, a communication interface 720, a memory 730, and a communication bus 740, wherein the processor 710, the communication interface 720, and the memory 730 communicate with each other through the communication bus 740. The processor 710 can call logical instructions in the memory 730 to execute the following methods: obtaining a key file, which is obtained by encrypting an initial key based on an encryption system; obtaining production data, which is obtained by encrypting a plaintext identification code based on the initial key; and burning the production data and the key file to the terminal. Alternatively, it can execute the following method: burning the production data and the key file to the terminal based on the above identification code burning method: calling the decryption interface of the encryption system to perform a decryption operation to obtain the initial key of the key file; processing the production data based on the initial key to obtain a plaintext identification code corresponding to the production data; storing the plaintext identification code in random access memory; and clearing the plaintext identification code upon power loss.
[0107] Furthermore, the logical instructions in the aforementioned memory 730 can be implemented as software functional units and, when sold or used as independent products, can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present invention, essentially, or the part that contributes to the prior art, or a part of the technical solution, can be embodied in the form of a software product. This computer software product is stored in a storage medium and includes several instructions to cause a computer device (which may be a personal computer, server, or network device, etc.) to execute all or part of the steps of the methods of the various embodiments of the present invention. The aforementioned storage medium includes various media capable of storing program code, such as USB flash drives, portable hard drives, read-only memory (ROM), random access memory (RAM), magnetic disks, or optical disks.
[0108] Furthermore, this invention discloses a computer program product, which includes a computer program stored on a non-transitory computer-readable storage medium. The computer program includes program instructions, and when the program instructions are executed by a computer, the computer can execute the methods provided in the above-described method embodiments, such as: obtaining a key file, wherein the key file is obtained by encrypting an initial key based on an encryption system; obtaining production data, wherein the production data is obtained by encrypting a plaintext identification code based on the initial key; and burning the production data and the key file to a terminal. Alternatively, it includes: burning the production data and the key file to the terminal based on the above identification code burning method: calling the decryption interface of the encryption system to perform a decryption operation to obtain the initial key of the key file; processing the production data based on the initial key to obtain a plaintext identification code corresponding to the production data; storing the plaintext identification code in a random access memory; and clearing the plaintext identification code upon power failure.
[0109] On the other hand, embodiments of the present invention also provide a non-transitory computer-readable storage medium storing a computer program thereon. When executed by a processor, the computer program implements the identification code burning method provided in the above embodiments, including, for example,: obtaining a key file, wherein the key file is obtained by encrypting an initial key based on an encryption system; obtaining production data, wherein the production data is obtained by encrypting a plaintext identification code based on the initial key; and burning the production data and the key file to a terminal. Alternatively, it implements the identification code reading method provided in the above embodiments, including: burning the production data and the key file to a terminal based on the above identification code burning method; calling the decryption interface of the encryption system to perform a decryption operation to obtain the initial key of the key file; processing the production data based on the initial key to obtain a plaintext identification code corresponding to the production data; storing the plaintext identification code in a random access memory; and clearing the plaintext identification code upon power failure.
[0110] The device embodiments described above are merely illustrative. The units described as separate components may or may not be physically separate, and the components shown as units may or may not be physical units; that is, they may be located in one place or distributed across multiple network units. Some or all of the modules can be selected to achieve the purpose of this embodiment according to actual needs. Those skilled in the art can understand and implement this without any creative effort.
[0111] Through the above description of the embodiments, those skilled in the art can clearly understand that each embodiment can be implemented by means of software plus necessary general-purpose hardware platforms, and of course, it can also be implemented by hardware. Based on this understanding, the above technical solutions, in essence or the part that contributes to the prior art, can be embodied in the form of a software product. This computer software product can be stored in a computer-readable storage medium, such as ROM / RAM, magnetic disk, optical disk, etc., including several instructions to cause a computer device (which may be a personal computer, server, or network device, etc.) to execute the methods of various embodiments or some parts of embodiments.
[0112] Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the present invention, and not to limit them; although the present invention has been described in detail with reference to the foregoing embodiments, those skilled in the art should understand that modifications can still be made to the technical solutions described in the foregoing embodiments, or equivalent substitutions can be made to some of the technical features; and these modifications or substitutions do not cause the essence of the corresponding technical solutions to deviate from the spirit and scope of the technical solutions of the embodiments of the present invention.
Claims
1. A method for burning and reading identification codes on terminals in a production line stage, characterized in that, include: Obtain a key file, which is obtained by encrypting the initial key using an encryption system. The key file includes a white-box key. The encryption system is a white-box management system, which means that the initial key is white-boxed using a white-box management system to obtain a key file and a white-box LIB library. After integration, a white-box key and a white-box SDK are obtained. Obtain production data, which is obtained by encrypting the plaintext identification code based on the initial key; Burning the production data and the key file to the terminal includes: converting the white-box key into binary form and integrating it into the source code; integrating the white-box SDK corresponding to the white-box key into the source code; compiling the source code to generate firmware; burning the firmware into the network module of the terminal and storing it in the Flash memory. After the terminal is powered on, the decryption interface of the module containing the production data and the key file burned into the terminal is called to perform a decryption operation on the production data to obtain the plaintext identification code corresponding to the production data; The plaintext identification code is stored in a random access memory; The plaintext identification code is cleared upon power failure.
2. The method of claim 1, wherein the method further comprises: receiving a request for the identification code from the terminal; and transmitting the identification code to the terminal in response to the request. In the step of obtaining the key file, the white-box key is stored in string form.
3. The method of claim 1, wherein the method further comprises: receiving a request for the identification code from the terminal; and transmitting the identification code to the terminal in response to the request. In the step of obtaining the key file, the initial key is a symmetric key generated by the key management system.
4. The method of claim 1 to 3, wherein, The plaintext identification code includes a plaintext license, a plaintext communication key, a plaintext signature, or a plaintext security certificate.
5. A terminal identification code burning and reading system, characterized by, include: The first acquisition module is used to acquire a key file. The key file is obtained by encrypting the initial key based on the encryption system. The key file includes a white-box key. The encryption system is a white-box management system, that is, the initial key is white-boxed using the white-box management system to obtain the key file and the white-box LIB library. After integration, the white-box key and the white-box SDK are obtained. The second acquisition module is used to acquire production data, which is obtained by encrypting the plaintext identification code based on the initial key. A programming module is used to program the production data and the key file to the terminal. Specifically, the programming module programs the production data and the key file to the network module of the terminal and stores them in Flash memory. The programming module includes: The first integration submodule is used to convert the white-box key into binary form and integrate it into the source code; The second integration submodule is used to integrate the white-box SDK corresponding to the white-box key into the source code; The compilation submodule is used to compile the source code to generate firmware. The firmware flashing submodule is used to flash the firmware into the terminal's network module; The plaintext acquisition module is used to call the decryption interface of the module that burns the production data and key files to the terminal, and perform decryption operation on the production data to obtain the plaintext identification code corresponding to the production data. The storage module is used to store the plaintext identification code in the random access memory; The clearing module is used to clear plaintext identification codes based on power loss.
6. An electronic device comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, characterized in that, When the processor executes the computer program, it implements the terminal identification code burning and reading method as described in any one of claims 1 to 4.
7. A non-transitory computer-readable storage medium having a computer program stored thereon, characterized in that, The computer program, when executed by a processor, implements the identification code writing and reading method of the terminal as claimed in any one of claims 1 to 4.