Modular firmware security upgrade method and system for intelligent monitoring terminal
The intelligent monitoring terminal firmware upgrade method, which utilizes modular design and hardware fingerprint authentication, solves the security and reliability issues in the firmware upgrade process, achieving an efficient and trustworthy firmware upgrade process.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- DONGGUAN QIAOAN ZHILIAN TECHNOLOGY CO LTD
- Filing Date
- 2026-03-02
- Publication Date
- 2026-06-05
AI Technical Summary
In existing technologies, the firmware upgrade process of intelligent monitoring terminals has security and reliability issues. In particular, the identity authentication and integrity verification during the firmware upgrade process are imperfect, making the upgrade process vulnerable to attacks and failures.
The system adopts a modular design, dividing the firmware data into a bootloader module, a kernel module, a file system module, and an application module. It uses a device-unique identifier to derive an encryption key for encryption, combines a hardware fingerprint to generate an asymmetric key pair for digital signature verification, and implements an atomic upgrade and rollback mechanism through a dual-system partition design, recording and storing upgrade operations.
It enhances the security and reliability of firmware upgrades, reduces network transmission overhead through modular segmentation, ensures the credibility and reliability of the upgrade process, prevents unauthorized firmware flashing, and improves system reliability and upgrade efficiency.
Smart Images

Figure CN122152335A_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of Internet of Things (IoT) security technology, specifically to a modular firmware security upgrade method and system for smart monitoring terminals. Background Technology
[0002] The field of IoT security technology encompasses technologies related to the security of the IoT ecosystem, including IoT devices, network communication, data security, and system protection. Its core focus is on ensuring the confidentiality, integrity, and availability of IoT terminal devices, communication links, cloud platforms, and data interactions. Specifically, it covers technical directions such as device authentication, communication encryption, firmware security, vulnerability protection, access control, and security monitoring. The overall technology field addresses the security challenges of IoT devices, such as limited resources, dispersed deployment, and wide attack surface, by building an end-to-end security protection system, thereby achieving reliable operation and data security of IoT systems.
[0003] One of the patented technologies, a modular firmware security upgrade method and system for intelligent monitoring terminals, addresses security risks during firmware upgrades for these terminals through modular design, security verification mechanisms, and upgrade process control. The patent covers technical aspects including firmware upgrade package integrity verification, upgrade process authentication, differential upgrades using modular firmware, and rollback mechanisms for upgrade failures. Specifically, it employs digital signatures to verify the source and integrity of upgrade packages, uses encrypted communication to transmit upgrade data, utilizes a modular firmware structure to achieve on-demand upgrades and differential updates, adopts a dual-system partition design to support automatic rollback to the old version in case of upgrade failure, and records upgrade logs for auditing and troubleshooting. Summary of the Invention
[0004] (a) Technical problems to be solved To address the shortcomings of existing technologies, this invention provides a modular firmware security upgrade method and system for intelligent monitoring terminals, which features modular secure encapsulation, hardware fingerprint authentication, environmental security verification, atomic upgrade execution, and trusted evidence storage, thus solving the security and reliability issues in the firmware upgrade process.
[0005] (II) Technical Solution To solve the above-mentioned technical problems, the present invention provides the following technical solution: A modular firmware security upgrade method for intelligent monitoring terminals includes the following steps: S1: Divide the firmware data into four independent data blocks: bootloader module, kernel module, file system module, and application module. Calculate the check value for each data block, derive an encryption key using the device's unique identifier, and encrypt each module to generate a modular firmware security package. S2: Generate an asymmetric key pair based on the device hardware fingerprint, use the private key to digitally sign the upgrade instruction containing the hash value of the modular firmware security package, and use the pre-set public key on the device to verify the validity of the signature. S3: Verify the integrity of the currently running firmware, detect the status of the system memory protection unit and the write protection flag of the storage partition, and compare the compatibility between the current firmware version and the target version; S4: Create a dual-system partition mapping table based on the verification results, decrypt each module in the modular firmware security package and write it to the spare partition, verify the module values according to the module dependency order and update the partition table pointer. S5: Extract the operation timestamp, module version number, and execution status code from the execution record, combine them into a data block, calculate the hash value, and link it to the hash chain of the previous block to generate an upgrade operation certificate.
[0006] Preferably, in S1, the modular firmware security package adopts a fixed 96-byte segmented description structure, which includes a magic number identifier, data length, check value, type identifier and extended fields. The extended fields are used to match the device model, sensor type and version number, and are in the format of keyword=value. Multiple fields are separated by semicolons.
[0007] Preferably, in S2, the device hardware fingerprint is obtained by parsing the hardware adaptation parameters in the uboot parameter partition, including the HWUbootGpioSet and HWKernelGpio fields, wherein the HWUbootGpioSet field is in the format of GPIO number (mode) and is used to configure the hardware GPIO pins.
[0008] Preferably, in S3, the firmware integrity verification is implemented through the Iron Man event library, which is based on libev and maintains a mutex lock for each event loop instance to achieve cross-thread resource access control.
[0009] Preferably, in S4, the module dependency order is executed according to the fixed order of the upgrade packages, which are the file header description segment, the mtdx partition segment, and the toolvx tool segment, wherein the toolvx segment contains the upgrade script and the type matching file.
[0010] Preferably, in S5, the upgrade operation evidence is stored in the confbak partition, which is a 32K aligned independent storage area used to store the device's unique identifier and key configuration information.
[0011] This invention also discloses a modular firmware security upgrade system for intelligent monitoring terminals, comprising the following steps: The upgrade package building module is used to divide the firmware data into four independent data blocks and calculate the check value, derive an encryption key using the device's unique identifier for encryption, and generate a modular firmware security package. The security authentication module is used to generate asymmetric key pairs based on the device hardware fingerprint and to digitally sign and verify upgrade commands. The environment verification module is used to verify firmware integrity and system security status, and to detect memory protection units and storage partition write protection flags; The upgrade execution module is used to create a dual-system partition mapping table and executes module decryption and verification operations in a fixed order; The evidence storage and traceability module is used to generate upgrade operation evidence and save it to the confbak partition.
[0012] Preferably, in the upgrade package construction module, the segmented description structure adopts a fixed 96-byte format, and the extended fields support dynamic matching of sensor type, WIFI network card type and language type.
[0013] Preferably, the environment verification module implements firmware integrity verification through the Iron Man event library, which maintains a mutex lock for each event loop instance to control cross-thread resource access.
[0014] Preferably, the environment verification module implements firmware integrity verification through the Iron Man event library, which maintains a mutex lock for each event loop instance to control cross-thread resource access.
[0015] (III) Beneficial Effects Compared with existing technologies, this invention provides a modular firmware security upgrade method and system for intelligent monitoring terminals, which has the following beneficial effects: This modular firmware security upgrade method and system for intelligent monitoring terminals enhances upgrade package security by dividing the firmware into independent modules and calculating verification values for each module, combined with a method of deriving encryption keys from the device's unique identifier. It employs hardware fingerprinting to generate asymmetric key pairs for digital signature verification, ensuring the trustworthiness of upgrade commands. By verifying the integrity of the running firmware and the system's security status, a dual-system partition mapping mechanism is established to achieve atomic operations for modular upgrades. The upgrade process is recorded and traceable, forming a complete security chain. The modular structure and fixed execution order improve upgrade efficiency, reduce resource consumption, and enhance system reliability. Attached Figure Description
[0016] Figure 1 This is a flowchart illustrating the steps of the modular firmware security upgrade method for intelligent monitoring terminals according to the present invention. Figure 2 This is a block diagram of the modular firmware security upgrade system for intelligent monitoring terminals according to the present invention. Detailed Implementation
[0017] The technical solutions of the embodiments of the present invention will now be described with reference to the accompanying drawings. It should be noted that the drawings are for illustrative purposes only and do not constitute a limitation on the scope of protection of the present invention.
[0019] Example 1 Please see Figure 1 This invention provides a modular firmware security upgrade method for intelligent monitoring terminals, comprising the following steps: S1: Divide the firmware data into four independent data blocks: bootloader module, kernel module, file system module, and application module. Calculate the check value for each data block, derive an encryption key using the device's unique identifier, and encrypt each module to generate a modular firmware security package. S2: Generate an asymmetric key pair based on the device hardware fingerprint, use the private key to digitally sign the upgrade instruction containing the hash value of the modular firmware security package, and use the pre-set public key on the device to verify the validity of the signature. S3: Verify the integrity of the currently running firmware, detect the status of the system memory protection unit and the write protection flag of the storage partition, and compare the compatibility between the current firmware version and the target version; S4: Create a dual-system partition mapping table based on the verification results, decrypt each module in the modular firmware security package and write it to the spare partition, verify the module values according to the module dependency order and update the partition table pointer. S5: Extract the operation timestamp, module version number, and execution status code from the execution record, combine them into a data block, calculate the hash value, and link it to the hash chain of the previous block to generate an upgrade operation certificate.
[0020] The core innovation of this embodiment lies in achieving differential upgrades through modular segmentation, which significantly reduces network transmission overhead; establishing device-level identity authentication through hardware fingerprint binding to prevent unauthorized firmware flashing; and ensuring the reliability of the upgrade process by employing dual-system partitioning and atomic operations.
[0021] Example 2 In S1, the modular firmware security package adopts a fixed 96-byte segmented description structure, which includes a magic number identifier, data length, check value, type identifier, and extended fields. The extended fields are used to match the device model, sensor type, and version number, and are in the format of keyword=value, with multiple fields separated by semicolons.
[0022] In S2, the device hardware fingerprint is obtained by parsing the hardware adaptation parameters in the uboot parameter partition, including the HWUbootGpioSet and HWKernelGpio fields. The HWUbootGpioSet field is in the format of GPIO number (mode) and is used to configure the hardware GPIO pins.
[0023] In S3, the firmware integrity verification is implemented through an event library, which maintains a mutex lock for each event loop instance to achieve cross-thread resource access control.
[0024] The innovation of this embodiment lies in its standardized upgrade package structure supporting multi-device adaptation, and its hardware fingerprint authentication mechanism deeply binding security with physical device characteristics, solving the security problem of software-level authentication being easily bypassed in traditional solutions. The event library's mutex lock mechanism ensures verification reliability in a multi-threaded environment.
[0025] Example 3 In S4, the module dependencies are executed in a fixed order according to the upgrade packages, namely the file header description segment, the mtdx partition segment, and the toolvx utility segment, where the toolvx segment contains the upgrade script and the type matching file.
[0026] In S5, the upgrade operation evidence is stored in the confbak partition, which is a 32K aligned independent storage area used to store the device's unique identifier and key configuration information.
[0027] This embodiment ensures the correct handling of module dependencies by fixing the upgrade order, avoiding system failures caused by disordered execution order. The independent storage design of the confbak partition meets the security and persistence requirements of the evidence data, and its 32K alignment feature is compatible with the physical characteristics of Flash memory.
[0028] Example 4 Please see Figure 2 The present invention also provides a modular firmware security upgrade system for intelligent monitoring terminals, including an upgrade package construction module, a security authentication module, an environment verification module, an upgrade execution module, and an evidence storage and traceability module.
[0029] In the upgrade package construction module, the segmented description structure adopts a fixed 96-byte format, and the extended fields support dynamic matching of sensor type, WIFI network card type and language type.
[0030] In the security authentication module, the device hardware fingerprint is obtained by parsing the HWUbootGpioSet and HWKernelGpio fields in the uboot parameter partition, and is used to generate an asymmetric key pair.
[0031] The environment verification module implements firmware integrity verification through an event library, which maintains a mutex lock for each event loop instance to control cross-thread resource access.
[0032] This embodiment implements a complete technical solution corresponding to the method claims through a modular system architecture. Data is transferred between modules via standard interfaces, forming a closed-loop management system from upgrade package construction to evidence storage and traceability, effectively solving problems such as incomplete security verification and unreliable upgrade processes in traditional solutions.
[0033] It should be noted that the above embodiments are merely preferred embodiments of the present invention and do not limit the patent scope of the present invention. Any equivalent structural or procedural modifications made based on the description and drawings of the present invention, or direct or indirect applications in other related technical fields, are similarly included within the patent protection scope of the present invention.
Claims
1. A modular firmware security upgrade method for intelligent monitoring terminals, characterized in that: Includes the following steps: S1: Divide the firmware data into four independent data blocks: bootloader module, kernel module, file system module, and application module. Calculate the check value for each data block, derive an encryption key using the device's unique identifier, and encrypt each module to generate a modular firmware security package. S2: Generate an asymmetric key pair based on the device hardware fingerprint, use the private key to digitally sign the upgrade instruction containing the hash value of the modular firmware security package, and use the pre-set public key on the device to verify the validity of the signature. S3: Verify the integrity of the currently running firmware, detect the status of the system memory protection unit and the write protection flag of the storage partition, and compare the compatibility between the current firmware version and the target version; S4: Create a dual-system partition mapping table based on the verification results, decrypt each module in the modular firmware security package and write it to the spare partition, verify the module values according to the module dependency order and update the partition table pointer. S5: Extract the operation timestamp, module version number, and execution status code from the execution record, combine them into a data block, calculate the hash value, and link it to the hash chain of the previous block to generate an upgrade operation certificate.
2. The modular firmware security upgrade method for intelligent monitoring terminals according to claim 1, characterized in that: In S1, the modular firmware security package adopts a fixed 96-byte segmented description structure, which includes a magic number identifier, data length, check value, type identifier, and extended fields. The extended fields are used to match the device model, sensor type, and version number, and are in the format of keyword=value, with multiple fields separated by semicolons.
3. The modular firmware security upgrade method for intelligent monitoring terminals according to claim 1, characterized in that: In S2, the device hardware fingerprint is obtained by parsing the hardware adaptation parameters in the uboot parameter partition, including the HWUbootGpioSet and HWKernelGpio fields. The HWUbootGpioSet field is in the format of GPIO number (mode) and is used to configure the hardware GPIO pins.
4. The modular firmware security upgrade method for intelligent monitoring terminals according to claim 1, characterized in that: In S3, the firmware integrity verification is implemented through the Iron Man event library, which is based on libev and maintains a mutex lock for each event loop instance to achieve cross-thread resource access control.
5. A modular firmware security upgrade method for intelligent monitoring terminals according to claim 1, characterized in that: In S4, the module dependencies are executed in a fixed order according to the upgrade packages, namely the file header description segment, the mtdx partition segment, and the toolvx utility segment, where the toolvx segment contains the upgrade script and the type matching file.
6. A modular firmware security upgrade method for intelligent monitoring terminals according to claim 1, characterized in that: In S5, the upgrade operation evidence is stored in the confbak partition, which is a 32K aligned independent storage area used to store the device's unique identifier and key configuration information.
7. A modular firmware security upgrade system for intelligent monitoring terminals, characterized in that: Includes the following modules: The upgrade package building module is used to divide the firmware data into four independent data blocks and calculate the check value, derive an encryption key using the device's unique identifier for encryption, and generate a modular firmware security package. The security authentication module is used to generate asymmetric key pairs based on the device hardware fingerprint and to digitally sign and verify upgrade commands. The environment verification module is used to verify firmware integrity and system security status, and to detect memory protection units and storage partition write protection flags; The upgrade execution module is used to create a dual-system partition mapping table and executes module decryption and verification operations in a fixed order; The evidence storage and traceability module is used to generate upgrade operation evidence and save it to the confbak partition.
8. A modular firmware security upgrade system for intelligent monitoring terminals according to claim 7, characterized in that: In the upgrade package construction module, the segmented description structure adopts a fixed 96-byte format, and the extended fields support dynamic matching of sensor type, WIFI network card type and language type.
9. A modular firmware security upgrade system for intelligent monitoring terminals according to claim 7, characterized in that: The environment verification module implements firmware integrity verification through the Iron Man event library. The event library maintains a mutex lock for each event loop instance to control cross-thread resource access.
10. A modular firmware security upgrade system for intelligent monitoring terminals according to claim 7, characterized in that: The environment verification module implements firmware integrity verification through the Iron Man event library. The event library maintains a mutex lock for each event loop instance to control cross-thread resource access.