Remote upgrade method, system, device and medium for trusted computing component
By adopting a phased and gradual upgrade strategy, generating differentiated upgrade packages, and selecting representative test terminals, the compatibility issues of full-scale push upgrade of trusted computing components for domestically developed terminals were resolved, improving the reliability of the upgrade process and business continuity.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- XIAN THERMAL POWER RES INST CO LTD
- Filing Date
- 2026-03-13
- Publication Date
- 2026-06-19
AI Technical Summary
The existing method of full-scale push upgrade of trusted computing components for domestically developed terminals has compatibility issues, which may lead to large-scale terminal system failures and service interruptions, and make it difficult to effectively respond to new attacks and fix security vulnerabilities.
A phased and gradual upgrade strategy is adopted. Differentiated upgrade packages are generated through binary difference analysis or file incremental algorithms. Representative test terminals are selected for encrypted channel upgrades. After verifying that the upgrade success rate reaches the security threshold in a small-scale test, the upgrade is promoted.
It significantly reduces the probability of large-scale system downtime due to upgrade failures and improves the reliability of the system upgrade process and the ability to ensure business continuity.
Smart Images

Figure CN122240150A_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of industrial control system security, and specifically to a method, system, device, and medium for remote upgrading of trusted computing components. Background Technology
[0002] With the deepening of the national strategy for independent control of critical information infrastructure, the domestically developed information technology (IT) innovation industry has become a core support for ensuring the security of industrial control systems. IT innovation systems are independent computing platforms built on fully domestically produced hardware and software (including a domestically developed real-time operating system compliant with POSIX standards). IT innovation terminals, as their corresponding endpoints, are widely deployed in key industrial sectors such as energy, transportation, and manufacturing. In these IT innovation terminals, trusted computing components, as the hardware root of trust and the cornerstone of system security, integrate domestic cryptographic algorithm chips to achieve core security functions such as identity authentication, integrity measurement, and data encryption, forming the foundation for terminal devices to be immune to network attacks. Because industrial control systems have long faced advanced persistent threats and unknown vulnerability risks, timely updates to trusted computing components have become a necessary measure to address new attack methods and patch security vulnerabilities.
[0003] Currently, the main method for upgrading trusted components in domestically developed terminals is the full-scale push model, which involves uniformly distributing the complete upgrade installation package to all target terminals. While this approach is simple to operate, it has significant drawbacks: when the upgrade package has compatibility issues or potential defects, it may trigger large-scale terminal system failures, leading to a wider range of service interruptions and causing irreparable losses. Summary of the Invention
[0004] To address the aforementioned problems, this invention provides a method, system, device, and medium for remotely upgrading trusted computing components.
[0005] The first aspect of this invention discloses a remote upgrade method for a trusted computing component, comprising: Obtain the current version of the trusted computing component for all domestically developed terminals; Based on all current version types, generate multiple upgrade packages for the trusted computing component; Select multiple test terminals based on the type of the current version; Establish an encrypted channel with the test terminal, and send an encrypted upgrade installation package to the test terminal through the encrypted channel to upgrade the test terminal to the target version; The upgrade results of the test terminals are statistically analyzed, and the remaining domestically developed terminals are upgraded based on these results.
[0006] Furthermore, based on all current version types, the steps for generating multiple upgrade packages for the trusted computing component include: For each current version, a differentiated upgrade installation package is generated from the current version of that type to the target version using a binary difference analysis algorithm or a file incremental algorithm.
[0007] Furthermore, the steps for selecting multiple test terminals based on the current version type include: For the current version of each category: All domestically developed terminals corresponding to the current version are identified as terminals to be screened. Based on multiple predefined selection rules, calculate the confidence value for each terminal to be screened; Based on the confidence level, test terminals are determined from the terminals to be screened according to a preset selection ratio.
[0008] Furthermore, the selection rules include: Representativeness of terminal hardware configuration, and / or stability of network connection, and / or historical upgrade success rate, and / or uniformity of geographical distribution.
[0009] Furthermore, based on multiple predefined selection rules, the steps for calculating the confidence value of each terminal to be screened include: For each terminal to be filtered: Based on each selection rule, calculate the sub-item confidence value of the terminal to be screened corresponding to that selection rule; The confidence values of all sub-items are weighted and summed to obtain the confidence value of the terminal to be screened.
[0010] Furthermore, the step of sending the encrypted upgrade installation package to the test terminal via an encrypted channel includes: Based on the current version of the test terminal, determine the target installation package from all upgrade installation packages; The target installation package is signed using a preset signing key to obtain a signed installation package; The signed installation package is encrypted using a preset encryption key and encryption algorithm to obtain an encrypted installation package; Generate an integrity verification code for the encrypted installation package; The encrypted installation package and the integrity verification code are assembled into an installation package to be sent. The installation package to be sent is sent to the test terminal through an encrypted channel.
[0011] Furthermore, based on the upgrade results, the steps for upgrading the remaining domestically developed terminals include: For the current version of each category: Calculate the upgrade success rate based on the upgrade results of all corresponding test terminals; Determine whether the upgrade success rate exceeds the threshold: If the number exceeds the limit, then upgrade the remaining domestically developed terminals of that type using the current version. Otherwise, an upgrade failure warning will be generated.
[0012] A second aspect of the present invention discloses a remote upgrade system for trusted computing components, comprising: The acquisition module is used to obtain the current version of the trusted computing components of all domestically developed terminals. The generation module is used to generate multiple upgrade packages for the trusted computing component based on all current version types; The selection module is used to select multiple test terminals based on the type of the current version. The sending module is used to establish an encrypted channel with the test terminal and send an encrypted upgrade installation package to the test terminal through the encrypted channel to upgrade the test terminal to the target version; The upgrade module is used to collect statistics on the upgrade results of the test terminals and upgrade the remaining domestically developed terminals based on the upgrade results.
[0013] A third aspect of the present invention discloses an electronic device comprising a memory, a processor, and a computer program stored in the memory and executable on the processor, characterized in that the processor executes the computer program to implement the steps of any of the remote upgrade methods for trusted computing components disclosed in the first aspect of the present invention.
[0014] The fourth aspect of the present invention discloses a storage medium storing a computer program, characterized in that, when executed by a processor, the computer program implements the steps of any of the remote upgrade methods for trusted computing components disclosed in the first aspect of the present invention.
[0015] This invention employs a phased, incremental upgrade strategy. First, it generates differentiated upgrade packages based on the distribution characteristics of terminal versions and selects representative test terminals for initial upgrades. Only after verifying that the upgrade success rate reaches a safe threshold is a full rollout initiated, thus constructing an effective risk control mechanism. This design exposes and isolates potential compatibility issues in advance during small-scale testing, limiting the potential upgrade risks to a limited scope. This significantly reduces the probability of large-scale system downtime due to upgrade failures, fundamentally improving the reliability of the system upgrade process and the ability to ensure business continuity. Attached Figure Description
[0016] To more clearly illustrate the technical solutions in the embodiments of the present invention, the accompanying drawings used in the description of the embodiments will be briefly introduced below. Obviously, the accompanying drawings described below are only some embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.
[0017] Figure 1 This is a flowchart illustrating a remote upgrade method for a trusted computing component disclosed in an embodiment of the present invention; Figure 2 This is a schematic diagram of the structure of a remote upgrade system for trusted computing components disclosed in an embodiment of the present invention.
[0018] Figure 3 This is a schematic diagram of the structure of the electronic device disclosed in the embodiments of the present invention. Detailed Implementation
[0019] To enable those skilled in the art to better understand the present invention, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present invention, and not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.
[0020] The terms "first," "second," etc., used in the specification, claims, and accompanying drawings of this invention are used to distinguish different objects, not to describe a specific order. Furthermore, the terms "comprising" and "having," and any variations thereof, are intended to cover non-exclusive inclusion. For example, a process, method, apparatus, or product comprising a series of steps or units is not limited to the listed steps or units, but may optionally include steps or units not listed, or may optionally include other steps or units inherent to these processes, methods, apparatus, or products.
[0021] In this document, the term "embodiment" means that a particular feature, structure, or characteristic described in connection with an embodiment may be included in at least one embodiment of the invention. The appearance of this phrase in various places throughout the specification does not necessarily refer to the same embodiment, nor is it a separate or alternative embodiment mutually exclusive with other embodiments. It will be explicitly and implicitly understood by those skilled in the art that the embodiments described herein can be combined with other embodiments.
[0022] Please see Figure 1 As shown, Figure 1 This is a flowchart illustrating a remote upgrade method for trusted computing components disclosed in an embodiment of the present invention. Figure 1 As shown, the remote upgrade method for trusted computing components may include the following operations: S101. Obtain the current version of the trusted computing component for all domestically developed terminals; In this optional embodiment, the trusted computing component refers to a series of software modules or hardware firmware embedded within the domestically developed terminal, using domestically produced cryptographic algorithms and dedicated security hardware as its core, to provide fundamental and critical security functions for the terminal system. These trusted computing components form the cornerstone of the terminal's trusted computing environment, and their core responsibility is to ensure the trustworthiness of the system's state, identity, and data at each critical stage from startup to operation. The trusted computing component can be deeply integrated into the operating system layer or run directly on a dedicated domestically developed cryptographic security chip. By performing key tasks such as measuring the integrity of the system startup chain, platform identity authentication, sensitive data encryption protection, and trusted service provision, it establishes and maintains the terminal's trust chain.
[0023] Trusted computing components, such as the trusted measurement module, are responsible for verifying the integrity of critical code and configuration data during system startup and application loading to ensure that the system operating environment has not been tampered with. Another example is the trusted service module, which provides cryptographic services such as secure key storage, random number generation, and data sealing and desealing to upper-layer applications, ensuring that sensitive operations are performed in a protected executable environment.
[0024] The current version can be obtained through system command queries, such as executing specific system commands or calling dedicated version query tools in the command line interface of the terminal operating system, the output of which contains the version number of the relevant component; or by reading configuration files, that is, accessing specific configuration files or version information files of the trusted computing component in the file system and directly reading the version identifier recorded therein; or by interface calls, such as by calling the application programming interface provided by the operating system or the trusted computing component itself to obtain its detailed version information programmatically; the specific method is not limited in this invention.
[0025] S102. Generate multiple upgrade packages for the trusted computing component based on all current version types; In an optional embodiment, the step of generating multiple upgrade packages for the trusted computing component, based on all current version types, includes: For each current version, a differentiated upgrade installation package is generated from the current version of that type to the target version using a binary difference analysis algorithm or a file incremental algorithm.
[0026] In this optional embodiment, a binary diff analysis algorithm is a technique for comparing two versions of software components and generating data blocks describing the differences between them. The binary diff analysis algorithm operates at the binary level, treating a file as a continuous sequence of bytes. Using sliding windows, hash checks, or more complex pattern matching techniques, it identifies the parts that remain the same between the base and target versions, as well as the parts that have been modified. It outputs a diff file containing a series of operational instructions required to accurately convert the base version to the target version. Compared to a full file replacement, this method generates a significantly smaller differentiated upgrade installation package.
[0027] The incremental file algorithm operates at the file system object level, comparing complete files rather than byte blocks. By comparing the overall file directory structure of the trusted computing component between the base and target versions, the algorithm identifies which files have been added, deleted, or whose content has been modified. For files with modified content, the incremental algorithm can further confirm the changes through checksum comparisons. When generating the upgrade package, it can choose to directly replace the entire modified file, or perform the aforementioned binary difference analysis as needed to further optimize the package size. This method is particularly suitable for scenarios involving multiple file additions, deletions, and modifications during component upgrades. It ensures that the upgrade process accurately reflects the complete changes to the file set between versions, thereby guaranteeing the correctness and consistency of the component's file structure.
[0028] Different versions of trusted computing components share a high degree of similarity in file structure, with only local binary differences. By precisely identifying and extracting specific data blocks or file fragments that have changed between these versions, rather than the entire file, the generated differentiated installation packages achieve significant data compression. This approach directly brings advantages on two levels: In the data transmission phase, the significantly reduced amount of data to be transmitted not only lowers the continuous load on network bandwidth but also enables rapid distribution of upgrade packages even in limited or fluctuating network environments, which is particularly beneficial for large-scale, cross-regional deployment scenarios; In the terminal processing phase, smaller data packets mean shorter decryption, verification, and file replacement operation times, thereby shortening the overall upgrade time for individual terminals, improving the efficiency of the upgrade process, and indirectly reducing the potential impact on terminal service continuity caused by excessively long upgrade operation times.
[0029] S103. Select multiple test terminals according to the type of the current version; In an optional embodiment, the step of selecting multiple test terminals based on the type of the current version includes: For the current version of each category: All domestically developed terminals corresponding to the current version are identified as terminals to be screened. Based on multiple predefined selection rules, calculate the confidence value for each terminal to be screened; Based on the confidence level, test terminals are determined from the terminals to be screened according to a preset selection ratio.
[0030] Within the same type of domestically developed IT terminals, there are objective differences in hardware environment, operating status, and historical performance; they are not a homogeneous set. By introducing multi-dimensional rules for quantitative evaluation and screening, the aim is to construct a test sample set that statistically reflects the overall characteristics and risk distribution of this version group to the greatest extent possible. This screening mechanism based on a confidence model effectively avoids testing blind spots that may arise from random selection or simple sampling, ensuring that the selected test terminals cover more diverse operating conditions and potential risk points. Therefore, upgrade verification conducted on this test sample can more realistically and comprehensively predict various situations that this version group may encounter during full-scale deployment, significantly improving the early warning capability during the testing phase. This provides a more scientific and reliable basis for subsequent decisions on whether to initiate large-scale upgrades, reducing the risk of batch upgrade failures due to insufficient testing at the source.
[0031] In an optional embodiment, the selection rules include: Representativeness of terminal hardware configuration, and / or stability of network connection, and / or historical upgrade success rate, and / or uniformity of geographical distribution.
[0032] In this optional embodiment, the confidence value calculation corresponding to the representativeness of the terminal hardware configuration aims to quantify the typicality of the hardware of the terminal to be screened within a specific version group. This calculation relies on establishing a hardware feature vector encompassing key hardware attributes. These key hardware attributes are pre-defined, such as CPU model, memory capacity, and security chip type. Cluster analysis is performed on the hardware feature vectors of all terminals to be screened for that version to identify the mainstream hardware configuration types. Subsequently, the similarity distance between the hardware feature vector of the terminal to be evaluated and the centroid of each mainstream configuration type is calculated. Finally, the reciprocal of the highest similarity value or the minimum distance is normalized, and the resulting value is the confidence value for the representativeness of the terminal's hardware configuration. The higher this value, the more prevalent and representative the terminal's hardware environment is within that version group.
[0033] The confidence score for network connectivity stability is calculated to assess the reliability of the network link of a terminal over a past period. This calculation is based on historical network performance monitoring data, and key indicators such as network latency volatility, packet loss rate, and historical upgrade task transmission success rate can be pre-selected. Time-series data of these indicators for the terminal to be screened within a preset time window are collected; a stability metric is calculated for each indicator, such as calculating the variance or standard deviation of latency, or statistically analyzing the proportion of failed sessions. Then, these stability metrics are combined into a comprehensive network stability score through weighted averaging or function mapping. Finally, this score is normalized to a predetermined interval to obtain the confidence score for network connectivity stability. The higher this value, the lower the risk of the terminal failing due to network problems during the upgrade process.
[0034] The confidence score for historical upgrade success rate directly reflects the terminal's past success record in performing upgrade tasks. For example, the ratio of historical successes to total successes can be used as the base confidence score. To more accurately reflect reliability trends, a time decay factor can be introduced, assigning higher weight to recent upgrade records to calculate a weighted historical success rate. Furthermore, for new terminals lacking historical data, a default initial confidence score can be assigned. Finally, this calculated or adjusted success rate value is normalized to obtain the confidence score for the historical upgrade success rate. This value directly reflects the reliability and robustness of the terminal in completing the upgrade process.
[0035] The purpose of calculating the confidence score for geographical distribution uniformity is to promote the geographical dispersion of test terminals, thereby detecting upgrade issues that may be caused by regional factors. The calculation can be based on the geographical region identifier of the terminal, such as city code or data center number. When selecting test terminals, the system maintains a dynamic geographical distribution map of selected terminals for the current upgrade task. For a terminal to be evaluated, its geographical distribution uniformity confidence score is inversely proportional to the frequency of its geographical region appearing in the currently selected set of test terminals. Specifically, if a terminal's region has not had, or has only had a few, terminals selected as test terminals, its confidence score in this dimension will be higher; conversely, if its region is overrepresented, its confidence score will be lower. This calculation method effectively encourages the selection of terminals from different geographical regions, ensuring the breadth of geographical coverage of the test sample.
[0036] In this optional embodiment, the dimensions for selecting rules are set based on key environmental factors affecting the success of the upgrade and the terminal's own attributes. Hardware configuration representativeness ensures that the test terminals cover the main hardware architectures and performance levels that may exist within the version group, exposing hardware compatibility issues in advance; network connection stability filters out terminals with different network conditions to verify the upgrade process's adaptability to network fluctuations; historical upgrade success rate reflects, to some extent, the robustness and operational status of the terminal system environment; and geographical distribution uniformity helps identify problems that may be introduced by regionally related network latency or configuration differences. By incorporating these key factors into the screening rule system, the calculation of confidence values can more comprehensively and realistically depict the risks and challenges that terminals may face during the upcoming upgrade process. This results in a highly condensed, highly predictive, miniature panoramic view of the test group, greatly enhancing the accuracy and credibility of small-scale test results for global upgrade risk assessment.
[0037] In an optional embodiment, the step of calculating the confidence value of each terminal to be screened based on a plurality of predefined selection rules includes: For each terminal to be filtered: Based on each selection rule, calculate the sub-item confidence value of the terminal to be screened corresponding to that selection rule; The confidence values of all sub-items are weighted and summed to obtain the confidence value of the terminal to be screened.
[0038] The core advantage of the weighted synthesis mechanism in this optional embodiment lies in the introduction of policy flexibility. Different operational scenarios or different upgrade tasks may have different risk concerns. For example, for major underlying component upgrades, more attention may be paid to hardware configuration coverage; while for frequent minor version updates, more emphasis may be placed on network stability to reduce transmission interruptions. By assigning appropriate weight coefficients to each selection rule, this method allows operations personnel to dynamically adjust the focus of screening criteria based on the specific goals of the current upgrade task, historical experience, or risk tolerance. This fine-grained control capability makes the screening of test terminals no longer fixed, but can be targeted towards specific types of high-risk terminals or core terminals that are crucial to ensuring business continuity. This optimizes the allocation efficiency of limited testing resources, ensures that the testing phase can more effectively detect potential problems in the areas of greatest concern, and further improves the accuracy and foresight of risk identification.
[0039] S104. Establish an encrypted channel with the test terminal, and send an encrypted upgrade installation package to the test terminal through the encrypted channel to upgrade the test terminal to the target version; In an optional embodiment, the step of sending the encrypted upgrade installation package to the test terminal via an encrypted channel includes: Based on the current version of the test terminal, determine the target installation package from all upgrade installation packages; The target installation package is signed using a preset signing key to obtain a signed installation package; The signed installation package is encrypted using a preset encryption key and encryption algorithm to obtain an encrypted installation package; Generate an integrity verification code for the encrypted installation package; The encrypted installation package and the integrity verification code are assembled into an installation package to be sent. The installation package to be sent is sent to the test terminal through an encrypted channel.
[0040] This optional embodiment specifies a series of security processing steps that the upgrade installation package must undergo before being sent: digital signature, encryption, and the addition of an integrity check code. This multi-layered security process constructs an interconnected defense system. The digital signature operation utilizes the principle of asymmetric cryptography, using a preset signature key to calculate the target installation package and generate unique signature information. This process not only ensures the verifiability of the installation package's source and the legitimacy of the upgrade source, but also provides non-repudiation of the operation. Subsequently, the signed installation package is encrypted using an encryption key and algorithm, converting plaintext data into ciphertext. This effectively protects the data from being intercepted during transmission and prevents it from being stolen or deciphered, ensuring the confidentiality of the transmission process. Finally, an integrity check code is generated for the encryption result. This check code acts like a "digital fingerprint" of the data; any minor tampering with the encrypted installation package will cause the check code verification to fail. These three steps are implemented sequentially and complement each other, forming an end-to-end security loop from identity authentication to data confidentiality and tamper-proof verification. This loop can systematically resist major security threats that may be encountered during the upgrade process, such as forged distribution, eavesdropping and leakage, and content tampering, thus laying a solid security foundation for the reliable execution of the entire remote upgrade process.
[0041] S105. Statistically test the upgrade results of the terminals, and upgrade the remaining domestically developed terminals based on the upgrade results.
[0042] In an optional embodiment, the steps for upgrading the remaining domestically developed terminals based on the upgrade results include: For the current version of each category: Calculate the upgrade success rate based on the upgrade results of all corresponding test terminals; Determine whether the upgrade success rate exceeds the threshold: If the number exceeds the limit, then upgrade the remaining domestically developed terminals of that type using the current version. Otherwise, an upgrade failure warning will be generated.
[0043] In this optional embodiment, upgrading the remaining current version of the domestically developed terminals of this type refers to upgrading them according to the aforementioned upgrade method for test terminals.
[0044] Upgrade success rate refers to the percentage of terminals that successfully complete the upgrade operation out of the total number of test terminals in a specific version group.
[0045] This optional embodiment introduces a controlled, evidence-based decision gate. It treats small-scale testing as a stress test for a large-scale upgrade, quantitatively evaluating the maturity and stability of the upgrade package in the current target environment by statistically analyzing the upgrade success rate of the test group. When the success rate exceeds a threshold, it indicates that the upgrade package performs well in the representative test environment and the risk is controllable; at this point, promoting it to the remaining terminals is a decision with high confidence. Conversely, when the success rate falls below the threshold, it is a strong risk signal, indicating that the upgrade package may have a widespread defect; immediate suspension and alerts can prevent the scope of the failure from expanding. This data-driven, conditional, phased approach effectively limits and mitigates the potential risks of large-scale systemic upgrades in the initial small-scale testing phase, thereby greatly improving the controllability and security of the entire upgrade process and avoiding widespread business interruptions that could be caused by blindly pushing a single defective upgrade package globally.
[0046] Please see Figure 2 As shown, Figure 2 This is a schematic diagram of a remote upgrade system for trusted computing components disclosed in an embodiment of the present invention, comprising: The acquisition module 201 is used to acquire the current version type of the trusted computing component of all domestically developed terminals; Module 202 is used to generate multiple upgrade installation packages for the trusted computing component based on all current version types; Selection module 203 is used to select multiple test terminals according to the type of the current version; The sending module 204 is used to establish an encrypted channel with the test terminal and send an encrypted upgrade installation package to the test terminal through the encrypted channel to upgrade the test terminal to the target version; The upgrade module 205 is used to collect statistics on the upgrade results of the test terminals and upgrade the remaining domestically developed terminals based on the upgrade results.
[0047] Specific limitations regarding the remote upgrade system for trusted computing components can be found in the limitations of the remote upgrade method for trusted computing components described above, and will not be repeated here. Each module in the aforementioned remote upgrade system for trusted computing components can be implemented entirely or partially through software, hardware, or a combination thereof. These modules can be embedded in or independent of the processor in the electronic device in hardware format, or stored in the memory of the electronic device in software format, so that the processor can call the corresponding operations of each module.
[0048] It should be noted that, in order to highlight the innovative aspects of this invention, this embodiment does not include modules that are not closely related to solving the technical problems proposed by this invention, but this does not mean that there are no other modules in this embodiment.
[0049] like Figure 3 As shown, the electronic device 1 provided by the present invention may include a memory 11, a processor 12 and a bus, and may also include a computer program stored in the memory 11 and executable on the processor 12, such as a remote upgrade program for a trusted computing component.
[0050] The memory 11 includes at least one type of readable storage medium, including flash memory, portable hard drive, multimedia card, card-type memory (e.g., SD or DX memory), magnetic memory, magnetic disk, optical disk, etc. In some embodiments, the memory 11 can be an internal storage unit of the electronic device 1, such as a portable hard drive. In other embodiments, the memory 11 can be an external storage device of the electronic device 1, such as a plug-in portable hard drive, smart media card (SMC), secure digital (SD) card, flash card, etc., equipped on the electronic device 1. Furthermore, the memory 11 can include both internal and external storage units of the electronic device 1. The memory 11 can be used not only to store application software and various types of data installed on the electronic device 1, such as code for remote upgrades of trusted computing components, but also to temporarily store data that has been output or will be output.
[0051] In some embodiments, the processor 12 may be composed of integrated circuits, such as a single packaged integrated circuit or multiple integrated circuits packaged with the same or different functions, including combinations of one or more central processing units (CPUs), microprocessors, digital processing chips, graphics processors, and various control chips. The processor 12 is the control unit of the electronic device 1, connecting various components of the electronic device 1 via various interfaces and lines. It executes programs or modules stored in the memory 11 (e.g., remote upgrade programs for trusted computing components) and calls data stored in the memory 11 to perform various functions and process data in the electronic device 1.
[0052] Processor 12 executes the operating system of electronic device 1 and various installed applications. Processor 12 executes applications to implement the steps in the above-described method for remotely upgrading trusted computing components.
[0053] For example, a computer program can be divided into one or more modules, one or more of which are stored in memory 11 and executed by processor 12 to complete this application. The one or more modules can be a series of computer program instruction segments capable of performing specific functions, which describe the execution process of the computer program in electronic device 1. For example, the computer program can be divided into an acquisition module 201, a generation module 202, a selection module 203, a sending module 204, and an upgrade module 205.
[0054] The integrated unit implemented as a software functional module described above can be stored in a computer-readable storage medium, which can be non-volatile or volatile. The software functional module stored in the storage medium includes several instructions to cause a computer device (which may be a personal computer, computer equipment, or network device, etc.) or processor to execute some functions of the remote upgrade method for trusted computing components according to the various embodiments of this application.
[0055] In summary, the remote upgrade method, system, device, and medium for trusted computing components disclosed in this invention employ a phased, incremental upgrade strategy. First, differentiated upgrade packages are generated based on terminal version distribution characteristics. Representative test terminals are selected for initial upgrades. Full rollout is only initiated after the upgrade success rate reaches a safe threshold, thus constructing an effective risk control mechanism. This design, by exposing and isolating potential compatibility issues in advance during small-scale testing, limits possible upgrade risks to a limited scope, significantly reducing the probability of large-scale system downtime due to upgrade failures. This fundamentally improves the reliability of the system upgrade process and the ability to ensure business continuity.
[0056] The above embodiments are merely illustrative of the principles and effects of the present invention and are not intended to limit the invention. Any person skilled in the art can modify or alter the above embodiments without departing from the spirit and scope of the present invention. Therefore, all equivalent modifications or alterations made by those skilled in the art without departing from the spirit and technical concept disclosed in the present invention should still be covered by the claims of the present invention.
Claims
1. A method for remotely upgrading trusted computing components, characterized in that, include: Obtain the current version of the trusted computing component for all domestically developed terminals; Based on all current version types, generate multiple upgrade packages for the trusted computing component; Select multiple test terminals based on the type of the current version; Establish an encrypted channel with the test terminal, and send an encrypted upgrade installation package to the test terminal through the encrypted channel to upgrade the test terminal to the target version; The upgrade results of the test terminals are statistically analyzed, and the remaining domestically developed terminals are upgraded based on these results.
2. The remote upgrade method for a trusted computing component according to claim 1, characterized in that, Based on all current version types, the steps to generate multiple upgrade packages for the Trusted Computing Component include: For each current version, a differentiated upgrade installation package is generated from the current version of that type to the target version using a binary difference analysis algorithm or a file incremental algorithm.
3. The remote upgrade method for a trusted computing component according to claim 1, characterized in that, The steps for selecting multiple test terminals based on the current version type include: For the current version of each category: All domestically developed terminals corresponding to the current version are identified as terminals to be screened. Based on multiple predefined selection rules, calculate the confidence value for each terminal to be screened; Based on the confidence level, test terminals are determined from the terminals to be screened according to a preset selection ratio.
4. The remote upgrade method for a trusted computing component according to claim 3, characterized in that, The selection rules include: Representativeness of terminal hardware configuration, and / or stability of network connection, and / or historical upgrade success rate, and / or uniformity of geographical distribution.
5. A remote upgrade method for a trusted computing component according to claim 3, characterized in that, The steps for calculating the confidence value of each terminal to be screened, based on multiple predefined selection rules, include: For each terminal to be filtered: Based on each selection rule, calculate the sub-item confidence value of the terminal to be screened corresponding to that selection rule; The confidence values of all sub-items are weighted and summed to obtain the confidence value of the terminal to be screened.
6. The remote upgrade method for a trusted computing component according to claim 1, characterized in that, The steps of sending the encrypted upgrade installation package to the test terminal via an encrypted channel include: Based on the current version of the test terminal, determine the target installation package from all upgrade installation packages; The target installation package is signed using a preset signing key to obtain a signed installation package; The signed installation package is encrypted using a preset encryption key and encryption algorithm to obtain an encrypted installation package; Generate an integrity verification code for the encrypted installation package; The encrypted installation package and the integrity verification code are assembled into an installation package to be sent. The installation package to be sent is sent to the test terminal through an encrypted channel.
7. A remote upgrade method for a trusted computing component according to any one of claims 1-6, characterized in that, Based on the upgrade results, the steps for upgrading the remaining domestically developed terminals include: For the current version of each category: Calculate the upgrade success rate based on the upgrade results of all corresponding test terminals; Determine whether the upgrade success rate exceeds the threshold: If the number exceeds the limit, then upgrade the remaining domestically developed terminals of that type using the current version. Otherwise, an upgrade failure warning will be generated.
8. A remote upgrade system for trusted computing components, characterized in that, include: The acquisition module is used to obtain the current version of the trusted computing components of all domestically developed terminals. The generation module is used to generate multiple upgrade packages for the trusted computing component based on all current version types; The selection module is used to select multiple test terminals based on the type of the current version. The sending module is used to establish an encrypted channel with the test terminal and send an encrypted upgrade installation package to the test terminal through the encrypted channel to upgrade the test terminal to the target version; The upgrade module is used to collect statistics on the upgrade results of the test terminals and upgrade the remaining domestically developed terminals based on the upgrade results.
9. An electronic device comprising a memory, a processor, and a computer program stored in the memory and executable on the processor, characterized in that, When the processor executes the computer program, it implements the steps of the remote upgrade method for a trusted computing component as described in any one of claims 1 to 7.
10. A storage medium storing a computer program, characterized in that, When the computer program is executed by a processor, it implements the steps of the remote upgrade method for a trusted computing component as described in any one of claims 1 to 7.