Battery management device and its safe starting method

By using a MAC algorithm and authentication key to authenticate the firmware in the battery management device, the problems of long secure boot time and weak security in the prior art are solved, and a fast and secure boot process is achieved.

CN122249808APending Publication Date: 2026-06-19LG ENERGY SOLUTION LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
LG ENERGY SOLUTION LTD
Filing Date
2025-01-08
Publication Date
2026-06-19

Smart Images

  • Figure CN122249808A_ABST
    Figure CN122249808A_ABST
Patent Text Reader

Abstract

According to embodiments of this disclosure, a secure boot method performed by a battery management device may include the following steps: in response to a power-off event, authenticating firmware stored in the memory of the battery management device based on a specified algorithm; storing the authentication result of the firmware in the memory; and in response to a boot event, determining whether to perform a boot sequence based on the authentication result stored in the memory.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application claims the benefit of priority based on Korean Patent Application No. 2024-0076231, filed on June 12, 2024, the disclosure of which is incorporated herein by reference in its entirety.

[0002] The exemplary embodiments disclosed in this application relate to battery management devices and their safe booting methods. Background Technology

[0003] Recently, research and development of rechargeable batteries have been actively pursued. Here, a rechargeable battery is a battery that can be charged and discharged, encompassing all existing Ni / Cd batteries, Ni / MH batteries, and more recently, lithium-ion batteries. Among rechargeable batteries, lithium-ion batteries offer significantly higher energy density compared to existing Ni / Cd and Ni / MH batteries. Furthermore, lithium-ion batteries can be manufactured in small sizes and lightweight designs for use as power sources in mobile devices, and their applications have recently expanded to electric vehicles, thus attracting considerable attention as a next-generation energy storage medium.

[0004] The state and operation of the battery can be managed and controlled by a battery management system (BMS). The BMS can be included in a single device along with the battery.

[0005] The BMS can boot when the device, including the device, is powered on, and can shut down when the device is powered off. Furthermore, a secure boot can be performed during startup to authenticate the integrity and reliability of the firmware stored in the BMS. In cases where the firmware is not genuine, the BMS processor can typically stop the boot of erroneous software and initiate an emergency recovery mode.

[0006] Existing secure boot methods require a considerable amount of time for authentication, leading to delays in the boot process. However, since the time available for booting a system is limited, it is often difficult to perform authentication on every boot, potentially resulting in relatively weak security. Summary of the Invention

[0007] Technical issues

[0008] According to an exemplary embodiment of this disclosure, a battery management device and a secure boot method thereof are provided, which can perform firmware authentication during system shutdown, thereby reducing the time required for secure boot.

[0009] According to an exemplary embodiment of this disclosure, a battery management device and a secure boot method thereof are provided, which can improve system security by performing firmware authentication using an authentication key during each system shutdown.

[0010] The technical objectives targeted by the exemplary embodiments of this disclosure are not limited to those described above, and other technical objectives can be derived from the exemplary embodiments below.

[0011] Technical solution

[0012] According to an exemplary embodiment of this disclosure, a secure boot method performed by a battery management device includes the following operations: in response to a power-off event, authenticating firmware stored in the memory of the battery management device based on a predetermined algorithm; storing the authentication result of the firmware in the memory; and in response to a boot event, determining whether to perform a boot sequence based on the authentication result stored in the memory.

[0013] According to an example embodiment of this disclosure, in a secure boot method executed by a battery management device, a predetermined algorithm may include a password-based Message Authentication Code (MAC) algorithm, which uses an authentication key to authenticate a first MAC corresponding to the firmware.

[0014] According to an example embodiment of this disclosure, in a secure boot method performed by a battery management device, the operation of authenticating the firmware may include the following operations: generating a second MAC using the firmware and an authentication key; and comparing the first MAC and the second MAC.

[0015] According to an example embodiment of this disclosure, in a secure boot method performed by a battery management device, the operation of authenticating firmware may include the following operations: when a first MAC and a second MAC match, the firmware is identified as valid; and when the first MAC and the second MAC do not match, the firmware is identified as invalid.

[0016] According to an example embodiment of this disclosure, in a secure boot method performed by a battery management device, the operation of determining whether to perform a boot sequence may include the following operation: when the firmware is identified as valid based on the authentication result, it is determined to perform a boot sequence.

[0017] According to an example embodiment of this disclosure, in a secure boot method performed by a battery management device, the operation of determining whether to perform a boot sequence may include the following operation: when the firmware is identified as invalid based on the authentication result, re-authenticating the firmware based on a predetermined algorithm.

[0018] According to an example embodiment of this disclosure, in a secure boot method performed by a battery management device, the operation of determining whether to perform a boot sequence may include the following operations: determining to perform a boot sequence when the firmware is identified as valid based on re-authentication; and determining not to perform a boot sequence when the firmware is identified as invalid based on re-authentication.

[0019] According to an exemplary embodiment of this disclosure, the safe startup method performed by the battery management device may further include the following operations: when it is determined that a startup sequence should not be performed, restricting the execution of the startup sequence and outputting a warning notification.

[0020] According to an exemplary embodiment of this disclosure, a battery management device includes: a memory configured to store firmware; and a processor operatively connected to the memory, the processor being configured to: authenticate the firmware based on a predetermined algorithm in response to a power-off event; store the authentication result of the firmware in the memory; and determine whether to perform a startup sequence based on the authentication result stored in the memory in response to a startup event.

[0021] According to an example embodiment of this disclosure, in a battery management device, a memory may be configured to store an authentication key, and a predetermined algorithm may include a cryptographic message authentication code (MAC) algorithm, which uses the authentication key to authenticate a first MAC corresponding to the firmware using the cryptographic MAC algorithm.

[0022] According to an example embodiment of this disclosure, in a battery management device, a processor can be configured to: generate a second MAC using firmware and an authentication key; and authenticate the firmware by comparing a first MAC and a second MAC.

[0023] According to an example embodiment of this disclosure, in a battery management device, a processor can be configured to: recognize firmware as valid when a first MAC and a second MAC match; and recognize firmware as invalid when the first MAC and the second MAC do not match.

[0024] According to an example embodiment of this disclosure, in a battery management device, a processor can be configured to determine a boot sequence when the firmware is identified as valid based on an authentication result.

[0025] According to an example embodiment of this disclosure, in a battery management device, a processor can be configured to re-authenticate the firmware based on a predetermined algorithm when the firmware is identified as invalid based on the authentication result.

[0026] According to an exemplary embodiment of the present invention, in a battery management device, a boot sequence is determined to be performed when the firmware can be identified as valid based on re-authentication; and a boot sequence is determined not to be performed when the firmware can be identified as invalid based on re-authentication.

[0027] Beneficial effects

[0028] According to the example implementations disclosed in this disclosure, the time required for the safe startup of a battery management device can be reduced.

[0029] According to the example implementations disclosed in this disclosure, an authentication key can be used to perform firmware authentication, thereby improving system security.

[0030] The effects obtained in this disclosure are not limited to those described above, and other effects not mentioned herein will be clearly understood by those skilled in the art through the following description. Attached Figure Description

[0031] Figure 1 This is a block diagram of a battery management device according to an exemplary embodiment of the present disclosure.

[0032] Figure 2 This is a diagram illustrating an example of using an authentication key to authenticate a battery management device for firmware according to an exemplary embodiment of this disclosure.

[0033] Figure 3 This is an operation flowchart of a battery management device according to an exemplary embodiment of the present disclosure.

[0034] Figure 4 This is an operation flowchart of a battery management device according to an exemplary embodiment of the present disclosure.

[0035] Figure 5 This is an operation flowchart of a battery management device according to an exemplary embodiment of the present disclosure. Detailed Implementation

[0036] In describing exemplary embodiments, descriptions of technical content known in the art to which this disclosure pertains and not directly related to this disclosure will be omitted. This is to more clearly convey the gist of this disclosure without obscuring it by omitting unnecessary descriptions.

[0037] For the same reason, some elements are exaggerated, omitted, or illustrated schematically in the accompanying drawings. Furthermore, the dimensions of each element do not perfectly reflect their actual dimensions. In each drawing, the same or corresponding elements are given the same reference numerals.

[0038] The advantages and features of this disclosure, as well as methods for achieving these advantages and features, will become apparent from the following detailed description of exemplary embodiments, together with the accompanying drawings. However, this disclosure is not limited to the exemplary embodiments disclosed below and can be implemented in various different forms. The exemplary embodiments are provided only to complete this disclosure and to fully inform those skilled in the art of the scope of this disclosure. This disclosure is defined only by the scope of the claims. Throughout the text, the same reference numerals denote the same elements.

[0039] In this context, it should be understood that each block of the flowchart, and combinations thereof, can be executed by computer program instructions. These computer program instructions can be loaded into the processor of a general-purpose computer or a special-purpose computer, or into the processor of other programmable data processing devices. Therefore, instructions executed via the processor of a computer or other programmable data processing device can create portions for performing the functions described in the flowchart blocks. To implement the functions in a particular manner, the computer program instructions can also be stored in computer-usable or computer-readable memory that can instruct the computer or other programmable data processing device. Therefore, the instructions stored in computer-usable or computer-readable memory can be manufactured as a product of manufacture containing instruction portions for performing the functions described in the flowchart blocks. The computer program instructions can be loaded into a computer or other programmable data processing device. Therefore, a series of operations can be performed in the computer or other programmable data processing device to create a computer-executed process, and the computer or other programmable data processing device can provide steps for performing the functions described in the flowchart blocks.

[0040] Additionally, each box may represent a module, segment, or portion of code comprising one or more executable instructions for performing a specified logical function. It should also be noted that in some alternative implementations, the functions listed in these boxes may occur out of order. For example, two boxes shown one after the other may execute substantially simultaneously, or these boxes may sometimes execute in reverse order according to their corresponding functions.

[0041] In this context, the term "~part" as used in the example implementation refers to a software or hardware element such as a Field Programmable Gate Array (FPGA) or Application-Specific Integrated Circuit (ASIC) that performs a predetermined function. However, the term "~part" is not intended to be limited to software or hardware. A "~part" can be configured to be stored in an addressable memory medium or reproduced as one or more processors. Thus, by way of example, "~part" includes elements such as software elements, object-oriented software elements, class elements, and task elements, as well as procedures, functions, attributes, processes, subroutines, program code segments, drivers, firmware, microcode, circuits, data, databases, data structures, tables, arrays, and variables. The functionality provided in elements and "~parts" can be combined into a smaller number of elements and "~parts," or can be further divided into additional elements and "~parts." Additionally, elements and "~parts" can be implemented as one or more central processing units (CPUs) in a playback device or a secure multimedia card.

[0042] The expression “at least one of a, b and c” described throughout the specification may include “a alone”, “b alone”, “c alone”, “a and b”, “a and c”, “b and c” or “all of a, b and c”.

[0043] In this disclosure, a "terminal" can be implemented as, for example, a computer or portable terminal capable of accessing a server or another terminal via a network. Here, a computer can include, for example, a laptop computer, desktop computer, and / or laptop computer equipped with a web browser. A portable terminal can be a wireless communication device that ensures portability and mobility, and includes (but is not limited to) any type of handheld wireless communication device, such as a tablet PC, a smartphone, or a terminal based on communication standards such as International Mobile Telecommunications (IMT), Code Division Multiple Access (CDMA), W-CDMA, Long Term Evolution (LTE), etc.

[0044] In the following, exemplary embodiments of the present disclosure will be described in detail with reference to the accompanying drawings, enabling those skilled in the art to readily implement them. However, the present disclosure can be implemented in many different forms and is not limited to the exemplary embodiments described herein.

[0045] In the following, exemplary embodiments of the present disclosure will be described in detail with reference to the accompanying drawings.

[0046] Figure 1 This is a block diagram of a battery management device according to an exemplary embodiment of the present disclosure.

[0047] Reference Figure 1 The battery management device 100 may include a communication circuit 110, a memory 120, and a processor 130. According to an example embodiment, Figure 1 The battery management device 100 shown may also include, in addition to Figure 1 At least one element other than the element shown (e.g., a display, input device, or output device).

[0048] According to the example implementation, the communication circuit 110 can establish a wired communication channel and / or a wireless communication channel between the battery management device 100 and an external electronic device, and send data to and receive data from the external electronic device through the established communication channel.

[0049] Here, communication (in other words, the sending and receiving of data) can be performed in a wired or wireless manner. For this purpose, the communication circuit 110 may include: a wired communication module that accesses the Internet via a local area network (LAN); a mobile communication module that sends and receives data by accessing a mobile communication network via a mobile communication base station; a near-field communication module that uses a communication method based on a wireless local area network (WLAN) such as Wi-Fi, or a communication method based on a wireless personal area network (WPAN) such as Bluetooth and Zigbee; a satellite communication module that uses a global navigation satellite system (GNSS) such as the Global Positioning System (GPS); or a combination thereof.

[0050] According to an example implementation, memory 120 may include volatile memory and / or non-volatile memory.

[0051] According to an example implementation, memory 120 may store data used by at least one element of battery management device 100 (e.g., processor 130). For example, the data may include software (or instructions associated therewith), input data, or output data. In an example implementation of this disclosure, instructions may, when executed by processor 130, cause battery management device 100 to perform an operation defined by those instructions.

[0052] According to an example implementation, processor 130 can be implemented as a computer or similar device, depending on hardware, software, or a combination thereof. In terms of hardware, processor 130 can be implemented as an electronic circuit that performs control functions by processing electrical signals, and in terms of software, processor 130 can be implemented as a program that operates on processor 130 in the hardware. According to an example implementation, processor 130 may include a central processing unit, an application processor, a graphics processing unit, a neural processing unit (NPU), an image signal processor, a sensor hub processor, or a communication processor.

[0053] Furthermore, unless otherwise specified in the description below, the operation of the battery management device 100 can be interpreted as being performed under the control of the processor 130.

[0054] In the following text, refer to Figure 2 This describes a method for performing a safe startup for a battery management device 100.

[0055] Figure 2 This is a diagram illustrating an example of how a battery management device 100, according to an exemplary embodiment of the present disclosure, uses an authentication key to authenticate firmware.

[0056] Reference Figure 2The memory 120 included in the battery management device 100 may store firmware 210. According to an example embodiment, firmware 210 may be software responsible for the operation and control of the hardware included in the battery management device 100.

[0057] According to an example implementation, the battery management device 100 can authenticate the firmware 210 based on a predetermined algorithm in response to a power-off event. Here, the power-off event can occur based on an operation to turn off the power to the battery management device 100. For example, in response to an input indicating that a device including the battery management device 100 (e.g., a vehicle) is shutting off, an operation to turn off the power to the battery management device 100 can be performed. Here, the power-off event can occur simultaneously with the start of the operation to turn off the power to the battery management device 100.

[0058] According to the example implementation, the predetermined algorithm may include a MAC algorithm. Here, the MAC algorithm may be a Universal Hash-based Message Authentication Code (UMAC) algorithm, a Hash-based Message Authentication Code (HMAC) algorithm, a Cryptographic Message Authentication Code (CMAC) algorithm, a Virtual Block Cipher Message Authentication Code (VMAC) algorithm using Universal Hash, or an algorithm similar to these algorithms.

[0059] The following describes the operation of the battery management device 100 authenticating the firmware 210 based on a password-based MAC algorithm. However, it is not limited to this; the battery management device 100 may authenticate the firmware 210 based on the various MAC algorithms described above.

[0060] According to an example implementation, memory 120 may store a first MAC 220 and an authentication key 230. The first MAC 220 may be generated based on firmware 210 and the authentication key 230, or a key derived from the authentication key 230 using a key derivation function. For example, the first MAC 220 may be generated using a cryptographic MAC algorithm that receives the authentication key 230 or a key derived from the authentication key 230 as a secret key input and receives firmware 210 as a message input. The generated first MAC 220 may be stored in memory 120 relative to firmware 210. In other words, the first MAC 220 may be a MAC corresponding to firmware 210.

[0061] According to the example implementation, the battery management device 100 can use the authentication key 230 to authenticate the first MAC 220 corresponding to the firmware 210. In other words, the battery management device 100 can authenticate the integrity and reliability of the firmware 210 by authenticating the first MAC 220.

[0062] According to an example implementation, the battery management device 100 can use firmware 210 and authentication key 230 to generate a second MAC 240. For example, the battery management device 100 can generate the second MAC 240 by performing a cryptographic MAC algorithm on the firmware 210 and authentication key 230 or by using a key derivation function derived from authentication key 230.

[0063] According to an example implementation, the battery management device 100 can compare the first MAC 220 and the second MAC 240. The battery management device 100 can authenticate the integrity and reliability of the firmware 210 based on the comparison result. For example, the battery management device 100 can identify the firmware 210 as valid or invalid based on the comparison result. Here, when the firmware 210 is identified as valid, the integrity and reliability of the firmware 210 can be authenticated.

[0064] According to the example implementation, when the first MAC 220 and the second MAC 240 match, the battery management device 100 can identify the firmware 210 as valid. When the first MAC 220 and the second MAC 240 do not match, the battery management device 100 can identify the firmware 210 as invalid.

[0065] According to the example implementation, the battery management device 100 can store the authentication result of firmware 210 in memory 120. For example, the battery management device 100 can store information related to the validity of firmware 210 in memory 120. Then, the battery management device 100 can be powered off by performing a power-off operation.

[0066] According to an example implementation, the battery management device 100 can determine whether to perform a startup sequence based on an authentication result stored in the memory 120 in response to a startup event. Here, the startup event can occur based on an operation to power on the battery management device 100. For example, in response to an input to power on a device including the battery management device 100, an operation to power on the battery management device 100 can be performed. Here, the startup event can occur simultaneously with the start of the operation to power on the battery management device 100. Furthermore, the startup sequence can include various operations for starting the battery management device 100.

[0067] According to the example implementation, when the firmware 210 is identified as valid based on the authentication result stored in the memory 120, the battery management device 100 can determine to proceed with the boot sequence. Afterwards, the battery management device 100 can proceed with the boot sequence.

[0068] According to the example implementation, when firmware 210 is identified as invalid based on the authentication result stored in memory 120, battery management device 100 can re-authenticate firmware 210 based on a predetermined algorithm. Here, the predetermined algorithm can be the same as the algorithm used by battery management device 100 to authenticate firmware 210 in response to a power-off event (e.g., a password-based MAC algorithm).

[0069] According to the example implementation, the battery management device 100 can determine whether to perform a boot sequence based on the re-authentication result. For example, when firmware 210 is identified as valid based on re-authentication, the battery management device 100 can determine to perform a boot sequence. Then, the battery management device 100 can perform the boot sequence. As another example, when firmware 210 is identified as invalid based on re-authentication, the battery management device 100 can determine not to perform a boot sequence. In this case, the battery management device 100 can restrict the performance of the boot sequence and output a warning notification.

[0070] Figure 3 This is an operation flowchart of a battery management device according to an exemplary embodiment of the present disclosure. Figure 3 The operation method can be provided by Figure 1 The battery management device 100 in the middle performs the operation, and therefore the repeated description of the above content can be omitted, and it can be used Figure 1 and Figure 2 The configuration is used to describe this.

[0071] Figure 3 The example embodiments shown are merely illustrative embodiments, and the order of operation according to the various example embodiments of this disclosure may vary. Figure 3 The order of operations shown in the figures is different, and Figure 3 Some of the operations shown can be omitted, the order of operations can be changed, or operations can be combined.

[0072] Reference Figure 3 In operation 310, the battery management device 100 may, in response to a power-off event, authenticate the firmware 210 stored in the memory 120 based on a predetermined algorithm. According to an example embodiment, the predetermined algorithm may include a MAC algorithm. The operation of the battery management device 100 authenticating the firmware 210 may be performed using methods described below. Figure 4 Let me describe it in detail.

[0073] In operation 320, the battery management device 100 may store the authentication result of the firmware 210 executed in operation 310 in the memory 120.

[0074] In operation 330, the battery management device 100 may, in response to a startup event, determine whether to proceed with a startup sequence based on the authentication result stored in memory 120 in operation 320. The operation by which the battery management device 100 determines whether to proceed with a startup sequence can be performed using methods described below. Figure 5 Let me describe it in detail.

[0075] Figure 4 This is an operation flowchart of a battery management device according to an exemplary embodiment of the present disclosure. Figure 4 The operation method can be provided by Figure 1 The battery management device 100 in the middle performs this function, and therefore the repeated description of the above can be omitted, and it can be used Figure 1 and Figure 2 The configuration is used to describe this.

[0076] Figure 4 The example embodiments shown are merely illustrative embodiments, and the order of operation according to the various example embodiments of this disclosure may vary. Figure 4 The order of operations shown in the figures is different, and Figure 4 Some of the operations shown can be omitted, the order of operations can be changed, or operations can be combined.

[0077] Reference Figure 4 In operation 410, the battery management device 100 can use firmware 210 and authentication key 230 to generate a second MAC 240. For example, the battery management device 100 can generate the second MAC 240 by performing a cryptographic MAC algorithm relative to firmware 210, authentication key 230, or a key derived from authentication key 230 using a key derivation function.

[0078] In operation 420, the battery management device 100 can compare the first MAC 220 stored in the memory 120 with the second MAC 240 generated in operation 410.

[0079] When the first MAC 220 and the second MAC 240 match in operation 420, the battery management device 100 can recognize the firmware 210 as valid in operation 430.

[0080] When the first MAC 220 and the second MAC 240 do not match in operation 420, the battery management device 100 can identify the firmware 210 as invalid in operation 430.

[0081] Figure 5 This is an operation flowchart of a battery management device according to an exemplary embodiment of the present disclosure. Figure 5 The operation method can be provided by Figure 1The battery management device 100 in the middle performs this function, and therefore the repeated description of the above can be omitted, and it can be used Figure 1 and Figure 2 The configuration is used to describe this.

[0082] Figure 5 The example embodiments shown are merely example embodiments, and the order of operation according to the various example embodiments of this disclosure may vary. Figure 5 The order of the operations shown is different, and they can be omitted. Figure 5 Some of the operations shown can either change the order of operations or merge operations.

[0083] Reference Figure 5 In operation 510, the battery management device 100 can identify whether the firmware 210 is valid. According to an example implementation, the battery management device 100 can be based on... Figure 3 The authentication result of firmware 210 stored in memory 120 in operation 320 is used to identify whether firmware 210 is valid.

[0084] When the authentication result stored in memory 120 is recognized as valid (“Yes”) in operation 510, the battery management device 100 can determine to proceed with the boot sequence in operation 520.

[0085] In operation 530, the battery management device 100 can perform a startup sequence. The startup sequence may include various operations to start the battery management device 100.

[0086] When the firmware is identified as invalid ("No") based on the authentication result stored in memory 120 in operation 510, in operation 540, the battery management device 100 can re-authenticate the firmware 210 based on a predetermined algorithm. Here, the predetermined algorithm can be used by the battery management device 100 in... Figure 3 The same algorithm is used in operation 310 to authenticate firmware 210.

[0087] In operation 550, the battery management device 100 can identify whether firmware 210 is valid based on the re-authentication result of operation 540.

[0088] When firmware 210 is recognized as valid (“Yes”) in operation 550 based on the re-authentication result of operation 540, battery management device 100 can determine to proceed with the boot sequence in operation 520.

[0089] When firmware 210 is identified as invalid ("No") based on the re-authentication result of operation 540 in operation 550, battery management device 100 can determine in operation 560 not to perform the boot sequence.

[0090] In operation 560, the battery management device 100 may restrict the execution of the startup sequence. According to an example implementation, the battery management device 100 may output a warning notification.

[0091] The battery management device according to the above-described exemplary embodiments may include a processor, a memory configured to store and execute program data, permanent memory such as a disk drive, a communication port for communicating with external devices, a touch panel, keys, a user interface device such as icons, etc. Methods implemented by software modules or algorithms can be stored as computer-readable code or program instructions executable on a computer-readable recording medium. Here, computer-readable recording media include magnetic storage media (e.g., read-only memory (ROM), random access memory (RAM), floppy disk, hard disk, etc.), optical reading media (e.g., CD-ROM and digital multifunction disc (DVD)), etc. The computer-readable recording medium can be distributed to computer systems connected via a network to store and execute computer-readable code in a distribution manner. This medium can be computer-readable, stored in memory, and executed at a processor.

[0092] Various exemplary embodiments of this disclosure can be exemplified as functional block configurations and various processing steps. These functional blocks can be implemented as various numbers of hardware and / or software configurations performing specific functions. For example, exemplary embodiments of this disclosure can employ direct circuit configurations such as memory, processing, logic, lookup tables, etc., which can perform various functions by controlling at least one microprocessor or other control device. Similar to elements that can be executed as software programming or software elements, exemplary embodiments of this disclosure can include various algorithms implemented by combinations of data structures, procedures, routines, or other programming configurations, to be implemented as programming or scripting languages ​​such as C, C++, Java, assembly language, etc. Functional aspects can be implemented by algorithms executed by at least one processor. Furthermore, exemplary embodiments of this disclosure can employ existing technologies for electronic environment setup, signal processing, and / or data processing. Terms such as “mechanism,” “element,” “device,” and “configuration” can be used broadly and are not limited to mechanical and physical configurations. These terms can include the meaning of a series of software routines linked to a processor, etc.

[0093] The above-described exemplary embodiments are merely examples, and other exemplary embodiments may be implemented within the scope of the described claims.

Claims

1. A safe startup method performed by a battery management device, the safe startup method comprising the following operations: In response to a power-off event, the firmware stored in the memory of the battery management device is authenticated based on a predetermined algorithm; The authentication result of the firmware is stored in the memory; as well as In response to a startup event, a startup sequence is determined based on the authentication result stored in the memory.

2. The secure boot method according to claim 1, wherein, The predetermined algorithm includes a password-based message authentication code (MAC) algorithm, which uses an authentication key to authenticate the first MAC corresponding to the firmware.

3. The secure boot method according to claim 2, wherein The authentication process for the firmware includes the following steps: Use the firmware and the authentication key to generate a second MAC; as well as Compare the first MAC and the second MAC.

4. The secure boot method according to claim 3, wherein The authentication process for the firmware includes the following steps: When the first MAC and the second MAC match, the firmware is identified as valid; as well as When the first MAC and the second MAC do not match, the firmware is identified as invalid.

5. The secure boot method according to claim 1, wherein Determining whether to perform the boot sequence includes the following operations: when the firmware is identified as valid based on the authentication result, it is determined to perform the boot sequence.

6. The secure boot method according to claim 1, wherein Determining whether to perform the startup sequence operation includes the following operations: when the firmware is identified as invalid based on the authentication result, re-authenticating the firmware based on the predetermined algorithm.

7. The secure boot method according to claim 6, wherein, Determining whether to perform the startup sequence operation includes the following operations: When the firmware is identified as valid based on the re-authentication, the boot sequence is determined to proceed. as well as If the firmware is identified as invalid based on the re-authentication, it is determined that the boot sequence will not be performed.

8. The secure boot method according to claim 7, The secure boot method further includes the following operation: when it is determined that the boot sequence should not be performed, restricting the execution of the boot sequence and outputting a warning notification.

9. A battery management device, the battery management device comprising: A memory configured to store firmware; as well as A processor, operatively connected to the memory, The processor is configured as follows: In response to a power-off event, the firmware is authenticated based on a predetermined algorithm; The authentication result of the firmware is stored in the memory; and In response to a startup event, a startup sequence is determined based on the authentication result stored in the memory.

10. The battery management device according to claim 9, in, The memory is configured to store the authentication key, and The predetermined algorithm includes a password-based message authentication code (MAC) algorithm, which uses the authentication key to authenticate the first MAC corresponding to the firmware.

11. The battery management device according to claim 10, in, The processor is configured to: A second MAC is generated using the firmware and the authentication key; as well as The firmware is authenticated by comparing the first MAC and the second MAC.

12. The battery management device according to claim 11, in, The processor is configured to: When the first MAC address and the second MAC address match, the firmware is identified as valid; and When the first MAC and the second MAC do not match, the firmware is identified as invalid.

13. The battery management device according to claim 9, in, The processor is configured to: When the firmware is identified as valid based on the authentication result, the boot sequence is determined to proceed.

14. The battery management device according to claim 9, in, The processor is configured to: When the firmware is identified as invalid based on the authentication result, the firmware is re-authenticated based on the predetermined algorithm.

15. The battery management device according to claim 14, When the firmware is identified as valid based on the re-authentication, the boot sequence is determined to proceed; and If the firmware is identified as invalid based on the re-authentication, it is determined that the boot sequence will not be performed.