The method of multifunction intelligent key equipment and security control thereof
Technical field
The present invention relates to authentication and software protection field, the method for particularly a kind of multifunction intelligent key equipment and security control thereof.
Background technology
In recent years, along with the fast development of Internet technology and ecommerce, increasing commercial activity was transferred on the network and was carried out, the office of for example online government, online digital bank, shopping online etc.More and more data messages that relate to individual privacy and business secret need pass through network delivery, and the fail safe and the confidentiality of data message are subject to people's attention day by day.
Identification authentication mode based on intelligent key apparatus is a kind of convenience that grew up in recent years, the identity identifying technology of safety, and intelligent key apparatus is a USB interface usually, so also claim USB KEY.Store PIN code among the USB KEY, when carrying out authentication, USB KEY is linked to each other with computer, the user imports PIN code on computers, the correctness of automatic this PIN code of verification of USB KEY meeting, have only when the PIN code of preserving among the PIN code of user input and the USB KEY is identical, just allow the user to operate USB KEY, during file on the user thinks further to use a computer, also need be through the algorithm computing among the USB KEY.This software and hardware combines, the double strong factor certification mode of one-time pad, has solved the contradiction between fail safe and the ease for use well.Personal identification equipment can be realized key to generating, and digital certificate is preserved, functions such as user right setting, and guarantee that user's private key leaves the feature of hardware never, fail safe is high.
Protected software product plays an important role in the software copyright protection field as a kind of information safety devices, and it protects software developer's interests, additional income, and the interests of protection validated user can also the Control Software distribution.Be provided with encryption lock in the protected software product; store the verification password of encryption software in the special chip of encryption lock; when the user moves this encryption software; the password that this encryption software can be searched in the encryption lock automatically carries out verification; if correctly the user can open this encryption software and use, otherwise can't move this encryption software.By in the software program implementation to the visit of encryption lock; make software program move the dependence that has encryption lock hardware; utilize the replicability that is difficult for of encryption lock dedicated hardware chip, make software also have the replicability of being difficult for, thereby realize the purpose of software protection.The cipher mode that uses in the software protection at present has two kinds, and promptly shell is encrypted and the source code encryption, and the seed code calculation that shell is used in encrypting generally all is self-defining algorithm, externally is covert.Disclosed algorithm mainly contains MD5, HMAC_MD5, AES, DES, RSA, 3DES, ECC, RC5, SHA-1, SSF33, AES, ECC etc.
When carrying out authentication, in order to prevent that other user from constantly attempting attacking, the number of times of checking PIN code (PIN, i.e. personal identification number or password) is restricted, has so just guaranteed high fail safe.The user can revise PIN code by the software that USB KEY carries.In software protection process; a plurality of softwares (the different software cryptography of corresponding a plurality of passwords lock general also and deposit) may be installed in the same main frame; if we often need move one of them software; every operation is this software once; and the software cryptography of depositing lock will be by password of difference verification; so if the verification password number of times of each software cryptography lock is restricted; will occur causing the out of use situation of corresponding software, so the number of times of verification password is unrestricted in the protected software product because of part encryption lock verification number of times transfinites.No matter be authentication product or protected software product, above-mentioned functions generally all is to finish by the safety control module in the software, storage area management module and algoritic module.
Product function in the market all is single; promptly or can only be used as software protection; perhaps can only be used as identification; when the user wishes to realize simultaneously software protection and two kinds of functions of identification; just must buy two products; a protected software product and an identification product use and carry all inconveniences like this.
Summary of the invention
In order to solve the problem of existing safety information product function singleness; be a kind of product or can only be used for authentication, perhaps can only be used for the problem of software protection, the invention provides a kind of multifunction intelligent key equipment; comprise command analysis module and storage area management module, also comprise:
It is limited or the verification number of times is not limited that cryptographic properties configuration module, the attribute that is used for being stored in one or more passwords of multifunction intelligent key equipment are configured to the verification number of times according to actual needs;
Safety control module, the check command and the reference that are used for sending according to described command analysis module need the attribute of verification password to carry out cryptographic check.
Described cryptographic properties configuration module is a single password attribute configuration module, the attribute configuration that is used for being stored in the unique password of multifunction intelligent key equipment become the verification number of times limited and with this password as authentication, the attribute configuration that maybe will be stored in the unique password in the multifunction intelligent key equipment become the verification number of times not limited and with this password as software protection;
Correspondingly described safety control module is a single password verification module, be used for the check command sent according to described command analysis module when the attribute that needs the verification password be that the verification number of times carries out verification according to the high reps that limits when limited, when the attribute of need verification password is that the verification number of times directly carries out verification when not limited.
Described cryptographic properties configuration module can also be many cryptographic properties configuration module, and the attribute configuration that is used for being stored in a plurality of passwords of multifunction intelligent key equipment becomes at least one verification number of times limited, and a verification number of times is not limited;
Correspondingly described safety control module is many cryptographic checks module, is used for the corresponding password of command selection of the verification designated pin sent according to described command analysis module, and the attribute according to selected password carries out verification again.
The present invention also provides a kind of method of multifunction intelligent key equipment security control, it is limited or the verification number of times is not limited at first the attribute of the one or more passwords in the multifunction intelligent key equipment to be configured to according to actual needs the verification number of times, carries out following steps then:
Steps A: multifunction intelligent key equipment is carried out initialization;
Step B: the order of the verification password that described multifunction intelligent key equipment receiving computer is sent;
Step C: described multifunction intelligent key equipment needs the attribute of verification password to carry out the result of verification and back-checking to described computer according to described order and reference.
When the password of storing in the described multifunction intelligent key equipment had only one, described steps A, step B and step C were specially:
Steps A 1: multifunction intelligent key equipment is carried out initialization;
Step B1: the order of the verification password that described multifunction intelligent key equipment receiving computer is sent;
Step C1: judging needs whether the attribute of verification password is that the verification number of times is limited,
If needing the attribute of verification password is that the verification number of times is limited, then whether the described password of verification is correct, if result correct then that return success gives described computer; If incorrect then judge whether to reach the high reps of qualification,, give described computer if not the result who then returns current verification failure if the result who then returns current verification failure and can not continue verification gives described computer;
If needing the attribute of verification password is that the verification number of times is not limited, then whether the described password of verification is correct, if result correct then that return success gives described computer, otherwise the result who returns failure gives described computer.
When the password of storing in the described multifunction intelligent key equipment has when a plurality of, described steps A, step B and step C are specially:
Steps A 2: multifunction intelligent key equipment is carried out initialization;
Step B2: the order of the verification designated pin that described multifunction intelligent key equipment receiving computer is sent;
Step C2: according to the corresponding password of described command selection, judge then whether the attribute of selected password is that the verification number of times is limited,
If the attribute of selected password is that the verification number of times is limited, then whether the described password of verification is correct, if result correct then that return success gives described computer; If incorrect then judge whether to reach the high reps of qualification,, give described computer if not the result who then returns current verification failure if the result who then returns current verification failure and can not continue verification gives described computer;
If it is not limited that the attribute of selected password is the verification number of times, then whether the described password of verification is correct, if result correct then that return success gives described computer, otherwise the result who returns failure gives described computer.
The invention has the beneficial effects as follows on a kind of product the dual-use function of realizing authentication and software protection, conveniently use and carry.
Description of drawings
Fig. 1 is the structural representation of multifunction intelligent key equipment of the present invention;
Fig. 2 is the flow chart of single password multifunction intelligent key equipment method of controlling security of the present invention;
Fig. 3 is the flow chart of many passwords of the present invention multifunction intelligent key equipment method of controlling security.
Embodiment
The invention will be further described below in conjunction with the drawings and specific embodiments, but not as a limitation of the invention.
Embodiment one
Referring to Fig. 1, the invention provides a kind of multifunction intelligent key equipment 101, it comprises command analysis module 102, storage area management module 103, cryptographic properties configuration module 104 and safety control module 105, and multi-functional key devices 101 carries out communication by USB interface and computer 107.
Command analysis module 102 is used for the order that receiving computer 107 sends and resolves this order, also is used for according to the result who resolves this order being sent to corresponding storage area management module 103, cryptographic properties configuration module 104 or safety control module 105.
Storage area management module 103 is used for the management that the read write command sent according to command analysis module 102 reads and stores the data of multifunction intelligent key equipment 101, and can guarantee not lose after the data power down after the storage.
It is limited or the verification number of times is not limited that cryptographic properties configuration module 104, the attribute that is used for being stored in one or more passwords of multifunction intelligent key equipment are configured to the verification number of times according to actual needs.
Safety control module 105, the check command and the reference that are used for sending according to described command analysis module 102 need the attribute of verification password to carry out cryptographic check.
Described cryptographic properties configuration module 104 is a single password attribute configuration module, the attribute configuration that is used for being stored in the unique password of multifunction intelligent key equipment become the verification number of times limited and with this password as authentication, the attribute configuration that maybe will be stored in the unique password in the multifunction intelligent key equipment become the verification number of times not limited and with this password as software protection;
Correspondingly described safety control module 105 is a single password verification module, be used for the check command sent according to described command analysis module 102 when the attribute that needs the verification password be that the verification number of times carries out verification according to the high reps that limits when limited, when the attribute of need verification password is that the verification number of times directly carries out verification when not limited.
Described cryptographic properties configuration module 104 can also be many cryptographic properties configuration module, and the attribute configuration that is used for being stored in a plurality of passwords of multifunction intelligent key equipment becomes at least one verification number of times limited, and a verification number of times is not limited; Described configuration operation can be carried out by manufacturer, and then the attribute of all passwords just is cured in the described equipment before multifunction intelligent key equipment dispatches from the factory; Carry out when described configuration operation also can be by developer's secondary development, then the attribute of all passwords is not cured in the described equipment before multifunction intelligent key equipment dispatches from the factory, but just it is solidificated in the described equipment before the developer gives the end user with described equipment;
Correspondingly described safety control module 105 is many cryptographic checks module, is used for the corresponding password of command selection of the verification designated pin sent according to described command analysis module 102, and the attribute according to selected password carries out verification again.
Can also comprise computing module 106 in the described multifunction intelligent key equipment 101, the computing that the computing order that is used for sending according to command analysis module 102 uses disclosed algorithm or self-defining algorithm to encrypt or decipher, disclosed algorithm comprises MD5, HMAC_MD5, AES, DES, RSA, 3DES, ECC, RC5, SHA-1, SSF33, AES or ECC etc.
Multifunction intelligent key equipment 101 can also comprise other functional module in actual applications, as formatting module, is used to receive the formatting command that command analysis module 102 sends and carries out formative operation.
Embodiment two
The invention provides a kind of method of multifunction intelligent key equipment security control; the password of storing in the multifunction intelligent key equipment has only one in the present embodiment; before carrying out security control, the use multifunction intelligent key equipment at first needs to do the work of cryptographic properties configuration; the attribute configuration that is about to be stored in the unique password in the multifunction intelligent key equipment become the verification number of times limited and with this password as authentication; the attribute configuration that maybe will be stored in the unique password in the multifunction intelligent key equipment become the verification number of times not limited and with this password as software protection (this configuration effort is generally done when the secondary development by the developer); referring to Fig. 2, carry out following steps then:
Step 201: multifunction intelligent key equipment is carried out initialization;
Step 202: the order of the verification password that the multifunction intelligent key equipment receiving computer is sent;
Step 203: whether the attribute of judging described password is that the verification number of times is limited, if execution in step 204 then, otherwise execution in step 205;
Step 204: whether the described password of verification is correct, if result correct then that return success gives described computer; If incorrect then judge whether to reach the high reps of qualification,, give described computer if not the result who then returns current verification failure if the result who then returns current verification failure and can not continue verification gives described computer;
Step 205: whether the described password of verification is correct, if result correct then that return success gives described computer, otherwise the result who returns failure gives described computer.
Embodiment three
The present invention also provides the method for another multifunction intelligent key equipment security control, the password of storing in the multifunction intelligent key equipment has a plurality of in the present embodiment, before carrying out security control, the use multifunction intelligent key equipment at first needs to do the work of cryptographic properties configuration, the attribute configuration that is about to a password becomes the number of times that the verification number of times is limited and appointment is the highest, the attribute configuration of another password becomes the verification number of times not limited, remaining cryptographic properties be configured to the verification number of times limited or limited (this configuration effort can just not carried out before multifunction intelligent key equipment dispatches from the factory by manufacturer, also can finish when the secondary development) by the developer, referring to Fig. 3, carry out following steps then:
Step 301: multifunction intelligent key equipment is carried out initialization;
Step 302: the sequence number that needs the password of verification has been specified in the order of the password of verification that the multifunction intelligent key equipment receiving computer is sent, the parameter in the order;
Step 303: select corresponding password according to the sequence number of appointment in the described order;
Step 304: whether the attribute of judging this password is that the verification number of times is limited, if execution in step 305 then, otherwise execution in step 306;
Step 305: whether the described password of verification is correct, if result correct then that will return success gives described computer; If incorrect then will judge whether to have reached the high reps of qualification,, give described computer if not the result who then returns current verification failure if the result who then returns current verification failure and can not continue verification gives described computer;
Step 306: whether the described password of verification is correct, if result correct then that return success gives described computer, otherwise the result who returns failure gives described computer.
In embodiment two and embodiment three, can also increase the step of computing:
The computing order that multifunction intelligent key equipment is sent according to the computer that receives is carried out computing and the result of computing is returned to described computer with disclosed algorithm or self-defining algorithm, and wherein disclosed algorithm is MD5, HMAC_MD5, AES, DES, RSA, 3DES, ECC, RC5, SHA-1, SSF33, AES or ECC etc.
Can also increase the step of other processing, as formative step:
Multifunction intelligent key equipment carries out format manipulation according to receiving the formatting command that computer sends.
Above-described embodiment, the present invention embodiment a kind of more preferably just, the common variation that those skilled in the art carries out in the technical solution of the present invention scope and replacing all should be included in protection scope of the present invention.