CN106156548A - Authentication method and device for program encryption - Google Patents
Authentication method and device for program encryption Download PDFInfo
- Publication number
- CN106156548A CN106156548A CN201510169562.3A CN201510169562A CN106156548A CN 106156548 A CN106156548 A CN 106156548A CN 201510169562 A CN201510169562 A CN 201510169562A CN 106156548 A CN106156548 A CN 106156548A
- Authority
- CN
- China
- Prior art keywords
- authentication
- data
- certification
- parameters
- primary processor
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 88
- 230000004044 response Effects 0.000 claims abstract description 260
- 238000012544 monitoring process Methods 0.000 claims abstract description 142
- 238000004891 communication Methods 0.000 claims abstract description 31
- 238000004422 calculation algorithm Methods 0.000 claims description 137
- 241000208340 Araliaceae Species 0.000 claims description 21
- 235000005035 Panax pseudoginseng ssp. pseudoginseng Nutrition 0.000 claims description 21
- 235000003140 Panax quinquefolius Nutrition 0.000 claims description 21
- 235000008434 ginseng Nutrition 0.000 claims description 21
- 230000005540 biological transmission Effects 0.000 claims description 11
- 238000012795 verification Methods 0.000 claims description 11
- 230000008569 process Effects 0.000 claims description 10
- 239000000284 extract Substances 0.000 claims description 9
- 238000004364 calculation method Methods 0.000 claims description 5
- 241001269238 Data Species 0.000 claims description 2
- 235000013399 edible fruits Nutrition 0.000 claims 1
- 230000006870 function Effects 0.000 description 7
- 238000010586 diagram Methods 0.000 description 6
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000009471 action Effects 0.000 description 2
- 230000008878 coupling Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 238000004088 simulation Methods 0.000 description 2
- XUIMIQQOPSSXEZ-UHFFFAOYSA-N Silicon Chemical compound [Si] XUIMIQQOPSSXEZ-UHFFFAOYSA-N 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 230000005611 electricity Effects 0.000 description 1
- 238000005538 encapsulation Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 229910052710 silicon Inorganic materials 0.000 description 1
- 239000010703 silicon Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of authentication method for program encryption and device.Wherein, this authentication method being used for program encryption includes: primary processor sends certification request to monitoring unit, wherein, comprises, in certification request, the parameters for authentication that primary processor generates;Primary processor receives monitoring unit and sends, according to predetermined communication format, the authentication response of coming, and wherein, at least includes the response parameter that monitoring unit generates in authentication response;And primary processor judges whether response parameter and parameters for authentication have default corresponding relation, when response parameter and parameters for authentication have default corresponding relation, certification is passed through, and when response parameter and parameters for authentication do not have default corresponding relation, certification is not passed through.The present invention solves the problem of authentication method poor stability in prior art for program encryption.
Description
Technical field
The present invention relates to system security controls field, in particular to a kind of authentication method for program encryption and
Device.
Background technology
In order to realize the anti-piracy of product, program encryption to be added mechanism in embedded system.In prior art past
Toward using interpolation encryption chip in embedded systems to realize program encryption, but, increase encryption chip and can increase volume
Outer cost, and provide manufacturer owing to encryption chip safety is totally dependent on encryption chip, therefore encrypt core
The user of sheet lacks the control to encryption chip safety.So, for the secret in most embedded system
Function major part is completed by the monitoring unit in embedded system, and Fig. 1 is shown as the hardware of encryption system in prior art even
Connecing block diagram, as it is shown in figure 1, monitoring unit controls the power module powered to primary processor, monitoring unit is to main process
Certification initiated by device, and the information returned according to primary processor judges whether certification is passed through, if certification is passed through, and monitoring unit
The instruction passed through of certification is sent, if certification is not by, the electricity that monitoring unit cut-out is powered to primary processor to primary processor
Source.In prior art, monitoring unit is initiated certification and judges that the concrete grammar whether certification is passed through is, first single by monitoring
Unit produces random number, and the generation certification request after the first AES encryption of this random number is sent to primary processor;
Primary processor receives certification request and according to the decipherment algorithm acquisition random number corresponding with the first AES, and again
Random number deciphering obtained generates authentication response after the second AES encryption and is sent to monitoring unit;Monitoring unit
Receiving authentication response and obtain random number according to the decipherment algorithm corresponding with the second AES, monitoring unit judges to solve
The random number that the random number of close acquisition produces with oneself is the most identical, and then judges whether certification is passed through.
But, in the system shown in Fig. 1, monitoring unit initiates encrypted authentication request, and judges that whether certification is by coming
The running status of decision systems.If bootlegger has intercepted and captured the certification request that monitoring unit is initiated, and oneself to primary processor
Row sends the data stream identical with the data stream intercepted and captured to primary processor, and final simulation monitoring unit is sent out to primary processor
Sending the instruction that certification is passed through, primary processor just will be considered that normal execution, recognizing of such monitoring unit are passed through and continue in certification
Card authority performs practically no function.
For the problem of the authentication method poor stability being used for program encryption in prior art, the most not yet propose effective
Solution.
Summary of the invention
Present invention is primarily targeted at a kind of authentication method for program encryption of offer and device, to solve existing skill
The problem being used for the authentication method poor stability of program encryption in art.
To achieve these goals, an aspect according to embodiments of the present invention, it is provided that a kind of for program encryption
Authentication method.The authentication method for program encryption according to the present invention includes: primary processor sends to monitoring unit to be recognized
Card request, wherein, comprises, in certification request, the parameters for authentication that primary processor generates;Primary processor receives monitoring unit and presses
Send, according to predetermined communication format, the authentication response of coming, wherein, authentication response at least includes the response that monitoring unit generates
Parameter;And primary processor judges whether response parameter and parameters for authentication have default corresponding relation, work as response parameter
When having default corresponding relation with parameters for authentication, certification is passed through, when response parameter and parameters for authentication do not have default right
When should be related to, certification is not passed through.
To achieve these goals, another aspect according to embodiments of the present invention, it is provided that a kind of for program encryption
Certification device.The certification device for program encryption according to the present invention includes: sending module, for monitoring unit
Transmission certification is asked, and wherein, comprises, in certification request, the parameters for authentication that primary processor generates;Receiver module, is used for connecing
Receive monitoring unit and send, according to predetermined communication format, the authentication response of coming, wherein, authentication response at least including, monitoring is single
The response parameter that unit generates;And judge module, default right for judging whether response parameter and parameters for authentication have
Should be related to, when response parameter and parameters for authentication have default corresponding relation, certification is passed through, when response parameter and certification
When parameter does not have default corresponding relation, certification is not passed through.
To achieve these goals, another aspect according to embodiments of the present invention, it is provided that a kind of for program encryption
Certification device.The certification device for program encryption according to the present invention includes: receiver module, is used for receiving main process
Device sends the certification request come, and wherein, comprises, in certification request, the parameters for authentication that primary processor generates;Read module,
For reading the parameters for authentication in certification request;Computing module, the parameters for authentication being used for reading is according to the calculation arranged
Method meets with a response parameter;And sending module, for comprising response parameter according to predetermined format to primary processor transmission
Authentication response.
According to inventive embodiments, produce parameters for authentication by primary processor, and judged whether certification is passed through by primary processor,
Solve the insecure problem of authentication method for program encryption in prior art, reached effectively to prevent bootlegger's mould
Intend the effect that monitoring unit instructs and force primary processor to work on.
Accompanying drawing explanation
The accompanying drawing of the part constituting the application is used for providing a further understanding of the present invention, and the present invention's is schematic real
Execute example and illustrate for explaining the present invention, being not intended that inappropriate limitation of the present invention.In the accompanying drawings:
Fig. 1 is that the hardware of encryption system in prior art connects block diagram;
Fig. 2 is the flow chart of the authentication method for program encryption of according to embodiments of the present invention;
Fig. 3 is a kind of sequential chart optionally with the authentication method in program encryption of according to embodiments of the present invention;
Fig. 4 is that the another kind of according to embodiments of the present invention is optionally with the sequential chart of the authentication method in program encryption;
Fig. 5 be according to embodiments of the present invention one another optionally with the sequential chart of the authentication method in program encryption;
Fig. 6 be according to embodiments of the present invention one another optionally with the sequential chart of the authentication method in program encryption;
Fig. 7 is the schematic diagram of the certification device for program encryption of according to embodiments of the present invention two;And
Fig. 8 be according to embodiments of the present invention two another for the schematic diagram of the certification device of program encryption.
Detailed description of the invention
It should be noted that in the case of not conflicting, the embodiment in the application and the feature in embodiment can phases
Combination mutually.Describe the present invention below with reference to the accompanying drawings and in conjunction with the embodiments in detail.
In order to make those skilled in the art be more fully understood that the present invention program, below in conjunction with in the embodiment of the present invention
Accompanying drawing, is clearly and completely described the technical scheme in the embodiment of the present invention, it is clear that described embodiment
It is only the embodiment of a present invention part rather than whole embodiments.Based on the embodiment in the present invention, ability
The every other embodiment that territory those of ordinary skill is obtained under not making creative work premise, all should belong to
The scope of protection of the invention.
It should be noted that term " first " in description and claims of this specification and above-mentioned accompanying drawing, "
Two " it is etc. for distinguishing similar object, without being used for describing specific order or precedence.Should be appreciated that this
The data that sample uses can be exchanged in the appropriate case, in order to embodiments of the invention described herein.Additionally, term
" include " and " having " and their any deformation, it is intended that cover non-exclusive comprising, such as, comprise
The process of series of steps or unit, method, system, product or equipment are not necessarily limited to those steps clearly listed
Rapid or unit, but can include that the most clearly list or intrinsic for these processes, method, product or equipment
Other step or unit.
Embodiment one
The embodiment of the present invention one provides a kind of authentication method for program encryption.
Fig. 2 is the flow chart of the authentication method for program encryption of according to embodiments of the present invention.As in figure 2 it is shown,
This authentication method being used for program encryption comprises the following steps that
Step S102, primary processor sends certification request to monitoring unit, wherein, comprises primary processor in certification request
The parameters for authentication generated;
Step S104, the authentication response that primary processor reception monitoring unit comes according to the transmission of predetermined communication format, wherein,
Authentication response at least includes the response parameter that monitoring unit generates;And
Step S106, primary processor judges whether response parameter and parameters for authentication have default corresponding relation, works as response
When parameter and parameters for authentication have default corresponding relation, certification is passed through, when response parameter and parameters for authentication do not have default
Corresponding relation time certification do not pass through.
To sum up, by above-mentioned steps S102 to step S106, relative to of the prior art by monitoring unit produce with
Machine number, is produced parameters for authentication by primary processor in the scheme of the embodiment of the present application one, reduces monitoring unit complexity
Requirement;It addition, determined that certification is the most legal relative in prior art by monitoring unit, the embodiment of the present application one
By the primary processor of completion system major function, scheme determines that certification is the most legal, in the case of being possible to prevent certification illegal,
Bootlegger simulates valid instruction, the situation forcing primary processor to work on, and more enhances encipherment scheme reliability.
Preferably, in the embodiment of the present invention, described primary processor can be used in embedded system, and embedded system is
A kind of special computer system, can be used for controlling, monitoring or auxiliary operation machine and equipment.Primary processor is optional
The high-performance processor of the core such as employing ARM/MIPS, and aforementioned processor is relatively big due to procedure quantity, needs to use
Memorizer based on Flash (EMMC is internal uses NAND Flash) outside processor, is used for storing program.
Preferably, in the embodiment of the present invention, described monitoring unit, or claim Systems Monitoring Unit, it is mainly used in monitoring
Primary processor ruuning situation, is typically due to workload less, and uses single-chip microcomputer etc. as monitoring unit.Single-chip microcomputer,
I.e. microcontroller, is a kind of IC chip, is to use very large scale integration technology to process energy having data
The central processor CPU of power, random access memory ram, read only memory ROM, multiple I/O mouth and interruption system,
The functions such as timer/counter (may also include display driver circuit, pulse-width modulation circuit, analog multiplexer,
The circuit such as A/D converter) it is integrated on one piece of silicon chip the little and perfect microcomputer system constituted.Currently
Many single-chip microcomputers have self programmed hardware encryption function, and after being set as encryption, program is difficult to be read out.
Fig. 3 is a kind of sequential chart optionally with the authentication method in program encryption of according to embodiments of the present invention, more
Concrete, Fig. 3 is the sequential chart of the authentication method for program encryption shown in Fig. 2;As it is shown on figure 3, this is used for
The authentication method of program encryption comprises the following steps that
Step S102, primary processor sends certification request to monitoring unit, wherein, comprises primary processor in certification request
The parameters for authentication generated;Specifically primary processor generates parameters for authentication, and according to the communication lattice reserved in advance with monitoring unit
Formula, becomes packet by Information encapsulations such as parameters for authentication, request authentication information, data packet head and packet check informations,
Generation certification is asked, and this certification request is sent to monitoring unit.Preferably, this parameters for authentication is transported at every subsystem
During row the most different, in the case of parameters for authentication does not has repeatability, bootlegger's intercepted data will be avoided, carry out
Simulation and then the copy right piracy produced.
Step S104, the authentication response that primary processor reception monitoring unit comes according to the transmission of predetermined communication format, wherein,
Authentication response at least includes the response parameter that monitoring unit generates;Specifically, primary processor receive monitoring unit according to
Predetermined communication format sends the authentication response of coming, and extracts the response parameter in authentication response.
Step S106, primary processor judges whether response parameter and parameters for authentication have default corresponding relation, works as response
When parameter and parameters for authentication have default corresponding relation, certification is passed through, when response parameter and parameters for authentication do not have default
Corresponding relation time certification do not pass through.Specifically, primary processor judges whether exist between response parameter and parameters for authentication
The algorithm relation of agreement, it is preferable that primary processor, according to the algorithm arranged with monitoring unit, is produced by primary processor
Parameters for authentication carries out corresponding computing and generates certificate parameter, and then primary processor judges whether are certificate parameter and response parameter
Unanimously, in the case of response parameter is consistent with certificate parameter, certification is passed through;Inconsistent in response parameter and certificate parameter
In the case of certification do not pass through.Wherein, primary processor can be algorithm set in advance with the algorithm of monitoring unit agreement,
Or the algorithm chosen according to ad hoc rule from algorithm group set in advance, and this ad hoc rule can be with main place
Parameters for authentication or encryption parameter described later that reason device sends are corresponding, so so that the algorithm of this agreement can be with main place
Parameters for authentication or encryption parameter that reason device sends produce change at random, further increase the reliability of authentication method.
Preferably, the certification knot of step S106 in the authentication method for program encryption that the embodiment of the present invention provides
Really, can be used for being encrypted embedded system, such as, this authentication result can be used for the such as function of embedded system
The subsequent treatment such as restriction, system reboot, program erasing.Therefore, the authentication method provided according to embodiments of the present invention,
Even if the routine data in the flash storage extended out is easy to be completely read out, that monitoring unit stores,
The program matched with host-processor program also cannot obtain, and pirate system also cannot normally work.The present invention is directed to
The existing embedded system with monitoring unit, in the case of not increasing hardware, single by primary processor and monitoring
Unit realizes above-mentioned authentication method, it is achieved the encryption of whole system program, saves encryption chip, solves due to encryption
Cryptographic security that the encryption method of chip is realized by encryption chip production firm completely and may bring is uncertain asks
Topic.
Preferably, before above-mentioned steps S104, the method for also includes according to embodiments of the present invention:
Step S103: monitoring unit sends authentication response according to predetermined communication format to primary processor, wherein, step
S103 also includes:
Step S202: monitoring unit receives primary processor and sends the certification request come, and reads the certification in certification request
Parameter;Wherein, certification request comprises the parameters for authentication that primary processor generates;Specifically, monitoring unit receives master
After the packet of the certification request that processor generates, the most first identify that whether packet is legal data packet, is whether
Certification request data package etc.;Further, from the certification request received, parameters for authentication is extracted.
Step S204: the parameters for authentication read is met with a response parameter by monitoring unit according to the algorithm of agreement;Alternatively,
Monitoring unit can be fixing algorithm with the algorithm of primary processor agreement, it is also possible to for from algorithm group set in advance
According to the specific algorithm selecting rule to elect, this specifically selection rule can be corresponding with the parameter participating in computing.
Step S206: monitoring unit sends the authentication response comprising response parameter according to predetermined format to primary processor.Tool
Body ground, response parameter and response message, according to the communication format appointed with primary processor, are packaged by monitoring unit,
It is sent to primary processor.
The monitoring unit performed according to above-mentioned steps S202 to step S206 can generate and may monitored unit judge
The response parameter passed through for certification, owing to bootlegger cannot know primary processor and the algorithm of monitoring unit agreement or selection
The ad hoc rule of algorithm, even if bootlegger decrypted the communication format of primary processor and monitoring unit agreement in form,
Also so, the reliable of system cannot be added from essentially generating the response parameter that primary processor certification can be made to pass through
Property.
Fig. 4 be the another kind of according to embodiments of the present invention optionally with the sequential chart of the authentication method in program encryption,
There is the step that part is identical with method shown in Fig. 3, highlight the step different from method shown in Fig. 3 below, as
Shown in Fig. 4,
This authentication method being used for program encryption comprises the following steps that
Step S102, primary processor sends certification request to monitoring unit, wherein, comprises primary processor in certification request
The parameters for authentication generated;The parameters for authentication that specifically primary processor generates comprises for specifying recognizing in certification numerical tabular
The mark data of card data, the random code of stochastic generation during these mark data, this certification numerical tabular is pre-stored within main place
In the memorizer of reason device, this certification numerical tabular is previously stored with some authentication datas.Certification numerical value shown in Fig. 4
In table, the data content of storage is only schematically explanation, does not constitute the restriction to embodiment of the present invention certificate scheme.
Step S104, the authentication response that primary processor reception monitoring unit comes according to the transmission of predetermined communication format, wherein,
Authentication response at least includes the response parameter that monitoring unit generates;Specifically, primary processor receive monitoring unit according to
Predetermined communication format sends the authentication response of coming, and extracts the response parameter in authentication response.
Step S106, primary processor judges whether response parameter and parameters for authentication have default corresponding relation, works as response
When parameter and parameters for authentication have default corresponding relation, certification is passed through, when response parameter and parameters for authentication do not have default
Corresponding relation time certification do not pass through.Specifically, in above-mentioned steps S106, primary processor judges response parameter and certification ginseng
Whether number has the step of default corresponding relation includes: step S602: primary processor judges response parameter and certification number
Whether the authentication data that value table identification data is specified has default corresponding relation,
Wherein, step S602: primary processor judges the certification number that response parameter and certification numerical tabular identification data are specified
Include according to the step whether with default corresponding relation:
Step S6022: read the authentication data that mark data are specified from certification numerical tabular;
Step S6024: the authentication data mark data read specified obtains the first checking according to the algorithm of agreement
Data;Alternatively, primary processor can be fixing algorithm with the algorithm of monitoring unit agreement, it is also possible to for from advance
According to the specific algorithm selecting rule to elect in the algorithm group of setting, this specifically selects rule can transport with participation
The parameter calculated is corresponding, herein, when primary processor contains mark data in the data that monitoring unit sends, and should
Mark data may be used for selection algorithm, and such as, algorithm can carry out complementation by mark data with natural number N,
According to remainder 0~N-1, the algorithm group comprising N number of algorithm selects the algorithm of correspondence.
Step S6026: comparison first verification data is the most consistent with response parameter, when first verification data and response ginseng
When number is consistent, it is determined that response parameter and parameters for authentication have default corresponding relation;When first verification data and response ginseng
When number is inconsistent, it is determined that response parameter and parameters for authentication do not have default corresponding relation.
In sum, said method, by hiding a certification numerical tabular in the memorizer of primary processor end, is recognized every time
Card only can use data in this numerical tabular, at random therefore, even if bootlegger gets the encipherment scheme of the present invention
Detailed process, if numerical tabular cannot be obtained, also cannot be carried out piracy.
Preferably, above-mentioned steps S6022: read the step of the authentication data that mark data are specified from certification numerical tabular
Including:
Step S60222: obtain the computation rule of agreement;It is for instance possible to use remainder number or remainder number add and table look-up
Mode, in a word, as long as computation rule the mark numerical value of data and the storage position in certification numerical tabular can be set up right
Should be related to, it is ensured that the numerical value of different mark data has the storage position in the certification numerical tabular of a clear and definite correspondence i.e.
Can.
Step S60224: obtain the result of calculation that mark data obtain, wherein, this calculating according to the computation rule of agreement
Result is for specifying the storage position of the data in certification numerical tabular;
Step S60226: read the authentication data of storage in the storage position that result of calculation is specified.
By said method, expand the span that the mark data of primary processor generation are possible, and pass through both sides
Arrange the mode of computation rule in advance, add bootlegger and crack difficulty, further increase the safety of system.
Preferably, before above-mentioned steps S104, the method for also includes according to embodiments of the present invention:
Step S103: monitoring unit sends authentication response according to predetermined communication format to primary processor, wherein, step
S103 also includes:
Step S202: monitoring unit receives primary processor and sends the certification request come, and reads the certification in certification request
Parameter;Wherein, certification request contains the mark data that primary processor generates.
Step S204: the parameters for authentication read is met with a response parameter by monitoring unit according to the algorithm of agreement;Optionally,
Authentication data that mark data by the mark authentication data specified of data or are specified by monitoring unit and being sent out by primary processor
Other parameters for authentication sent here meet with a response parameter according to the algorithm arranged with primary processor.Alternatively, monitoring unit with
Primary processor agreement algorithm can be fix algorithm, it is also possible to for from algorithm group set in advance according to specifically
Selecting the algorithm that rule is elected, this specifically selection rule can be corresponding with the parameter participating in computing.
Step S206: monitoring unit sends the authentication response comprising response parameter according to predetermined format to primary processor.Tool
Body ground, response parameter and response message, according to the communication format appointed with primary processor, are packaged by monitoring unit,
It is sent to primary processor.
The monitoring unit performed according to above-mentioned steps S202 to step S206 can generate and may monitored unit judge
The response parameter passed through for certification, owing to bootlegger cannot know primary processor and the algorithm of monitoring unit agreement or selection
The ad hoc rule of algorithm, even if bootlegger decrypted the communication format of primary processor and monitoring unit agreement in form,
Also so, the reliable of system cannot be added from essentially generating the response parameter that primary processor certification can be made to pass through
Property.
Specifically, above-mentioned steps S204 also includes:
Step S402: reading the authentication data that mark data are specified from certification numerical tabular, wherein, certification numerical tabular is pre-
It is first stored in the memorizer of monitoring unit,
Step S404: the authentication data specified by the mark data read replaces the mark data in parameters for authentication, with
And
Step S406: parameters for authentication is met with a response parameter according to the algorithm of agreement.
Monitoring unit according to above-mentioned steps S402 to step S406, read authentication data and by authentication data with other by
Primary processor sends the parameters for authentication come together, has obtained response parameter according to the algorithm arranged with primary processor.
Fig. 5 be according to embodiments of the present invention one another optionally with the sequential chart of the authentication method in program encryption,
There is the step that part is identical with method shown in Fig. 3 and Fig. 4, highlight below in Fig. 5 with shown in Fig. 3 and Fig. 4
The step that method is different, as it is shown in figure 5,
This authentication method being used for program encryption comprises the following steps that
Step S102, primary processor sends certification request to monitoring unit, wherein, comprises primary processor in certification request
The parameters for authentication generated;Specifically, the parameters for authentication that primary processor generates comprises for specifying in certification numerical tabular
The mark data of authentication data, and for indicating the notice data of the effectiveness of authentication response.These notice data are used for
Certification numerical value is returned to primary processor how long after section by notice monitoring unit.These notice data are random code, logical
The form of primary data does not limits, and primary processor and monitoring unit have arranged to notify the right of data and concrete time span in advance
Should be related to, optionally, concrete time span unit be the second, millisecond or minute etc..
Step S104, the authentication response that primary processor reception monitoring unit comes according to the transmission of predetermined communication format, wherein,
Authentication response at least includes the response parameter that monitoring unit generates;Specifically, primary processor receive monitoring unit according to
Predetermined communication format sends the authentication response of coming, and extracts the response parameter in authentication response.
Step S106, primary processor judges whether response parameter and parameters for authentication have default corresponding relation, works as response
When parameter and parameters for authentication have default corresponding relation, certification is passed through, when response parameter and parameters for authentication do not have default
Corresponding relation time certification do not pass through.Specifically, in above-mentioned steps S106, primary processor judges response parameter and certification ginseng
Whether number has the step of default corresponding relation includes: step S604: primary processor judges response parameter and certification number
Authentication data that value table identification data is specified or and the authentication data specified of certification numerical tabular identification data and
Whether notice data have default corresponding relation,
Wherein, above-mentioned steps S604 can be considered and includes step S604a: primary processor judges response parameter and certification numerical value
Whether the data that table identification data is specified have default corresponding relation, and step S604b: primary processor judges
Whether data and notice data that response parameter and certification numerical tabular identification data are specified have default corresponding pass
System.
Preferably, step S604a includes:
Step S6042: read the authentication data that mark data are specified from certification numerical tabular,
Step S6044: the mark authentication data specified of data is obtained second according to the algorithm arranged with primary processor and tests
Card data, and
Step S6046: comparison second verifies that data are the most consistent with response parameter, when the second checking data and response ginseng
When number is consistent, it is determined that response parameter and parameters for authentication have default corresponding relation;When the second checking data and response ginseng
When number is inconsistent, it is determined that response parameter and parameters for authentication do not have default corresponding relation.
Preferably, step S604b includes:
Step S6043: read the authentication data that mark data are specified from certification numerical tabular,
Step S6045: authentication data and the notice data mark data specified obtain second according to the algorithm of agreement
Checking data, and
Step S6047: comparison second verifies that data are the most consistent with response parameter, when the second checking data and response ginseng
When number is consistent, it is determined that response parameter and parameters for authentication have default corresponding relation;When the second checking data and response ginseng
When number is inconsistent, it is determined that response parameter and parameters for authentication do not have default corresponding relation.
Preferably, in above-mentioned steps S6044 and/or above-mentioned steps S6045, the algorithm of agreement can be to preset
Algorithm, or the algorithm chosen according to ad hoc rule from algorithm group set in advance.If from presetting
Algorithm group in selection algorithm, then the selection of algorithm can be by any one in two parameters or two parameters
Together through simple operation, produce corresponding selection rule.Such as, algorithm can be by mark data and natural number N
Carry out complementation, according to remainder 0~N-1, the algorithm group comprising N number of algorithm selects the algorithm of correspondence.For
Above-mentioned steps S6044, in the case of only mark data participate in computing, algorithm group can comprise such as power,
The computing that evolution is similar.For above-mentioned steps S6045, in the case of two parameters participate in computing, can in algorithm group
With comprise such as add, subtract, multiplication and division, power, evolution and or, non-, XOR etc. computing.Similarly, calculate
Method can also be selected by notice data, or is selected by mark data and notice data.
Preferably, on the basis of such scheme, in step S106: primary processor judges response parameter and parameters for authentication
Before whether having default corresponding relation, method also includes:
Step S105: judge the effectiveness of the authentication response received, wherein, step S105: judgement receives
The step of the effectiveness of authentication response includes:
Step S1052: obtain the effective time section corresponding with notifying data,
Step S1054: judge whether the time point receiving authentication response is positioned at effective time section, and
Step S1056: when the time point receiving authentication response is positioned at effective time section, it is determined that authentication response has
Effect, when the time point receiving authentication response is not in effective time section, it is determined that authentication response is invalid.
As can be seen here, on the basis of said method hides a certification numerical tabular in the memorizer of primary processor end, also
By being generated random notice data by primary processor, for retraining the effective time section of monitoring unit return authentication response,
The authentication response being only positioned at effective time section corresponding to notice data just can be identified as effective certification by primary processor
Response.So, adding the cost that cracks of bootlegger, significantly more efficient anti-locking system is cracked.It addition, notice number
According to can be additionally used in participation response parameter or the computing of certificate parameter, thereby increases and it is possible to influence whether the selection of last algorithm, enter one
Adding of step cracks difficulty.
Preferably, before above-mentioned steps S104, the method for also includes according to embodiments of the present invention:
Step S103: monitoring unit sends authentication response according to predetermined communication format to primary processor, wherein, step
S103 also includes:
Step S202: monitoring unit receives primary processor and sends the certification request come, and reads the certification in certification request
Parameter;Wherein, certification request contains mark data and the notice data that primary processor generates.
Step S204: the parameters for authentication read is met with a response parameter by monitoring unit according to the algorithm of agreement;Alternatively,
Authentication data that mark data by the mark authentication data specified of data or are specified by monitoring unit and notice data,
Or send other parameters for authentication come by the mark authentication data specified of data with by main process or data will be identified
The authentication data specified and notice data and arranged according to primary processor by main other parameters for authentication sending that process
Algorithm, generates response parameter.
Alternatively, in above-mentioned steps S204, monitoring unit can be fixing algorithm with the algorithm of primary processor agreement,
Can also be for selecting the regular algorithm elected according to specific from algorithm group set in advance, this specifically selects rule
Then can be corresponding with the parameter participating in computing.If selection algorithm from algorithm group set in advance, then algorithm
Selection can produce corresponding choosing by any one in two parameters or two parameters together through simple operation
Select rule.Such as, algorithm can carry out complementation by mark data with natural number N, according to remainder 0~N-1,
The algorithm of correspondence is selected in the algorithm group comprising N number of algorithm.Number is only identified with primary processor agreement at monitoring unit
In the case of participating in computing, algorithm group can comprise the computing that such as power, evolution are similar.Monitoring unit with
Primary processor agreement mark data and notice be in the case of data are involved in computing, algorithm group can comprise such as add,
Subtract, multiplication and division, power, evolution and or, non-, XOR etc. computing.Similarly, algorithm can also be by logical
Primary data selects, or is selected by mark data and notice data.
Step S206: monitoring unit sends the authentication response comprising response parameter according to predetermined format to primary processor.Tool
Body ground, response parameter and response message, according to the communication format appointed with primary processor, are packaged by monitoring unit,
It is sent to primary processor.
Preferably, above-mentioned steps S204 also includes:
Step S402: reading the authentication data that mark data are specified from certification numerical tabular, wherein, certification numerical tabular is pre-
It is first stored in the memorizer of monitoring unit,
Step S404: the authentication data specified by the mark data read replaces the mark data in parameters for authentication, with
And
Step S406: parameters for authentication is met with a response parameter according to the algorithm of agreement.Concrete, will be by step S404
Parameters for authentication after replacement, will identify the authentication data that data are specified or authentication data mark data specified
With notice data or by the mark authentication data specified of data and notice data with other are by recognizing that primary processor is sent
Card parameter, according to the algorithm arranged with primary processor, meet with a response parameter.
In sum, monitoring unit, according to above-mentioned steps S402 to step S406, reads authentication data and by certification number
According to together with other parameters for authentication, obtain response parameter according to the algorithm of agreement.
Preferably, in the case of monitoring unit receives the notice data that primary processor is sent, before step S206,
Monitoring unit also executes the following steps:
Step S205: according to the rule arranged with primary processor, obtains the effective time section that notice data are corresponding, wherein,
The form of notice data does not limits, and primary processor and monitoring unit have arranged to notify that data are corresponding with concrete time span
Relation, optionally, the unit of concrete time span be the second, millisecond or minute etc..Further, specify in notice data
In effective time section, monitoring unit performs step S206.
The monitoring unit performed according to above-mentioned steps S202 to step S206 can be to main process in effective time section
Device send authentication response and generate may monitored unit be judged as the response parameter that certification is passed through, due to bootlegger without
Method knows primary processor and the algorithm of monitoring unit agreement or the ad hoc rule of selection algorithm, even if bootlegger is in form
Decrypted the communication format of primary processor and monitoring unit agreement, also primary processor cannot can be made to recognize from essentially generating
The response parameter that card passes through;Even if bootlegger has attempted correct response parameter by chance, without at notice number
Pass through according to also authenticating to primary processor transmission authentication response in the time period of agreement.So, the reliability of system obtains
Arrive further guarantee.
Optionally, on the basis of scheme shown in above-mentioned Fig. 3, Fig. 4, Fig. 5, in step S102: primary processor to
Before monitoring unit sends the certification request of the parameters for authentication generated containing primary processor, according to embodiments of the present invention one
Authentication method for program encryption also includes: step S101: primary processor is to adding that monitoring unit transmission randomly generates
Close parameter.To be said respectively for the method for additional above-mentioned steps S101 of scheme shown in Fig. 3, Fig. 4, Fig. 5 below
Bright:
Wherein, in the method for additional above-mentioned steps S101 of scheme shown in Fig. 3, primary processor also performs following and Fig. 3
The step that shown scheme is different:
In step S106: primary processor judges whether response parameter and parameters for authentication have the step of default corresponding relation
Including: primary processor according to the algorithm arranged with monitoring unit, the parameters for authentication that primary processor is produced or will recognize
Card parameter and encryption parameter carry out corresponding computing and generate certificate parameter, and then primary processor judges certificate parameter and response
Parameter is the most consistent, and in the case of response parameter is consistent with certificate parameter, certification is passed through;In response parameter and checking ginseng
In the case of number is inconsistent, certification is not passed through.Wherein, the algorithm that primary processor and monitoring unit are arranged can be to set in advance
Fixed algorithm, or the algorithm chosen according to ad hoc rule from algorithm group set in advance.If setting from advance
Selection algorithm in fixed algorithm group, then the selection of algorithm can be by any one in two parameters or two ginsengs
Number through simple operation, produces corresponding selection rule together.It is highly preferred that what primary processor sent to monitoring unit
Encryption parameter is for selection algorithm from algorithm group set in advance.
Wherein, in the method for additional above-mentioned steps S101 of scheme shown in Fig. 3, step S103: monitoring unit according to
Predetermined communication format sends to primary processor and also includes the step the most different from scheme shown in Fig. 3 in authentication response:
In step S204, monitoring unit is also by the parameters for authentication read or by the parameters for authentication read and encryption
Parameter meets with a response parameter according to the algorithm of agreement.If selection algorithm from algorithm group set in advance, then algorithm
Selection can produce corresponding by any one in two parameters or two parameters together through simple operation
Select rule.It is highly preferred that the encryption parameter that primary processor sends to monitoring unit is used for from algorithm group set in advance
Middle selection algorithm.
Wherein, in the method for additional above-mentioned steps S101 of scheme shown in Fig. 4, primary processor also performs following and Fig. 4
The step that shown scheme is different:
In step S106: primary processor judges whether response parameter and parameters for authentication have the step of default corresponding relation
Including step S606: primary processor judges response parameter, and parameters for authentication and encryption parameter whether have default right
Should be related to, wherein, step S606 also includes:
Step S6062: read the authentication data that mark data are specified from certification numerical tabular;
Step S6064: the authentication data that the mark data read are specified, or the mark data read are referred to
Fixed authentication data and encryption parameter obtain the 3rd checking data according to the algorithm of agreement;If the algorithm being due up is for from advance
The algorithm selected in the algorithm group first set, then the selection of algorithm can by any one in two parameters or
Two parameters, together through simple operation, produce corresponding selection rule.It is highly preferred that primary processor is to monitoring unit
The encryption parameter sent is for selection algorithm from algorithm group set in advance.
Step S6066: comparison the 3rd checking data are the most consistent with response parameter, when the 3rd checking data and response ginseng
When number is consistent, it is determined that response parameter and parameters for authentication have default corresponding relation;When the 3rd checking data and response ginseng
When number is inconsistent, it is determined that response parameter and parameters for authentication do not have default corresponding relation.
Wherein, in the method for additional above-mentioned steps S101 of scheme shown in Fig. 4, step S103: monitoring unit according to
Predetermined communication format sends to primary processor and also includes the step the most different from scheme shown in Fig. 4 in authentication response:
In step S204, monitoring unit is also by the mark data read or by the mark data read and encryption
Parameter meets with a response parameter according to the algorithm of agreement.If selection algorithm from algorithm group set in advance, then algorithm
Selection can produce corresponding by any one in two parameters or two parameters together through simple operation
Select rule.It is highly preferred that the encryption parameter that primary processor sends to monitoring unit is used for from algorithm group set in advance
Middle selection algorithm.
Wherein, as shown in Figure 6, for the method sequential chart of additional above-mentioned steps S101 of scheme shown in Fig. 5, at Fig. 6
In, primary processor also performs as follows the most different from scheme shown in Fig. 5 steps:
In step S106: primary processor judges whether response parameter and parameters for authentication have the step of default corresponding relation
Including: step S608: primary processor judges response parameter, and identifies in data and notice data and encryption parameter three
Whether at least one has default corresponding relation, and wherein, step S608 also includes:
Step S6082: read the authentication data that mark data are specified from certification numerical tabular;
Step S6084: the authentication data mark data read specified obtains the 4th checking according to the algorithm of agreement
Data;Or authentication data and the encryption parameter the mark data read specified obtain the 4th according to the algorithm of agreement
Checking data;Or the authentication data mark data read specified and encryption parameter and notice data are according to agreement
Algorithm obtain the 4th checking data;It is highly preferred that the encryption parameter that primary processor sends to monitoring unit is used for from advance
Selection algorithm in the algorithm group first set.
Step S6086: comparison the 4th checking data are the most consistent with response parameter, when the 4th checking data and response ginseng
When number is consistent, it is determined that response parameter and parameters for authentication have default corresponding relation;When the 4th checking data and response ginseng
When number is inconsistent, it is determined that response parameter and parameters for authentication do not have default corresponding relation.
Wherein, shown in Fig. 6, for the method sequential chart of additional above-mentioned steps S101 of scheme shown in Fig. 5, in figure 6,
Step S103: monitoring unit also includes following and Fig. 5 according to predetermined communication format in primary processor transmission authentication response
The step that shown scheme is different:
In step S204, the data that the mark data read also are specified by monitoring unit, or the mark that will read
Know the data specified of data and encryption parameter, or data and encryption parameter that the mark data read are specified and lead to
Primary data meets with a response parameter according to the algorithm of agreement.
Embodiment two
The embodiment of the present invention two additionally provides a kind of certification device for program encryption.It should be noted that the present invention
The certification device for program encryption of embodiment two may be used for perform the embodiment of the present invention one provided for program
The authentication method of encryption, the authentication method for program encryption of the embodiment of the present invention one can also be implemented by the present invention
The certification device for program encryption that example two is provided performs.
Fig. 7 is the schematic diagram of the certification device for program encryption of according to embodiments of the present invention two.As it is shown in fig. 7,
The certification device for program encryption according to embodiments of the present invention includes:
Sending module 10, for sending certification request to monitoring unit, wherein, comprises primary processor in certification request raw
The parameters for authentication become;
Receiver module 20, sends, according to predetermined communication format, the authentication response of coming for receiving monitoring unit, wherein, recognizes
Card response at least includes the response parameter that monitoring unit generates;And
Judge module 30, for judging whether response parameter and parameters for authentication have default corresponding relation, when response ginseng
When number and parameters for authentication have default corresponding relation, certification is passed through, when response parameter and parameters for authentication do not have default
During corresponding relation, certification is not passed through.
Preferably, the parameters for authentication generated when primary processor includes the mark number for specifying the data in certification numerical tabular
According to time, it is judged that module 30 includes:
First reads unit 301, for reading the authentication data that mark data are specified from certification numerical tabular;
First computing unit 303, obtains according to the algorithm of agreement for the authentication data mark data read specified
To first verification data;And
First comparing unit 305, the most consistent with response parameter for comparison first verification data, when first verifies number
According to time consistent with response parameter, it is determined that response parameter and parameters for authentication have default corresponding relation;When first verifies number
According to time inconsistent with response parameter, it is determined that response parameter and parameters for authentication do not have default corresponding relation;
Wherein, certification numerical tabular is pre-stored within the memorizer of primary processor.
Preferably, the parameters for authentication generated when primary processor includes the mark number for specifying the data in certification numerical tabular
According to, and during for indicating the notice data of effectiveness of authentication response, it is judged that module 30 includes:
Second reads unit 311: for reading the authentication data that mark data are specified from certification numerical tabular,
Second computing unit 313: for the authentication data that mark data are specified, or by recognizing that mark data are specified
Card data and notice data obtain the second checking data according to the algorithm of agreement, and
Second comparing unit 315: verify that data are the most consistent with response parameter for comparison second, when second verifies number
According to time consistent with response parameter, it is determined that response parameter and parameters for authentication have default corresponding relation;When second verifies number
According to time inconsistent with response parameter, it is determined that response parameter and parameters for authentication do not have default corresponding relation.
Preferably, the parameters for authentication generated when primary processor includes the notice data of the effectiveness for indicating authentication response
Time, before judge module 30, this certification device being used for program encryption also includes:
Effectiveness authentication module 25, wherein, effectiveness authentication module 25 also includes:
Acquiring unit 251: for obtaining the effective time section corresponding with notifying data,
Judging unit 253: for judging whether the time point receiving authentication response is positioned at effective time section, and
Identifying unit 255: for when the time point receiving authentication response is positioned at effective time section, it is determined that certification
Response is effective, when the time point receiving authentication response is not in effective time section, it is determined that authentication response is invalid.
Preferably, this certification device being used for program encryption also includes: pre-sending module 05, for sending out to monitoring unit
Send the encryption parameter randomly generated.In the case of device includes pre-sending module 05, it is judged that module 30 includes:
Third reading takes unit 321: for reading the authentication data that mark data are specified from certification numerical tabular,
3rd computing unit 323: for by parameters for authentication, or by parameters for authentication and encryption parameter according to agreement
Algorithm obtains the 3rd checking data, and wherein, parameters for authentication comprises the mark for specifying the authentication data in certification numerical tabular
Know data, and/or for indicating the notice data of the effectiveness of authentication response.
3rd comparing unit 325: the most consistent with response parameter for comparison the 3rd checking data, when the 3rd verifies number
According to time consistent with response parameter, it is determined that response parameter and parameters for authentication have default corresponding relation;When the 3rd verifies number
According to time inconsistent with response parameter, it is determined that response parameter and parameters for authentication do not have default corresponding relation.
Fig. 8 be according to embodiments of the present invention two another for the schematic diagram of the certification device of program encryption.Such as Fig. 8
Shown in, the certification device for program encryption according to embodiments of the present invention includes:
Receiver module 60, the certification request come for receiving primary processor to send, wherein, certification request comprises main place
The parameters for authentication that reason device generates;
Read module 70, for reading the parameters for authentication in certification request;
Computing module 80, for meeting with a response the parameters for authentication read parameter according to the algorithm of agreement;And
Sending module 90, for sending the authentication response comprising response parameter according to predetermined format to primary processor.
Preferably, from parameters for authentication, the mark for specifying the authentication data in certification numerical tabular is extracted when read module
When knowing data, computing module 80 includes:
4th reads unit 801, for reading the authentication data that mark data are specified from certification numerical tabular, wherein,
Certification numerical tabular is pre-stored within the memorizer of monitoring unit,
4th computing unit 803, replaces in parameters for authentication for the authentication data mark data read specified
Mark data, and parameters for authentication is obtained relevant parameter according to the algorithm of agreement.Alternatively, when read module is from certification
When extracting the mark data for specifying the authentication data in certification numerical tabular in parameter, the 4th computing unit will mark
The authentication data that data are specified is according to the algorithm arranged with primary processor, and meet with a response parameter.Alternatively, also can will mark
The authentication data that knowledge data are specified, together with other parameters for authentication, has obtained response parameter according to the algorithm of agreement.Optional
Ground, monitoring unit can be fixing algorithm with the algorithm of primary processor agreement, it is also possible to for from algorithm set in advance
According to the specific algorithm selecting rule to elect in Qun, this specifically selection rule can be with the parameter phase participating in computing
Corresponding.
Preferably, from parameters for authentication, the mark for specifying the authentication data in certification numerical tabular is extracted when read module
Know data and during for indicating the notice data of effectiveness of authentication response or extract for specifying certification numerical value
When the mark data of the authentication data in table and encryption parameter or extract for specifying recognizing in certification numerical tabular
When demonstrate,proving the mark data of data and be used for the notice data and the encryption parameter that indicate the effectiveness of authentication response, calculate
Module 80 includes:
5th reads unit 811, for reading the authentication data that mark data are specified from certification numerical tabular, wherein,
Certification numerical tabular is pre-stored within the memorizer of monitoring unit,
5th computing unit 813, replaces in parameters for authentication for the authentication data mark data read specified
Mark data, and parameters for authentication is obtained relevant parameter according to the algorithm of agreement.Alternatively, when carrying from parameters for authentication
Get for specifying the mark data of the authentication data in certification numerical tabular and for indicating the effectiveness of authentication response
During notice data, for by the mark authentication data specified of data or will the authentication data specified of mark data and notice
Data are according to the algorithm arranged with primary processor, and meet with a response parameter.
Alternatively, when extract from parameters for authentication for specify the mark data of the authentication data in certification numerical tabular with
And during encryption parameter, for the authentication data by the mark authentication data specified of data or mark data specified with add
Close parameter is according to the algorithm arranged with primary processor, and meet with a response parameter.
Alternatively, when extract from parameters for authentication for specify the mark data of the authentication data in certification numerical tabular with
And during for indicating notice data and the encryption parameter of the effectiveness of authentication response, for recognizing that mark data are specified
Demonstrate,prove data or authentication data mark data specified and notice data or the certification number that data are specified will be identified
According to encryption parameter or by the mark authentication data specified of data and notice data together with encryption parameter, according to
The algorithm of primary processor agreement, meet with a response parameter.
Alternatively, monitoring unit can be fixing algorithm with the algorithm of primary processor agreement, it is also possible to for setting from advance
According to the specific algorithm selecting rule to elect in fixed algorithm group, this specifically select rule can with participate in computing
Parameter corresponding.
Preferably, from parameters for authentication, the notice data of the effectiveness for indicating authentication response are extracted when read module
Time, before sending module 90, this device also includes:
Control module 85, for according to the rule arranged with primary processor, obtaining the effective time section that notice data are corresponding,
And control sending module 90 and comprise response parameter to primary processor transmission in the effective time section that notice data are specified
Authentication response.
It should be noted that for aforesaid each method embodiment, in order to be briefly described, therefore it is all expressed as one it be
The combination of actions of row, but those skilled in the art should know, the present invention not limiting by described sequence of movement
System, because according to the present invention, some step can use other orders or carry out simultaneously.Secondly, art technology
Personnel also should know, embodiment described in this description belongs to preferred embodiment, involved action and module
Not necessarily necessary to the present invention.
In the above-described embodiments, the description to each embodiment all emphasizes particularly on different fields, and does not has the portion described in detail in certain embodiment
Point, may refer to the associated description of other embodiments.
In several embodiments provided herein, it should be understood that disclosed device, can be by other side
Formula realizes.Such as, device embodiment described above is only schematically, the division of the most described unit, only
Being only a kind of logic function to divide, actual can have other dividing mode when realizing, and the most multiple unit or assembly can
To combine or to be desirably integrated into another system, or some features can be ignored, or does not performs.Another point, is shown
The coupling each other shown or discuss or direct-coupling or communication connection can be by some interfaces, device or unit
INDIRECT COUPLING or communication connection, can be being electrical or other form.
The described unit illustrated as separating component can be or may not be physically separate, shows as unit
The parts shown can be or may not be physical location, i.e. may be located at a place, or can also be distributed to
On multiple NEs.Some or all of unit therein can be selected according to the actual needs to realize the present embodiment
The purpose of scheme.
It addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, it is also possible to
It is that unit is individually physically present, it is also possible to two or more unit are integrated in a unit.Above-mentioned integrated
Unit both can realize to use the form of hardware, it would however also be possible to employ the form of SFU software functional unit realizes.
If described integrated unit realizes and as independent production marketing or use using the form of SFU software functional unit
Time, can be stored in a computer read/write memory medium.Based on such understanding, technical scheme
Completely or partially can producing with software of the part that the most in other words prior art contributed or this technical scheme
The form of product embodies, and this computer software product is stored in a storage medium, including some instructions in order to make
Obtain a computer equipment (can be personal computer, mobile terminal, server or the network equipment etc.) and perform this
All or part of step of method described in each embodiment bright.And aforesaid storage medium includes: USB flash disk, read-only storage
Device (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory),
The various media that can store program code such as portable hard drive, magnetic disc or CD.
The foregoing is only the preferred embodiments of the present invention, be not limited to the present invention, for the skill of this area
For art personnel, the present invention can have various modifications and variations.All within the spirit and principles in the present invention, made
Any modification, equivalent substitution and improvement etc., should be included within the scope of the present invention.
Claims (17)
1. the authentication method for program encryption, it is characterised in that including:
Primary processor sends certification request to monitoring unit, wherein, comprises described main process in described certification request
The parameters for authentication that device generates;
The authentication response that the described primary processor described monitoring unit of reception comes according to the transmission of predetermined communication format, wherein,
Described authentication response at least includes the response parameter that described monitoring unit generates;And
Described primary processor judges whether described response parameter and described parameters for authentication have default corresponding relation,
When described response parameter and described parameters for authentication have default corresponding relation, certification is passed through, when described response ginseng
When number and described parameters for authentication do not have default corresponding relation, certification is not passed through.
Method the most according to claim 1, it is characterised in that the parameters for authentication that described primary processor generates at least is wrapped
Include: for specifying the mark data of the authentication data in certification numerical tabular, described mark data are random code, institute
State in the memorizer that certification numerical tabular is pre-stored within described primary processor.
Method the most according to claim 2, it is characterised in that described primary processor judges described response parameter and institute
State parameters for authentication whether there is the step of default corresponding relation to include: described primary processor judges described response ginseng
Whether the authentication data that mark data described in number and described certification numerical tabular is specified has default corresponding relation,
Wherein, described primary processor judges that identifying data described in described response parameter and described certification numerical tabular refers to
Whether fixed data have the step of default corresponding relation includes:
The authentication data that described mark data are specified is read from described certification numerical tabular;
The identification data described mark data read specified obtain the first checking number according to the algorithm of agreement
According to;And
First verification data described in comparison is the most consistent with described response parameter, when described first verification data and institute
State response parameter consistent time, it is determined that described response parameter and described parameters for authentication have default corresponding relation;When
When described first verification data is inconsistent with described response parameter, it is determined that described response parameter and described parameters for authentication
Not there is default corresponding relation.
Method the most according to claim 3, it is characterised in that read described mark number from described certification numerical tabular
Include according to the step of the authentication data specified:
Obtain the computation rule of agreement;
Obtaining the result of calculation that described mark data obtain according to the computation rule of agreement, wherein, described calculating is tied
Fruit is for specifying the storage position of the authentication data in described certification numerical tabular;And
Read the authentication data of storage in the described storage position that described result of calculation is specified.
Method the most according to claim 2, it is characterised in that the parameters for authentication that described primary processor generates is the most at least
Including: for indicating the notice data of the effectiveness of described authentication response, described notice data are random code.
Method the most according to claim 5, it is characterised in that described primary processor judges described response parameter and institute
State parameters for authentication whether there is the step of default corresponding relation to include: described primary processor judges described response ginseng
Identify described in number and described certification numerical tabular the authentication datas specified of data or and described certification numerical tabular in
Whether authentication data and described notice data that described mark data are specified have default corresponding relation,
Wherein, described primary processor judges that identifying data described in described response parameter and described certification numerical tabular refers to
Fixed authentication data or and described certification numerical tabular described in identify the authentication data specified of data and described
Whether notice data have the step of default corresponding relation includes:
The authentication data that described mark data are specified is read from described certification numerical tabular,
The authentication data that described mark data are specified or the authentication data that described mark data are specified and
Described notice data obtain the second checking data according to the algorithm of agreement, and
Described in comparison, the second checking data are the most consistent with described response parameter, when described second verifies data and institute
State response parameter consistent time, it is determined that described response parameter and described parameters for authentication have default corresponding relation;When
When described second checking data are inconsistent with described response parameter, it is determined that described response parameter and described parameters for authentication
Not there is default corresponding relation.
7. according to the method described in claim 5 or 6, it is characterised in that judge described response ginseng at described primary processor
Before whether number and described parameters for authentication have default corresponding relation, described method also includes: judge to receive
The effectiveness of described authentication response,
Wherein, it is judged that the step of the effectiveness of the described authentication response received includes:
Obtain the effective time section corresponding with described notice data,
Judge whether the time point receiving described authentication response is positioned at described effective time section, and
When the time point receiving described authentication response is positioned at described effective time section, it is determined that described certification rings
Should be effective, when the time point receiving described authentication response is not in described effective time section, it is determined that institute
State authentication response invalid.
Method the most according to claim 2, it is characterised in that send containing described to monitoring unit at primary processor
Before the certification request of the parameters for authentication that primary processor generates, described method also includes:
Described primary processor sends the encryption parameter randomly generated to described monitoring unit.
Method the most according to claim 8, it is characterised in that described primary processor judges described response parameter and institute
State parameters for authentication whether there is the step of default corresponding relation to include:
The authentication data that described mark data are specified is read from described certification numerical tabular;
The authentication data that the described mark data read are specified, or the described mark data read are referred to
Fixed authentication data and described encryption parameter obtain the 3rd checking data according to the algorithm of agreement;
Described in comparison, the 3rd checking data are the most consistent with described response parameter, when the described 3rd verifies data and institute
State response parameter consistent time, it is determined that described response parameter and described parameters for authentication have default corresponding relation;When
When described 3rd checking data are inconsistent with described response parameter, it is determined that described response parameter and described parameters for authentication
Not there is default corresponding relation.
Method the most according to claim 5, it is characterised in that send containing described to monitoring unit at primary processor
Before the certification request of the parameters for authentication that primary processor generates, described method also includes:
Described primary processor sends the encryption parameter randomly generated to described monitoring unit.
11. methods according to claim 10, it is characterised in that described primary processor judges described response parameter and institute
State parameters for authentication whether there is the step of default corresponding relation to include:
The authentication data that described mark data are specified is read from described certification numerical tabular;
The authentication data that the described mark data read are specified, or the described mark data read are referred to
Fixed authentication data and described encryption parameter, or the authentication data that the described mark data read are specified and
Described encryption parameter and described notice data obtain the 4th checking data according to the algorithm of agreement;
Described in comparison, the 4th checking data are the most consistent with described response parameter, when the described 4th verifies data and institute
State response parameter consistent time, it is determined that described response parameter and described parameters for authentication have default corresponding relation;When
When described 4th checking data are inconsistent with described response parameter, it is determined that described response parameter and described parameters for authentication
Not there is default corresponding relation.
12. methods according to claim 1, it is characterised in that receive described monitoring unit at described primary processor and press
Before sending, according to predetermined communication format, the authentication response come, described method also includes: described monitoring unit is according in advance
Determining communication format and send authentication response to described primary processor, wherein, described monitoring unit is according to predetermined communication lattice
The step that formula sends authentication response to described primary processor includes:
Monitoring unit receives primary processor and sends the certification request come, and reads the certification ginseng in described certification request
Number;Wherein, described certification request comprises the parameters for authentication that described primary processor generates;
The described parameters for authentication read is met with a response parameter by described monitoring unit according to the algorithm of agreement;And
Described monitoring unit sends, to described primary processor, the certification comprising described response parameter according to predetermined format and rings
Should.
13. methods according to claim 12, it is characterised in that described monitoring unit extracts from described parameters for authentication
To during for specifying the mark data of authentication data in certification numerical tabular, the institute that described monitoring unit will read
The step stating the response parameter that parameters for authentication obtains according to the algorithm of agreement includes:
The authentication data that described mark data are specified, wherein, described certification number is read from described certification numerical tabular
Value table is pre-stored within the memorizer of described monitoring unit,
The authentication data specified by the described mark data read replaces the mark data in described parameters for authentication,
And
Described parameters for authentication is met with a response parameter according to the algorithm of agreement.
14. 1 kinds of certification devices for program encryption, it is characterised in that including:
Sending module, for sending certification request to monitoring unit, wherein, comprises main place in described certification request
The parameters for authentication that reason device generates;
Receiver module, sends, according to predetermined communication format, the authentication response of coming for receiving described monitoring unit, its
In, described authentication response at least includes the response parameter that described monitoring unit generates;And
Judge module, for judging whether described response parameter and described parameters for authentication have default corresponding relation,
When described response parameter and described parameters for authentication have default corresponding relation, certification is passed through, when described response ginseng
When number and described parameters for authentication do not have default corresponding relation, certification is not passed through.
15. devices according to claim 14, it is characterised in that the parameters for authentication generated when described primary processor includes
When the mark data specifying the authentication data in certification numerical tabular, described judge module includes:
Read unit, for reading the authentication data that described mark data are specified from described certification numerical tabular;
Computing unit, obtains according to the algorithm of agreement for the authentication data described mark data read specified
To first verification data;And
Comparing unit, the most consistent with described response parameter for first verification data described in comparison, when described
When one checking data are consistent with described response parameter, it is determined that described response parameter has default with described parameters for authentication
Corresponding relation;When described first verification data and described response parameter are inconsistent, it is determined that described response parameter
With described parameters for authentication, not there is default corresponding relation;
Wherein, described certification numerical tabular is pre-stored within the memorizer of described primary processor.
16. 1 kinds of certification devices for program encryption, it is characterised in that including:
Receiver module, the certification request come for receiving primary processor to send, wherein, described certification request is wrapped
The parameters for authentication generated containing described primary processor;
Read module, for reading the parameters for authentication in described certification request;
Computing module, for meeting with a response the described parameters for authentication read parameter according to the algorithm of agreement;With
And
Sending module, for sending the certification comprising described response parameter according to predetermined format to described primary processor
Response.
17. devices according to claim 16, it is characterised in that when read module extracts from described parameters for authentication
When the mark data specifying the authentication data in certification numerical tabular, described computing module includes:
Read unit, for reading the authentication data that described mark data are specified from described certification numerical tabular, its
In, described certification numerical tabular is pre-stored within the memorizer of monitoring unit;
Computing unit, replaces described parameters for authentication for the authentication data described mark data read specified
In mark data, and by described parameters for authentication according to agreement algorithm obtain relevant parameter.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510169562.3A CN106156548B (en) | 2015-04-10 | 2015-04-10 | Authentication method and device for program encryption |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510169562.3A CN106156548B (en) | 2015-04-10 | 2015-04-10 | Authentication method and device for program encryption |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106156548A true CN106156548A (en) | 2016-11-23 |
| CN106156548B CN106156548B (en) | 2019-01-08 |
Family
ID=57335743
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510169562.3A Active CN106156548B (en) | 2015-04-10 | 2015-04-10 | Authentication method and device for program encryption |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106156548B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107566125A (en) * | 2017-09-01 | 2018-01-09 | 捷德(中国)信息科技有限公司 | The safety certifying method that a kind of more algorithms combine |
| CN108429820A (en) * | 2018-05-23 | 2018-08-21 | 深圳远征技术有限公司 | A kind of communication means of internet of things application layer, system and terminal device |
| CN113742707A (en) * | 2021-09-08 | 2021-12-03 | 深圳市精锋医疗科技有限公司 | Authentication method, authentication device, and surgical robot |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1822540A (en) * | 2005-02-01 | 2006-08-23 | 株式会社Ntt都科摩 | Authentication vector generation device and method, subscriber identity module, wireless communication system and calculation method |
| CN101079703A (en) * | 2006-05-23 | 2007-11-28 | 北京握奇数据系统有限公司 | System and method for user ID card authentication via Internet |
| CN101175324A (en) * | 2004-08-29 | 2008-05-07 | 华为技术有限公司 | Safety guaranteeing method of user card |
| US20110072121A1 (en) * | 2005-12-19 | 2011-03-24 | Nippon Telegraph And Telephone Corporation | Terminal Identification Method, Authentication Method, Authentication System, Server, Terminal, Wireless Base Station, Program, and Recording Medium |
| CN103368735A (en) * | 2012-04-06 | 2013-10-23 | 中兴通讯股份有限公司 | Authentication method, device and system of accessing application into intelligent card |
-
2015
- 2015-04-10 CN CN201510169562.3A patent/CN106156548B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101175324A (en) * | 2004-08-29 | 2008-05-07 | 华为技术有限公司 | Safety guaranteeing method of user card |
| CN1822540A (en) * | 2005-02-01 | 2006-08-23 | 株式会社Ntt都科摩 | Authentication vector generation device and method, subscriber identity module, wireless communication system and calculation method |
| US20110072121A1 (en) * | 2005-12-19 | 2011-03-24 | Nippon Telegraph And Telephone Corporation | Terminal Identification Method, Authentication Method, Authentication System, Server, Terminal, Wireless Base Station, Program, and Recording Medium |
| CN101079703A (en) * | 2006-05-23 | 2007-11-28 | 北京握奇数据系统有限公司 | System and method for user ID card authentication via Internet |
| CN103368735A (en) * | 2012-04-06 | 2013-10-23 | 中兴通讯股份有限公司 | Authentication method, device and system of accessing application into intelligent card |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107566125A (en) * | 2017-09-01 | 2018-01-09 | 捷德(中国)信息科技有限公司 | The safety certifying method that a kind of more algorithms combine |
| CN108429820A (en) * | 2018-05-23 | 2018-08-21 | 深圳远征技术有限公司 | A kind of communication means of internet of things application layer, system and terminal device |
| CN113742707A (en) * | 2021-09-08 | 2021-12-03 | 深圳市精锋医疗科技有限公司 | Authentication method, authentication device, and surgical robot |
| CN113742707B (en) * | 2021-09-08 | 2023-12-08 | 深圳市精锋医疗科技股份有限公司 | Authentication method, authentication device, and surgical robot |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106156548B (en) | 2019-01-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107659632A (en) | A kind of file encryption-decryption method, device and computer-readable recording medium | |
| US9729322B2 (en) | Method and system for smart card chip personalization | |
| CN109347625B (en) | Password operation method, work key creation method, password service platform and equipment | |
| CN106302544A (en) | A kind of safe verification method and system | |
| US9042553B2 (en) | Communicating device and communicating method | |
| CN109086578A (en) | A kind of method that soft ware authorization uses, equipment and storage medium | |
| US9959403B2 (en) | Information processing system for mutual authentication between communication device and storage | |
| CN108540457A (en) | A kind of safety equipment and its biological identification control method and device | |
| CN106209734A (en) | The identity identifying method of process and device | |
| CN103914662A (en) | Access control method and device of file encrypting system on the basis of partitions | |
| CN109391618A (en) | A kind of method for building up and system of communication link | |
| CN105279441A (en) | Methods and architecture for encrypting and decrypting data | |
| CN106156548A (en) | Authentication method and device for program encryption | |
| CN109446757A (en) | A method of for general MCU programmed protection | |
| CN109922022A (en) | Internet of Things communication means, platform, terminal and system | |
| US20160277182A1 (en) | Communication system and master apparatus | |
| CN109150813B (en) | Equipment verification method and device | |
| CN102983969A (en) | Security login system and security login method for operating system | |
| WO2018076163A1 (en) | Binding authentication method for fingerprint algorithm library and fingerprint sensor, and fingerprint recognition system | |
| CN105095780B (en) | The access method and device of test port in a kind of chip | |
| JP2016199842A (en) | Method for permitting device function of spinning machine | |
| CN105809063B (en) | A kind of data processing method and safety chip device | |
| CN103530555A (en) | Method and device for preventing program from executing malice operation | |
| CN107330318A (en) | A kind of binding encryption method of digital signal panel card and its debugging system | |
| WO2013044384A1 (en) | System and method for providing hardware-based security |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |