CN109255207B - Application program authentication system and authentication method - Google Patents
Application program authentication system and authentication method Download PDFInfo
- Publication number
- CN109255207B CN109255207B CN201710576472.5A CN201710576472A CN109255207B CN 109255207 B CN109255207 B CN 109255207B CN 201710576472 A CN201710576472 A CN 201710576472A CN 109255207 B CN109255207 B CN 109255207B
- Authority
- CN
- China
- Prior art keywords
- authentication
- random number
- true random
- key
- application program
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 82
- 238000012795 verification Methods 0.000 claims description 26
- 230000006870 function Effects 0.000 claims description 22
- 238000003860 storage Methods 0.000 claims description 8
- 238000010586 diagram Methods 0.000 description 11
- 238000011161 development Methods 0.000 description 8
- 238000004590 computer program Methods 0.000 description 7
- 238000012545 processing Methods 0.000 description 5
- 238000009826 distribution Methods 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 2
- 239000008186 active pharmaceutical agent Substances 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000004806 packaging method and process Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/105—Arrangements for software license management or administration, e.g. for managing licenses at corporate level
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/107—License processing; Key processing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
Abstract
The invention provides an application program authentication system and an authentication method, wherein the authentication system comprises an authentication terminal and an application program authentication module, and the application program authentication module comprises a first true random number generation module for generating a first true random number; a first authentication key generation module for generating a first authentication key according to the first true random number and a second true random number acquired from the authentication terminal; and the authentication sub-module is used for comparing whether the first authentication key is consistent with the second authentication key acquired from the authentication terminal. The authentication terminal includes: generating a second true random number generation module; the authentication frequency identification module is used for comparing the used frequency of the application program with a preset frequency upper limit; and the second authentication key generation module generates a second authentication key according to the first true random number and the second true random number. The technical scheme provided by the invention ensures the safety of the application program application range provided by an application developer and the controllability of the use times.
Description
Technical Field
The invention relates to application program authentication, in particular to an application program authentication system and an authentication method.
Background
COS is a Chip Operating System, called an on-Chip Operating System. With the advent of smart cards and security chips with microprocessors inside, the realization of such complex work of managing the cards themselves has become a reality. The advent of COS not only greatly improves the card's interaction with the reader/writer, making it safer to use, but also brings the smart card itself a big step towards personal computerization. The COS has the main functions of controlling the exchange of information between the smart card and the outside world, managing the memory within the card and completing the processing of various commands within the card.
A card loaded with COS developed in a local language such as assembly language, C language, etc. is called a Native card, in which a COS platform and an application are not generally developed separately. The same manufacturer not only develops the COS platform, but also develops the application. The card loaded with the JavaCard platform is called Java card, which is a product of combining Java technology and smart card technology and is a novel smart card system. It introduces the characteristics of Java language such as object-oriented, cross-platform and high security into the smart card. The Java card introduces an Application Programming Interface (API) of a unified standard, so that the Java card platform and the Application development can be separated.
The Java card API is one of important components of a Java card running environment, and provides a set of uniform programming interfaces for application development, including IO interfaces, exception management, security management and other interfaces, so that the application development and the platform development can be completely separated. The application on the Java card can be programmed and debugged using standard APIs, generating a downloadable file (CAP file). After the card is issued, application management such as downloading, installation, and deletion of the application can be performed again.
When the application and the platform development are separated, any application calling the standard API development can be loaded on another Java card platform providing the same version API. Thus, in a business collaboration, an application of one application developer may be provided to a platform of another platform developer for release to collaboratively develop a product. In this process, a downloadable application program (CAP file) generated by an application of an application developer needs to be provided to the platform developer. Thus, the application is at risk of being misappropriated or exceeding the terms and usage times agreed upon by the commercial contract. After the project cooperation is completed, the platform developer can continue to release and use the application program, so that the application provider is at a great risk. Therefore, there is a need to find a way to secure the use of applications.
Disclosure of Invention
In the existing Java card collaborative development model, a downloadable file (CAP file) of an application developer may need to be provided to a platform developer for distribution. During the distribution process, there are cases where the CAP file is used at will and exceeds the contractually agreed number of uses. In the transmission process, the loss or stealing of the CAP file may occur, so that the applied CAP file cannot be effectively protected.
The invention uses technical means to prevent the phenomenon from happening, so as to ensure the safety of the application program (CAP file) application range provided by an application developer and the controllability of the use times, and ensure that others unrelated to the project can not use the application program at will after acquiring the application program.
The invention provides an application program authentication module, comprising:
the first true random number generation module is used for generating a first true random number;
the first authentication key generation module is used for generating a first authentication key according to the first true random number and a second true random number acquired from the authentication terminal;
the authentication submodule is used for comparing whether the first authentication key is consistent with a second authentication key acquired from the authentication terminal, and if so, the function of the application program is allowed to be called by the external equipment; otherwise, the call is not allowed.
The first authentication key generation module includes:
the first process key generation submodule is used for generating a first process key according to the fixed key stored in the application program authentication module and the second true random number acquired from the authentication terminal;
and the first authentication key generation submodule is used for generating a first authentication key according to the first true random number and the first process key.
The application authentication module further comprises: a storage module for storing the fixed key.
The present invention provides an authentication terminal, including:
the second true random number generation module is used for generating a second true random number;
the authentication number identification module is used for acquiring the first true random number from the application program authentication module, comparing the used number of the application program with a preset number upper limit, and if the used number does not exceed the preset number upper limit after adding 1, generating a second authentication key through the second authentication key generation module; otherwise, returning the first true random number to the application program authentication module;
and the second authentication key generation module is used for generating a second authentication key according to the first true random number and the second true random number.
The second authentication key generation module includes:
the second process key generation submodule is used for generating a second process key according to the fixed key and the second true random number stored in the authentication terminal;
and the second authentication key generation submodule is used for generating a second authentication key according to the first true random number and the second process key.
The authentication terminal further includes:
and the storage module is used for storing the used times and the preset upper limit of times of the application program and the fixed key.
The invention provides an application program authentication system, comprising: the application program authentication module and the authentication terminal are described above.
The invention provides an application program authentication method, which comprises the following steps:
the application program authentication module sends the generated first true random number to an authentication terminal;
the authentication terminal compares the used times of the application program with a preset time upper limit, and if the used times do not exceed the preset time upper limit after adding 1, the authentication terminal generates a second authentication key according to the first true random number and a second true random number generated by the authentication terminal and sends the second authentication key to the application program authentication module; otherwise, returning the first real random number to the application program authentication module;
the application program authentication module generates a first authentication key according to the first true random number and a second true random number in a second authentication key acquired from an authentication terminal, compares whether the first authentication key and the second authentication key are consistent, and if so, allows the function of the application program to be called by external equipment; otherwise, the call is not allowed.
The authentication terminal generating a second authentication key according to the first true random number and a second true random number generated by the authentication terminal comprises:
the authentication terminal generates a second true random number;
the authentication terminal encrypts a fixed key and a second true random number stored in the authentication terminal to generate a second process key;
and the authentication terminal encrypts the first true random number and the second process key to generate a second authentication key.
The application authentication module generating a first authentication key according to the first true random number and a second true random number in a second authentication key acquired from the authentication terminal includes:
the application program authentication module encrypts a second true random number in a fixed key stored in the application program authentication module and a second authentication key acquired from an authentication terminal to generate a first process key;
the application authentication module encrypts the first true random number and the first process key to generate a first authentication key.
The encryption algorithm that generates the first process key is the same as the encryption algorithm that generates the second process key; the encryption algorithm for generating the first authentication key is the same as the encryption algorithm for generating the second authentication key.
The invention provides an application program authentication module, comprising:
the first true random number generation module is used for generating a first true random number;
the first authentication key verification module is used for verifying the consistency of a first true random number and a second true random number generated by decryption in a second authentication key acquired from the authentication terminal with the first true random number generated by the first true random number generation module and the second true random number acquired from the authentication terminal, and if the first true random number and the second true random number are consistent, the function of the application program is allowed to be called by external equipment; otherwise, the call is not allowed.
The first authentication key verification module includes:
the first authentication key verification submodule is used for decrypting a second authentication key acquired from the authentication terminal to generate a second process key and a first true random number and verifying the consistency of the first true random number and the first random number generated by the first true random number generation module;
the first process key verification submodule is used for decrypting a second process key generated by decrypting the second authentication key to generate a second random number and verifying the consistency of the second true random number and the second true random number acquired from the authentication terminal;
the execution submodule is used for allowing the function of the application program to be called by the external equipment if the verification consistency of the first authentication key verification submodule and the first process key verification submodule passes; otherwise, the call is not allowed.
The present invention provides an authentication system, including: one of the application program authentication modules and an authentication terminal.
The invention provides an authentication method, which comprises the following steps:
the application program authentication module sends the generated first true random number to an authentication terminal;
the authentication terminal compares the used times of the application program with a preset time upper limit, and if the used times do not exceed the preset time upper limit after adding 1, the authentication terminal generates a second authentication key according to the first true random number and a second true random number generated by the authentication terminal and sends the second authentication key to the application program authentication module; otherwise, returning the first real random number to the application program authentication module;
the application program authentication module decrypts the generated first true random number and second true random number according to a second authentication key acquired from the authentication terminal, and the first true random number and the second true random number generated by the first true random number generation module are consistent with the second true random number acquired from the authentication terminal, if the first true random number and the second true random number are consistent, the function of the application program is allowed to be called by external equipment; otherwise, the call is not allowed.
Compared with the closest prior art, the technical scheme provided by the invention has the following beneficial effects:
according to the technical scheme provided by the invention, the application program authentication terminal uses the authentication times identification submodule to identify the authentication times, so that the controllability of the use times of the application program is ensured, and the security of the use range of the application program is ensured by generating the authentication key through an encryption algorithm;
according to the technical scheme provided by the invention, the application program authentication module generates the authentication key through the encryption algorithm according to the true random number and the process key, so that the safety of the application program application range is ensured, and irrelevant personnel can not use the application program randomly after obtaining the application program;
according to the technical scheme provided by the invention, the application program authentication system identifies the authentication times through the authentication time identification submodule to ensure the controllability of the use times of the application program, generates the authentication key through an encryption algorithm and identifies the authentication key to ensure the safety of the use range of the application program;
according to the technical scheme provided by the invention, the authentication times are authenticated by the application program authentication method, so that the controllability of the use times of the application program is ensured, and the use times exceeding the contract agreement is avoided; the condition that the application program is stolen is avoided through the authentication of the authentication key, and the safety of the application program use range is ensured.
Drawings
FIG. 1 is a schematic structural diagram of an application authentication module according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of an authentication terminal according to an embodiment of the present invention;
FIG. 3 is a schematic structural diagram of an application authentication system according to an embodiment of the present invention;
fig. 4 is a flowchart of an application authentication method according to an embodiment of the present invention.
Detailed Description
The invention is described in further detail below with reference to the accompanying drawings:
in the existing smart chip collaborative development mode, downloadable applications of an application developer may need to be provided to a platform developer for distribution. During the distribution process, there are cases where the application is used at will and exceeds the number of uses agreed by the contract. During the transmission process, the loss or theft of the application program may occur, so that the application program cannot be effectively protected.
Example one
In order to solve the defect that the application program can be randomly used after being downloaded and installed in the prior art, the invention provides an application program authentication module, the structure of which is shown in fig. 1 and comprises:
the first true random number generation module is used for generating a first true random number which is used as an input parameter for generating the authentication key;
the first authentication key generation module is used for generating a first authentication key according to the first true random number and a second true random number acquired from the authentication terminal;
the authentication submodule is used for comparing whether the first authentication key is consistent with a second authentication key acquired from the authentication terminal, and if so, the function of the application program is allowed to be called by the external equipment; otherwise, the call is not allowed.
Optionally, the first authentication key generation module may further include:
the first process key generation submodule is used for generating a first process key according to the fixed key stored in the application program authentication module and the second true random number acquired from the authentication terminal, and the process key is used as a key generated by the authentication key;
and the first authentication key generation submodule is used for generating a first authentication key according to the first true random number and the first process key. The algorithm for generating the authentication key may be a symmetric algorithm or an asymmetric algorithm.
The invention also provides an authentication terminal, wherein the authentication terminal records the upper limit times of the application program (CAP file) which can be used, and when the authentication times of the CAP file exceeds the upper limit, the authentication can not be carried out. The authentication terminal may be a smart card, a module, a USB KEY, or the like according to different packaging forms, and the structure of the authentication terminal is shown in fig. 2 and includes:
the second true random number generation module is used for generating a second true random number;
the authentication number identification module is used for acquiring the first true random number from the application program authentication module, comparing the used number of the application program with a preset number upper limit, and if the used number does not exceed the preset number upper limit after adding 1, generating a second authentication key through the second authentication key generation module; otherwise, returning the first true random number to the application program authentication module;
and the second authentication key generation module is used for generating a second authentication key according to the first true random number and the second true random number.
The authentication terminal further includes:
and the storage module is used for storing the used times and the preset upper limit of times of the application program and the fixed key.
The second authentication key generation module includes:
the second process key generation submodule is used for generating a second process key according to the fixed key and the second true random number stored in the authentication terminal;
and the second authentication key generation submodule is used for generating a second authentication key according to the first true random number and the second process key. The algorithm for generating the authentication key may be a symmetric algorithm or an asymmetric algorithm.
As shown in fig. 3, the present invention also provides an authentication system, including: the authentication terminal generates the authentication key by using a symmetric algorithm, such as the application authentication module shown in fig. 1 and the authentication terminal shown in fig. 2.
As shown in fig. 4, the present invention provides an authentication method, including:
after the Java card platform passes the security authentication, downloading an application program applied by the Java card to the platform, and before the application program passes the security authentication, sending an authentication command to an application program authentication module;
the application program authentication module adds the generated first true random number into an authentication command and sends the authentication command to an authentication terminal;
the authentication terminal receives an authentication command and then compares the used times of the application program with a preset time upper limit, and if the used times do not exceed the preset time upper limit after adding 1, the authentication terminal generates a second authentication key according to the first true random number and a second true random number generated by the authentication terminal and sends the second authentication key to the application program authentication module; otherwise, returning the first real random number to the application program authentication module;
the application program authentication module generates a first authentication key according to the first true random number and a second true random number in a second authentication key acquired from an authentication terminal, compares whether the first authentication key and the second authentication key are consistent, and if so, the function of the application program can be called by external equipment; otherwise it cannot be called.
The authentication terminal generating a second authentication key according to the first true random number and a second true random number generated by the authentication terminal comprises:
the authentication terminal generates a second true random number;
the authentication terminal encrypts a fixed key and a second true random number stored in the authentication terminal to generate a second process key;
and the authentication terminal encrypts the first true random number and the second process key to generate a second authentication key.
The application authentication module generating a first authentication key according to the first true random number and a second true random number in a second authentication key acquired from the authentication terminal includes:
the application program authentication module encrypts a second true random number in a fixed key stored in the application program authentication module and a second authentication key acquired from an authentication terminal to generate a first process key;
the application authentication module encrypts the first true random number and the first process key to generate a first authentication key.
The encryption algorithm that generates the first process key is the same as the encryption algorithm that generates the second process key; the encryption algorithm for generating the first authentication key is the same as the encryption algorithm for generating the second authentication key.
The encryption algorithm adopts a symmetric encryption algorithm.
Example two
The invention provides an application program authentication module, comprising:
the first true random number generation module is used for generating a first true random number;
the first authentication key verification module is used for verifying the consistency of a first true random number and a second true random number generated by decryption in a second authentication key acquired from the authentication terminal with the first true random number generated by the first true random number generation module and the second true random number acquired from the authentication terminal, and if the first true random number and the second true random number are consistent, the function of the application program is allowed to be called by external equipment; otherwise, the call is not allowed.
The first authentication key generation module includes:
the first authentication key verification submodule is used for decrypting a second authentication key acquired from the authentication terminal to generate a second process key and a first true random number and verifying the consistency of the first true random number and the first random number generated by the first true random number generation module;
the first process key verification submodule is used for decrypting a second process key generated by decrypting the second authentication key to generate a second random number and verifying the consistency of the second true random number and the second true random number acquired from the authentication terminal;
the execution submodule is used for allowing the function of the application program to be called by the external equipment if the verification consistency of the first authentication key verification submodule and the first process key verification submodule passes; otherwise, the call is not allowed.
The present invention provides an authentication system, including: in the application authentication module in this embodiment and the authentication terminal in the first embodiment, an algorithm for generating the authentication key by the authentication terminal is an asymmetric algorithm.
The invention also provides an authentication method, which comprises the following steps:
the application program authentication module sends the generated first true random number to an authentication terminal;
the authentication terminal compares the used times of the application program with a preset time upper limit, and if the used times do not exceed the preset time upper limit after adding 1, the authentication terminal generates a second authentication key according to the first true random number and a second true random number generated by the authentication terminal and sends the second authentication key to the application program authentication module; otherwise, returning the first real random number to the application program authentication module;
the application program authentication module decrypts the generated first true random number and second true random number according to a second authentication key acquired from the authentication terminal, and the first true random number and the second true random number generated by the first true random number generation module are consistent with the second true random number acquired from the authentication terminal, if the first true random number and the second true random number are consistent, the function of the application program is allowed to be called by external equipment; otherwise, the call is not allowed.
The authentication terminal generating a second authentication key according to the first true random number and a second true random number generated by the authentication terminal comprises:
the authentication terminal generates a second true random number;
the authentication terminal encrypts a fixed key and a second true random number stored in the authentication terminal to generate a second process key;
and the authentication terminal encrypts the first true random number and the second process key to generate a second authentication key.
The application program authentication module decrypts the consistency of the generated first true random number, the generated second true random number and the first true random number generated by the first true random number generation module according to the second authentication key acquired from the authentication terminal, and the consistency of the generated second true random number and the second true random number acquired from the authentication terminal, and comprises the following steps:
the application program authentication module decrypts a second authentication key acquired from the authentication terminal to generate a second process key and a first true random number, and verifies the consistency of the first true random number and the first random number generated by the first true random number generation module;
the application program authentication module decrypts a second process key generated by decrypting the second authentication key to generate a second random number, and verifies the consistency of the second true random number and a second true random number acquired from the authentication terminal; if the first authentication key verification sub-module and the first process key verification sub-module pass the verification consistency, the function of the application program is allowed to be called by the external equipment; otherwise, the call is not allowed.
In the second embodiment, both encryption and decryption use asymmetric encryption algorithms.
The application program authentication module, the terminal, the system and the method provided by the invention can prevent the phenomenon from occurring, so that the safety of the application program application range and the controllability of the use times provided by an application developer are ensured, and other people irrelevant to the project can not use the application program at will after acquiring the application program.
The technical personnel in the field can easily construct an application program authentication module based on the asymmetric encryption algorithm, an authentication terminal and an authentication system consisting of the application program authentication module and the authentication terminal according to the inventive concept provided by the invention.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solutions of the present invention and not for limiting the scope of protection thereof, and although the present application is described in detail with reference to the above embodiments, those of ordinary skill in the art should understand that: numerous variations, modifications, and equivalents will occur to those skilled in the art upon reading the present application and are within the scope of the claims appended hereto.
Claims (4)
1. An application authentication system, characterized in that,
the application authentication system includes an application authentication module, the application authentication module including:
the first true random number generation module is used for generating a first true random number;
the first authentication key generation module is used for generating a first authentication key according to the first true random number and a second true random number acquired from the authentication terminal;
the authentication submodule is used for comparing whether the first authentication key is consistent with a second authentication key acquired from the authentication terminal, and if so, the function of the application program is allowed to be called by the external equipment; otherwise, the calling is not allowed;
the first authentication key generation module includes:
the first process key generation submodule is used for generating a first process key according to the fixed key stored in the application program authentication module and the second true random number acquired from the authentication terminal;
the first authentication key generation submodule is used for generating a first authentication key according to the first true random number and the first process key;
and an authentication terminal, the authentication terminal comprising:
the second true random number generation module is used for generating a second true random number;
the authentication number identification module is used for acquiring the first true random number from the application program authentication module, comparing the used number of the application program with a preset number upper limit, and if the used number does not exceed the preset number upper limit after adding 1, generating a second authentication key through the second authentication key generation module; otherwise, returning the first true random number to the application program authentication module;
the second authentication key generation module is used for generating a second authentication key according to the first true random number and the second true random number;
the second authentication key generation module includes:
the second process key generation submodule is used for generating a second process key according to the fixed key and the second true random number stored in the authentication terminal;
the second authentication key generation submodule is used for generating a second authentication key according to the first true random number and the second process key;
the authentication terminal further includes:
and the storage module is used for storing the used times and the preset upper limit of times of the application program and the fixed key.
2. An application authentication method, comprising:
the application program authentication module sends the generated first true random number to an authentication terminal;
the authentication terminal compares the used times of the application program with a preset time upper limit, and if the used times do not exceed the preset time upper limit after adding 1, the authentication terminal generates a second authentication key according to the first true random number and a second true random number generated by the authentication terminal and sends the second authentication key to the application program authentication module; otherwise, returning the first real random number to the application program authentication module;
the application program authentication module generates a first authentication key according to the first true random number and a second true random number in a second authentication key acquired from an authentication terminal, compares whether the first authentication key and the second authentication key are consistent, and if so, allows the function of the application program to be called by external equipment; otherwise, the calling is not allowed; the authentication terminal generating a second authentication key according to the first true random number and a second true random number generated by the authentication terminal comprises:
the authentication terminal generates a second true random number;
the authentication terminal encrypts a fixed key and a second true random number stored in the authentication terminal to generate a second process key;
the authentication terminal encrypts the first true random number and the second process key to generate a second authentication key;
the application authentication module generating a first authentication key according to the first true random number and a second true random number in a second authentication key acquired from the authentication terminal includes:
the application program authentication module encrypts a second true random number in a fixed key stored in the application program authentication module and a second authentication key acquired from an authentication terminal to generate a first process key;
the application program authentication module encrypts the first true random number and the first process key to generate a first authentication key; the encryption algorithm that generates the first process key is the same as the encryption algorithm that generates the second process key; the encryption algorithm for generating the first authentication key is the same as the encryption algorithm for generating the second authentication key.
3. An authentication system, characterized in that the authentication system comprises:
an application authentication module, the application authentication module comprising:
the first true random number generation module is used for generating a first true random number;
the first authentication key verification module is used for verifying the consistency of a first true random number and a second true random number which are generated by decryption in a second authentication key acquired from the authentication terminal, the first true random number generated by the first true random number generation module and the second true random number acquired from the authentication terminal, and if the first true random number and the second true random number are consistent, the function of the application program is allowed to be called by external equipment; otherwise, the calling is not allowed;
the first authentication key verification module includes:
the first authentication key verification sub-module is used for decrypting a second authentication key acquired from the authentication terminal to generate a second process key and a first true random number and verifying the consistency of the first true random number and the first random number generated by the first true random number generation module;
the first process key verification submodule is used for decrypting a second process key generated by decrypting the second authentication key to generate a second random number and verifying the consistency of the second true random number and the second true random number acquired from the authentication terminal;
the execution submodule is used for allowing the function of the application program to be called by the external equipment if the verification consistency of the first authentication key verification submodule and the first process key verification submodule passes; otherwise, the calling is not allowed;
and the authentication terminal, the authentication terminal comprising:
the second true random number generation module is used for generating a second true random number;
the authentication number identification module is used for acquiring the first true random number from the application program authentication module, comparing the used number of the application program with a preset number upper limit, and if the used number does not exceed the preset number upper limit after adding 1, generating a second authentication key through the second authentication key generation module; otherwise, returning the first true random number to the application program authentication module;
the second authentication key generation module is used for generating a second authentication key according to the first true random number and the second true random number;
the second authentication key generation module includes:
the second process key generation submodule is used for generating a second process key according to the fixed key and the second true random number stored in the authentication terminal;
the second authentication key generation submodule is used for generating a second authentication key according to the first true random number and the second process key;
the authentication terminal further includes:
and the storage module is used for storing the used times and the preset upper limit of times of the application program and fixing the secret key.
4. An authentication method, comprising:
the application program authentication module sends the generated first true random number to an authentication terminal;
the authentication terminal compares the used times of the application program with a preset time upper limit, and if the used times do not exceed the preset time upper limit after adding 1, the authentication terminal generates a second authentication key according to the first true random number and a second true random number generated by the authentication terminal and sends the second authentication key to the application program authentication module; otherwise, returning the first real random number to the application program authentication module;
the application program authentication module is used for decrypting and generating a first true random number and a second true random number according to a second authentication key acquired from the authentication terminal, and the first true random number and the second true random number generated by the first true random number generation module are consistent with a second true random number acquired from the authentication terminal, and if the first true random number and the second true random number are consistent, the functions of the application program are allowed to be called by external equipment; otherwise, the calling is not allowed;
the authentication terminal generating a second authentication key according to the first true random number and a second true random number generated by the authentication terminal comprises:
the authentication terminal generates a second true random number;
the authentication terminal encrypts a fixed key and a second true random number stored in the authentication terminal to generate a second process key;
the authentication terminal encrypts the first true random number and the second process key to generate a second authentication key;
the application program authentication module is used for decrypting the consistency of the first true random number, the second true random number and the first true random number generated by the first true random number generation module and the second true random number acquired from the authentication terminal according to the second authentication key acquired from the authentication terminal, and comprises the following steps:
the application program authentication module decrypts a second authentication key acquired from the authentication terminal to generate a second process key and a first true random number, and verifies the consistency of the first true random number and the first random number generated by the first true random number generation module;
the application program authentication module decrypts a second process key generated by decrypting the second authentication key to generate a second random number, and verifies the consistency of the second true random number and a second true random number acquired from the authentication terminal; if the first authentication key verification sub-module and the first process key verification sub-module pass the verification consistency, the function of the application program is allowed to be called by the external equipment; otherwise, the call is not allowed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710576472.5A CN109255207B (en) | 2017-07-14 | 2017-07-14 | Application program authentication system and authentication method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710576472.5A CN109255207B (en) | 2017-07-14 | 2017-07-14 | Application program authentication system and authentication method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109255207A CN109255207A (en) | 2019-01-22 |
| CN109255207B true CN109255207B (en) | 2022-07-01 |
Family
ID=65051873
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710576472.5A Active CN109255207B (en) | 2017-07-14 | 2017-07-14 | Application program authentication system and authentication method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109255207B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1768502A (en) * | 2002-06-19 | 2006-05-03 | 安全通信公司 | Inter-authentication method and device |
| CN101163010A (en) * | 2007-11-14 | 2008-04-16 | 华为软件技术有限公司 | Method of authenticating request message and related equipment |
| CN101256611A (en) * | 2008-04-03 | 2008-09-03 | 中兴通讯股份有限公司 | Method for implementing digital copyright management protection in Java application |
| CN101378320A (en) * | 2008-09-27 | 2009-03-04 | 北京数字太和科技有限责任公司 | Authentication method and system |
| CN104732120A (en) * | 2015-04-08 | 2015-06-24 | 迈普通信技术股份有限公司 | FPGA property right protection method and system |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP6301579B2 (en) * | 2012-12-03 | 2018-03-28 | フェリカネットワークス株式会社 | COMMUNICATION TERMINAL, COMMUNICATION METHOD, PROGRAM, AND COMMUNICATION SYSTEM |
-
2017
- 2017-07-14 CN CN201710576472.5A patent/CN109255207B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1768502A (en) * | 2002-06-19 | 2006-05-03 | 安全通信公司 | Inter-authentication method and device |
| CN101163010A (en) * | 2007-11-14 | 2008-04-16 | 华为软件技术有限公司 | Method of authenticating request message and related equipment |
| CN101256611A (en) * | 2008-04-03 | 2008-09-03 | 中兴通讯股份有限公司 | Method for implementing digital copyright management protection in Java application |
| CN101378320A (en) * | 2008-09-27 | 2009-03-04 | 北京数字太和科技有限责任公司 | Authentication method and system |
| CN104732120A (en) * | 2015-04-08 | 2015-06-24 | 迈普通信技术股份有限公司 | FPGA property right protection method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109255207A (en) | 2019-01-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108055132B (en) | Method, device and equipment for service authorization | |
| CN101419652B (en) | Software and hardware combined program protecting method | |
| CN109412812B (en) | Data security processing system, method, device and storage medium | |
| CN111680305A (en) | Data processing method, device and equipment based on block chain | |
| CN105408912A (en) | Process authentication and resource permissions | |
| CN104794388B (en) | application program access protection method and application program access protection device | |
| US11163859B2 (en) | Content protection via online servers and code execution in a secure operating system | |
| CN103975338A (en) | Method of generating, from an initial package file comprising an application to be secured and an initial configuration file, a package file for securing the application, and associated computer program product and computing device | |
| CN107111728A (en) | Safe key export function | |
| TW201810109A (en) | Processing method for preventing copy attack, server and client | |
| CN113722683B (en) | Model protection method, device, equipment, system and storage medium | |
| CN107196907A (en) | A kind of guard method of Android SO files and device | |
| CN104199657A (en) | Call method and device for open platform | |
| CN105847000A (en) | Token generation method and communication system based on same | |
| CN113792297A (en) | Service processing method, device and equipment | |
| KR102543267B1 (en) | Method and apparatus for white box cryptography | |
| CN111245620B (en) | Mobile security application architecture in terminal and construction method thereof | |
| CN102983969A (en) | Security login system and security login method for operating system | |
| CN109255207B (en) | Application program authentication system and authentication method | |
| CN115640589A (en) | Security protection equipment, service execution method, device and storage medium | |
| CN107392010B (en) | Root operation execution method and device, terminal equipment and storage medium | |
| CN107330318A (en) | A kind of binding encryption method of digital signal panel card and its debugging system | |
| DONG et al. | Sesoa: Security enhancement system with online authentication for android apk | |
| CN107743306B (en) | Intelligent POS machine WIFI setting method based on multi-password control and intelligent POS machine | |
| CN112668025A (en) | Vulnerability mining management method, system, equipment and readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 100192 Beijing city Haidian District Qinghe small Camp Road No. 15 Applicant after: CHINA ELECTRIC POWER RESEARCH INSTITUTE Co.,Ltd. Applicant after: STATE GRID CORPORATION OF CHINA Address before: 100192 Beijing city Haidian District Qinghe small Camp Road No. 15 Applicant before: China Electric Power Research Institute Applicant before: State Grid Corporation of China |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20230627 Address after: 100192 Beijing city Haidian District Qinghe small Camp Road No. 15 Patentee after: CHINA ELECTRIC POWER RESEARCH INSTITUTE Co.,Ltd. Address before: 100192 Beijing city Haidian District Qinghe small Camp Road No. 15 Patentee before: CHINA ELECTRIC POWER RESEARCH INSTITUTE Co.,Ltd. Patentee before: STATE GRID CORPORATION OF CHINA |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20230913 Address after: 200131 Floor 4 and 5, Building 1, No. 251, Libing Road, No. 28, Faraday Road, Pudong New Area Free Trade Pilot Zone, Shanghai Patentee after: China Online Shanghai Energy Internet Research Institute Co.,Ltd. Address before: 100192 Beijing city Haidian District Qinghe small Camp Road No. 15 Patentee before: CHINA ELECTRIC POWER RESEARCH INSTITUTE Co.,Ltd. |
|
| TR01 | Transfer of patent right |