CN109922076A - Safety communicating method and authorization platform in a kind of soft-lock admission process - Google Patents
Safety communicating method and authorization platform in a kind of soft-lock admission process Download PDFInfo
- Publication number
- CN109922076A CN109922076A CN201910237165.3A CN201910237165A CN109922076A CN 109922076 A CN109922076 A CN 109922076A CN 201910237165 A CN201910237165 A CN 201910237165A CN 109922076 A CN109922076 A CN 109922076A
- Authority
- CN
- China
- Prior art keywords
- key
- code key
- soft
- lock
- root
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Abstract
The present invention proposes a kind of safety communicating method based on soft-lock license, it include: S1, soft-lock permission platform is that software development main body distributes root public key and root private key, root private key are stored on the encryption equipment being connected with the soft-lock permission platform, and root public key is distributed to software and uses end;S2, soft-lock permission platform sign and issue the interim code key for coded communication using the root private key by encryption equipment, and issue the permissions upgrade packet of the software to soft-lock, wherein the permissions upgrade packet includes the interim code key;S3 when the software accesses the soft-lock using end, verifies whether the interim code key is signed and issued by the root private key based on the root public key.The present invention also correspondence proposes a kind of authorization platform in soft-lock admission process.The present invention can be above multiple ranks code key verification process, it can be ensured that in the case that root private key is not leaked, private key is used to generate communication code key.
Description
Technical field
The present invention relates to software copyright protection fields, more particularly, to the secure communication in a kind of soft-lock admission process
Method and authorization platform.
Background technique
Permit the safety in communication process to solve soft-lock, usual communication process is encrypted, soft-lock license
The market share occupied at present be far longer than hardware lock license, but protection have by force have it is weak.Traditional soft-lock is due to encryption
Intensity is weak, and encryption method is single, it is easy to and it is cracked, and is once cracked, substantially catastrophic piracy.Therefore reinforce
Communications security very it is necessary to.
Summary of the invention
In the prior art, private key file is not used using the certification at end to software.In method of the invention, software makes
It needs to be mutually authenticated using a private key file with soft-lock with end.But private key file is stored in because of its importance
There is very big security risk using end in software, therefore the present invention is flat using private key file is stored in believable license
Platform, software use end still storage of public keys.The method that software uses three-level code key using the certification between end and soft-lock, code key
Relationship is signed layer by layer, is encrypted layer by layer.
For the problems in background technique, the present invention provides a kind of safety communicating methods based on soft-lock license, comprising:
S1, soft-lock permission platform are that software development main body distributes root public key and root private key, and root private key is stored in and institute
It states on the connected encryption equipment of soft-lock permission platform, root public key is distributed to software and uses end;
S2, soft-lock permission platform are signed and issued using the root private key for the interim secret of coded communication by encryption equipment
Key, and the permissions upgrade packet of the software is issued to soft-lock, wherein the permissions upgrade packet includes the interim code key;
S3, when the software accesses the soft-lock using end, based on the root public key verify the interim code key whether by
The root private key is signed and issued.
Further, in step s 2, the interim code key includes multistage public and private secret key pair, and next stage secret key pair is by upper level
The private key of secret key pair signs and issues generation.
Further, in step s 2, the interim code key includes multistage secret key pair, is generated by such as under type: S21, soft-lock
Permission platform obtains the second level code key that encryption equipment is signed and issued using the root private key, which includes public key and private
Key;S22, soft-lock permission platform sign and issue third level code key with the second level code key, which includes public key and private
Key.
Further, in S3, when software is using end access soft-lock, it is secret that the second level is successively verified by the root public key
Whether key, the third level code key are to be signed and issued by the root private key.
Further, the safety communicating method further include: S4, if be proved to be successful, the software uses end and described
Soft-lock is based on the interim code key and carries out subsequent communications.
Further, the safety communicating method further include: S4, if the signature verification in S3 is correct, the software makes
The Random Communication code key generated with end group in the third level code key carries out coded communication with the soft-lock.
Further, after the second level code key and the third level code key are expired, the soft-lock permission platform is again
Generate new second level code key and third level code key.
According to another aspect of the invention, it is proposed that the authorization platform in a kind of soft-lock admission process, comprising:
Code key generation module, the code key generation module are that software development main body distributes root public key and root private key, root private key
It is stored on the encryption equipment being connected with the authoring system;
The root public key is distributed to software and uses end by code key distribution module, the code key distribution module;
Interim code key generation module, the interim code key generation module generate an interim code key with the root private key;
Permissions upgrade packet distribution module, the permissions upgrade packet distribution module are permitted the interim code key and the software
Scalable packet is sent to the soft-lock.
Further, the interim code key generation module is configured as: it is signed and issued with the root private key and generates second level code key, it should
Second level code key includes public key and private key, signs and issues third level code key with the second level code key, which includes public key
And private key.
Further, the interim code key generation module is configured as: when the second level code key and the third level code key
After expired, new second level code key and third level code key are regenerated.
The invention has the benefit that software only stores public key using end, software is used between end and soft-lock by logical
Letter code key is cryptographically communicated, and ensure that software uses the safety at end and the communication process of soft-lock.And communicate the life of code key
At be software using between end and soft-lock permission platform triple code keys encryption by way of verified.By this hair
Bright method ensure that each software uses the independence of end code key, cannot form general solution, also ensure every time communication code key
Randomness increases the difficulty cracked.
Detailed description of the invention
In order to be easier to understand the present invention, will by referring to accompanying drawing shown in specific embodiment be more fully described this
Invention.These attached drawings depict only exemplary embodiment of the invention, it is not considered that limiting the scope of the invention.
Fig. 1 is the flow chart of one embodiment of method of the invention.
Fig. 2 is the architecture diagram of authorization platform of the invention.
Specific embodiment
Embodiments of the present invention are described with reference to the accompanying drawings, wherein identical component is presented with like reference characters.
In the absence of conflict, the technical characteristic in following embodiment and embodiment can be combined with each other.
It as figure 1 shows the flow chart of an embodiment of method of the invention.Method of the invention be directed to
Approval software uses the certification between end (being mounted with software) and soft-lock encrypted container, wherein soft-lock is to be located at certain in local area network
Encryption equipment on platform computer, such as encryption lock, other computers in local area network can be under the premise of permitting with soft-lock
It accesses to soft-lock.The method of the present invention includes step S1-S3, as detailed below.
S1, soft-lock permission platform are that software development main body (software development people) distributes root public key and root private key, and root is private
Key is stored on the encryption equipment being connected with the authorization platform, and root public key is distributed to software and uses end.Root private key be stored in it is soft
In the encryption equipment for locking permission system connection, root private key is without departing from hardware, it is ensured that the safety of root private key.Described public affairs
Key and root private key can be the public key and private key of ecc algorithm generation.
S2, the authorization platform sign and issue the interim code key for coded communication using the root private key by encryption equipment, and
And the permissions upgrade packet of the publication software is to soft-lock, wherein the permissions upgrade packet includes the interim code key.
S3, when the software accesses the soft-lock using end, based on the root public key verify the interim code key whether by
The root private key is signed and issued.
In one embodiment, the interim code key in step S2 is a pair of public and private code key.In another embodiment,
Interim code key in step S2 includes multistage code key, that is, interim code key includes multistage public and private secret key pair, next stage secret key pair
Generation is signed and issued by the private key of upper level secret key pair.It is currently preferred to use two-stage code key, it generates in the following way:
S21, the authorization platform sign and issue second level code key with the root private key, which includes public key and private
Key.Preferably, second level code key is the code key temporarily used, has validity period, is buffered in the authorization platform.
S22, the authorization platform sign and issue third level code key with the second level code key, the third level code key include public key and
Private key.Preferably, third level code key is the code key temporarily used, has validity period, can be buffered in software and use on end, when secret
When time in key is expired, authorization platform generates three-level code key.
After generating second level code key and third level code key, the authorization platform is by the second level code key and the third level
Code key is bundled in the permissions upgrade packet of software, and permissions upgrade packet is issued soft-lock.
In this way, in S3, when software is using end access soft-lock, described in software is successively verified using end by the root public key
Second level code key and the three-level code key verify whether the permissions upgrade packet is to be signed and issued by the root private key.Pass through above three
The code key verification process of a rank, it is ensured that software uses the certification between end and soft-lock.
Further, second level code key or third level code key have validity period, and when they are expired, the authorization platform weighs again
Newly-generated second level code key or third level code key issue the permissions upgrade packet of software to soft-lock, the permissions upgrade packet again
The second level code key or third level code key regenerated is included, then software needs again to authenticate soft-lock using end, still
Software carries out verifying to be still being verified using root public key using end, without re-replacing root public key, and simultaneously, root private key
It is stored in safe encryption equipment.In this manner, ensure verification process safety and subsequent software using end and soft-lock it
Between the safety that communicates.
Preferably, method of the invention further include: S4, if the signature verification in S3 is correct, software uses end and soft
The Random Communication code key that lock base is generated in the three-level code key carries out subsequent communications.
According to another aspect of the present invention, as shown in Fig. 2, proposing the authorization platform in a kind of soft-lock admission process.It is described
Authorizing platform includes: code key generation module, code key distribution module, interim code key generation module and permissions upgrade packet distribution module.
Code key generation module is that software development main body distributes root public key and root private key, and root private key is stored in flat with the authorization
On the connected encryption equipment of platform.Code key generation module can use ecc algorithm and generate root public key and root private key.
The root public key is distributed to software and uses end by code key distribution module.
Interim code key generation module generates an interim code key with the root private key.In one embodiment,
The permissions upgrade packet of the interim code key and the software is sent to the soft-lock by permissions upgrade packet distribution module.
In one embodiment, the interim code key generation module is configured as: signing and issuing generation with the root private key
Second level code key, the second level code key include public key and private key, sign and issue third level code key with the second level code key, the third level is secret
Key includes public key and private key.The interim code key generation module is configured as: when the second level code key and the third level are secret
After key is expired, new second level code key and third level code key are regenerated.It is described after generating second level code key and third level code key
The second level code key and the third level code key are bundled in the permissions upgrade packet of software by authorization platform, by permissions upgrade packet
Issue soft-lock.
In this way, it is secret that software using end successively verifies the second level by the root public key when software is using end access soft-lock
Key and the three-level code key verify whether the permissions upgrade packet is to be signed and issued by the root private key.Pass through the three above ranks
Code key verification process, it is ensured that software uses certification between end and soft-lock.
Further, second level code key or third level code key have validity period, and when they are expired, the authorization platform weighs again
Newly-generated second level code key or third level code key issue the permissions upgrade packet of software to soft-lock, the permissions upgrade packet again
The second level code key or third level code key regenerated is included, then software needs again to authenticate soft-lock using end, still
Software carries out verifying to be still being verified using root public key using end, without re-replacing root public key, and simultaneously, root private key
It is stored in safe encryption equipment.In this manner, ensure verification process safety and subsequent software using end and soft-lock it
Between the safety that communicates.
If software is correct using the signature of end verifying permissions upgrade packet, software is based on the three-level using end and soft-lock
Code key generates a Random Communication code key, is used to both sides and carries out subsequent encrypted communications use.
Pass through the code key verification process of the three above ranks, it can be ensured that in the case that root private key is not leaked, so that
Software is authenticated using between end and soft-lock, and authenticates the communication that safety is successfully carried out using communication code key.And because
A root public key and root private key are generated using end for each software, ensure that each software uses the independence of end code key, no
General solution can be formed, the randomness of communication code key every time is also ensured, increases the difficulty cracked.
Embodiment described above, the only present invention more preferably specific embodiment, those skilled in the art is at this
The usual variations and alternatives carried out within the scope of inventive technique scheme should be all included within the scope of the present invention.
Claims (10)
1. a kind of safety communicating method based on soft-lock license characterized by comprising
S1, soft-lock permission platform are that software development main body distributes root public key and root private key, root private key be stored in it is described soft
It locks on the connected encryption equipment of permission platform, root public key is distributed to software and uses end;
S2, soft-lock permission platform sign and issue the interim code key for coded communication using the root private key by encryption equipment, and
And the permissions upgrade packet of the publication software is to soft-lock, wherein the permissions upgrade packet includes the interim code key;
Whether S3 when the software accesses the soft-lock using end, verifies the interim code key by described based on the root public key
Root private key is signed and issued.
2. safety communicating method according to claim 1, which is characterized in that in step s 2,
The interim code key includes multistage public and private secret key pair, and next stage secret key pair signs and issues generation by the private key of upper level secret key pair.
3. safety communicating method according to claim 2, which is characterized in that in step s 2, the interim code key includes
Multistage secret key pair is generated by such as under type:
S21, soft-lock permission platform obtain the second level code key that encryption equipment is signed and issued using the root private key, the second level code key
Including public key and private key;
S22, soft-lock permission platform sign and issue third level code key with the second level code key, which includes public key and private
Key.
4. safety communicating method according to claim 3, which is characterized in that
In S3, when software is using end access soft-lock, the second level code key, the third are successively verified by the root public key
Whether grade code key is to be signed and issued by the root private key.
5. safety communicating method according to claim 1, which is characterized in that further include:
S4, if be proved to be successful, the software is based on the interim code key using end and the soft-lock and carries out subsequent communications.
6. safety communicating method according to claim 4, which is characterized in that further include:
S4, if the signature verification in S3 is correct, the software is generated using end group in the third level code key random logical
Believe code key, carries out coded communication with the soft-lock.
7. safety communicating method according to claim 3, which is characterized in that
After the second level code key and the third level code key are expired, the soft-lock permission platform regenerates new second
Grade code key and third level code key.
8. the authorization platform in a kind of soft-lock admission process characterized by comprising
Code key generation module, the code key generation module are that software development main body distributes root public key and root private key, and root private key saves
On the encryption equipment being connected with the authorization platform;
The root public key is distributed to software and uses end by code key distribution module, the code key distribution module;
Interim code key generation module, the interim code key generation module generate an interim code key with the root private key;
Permissions upgrade packet distribution module, the permissions upgrade packet distribution module is by the license liter of the interim code key and the software
Grade packet is sent to the soft-lock.
9. according to right want 8 described in authorization platform, which is characterized in that the interim code key generation module is configured as:
It is signed and issued with the root private key and generates second level code key, which includes public key and private key,
Third level code key is signed and issued with the second level code key, which includes public key and private key.
10. according to right want 8 described in authorization platform, which is characterized in that the interim code key generation module is configured as:
After the second level code key and the expired third level code key, it is secret to regenerate new second level code key and the third level
Key.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910237165.3A CN109922076B (en) | 2019-03-27 | 2019-03-27 | Secure communication method and authorization platform in soft lock permission process |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910237165.3A CN109922076B (en) | 2019-03-27 | 2019-03-27 | Secure communication method and authorization platform in soft lock permission process |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109922076A true CN109922076A (en) | 2019-06-21 |
| CN109922076B CN109922076B (en) | 2020-12-18 |
Family
ID=66967011
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910237165.3A Active CN109922076B (en) | 2019-03-27 | 2019-03-27 | Secure communication method and authorization platform in soft lock permission process |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109922076B (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111641507A (en) * | 2020-05-18 | 2020-09-08 | 湖南智领通信科技有限公司 | Software communication system structure component registration management method and device |
| CN112286553A (en) * | 2020-10-27 | 2021-01-29 | 北京深思数盾科技股份有限公司 | User lock upgrading method, device, system, electronic equipment and storage medium |
| CN114189326A (en) * | 2021-12-10 | 2022-03-15 | 中科计算技术西部研究院 | Multiple encryption system and decryption method of plug-in type encryption terminal |
| CN114266017A (en) * | 2021-12-30 | 2022-04-01 | 北京深思数盾科技股份有限公司 | Software licensing method and electronic equipment |
| CN115242634A (en) * | 2022-07-05 | 2022-10-25 | 蔚来汽车科技(安徽)有限公司 | Software upgrading method, device and storage medium |
| CN116055038A (en) * | 2022-12-22 | 2023-05-02 | 北京深盾科技股份有限公司 | Device authorization method, system and storage medium |
| CN114189326B (en) * | 2021-12-10 | 2024-04-26 | 中科计算技术西部研究院 | Multiple encryption system and decryption method of plug-in type encryption terminal |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1971578A (en) * | 2005-10-31 | 2007-05-30 | 捷讯研究有限公司 | Secure license key method and system |
| CN101729244A (en) * | 2008-10-24 | 2010-06-09 | 中兴通讯股份有限公司 | Method and system for distributing key |
| CN103618729A (en) * | 2013-09-03 | 2014-03-05 | 南京邮电大学 | Multi-mechanism hierarchical attribute-based encryption method applied to cloud storage |
| WO2014192086A1 (en) * | 2013-05-28 | 2014-12-04 | 株式会社日立製作所 | Biometric signature system, signature verification method, registration terminal, signature generation terminal, and signature verification device |
| CN105471918A (en) * | 2016-01-13 | 2016-04-06 | 中山大学 | Agent re-assignment verifier signature method |
| CN109309645A (en) * | 2017-07-26 | 2019-02-05 | 中国人民解放军装备学院 | A kind of software distribution security guard method |
-
2019
- 2019-03-27 CN CN201910237165.3A patent/CN109922076B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1971578A (en) * | 2005-10-31 | 2007-05-30 | 捷讯研究有限公司 | Secure license key method and system |
| CN101729244A (en) * | 2008-10-24 | 2010-06-09 | 中兴通讯股份有限公司 | Method and system for distributing key |
| WO2014192086A1 (en) * | 2013-05-28 | 2014-12-04 | 株式会社日立製作所 | Biometric signature system, signature verification method, registration terminal, signature generation terminal, and signature verification device |
| CN103618729A (en) * | 2013-09-03 | 2014-03-05 | 南京邮电大学 | Multi-mechanism hierarchical attribute-based encryption method applied to cloud storage |
| CN105471918A (en) * | 2016-01-13 | 2016-04-06 | 中山大学 | Agent re-assignment verifier signature method |
| CN109309645A (en) * | 2017-07-26 | 2019-02-05 | 中国人民解放军装备学院 | A kind of software distribution security guard method |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111641507A (en) * | 2020-05-18 | 2020-09-08 | 湖南智领通信科技有限公司 | Software communication system structure component registration management method and device |
| CN111641507B (en) * | 2020-05-18 | 2023-09-19 | 湖南智领通信科技有限公司 | Software communication architecture component registration management method and device |
| CN112286553A (en) * | 2020-10-27 | 2021-01-29 | 北京深思数盾科技股份有限公司 | User lock upgrading method, device, system, electronic equipment and storage medium |
| CN114189326A (en) * | 2021-12-10 | 2022-03-15 | 中科计算技术西部研究院 | Multiple encryption system and decryption method of plug-in type encryption terminal |
| CN114189326B (en) * | 2021-12-10 | 2024-04-26 | 中科计算技术西部研究院 | Multiple encryption system and decryption method of plug-in type encryption terminal |
| CN114266017A (en) * | 2021-12-30 | 2022-04-01 | 北京深思数盾科技股份有限公司 | Software licensing method and electronic equipment |
| CN114266017B (en) * | 2021-12-30 | 2022-11-01 | 北京深盾科技股份有限公司 | Software licensing method and electronic equipment |
| CN115242634A (en) * | 2022-07-05 | 2022-10-25 | 蔚来汽车科技(安徽)有限公司 | Software upgrading method, device and storage medium |
| CN115242634B (en) * | 2022-07-05 | 2024-03-12 | 蔚来汽车科技(安徽)有限公司 | Software upgrading method, device and storage medium |
| CN116055038A (en) * | 2022-12-22 | 2023-05-02 | 北京深盾科技股份有限公司 | Device authorization method, system and storage medium |
| CN116055038B (en) * | 2022-12-22 | 2023-11-03 | 北京深盾科技股份有限公司 | Device authorization method, system and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109922076B (en) | 2020-12-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109922076A (en) | Safety communicating method and authorization platform in a kind of soft-lock admission process | |
| US6490367B1 (en) | Arrangement and method for a system for administering certificates | |
| CN108599954B (en) | Identity verification method based on distributed account book | |
| US9286481B2 (en) | System and method for secure and distributed physical access control using smart cards | |
| US7934096B2 (en) | Integrity protected smart card transaction | |
| CN101170407B (en) | A method for securely generating secret key pair and transmitting public key or certificate application file | |
| CN103167491B (en) | A kind of mobile terminal uniqueness authentication method based on software digital certificate | |
| US20030217264A1 (en) | System and method for providing a secure environment during the use of electronic documents and data | |
| CN105743638B (en) | Method based on B/S architecture system client authorization certifications | |
| CN106327184A (en) | Intelligent mobile terminal payment system and intelligent mobile terminal payment method based on safe hardware isolation | |
| CN110060403B (en) | One-person multi-ticket electronic voting method and system based on block chain | |
| CN101262342A (en) | Distributed authorization and validation method, device and system | |
| CN109474419A (en) | A kind of living body portrait photo encryption and decryption method and encrypting and deciphering system | |
| CN106713279A (en) | Video terminal identity authentication system | |
| CN111222879A (en) | Certificateless authentication method and certificateless authentication system suitable for alliance chain | |
| CN111444492A (en) | Digital identity verification method based on medical block chain | |
| CN102404112A (en) | Access authentication method for credible terminal | |
| US20030221109A1 (en) | Method of and apparatus for digital signatures | |
| CN110086818B (en) | Cloud file secure storage system and access control method | |
| CN108496194A (en) | A kind of method, server-side and the system of verification terminal legality | |
| US20030037239A1 (en) | Method and apparatus to mutually authentication software modules | |
| CN103391194A (en) | Method and system for unlocking safety equipment of user | |
| CN112968779B (en) | Security authentication and authorization control method, control system and program storage medium | |
| CN106533681A (en) | Attribute attestation method and system supporting partial presentation | |
| CN108133370B (en) | Safe payment method and system based on quantum key distribution network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder |
Address after: Room 510, 5/F, Block C, Internet Innovation Center, Building 5, Yard 10 (East District), Northwest Wangdong Road, Haidian District, Beijing 100193 Patentee after: Beijing Shendun Technology Co.,Ltd. Address before: Room 510, 5/F, Block C, Internet Innovation Center, Building 5, Yard 10 (East District), Northwest Wangdong Road, Haidian District, Beijing 100193 Patentee before: BEIJING SENSESHIELD TECHNOLOGY Co.,Ltd. |
|
| CP01 | Change in the name or title of a patent holder |