CN113254886A - Management method for product ID number and activation code - Google Patents
Management method for product ID number and activation code Download PDFInfo
- Publication number
- CN113254886A CN113254886A CN202110483478.4A CN202110483478A CN113254886A CN 113254886 A CN113254886 A CN 113254886A CN 202110483478 A CN202110483478 A CN 202110483478A CN 113254886 A CN113254886 A CN 113254886A
- Authority
- CN
- China
- Prior art keywords
- activation
- product
- original
- encryption
- data packet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 230000004913 activation Effects 0.000 title claims abstract description 300
- 238000007726 management method Methods 0.000 title claims abstract description 25
- 238000000034 method Methods 0.000 claims abstract description 75
- 230000008569 process Effects 0.000 claims abstract description 28
- 238000011084 recovery Methods 0.000 claims abstract description 27
- 238000004891 communication Methods 0.000 claims abstract description 21
- 238000012795 verification Methods 0.000 claims description 46
- 238000004364 calculation method Methods 0.000 claims description 16
- 238000004806 packaging method and process Methods 0.000 claims description 14
- 238000004422 calculation algorithm Methods 0.000 claims description 12
- 208000033748 Device issues Diseases 0.000 claims description 6
- 238000012546 transfer Methods 0.000 claims description 4
- 230000009466 transformation Effects 0.000 claims description 2
- 230000005540 biological transmission Effects 0.000 abstract description 13
- 238000004519 manufacturing process Methods 0.000 abstract description 8
- 238000005336 cracking Methods 0.000 abstract description 3
- 230000006399 behavior Effects 0.000 abstract description 2
- 238000004064 recycling Methods 0.000 description 5
- 230000000694 effects Effects 0.000 description 4
- 230000003213 activating effect Effects 0.000 description 3
- 238000012423 maintenance Methods 0.000 description 3
- 238000013461 design Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000002427 irreversible effect Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000009795 derivation Methods 0.000 description 1
- 230000001066 destructive effect Effects 0.000 description 1
- 238000011031 large-scale manufacturing process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000011027 product recovery Methods 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 238000009966 trimming Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/123—Restricting unauthorised execution of programs by using dedicated hardware, e.g. dongles, smart cards, cryptographic processors, global positioning systems [GPS] devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02W—CLIMATE CHANGE MITIGATION TECHNOLOGIES RELATED TO WASTEWATER TREATMENT OR WASTE MANAGEMENT
- Y02W90/00—Enabling technologies or technologies with a potential or indirect contribution to greenhouse gas [GHG] emissions mitigation
Abstract
The invention discloses a management method of a product ID number and an activation code, which relates to the field of intelligent production, and the programming method comprises the following steps: acquiring an original ID number and an original activation code; the management software performs handshake communication with the writer, encrypts the original ID number and the original activation code once to form an activation data packet and distributes the activation data packet to the writer; the writer verifies the activation data packet encrypted once; the programming device performs handshake communication with the product and issues an activation instruction, and the programming device performs secondary encryption on the activation data packet which is verified to be safe and distributes the activation data packet to embedded boot software of the product; the embedded boot software verifies the secondarily encrypted activation data packet and encrypts the secondarily verified activation data packet for three times to obtain an original activation code; the recovery method is the reverse process of the programming method, and adopts multi-section key group encryption, thereby ensuring the safety and tamper resistance of data in the transmission process and preventing malicious cracking behaviors.
Description
Technical Field
The invention relates to the field of intelligent production, in particular to a management method of a product ID number and an activation code.
Background
In the life cycle of the electronic product, the ID number and the activation code are effective proofs of the identity of the electronic product; in the process of maintenance, maintenance and debugging, effective information is accurately acquired from the code of the ID number or corresponding data, and the activation code is a password authorized by equipment, is used for protecting manufacturer software and design company production data, and both the activation code and the activation code need to have uniqueness and non-replicability.
However, for some industrial products and engineering customized products, due to the fact that the overall consumption of the products is small, the production time span is large, and single batch is small, large-scale production cannot be formed, and related production specifications cannot be effectively implemented. In addition, for customized products, rework caused by demand change and quality problems, cross test and debugging of main components of the equipment, and if the ID numbers and the activation codes are not issued and recovered in time, ID number management is disordered and cannot be effectively carried out. Moreover, if the operation is completely recorded by manpower, the operation is easy to cause confusion; in addition, if the anti-cracking capability of the product ID and the activation data is insufficient in the transmission process, the subsequent management of the product can be disordered by a design company once the product ID and the activation data are cracked, so that the ID number and the activation code can not really realize one machine and one code, and the actual function of the product can not be played.
Disclosure of Invention
The invention provides a management method of a product ID number and an activation code aiming at the problems and technical requirements.
The technical scheme of the invention is as follows:
a management method of a product ID number and an activation code comprises the following steps:
the management system comprises management software installed in a PC (personal computer), a programming device and embedded boot software installed in a product, wherein the management software is used for generating or inputting an original ID (identity) number and a corresponding original activation code of the product, the product comprises a product to be activated and an activated product, and the management method comprises a programming method and a recovery method;
the programming method comprises the following steps:
acquiring an original ID number and a corresponding original activation code;
the management software performs handshake communication with the writer, encrypts the original ID number and the corresponding original activation code once to form an activation data packet and distributes the activation data packet to the writer, and the ID number and the corresponding activation code of the same product are only allowed to be written into one writer;
the writer carries out primary verification on the activation data packet after primary encryption;
the programming device performs handshake communication with the product and issues an activation instruction, and the programming device performs secondary encryption on the activation data packet which is verified safely for the first time and distributes the activation data packet to embedded boot software of the product;
the embedded boot software carries out secondary verification on the activated data packet after secondary encryption;
the embedded boot software encrypts the secondary verification safe activation data packet for three times to obtain an original activation code;
the embedded boot software activates the product to be activated through the original ID number and the corresponding original activation code;
the recovery method comprises the following steps:
the method comprises the following steps that a writer and a product carry out handshake communication, a recovery instruction is issued, embedded boot software of the product carries out primary encryption on an original ID number and a corresponding original activation code to form an activation data packet, the activation data packet is distributed to the writer, and meanwhile, the original ID number and the corresponding original activation code stored in the embedded boot software are destroyed;
the writer carries out primary verification on the activation data packet after primary encryption;
the management software and the writer perform handshake communication, the writer performs secondary encryption on the activated data packet which is verified to be safe once, the activated data packet is distributed to the management software, and the activated data packet is erased;
the management software carries out secondary verification on the activated data packet after secondary encryption;
and the management software encrypts the secondary verification safe activation data packet for three times, restores the activation code encrypted for three times into the original activation code and finishes the recovery operation of the activated product.
The further technical scheme is that a core encryption algorithm is arranged in the management software, the programmer and the embedded boot software, and the core encryption algorithm comprises the following steps:
randomly selecting five prime numbers which are not more than a preset value and are respectively marked as a1, a2, k, h1 and h2, wherein h1 is more than a1, and h2 is more than a 2;
let a-a 1-a 2, h-h 1-h 2, and h and
relatively prime, then there must be an integer h3, such that
As can be seen from the euler formula, any m satisfies the formula:
substituting the formula (1) into the formula (2), and obtaining a formula used in the security encryption process through transformation:
mh1*h2*h3(mod(a))=m (3)
distributing a key group (a, h1, k) to management software, distributing the key group (a, h2, k) to a writer, and distributing the key group (a, h3, k) to embedded boot software, wherein a is a secure encryption public key, h1, h2, h3 are respectively secure encryption private keys, and k is a tamper-proof encryption public key.
The further technical scheme is that the management software encrypts the original ID number and the corresponding original activation code once to form an activation data packet, and the activation data packet comprises the following steps:
if m1 is less than a, using a security encryption public key and a security encryption private key in a key group (a, h1, k) to perform security encryption on the original activation code according to a formula (4) to obtain a first activation code I;
m1(h1)mod(a)=m2 (4)
wherein m1 is the original activate code, m2 is the remainder obtained by calculation and is used as the first activate code I;
if m1 is larger than or equal to a, m1 is divided, each divided data is smaller than a, and then calculation is carried out by sequentially substituting the formula (4);
secondly, performing primary tamper-proof encryption on the original ID number and the first activation code I by using a tamper-proof encryption public key to obtain a first ID number and a first activation code II;
and packaging the original ID number, the first activation code I, the first ID number and the first activation code II to form a first activation data packet.
The further technical scheme is that the safe activation data packet which is checked once comprises an original ID number and a first safely encrypted activation code I;
in the programming method, a programmer carries out secondary encryption on an activation data packet which is once verified to be safe, and the method comprises the following steps:
after receiving the activation instruction, the product replies product state data to the writer, wherein the product state data comprises the ID number of the product, and the ID number of the product to be activated is zero;
the writer-writer judges the activation state of the product according to the returned ID number;
if the ID number is zero, performing secondary security encryption on the first activation code I according to a formula (5) by using a security encryption public key and a security encryption private key in a key group (a, h2, k) to obtain a second activation code I;
m2(h2)mod(a)=m3 (5)
wherein m2 is the first activate code I, m3 is the remainder obtained by calculation and is used as the second activate code I;
secondly, performing secondary tamper-proof encryption on the original ID number and the second activation code I by using the tamper-proof encryption public key to obtain a second ID number and a second activation code II;
and packaging the original ID number, the second activation code I, the second ID number and the second activation code II to form a third activation data packet.
The further technical scheme is that the secondary verification safe activation data packet comprises an original ID number and a safe encrypted second activation code I;
the embedded boot software encrypts the activation data packet for the security verification for three times, and comprises the following steps:
carrying out three times of secure encryption on the second activation code I according to a formula (6) by using a secure encryption public key and a secure encryption private key in a key group (a, h3, k), and restoring the activation code subjected to three times of secure encryption into an original activation code;
m3(h3)mod(a)=m1 (6)
where m3 is the second activate code I and m1 is the remainder of the calculation and is used as the original activate code.
The further technical scheme is that the activation data packet after one-time encryption comprises an original ID number, a first activation code I of safe encryption, a first ID number of tamper-resistant encryption and a first activation code II of double encryption;
the writer carries out one-time verification on the activation data packet after one-time encryption, and the method comprises the following steps:
carrying out tamper-proof encryption on the received original ID number and the first activation code I by using a tamper-proof encryption public key in a key group (a, h2, k) respectively to obtain a first verification ID number and a first verification activation code;
then comparing the first ID number with the first activation code II, and if the comparison result is consistent, indicating that the transmitted activation data packet after primary encryption is not tampered;
and packaging the primary ID number with the first activation code I to form a second activation data packet and storing the second activation data packet in the writer.
The further technical scheme is that the activation data packet after secondary encryption comprises an original ID number, a second activation code I encrypted safely, a second ID number encrypted in a tamper-proof way and a second activation code II encrypted doubly;
the embedded boot software carries out secondary verification on the activated data packet after secondary encryption, and the secondary verification comprises the following steps:
tamper-proof encryption is respectively carried out on the received original ID number and the second activation code I by using a tamper-proof encryption public key in the key group (a, h3, k), so that a second verification ID number and a second verification activation code are obtained;
then, comparing the second ID number with the received second activation code II respectively, and if the comparison result is consistent, indicating that the transmitted activation data packet after secondary encryption is not tampered;
and packaging the original ID number which is verified to be safe for the second time and the second activation code I to form a fourth activation data packet.
The further technical scheme is that the writer comprises a USB port, a DB9 serial port, a recovery button and a display screen, wherein the USB port is used for downloading and returning an activation data packet from management software and is also used for transmitting logs; the DB9 serial port is used for connecting products and activating data packet transfer, and when the programming device is connected with the products or management software, the power supply of the programming device is provided by a connecting party; the display screen is used for displaying the current programming state, the original ID number stored in the programming device, the residual quantity and the total quantity;
the programmer carries out handshake communication with the product and issues a recycling instruction, and the method comprises the following steps:
the programming device is connected with the product through a DB9 serial port, a recovery button on the programming device is pressed and kept, and the programming device issues a recovery instruction after the product is electrified;
the method comprises the following steps that the writer carries out handshake communication with a product and issues an activation instruction, and comprises the following steps:
the programming device is connected with the product through a DB9 serial port, and the programming device issues an activation instruction after the product is powered on.
The further technical scheme is that the method for carrying out tamper-proof encryption on the original ID number and the safely encrypted activation code by using a tamper-proof encryption public key is the same, and comprises the following steps:
and performing exclusive-or operation on the safely encrypted activation code and the tamper-resistant encrypted public key to obtain first data, wherein the first data is recorded as mka, the first data is substituted into the following relational expression for calculation, and a value corresponding to the relational expression is used as tamper-resistant encrypted data and recorded as mk1, and the relational expression is as follows:
wherein, mkb and mkc are prime numbers nearest to mka, and mkb < mka, mkc > mka.
The further technical scheme is that the management software generates an original ID number of a product and a corresponding activation code and also generates a log corresponding to the original ID number; in the programming method, when the management software, the programmer and the product carry out handshake communication in sequence, logs are distributed to the programmer and the embedded boot software in sequence in plain text; in the recovery method, when the product, the writer and the management software carry out handshake communication in sequence, the log is sequentially transmitted back to the writer and the management software in a plain text manner, and after the writer judges the activation state of the product, the log is updated, the updated content comprises the use condition of an activation data packet, and the log record closed-loop management is realized.
The beneficial technical effects of the invention are as follows:
based on a core encryption algorithm, setting respective key groups in management software, a writer and embedded boot software respectively, activating data packets to be transmitted among the management software, the writer and the embedded boot software, carrying out encryption processing and then transmission before each transmission, and carrying out verification and reuse after receiving data; the product programming process is to activate the transmission of a data packet from the management software to a product to be activated, to realize the writing and activation of an original ID number and a corresponding activation code of the product, the product recovery process is to activate the transmission of the data packet from the activated product to the management software, to realize the return of the product to an inactivated state, each encryption link in the two processes is irreversible, the flow sequence of data in each link does not influence the final decryption method, the third safe encryption is decryption, and malicious cracking and destructive behaviors are avoided; and in the two processes, the log flowing into the writer can update the service condition of the corresponding activation packet in time, when the writer is connected with the management software, the log is finally transmitted back to the management software, closed-loop management is realized, the writing and recovery of the ID number of each product and the activation code are ensured to be traceable, and the accuracy, the uniqueness and the safety of the activation code are ensured.
Drawings
Fig. 1 is a block diagram of a management system provided in the present application.
FIG. 2 is a schematic structural diagram of a writer provided in the present application.
FIG. 3 is a flow chart of a programming method provided by the present application.
Fig. 4 is a flow chart of a recycling method provided herein.
Detailed Description
The following further describes the embodiments of the present invention with reference to the drawings.
As shown in FIG. 1, a management system for a product ID number and an activation code includes management software installed in a PC, a writer, embedded boot software installed in a product processor (MCU), and a main program.
The management software is used for managing and distributing the product ID number and the activation code by an administrator, can set the generation rule of the original product ID number, and generates the activation code matched with the original ID number through a preset rule; when the management software is connected with the writer, if log data exists in the writer, the management software reads and stores the log data into an auxiliary record corresponding to the ID number. If the original ID number and the activation code which are recycled or not used are arranged in the writer, the management software can carry out recycling operation. It should be noted that the ID number and the corresponding activate code of the same product are only allowed to be written into one writer, and a plurality of ID numbers and corresponding activate codes can be stored in one writer.
As shown in FIG. 2, the writer is used for writing original ID and activation code, inquiring original ID, recovering original ID and activation code, and comprises a USB port 1, a DB9 serial port 2, a recovery button 3 and a display screen 4, wherein the USB port 1 is used for downloading and returning activation data packets from management software and is also used for transmitting logs. The DB9 serial port 2 is used for connecting products and performing activation packet transfer, and when the programming device is connected with the products or management software, the power supply of the programming device is provided by a connecting party. The display screen 4 is used for displaying the current programming state, the original ID number stored in the programming device, the residual quantity and the total quantity. In the two processes of programming and recovering, the log flowing into the programmer can timely update the service condition of the corresponding activation packet, when the programmer is connected with the management software, the log is finally transmitted back to the management software, closed-loop management is realized, the programming and recovering of the ID number of each product and the activation code are guaranteed to have traces, the accuracy, the uniqueness and the safety of the activation code are guaranteed, and the management quality and the management efficiency are improved.
The product comprises a product to be activated and an activated product, the ID number of the product to be activated is zero, and the ID number of the activated product is not zero. The embedded boot software is started before the main program of the product and is used for receiving, verifying, decrypting, using and recycling the original ID number and the activation code, and the program after the product is activated is switched and jumped to realize the starting of the main program.
The management software, the writer and the embedded boot software are respectively provided with a core encryption algorithm which comprises a safe encryption algorithm and a tamper-proof encryption algorithm, wherein the tamper-proof encryption algorithm is only carried out before the original ID number is transmitted each time, the activation code is firstly carried out the safe encryption algorithm and then the tamper-proof encryption algorithm to finally form an activation data packet, the activation data packet is transmitted among the management software, the writer and the embedded boot software, the encryption processing and the transmission are carried out before each transmission, the verification and the reuse are carried out after the data is received, and the log is not encrypted and is packaged and transmitted independently.
Specifically, the derivation process of the core encryption algorithm includes:
1) and randomly selecting five prime numbers which are not more than a preset value and are respectively marked as a1, a2, k, h1 and h2, wherein h1 is more than a1, and h2 is more than a 2.
Optionally, the preset value is 1024 bits, and data related to the application, such as each key, ID number, activation code, and the like, are binary data.
2) Let a-a 1-a 2, h-h 1-h 2, and h and
relatively prime, by definition of the modulo element, when two numbers are relatively prime, there must be an integer h3, so that h x h3-1 can be substituted
Trimming, namely:
3) as can be seen from the euler formula, any m satisfies the formula:
formula (2) is equivalent to:
substituting formula (1) for the equivalent of formula (2) to obtain
Is transformed to obtain mh1*h2*h3-1(mod (a) ═ 1, this formula is equivalent to: m ish1*h2*h3(mod(a))=m (3);
Distributing a key group (a, h1, k) to management software, distributing the key group (a, h2, k) to a writer, and distributing the key group (a, h3, k) to embedded boot software, wherein a is a secure encryption public key, h1, h2, h3 are respectively secure encryption private keys, and k is a tamper-proof encryption public key.
Optionally, a1 and a2 are process data, and are not stored in any program or device, and the process data are destroyed after calculation, and only h1, h2, h3, a and k are recorded; these data serve as keys for subsequent cryptographic computation services.
Because the management software only has the safe encryption private key h1, the writer only has the safe encryption private key h2, and the embedded boot software only has the safe encryption private key h3, the complete process of data safe encryption cannot be realized, and the data safety is ensured. Meanwhile, the data is encrypted in a tamper-proof way through the tamper-proof encryption public key, so that the data cannot be tampered in the transmission process.
Based on the management system, the application provides a management method of the product ID number and the activation code, the management method comprises a programming method and a recovery method, and detailed descriptions are respectively provided below.
As shown in fig. 3, a method for programming a product ID number and an activation code specifically includes the following steps:
step A1: and acquiring an original ID number of the product and a corresponding original activation code.
And installing management software on a PC (personal computer) of a manager, and generating or recording the original ID number and the corresponding activation code through the management software.
Optionally, the management software also generates a log corresponding to the original ID number.
Step B1: the management software is connected with the USB port 1 of the writer for handshake communication.
Step C1: the management software encrypts the original ID number and the corresponding original activation code once to form an activation data packet and distributes the activation data packet to the writer.
Step C11: and (4) carrying out one-time security encryption on the original activation code according to the formula (4) by using the security encryption public key and the security encryption private key in the key group (a, h1, k) to obtain a first activation code I.
Specifically, an original ID number is d, an original activate code is m1, when the original activate code is subjected to first security encryption before transmission, if m1 is greater than a, the original activate code is subjected to h1 power calculation, the obtained value is a remainder, and a remainder m2 is obtained and is used as a first activate code i, wherein the expression is as follows:
m1(h1)mod(a)=m2 (4)
and if m1 is larger than or equal to a, dividing m1, and sequentially substituting the data into the formula (4) for calculation to sequentially complete three times of security encryption, wherein each divided data is smaller than a.
Step C12: and performing once tamper-resistant encryption on the original ID number and the first activation code I by using the tamper-resistant encryption public key to obtain a first ID number and a first activation code II.
Specifically, the first activation code i and the tamper-resistant encryption public key are subjected to exclusive or operation to obtain first data, which is recorded as mka, the first data is substituted into the following relational expression for calculation, and a value corresponding to the relational expression is used as tamper-resistant encrypted data, which is recorded as mk1, and the relational expression is as follows:
wherein, mkb and mkc are prime numbers nearest to mka, and mkb < mka, mkc > mka.
The value of mk1 obtained according to the relation is relatively close to the value of mka, so that a small quality value is avoided from being formed, the encryption effect is not affected, the encryption in the process is irreversible, and the data mk1 after the tamper-resistant encryption of the first activate code I is obtained.
Similarly, data dk1 after tamper-resistant encryption of the original ID number d can be obtained.
Step C13: the original ID number, the first activation code I, the first ID number and the first activation code II are packed to form a first activation packet (d, m2, dk1, mk1) to be allocated to the writer.
Step D1: and the writer carries out one-time verification on the activation data packet after one-time encryption.
And (3) tamper-proof encryption is respectively carried out on the received original ID number d and the first activation code I m2 by using tamper-proof encryption public keys in the key groups (a, h2 and k) to obtain a first verification ID number dk and a first verification activation code mk, wherein the tamper-proof encryption in the process is the same as that in the step C12, and details are not repeated.
And then the first ID number dk1 and the first activation code IImk 1 are respectively compared, and if the comparison result is consistent, the transmitted first activation data packet is not tampered.
A second activation data packet (d, m2) is stored in the writer by packaging the one-time-check-safe original ID number and the first activation code I. Note that the first activate code i stored in the writer here is secure encrypted data, and is not the original activate code, and the restoration of the data cannot be completed without knowing the secure encryption private key h 3.
Optionally, the log corresponding to the original ID number is also allocated to the writer in the clear.
After the data is issued and the log is read, the original ID number and the activation code are distributed, and the writer is distributed to each production group for production maintenance.
Step E1: the programmer and the product carry out handshake communication and issue an activation instruction.
The programming device is connected with the product through the DB9 serial port 2, and the programming device issues an activation instruction after the product is powered on.
Step F1: and the writer performs secondary encryption on the activation data packet (namely, a second activation data packet) which is verified to be safe once, and distributes the activation data packet to embedded boot software of the product.
Step F11: and after receiving the activation instruction, the product replies product state data to the writer, wherein the product state data comprises the ID number of the product.
Step F12: and the writer burner judges the activation state of the product according to the returned ID number. If the ID number is zero, the product is a product to be activated, and the step E13 is entered, otherwise, the product is an activated product, and the process ends.
Step F13: and carrying out secondary security encryption on the first activation code I according to the formula (5) by using a security encryption public key and a security encryption private key in the key group (a, h2, k) to obtain a second activation code I.
Specifically, the writer selects a group of second activation data packets for activating the product to be activated, and updates the corresponding log, wherein the updated content includes the use condition of the second activation data packets.
Before transmission, when the first activate code I is subjected to second-time security encryption, h2 power calculation is carried out on the first activate code I, the obtained value obtains a remainder to obtain a remainder m3 as a second activate code I, and the expression is as follows:
m2(h2)mod(a)=m3 (5)
step F14: and performing secondary tamper-resistant encryption on the original ID number d and the second activation code I m3 by using a tamper-resistant encryption public key to obtain a second ID number dk2 and a second activation code II mk2, wherein the tamper-resistant encryption in the process is the same as that in the step C12, and is not described herein again.
Step F15: and packaging the original ID number, the second activation code I, the second ID number and the second activation code II to form a third activation data packet (d, m3, dk2, mk2) and distributing the third activation data packet to the embedded boot software of the product to be activated.
Step G1: and the embedded boot software carries out secondary verification on the activation data packet (namely, the third activation data packet) after secondary encryption.
And (3) tamper-proof encryption is respectively carried out on the received original ID number d and the second activation code I m3 by using a tamper-proof encryption public key in the key group (a, h3, k), so as to obtain a second verification ID number dk and a second verification activation code mk', and the tamper-proof encryption in the process is the same as that in the step C12, and is not described herein again.
And then comparing the second ID number dk2 with the second activation code IImk 2, and if the comparison result is consistent, indicating that the transmitted third activation data packet is not tampered.
And packaging the secondary verification safety original ID number and the second activation code I into a fourth activation data packet (d, m 3).
Optionally, the log corresponding to the original ID number is also distributed to the embedded boot software in plain text.
Step H1: and the embedded boot software encrypts the secondary verification safe activation data packet (namely, the fourth activation data packet) for three times to obtain an original activation code.
Specifically, before transmission, when the second activate code i is subjected to the third-time secure encryption, the second activate code i is subjected to the calculation of the power h3, the obtained value is a remainder, and a remainder m1 is obtained, where the expression is:
m3(h3)mod(a)=m1 (6)
the data m1 obtained after the secure encryption is consistent with the original activation code m1, so the encryption process can realize the decryption effect. After the three times of safe encryption, the data is restored to the original data, and the data of the next link or the previous link cannot be calculated out when any link is cracked in the encryption process, so that the safety of the transmission of the encrypted data on the transfer carrier is ensured.
Step I1: and the embedded boot software activates the product to be activated through the original ID number and the corresponding original activation code, and updates and stores the use state of the corresponding log.
The encryption algorithm in the recovery method of the product ID number and the activation code is the same as that of the programming method, and the method specifically comprises the following steps:
step A2: the programmer and the product perform handshake communication and issue a recycling instruction.
The programming device is connected with the product through a DB9 serial port 2, a recovery button 3 on the programming device is pressed and kept, and the programming device issues a recovery instruction after the product is electrified.
Step B2: and the embedded boot software of the product encrypts the original ID number and the corresponding original activation code once to form an activation data packet, distributes the activation data packet to the writer and destroys the original ID number and the corresponding original activation code stored in the embedded boot software.
Step B21: and after receiving the recovery instruction, the product replies product state data to the writer, wherein the product state data comprises the ID number of the product.
Step B22: and the writer burner judges the activation state of the product according to the returned ID number. If the ID number is not zero, the product is an activated product, and the process proceeds to step B23, otherwise, the product is an inactivated product, and the process ends.
Step B23: and updating a corresponding log of the recovered activation data packet by the writer, wherein the updated content comprises the use condition of the activation data packet. And (3) carrying out one-time security encryption on the original activation code according to the formula (7) by using the security encryption public key and the security encryption private key in the key group (a, h3, k) to obtain a first activation code I.
m1(h3)mod(a)=m2 (7)
This process is the same as the principle of step C11 in the programming method, and is not described in detail.
Step B24: and performing once tamper-resistant encryption on the original ID number and the first activation code I by using the tamper-resistant encryption public key to obtain a first ID number dk1 and a first activation code IImk 1.
Step B25: and packaging the original ID number, the first activation code I, the first ID number and the first activation code II to form a first activation data packet (d, m2, dk1 and mk1) and allocating the first activation data packet to the writer, and destroying the original ID number and the corresponding original activation code stored in the embedded boot software.
Step C2: and the writer carries out one-time verification on the activation data packet after one-time encryption.
The verification method is the same as that in the programming process, and is not described herein again.
A second activation data packet (d, m2) is stored in the writer by packaging the one-time-check-safe original ID number and the first activation code I. Note that the first activate code i stored in the writer here is secure encrypted data, and is not the original activate code, and the restoration of the data cannot be completed without knowing the secure encryption private key h 1.
Optionally, the log corresponding to the original ID number is also allocated to the writer in the clear.
Step D2: the management software communicates with the writer in a handshake.
Step E2: and the writer carries out secondary encryption on the activation data packet which is verified to be safe once, distributes the encryption data packet to the management software, and erases the activation data packet.
Step E21: the writer selects an activation data packet to be recovered, and the first activation code I is subjected to secondary security encryption according to a formula (8) by using a security encryption public key and a security encryption private key in a key group (a, h2, k) to obtain a second activation code I.
m2(h2)mod(a)=m3 (8)
This process is the same as the principle of step E13 in the programming method, and is not described in detail.
Step E22: and performing secondary tamper-resistant encryption on the original ID number d and the second activation code I m3 by using the tamper-resistant encryption public key to obtain a second ID number dk2 and a second activation code II mk 2.
Step E23: the original ID number, the second activation code I, the second ID number and the second activation code II are packaged to form a third activation data packet (d, m3, dk2, mk2) which is distributed to the management software, and the activation data packet is erased.
Step F2: and the management software carries out secondary verification on the activated data packet after secondary encryption.
The verification method is the same as that in the programming process, and is not described herein again.
And packaging the secondary verification safety original ID number and the second activation code I into a fourth activation data packet (d, m 3).
Optionally, the log corresponding to the original ID number is also distributed in plain text to the management software.
Step G2: and the management software encrypts the secondary verification safe activation data packet for three times, restores the activation code encrypted for three times into the original activation code and finishes the recovery operation of the activated product.
And (3) carrying out three times of secure encryption on the second activation code I according to the formula (9) by using the secure encryption public key and the secure encryption private key in the key group (a, h1, k) to obtain the original activation code.
m3(h1)mod(a)=m1 (9)
The data m1 obtained after the secure encryption is consistent with the original activation code m1, so the encryption process can realize the decryption effect. After production is finished, the rest activated data packets and the recovered activated data packets in the writer can be read and recovered by connecting the writer with management software, and are used or destroyed for the next time, and meanwhile, the updated logs in the writing process are synchronized into the management software, so that log record closed-loop management is realized. The information in the writer after recovery is erased, but the management software will save the relevant log into the parameters and log corresponding to the product ID number.
What has been described above is only a preferred embodiment of the present application, and the present invention is not limited to the above embodiment. It is to be understood that other modifications and variations directly derivable or suggested by those skilled in the art without departing from the spirit and concept of the present invention are to be considered as included within the scope of the present invention.
Claims (10)
1. A management method for a product ID number and an activation code is characterized in that a management system comprises management software installed in a PC, a writer and embedded boot software installed in a product, wherein the management software is used for generating or inputting an original ID number of the product and a corresponding original activation code, the product comprises a product to be activated and an activated product, and the management method comprises a writing method and a recovery method;
the programming method comprises the following steps:
acquiring an original ID number and a corresponding original activation code;
the management software and the writer perform handshake communication, the management software encrypts the original ID number and the corresponding original activation code once to form an activation data packet and distributes the activation data packet to the writer, and the ID number and the corresponding activation code of the same product are only allowed to be written into one writer;
the writer carries out primary verification on the activation data packet after primary encryption;
the programming device performs handshake communication with the product and issues an activation instruction, and the programming device performs secondary encryption on an activation data packet which is verified safely for the first time and distributes the activation data packet to embedded boot software of the product;
the embedded boot software carries out secondary verification on the activated data packet after secondary encryption;
the embedded boot software encrypts the activation data packet which is verified to be safe for the second time for three times to obtain the original activation code;
the embedded boot software activates the product to be activated through the original ID number and the corresponding original activation code;
the recovery method comprises the following steps:
the programming device and a product carry out handshake communication and issue a recovery instruction, embedded boot software of the product carries out primary encryption on an original ID number and a corresponding original activation code to form an activation data packet, the activation data packet is distributed to the programming device, and meanwhile, the original ID number and the corresponding original activation code stored in the embedded boot software are destroyed;
the writer carries out primary verification on the activation data packet after primary encryption;
the management software and the writer perform handshake communication, and the writer performs secondary encryption on an activated data packet which is verified to be safe once, distributes the activated data packet to the management software, and erases the activated data packet;
the management software carries out secondary verification on the activated data packet after secondary encryption;
and the management software encrypts the secondary verification safe activation data packet for three times, restores the activation code encrypted for three times into the original activation code and finishes the recovery operation of the activated product.
2. The method for managing the product ID number and the activation code according to claim 1, wherein the management software, the writer and the embedded boot software are provided with a core encryption algorithm, comprising:
randomly selecting five prime numbers which are not more than a preset value and are respectively marked as a1, a2, k, h1 and h2, wherein h1 is more than a1, and h2 is more than a 2;
let a-a 1-a 2, h-h 1-h 2, and h and
relatively prime, then there must be an integer h3, such that
As can be seen from the euler formula, any m satisfies the formula:
substituting the formula (1) into the formula (2), and obtaining a formula used in the security encryption process through transformation:
mh1*h2*h3(mod(a))=m (3)
distributing a key group (a, h1, k) to the management software, distributing the key group (a, h2, k) to the writer, and distributing the key group (a, h3, k) to the embedded boot software, wherein a is a secure encryption public key, h1, h2, h3 are secure encryption private keys respectively, and k is a tamper-proof encryption public key.
3. The method as claimed in claim 2, wherein the step of encrypting the original ID number and the corresponding original activation code by the management software to form an activation data packet comprises:
if m1 is less than a, using a security encryption public key and a security encryption private key in the key group (a, h1, k) to perform security encryption on the original activation code for one time according to formula (4) to obtain a first activation code I;
m1(h1)mod(a)=m2 (4)
wherein m1 is the original release code, m2 is the remainder obtained by calculation and is used as the first release code I;
if m1 is larger than or equal to a, m1 is divided, each divided data is smaller than a, and then calculation is carried out by sequentially substituting the formula (4);
secondly, performing primary tamper-proof encryption on the original ID number and the first activation code I by using the tamper-proof encryption public key to obtain a first ID number and a first activation code II;
and packaging the original ID number, the first activation code I, the first ID number and the first activation code II to form a first activation data packet.
4. The method as claimed in claim 2, wherein the one-time check secure activation data packet includes an original ID number and a secure encrypted first activation code i;
in the programming method, the secondary encryption of the activation data packet which is verified to be safe once by the programmer comprises the following steps:
after receiving the activation instruction, the product replies product state data to the writer, wherein the product state data comprises an ID number of the product, and the ID number of the product to be activated is zero;
the writer judges the activation state of the product according to the returned ID number;
if the ID number is zero, performing secondary security encryption on the first activation code I according to a formula (5) by using a security encryption public key and a security encryption private key in the key group (a, h2, k) to obtain a second activation code I;
m2(h2)mod(a)=m3 (5)
wherein m2 is the first activate code I, m3 is the remainder obtained by calculation and is used as the second activate code I;
secondly, performing secondary tamper-proof encryption on the original ID number and the second activation code I by using the tamper-proof encryption public key to obtain a second ID number and a second activation code II;
and packaging the original ID number, the second activation code I, the second ID number and the second activation code II to form a third activation data packet.
5. The method as claimed in claim 2, wherein the secondary verification secure activation data packet includes an original ID number and a secure encrypted second activation code i;
the embedded boot software encrypts the activation data packet for security verification for three times, and comprises the following steps:
carrying out three times of secure encryption on the second activation code I according to a formula (6) by using a secure encryption public key and a secure encryption private key in the key group (a, h3, k), and restoring the activation code subjected to three times of secure encryption into an original activation code;
m3(h3)mod(a)=m1 (6)
wherein m3 is the second activate code I, and m1 is the remainder of the calculation and is used as the original activate code.
6. The method for managing the product ID number and the activation code according to claim 2, wherein the activation data packet after one encryption comprises an original ID number, a first activation code I of secure encryption, a first ID number of tamper-proof encryption and a first activation code II of double encryption;
the writer carries out one-time verification on the activation data packet after one-time encryption, and the verification comprises the following steps:
carrying out tamper-proof encryption on the received original ID number and the first activation code I by using a tamper-proof encryption public key in the key group (a, h2, k) respectively to obtain a first verification ID number and a first verification activation code;
then comparing the first ID number with the first activation code II, and if the comparison result is consistent, indicating that the transmitted activation data packet after primary encryption is not tampered;
and packaging the primary ID number with the first activation code I to form a second activation data packet and storing the second activation data packet in the writer.
7. The method for managing the product ID number and the activation code according to claim 2, wherein the activation data packet after the secondary encryption comprises an original ID number, a second activation code I encrypted safely, a second ID number encrypted in a tamper-proof way and a second activation code II encrypted doubly;
the embedded boot software carries out secondary verification on the activated data packet after secondary encryption, and the secondary verification comprises the following steps:
tamper-proof encryption is respectively carried out on the received original ID number and the second activation code I by using a tamper-proof encryption public key in the key group (a, h3, k), so that a second verification ID number and a second verification activation code are obtained;
then, comparing the second ID number with the received second activation code II respectively, and if the comparison result is consistent, indicating that the transmitted activation data packet after secondary encryption is not tampered;
and packaging the original ID number which is verified to be safe for the second time and the second activation code I to form a fourth activation data packet.
8. The method for managing the product ID number and the activation code according to claim 1, wherein the writer comprises a USB port, a DB9 serial port, a recovery button and a display screen, the USB port is used for downloading and returning the activation data packet from the management software and is also used for transmitting a log; the DB9 serial port is used for connecting the product and performing activation packet transfer, and when the programming device is connected with the product or management software, the power supply of the programming device is provided by a connecting party; the display screen is used for displaying the current programming state, the original ID number stored in the programming device, the residual quantity and the total quantity;
the writer burns with the product and carries out handshake communication to issue the recovery instruction, including:
the programming device is connected with a product through a DB9 serial port, a recovery button on the programming device is pressed and kept, and the programming device issues a recovery instruction after the product is electrified;
the programming device and the product carry out handshake communication and issue an activation instruction, and the method comprises the following steps:
the programming device is connected with a product through a DB9 serial port, and the programming device issues an activation instruction after the product is powered on.
9. The method for managing the product ID number and the activation code according to any one of claims 2 to 7, wherein the method for performing tamper-proof encryption on the original ID number and the securely encrypted activation code by using the tamper-proof encryption public key is the same as that for performing tamper-proof encryption on the original ID number and the securely encrypted activation code by using the tamper-proof encryption public key, and comprises the following steps:
performing exclusive-or operation on the safely encrypted activation code and the tamper-resistant encrypted public key to obtain first data, wherein the first data is recorded as mka, the first data is substituted into the following relational expression for calculation, and a value corresponding to the relational expression is used as tamper-resistant encrypted data and recorded as mk1, and the relational expression is as follows:
wherein, mkb and mkc are prime numbers nearest to mka, and mkb < mka, mkc > mka.
10. The method for managing the ID number and the activation code of the product according to any one of claims 1 to 8, wherein the management software generates the original ID number and the corresponding activation code of the product, and simultaneously generates a log corresponding to the original ID number; in the programming method, when the management software, the programmer and the product carry out handshake communication in sequence, the logs are distributed to the programmer and the embedded boot software in sequence in plain text; in the recovery method, when the product, the writer and the management software carry out handshake communication in sequence, the log is transmitted back to the writer and the management software in a clear text manner in sequence, and after the writer judges the activation state of the product, the log is updated, the updated content comprises the use condition of the activation data packet, and log record closed-loop management is realized.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110483478.4A CN113254886B (en) | 2021-04-30 | 2021-04-30 | Product ID number and activation code management method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110483478.4A CN113254886B (en) | 2021-04-30 | 2021-04-30 | Product ID number and activation code management method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113254886A true CN113254886A (en) | 2021-08-13 |
| CN113254886B CN113254886B (en) | 2023-07-18 |
Family
ID=77223441
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110483478.4A Active CN113254886B (en) | 2021-04-30 | 2021-04-30 | Product ID number and activation code management method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113254886B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060209337A1 (en) * | 2005-02-25 | 2006-09-21 | Canon Europa Nv | Memory management software, print control device, and memory management method of print control device |
| US20070174639A1 (en) * | 2006-01-26 | 2007-07-26 | Macrovision Corporation | Apparatus for and a method of downloading media content |
| CN106528208A (en) * | 2016-10-17 | 2017-03-22 | 惠州市蓝微电子有限公司 | Scanning and integration verification comparison method for encrypted product |
| CN107526947A (en) * | 2017-09-26 | 2017-12-29 | 重庆市珞宾信息技术有限公司 | A kind of embedded software active control method |
| CN110348181A (en) * | 2019-07-15 | 2019-10-18 | 广东名阳信息科技有限公司 | A kind of method of verification software right to use legitimacy |
-
2021
- 2021-04-30 CN CN202110483478.4A patent/CN113254886B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060209337A1 (en) * | 2005-02-25 | 2006-09-21 | Canon Europa Nv | Memory management software, print control device, and memory management method of print control device |
| US20070174639A1 (en) * | 2006-01-26 | 2007-07-26 | Macrovision Corporation | Apparatus for and a method of downloading media content |
| CN106528208A (en) * | 2016-10-17 | 2017-03-22 | 惠州市蓝微电子有限公司 | Scanning and integration verification comparison method for encrypted product |
| CN107526947A (en) * | 2017-09-26 | 2017-12-29 | 重庆市珞宾信息技术有限公司 | A kind of embedded software active control method |
| CN110348181A (en) * | 2019-07-15 | 2019-10-18 | 广东名阳信息科技有限公司 | A kind of method of verification software right to use legitimacy |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113254886B (en) | 2023-07-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109429222B (en) | Method for encrypting wireless network equipment upgrading program and communication data | |
| CN102138300B (en) | Message authentication code pre-computation with applications to secure memory | |
| CN101401105B (en) | Encryption apparatus and method for providing an encrypted file system | |
| CN101213814B (en) | Secure patch system | |
| JP2004534333A (en) | Integrated protection method and system for distributed data processing in computer networks | |
| CN110008745B (en) | Encryption method, computer equipment and computer storage medium | |
| CN1985466A (en) | Method of delivering direct proof private keys in signed groups to devices using a distribution CD | |
| CN104657630A (en) | Integrated circuit provisioning using physical unclonable function | |
| CN105340211A (en) | System and methods for encrypting data | |
| CN103532707A (en) | System and method for defining programmable processing steps applied when protecting the data | |
| CN103532701A (en) | Encryption and decryption method for numeric type data | |
| CN106776904A (en) | The fuzzy query encryption method of dynamic authentication is supported in a kind of insincere cloud computing environment | |
| CN104732159B (en) | A kind of document handling method and device | |
| US7805616B1 (en) | Generating and interpreting secure and system dependent software license keys | |
| CN113391880B (en) | Trusted mirror image transmission method for layered double hash verification | |
| CN112738051B (en) | Data information encryption method, system and computer readable storage medium | |
| CN109478214A (en) | Device and method for certificate registration | |
| CN109657497B (en) | Secure file system and method thereof | |
| CN105024992A (en) | Implementing use-dependent security settings in a single white-box implementation | |
| CN105978686A (en) | Key management method and system | |
| CN111327419A (en) | Method and system for resisting quantum computation block chain based on secret sharing | |
| CN109150505A (en) | A kind of information transferring method and device for SAP system | |
| CN113254886B (en) | Product ID number and activation code management method | |
| CN102714595B (en) | Digital signature server and user terminal | |
| CN113806774B (en) | Encryption method, decryption method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |