TWI725623B - Point-to-point authority management method based on manager's self-issued tickets - Google Patents

Abstract

A point-to-point authority management method based on the self-issuing of the ticket by the administrator. The server device verifies the first service instruction ticket from the management device and provides the corresponding service according to the first instruction contained in the first service instruction ticket; management; The end device generates the service authority setting ticket to the first terminal device, so that the second service instruction ticket is generated according to the service authority setting ticket, and the service authority setting ticket and the second service instruction ticket are sequentially transmitted to the server device; After the server device verifies and judges the validity of the service authority setting ticket and the access authority recorded therein, the server device verifies the second service instruction ticket and determines that the second instruction contained therein is stored in the service authority setting ticket record. When within the authority, the server device provides the corresponding service according to the second instruction.

Description

Point-to-point authority management method based on manager's self-issued tickets

The invention relates to a method for managing the use authority of an electronic device, in particular to a point-to-point authority management method based on the self-issuing of tickets by an administrator.

Existing centralized management of electronic equipment, such as smart car systems, automated machines, household appliances, etc., and its system providers mainly use, for example, a centralized cloud management center to centrally manage these electronic equipment users. Access rights and private information.

Therefore, when the access control mechanism and private data of the electronic device are centrally controlled by the cloud management center of the system provider, even if the management rules set by the system provider are opaque or biased, the user of the electronic device can only Accept the rules set by the provider. In addition, user information of electronic devices is always uploaded to the cloud database in an opaque and non-verifiable manner, so that users of electronic devices cannot effectively protect or prevent their privacy or confidential information from being misused by system providers.

In addition, in order to connect to the cloud management center, electronic devices also need to bear high network transmission costs, high network transmission delays, and high hardware design costs. Furthermore, it is difficult for a centralized management cloud management center to transfer its management authority to other cloud management center.

Therefore, the purpose of the present invention is to provide a point-to-point authority management method and system based on the self-issuing of tickets by the administrator, which enables the management end device of the electronic device to manage the use authority and management of the electronic device by issuing tickets. To achieve the purpose of decentralized management, and to solve the problems raised by previous technologies.

Therefore, the present invention is based on the point-to-point authority management method of self-issued tickets by the administrator, which is applied between a server device that can communicate with each other, a management device that manages the server device, and a first terminal device, wherein the management The end device has an exclusive and paired first public key and a first private key, the server device has an exclusive and paired second public key and a second private key, and the first end device has an exclusive and paired A third public key and a third private key; the method includes: the management device can generate and transmit a first service instruction ticket containing a first instruction to the server device; the server device receives the After the first service instruction ticket, the first public key of the management terminal device is used to verify the correctness of the first service instruction ticket, and the corresponding first instruction provided in the first service instruction ticket is provided Service to the management terminal device; the management terminal device can generate a service authority setting ticket and transmit the service authority setting ticket to the first terminal device, the service authority setting ticket records the first terminal device to the server An access authority for the device; the first terminal device can generate a second service instruction ticket according to the service authority setting ticket, and transmit the service authority setting ticket and the second service in sequence The service order ticket is given to the server device; after the server device receives the service authority setting ticket, it verifies the correctness of the service authority setting ticket with the first public key of the management terminal device, and judges the service After the permission setting ticket records the validity of the access permission, the server device receives the second service order ticket, and uses a third public key of the first terminal device to verify the validity of the second service order ticket Is correct, and when it is determined that the second instruction contained in the second service instruction ticket is within the access authority of the service authority setting ticket record, the server device provides the corresponding service to the second instruction according to the second instruction. The first terminal device.

In some embodiments of the present invention, before generating the first service instruction ticket, the management terminal device first generates an initial setting ticket and transmits the initial setting ticket to the server device, the server device After receiving the initial setting ticket and verifying the correctness of the initial setting ticket with the first public key of the management terminal device, the management terminal device records the first public key in one of the administrator fields , And set the management terminal device as the manager.

In some embodiments of the present invention, the management terminal device will use the first private key to sign the initial set ticket, and then transmit the signed initial set ticket to the server device, and the service After receiving the signed initial set ticket, the end device verifies the signed initial set ticket with the first public key of the management end device to confirm the correctness of the initial set ticket; and After the server device completes the settings, it generates a status report ticket containing a setting result, and uses the second private key to report the status ticket After the coupon is signed, the signed status report ticket is sent to the management terminal device, and the management terminal device receives the signed status report ticket and verifies it with the second public key of the server device The status reports the correctness of the ticket, and according to the setting result, it is confirmed that the server device has completed the setting of the administrator.

In some embodiments of the present invention, the second public key of the server device is recorded in a service device field of the first service order ticket, and a ticket holder of the first service order ticket The first public key is recorded in the field, the first public key is recorded in the ticket generator field of the first ticket, and the management-end device establishes a session mechanism with the server-end device, and uses a and After a first session key agreed by the server device encrypts the one command contained in the first service command ticket into a first encrypted data, the management device then uses the first private key pair to include the first private key pair. An encrypted data of the first service order ticket is signed to generate the signed first service order ticket, and then the signed first service order ticket is sent to the server device; the server device After receiving the signed first service order ticket, confirm that it is the receiving end of the first service order ticket according to the second public key recorded in the service device field of the first service order ticket , And according to the first public key recorded in the ticket holder field of the first service instruction ticket, confirm that the management terminal device is the object that provides the corresponding service, and use the management terminal device's After the first public key verifies the correctness of the signed first service order ticket, the first encrypted data contained in the first service order ticket is decrypted with the first session key to retrieve the first service order ticket. instruction.

In some embodiments of the present invention, before the management-end device and the server-end device establish the session mechanism, an identity verification (Challenge-response authentication) is performed between the server-end device and the management-end device. Response authentication) procedures.

In some embodiments of the present invention, after the server device completes the service required by the first service instruction ticket, the ticket processing module of the server device generates a status report ticket, and the status report ticket The coupon contains a service-related data, and the server device uses the first session key to encrypt the service-related data contained in the status report ticket into a second encrypted data, and then uses the second private The key pair contains the signature of the status report ticket of the second encrypted data, and transmits the signed status report ticket to the management terminal device; the management terminal device receives the signed status report ticket , And verify the correctness of the signed state report ticket with the second public key of the server device, and then decrypt the second encrypted data contained in the state report ticket with the first session key After taking out the service-related data, and after determining that the server device has completed the service requested by the first service order ticket based on the service-related data, the session mechanism is terminated with the server device.

In some embodiments of the present invention, the second public key of the server device is recorded in a service device field of the service authority setting ticket, and a ticket holder field of the service authority setting ticket The third public key of the first terminal device is recorded in the first terminal device, the first public key is recorded in a ticket issuer field of the service authority setting ticket, and the The management terminal device uses the first private key to set the ticket signature for the service authority to generate the signed service authority setting ticket, and then transmits the signed service authority setting ticket to the first terminal device After the first terminal device verifies the correctness of the signed service authority setting ticket with the first public key of the management terminal device, it stores the signed service authority setting ticket, and the first The terminal device also generates a status report ticket, and after signing the status report ticket with the third private key, transmits the signed status report ticket to the management terminal device, and the management terminal device receives the status report ticket. The status report ticket is signed and the third public key of the first terminal device is used to verify the correctness of the status report ticket.

In some embodiments of the present invention, the first terminal device transmits the signed service authority setting ticket to the server device, and the server device sets the service device column of the ticket according to the service authority The second public key recorded in the bit confirms that it is the receiving end of the service authority setting ticket, and the correctness of the signed service authority setting ticket is verified with the first public key of the management terminal device , And after determining the validity of the permission information recorded in the service permission setting ticket, the server device will generate a status report ticket containing the permission confirmation result, and use the second private key to report the status to the ticket After the coupon is signed, the signed state return ticket is sent to the first terminal device, and after the first terminal device receives the signed return ticket, it uses the second public certificate of the server device The key verifies the correctness of the signed status report ticket, and according to the permission confirmation result contained in the status report ticket, it is determined that the server device has confirmed the The service authority sets the authority of the ticket.

In some embodiments of the present invention, after the first terminal device confirms the correctness of the status report ticket, the first terminal device generates the second service instruction ticket, and a service of the second service instruction ticket The second public key of the server device is recorded in the device field, the third public key is recorded in the ticket holder field of the second service order ticket, and a ticket of the second service order ticket The third public key is recorded in the coupon generator field; and the first terminal device establishes a session mechanism with the server device, and uses a second session key agreed with the server device to the second service command The second instruction contained in the ticket is encrypted into a third encrypted data, and the second service instruction ticket containing the third encrypted data is signed with the third private key to generate the signed second The service order ticket, and then the signed second service order ticket is sent to the server device; the server device receives the signed second service order ticket and uses the first terminal After the third public key of the device verifies the correctness of the signed second service order ticket, the second session key is used to decrypt the third public key contained in the signed second service order ticket. Encrypt the data and fetch the second command.

In some embodiments of the present invention, before the first terminal device and the server device establish the session mechanism, a challenge-response authentication (Challenge-response authentication, Challenge-response authentication) procedures.

In some embodiments of the present invention, the server device completes the first 2. After the service requested by the service order ticket, the server device will generate a status report ticket. The status report ticket contains information related to the service, and the server device uses the second session key to After the service-related data contained in the status report ticket is encrypted into a fourth encrypted data, the status report ticket signature with the fourth encrypted data contained in the second private key is used, and the signed stamp is sent The status report ticket of is sent to the first terminal device; the first terminal device receives the signed status report ticket, and verifies the signed status with the second public key of the server device After reporting the correctness of the ticket, the second session key is used to decrypt the fourth encrypted data contained in the status report ticket to take out the service-related data, and determine the service based on the service-related data After the end device has completed the service required by the second service instruction ticket, the conversation mechanism with the server end device is terminated.

In some embodiments of the present invention, the server device and the management device can also communicate with a second terminal device, and the second terminal device has a dedicated and paired fourth public key and a fourth private key ; And the management terminal device can also generate a management right setting ticket containing a management right setting, and transmit the management right setting ticket to a second terminal device, the second terminal device setting the management right ticket After being transmitted to the server device, the server device verifies the correctness of the management right setting ticket according to the first public key of the management terminal device, and then sets the management right setting contained in the ticket according to the management right, Set the second terminal device to have all or part of the management authority of the server device; when the second terminal device is set to have all the management authority of the server device, the server The server device will update the manager field to the fourth public key of the second terminal device; when the second terminal device is set to have partial management authority of the server device, the server device will Adding a second manager field and a second management authority field corresponding to the second manager field, and recording the fourth public key of the second terminal device in the second management field, And record part of the management authority content of the management authority setting ticket setting in the second management authority field, and add a first management authority field corresponding to the manager field, and add it to the first management authority Part of the management authority content of the management terminal device is recorded in the field.

In some embodiments of the present invention, the second public key of the server device is recorded in a server device field of the management right setting ticket, and the management right sets a ticket holder field of the ticket The fourth public key of the second terminal device is recorded in the second terminal device, the first public key is recorded in a ticket issuer field of the management right setting ticket; and the management terminal device uses the first private key to manage the management The right to set the ticket signature, and then transmit the signed management right setting ticket to the second terminal device, and the second terminal device verifies the received signed stamp with the first public key of the management terminal device After the correctness of the management right to set the ticket, the signed management right to set the ticket is stored, and a status report ticket is generated, and the status report ticket is signed with the fourth private key, and then sent The signed status report ticket is sent to the management terminal device, and the management terminal device receives the signed status report ticket and verifies that the status report ticket is correct with the fourth public key of the second terminal device Sex.

In some embodiments of the present invention, the second terminal device will be signed The management right setting ticket of the chapter is transmitted to the server device, and the server device verifies the correctness of the received signed management right setting ticket with the first public key of the management device; and After the server device completes the management authority setting, it will generate a status report ticket containing a setting result, and after the status report ticket is signed with the second private key, the status report ticket that has been signed is sent To the second terminal device, the second terminal device receives the signed status report ticket and verifies the correctness of the status report ticket with the second public key of the server device, and according to the setting result Confirm that the server device has completed the update manager settings.

In some embodiments of the present invention, the first public key and the first private key are generated by the management terminal device itself, or generated by a first external computer device and then provided to the management terminal device, or by the first external computer device. An external computer device is generated and stored in a first external device, and only when the first external device is electrically connected to the management device, the management device can obtain the first public key and the first private from the external device Key; the second public key and a second private key paired with the second public key are generated by the server device itself or by a second external computer device and then provided to the server device; the third public key The key and the third private key are generated by the first terminal device, or generated by a third external computer device and then provided to the first terminal device, or generated by the third external computer device and stored in a second external Device, and when the second external device is electrically connected to the first terminal device, the first terminal device can obtain the third public key and the third private key from the second external device; the fourth public key and The fourth private key is the second terminal The end device is generated by itself or is generated by a fourth external computer device and then provided to the second terminal device, or is generated by the fourth external computer device and stored in a third external device, and when the third external device and the third external device When the second terminal device is electrically connected, the second terminal device can obtain the fourth public key and the fourth private key from the third external device.

The effect of the present invention is that the management end device has all the access rights that can use the server end device, and generates a first service order ticket to the server end device to control or access the server end device, the management The end device can also generate a service authority setting ticket to the first terminal device, so that the first terminal device can generate a second use ticket to the server device based on the authority ticket, so that the server device can verify the service authority After setting the correctness and validity of the ticket, and confirming that the instruction contained in the second use ticket is within the access permission of the service permission setting ticket, the corresponding service is provided to the first terminal device in a point-to-point manner Manage the access authority of the first terminal device to use the server device to achieve the purpose of decentralized management, and allow the users of the server device to effectively protect their privacy or confidential data; and the management device also All or part of the management authority can be easily transferred to the second terminal device by generating the management authority setting ticket to the second terminal device.

S1~S15: steps

S31~S36: steps

1: Server device

2: Management device

3: The first terminal device

4: The second terminal device

5: Other terminal devices

The other features and effects of the present invention will be clearly shown in the embodiments with reference to the drawings, in which: Figure 1 is a point-to-point authority management method based on the self-issued ticket of the present invention Fig. 2 is a schematic diagram of a plurality of electronic devices communicating with the point-to-point authority management method based on the self-issuing of tickets by the administrator in this embodiment; and Fig. 3 is the transfer of the management terminal device of this embodiment The main flow chart of managing the management authority of the server device to the second terminal device.

Before the present invention is described in detail, it should be noted that in the following description, similar elements are denoted by the same numbers.

Refer to FIG. 1, which is the main flow of an embodiment of the point-to-point authority management method based on the self-issued ticket of the administrator of the present invention, which is applied to the mutual communication as shown in FIG. Or a wireless network for long-distance or short-distance communication) between a server device 1, a management device 2 and a first terminal device 3; the server device 1 may be, but not limited to, for example, a smart device with a computing function. Smart home appliances (smart TVs, smart refrigerators, etc.), smart cars, smart door locks, etc. Various near-end electronic devices, remote electronic devices, or remote electronic devices that can provide services, resources, information or data Electronic transportation vehicles/equipment, etc. The management device 2 is an electronic device that can control the server device 1 and has a computing function, such as but not limited to an electronic device such as a desktop computer, a tablet computer, a smart phone, or a wearable electronic device. The first terminal device 3 may be a general electronic device with computing functions, such as but not limited to For desktop computers, tablet computers, smart phones or wearable electronic devices, etc.

And in this embodiment, a ticket processing module has been pre-embedded (planted) in the server device 1, the management device 2 and the first terminal device 3, which is based on information confidentiality and information security. Considering that, the ticket processing module is usually embedded in the server device 1, the management device 2 and the first terminal device before the server device 1, the management device 2 and the first terminal device 3 leave the factory. The terminal device 3 cannot be changed or cracked afterwards. Of course, the ticket processing module can also be loaded into the management terminal device 2 or the first terminal device 3 by software installation or firmware burning with sufficient security protection mechanism. In the electronic device.

Moreover, before implementing the point-to-point authority management method based on the administrator’s self-issued ticket, the server device 1, the management device 2 and the first terminal device 3 need to be initialized, that is, by initialization, the management The end device 2 will generate a pair of keys after initialization, that is, a paired first public key and a first private key; the server device 1 will generate a pair of keys after initialization, that is, a paired first Two public keys and a second private key; and the first terminal device 3 will also generate a pair of keys after initialization, that is, a paired third public key and a third private key. In addition, the first public key and the first private key can also be generated by an external computer device and then provided to the management terminal device 2, or generated by the external computer device and stored in an external device, such as a flash drive or the like When the external device is electrically connected to the management terminal device 2 and the external device verifies that the password entered by the management terminal device 2 is correct, the external device Provide the first public key and the first private key to the management terminal device 2. Similarly, the third public key and the third private key can also be provided to the first terminal device 3 by an external computer device or an external device as described above. In addition, the second public key and the second private key may also be generated by an external computer device and then provided to the server device 1. In addition, the first private key, the second private key, and the third private key will be stored securely in any manner by the above-mentioned owning device, respectively.

Moreover, the server device 1 can obtain the first public key and the third public key by providing the management device 2 and the first terminal device 3 or searching on the Internet. Similarly, the management device 2 can borrow The second public key and the third public key are obtained from the provision of the server device 1 and the first terminal device 3 or by searching on the Internet; and the first terminal device 3 can use the management device 2 and the service The first public key and the second public key are obtained by providing the end device 1 or searching on the Internet.

Then, in order to become the first manager of the server device 1, the ticket processing module of the management device 2 will generate an initial setting ticket and transmit the initial setting ticket to the server device 1. The initial setting ticket basically has at least one ticket generator field and one ticket holder field, and both fields record the first public key, that is, the management terminal device 2 is The first public key serves as a representative of its identity, that is, an identification code (ID). Specifically, in order to ensure that the content of the ticket will not be tampered with by hackers during the transmission process, the ticket processing module of the management terminal device 2 will use the first private key to sign the initial set ticket, and then The signed initial set ticket is sent to The server device 1. The ticket processing module of the server device 1 receives the signed initial set ticket, and verifies the signed initial set ticket with the first public key of the management device 2 to confirm the After initially setting the correctness of the ticket and its source, the first public key representing the management terminal device 2 is recorded in one of the (first) manager fields, and the management terminal device 2 is set as the first public key A manager. Then, the server device 1 generates a status report ticket containing a setting result (for example, a completion message), and uses the second private key to report the status to the status report ticket, and then sends the signed status report ticket to the status report ticket. The coupon is sent to the management terminal device 2, and the management terminal device 2 receives the signed status report ticket and verifies the correctness of the signed status report ticket and the setting result, and then confirms the server Device 1 has completed the settings of the administrator. In addition, since the above-mentioned signatures and signature verification techniques are well known and not the focus of this case, they will not be detailed here.

Therefore, the management device 2 with the manager identity of the server device 1 will have all rights to use the server device 1. Thereby, when the management terminal device 2 wants to access or control the server device 1 so that the server device 1 provides services, as shown in step S1 of FIG. 1, the ticket processing module of the management terminal device 2 will generate A first service instruction ticket containing a first instruction (access or control instruction), and step S2 of FIG. 1 is executed to transmit the first service instruction ticket to the server device 1. Specifically, a second public key of the server device 1 is recorded in a service device field of the first service order ticket, and a ticket holder field of the first service order ticket is recorded The first public key is recorded in a ticket generator field of the first service instruction ticket Record the first public key. In addition, in order to prevent the content of the ticket from being tampered with during the transmission process and to prevent hackers from eavesdropping on the transmission content during the transmission process, the ticket processing module of the management terminal device 2 serves the order ticket and the ticket of the server device 1 The processing modules will first negotiate a session mechanism, and agree to use a first session key to encrypt the ticket content before signing the ticket. That is, the ticket processing module of the management terminal device 2 will first use the first session key to encrypt the first command contained in the signed first service command ticket into a first encrypted data. , And then use the first private key to sign the first service instruction ticket containing the first encrypted data, and then transmit the signed first service instruction ticket to the server device 1.

Furthermore, before the server device 1 establishes a session mechanism with the management device 2, in order to confirm that the person who transmits the first service order ticket is the legal user of the first service order ticket (that is, the management device 2 ), a challenge-response authentication (Challenge-response authentication) procedure will be performed between the server device 1 and the management device 2, that is, the server device 1 randomly generates a random number, and The random number is transmitted to the management terminal device 2. After receiving the random number, the management terminal device 2 signs the random number with the first private key held by the management terminal device 2 and then signs the random number. The random number is sent back to the server device 1. After the server device 1 receives the signed random number, it verifies the signature with the first public key originally provided by the management device 2 to the server device 1. After the random number of the chapter is indeed sent by the management terminal device 2, it is confirmed that the management terminal device 2 is a legal use of the first service order ticket Otherwise, the purpose of identity verification is achieved, and then the server device 1 and the management device 2 establish a session mechanism.

Thereby, when the server device 1 receives the signed first service instruction ticket, as shown in step S3 of FIG. 1, the service instruction ticket of the ticket processing module of the server device 1 is based on the first service instruction ticket. The second public key recorded in the service device field of the service order ticket is confirmed as the receiving end of the first service order ticket, and according to the ticket holder column of the first service order ticket The first public key recorded in the bit confirms that the first service instruction ticket comes from the management terminal device 2, and uses the first public key of the management terminal device 2 to verify the signed first service instruction ticket After the correctness, use the first session key to decrypt the first encrypted data contained in the first service instruction ticket to take out the first instruction, and then step S4 in FIG. 1, the server device 1 according to The service instruction ticket provides the corresponding service (to the management terminal device 2) by the first instruction (access or control instruction).

And after the server device 1 completes the service requested by the first service instruction ticket, the ticket processing module of the server device 1 will generate a status report ticket, and the status report ticket contains a service-related Data (such as report service completed or return data), and the status report ticket of the ticket processing module of the server device 1 will first use the first session key to report the status of the ticket contained in the ticket After the service-related data is encrypted into a second encrypted data, the second private key is used to report the state of the second encrypted data with the signature of the ticket, and then the signed state report of the ticket is sent To the management terminal device 2.

Therefore, the management terminal device 2 receives the signed status report ticket, the status report ticket and uses the second public key recorded in the status report ticket to verify the signature of the signed status report ticket. After the chapter is correct, decrypt the second encrypted data contained in the status report ticket with the first session key to obtain the service-related data, and based on the service-related data, it is determined that the server device 1 is completed After the first service instructs the service requested by the ticket, the conversation mechanism with the server device 1 is terminated.

In addition, in addition to controlling and using the server device 1, the management device 2 can also authorize other terminal devices to use the server device 1. That is, in step S5 of FIG. 1, the management device 2 can also authorize other terminal devices to use the server device 1. The terminal device 2 can generate a service authority setting ticket, and as shown in step S6 of FIG. 1, transmits the service authority setting ticket to the first terminal device 3. The service authority setting ticket records the first terminal device 3 In addition to an access authority to the server device 1, a second public key of the server device 1 is recorded in a service device field of the service authority setting ticket, and a ticket holder of the service authority setting ticket A third public key of the first terminal device 3 is recorded in the possessed field, and the first public key is recorded in a ticket issuer field of the service authority setting ticket. Specifically, the management terminal device 2 first sets the ticket signature for the service authority with the first private key, and then transmits the signed service authority setting ticket to the first terminal device 3.

Therefore, in step S7 of FIG. 1, the ticket processing module of the first terminal device 3 receives the signed service authority setting ticket and uses the management terminal device 2 The first public key verifies the correctness of the signed service authority setting ticket, and then, in addition to storing the signed service authority setting ticket, the ticket processing module of the first terminal device 3 The group also generates a status report ticket, and after signing the status report ticket with its third private key, transmits the signed status report ticket to the management terminal device 2, whereby the management terminal device 2 After receiving the signed status report ticket and verifying the correctness of the signed status report ticket with the third public key of the first terminal device 3, it is determined that the first terminal device 3 has confirmed Receive the service permission set ticket.

Therefore, when the first terminal device 3 needs the server device 1 to provide services, as shown in step S8 in FIG. 1, the first terminal device 3 transmits the signed service authority setting ticket to the server device 1. Then, in step S9 of FIG. 1, the ticket processing module of the server device 1 receives the signed service authority setting ticket, and records in the service device field of the service authority setting ticket according to the service authority. Confirm that it is the receiving end of the service authority setting ticket, and verify the signature of the service authority setting ticket with the first public key of the management terminal device 2 to confirm the service authority setting ticket After the coupon is indeed generated by the management terminal device 2, as shown in step S10 of FIG. 1, the ticket processing module of the server device 1 then determines the validity of the access authority recorded in the service authority setting ticket, and also That is, whether the access permission is still valid, and after confirming that the service permission setting ticket is a valid ticket, the ticket processing module of the server device 1 will generate a status report ticket containing a permission confirmation result , And after signing the status report ticket with the second private key, send the signed status report ticket to the The first terminal device 3.

Then, the first terminal device 3 receives the signed status report ticket and verifies the correctness of the status report ticket, and determines the server device according to the authority confirmation result contained in the status report ticket 1 After confirming the service authority setting ticket, the first terminal device 3 can use the service provided by the server device 1. Therefore, in step S11 of FIG. 1, the ticket processing module of the first terminal device 3 can generate a second service instruction ticket containing a second instruction (access or control instruction) to the server device 1. At this time, similarly, in order for the server device 1 to confirm that the person who sent the second service order ticket is a legitimate user of the second service order ticket (that is, the first terminal device 3), the server device 1 and The first terminal device 3 must first perform the challenge-response authentication (Challenge-response authentication) procedure between the first terminal device 3, and then the first terminal device 3 can negotiate with the server device 1 to establish a session mechanism, and agree to jointly Use a one-time (temporary) second session key. And a second public key of the server device 1 is recorded in a service device field in the second service order ticket, and the third public key is recorded in a ticket holder field of the second service order ticket. The public key, the third public key is recorded in a ticket generator field of the second service instruction ticket. In the same way, in order to prevent the content of the ticket (that is, the second instruction) from being tampered with during the transmission process and to avoid being intercepted by hackers during the transmission process, the ticket processing module of the first terminal device 3 will first serve the instruction The ticket uses the second session key to encrypt the second command contained in the second service command ticket into a third encrypted data, and then uses the third private The second service order ticket containing the third encrypted data is signed by the key pair, and then in step S12 of FIG. 1, the signed second service order ticket is transmitted to the server device 1.

Therefore, in step S13 of FIG. 1, the server device 1 receives the signed second service instruction ticket, and the service instruction ticket uses the third public key of the first terminal device 3 to verify the signed After the correctness of the second service order ticket in the chapter, use the second session key to decrypt the third encrypted data contained in the second service order ticket to take out the second instruction, and the steps shown in Figure 1 S14: When it is determined that the second instruction of the service instruction ticket is within the access authority of the service authority setting ticket record, as shown in step S15 of FIG. 1, the server device 1 is based on that the second service instruction ticket contains The second instruction of provides the corresponding service to the first terminal device 3. And after the server device 1 completes the service requested by the second service instruction ticket, the ticket processing module of the server device 1 will generate a status report ticket, and the status report ticket contains a service-related And the ticket processing module of the server device 1 will use the second session key to encrypt the service-related data contained in the status report ticket into a fourth encrypted data , And then use the second private key pair to report the status of the ticket signature containing the fourth encrypted data, and transmit the signed status report ticket to the first terminal device 3.

Therefore, the first terminal device 3 receives the signed status report ticket, and uses the second public key of the server device 1 to verify the signed status report ticket. After the correctness of the status report ticket, the second session key is used to decrypt the fourth encrypted data contained in the status report ticket to take out the service-related information, and determine according to the service-related information After the server device 1 has completed the service required by the second service instruction ticket, the conversation mechanism with the server device 1 is terminated.

Furthermore, the management device 2 can also authorize all or part of its management rights for the server device 1 to other terminal devices, that is, in step S31 of FIG. 3, the management device 2 The ticket processing module can generate a management right setting ticket that contains a management right setting, and in step S32 of FIG. 3, the management right setting ticket is transmitted to a first ticket processing module that has also set a ticket processing module in advance. Two terminal device 4. The second terminal device 4 also has a matched fourth public key and a fourth private key, and the server device 1 and the management device 2 can be provided by the second terminal device 4 or searched online. Obtain the fourth public key. And the second public key of the server device 1 is recorded in a server device field of the management right setting ticket, and the second terminal device 4 is recorded in a ticket holder field of the management right setting ticket A fourth public key of the management right is set to record the first public key in a ticket issuer field of the ticket. In addition, the management terminal device 2 uses the first private key to set a ticket signature for the management right, and then transmits the signed management right setting ticket to the second terminal device 4.

Therefore, in step S33 of FIG. 3, the ticket processing module of the second terminal device 4 receives the signed management right setting ticket and verifies the management with the first public key of the management terminal device 2 After the right to set the correctness of the ticket, in addition to the signed In addition to the management right to set the ticket storage, the ticket processing module of the second terminal device 4 also generates a status report ticket, and uses its fourth private key to report the status of the ticket and then sends the signed ticket. The status report ticket of the chapter is sent to the management terminal device 2, and the management terminal device 2 receives the signed status report ticket and verifies the status of the status report ticket with the fourth public key of the second terminal device 4 After it is correct, it is determined that the second terminal device 3 has confirmed the receipt of the management right setting ticket.

Then, in step S34 of FIG. 3, the second terminal device 4 transmits the signed management right setting ticket to the server device 1, and the ticket processing module of the server device 1 receives the signed ticket. After the management right of the chapter sets the ticket, step S35 in Figure 3, according to the second public key recorded in the service device field of the management right to set the ticket, confirm that it is the receipt of the management right to set the ticket And verify the correctness of the signed management right setting ticket with the first public key of the management terminal device 2 and confirm that the management right setting ticket is indeed generated by the management terminal device 2, as shown in Figure 3. In step S36, the ticket processing module of the server device 1 sets the management right setting contained in the ticket according to the management right, and sets the second terminal device 4 to have its full management authority or part of its management authority. If the second terminal device 4 is set to have all the management authority of the server device 1, the server device 1 will update the manager field therein to the fourth public key, and set the second terminal Device 4 is its full administrator; and if the second terminal device 4 is set to have partial management authority of the server device 1, the server device 1 will add a second manager field and a With the second manager column A corresponding second management authority field, and record the fourth public key in the second management field, and record part of the management authority content set by the management authority setting ticket in the second management authority field; At the same time, the server device 1 adds a first management authority field corresponding to the original (first) manager field, and records part of the management device 2 in the first management authority field (The rest) management authority content.

And after the ticket processing module of the server device 1 completes the management authority setting, it will generate a status report ticket containing a setting result, and use the second private key to report the status to the status report ticket, and then The signed status report ticket is sent to the second terminal device 3, and the second terminal device 3 receives the signed status report ticket and verifies the correctness of the status report ticket, and according to the setting As a result, after confirming that the server device 1 has completed the update manager setting, it is confirmed that the management right setting has been completed.

Thus, if the second terminal device 4 has all the management authority of the server device 1, the second terminal device 4 will completely replace the management device 2 and become the new manager of the server device 1, and It can perform all the authority management functions of the management device 2 as described above, including using the server device 1, authorizing other terminal devices 5 to use the server device 1, and transferring all or part of the management authority to other terminal devices 5, etc. If the second terminal device 4 has part of the management authority of the server device 1, for example, other terminal devices 5 are authorized to use the server device 1, as described above, the second terminal device 4 can generate an authorization ticket to Other terminal devices 5.

In summary, the above-mentioned embodiment uses the management terminal device 2 in addition to having the ability to Use all the access permissions of the server device 1 and generate a first service order ticket to the server device 1 to control or access the server device 1, and the management device 2 can also generate service permission settings The ticket is given to the first terminal device 3, so that the first terminal device 3 can generate a second use ticket to the server device 1 based on the authorization ticket, so that the server device 1 is used to verify the service authorization setting ticket After confirming the correctness and validity, and confirming that the instructions contained in the second use ticket are within the access permissions of the service permission setting ticket, the corresponding service is provided to the first terminal device 3, and the first terminal device 3 is managed in a point-to-point manner. The terminal device 3 uses the access authority of the server device 1 to achieve the purpose of decentralized management, and allows the users of the server device 1 to effectively protect their privacy or confidentiality data; in addition, the management terminal The device 2 can also easily transfer all or part of its management authority to the second terminal device 4 by generating a management right setting ticket to the second terminal device 4, so as to achieve the effect and purpose of the invention.

However, the above are only examples of the present invention. When the scope of implementation of the present invention cannot be limited by this, all simple equivalent changes and modifications made in accordance with the scope of the patent application of the present invention and the content of the patent specification still belong to This invention patent covers the scope.

S1~S15: steps

Claims (15)

A point-to-point authority management method based on the self-issuing of tickets by a manager is applied between a server device that can communicate with each other, a management device that manages the server device, and a first terminal device, wherein the management device has A first public key and a first private key are exclusive and paired, the server device has a second public key and a second private key that are exclusive and paired, and the first terminal device has a third that is exclusive and paired Public key and a third private key; the method includes: The management-end device can generate and transmit a first service instruction ticket containing a first instruction to the server-end device; After the server device receives the first service instruction ticket, it verifies the correctness of the first service instruction ticket with the first public key of the management device, and then uses the first service instruction ticket to verify the correctness of the first service instruction ticket. The first instruction provides the corresponding service to the management terminal device; The management terminal device can generate a service authority setting ticket and transmit the service authority setting ticket to the first terminal device. The service authority setting ticket records an access authority of the first terminal device to the server device; The first terminal device can generate a second service instruction ticket according to the service authority setting ticket, and sequentially transmit the service authority setting ticket and the second service instruction ticket to the server device; After the server device receives the service permission setting ticket, it verifies the correctness of the service permission setting ticket with the first public key of the management device, and judges the access permission of the service permission setting ticket record After the validity, the server device receives the second service instruction ticket, verifies the correctness of the second service instruction ticket with a third public key of the first terminal device, and determines the second service instruction When the second instruction contained in the ticket is within the access authority of the service authority setting ticket record, the server device provides the corresponding service to the first terminal device according to the second instruction. As described in claim 1, the point-to-point authority management method based on the self-issued ticket by the administrator, wherein, before generating the first service order ticket, the management terminal device will first generate an initial setting ticket and transmit the initial setting ticket To the server device, the server device receives the initial setting ticket and verifies the correctness of the initial setting ticket with the first public key of the management device, the management device sends the first The public key is recorded in one of the manager fields, and the manager device is set as the manager. For example, the point-to-point authority management method based on the manager's self-issued ticket as described in claim 2, wherein the management terminal device will use the first private key to sign the initial set ticket, and then the signed initial set ticket The coupon is sent to the server device. After the server device receives the signed initial set ticket, it verifies the signed initial set ticket with the first public key of the management device to confirm the Initially set the correctness of the ticket; and after the server device completes the setting, it generates a status report ticket containing a setting result, and uses the second private key to report the status of the ticket and then the ticket will be signed The status report ticket of is sent to the management terminal device, and the management terminal device receives the signed status report ticket and verifies the correctness of the status report ticket with the second public key of the server device, And according to the setting result, it is confirmed that the server device has completed the setting of the administrator. As described in claim 1, the point-to-point authority management method based on the self-issued ticket by the administrator, wherein the second public key of the server device is recorded in a service device field of the first service instruction ticket, and the first service The first public key is recorded in a ticket holder field of the order ticket, the first public key is recorded in a ticket generator field of the first ticket, the service order ticket serves the order ticket and The management device establishes a session mechanism with the server device, and uses a first session key agreed with the server device to encrypt the command contained in the first service command ticket into a first encrypted data Then, the management terminal device uses the first private key to sign the first service order ticket containing the first encrypted data to generate the signed first service order ticket, and then transmits the signed first service order ticket. The first service instruction ticket to the server device; the server device receives the signed first service instruction ticket, and the service instruction ticket is based on the service device field of the first service instruction ticket Confirm that it is the receiving end of the first service order ticket, and according to the first public key recorded in the ticket holder field of the first service order ticket, After confirming that the management terminal device is the object that provides the corresponding service, and verifying the correctness of the signed first service instruction ticket with the first public key of the management terminal device, use the first session secret The key decrypts the first encrypted data contained in the first service order ticket to retrieve the first order. For the point-to-point authority management method based on the self-issued ticket of the administrator as described in claim 4, before the management-end device and the server-end device establish the session mechanism, the server-end device and the management-end device will first An identity verification (Challenge-response authentication, challenge-response authentication) procedure. For example, the point-to-point authority management method based on the self-issued ticket of the manager according to claim 4, wherein, after the server device completes the service required by the first service instruction ticket, the ticket processing module of the server device will Generate a status report ticket, the status report ticket contains information related to a service, and the server device status report ticket uses the first session key to report the status report to the service-related information contained in the ticket After the data is encrypted into a second encrypted data, the second private key pair is used to report the status of the ticket signature containing the second encrypted data, and the signed status report ticket is sent to the management terminal device; After the management device receives the signed status report ticket, the status report ticket uses the second public key of the server device to verify the correctness of the signed status report ticket, and then uses the The first session key decrypts the second encrypted data contained in the status report ticket to retrieve the service-related data, and based on the service-related data, it is determined that the server device has completed the first service order ticket After the requested service, terminate the session mechanism with the server device. As described in claim 1, the point-to-point authority management method based on the self-issued ticket by the administrator, wherein the second public key of the server device is recorded in a service device field of the service authority setting ticket, and the service authority setting ticket The third public key of the first terminal device is recorded in a ticket holder field of the ticket, the first public key is recorded in a ticket issuer field of the service authority setting ticket, and the management terminal The device uses the first private key to set the ticket signature for the service authority to generate the signed service authority setting ticket, and then transmits the signed service authority setting ticket to the first terminal device; After verifying the correctness of the signed service authority setting ticket with the first public key of the management terminal device, the first terminal device stores the signed service authority setting ticket, and the first terminal device A status report ticket is also generated, and after the status report ticket is signed with the third private key, the signed status report ticket is sent to the management terminal device, and the management terminal device receives the signed stamp And verify the correctness of the status report ticket with the third public key of the first terminal device. As described in claim 7, the point-to-point authority management method based on the manager's self-issued ticket, wherein the first terminal device transmits the signed service authority setting ticket to the server device, and the server device according to the The second public key recorded in the service device field of the service authority setting ticket is confirmed to be the receiving end of the service authority setting ticket, and the first public key of the management terminal device is used to verify the signed seal After confirming the validity of the service permission setting ticket and determining the validity of the permission information recorded in the service permission setting ticket, the server device will generate a status report ticket containing the permission confirmation result, and report it with After the second private key signs the status report ticket, the signed status report ticket is transmitted to the first terminal device, and after the first terminal device receives the signed report ticket, Use the second public key of the server device to verify the correctness of the signed status report ticket, and according to the permission confirmation result contained in the status report ticket, it is determined that the server device has confirmed the service permission Set the permissions of the ticket. As described in claim 7, the point-to-point authority management method based on the self-issued ticket by the administrator, wherein, after the first terminal device confirms the correctness of the status report ticket, the first terminal device generates the second service instruction ticket , The second public key of the server device is recorded in a service device field of the second service order ticket, and the third public key is recorded in a ticket holder field of the second service order ticket , The third public key is recorded in a ticket generator field of the second service order ticket; the service order ticket service order ticket and the first terminal device establishes a conversation mechanism with the server device, and A second session key agreed with the server device encrypts the second command contained in the second service command ticket into a third encrypted data, and contains the third encrypted data with the third private key pair The second service order ticket is signed to generate the signed second service order ticket, and then the signed second service order ticket is sent to the server device; the server device receives After the signed second service order ticket, the service order ticket and the third public key of the first terminal device are used to verify the correctness of the signed second service order ticket, use the The second session key decrypts the third encrypted data contained in the signed second service order ticket to extract the second order. For example, the point-to-point authority management method based on the self-issuing ticket of the administrator according to claim 9, wherein, before the first terminal device and the server device establish the session mechanism, the server device and the first terminal device meet First perform an identity verification (Challenge-response authentication, challenge-response authentication) procedure. For example, the point-to-point authority management method based on the manager's self-issued ticket as described in claim 9, wherein after the server device completes the service required by the second service instruction ticket, the server device will generate a status report ticket, the The status report ticket contains a service-related data, and the server device status report ticket uses the second session key to encrypt the service-related data contained in the status report ticket into a fourth encrypted data Then, use the second private key pair to report the status of the ticket signature containing the fourth encrypted data, and transmit the signed status report ticket to the first terminal device; the first terminal device receives After the signed state report ticket is reached, the state report ticket is verified with the second public key of the server device to verify the correctness of the signed state report ticket, and then the second session secret is used. The key decrypts the fourth encrypted data contained in the status report ticket to extract the service-related data, and after determining, based on the service-related data, that the server device has completed the service requested by the second service order ticket , Terminate the session mechanism with the server device. As described in claim 1, the point-to-point authority management method based on the self-issued ticket by the administrator, wherein the server device and the management device can also communicate with a second terminal device, and the second terminal device has a dedicated and paired one A fourth public key and a fourth private key; and the management terminal device can also generate a management right setting ticket containing a management right setting, and transmit the management right setting ticket to a second terminal device, the first After the second terminal device transmits the management right setting ticket to the server device, the server device verifies the correctness of the management right setting ticket according to the first public key of the management device, and then sets it according to the management right The management authority setting contained in the ticket sets the second terminal device to have all or part of the management authority of the server device; when the second terminal device is set to have all the management authority of the server device, the server device The device will update the manager field to the fourth public key of the second terminal device; when the second terminal device is set to have part of the management authority of the server device, the server device will add A second manager field and a second management authority field corresponding to the second manager field, and the fourth public key of the second terminal device is recorded in the second management field, and in The second management authority field records part of the management authority content set by the management authority setting ticket, and a first management authority field corresponding to the manager field is added, and the first management authority field is added to the first management authority field. Part of the management authority content of the management terminal device is recorded in. For example, the point-to-point authority management method based on the self-issued ticket of the manager as described in claim 12, wherein the second public key of the server device is recorded in a server device field of the management right setting ticket, and the management right setting ticket The fourth public key of the second terminal device is recorded in a ticket holder field of the ticket, and the first public key is recorded in a ticket issuer field of the management right setting ticket; and the management terminal The device uses the first private key to set the ticket signature for the management right, and then transmits the signed management right setting ticket to the second terminal device, and the second terminal device uses the second terminal device of the management terminal device to sign the ticket. After a public key verifies the correctness of the received signed management right setting ticket, the signed management right setting ticket is stored, and a status report ticket is generated, and the fourth private key pair is used After the status report ticket is signed, it transmits the signed status report ticket to the management terminal device, and the management terminal device receives the signed status report ticket and sends it to the fourth terminal of the second terminal device. The public key verifies the correctness of the status report ticket. For example, the point-to-point authority management method based on the manager's self-issued ticket according to claim 13, wherein the second terminal device transmits the signed management right setting ticket to the server device, and the server device uses the management The first public key of the end device verifies the correctness of the received signed management right setting ticket; and after the server device completes the management authority setting, a status report ticket containing a setting result will be generated, And after signing the status report ticket with the second private key, the signed status report ticket is transmitted to the second terminal device, and the second terminal device receives the signed status report ticket The second public key of the server device verifies the correctness of the status report ticket, and confirms that the server device has completed the setting of the update manager according to the setting result. For example, the point-to-point authority management method based on the manager's self-issued ticket according to claim 12, wherein the first public key and the first private key are generated by the management terminal device or provided after being generated by a first external computer device For the management end device, or generated by the first external computer device and stored in a first external device, and only when the first external device is electrically connected to the management end device, the management end device can obtain from the external device The first public key and the first private key; the second public key and a second private key paired with the second public key are generated by the server device or provided after being generated by a second external computer device To the server device; the third public key and the third private key are generated by the first terminal device itself or generated by a third external computer device and then provided to the first terminal device, or by the third external The computer device is generated and stored in a second external device, and when the second external device is electrically connected to the first terminal device, the first terminal device can obtain the third public key and the first terminal device from the second external device. Three private keys; the fourth public key and the fourth private key are generated by the second terminal device itself or generated by a fourth external computer device and then provided to the second terminal device, or by the fourth external computer device After generation, it is stored in a third external device, and when the third external device is electrically connected to the second terminal device, the second terminal device can obtain the fourth public key and the fourth private key from the third external device. key.

Images