WO2019071493A1 - Smart terminal-based automatic authorization method and automatic authorization system - Google Patents

Smart terminal-based automatic authorization method and automatic authorization system Download PDF

Info

Publication number
WO2019071493A1
WO2019071493A1 PCT/CN2017/105765 CN2017105765W WO2019071493A1 WO 2019071493 A1 WO2019071493 A1 WO 2019071493A1 CN 2017105765 W CN2017105765 W CN 2017105765W WO 2019071493 A1 WO2019071493 A1 WO 2019071493A1
Authority
WO
WIPO (PCT)
Prior art keywords
public key
smart terminal
module
key
private key
Prior art date
Application number
PCT/CN2017/105765
Other languages
French (fr)
Chinese (zh)
Inventor
任凯
Original Assignee
深圳传音通讯有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳传音通讯有限公司 filed Critical 深圳传音通讯有限公司
Priority to PCT/CN2017/105765 priority Critical patent/WO2019071493A1/en
Publication of WO2019071493A1 publication Critical patent/WO2019071493A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present invention provides an automatic authorization method and automatic authorization system for a smart terminal. The automatic authorization method comprises: establishing a connection between at least one first smart terminal storing a first public key and a second smart terminal storing a second public key and a private key; the first smart terminal sends to the second smart terminal authorization information encrypted by using the first public key; the second smart terminal determines whether the first public key is the same as the second public key; if yes, the second smart terminal decrypts the authorization information by using the private key; after the decryption, the second smart terminal obtains the authorization information. The automatic authorization system comprises: a connection module, at least one first smart terminal, and a second smart terminal. The first smart terminal comprises an encryption module and an obtaining module. The second smart terminal comprises a decryption module and a determination module. On the basis of the characteristics of a public key and a private key, the technical solution provided by the present invention can resolve the problem of manual authorization, avoids consumption of labor resources, and facilitates automated production test of a factory.

Description

一种基于智能终端的自动授权方法及自动授权系统Automatic authorization method based on intelligent terminal and automatic authorization system 技术领域Technical field
本发明涉及智能终端领域,尤其涉及一种基于智能终端的自动授权方法及自动授权系统。The present invention relates to the field of intelligent terminals, and in particular, to an automatic authorization method based on an intelligent terminal and an automatic authorization system.
背景技术Background technique
当前电子设备的制造领域中,工厂通常会用工控机(Industrial Personal Computer,简称IPC),通过USB连接安卓(Android)设备进行生产测试。在这过程中,IPC通过安卓调试桥(Android Debug Bridge,简称ADB)方式对Android设备进行操作与控制,达到满足生产的需求。针对满足谷歌移动服务(GoogleMobile Service,简称GMS)认证的Android设备,智能终端通过ADB连接电脑后,需要人工在智能终端对“允许USB调试”的信息进行确认授权,确认授权后IPC上的工具软件才能通过ADB对智能终端进行操作与控制。In the current manufacturing field of electronic equipment, factories usually use Industrial Personal Computer (IPC) to connect Android (Android) devices for production testing. In this process, IPC operates and controls the Android device through the Android Debug Bridge (ADB) to meet the production requirements. For an Android device that satisfies Google Mobile Service (GMS) authentication, after the smart terminal connects to the computer through ADB, it needs to manually confirm and authorize the information of “Allow USB debugging” on the smart terminal, and confirm the tool software on the IPC after authorization. In order to operate and control the intelligent terminal through ADB.
然而,在生产过程中,基于线产工人需要对每一台智能终端进行点击授权操作,故,该测试尚无法做到自动化生产,浪费大量的人力。同时,工人在长时间的疲劳性也大大的提高了出错率。However, in the production process, the line-based workers need to perform a click authorization operation on each intelligent terminal. Therefore, the test cannot be automated and wastes a lot of manpower. At the same time, the fatigue of workers for a long time also greatly increased the error rate.
为此,本发明提供了一种基于智能终端的自动授权方法及自动授权系统。通过控制工控机中的公钥与私钥,使工控机中的公钥提前保存在智能终端中,从而解决产线工控机对每一台智能终端进行授权的问题。To this end, the present invention provides an automatic authorization method based on an intelligent terminal and an automatic authorization system. By controlling the public key and the private key in the industrial computer, the public key in the industrial computer is saved in the intelligent terminal in advance, thereby solving the problem that the production line industrial computer authorizes each intelligent terminal.
发明内容Summary of the invention
为了克服上述技术缺陷,本发明的目的在于提供一种基于智能终端的自动授权方法及自动授权系统。通过控制工控机中的公钥与私钥,使工控机中的公钥提前保存在智能终端中,从而解决产线工控机对每一台智能终端进行授权的问题。本发明提供的技术方案,有助于实现工厂对智能终端进行的自动化生产测试。In order to overcome the above technical deficiencies, an object of the present invention is to provide an automatic authorization method based on an intelligent terminal and an automatic authorization system. By controlling the public key and the private key in the industrial computer, the public key in the industrial computer is saved in the intelligent terminal in advance, thereby solving the problem that the production line industrial computer authorizes each intelligent terminal. The technical solution provided by the invention helps to realize the automated production test of the intelligent terminal by the factory.
本发明提供了一种用于智能终端的自动授权方法,所述自动授权方法包括如下步骤:The invention provides an automatic authorization method for an intelligent terminal, and the automatic authorization method comprises the following steps:
将至少一存有第一公钥的第一智能终端与一存有第二公钥和私钥的第二智能终端建立连接;Establishing a connection between at least one first smart terminal storing the first public key and a second smart terminal storing the second public key and the private key;
所述第一智能终端向所述第二智能终端发出一采用第一公钥加密的授权信息;Sending, by the first smart terminal, the authorization information encrypted by the first public key to the second smart terminal;
所述第二智能终端判断所述第一公钥是否与所述第二公钥相同;Determining, by the second intelligent terminal, whether the first public key is the same as the second public key;
当所述第一公钥与所述第二公钥相同时,所述第二智能终端采用所述私钥对所述授权信息解密;When the first public key is the same as the second public key, the second smart terminal decrypts the authorization information by using the private key;
解密后,所述第二智能终端获得所述授权信息。After decryption, the second intelligent terminal obtains the authorization information.
优选地,所述自动授权方法进一步包括:Preferably, the automatic authorization method further comprises:
通过一基准智能终端生成一个密钥对,所述密钥对包括唯一匹配的公钥和私钥。A key pair is generated by a reference smart terminal, the key pair including a unique matching public key and private key.
优选地,所述基准智能终端将所述公钥发送至所述第一智能终端中,以作为第一公钥;Preferably, the reference smart terminal sends the public key to the first smart terminal as a first public key;
所述基准智能终端将所述公钥和私钥发送至所述第二智能终端中,以作为第二公钥和私钥。The reference smart terminal sends the public key and the private key to the second smart terminal as a second public key and a private key.
优选地,所述第二智能终端采用所述私钥对所述授权信息解密的步骤中,进一步包括: Preferably, the step of the second smart terminal decrypting the authorization information by using the private key further includes:
提取保护所述授权信息中的第一公钥;Extracting and protecting the first public key in the authorization information;
调用所述私钥基于私钥解密算法解除所述第一公钥。Invoking the private key releases the first public key based on a private key decryption algorithm.
优选地,当所述第一公钥与所述第二公钥不相同时,所述第二智能终端不执行解密操作。Preferably, when the first public key is different from the second public key, the second smart terminal does not perform a decryption operation.
本发明进一步提供了一种用于智能终端的自动授权系统,所述自动授权系统包括连接模块、至少一第一智能终端和一第二智能终端;The invention further provides an automatic authorization system for a smart terminal, the automatic authorization system comprising a connection module, at least a first intelligent terminal and a second intelligent terminal;
所述第一智能终端包括加密模块、获取模块;The first intelligent terminal includes an encryption module and an acquisition module;
所述第二智能终端包括解密模块、判断模块;The second intelligent terminal includes a decryption module and a determination module;
所述连接模块,将一存有第一公钥的第一智能终端与一存有第二公钥和私钥的第二智能终端建立连接;The connection module establishes a connection between a first smart terminal storing a first public key and a second smart terminal storing a second public key and a private key;
所述加密模块,与所述连接模块、解密模块通讯连接,向所述第二智能终端发出一采用第一公钥加密的授权信息;The encryption module is in communication with the connection module and the decryption module, and sends an authorization information encrypted by the first public key to the second intelligent terminal;
所述判断模块,与所述加密模块、解密模块通讯连接,判断所述第一公钥是否与所述第二公钥相同;The determining module is connected to the encryption module and the decryption module to determine whether the first public key is the same as the second public key;
所述解密模块,与所述判断模块、获取模块通讯连接,当所述第一公钥与所述第二公钥相同时,采用所述私钥对所述授权信息解密;The decryption module is in communication with the determining module and the obtaining module, and when the first public key is the same as the second public key, decrypting the authorization information by using the private key;
所述获取模块,与所述解密模块通讯连接,解密后,获得所述授权信息。The obtaining module is in communication with the decryption module, and after decryption, obtains the authorization information.
优选地,所述自动授权系统进一步包括一生成模块;Preferably, the automatic authorization system further includes a generating module;
所述生成模块,用于生成一个密钥对,所述密钥对包括唯一匹配的公钥和私钥。The generating module is configured to generate a key pair, where the key pair includes a unique matching public key and a private key.
优选地,所述生成模块,与所述第一智能终端、第二智能终端通讯连接,将所述公钥发送至所述第一智能终端中,以作为第一公钥;Preferably, the generating module is in communication with the first smart terminal and the second smart terminal, and sends the public key to the first smart terminal as the first public key;
将所述公钥和私钥发送至所述第二智能终端中,以作为第二公钥和私钥。Transmitting the public key and the private key to the second intelligent terminal as the second public key and the private key.
优选地,所述解密模块进一步包括:Preferably, the decrypting module further comprises:
提取单元,提取保护所述授权信息中的第一公钥;Extracting unit, extracting and protecting the first public key in the authorization information;
调用单元,调用所述私钥,基于私钥解密算法解除所述第一公钥。Calling the unit, invoking the private key, and releasing the first public key based on a private key decryption algorithm.
优选地,所述自动授权系统进一步包括终止模块;Preferably, the automatic authorization system further includes a termination module;
所述终止模块,与所述判断模块通讯连接,当所述判断模块判断所述第一公钥与所述第二公钥不相同时,所述第二智能终端不执行解密操作。The termination module is in communication with the determining module. When the determining module determines that the first public key is different from the second public key, the second intelligent terminal does not perform a decryption operation.
采用了上述技术方案后,与现有技术相比,具有以下有益效果:After adopting the above technical solution, compared with the prior art, the following beneficial effects are obtained:
通过控制工控机(第二智能终端)中的公钥与私钥,使工控机(第二智能终端)中的公钥提前保存在第一智能终端中,从而解决产线工控机(第二智能终端)对每一台第一智能终端进行授权的问题。本发明提供的技术方案,有助于实现工厂对智能终端进行的自动化生产测试。By controlling the public key and the private key in the industrial computer (second intelligent terminal), the public key in the industrial computer (second intelligent terminal) is saved in the first intelligent terminal in advance, thereby solving the production line industrial computer (second intelligent Terminal) The problem of authorizing each first intelligent terminal. The technical solution provided by the invention helps to realize the automated production test of the intelligent terminal by the factory.
附图说明DRAWINGS
图1为符合本发明实施例中的一种基于智能终端的自动授权方法的流程示意图;1 is a schematic flow chart of an automatic authorization method based on an intelligent terminal according to an embodiment of the present invention;
图2为符合本发明实施例中的一种基于智能终端的自动授权方法的流程示意图;2 is a schematic flow chart of an automatic authorization method based on an intelligent terminal according to an embodiment of the present invention;
图3为符合本发明实施例中的一种基于智能终端的自动授权系统的结构示意图;3 is a schematic structural diagram of an automatic authorization system based on an intelligent terminal according to an embodiment of the present invention;
图4为符合本发明实施例中的一种基于智能终端的自动授权系统的结构示意图。FIG. 4 is a schematic structural diagram of an automatic authorization system based on an intelligent terminal according to an embodiment of the present invention.
具体实施方式Detailed ways
以下结合附图与具体实施例进一步阐述本发明的优点。Advantages of the present invention are further explained below in conjunction with the accompanying drawings and specific embodiments.
这里将详细地对示例性实施例进行说明,其示例表示在附图中。下面的描述涉及附图时,除非另有表示,不同附图中的相同数字表示相同或相似的要素。以下示例性实施例中所描述的实施方式并不代表与本公开相一致的所有实施方式。相反,它们仅是与如 所附权利要求书中所详述的、本公开的一些方面相一致的装置和方法的例子。Exemplary embodiments will be described in detail herein, examples of which are illustrated in the accompanying drawings. The following description refers to the same or similar elements in the different figures unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present disclosure. Instead, they are only like Examples of apparatus and methods consistent with aspects of the present disclosure as detailed in the appended claims.
在本公开使用的术语是仅仅出于描述特定实施例的目的,而非旨在限制本公开。在本公开和所附权利要求书中所使用的单数形式的“一种”、“所述”和“该”也旨在包括多数形式,除非上下文清楚地表示其他含义。还应当理解,本文中使用的术语“和/或”是指并包含一个或多个相关联的列出项目的任何或所有可能组合。The terms used in the present disclosure are for the purpose of describing particular embodiments only, and are not intended to limit the disclosure. The singular forms "a", "the" and "the" It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
在本发明的描述中,除非另有规定和限定,需要说明的是,术语“连接”应做广义理解,例如,可以是机械连接或电连接,也可以是两个元件内部的连通,可以是直接相连,也可以通过中间媒介间接相连,对于本领域的普通技术人员而言,可以根据具体情况理解上述术语的具体含义。In the description of the present invention, unless otherwise specified and limited, it should be noted that the term "connected" should be understood broadly, and may be, for example, a mechanical connection or an electrical connection, or may be internal to the two elements, or may be The direct connection may also be indirectly connected through an intermediate medium. For those skilled in the art, the specific meanings of the above terms may be understood according to specific situations.
在后续的描述中,使用用于表示元件的诸如“模块”或“单元”的后缀仅为了有利于本发明的说明,其本身并没有特定的意义。因此,“模块”与“部件”可以混合地使用。In the following description, the use of suffixes such as "module" or "unit" for indicating an element is merely an explanation for facilitating the present invention, and does not have a specific meaning per se. Therefore, "module" and "component" can be used in combination.
智能终端可以以各种形式来实施。例如,本发明中描述的终端可以包括诸如移动电话、智能电话、笔记本电脑、PDA(个人数字助理)、PAD(平板电脑)、PMP(便携式多媒体播放器)、导航装置等等的智能终端以及诸如数字TV、台式计算机等等的固定终端。下面,假设终端是智能终端。然而,本领域技术人员将理解的是,除了特别用于移动目的的元件之外,根据本发明的实施方式的构造也能够应用于固定类型的终端。The smart terminal can be implemented in various forms. For example, the terminal described in the present invention may include a smart terminal such as a mobile phone, a smart phone, a notebook computer, a PDA (Personal Digital Assistant), a PAD (Tablet), a PMP (Portable Multimedia Player), a navigation device, and the like, and such as Fixed terminal for digital TV, desktop computer, etc. In the following, it is assumed that the terminal is a smart terminal. However, those skilled in the art will appreciate that configurations in accordance with embodiments of the present invention can be applied to fixed type terminals in addition to components that are specifically for mobile purposes.
参阅图1,为符合本发明实施例中的一种基于智能终端的自动授权方法的流程示意图。本实施例中,所述自动授权方法包括如下步骤:1 is a schematic flowchart of a method for automatically authorizing an intelligent terminal according to an embodiment of the present invention. In this embodiment, the automatic authorization method includes the following steps:
将至少一存有第一公钥的第一智能终端与一存有第二公钥和私钥的第二智能终端建立连接;Establishing a connection between at least one first smart terminal storing the first public key and a second smart terminal storing the second public key and the private key;
所述第一智能终端向所述第二智能终端发出一采用第一公钥加密的授权信息;Sending, by the first smart terminal, the authorization information encrypted by the first public key to the second smart terminal;
所述第二智能终端判断所述第一公钥是否与所述第二公钥相同;Determining, by the second intelligent terminal, whether the first public key is the same as the second public key;
当所述第一公钥与所述第二公钥相同时,所述第二智能终端采用所述私钥对所述授权信息解密;When the first public key is the same as the second public key, the second smart terminal decrypts the authorization information by using the private key;
解密后,所述第二智能终端获得所述授权信息。After decryption, the second intelligent terminal obtains the authorization information.
在一优选实施例中,当所述第一公钥与所述第二公钥不相同时,所述第二智能终端不执行解密操作。In a preferred embodiment, when the first public key is different from the second public key, the second smart terminal does not perform a decryption operation.
本实施例中的一种基于智能终端的自动授权方法是基于至少一个第一智能终端和一个第二智能终端实现的。其中,第一智能终端中存有一第一公钥,第二智能终端中存有第二公钥和私钥。第二公钥和私钥为一组匹配的密钥对。公钥(Public Key)与私钥(Private Key)是通过一种算法得到的一个密钥对(即一个公钥和一个私钥),公钥是密钥对中公开的部分,私钥则是非公开的部分。公钥通常用于加密会话密钥、验证数字签名,或加密可以用相应的私钥解密的数据。通过这种算法得到的密钥对能保证在世界范围内是唯一的。使用这个密钥对的时候,如果用其中一个密钥加密一段数据,必须用另一个密钥解密。比如用公钥加密数据就必须用私钥解密,如果用私钥加密也必须用公钥解密,否则解密将不会成功。基于公钥和私钥的特性,本实施例中的自动授权方法主要基于该特性实现。当第一智能终端与第二智能终端通过USB数据线连接或插入式连接建立连接后,第二智能终端为获得第一智能终端的授权,对第一智能终端进行操作控制,向第一智能终端发出一访问请求,第一智能终端根据该访问请求向第二智能终端发出一加密的授权信息。第一智能终端采用公钥加密算法对该授权信息进行加密。其中常见的公钥加密算法包括:RSA、ElGamal、背包算法、Rabin(Rabin的加密法可以说是RSA方法的特例)、Diffie-Hellman(D-H)密钥交换协议中的公钥加密算法、Flliptic Curve Cryptography(ECC,椭圆曲线加密算法)。目前,使用最广泛的是RSA算法(由发明者Rivest、Shmir和Adleman姓氏首字母缩写而来)是著名的公开金钥加密算法。当第一智 能终端通过公钥加密算法对授权信息加密后,进一步将该加密后的授权信息发送到第二智能终端中。此时,第二智能终端接收到加密的授权信息后,首先调用其内部的第二公钥进行验证,验证加密授权信息的第一公钥是否是与其私钥相匹配的。若匹配,则第二智能终端调用其私钥解密算法采用私钥对该授权信息进行解密。若不匹配,则第二智能终端不会对该加密的授权信息进行解密,以进一步确保其私钥的安全性,防止被他人盗用。当判断第一公钥与第二公钥实为相同的公钥时,进一步,第二智能终端调用其私钥解密算法,对该授权信息进行解密,以最终获得授权信息,从而获得第一智能终端的授权。基于公钥与私钥的唯一匹配特性,第二智能终端可以通过私钥解密算法对使用公钥加密的授权信息进行解密,自动获得第一智能终端发出的授权信息。该方法既实现了自动授权,避免人工手动授权操作,又通过第二公钥对加密的授权信息进行初步验证,确保第二智能终端能获得真正的授权信息,也进一步保障了私钥的安全性,确保了授权的准确性。An automatic authorization method based on the smart terminal in this embodiment is implemented based on at least one first smart terminal and one second smart terminal. The first smart terminal stores a first public key, and the second smart terminal stores a second public key and a private key. The second public key and private key are a set of matching key pairs. Public Key and Private Key are a pair of keys obtained by an algorithm (ie, a public key and a private key). The public key is the public part of the key pair, and the private key is not. The public part. Public keys are typically used to encrypt session keys, verify digital signatures, or encrypt data that can be decrypted with the corresponding private key. The key pair obtained by this algorithm is guaranteed to be unique worldwide. When using this key pair, if one piece of data is used to encrypt a piece of data, it must be decrypted with another key. For example, encrypting data with a public key must be decrypted with a private key. If it is encrypted with a private key, it must be decrypted with a public key, otherwise the decryption will not succeed. Based on the characteristics of the public key and the private key, the automatic authorization method in this embodiment is mainly implemented based on the feature. After the first smart terminal and the second smart terminal establish a connection through the USB data line connection or the plug-in connection, the second smart terminal performs operation control on the first smart terminal to obtain the authorization of the first smart terminal, to the first intelligent terminal. An access request is sent, and the first smart terminal sends an encrypted authorization information to the second smart terminal according to the access request. The first intelligent terminal encrypts the authorization information by using a public key encryption algorithm. Common public key encryption algorithms include: RSA, ElGamal, backpack algorithm, Rabin (Rabin's encryption method can be said to be a special case of RSA method), Diffie-Hellman (DH) key exchange protocol public key encryption algorithm, Flliptic Curve Cryptography (ECC, elliptic curve encryption algorithm). Currently, the most widely used RSA algorithm (acronym by the inventors Rivest, Shmir, and Adleman) is a well-known public key encryption algorithm. When the first wisdom After the terminal can encrypt the authorization information by using the public key encryption algorithm, the terminal further sends the encrypted authorization information to the second intelligent terminal. At this time, after receiving the encrypted authorization information, the second intelligent terminal first calls its internal second public key for verification, and verifies whether the first public key of the encrypted authorization information matches its private key. If it matches, the second smart terminal invokes its private key decryption algorithm to decrypt the authorization information by using the private key. If there is no match, the second intelligent terminal does not decrypt the encrypted authorization information to further ensure the security of the private key and prevent it from being stolen by others. When it is determined that the first public key and the second public key are the same public key, the second smart terminal further invokes its private key decryption algorithm to decrypt the authorization information to finally obtain the authorization information, thereby obtaining the first intelligence. Authorization of the terminal. Based on the unique matching feature of the public key and the private key, the second intelligent terminal can decrypt the authorization information encrypted by using the public key by using a private key decryption algorithm, and automatically obtain the authorization information sent by the first intelligent terminal. The method not only realizes automatic authorization, avoids manual manual authorization operation, but also performs preliminary verification on the encrypted authorization information through the second public key, ensuring that the second intelligent terminal can obtain real authorization information, and further secures the security of the private key. To ensure the accuracy of the authorization.
在一优选实施例中,所述自动授权方法进一步包括:In a preferred embodiment, the automatic authorization method further includes:
通过一基准智能终端生成一个密钥对,所述密钥对包括唯一匹配的公钥和私钥。A key pair is generated by a reference smart terminal, the key pair including a unique matching public key and private key.
所述基准智能终端将所述公钥发送至所述第一智能终端中,以作为第一公钥;The reference smart terminal sends the public key to the first smart terminal as a first public key;
所述基准智能终端将所述公钥和私钥发送至所述第二智能终端中,以作为第二公钥和私钥。The reference smart terminal sends the public key and the private key to the second smart terminal as a second public key and a private key.
在一优选实施例中,本发明提供的自动授权方法进一步包括:通过一基准智能终端在VC2010开发的AdbDriverHelp工具的帮助下,通过调用函数,自动生成一个密钥对。该密钥对包括公钥和私钥。公钥是密钥对中公开的部分,私钥则是非公开的部分。公钥通常用于加密会话密钥、验证数字签名,或加密可以用相应的私钥解密的数据。通过这种算法得到的密钥对能保证在世界范围内是唯一的。使用这个密钥对的时候,如果用其中一个密钥加密一段数据,必须用另一个密钥解密。比如用公钥加密数据就必须用私钥解密,如果用私钥加密也必须用公钥解密,否则解密将不会成功。In a preferred embodiment, the automatic authorization method provided by the present invention further comprises: automatically generating a key pair by calling a function by using a reference smart terminal with the help of the AdbDriverHelp tool developed by VC2010. The key pair includes a public key and a private key. The public key is the part of the key pair that is exposed, and the private key is the non-public part. Public keys are typically used to encrypt session keys, verify digital signatures, or encrypt data that can be decrypted with the corresponding private key. The key pair obtained by this algorithm is guaranteed to be unique worldwide. When using this key pair, if one piece of data is used to encrypt a piece of data, it must be decrypted with another key. For example, encrypting data with a public key must be decrypted with a private key. If it is encrypted with a private key, it must be decrypted with a public key, otherwise the decryption will not succeed.
当基准智能终端通过密钥算法计算得到公钥和私钥后,进一步分别与第一智能终端和第二智能终端进行连接。将公钥发送到第一智能终端中储存,即第一公钥。将公钥和私钥均复制到第二智能终端中,即第二公钥和私钥。After the reference smart terminal calculates the public key and the private key by using the key algorithm, the reference smart terminal further connects with the first smart terminal and the second smart terminal respectively. Sending the public key to the first smart terminal for storage, that is, the first public key. Both the public key and the private key are copied to the second smart terminal, that is, the second public key and the private key.
当第一智能终端与第二智能终端通过USB数据线连接或插入式连接建立连接后,第二智能终端为获得第一智能终端的授权,对第一智能终端进行操作控制,向第一智能终端发出一访问请求,第一智能终端根据该访问请求向第二智能终端发出一加密的授权信息。第一智能终端采用公钥加密算法对该授权信息进行加密。其中常见的公钥加密算法包括:RSA、ElGamal、背包算法、Rabin(Rabin的加密法可以说是RSA方法的特例)、Diffie-Hellman(D-H)密钥交换协议中的公钥加密算法、Flliptic Curve Cryptography(ECC,椭圆曲线加密算法)。目前,使用最广泛的是RSA算法(由发明者Rivest、Shmir和Adleman姓氏首字母缩写而来)是著名的公开金钥加密算法。当第一智能终端通过公钥加密算法对授权信息加密后,进一步将该加密后的授权信息发送到第二智能终端中。此时,第二智能终端接收到加密的授权信息后,首先调用其内部的第二公钥进行验证,验证加密授权信息的第一公钥是否是与其私钥相匹配的。若匹配,则第二智能终端调用其私钥解密算法采用私钥对该授权信息进行解密。若不匹配,则第二智能终端不会对该加密的授权信息进行解密,以进一步确保其私钥的安全性,不会被他人盗用。当判断第一公钥与第二公钥实为相同的公钥时,进一步,第二智能终端调用其私钥解密算法,对该授权信息进行解密,以最终获得授权信息,从而获得第一智能终端的授权。基于公钥与私钥的唯一匹配特性,第二智能终端可以通过私钥解密算法对使用公钥加密的授权信息进行解密,自动获得第一智能终端发出的授权信息。该方法既实现了自动授权,避免人工手动授权操作,又通过第二公钥对加密的授权信息进行初步验证,确保第二智能终 端能获得真正的授权信息,以防私钥泄露,确保了授权的准确性。After the first smart terminal and the second smart terminal establish a connection through the USB data line connection or the plug-in connection, the second smart terminal performs operation control on the first smart terminal to obtain the authorization of the first smart terminal, to the first intelligent terminal. An access request is sent, and the first smart terminal sends an encrypted authorization information to the second smart terminal according to the access request. The first intelligent terminal encrypts the authorization information by using a public key encryption algorithm. Common public key encryption algorithms include: RSA, ElGamal, backpack algorithm, Rabin (Rabin's encryption method can be said to be a special case of RSA method), Diffie-Hellman (DH) key exchange protocol public key encryption algorithm, Flliptic Curve Cryptography (ECC, elliptic curve encryption algorithm). Currently, the most widely used RSA algorithm (acronym by the inventors Rivest, Shmir, and Adleman) is a well-known public key encryption algorithm. After the first smart terminal encrypts the authorization information by using the public key encryption algorithm, the encrypted authorization information is further sent to the second smart terminal. At this time, after receiving the encrypted authorization information, the second intelligent terminal first calls its internal second public key for verification, and verifies whether the first public key of the encrypted authorization information matches its private key. If it matches, the second smart terminal invokes its private key decryption algorithm to decrypt the authorization information by using the private key. If there is no match, the second intelligent terminal does not decrypt the encrypted authorization information to further ensure the security of the private key and is not stolen by others. When it is determined that the first public key and the second public key are the same public key, the second smart terminal further invokes its private key decryption algorithm to decrypt the authorization information to finally obtain the authorization information, thereby obtaining the first intelligence. Authorization of the terminal. Based on the unique matching feature of the public key and the private key, the second intelligent terminal can decrypt the authorization information encrypted by using the public key by using a private key decryption algorithm, and automatically obtain the authorization information sent by the first intelligent terminal. The method not only realizes automatic authorization, avoids manual manual authorization operation, and performs preliminary verification on the encrypted authorization information through the second public key to ensure the second intelligent end. The terminal can obtain real authorization information to prevent the private key from leaking and ensure the accuracy of the authorization.
参阅图2,为符合本发明实施例中的一种基于智能终端的自动授权方法的流程示意图。本实施例中,所述第二智能终端采用所述私钥对所述授权信息解密的步骤中,进一步包括:Referring to FIG. 2, it is a schematic flowchart of an automatic authorization method based on an intelligent terminal according to an embodiment of the present invention. In this embodiment, the step of the second smart terminal decrypting the authorization information by using the private key further includes:
提取保护所述授权信息中的第一公钥;Extracting and protecting the first public key in the authorization information;
调用所述私钥基于私钥解密算法解除所述第一公钥。Invoking the private key releases the first public key based on a private key decryption algorithm.
在一优选实施例中,第二智能终端接收到一被第一公钥加密保护的授权信息后,为读取到其中的授权信息获得第一智能终端的授权。第二智能终端首先提取该加密文件中的第一公钥,通过采用私钥解密算法调用私钥对第一公钥进行解密操作,从而将受加密保护的授权信息破解,读取到真正的授权信息。In a preferred embodiment, after receiving the authorization information protected by the first public key encryption, the second intelligent terminal obtains the authorization of the first smart terminal for the authorization information read therein. The second intelligent terminal first extracts the first public key in the encrypted file, and uses the private key decryption algorithm to invoke the private key to decrypt the first public key, thereby decrypting the encrypted protected authorization information and reading the real authorization. information.
参阅图3,为符合本发明实施例中的一种基于智能终端的自动授权系统的结构示意图。本实施例中,所述自动授权系统包括连接模块、至少一第一智能终端和一第二智能终端;Referring to FIG. 3, it is a schematic structural diagram of an automatic authorization system based on an intelligent terminal according to an embodiment of the present invention. In this embodiment, the automatic authorization system includes a connection module, at least one first intelligent terminal, and a second intelligent terminal;
所述第一智能终端包括加密模块、获取模块;The first intelligent terminal includes an encryption module and an acquisition module;
所述第二智能终端包括解密模块、判断模块;The second intelligent terminal includes a decryption module and a determination module;
所述连接模块,将一存有第一公钥的第一智能终端与一存有第二公钥和私钥的第二智能终端建立连接;The connection module establishes a connection between a first smart terminal storing a first public key and a second smart terminal storing a second public key and a private key;
所述加密模块,与所述连接模块、解密模块通讯连接,向所述第二智能终端发出一采用第一公钥加密的授权信息;The encryption module is in communication with the connection module and the decryption module, and sends an authorization information encrypted by the first public key to the second intelligent terminal;
所述判断模块,与所述加密模块、解密模块通讯连接,判断所述第一公钥是否与所述第二公钥相同;The determining module is connected to the encryption module and the decryption module to determine whether the first public key is the same as the second public key;
所述解密模块,与所述判断模块、获取模块通讯连接,当所述第一公钥与所述第二公钥相同时,采用所述私钥对所述授权信息解密;The decryption module is in communication with the determining module and the obtaining module, and when the first public key is the same as the second public key, decrypting the authorization information by using the private key;
所述获取模块,与所述解密模块通讯连接,解密后,获得所述授权信息。The obtaining module is in communication with the decryption module, and after decryption, obtains the authorization information.
本实施例中的一种基于智能终端的自动授权系统是基于至少一个第一智能终端和一个第二智能终端实现的。其中,第一智能终端中存有一第一公钥,第二智能终端中存有第二公钥和私钥。第二公钥和私钥为一组匹配的密钥对。公钥(Public Key)与私钥(Private Key)是通过一种算法得到的一个密钥对(即一个公钥和一个私钥),公钥是密钥对中公开的部分,私钥则是非公开的部分。公钥通常用于加密会话密钥、验证数字签名,或加密可以用相应的私钥解密的数据。通过这种算法得到的密钥对能保证在世界范围内是唯一的。使用这个密钥对的时候,如果用其中一个密钥加密一段数据,必须用另一个密钥解密。比如用公钥加密数据就必须用私钥解密,如果用私钥加密也必须用公钥解密,否则解密将不会成功。基于公钥和私钥的特性,本实施例中的自动授权系统主要基于该特性实现。其中,本实施例中的自动授权系统具体包括:连接模块、至少一第一智能终端和第二智能终端。第一智能终端包括加密模块、获取模块;第二智能终端包括解密模块、判断模块。当连接模块通过USB数据线连接或插入式连接于第一智能终端与第二智能终端之间建立连接后,第二智能终端为获得第一智能终端的自动授权,对第一智能终端进行操作控制,向第一智能终端发出一访问请求,第一智能终端根据该访问请求向第二智能终端发出一加密的授权信息。第一智能终端的加密模块采用公钥加密算法对该授权信息进行加密。其中,常见的公钥加密算法包括:RSA、ElGamal、背包算法、Rabin(Rabin的加密法可以说是RSA方法的特例)、Diffie-Hellman(D-H)密钥交换协议中的公钥加密算法、Flliptic Curve Cryptography(ECC,椭圆曲线加密算法)。目前,使用最广泛的是RSA算法(由发明者Rivest、Shmir和Adleman姓氏首字母缩写而来)是著名的公开金钥加密算法。当加密模块通过公钥加密算法对授权信息加密后,进一步将该加密后的授权信息通过通讯连接发送到判断模块中。此时,判断模块接收到加密的 授权信息后,首先调用其内部的第二公钥进行验证,验证加密授权信息的第一公钥是否是与其私钥相匹配的。若匹配,则第二智能终端的解密模块调用其私钥解密算法采用私钥对该授权信息进行解密。若不匹配,则第二智能终端不会对该加密的授权信息进行解密,以进一步确保其私钥的安全性,不会被他人盗用。当判断模块判断第一公钥与第二公钥实为相同的公钥时,进一步,解密模块调用第二智能终端的私钥解密算法,对该授权信息进行解密,以最终获得授权信息,从而获得第一智能终端的授权。基于公钥与私钥的唯一匹配特性,解密模块可以通过私钥解密算法对加密模块使用公钥加密的授权信息进行解密,自动获得第一智能终端发出的授权信息。采用本实施例中的自动授权系统既实现了智能终端之间的自动授权,避免人工手动授权操作,又通过第二公钥对加密的授权信息进行初步验证,确保第二智能终端能获得真正的授权信息,也进一步保障了私钥的安全性,确保了授权的准确性。An intelligent terminal-based automatic authorization system in this embodiment is implemented based on at least one first intelligent terminal and one second intelligent terminal. The first smart terminal stores a first public key, and the second smart terminal stores a second public key and a private key. The second public key and private key are a set of matching key pairs. Public Key and Private Key are a pair of keys obtained by an algorithm (ie, a public key and a private key). The public key is the public part of the key pair, and the private key is not. The public part. Public keys are typically used to encrypt session keys, verify digital signatures, or encrypt data that can be decrypted with the corresponding private key. The key pair obtained by this algorithm is guaranteed to be unique worldwide. When using this key pair, if one piece of data is used to encrypt a piece of data, it must be decrypted with another key. For example, encrypting data with a public key must be decrypted with a private key. If it is encrypted with a private key, it must be decrypted with a public key, otherwise the decryption will not succeed. Based on the characteristics of the public key and the private key, the automatic authorization system in this embodiment is mainly implemented based on the feature. The automatic authorization system in this embodiment specifically includes: a connection module, at least one first intelligent terminal, and a second intelligent terminal. The first intelligent terminal includes an encryption module and an acquisition module; and the second intelligent terminal includes a decryption module and a determination module. After the connection module establishes a connection between the first intelligent terminal and the second intelligent terminal through the USB data cable connection or plug-in connection, the second intelligent terminal performs operation control on the first smart terminal to obtain automatic authorization of the first intelligent terminal. Sending an access request to the first smart terminal, and the first smart terminal sends an encrypted authorization information to the second smart terminal according to the access request. The encryption module of the first intelligent terminal encrypts the authorization information by using a public key encryption algorithm. Among them, common public key encryption algorithms include: RSA, ElGamal, backpack algorithm, Rabin (Rabin's encryption method can be said to be a special case of RSA method), Diffie-Hellman (DH) key exchange protocol public key encryption algorithm, Flliptic Curve Cryptography (ECC, elliptic curve encryption algorithm). Currently, the most widely used RSA algorithm (acronym by the inventors Rivest, Shmir, and Adleman) is a well-known public key encryption algorithm. After the encryption module encrypts the authorization information by using the public key encryption algorithm, the encrypted authorization information is further sent to the determination module through the communication connection. At this point, the judgment module receives the encrypted After the authorization information, first call its internal second public key to verify whether the first public key of the encryption authorization information matches its private key. If it matches, the decryption module of the second intelligent terminal invokes its private key decryption algorithm to decrypt the authorization information by using the private key. If there is no match, the second intelligent terminal does not decrypt the encrypted authorization information to further ensure the security of the private key and is not stolen by others. When the judging module judges that the first public key and the second public key are the same public key, the decryption module further invokes the private key decryption algorithm of the second smart terminal to decrypt the authorization information to finally obtain the authorization information, thereby Obtain authorization for the first smart terminal. Based on the unique matching characteristics of the public key and the private key, the decryption module can decrypt the authorization information encrypted by the encryption module using the public key by using the private key decryption algorithm, and automatically obtain the authorization information sent by the first intelligent terminal. The automatic authorization system in the embodiment not only realizes the automatic authorization between the intelligent terminals, but also avoids the manual manual authorization operation, and performs preliminary verification on the encrypted authorization information through the second public key to ensure that the second intelligent terminal can obtain the real The authorization information further ensures the security of the private key and ensures the accuracy of the authorization.
在一优选实施例中,所述自动授权系统进一步包括一生成模块;In a preferred embodiment, the automatic authorization system further includes a generating module;
所述生成模块,用于生成一个密钥对,所述密钥对包括唯一匹配的公钥和私钥。The generating module is configured to generate a key pair, where the key pair includes a unique matching public key and a private key.
所述生成模块,与所述第一智能终端、第二智能终端通讯连接,将所述公钥发送至所述第一智能终端中,以作为第一公钥;The generating module is configured to communicate with the first smart terminal and the second smart terminal, and send the public key to the first smart terminal as the first public key;
将所述公钥和私钥发送至所述第二智能终端中,以作为第二公钥和私钥。Transmitting the public key and the private key to the second intelligent terminal as the second public key and the private key.
所述自动授权系统进一步包括终止模块;The automatic authorization system further includes a termination module;
所述终止模块,与所述判断模块通讯连接,当所述判断模块判断所述第一公钥与所述第二公钥不相同时,所述第二智能终端不执行解密操作。The termination module is in communication with the determining module. When the determining module determines that the first public key is different from the second public key, the second intelligent terminal does not perform a decryption operation.
在一优选实施例中,本发明提供的自动授权系统包括一生成模块。该生成模块设置于一基准智能终端中,在一VC2010开发的AdbDriverHelp工具的帮助下,通过调用函数,自动生成一个密钥对。该密钥对包括公钥和私钥。公钥是密钥对中公开的部分,私钥则是非公开的部分。公钥通常用于加密会话密钥、验证数字签名,或加密可以用相应的私钥解密的数据。通过这种算法得到的密钥对能保证在世界范围内是唯一的。使用这个密钥对的时候,如果用其中一个密钥加密一段数据,必须用另一个密钥解密。比如用公钥加密数据就必须用私钥解密,如果用私钥加密也必须用公钥解密,否则解密将不会成功。In a preferred embodiment, the automatic authorization system provided by the present invention includes a generation module. The generation module is set in a reference intelligent terminal, and a key pair is automatically generated by calling a function with the help of the AdbDriverHelp tool developed by VC2010. The key pair includes a public key and a private key. The public key is the part of the key pair that is exposed, and the private key is the non-public part. Public keys are typically used to encrypt session keys, verify digital signatures, or encrypt data that can be decrypted with the corresponding private key. The key pair obtained by this algorithm is guaranteed to be unique worldwide. When using this key pair, if one piece of data is used to encrypt a piece of data, it must be decrypted with another key. For example, encrypting data with a public key must be decrypted with a private key. If it is encrypted with a private key, it must be decrypted with a public key, otherwise the decryption will not succeed.
当生成模块通过密钥算法计算得到公钥和私钥后,进一步分别与第一智能终端和第二智能终端进行连接。将公钥发送到第一智能终端中储存,即第一公钥。将公钥和私钥均复制到第二智能终端中,即第二公钥和私钥。After the generating module calculates the public key and the private key by using a key algorithm, the generating module further connects to the first smart terminal and the second smart terminal respectively. Sending the public key to the first smart terminal for storage, that is, the first public key. Both the public key and the private key are copied to the second smart terminal, that is, the second public key and the private key.
此外,本实施例中的自动授权系统进一步包括:连接模块;第一智能终端包括加密模块、获取模块;第二智能终端包括解密模块、判断模块。当连接模块通过USB数据线连接或插入式连接于第一智能终端与第二智能终端之间建立连接后,第二智能终端为获得第一智能终端的自动授权,对第一智能终端进行操作控制,向第一智能终端发出一访问请求,第一智能终端根据该访问请求向第二智能终端发出一加密的授权信息。第一智能终端的加密模块采用公钥加密算法对该授权信息进行加密。其中,常见的公钥加密算法包括:RSA、ElGamal、背包算法、Rabin(Rabin的加密法可以说是RSA方法的特例)、Diffie-Hellman(D-H)密钥交换协议中的公钥加密算法、Flliptic Curve Cryptography(ECC,椭圆曲线加密算法)。目前,使用最广泛的是RSA算法(由发明者Rivest、Shmir和Adleman姓氏首字母缩写而来)是著名的公开金钥加密算法。当加密模块通过公钥加密算法对授权信息加密后,进一步将该加密后的授权信息通过通讯连接发送到判断模块中。此时,判断模块接收到加密的授权信息后,首先调用其内部的第二公钥进行验证,验证加密授权信息的第一公钥是否是与其私钥相匹配的。若匹配,则第二智能终端的解密模块调用其私钥解密算法采用私钥对该授权信息进行解密。若不匹配,则第二智能终端中的终止模块会终止自动授权进程,第二智能终端不会对该加密的授权信息进行解密,以进一步确保其私钥的安全性,不会被他人盗用。当判断模块判断第一公钥与第二公钥 实为相同的公钥时,进一步,解密模块调用第二智能终端的私钥解密算法,对该授权信息进行解密,以最终获得授权信息,从而获得第一智能终端的授权。基于公钥与私钥的唯一匹配特性,解密模块可以通过私钥解密算法对加密模块使用公钥加密的授权信息进行解密,自动获得第一智能终端发出的授权信息。采用本实施例中的自动授权系统既实现了智能终端之间的自动授权,避免人工手动授权操作,又通过第二公钥对加密的授权信息进行初步验证,确保第二智能终端能获得真正的授权信息,也进一步保障了私钥的安全性,确保了授权的准确性。In addition, the automatic authorization system in this embodiment further includes: a connection module; the first intelligent terminal includes an encryption module and an acquisition module; and the second intelligent terminal includes a decryption module and a determination module. After the connection module establishes a connection between the first intelligent terminal and the second intelligent terminal through the USB data cable connection or plug-in connection, the second intelligent terminal performs operation control on the first smart terminal to obtain automatic authorization of the first intelligent terminal. Sending an access request to the first smart terminal, and the first smart terminal sends an encrypted authorization information to the second smart terminal according to the access request. The encryption module of the first intelligent terminal encrypts the authorization information by using a public key encryption algorithm. Among them, common public key encryption algorithms include: RSA, ElGamal, backpack algorithm, Rabin (Rabin's encryption method can be said to be a special case of RSA method), Diffie-Hellman (DH) key exchange protocol public key encryption algorithm, Flliptic Curve Cryptography (ECC, elliptic curve encryption algorithm). Currently, the most widely used RSA algorithm (acronym by the inventors Rivest, Shmir, and Adleman) is a well-known public key encryption algorithm. After the encryption module encrypts the authorization information by using the public key encryption algorithm, the encrypted authorization information is further sent to the determination module through the communication connection. At this time, after receiving the encrypted authorization information, the determining module first calls its internal second public key to verify whether the first public key of the encrypted authorization information matches its private key. If it matches, the decryption module of the second intelligent terminal invokes its private key decryption algorithm to decrypt the authorization information by using the private key. If there is no match, the termination module in the second intelligent terminal terminates the automatic authorization process, and the second intelligent terminal does not decrypt the encrypted authorization information to further ensure the security of the private key without being stolen by others. When the judging module judges the first public key and the second public key When the same public key is used, the decryption module further invokes the private key decryption algorithm of the second intelligent terminal to decrypt the authorization information to finally obtain the authorization information, thereby obtaining the authorization of the first intelligent terminal. Based on the unique matching characteristics of the public key and the private key, the decryption module can decrypt the authorization information encrypted by the encryption module using the public key by using the private key decryption algorithm, and automatically obtain the authorization information sent by the first intelligent terminal. The automatic authorization system in the embodiment not only realizes the automatic authorization between the intelligent terminals, but also avoids the manual manual authorization operation, and performs preliminary verification on the encrypted authorization information through the second public key to ensure that the second intelligent terminal can obtain the real The authorization information further ensures the security of the private key and ensures the accuracy of the authorization.
参阅图4,为符合本发明实施例中的一种基于智能终端的自动授权系统的结构示意图。本实施例中,所述解密模块进一步包括:Referring to FIG. 4, it is a schematic structural diagram of an automatic authorization system based on an intelligent terminal according to an embodiment of the present invention. In this embodiment, the decryption module further includes:
提取单元,提取保护所述授权信息中的第一公钥;Extracting unit, extracting and protecting the first public key in the authorization information;
调用单元,调用所述私钥,基于私钥解密算法解除所述第一公钥。Calling the unit, invoking the private key, and releasing the first public key based on a private key decryption algorithm.
在一优选实施例中,第二智能终端的解密模块接收到一被第一公钥加密保护的授权信息后,为读取到其中的授权信息获得第一智能终端的授权。解密模块中的提取单元首先提取该加密文件中的第一公钥,提取后,调用单元通过采用私钥解密算法调用私钥对第一公钥进行解密操作,从而将受加密保护的授权信息破解,以确保第二智能终端能够读取到真正的授权信息。In a preferred embodiment, after receiving the authorization information protected by the first public key encryption, the decryption module of the second smart terminal obtains the authorization of the first smart terminal for the authorization information read therein. The extracting unit in the decryption module first extracts the first public key in the encrypted file. After the extraction, the calling unit decrypts the first public key by using a private key decryption algorithm to invoke the private key, thereby decrypting the encrypted protected authorization information. To ensure that the second intelligent terminal can read the real authorization information.
采用本发明提供的自动授权方法及自动授权系统,能够通过控制第二智能终端中的公钥与私钥,使第二智能终端中的公钥提前保存在第一智能终端中,从而解决产线第二智能终端对每一台第一智能终端进行授权的问题,免于人力资源的耗费,有助于实现工厂对智能终端进行的自动化生产测试。The automatic authorization method and the automatic authorization system provided by the present invention can ensure that the public key in the second intelligent terminal is saved in the first intelligent terminal in advance by controlling the public key and the private key in the second intelligent terminal, thereby solving the production line. The problem that the second intelligent terminal authorizes each of the first intelligent terminals is free from the consumption of human resources, and helps to realize automated production testing of the smart terminals by the factory.
应当注意的是,本发明的实施例有较佳的实施性,且并非对本发明作任何形式的限制,任何熟悉该领域的技术人员可能利用上述揭示的技术内容变更或修饰为等同的有效实施例,但凡未脱离本发明技术方案的内容,依据本发明的技术实质对以上实施例所作的任何修改或等同变化及修饰,均仍属于本发明技术方案的范围内。 It should be noted that the embodiments of the present invention are preferred embodiments, and are not intended to limit the scope of the present invention. Any one skilled in the art may use the above-disclosed technical contents to change or modify the equivalent embodiments. Any modification or equivalent changes and modifications of the above embodiments in accordance with the technical spirit of the present invention are still within the scope of the technical solutions of the present invention.

Claims (10)

  1. 一种用于智能终端的自动授权方法,其特征在于,An automatic authorization method for an intelligent terminal, characterized in that
    所述自动授权方法包括如下步骤:The automatic authorization method includes the following steps:
    将至少一存有第一公钥的第一智能终端与一存有第二公钥和私钥的第二智能终端建立连接;Establishing a connection between at least one first smart terminal storing the first public key and a second smart terminal storing the second public key and the private key;
    所述第一智能终端向所述第二智能终端发出一采用第一公钥加密的授权信息;Sending, by the first smart terminal, the authorization information encrypted by the first public key to the second smart terminal;
    所述第二智能终端判断所述第一公钥是否与所述第二公钥相同;Determining, by the second intelligent terminal, whether the first public key is the same as the second public key;
    当所述第一公钥与所述第二公钥相同时,所述第二智能终端采用所述私钥对所述授权信息解密;When the first public key is the same as the second public key, the second smart terminal decrypts the authorization information by using the private key;
    解密后,所述第二智能终端获得所述授权信息。After decryption, the second intelligent terminal obtains the authorization information.
  2. 如权利要求1所述的自动授权方法,其特征在于,The automatic authorization method according to claim 1, wherein
    所述自动授权方法进一步包括:The automatic authorization method further includes:
    通过一基准智能终端生成一个密钥对,所述密钥对包括唯一匹配的公钥和私钥。A key pair is generated by a reference smart terminal, the key pair including a unique matching public key and private key.
  3. 如权利要求2所述的自动授权方法,其特征在于,The automatic authorization method according to claim 2, wherein
    所述基准智能终端将所述公钥发送至所述第一智能终端中,以作为第一公钥;The reference smart terminal sends the public key to the first smart terminal as a first public key;
    所述基准智能终端将所述公钥和私钥发送至所述第二智能终端中,以作为第二公钥和私钥。The reference smart terminal sends the public key and the private key to the second smart terminal as a second public key and a private key.
  4. 如权利要求1所述的自动授权方法,其特征在于,The automatic authorization method according to claim 1, wherein
    所述第二智能终端采用所述私钥对所述授权信息解密的步骤中,进一步包括:And the step of the second smart terminal decrypting the authorization information by using the private key, further comprising:
    提取保护所述授权信息中的第一公钥;Extracting and protecting the first public key in the authorization information;
    调用所述私钥基于私钥解密算法解除所述第一公钥。Invoking the private key releases the first public key based on a private key decryption algorithm.
  5. 如权利要求1所述的自动授权方法,其特征在于,The automatic authorization method according to claim 1, wherein
    当所述第一公钥与所述第二公钥不相同时,所述第二智能终端不执行解密操作。When the first public key is different from the second public key, the second smart terminal does not perform a decryption operation.
  6. 一种用于智能终端的自动授权系统,其特征在于,An automatic authorization system for a smart terminal, characterized in that
    所述自动授权系统包括连接模块、至少一第一智能终端和一第二智能终端;The automatic authorization system includes a connection module, at least one first intelligent terminal, and a second intelligent terminal;
    所述第一智能终端包括加密模块;The first intelligent terminal includes an encryption module;
    所述第二智能终端包括解密模块、判断模块、获取模块;The second intelligent terminal includes a decryption module, a determination module, and an acquisition module;
    所述连接模块,将一存有第一公钥的第一智能终端与一存有第二公钥和私钥的第二智能终端建立连接;The connection module establishes a connection between a first smart terminal storing a first public key and a second smart terminal storing a second public key and a private key;
    所述加密模块,与所述连接模块、判断模块通讯连接,向所述第二智能终端发出一采用第一公钥加密的授权信息;The encryption module is in communication with the connection module and the determination module, and sends an authorization information encrypted by the first public key to the second intelligent terminal;
    所述判断模块,与所述加密模块、解密模块通讯连接,判断所述第一公钥是否与所述第二公钥相同;The determining module is connected to the encryption module and the decryption module to determine whether the first public key is the same as the second public key;
    所述解密模块,与所述判断模块、获取模块通讯连接,当所述第一公钥与所述第二公钥相同时,采用所述私钥对所述授权信息解密;The decryption module is in communication with the determining module and the obtaining module, and when the first public key is the same as the second public key, decrypting the authorization information by using the private key;
    所述获取模块,与所述解密模块通讯连接,解密后,获得所述授权信息。The obtaining module is in communication with the decryption module, and after decryption, obtains the authorization information.
  7. 如权利要求6所述的自动授权系统,其特征在于,The automatic authorization system of claim 6 wherein:
    所述自动授权系统进一步包括一生成模块;The automatic authorization system further includes a generation module;
    所述生成模块,用于生成一个密钥对,所述密钥对包括唯一匹配的公钥和私钥。The generating module is configured to generate a key pair, where the key pair includes a unique matching public key and a private key.
  8. 如权利要求7所述的自动授权系统,其特征在于,The automatic authorization system of claim 7 wherein:
    所述生成模块,与所述第一智能终端、第二智能终端通讯连接,将所述公钥发送至所述第一智能终端中,以作为第一公钥;The generating module is configured to communicate with the first smart terminal and the second smart terminal, and send the public key to the first smart terminal as the first public key;
    将所述公钥和私钥发送至所述第二智能终端中,以作为第二公钥和私钥。Transmitting the public key and the private key to the second intelligent terminal as the second public key and the private key.
  9. 如权利要求6所述的自动授权系统,其特征在于, The automatic authorization system of claim 6 wherein:
    所述解密模块进一步包括:The decryption module further includes:
    提取单元,提取保护所述授权信息中的第一公钥;Extracting unit, extracting and protecting the first public key in the authorization information;
    调用单元,调用所述私钥,基于私钥解密算法解除所述第一公钥。Calling the unit, invoking the private key, and releasing the first public key based on a private key decryption algorithm.
  10. 如权利要求6所述的自动授权系统,其特征在于,The automatic authorization system of claim 6 wherein:
    所述自动授权系统进一步包括终止模块;The automatic authorization system further includes a termination module;
    所述终止模块,与所述判断模块通讯连接,当所述判断模块判断所述第一公钥与所述第二公钥不相同时,所述第二智能终端不执行解密操作。 The termination module is in communication with the determining module. When the determining module determines that the first public key is different from the second public key, the second intelligent terminal does not perform a decryption operation.
PCT/CN2017/105765 2017-10-11 2017-10-11 Smart terminal-based automatic authorization method and automatic authorization system WO2019071493A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2017/105765 WO2019071493A1 (en) 2017-10-11 2017-10-11 Smart terminal-based automatic authorization method and automatic authorization system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2017/105765 WO2019071493A1 (en) 2017-10-11 2017-10-11 Smart terminal-based automatic authorization method and automatic authorization system

Publications (1)

Publication Number Publication Date
WO2019071493A1 true WO2019071493A1 (en) 2019-04-18

Family

ID=66100169

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/105765 WO2019071493A1 (en) 2017-10-11 2017-10-11 Smart terminal-based automatic authorization method and automatic authorization system

Country Status (1)

Country Link
WO (1) WO2019071493A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100217987A1 (en) * 2006-02-07 2010-08-26 Ravindra Waman Shevade Document Security Management System
CN102882685A (en) * 2012-09-27 2013-01-16 东莞宇龙通信科技有限公司 Identity authentication system and identity authentication method
CN104320329A (en) * 2014-10-29 2015-01-28 武汉轻工大学 Method and system for safe instant messaging under open and untrusted internet environment
CN105553951A (en) * 2015-12-08 2016-05-04 腾讯科技(深圳)有限公司 Data transmission method and data transmission device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100217987A1 (en) * 2006-02-07 2010-08-26 Ravindra Waman Shevade Document Security Management System
CN102882685A (en) * 2012-09-27 2013-01-16 东莞宇龙通信科技有限公司 Identity authentication system and identity authentication method
CN104320329A (en) * 2014-10-29 2015-01-28 武汉轻工大学 Method and system for safe instant messaging under open and untrusted internet environment
CN105553951A (en) * 2015-12-08 2016-05-04 腾讯科技(深圳)有限公司 Data transmission method and data transmission device

Similar Documents

Publication Publication Date Title
US9467430B2 (en) Device, method, and system for secure trust anchor provisioning and protection using tamper-resistant hardware
WO2018133686A1 (en) Method and device for password protection, and storage medium
US11196721B2 (en) Systems and methods for establishing a secure communication channel between an information handling system and a docking station
KR101239297B1 (en) System for protecting information and method thereof
WO2015192670A1 (en) User identity authentication method, terminal and service terminal
TWI636373B (en) Method and device for authorizing between devices
US10601590B1 (en) Secure secrets in hardware security module for use by protected function in trusted execution environment
WO2019109852A1 (en) Data transmission method and system
WO2015158172A1 (en) User identity identification card
WO2015003503A1 (en) Network device, terminal device and information security improving method
US10439809B2 (en) Method and apparatus for managing application identifier
US20120124378A1 (en) Method for personal identity authentication utilizing a personal cryptographic device
CN114629639A (en) Key management method and device based on trusted execution environment and electronic equipment
WO2021082222A1 (en) Communication method and apparatus, storage method and apparatus, and operation method and apparatus
CN107155184B (en) WIFI module with secure encryption chip and communication method thereof
CN112003697A (en) Encryption and decryption method and device for cryptographic module, electronic equipment and computer storage medium
WO2022247790A1 (en) Data management method and apparatus, device and storage medium
CN102902903B (en) A kind of ecommerce intelligent code key with button and its implementation
US20230421372A1 (en) Accessory assisted account recovery
CN107682380B (en) Cross authentication method and device
WO2019071493A1 (en) Smart terminal-based automatic authorization method and automatic authorization system
WO2016165662A1 (en) Mobile phone quasi-digital certificate subsystem, and system and method thereof
WO2016029668A1 (en) Secure connection method, device and system, and computer storage medium
CN205302301U (en) Safe terminal equipment
CN110147677A (en) The safe encrypted electronic signature mouse of quantum, computer and its encryption method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17928738

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17928738

Country of ref document: EP

Kind code of ref document: A1