CN102902927B

CN102902927B - Method and system for modifying password of encryption lock

Info

Publication number: CN102902927B
Application number: CN201210337466.1A
Authority: CN
Inventors: 陆舟; 于华章
Original assignee: Feitian Technologies Co Ltd
Current assignee: Feitian Technologies Co Ltd
Priority date: 2012-09-12
Filing date: 2012-09-12
Publication date: 2015-04-15
Anticipated expiration: 2032-09-12
Also published as: CN102902927A

Abstract

The invention discloses a method and a system for modifying a password of an encryption lock. The method comprises the steps that: when the user trigger information is received, a host judges whether an authorized lock and an operation lock are connected with the host, if so, the host transmits the modification information to the authorized lock, otherwise, the operation is ended; the authorized lock receives the modification information and obtains a new password; the authorized lock processes the new password and transmits the processing result and the new password to the host; the host generates a verification instruction according to the processing result and the new password and transmits the verification instruction to the operation lock; the operation lock analyzes and verifies the received verification instruction, if verification instruction is verified to be qualified, the internally stored password is replaced by the analyzed new password, the modification success information returns to the host, and the operation is ended; otherwise the failure information returns to the host, and the operation is ended. According to the technical scheme, an agent or a developer can modify the password of the operation lock by utilizing the authorized lock, namely the password is modified under the control of a manufacturer, malicious modification is avoided, and the modification process is safe and controllable.

Description

A kind of method and system revising password of encryption lock

Technical field

The present invention relates to encryption lock field, particularly relate to a kind of method and system revising password of encryption lock.

Background technology

Encryption lock is a kind of security product inserted software and hardware on computers and combine, work is connected with main frame by communication interface (USB interface or parallel interface etc.), encryption lock utilizes the cryptographic algorithm of storage inside to be encrypted the data in main frame, user only has and just can check after the data deciphering after encryption with corresponding encryption lock, improves the security of user data.

General encryption lock can arrange an initial password when dispatching from the factory, initial password can be revised as the password of oneself accreditation by commission merchant or developer, but modification process is not by the control of manufacturer, for preventing commission merchant or developer to the malicious modification of initial password, be badly in need of the technical scheme proposing a kind of amendment password of encryption lock by production firm's control.

Summary of the invention

The present invention is that the initial password solving encryption lock in prior art is modified not by the defect that production firm controls, and provides a kind of method and system revising password of encryption lock.

A kind of method revising password of encryption lock provided by the invention, comprising:

Steps A: when main frame receives the trigger message of user, having judged whether that license lock and operable lock are connected with it, is perform step B, otherwise terminates;

Step B: amendment information is sent to license lock by described main frame;

Step C: described license lock receives described amendment information, according to described amendment information acquisition new password;

Step D: described license lock processes described new password, and result and described new password are sent to described main frame;

Step e: described main frame receives described result and described new password, generates checking instruction according to described result and described new password, and sends it to operable lock;

Step F: described operable lock receives after described checking instruction and resolves it, and verifies analysis result, then performs step G as being verified, as checking does not return failure information, end by main frame as described in then giving;

Step G: described operable lock resolves the password that the new password obtained replaces storage inside, and returns successfully modified information to main frame, terminates.

Wherein, described step D and step e replace with:

Step D ': described license lock processes described new password;

Step e ': described license lock generates checking instruction according to described result and described new password, and sends it to described operable lock by main frame.

Wherein, comprise between described steps A and step B: described main frame obtains cipher list from described license lock, and is exported;

The selection information of described host waits user input, and judge whether receive selection information in Preset Time, be continue, otherwise output error message, terminate;

Described step B is specially: the new password that the user in described selection information chooses is sent to described license lock by described main frame;

Accordingly, step C replaces with: described license lock receives the new password that described user chooses.

Wherein, described main frame obtains cipher list and specifically comprises from described license lock:

Step s1: described main frame obtains operable lock mark from described operable lock, and the authority corresponding according to described operable lock identifier lookup, then perform step s2 as found, otherwise output error information, terminate;

Step s2: described authority is sent to described license lock by described main frame;

Step s3: described license lock receives described authority and is decrypted it with own private key, as successful decryption then performs step s4; As decipher license lock as described in failure then to as described in main frame return deciphering failure information, terminate;

Step s4: described license lock sends to described main frame by deciphering the cipher list obtained.

Described main frame obtains operable lock mark from described operable lock, and sends it to described license lock;

Described license lock receives described operable lock mark, and the cipher list corresponding according to described operable lock identifier lookup, as found, described cipher list being sent to described main frame, as do not found, returning miscue information to main frame, terminate.

Described license lock receives described operable lock mark, judges whether described operable lock mark conforms to the cipher list of described storage inside, is continue, otherwise returns error message to main frame, terminates.

Wherein, comprise between described steps A and step B: described main frame exports the selection information that user's input is waited in sequence number list, and judges whether receive selection information in Preset Time, is continue, otherwise output error message, terminate;

Described step B is specially: the sequence number that the user in described selection information chooses is sent to described license lock by described main frame;

Described step C is specially: described license lock receives the sequence number that described user chooses, and according to the serial number gencration new password that described user chooses.

Wherein, also comprise between described steps A and step B: described main frame, according to the serial number gencration new password in described sequence number list, forms cipher list and exports;

Described sequence number list be described main frame storage inside or obtain from described license lock.

Wherein, comprising between described steps A and step B: described main frame exports dialog box, wait for that user inputs sequence number, and judge the sequence number whether receiving user's input in Preset Time, is continue, otherwise output error message, terminate;

Described step B is specially: the sequence number that described user inputs is sent to described license lock by described main frame;

Described step C is specially: described license lock receives the sequence number of described user input, and according to the serial number gencration new password that described user inputs.

Wherein, comprise between described steps A and step B: described main frame obtains sequence number list and exports from described license lock, wait for the selection information of user's input, and judge whether receive selection information in Preset Time, continue, otherwise output error message, terminate;

Described step C is specially: described license lock receives the sequence number that described user chooses, and from the cipher list of storage inside, obtains corresponding new password according to the sequence number that described user chooses.

Wherein, described step D also comprises: the operable lock initial password of storage inside is sent to main frame by described license lock;

Step e is specially: described main frame receives described operable lock initial password, result and new password, generates checking instruction, and send it to described operable lock according to described operable lock initial password, result and new password;

Also comprise in described step F:

Whether described operable lock judges to resolve the operable lock initial password obtained identical with the password of storage inside, is continue, otherwise gives described main frame return message, terminate.

Wherein, step e ' in generate checking instruction and be specially: described license lock generates checking instruction according to the operable lock initial password of storage inside, result and new password, and sends it to described operable lock;

Also comprise in described step F:

Wherein, described license lock is carried out process to described new password and is specially: described license lock uses own private key to sign to described new password, and signature result and described new password are sent to described main frame;

Described step F is specially: described operable lock is resolved it after receiving described checking instruction, the license lock PKI of storage inside is used to verify analysis result, as be verified then perform step G, as checking by then give as described in main frame return message, terminate.

Wherein, in described step F, analysis result is verified and specifically comprises:

Step F 11: the license lock PKI of described operable lock storage inside is decrypted resolving the signature result obtained, and as successful decryption then performs step F 12, otherwise gives described main frame return message, terminates;

Step F 12: described operable lock uses preset digest algorithm to calculate resolving the new password obtained, and judges that whether result of calculation is consistent with decrypted result, is perform step G, otherwise gives described main frame return message, terminate.

Wherein, described license lock is carried out process to described new password and is specially: described license lock uses the operable lock PKI of storage inside to be encrypted described new password, and encrypted result and described new password are sent to described main frame;

Described step F is specially: described operable lock is resolved it after receiving described checking instruction, the own private key of storage inside is used to be decrypted resolving the encrypted result obtained, as successful decryption then judges that whether the new password that decrypted result and parsing obtain is consistent, perform step G, otherwise give described main frame return message, terminate; As decipher failure then give as described in main frame return message, terminate.

Wherein, also comprise between described steps A and step B: described main frame sends to described operable lock and obtains instruction, obtains the random number in described operable lock;

Described step B is specially: amendment information and described random number are sent to described license lock by described main frame;

Described step D is specially: described license lock processes described new password and random number, and result and described new password are sent to described main frame.

Wherein, also comprised before described step D ': described main frame obtains random number and sends it to described license lock from described operable lock;

Described step D ' is specially: described license lock processes described new password and random number.

Wherein, described license lock processes described new password and random number, is specially:

Described license lock uses own private key to sign to described new password and random number, and signature result and described new password are sent to described main frame.

Wherein, described step F specifically comprises:

Step F 21: the license lock PKI of described operable lock storage inside is decrypted resolving the signature result obtained, and as successful decryption then performs step F 22, otherwise gives described main frame return message, terminates;

Step F 22: described operable lock uses preset digest algorithm to calculate the random number of resolving new password and the storage inside obtained, and judges that whether result of calculation is consistent with decrypted result, is perform step G, otherwise gives described main frame return message, terminate.

Wherein, described license lock processes described new password and random number and specifically comprises: described license lock uses the operable lock PKI of storage inside to be encrypted described new password and random number;

Step F specifically comprises: described operable lock is resolved it after receiving described checking instruction, the license lock PKI of storage inside is used to be decrypted resolving the encrypted result obtained, as successful decryption then judges that whether the random number of deciphering random number and the storage inside obtained is consistent, whether consistent with or judge if deciphering the new password that the new password that obtains and parsing obtain, perform step G, otherwise give described main frame return message, terminate; As decipher failure then give as described in main frame return message, terminate.

Wherein, comprise before described step e: described main frame obtains operable lock coding from described operable lock;

Described generation checking instruction is specially: described main frame encode according to described operable lock, result and described new password generate and verify instruction;

Described step F specifically comprises:

Described operable lock is resolved it after receiving described checking instruction, and judges that whether resolve the operable lock coding obtained encodes consistent with the operable lock of storage inside, is continue, otherwise gives described main frame return message, terminate;

Whether described operable lock checking analysis result is correct, is continue, otherwise gives described main frame return message, terminate.

Wherein, described step e ' also comprise before: described main frame obtains operable lock and encodes and send it to described license lock from described operable lock;

Described generation checking instruction is specially: generate checking instruction according to described operable lock coding, described result and described new password;

Described step F specifically comprises:

Whether described operable lock receives after described checking instruction and resolves it, and judge to resolve the operable lock coding obtained and encode with the operable lock of storage inside and conform to, and is continue, otherwise to described main frame return message, end;

Wherein, also comprise in described step F:

Described operable lock judges that in the new password that parsing obtains, on ad-hoc location, whether data are identical with the data on relevant position in the password of storage inside, are continue, otherwise give described main frame return message, terminate.A kind of system revising password of encryption lock provided by the invention, comprising: license lock, main frame and operable lock, and wherein, described main frame comprises:

First receiver module, for receiving the trigger message of user, also for receiving the data of described license lock and operable lock transmission;

First judge module, for having judged whether that license lock is connected with described main frame with operable lock;

First sending module, for sending data to described license lock and described operable lock;

First generation module, for generating checking instruction;

Described license lock comprises:

Second receiver module, for receiving the data that described first sending module sends;

First acquisition module, for the amendment information acquisition new password received according to described second receiver module;

Processing module, for processing described new password;

Second sending module, for described first receiver module transmission processing result and new password;

Described operable lock comprises:

3rd receiver module, for receiving the described checking instruction that described first sending module sends;

Parsing module, for resolving described checking instruction;

Authentication module, verifies for resolving to described parsing module the result obtained;

Replacement module: for resolving with described parsing module the password that the new password obtained replaces described operable lock storage inside;

3rd sending module, for sending information to described first receiver module.

Wherein, described first generation instruction is included in described license lock.

Wherein, described main frame also comprises:

Second acquisition module, for obtaining cipher list from described license lock;

Output module, for exporting described cipher list;

Second judge module, for judging whether receive selection information in Preset Time;

Described first sending module is used for the password of choosing in described selection information to send to described license lock.

Wherein, described second acquisition module specifically for obtaining operable lock mark, the authority corresponding according to described operable lock identifier lookup from described license lock;

Described first sending module is also for sending to described license lock by the described authority found;

Described license lock also comprises: deciphering module, and for being decrypted described authority, successful decryption obtains cipher list.

Wherein, described main frame also comprises the 3rd acquisition module, for obtaining operable lock mark from described operable lock;

Described first sending module is also for sending to described license lock by described operable lock mark;

Described license lock also comprises: search module, for the cipher list corresponding according to described operable lock identifier lookup.

Described license lock also comprises: the 3rd judge module, for judging whether described operable lock mark conforms to the cipher list of described storage inside.

Wherein, described main frame also comprises output module and the 3rd judge module,

Described output module: for exporting sequence number list;

Described 3rd judge module: for judging whether receive selection information in Preset Time;

The sequence number of described first sending module also for the user in described selection information being chosen sends to described license lock;

The serial number gencration new password of described first acquisition module specifically for choosing according to described user.

Described output module: for exporting dialog box;

Described 3rd judge module: for judging the sequence number whether receiving user's input in Preset Time;

The sequence number of described first sending module also for described user being inputted sends to described license lock;

The serial number gencration new password of described first acquisition module specifically for inputting according to described user.

Wherein, described main frame also comprises acquisition output module and the 3rd judge module,

Described acquisition output module: for obtaining sequence number list and export from described license lock;

Described second acquisition module obtains corresponding new password specifically for the sequence number chosen according to described user from the cipher list of storage inside.

Wherein, described second sending module is also for sending to described main frame by the operable lock initial password of described license lock storage inside;

Described first generation module is specifically for generating checking instruction according to described operable lock initial password, result and new password;

Described authentication module comprises: authentication unit, verifies for resolving to described parsing module the new password obtained;

Whether the first judging unit is identical with the password of storage inside for judging that described parsing module resolves the operable lock initial password obtained.

Wherein, described first generation module generates checking instruction specifically for the operable lock initial password according to storage inside, described result and new password;

Wherein, described processing module is signed to described new password specifically for using the own private key of described license lock;

Described authentication module comprises:

Decryption unit, for being decrypted resolving the signature result obtained with the license lock PKI of described operable lock storage inside;

Calculating judging unit, for using preset digest algorithm to calculate resolving the new password obtained, and judging that whether the decrypted result that result of calculation and described decryption unit successful decryption obtain is consistent.

Wherein, described processing module is encrypted described new password specifically for using the operable lock PKI of described license lock storage inside;

Described authentication module comprises:

Decryption unit, for being decrypted resolving the encrypted result obtained with the own private key of described operable lock storage inside;

Judging unit, whether consistent for judging that described parsing module resolves the decrypted result that the new password that obtains and described decryption unit successful decryption obtain.

Wherein, described main frame also comprises the 5th acquisition module, for obtaining operable lock coding from described operable lock;

Described first generation module is specifically for generating checking instruction according to described operable lock coding, result and described new password;

Described authentication module comprises:

Judging unit, for judging that described parsing module is resolved the operable lock coding obtained and whether encoded consistent with the operable lock of described operable lock storage inside;

Authentication unit, verifies for resolving to described parsing module the new password obtained.

Wherein, described main frame also comprises the 5th acquisition module, and user obtains operable lock coding from described operable lock;

Described first sending module is also for sending to described license lock by described operable lock coding;

Described authentication module comprises:

Whether wherein, described operable lock also comprises: the 4th judge module, identical with the data on relevant position in the password of storage inside for judging that described parsing module to resolve in the new password obtained data on ad-hoc location.

The present invention compared with prior art, has the following advantages:

By technical scheme of the present invention, commission merchant or developer can utilize the password of license lock to operable lock to modify, and namely realize under the control of manufacturer, prevent malicious modification, and modification process safety is controlled.

Accompanying drawing explanation

A kind of method flow diagram revising password of encryption lock that Fig. 1 provides for the embodiment of the present invention one;

A kind of method flow diagram revising password of encryption lock that Fig. 2 provides for the embodiment of the present invention two;

A kind of method flow diagram revising password of encryption lock that Fig. 3 provides for the embodiment of the present invention three;

A kind of method flow diagram revising password of encryption lock that Fig. 4 provides for the embodiment of the present invention four;

A kind of system block diagram revising password of encryption lock that Fig. 5 provides for the embodiment of the present invention five.

Embodiment

Below in conjunction with the accompanying drawing in the embodiment of the present invention, be clearly and completely described the technical scheme in the embodiment of the present invention, obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.

Embodiment one

The embodiment of the present invention one provides a kind of method revising password of encryption lock, as shown in Figure 1, comprising:

Steps A: when main frame receives the trigger message of user, having judged whether that license lock and operable lock are connected with it, is perform step B, otherwise terminates.

Step B: amendment information is sent to license lock by main frame;

Amendment information in the present embodiment is new password or sequence number.

Also can comprise between steps A and step B in the present embodiment:

Step a1: described main frame obtains cipher list from described license lock, and is exported;

Step a2: the selection information of described host waits user input, and judge whether receive selection information in Preset Time, be continue, otherwise output error message, terminate;

Selection information in the present embodiment comprises the new password that user selects;

Wherein, when cipher list is stored in main frame through encrypting the authority obtained, and in main frame, have multiple authority, then step a1 specifically comprises:

Step a11: described main frame obtains operable lock mark from described operable lock, and the authority corresponding according to described operable lock identifier lookup, then perform step a12 as found, otherwise output error information, terminate;

Step a12: described in described main frame, authority sends to described license lock;

Step a13: described license lock receives described authority and is decrypted it with own private key, as successful decryption then performs step a14; As decipher failure then license lock return deciphering failure information to main frame, terminate;

Step a14: described license lock sends to described main frame by deciphering the cipher list obtained.

When only having an authority in main frame, then step a1 judges that whether operable lock mark is corresponding with authority, is continue, otherwise output error message, terminate; Or directly perform step a2.

Wherein, when storing multiple coded lock list in operable lock, then step a1 specifically comprises:

Step a1-1: main frame obtains operable lock mark from operable lock, and sends it to license lock;

Step a1-2: license lock receives operable lock mark, and the cipher list corresponding according to operable lock identifier lookup, as found, send to main frame by the cipher list found, and as do not found then output error information, terminates.

Wherein, when only storing a coded lock list in operable lock, then step a1 specifically comprises:

Step a1-1 ': main frame obtains operable lock mark from operable lock, and sends it to license lock;

Step a1-2 ': license lock receives operable lock mark, judges whether operable lock mark conforms to the cipher list of storage inside, is, the cipher list of storage inside is sent to main frame, otherwise returns error message to main frame, terminates.

In the present embodiment, when amendment information is sequence number, comprise between steps A and step B: main frame exports the selection information that user's input is waited in sequence number list, and judge whether receive selection information in Preset Time, continue, otherwise output error message, terminate; Selection information comprises the sequence number that user chooses.Sequence number list be prestore in main frame or obtain from operable lock; Can also comprise between steps A and step B: main frame, according to the serial number gencration new password in sequence number list, forms cipher list and exports, making user can see the new password of generation intuitively;

Or when amendment information is sequence number, comprising between steps A and step B: main frame exports dialog box, wait for that user inputs sequence number, and judge the sequence number whether receiving user's input in Preset Time, is continue, otherwise output error message, terminate.

Step C: license lock receives amendment information, according to amendment information acquisition new password;

Concrete, in the present embodiment, as sequence number list acquires from license lock, also store cipher list in license lock simultaneously, when amendment information is sequence number, be then specially according to amendment information acquisition new password: in cipher list, obtain corresponding new password according to the sequence number chosen; There is no cipher list in as authorized, storing preset algorithm, when amendment information is sequence number, being then specially according to amendment information acquisition new password: the sequence number according to choosing generates new password according to preset algorithm.If sequence number list prestores in main frame, when then amendment information is sequence number, be then specially according to amendment information acquisition new password: the sequence number according to choosing generates new password according to preset algorithm, as found, obtains new password, as do not found, returning miscue information to main frame, terminating.

Preset algorithm in the present embodiment is identical with the preset algorithm in main frame.

As revise information be user input sequence number time, be then specially according to amendment information acquisition new password: according to the serial number gencration new password of input.

Step D: license lock processes new password, and result and new password are sent to main frame.

Process in the present embodiment comprises: use the own private key of storage inside to carry out signing or use the PKI of the operable lock of storage inside to be encrypted.

For improving processing safety, also other data can be processed together with new password in the present embodiment; As other data can obtain for main frame and send to the random number of mandate from operable lock;

Step e: main frame receives result and described new password, generates checking instruction according to result and new password, and sends it to operable lock.

Can only revise the initial password of single job lock for controlling license lock, then in step D, the operable lock initial password of storage inside is also sent to main frame by license lock, and in step e, main frame generates checking instruction according to operable lock initial password, result and new password.

Checking instruction in the present embodiment also can generate at license lock end, then step D and step e replace with:

Step D ': license lock processes new password;

Step e ': license lock generates checking instruction according to result and new password, and sends it to operable lock by main frame;

The initial password of single job lock can only be revised for controlling license lock, step e ' in license lock generate checking instruction according to the operable lock initial password of storage inside, result and new password.

Step F: operable lock receives after described checking instruction and resolves it, and verifies analysis result, then performs step G as being verified, as checking does not return failure information, end by main frame as described in then giving.

In the present embodiment, when license lock can only revise the initial password of single job lock, when checking instruction comprises operable lock initial password, also comprise in step F: whether operable lock judges to resolve the operable lock initial password obtained identical with the password of storage inside, continue, otherwise give described main frame return message, terminate.This step also can perform after the validation before checking analysis result.

In the present embodiment, if the processing procedure in step D is signature operation, then analysis result is verified that the license lock PKI be specially by storage inside is verified analysis result, realize proof procedure to be specially: be first decrypted the signature result in analysis result with the license lock PKI of storage inside, successful decryption then calculates resolving the new password obtained according to presetting digest algorithm, judging that whether result of calculation is consistent with decrypted result, is be proved to be successful, otherwise verifies unsuccessful; Raw data as signed in step D also comprises random number, then calculate according to the random number of preset algorithm to the new password in analysis result and storage in operable lock.

In the present embodiment, if the processing procedure in step D is cryptographic operation, then carry out verifying that implementation procedure is specially to analysis result: operable lock uses the own private key of storage inside to be decrypted resolving the encrypted result obtained, as successful decryption then judges that whether the random number of random number and the storage inside obtained is consistent, whether consistent with or judge if deciphering the new password that the new password that obtains and parsing obtain, be continue, otherwise give described main frame return message, terminate; As decipher failure then give as described in main frame return message, terminate.As only having new password in decrypted result, then whether unanimously only need judge to decipher the new password that the new password that obtains and parsing obtain.

Step G: operable lock new password replaces the password of storage inside, and returns successfully modified information to main frame, terminates.

In the present embodiment, improve the security of retouching operation lock cipher, also comprised before the password that stores in operable lock of modifying: whether operable lock judges to resolve in the new password obtained data on ad-hoc location identical with the data on relevant position in the password of storage inside, continue, otherwise give main frame return message, terminate.

The checking instruction of the generation in the present embodiment can also comprise operable lock coding, obtains before generation checking instruction from operable lock; Then also comprised before the password that stores in operable lock of modifying: operable lock judges whether consistent whether resolve the operable lock coding obtained encode with the operable lock of storage inside, is continue, otherwise to described main frame return message, end.

Embodiment two

The embodiment of the present invention two provides a kind of method revising password of encryption lock, as shown in Figure 2, comprising:

Step 100: when main frame receives the trigger message of user, having judged whether that license lock and operable lock are connected with it, is perform step 101, otherwise terminates;

In the present embodiment, main frame distinguishes operable lock and license lock by distinct interface; When operable lock and license lock are lock of the same race, can also be distinguished by other marks, as user ID, UID, the particular data file in lock or specific executable program etc.;

Concrete, trigger message is that user generates when starting tool software;

Step 101: main frame sends to operable lock and obtains instruction;

Step 102: the operable lock of storage inside mark is sent to main frame when operable lock receives and obtains instruction;

Concrete, in the present embodiment, operable lock mark comprises: the type of encryption lock and/or the sales territory coding of encryption lock and/or encoded agent etc.;

Step 103: main frame receives operable lock mark and identifies generated query instruction according to operable lock and send it to license lock;

Step 104: when license lock receives query statement, therefrom searches cipher list according to the operable lock mark in query statement, then performing step 105, as do not found, returning miscue information to main frame, terminating as found;

Cipher list in the present embodiment comprises Customer ID, customer name, password etc., can also comprise sequence number;

Cipher list in the present embodiment also can generate when license lock receives query statement, then main frame sends it to license lock according to operable lock mark and/or commission merchant's information and/or the instruction of customer information generated query in step 103; Corresponding step 104 replaces with: when license lock receives query statement, is stored in cipher list according to the operable lock mark in query statement and/or commission merchant's information and/or customer information generating cipher; Accordingly, in step 105, the cipher list of generation is sent to main frame by license lock;

Concrete, the operation mark in this enforcement is 2E3AB, and corresponding cipher list is as follows:

Family ID	Customer name	Password
			001	Zhang San	DB08DAE0DAD0221A
002	Li Si	B9D7EAF156274EC3
			003	King five	71CC1E7906AB7864

Step 105: the cipher list found is sent to main frame by license lock;

Cipher list in the present embodiment is specially: Customer ID, operable lock VID, operable lock PID etc.;

In the present embodiment, as a license lock can only control the password amendment of a generic operation lock, then the cipher list of storage inside is directly sent to main frame when receiving query statement by license lock;

Step 106: main frame receives cipher list and exported, waits for user's input selection information;

In the present embodiment, after the list of main frame output password, user therefrom can choose a password;

Step 107: main frame judges the selection information whether receiving user in Preset Time, is perform step 108, otherwise output error information, terminate;

Selection information in the present embodiment comprises the new password chosen;

Step 108: the new password chosen is sent to license lock by main frame;

Step 109: license lock receives the new password chosen and also signs to it with the private key of storage inside;

In the present embodiment, license lock first utilizes built-in digest algorithm to calculate digest value to the new password chosen, then is encrypted generation signature result with private key to digest value;

In the present embodiment, the new password chosen that license lock receives is specially: DB08DAE0DAD0221A, the private key of its storage inside is E2DA18E639D717FAE161F8A7428A6A662CE4D55921B84D31291CF718 1C439E20B5AA816A92231D14BB119B323E6F3B049EA6C7766FE17F23 C54FFE139F1938AE08C9CFE9E61436DAA61EA15B02140596C98338C8 F23CFF7F4EEC4E0E268038F8A651E213242F1851B2A8FC0EA80E027B 940ABC55D91C41A69C7BEF1C860ADD3B, corresponding PKI is 42440351FD435FB5E17084FA16EDE7F6C0D6779BF9C5A486DFC39E4A 64B73BD1C23F745E7521DCB4D990630D623F8BB5E5C24231CEACC83E E2BC6333C81DCDF83BB9C4F1C6768581B0273580C77794E1C23D6272 C7D717A1FB26E60122A7261F4B7F5BD606EEEFC3E607B39CC1959533 FE5B58697893396C509AC885E72BE8C1, then carry out signature process in step 109 to be specially:

(1) first MD5 computing is done to the new password DB08DAE0DAD0221A chosen and obtain cryptographic hash: 70E4C803ABABD8C9E1E70066016AD325;

(2) carry out using RSA encrypted private key in lock to obtain signed data after PKCS1 fills to cryptographic hash: 7F2C1A289D2556F059525D139992F146DA9BD9A013C6DB35734A5863 469B3BEC00B27FCB781710899B240A46FEC53B97F487C761ADE7BF12 EEDAC9DE8FA28A73B471F76C136A3B6B2C3CD095FA9A548229AF92A5 22086424487E9221B221B9D1CA5A3A774E1F5BB87274C2F25EF8B18E 927B84475F7A5DF3868A1CF09A3D5290;

In the present embodiment, as also comprised sequence number in cipher list, then step 108 and step 109 can be replaced:

Step 108 ': sequence number corresponding for the new password chosen is sent to license lock by main frame;

Step 109 ': license lock Receive sequence number, and in cipher list, obtain the corresponding new password chosen according to sequence number, use the private key of storage inside to sign to the new password chosen obtained;

In the present embodiment, license lock can also carry out other operations to the new password chosen, and as encryption, specific implementation process describes in detail in embodiment four;

Step 110: signature result is sent to main frame by license lock;

Step 111: main frame reception signature result, verifies instruction according to signature result and the new password generation chosen and sends it to operable lock;

Checking instruction in the present embodiment also can generate in license lock, then step 110 and step 111 replace with step 110 ' and step 111 ';

Step 110 ': license lock is verified instruction according to signature result and the new password generation chosen and sends to main frame;

Step 111 ': the instruction of main frame Receipt Validation also sends to operable lock;

Step 112: the instruction of operable lock Receipt Validation also resolves to it new password obtaining signature result and choose, the PKI using storage inside and the new password chosen are verified signature result, as being verified, then perform step 113, as authentication failed, then perform step 115;

Concrete, in the present embodiment, the PKI of operable lock use storage inside carries out checking to signature result and comprises:

Step 112-1: operable lock uses the PKI of storage inside to be decrypted signature result, as successful decryption then performs step 112-2, then performs step 115 as deciphered failure;

PKI as stored in operable lock is 42440351FD435FB5E17084FA16EDE7F6C0D6779BF9C5A486DFC39E4A 64B73BD1C23F745E7521DCB4D990630D623F8BB5E5C24231CEACC83E E2BC6333C81DCDF83BB9C4F1C6768581B0273580C77794E1C23D6272 C7D717A1FB26E60122A7261F4B7F5BD606EEEFC3E607B39CC1959533 FE5B58697893396C509AC885E72BE8C1, then successful decryption;

Step 112-2: operable lock is carried out digest algorithm to the new password chosen and obtained digest value, and judging that whether decrypted result is consistent with digest value, is perform step 113, otherwise perform step 115;

Step 113: the operable lock new password chosen replaces the operable lock password of storage inside;

Step 114: operable lock returns the information of being proved to be successful to main frame, terminates;

Step 115: operable lock returns authentication failed message to main frame, terminates.

As only having one group of cipher list in the license lock in the present embodiment, when query statement comprises operable lock mark, then step 104 replaces with step 105: license lock judges whether the operable lock mark in query statement conforms to the cipher list of its storage inside, that cipher list is sent to main frame, otherwise return miscue information to main frame, terminate;

Whether the operable lock mark judging in query statement in the present embodiment conforms to the cipher list of its storage inside and is specially: judge that whether the mark of cipher list is consistent with the mark of operable lock, be conform to, otherwise do not conform to;

When not comprising operable lock mark in query statement, then step 104 and step 105 replace with: license lock receives query statement and judges whether inside stores cipher list, be that the cipher list of storage is sent to main frame, otherwise return miscue information to main frame, terminate.

Cipher list in the present embodiment also can be stored in main frame, and use authority lock double secret key cipher list is encrypted generation authority in advance, then the step 102-105 in the present embodiment replaces with the following step:

Step 102 ': main frame obtains operable lock mark from operable lock, and the authority corresponding according to operable lock identifier lookup, then perform step 103 as found ', otherwise output error information, terminate;

Step 103 ': the authority found is sent to license lock by main frame;

Step 104 ': license lock receives authority and is decrypted it with own key, as successful decryption then performs step 105 '; As decipher failure then license lock return deciphering failure information to main frame, terminate;

Own key in the present embodiment can be symmetric key or unsymmetrical key; As license lock then obtains cipher list to authority successful decryption;

Step 105 ': cipher list is sent to main frame by license lock.

As the authority in main frame only has portion, and do not comprise operable lock mark in query statement, then step 101-step 105 replaces with:

Step s1: main frame judges whether to store authority, is, performs step s2, otherwise output error information, terminate;

Step s2: authority is sent to license lock by main frame;

Step s3: license lock receives authority and is decrypted it with own key, as successful decryption then performs step s4; As decipher failure then license lock return deciphering failure information to main frame, terminate;

Step s4: cipher list is sent to main frame by license lock.

For preventing resetting, main frame can also obtain the first random number from operable lock in a step 102; This first random number can be that operable lock generates in advance or generate when receiving instruction that main frame issues; Then correspondingly to replace with in step 108, step 109, step 112-2:

Step 108 ": the new password chosen is sent to license lock by main frame together with the first random number;

Step 109 ": license lock receives the new password and the first random number chosen, and carries out signature generation signature result with the private key of storage inside to it;

Step 112-2 ": operable lock is carried out digest calculations to the new password chosen and the first inner random number and is obtained digest value, judges that whether digest value is identical with encrypted result, is in execution step 113, otherwise performs step 115.

When verifying that instruction generates in license lock, then can in step 110 ' before main frame from operable lock, obtain the first random number and send it to license lock;

Step 110 ' specifically comprise: license lock generates checking instruction according to the first random number, signature result and the new password chosen and sends to main frame.

Operable lock in the present embodiment writes the PKI of a unsymmetrical key before dispatching from the factory, and writes corresponding asymmetric privacy keys in license lock, and will the cipher list encrypting storing of commission merchant's amendment be allowed to be kept in main frame in license lock or with authority.When commission merchant needs Modify password, the new password chosen uses the private key of its storage inside to sign by license lock, then by main frame, the new password chosen and signature value thereof are sent to operable lock, operable lock uses the PKI in lock to verify the new password chosen received and signature thereof, if be proved to be successful, just the password of storage inside is replaced with the new password chosen.The process of Modify password is carried out under the control of license lock, strengthens production firm to the control of Modify password process, makes modification process safer, prevent the malicious modification of commission merchant and dealer.

Embodiment three

The embodiment of the present invention three provides a kind of method revising password of encryption lock, and in the present embodiment, one can only to a kind of initial password amendment of operable lock once license lock, and as shown in Figure 3, the method for the present embodiment comprises:

Step 200: when main frame receives the trigger message of user, having judged whether that license lock and operable lock are connected with it, is perform step 201, otherwise terminates;

In the present embodiment, main frame distinguishes operable lock and license lock by distinct interface; When operable lock and license lock are lock of the same race, main frame can also be distinguished by other marks, as user ID, UID, and the particular data file in lock or specific executable program etc.;

Concrete, trigger message is that user generates when starting tool software;

Step 201: main frame sends first to operable lock and obtains instruction;

Step 202: when operable lock receives the first acquisition instruction, sends to main frame by the operable lock of its storage inside mark and random number;

Random number in the present embodiment can generate when operable lock receives the first acquisition instruction, or generation stores in advance;

Step 203: main frame receives operable lock mark and random number, and obtain instruction according to the generation second of operable lock mark and send it to operable lock;

Step 204: license lock receives second and obtains instruction, and judge whether operable lock mark wherein conforms to the cipher list of its storage inside, is perform step 205, otherwise returns miscue information to main frame, terminate;

Whether the operable lock mark judging in query statement in the present embodiment conforms to the cipher list of its storage inside and is specially: judge that whether the mark of cipher list is consistent with the mark of operable lock, be conform to, otherwise do not conform to; Concrete, operable lock mark comprises operable lock VID and/or operable lock PID;

Cipher list in the present embodiment comprises sequence number and corresponding password etc., can also comprise Customer ID, customer name etc.;

Cipher list in the present embodiment also can generate when license lock receives the second acquisition instruction, then main frame generates second according to operable lock mark and/or commission merchant's information and/or customer information and obtains instruction and send it to license lock in step 203; When license lock receives the second acquisition instruction in step 204, obtain operable lock mark in instruction and/or commission merchant's information and/or customer information according to the list of preset algorithm generating cipher according to second, and the cipher list of generation is sent to main frame;

Concrete, the preset algorithm in the present embodiment is logical add; The cipher list generated is as shown in the table;

Sequence number	Operable lock VID	Commission merchant's information	Password
				0001	096E	FB56	0104C4
0002	08E2	D4C8	DDAA
				0003	3689	8EAB	C534
0004	04B4	4A59	4F0D

Step 205: the cipher list of storage inside is sent to main frame by license lock;

Step 206: main frame receives cipher list and exported, waits for user's input selection information;

Step 207: main frame judges the selection information whether receiving user in Preset Time, is perform step 208, otherwise output error information, terminate;

Selection information in the present embodiment comprises the new password and corresponding sequence number chosen;

Step 208: the sequence number of the new password chosen and random number are sent to license lock by main frame;

In the present embodiment, random number also can after step 201, and any time before step 208 obtains from operable lock;

Step 209: license lock receives sequence number and the random number of the new password chosen, obtains the corresponding new password chosen according to sequence number, and signs to the new password chosen and random number with the private key of storage inside in cipher list;

In the present embodiment, license lock first utilizes built-in digest algorithm to calculate digest value to the new password chosen, then is encrypted generation signature result with private key to digest value; Concrete, in the present embodiment, the private key of license lock storage inside is E2DA18E639D717FAE161F8A7428A6A662CE4D55921B84D31291CF718 1C439E20B5AA816A92231D14BB119B323E6F3B049EA6C7766FE17F23 C54FFE139F1938AE08C9CFE9E61436DAA61EA15B02140596C98338C8 F23CFF7F4EEC4E0E268038F8A651E213242F1851B2A8FC0EA80E027B 940ABC55D91C41A69C7BEF1C860ADD3B, and the new password chosen is: 0104C4; Random number is: 24E20C3E02CB31CA; Signature process is specially:

(1) first MD5 computing is carried out to password and random number and obtain cryptographic hash: 49C319F8D56D8EDF1C94933884D6D734;

(2) use private key in lock to be encrypted after filling cryptographic hash PKCS1 to be signed: 429E8735FA00A99D4B338629FC18FF01666D287708581943D6848703 235F3334F3DFF00DDD304AE7B271F4F4789AF89652ACFAEEED5885B6 564F76D9505AFC31333467DC9FC7566E2784FE757A9B04BCC8852062 7F1AF6CC3B30EE0D70BA83096F568269F313F78CF6E62BA4FB27F466 19F70E91F0E80BDB10C792B1350A5288;

Step 210: the initial password of signature result, operable lock and license lock management coding are sent to main frame by license lock;

Concrete, the management coding in the present embodiment comprises area code and encoded agent; As management is encoded to 5A93837, then 5A93 is area code, and 837 is encoded agent;

Being previously stored with in license lock in the present embodiment can the initial password of operable lock of Modify password;

Step 211: main frame receive signature result, operable lock initial password and authorize code-locked management coding, according to the initial password of signature result, operable lock, authorize code-locked management coding and the new password chosen generate checking instruction and send it to operable lock;

Checking instruction in the present embodiment also can generate at license lock end, then before step 209, main frame obtains random number and sends to license lock from operable lock;

Step 212: the instruction of operable lock Receipt Validation and to its resolve the result that obtains signing, operable lock initial password, authorize code-locked management coding and the new password chosen, judge that whether the initial password of operable lock is consistent with the password of storage inside, perform step 213, otherwise return miscue information to main frame, terminate;

Step 213: the PKI that operable lock uses storage inside and the new password chosen are verified signature result, then perform step 214, as authentication failed then performs step 217 as being verified;

In the present embodiment, proof procedure specifically comprises:

Step 213-1: operable lock uses the PKI of storage inside to be decrypted signature result, as successful decryption then performs step 213-2, then performs step 217 as deciphered failure;

Step 213-2: operable lock carries out calculating digest value according to default digest algorithm after the random number of resolving the new password chosen and the storage inside obtained being spliced;

Step 213-3: judging that whether decrypted result is consistent with digest value, is perform step 214, otherwise perform step 217;

Step 214: whether operable lock judges to authorize code-locked management coding legal, is perform step 215, otherwise performs step 217;

In the present embodiment, operating rights judges that whether license lock management coding is legal and is specially:

Step 214-1: operable lock judges that whether the area code in license lock management coding is correct, is perform step 214-2, otherwise performs step 217;

Step 214-2: operable lock judges that whether the encoded agent in license lock management coding is legal, is perform step 214, otherwise performs step 216;

In the present embodiment, as the amendment only allowing the encryption lock of the first agent business in area, America (preset area code be 01) (presetting encoded agent is 01) other encryption locks to be carried out to initial password, then operable lock judges whether license lock administrator password is 01 01, be perform step 215, otherwise perform step 217;

In the present embodiment, the order interchangeable of step 212, step 213 and step 214, can first perform any one step, continues the judgement of next step when being judged as YES;

Step 215: the operable lock new password chosen replaces the operable lock password of storage inside;

Step 216: operable lock returns the information of being proved to be successful to main frame, terminates;

Step 217: operable lock returns authentication failed message to main frame, terminates.

Cipher list in the present embodiment also can be stored in main frame, and license lock uses own key to be encrypted generation authority to cipher list in advance, then the step 202-206 in the present embodiment replaces with the following step:

Step 202 ': main frame obtains operable lock mark from operable lock, and the authority corresponding according to operable lock identifier lookup, then perform step 203 as found ', otherwise output error information, terminate;

Step 203 ': the authority found is sent to license lock by main frame;

Step 204 ': license lock receives authority and is decrypted it with own key, then performs step 205 as separated dense success '; Then returning deciphering failure information to main frame as deciphered failure, terminating;

Step 205 ': cipher list is sent to main frame by license lock.

In the present embodiment, operable lock, in the process of checking license lock, adds the participation of random number, prevents disabled user to the playback of operable lock password modification process; And also the legitimacy of license lock is verified before Modify password, improve production firm to the control of operable lock password modification process, further improve the security of Modify password.

Embodiment four

The embodiment of the present invention four provides a kind of method revising password of encryption lock, as shown in Figure 4, comprising:

Step 301: when main frame receives the trigger message of user, having judged whether that license lock and operable lock are connected with it, is perform step 302, otherwise terminates;

Concrete, trigger message is that user generates when starting tool software;

Step 302: main frame exports dialog box, waits for that user inputs sequence number;

Step 303: main frame judges the sequence number whether receiving user's input in Preset Time, is perform step 304; Otherwise output error information, terminates;

Step 302 in the present embodiment and step 303 can also replace with:

Step 302 ': the list of main frame output sequence, wait for user's input selection information;

That list of sequence numbers in the present embodiment can obtain from license lock for main frame or inside prestores;

Step 303 ': main frame judges the selection information whether receiving user's input in Preset Time, is perform step 304, otherwise output error information, terminate;

Selection information in the present embodiment comprises the sequence number that user chooses;

Step 304: the sequence number in selection information is sent to license lock by main frame;

Step 305: license lock Receive sequence number, and generate new password according to preset algorithm;

Concrete, in the present embodiment, preset algorithm can be preset function, and its parameter comprises: area code, encoded agent, operable lock type and sequence number etc.; Wherein commission merchant's numbering can pre-set and also can send to license lock after first being got from operable lock by main frame;

Area code	Encoded agent	Sequence number	New password
				010	43471	001	579267759AB
0471	AEE16	002	B0020A888C5
				022	3AE67	003	B7A3363683D
0531	9F55F	004	E15E4ECEFD4

Step 306: license lock uses the operable lock PKI of storage inside to be encrypted new password and encoded agent;

Such as, the private key in the present embodiment is: D9DCAB903F7ED10B, and the result using DES algorithm to calculate above-mentioned new password is as follows:

New password	Encoded agent	Encrypted result
			579267759AB	43471	61AB82F395B8124F
B0020A888C5	AEE16	19B6C12CAF28645C
			B7A3363683D	3AE67	6AC509216E2383B1
E15E4ECEFD4	9F55F	13D468CC11A01533

Concrete, the new password in the present embodiment is 579267759AB, and corresponding encrypted result is within step 306 61AB82F395B8124F;

Step 307: encrypted result and new password are sent to main frame by license lock;

In the present embodiment, when main frame also stores corresponding preset algorithm, then in step 307, encrypted result is only sent to main frame by license lock; Main frame according to user input and sequence number and the encoded agent obtained from operable lock, area code, operable lock type and preset function generation new password;

Step 308: main frame receives encrypted result and new password, and send to operable lock according to its generation checking instruction;

Checking instruction in the present embodiment also can generate in license lock, then step 307 and step 308 replace with:

Step 307 ': license lock is just being verified instruction according to encrypted result and new password life and is sending it to main frame;

Step 308 ': the instruction of main frame Receipt Validation also sends it to operable lock;

Step 309: the instruction of operable lock Receipt Validation is also carried out parsing to it and obtained encrypted result and new password;

Step 310: operable lock is verified encrypted result, then performs step 311 as being proved to be successful, and as authentication failed then returns authentication failed information to main frame, terminates;

Concrete, in the present embodiment, proof procedure comprises:

Step 310-1: operable lock uses the own private key of storage inside to be decrypted encrypted result, as successful decryption performs step 310-2, then returns authentication failed information to main frame as deciphered failure, terminates;

Step 310-2: whether operable lock judges to decipher the password obtained identical with resolving the new password obtained, and is perform step 310-3, otherwise returns authentication failed information to main frame, terminate;

Step 310-3: whether operable lock judges to decipher the encoded agent obtained identical with the encoded agent of storage inside, is perform step 311, otherwise returns authentication failed information to main frame, terminates;

Step 311: operable lock new password replaces the password of storage inside;

Step 312: operable lock returns successful operation information to main frame, terminates.

Also have other implementations in the present embodiment, such as when operation institute verifies that the specific part of new key is digital identical with the corresponding part data of the password of storage inside, then the password of storage replaced with new password, namely also can comprise between step 309 and step 311:

Operable lock judges that whether whether the specific part data of new password identical with the appropriate section data of the password of storage inside, is continue, otherwise returns miscue information to main frame, terminates; Concrete, in the present embodiment, the specific part data of new password are first half data or latter half data, or other data segment.

Embodiment five

The embodiment of the present invention five provides a kind of system revising password of encryption lock, as shown in Figure 5, comprising: main frame 1, license lock 2 and operable lock 3, and wherein, described main frame 1 comprises:

First receiver module 11, for receiving the trigger message of user, also by the data receiving license lock 2 and operable lock 3 transmission;

First judge module 12, for having judged whether that license lock is connected with main frame 1 with operable lock;

First sending module 13, for sending data to license lock and operable lock;

First generation module 14, for generating checking instruction;

License lock 2 comprises:

Second receiver module 21, for receiving the data that the first sending module 13 sends;

First acquisition module 22, for the amendment information acquisition new password received according to the second receiver module 21;

Processing module 23, for processing new password;

Second sending module 24, for the first receiver module 11 transmission processing result and new password;

In the present embodiment, checking instruction also can generate in license lock 2, then first in main frame 1 generates instruction and be included in license lock 2;

Operable lock 3 comprises:

3rd receiver module 31, for receiving the checking instruction that the first sending module 11 sends;

Parsing module 32, for resolving checking instruction;

Authentication module 33, verifies for resolving to parsing module the result obtained;

Replacement module 34: for resolving the password of the new password replacement operation lock storage inside obtained with parsing module;

3rd sending module 35, for sending information to the first receiver module 11;

Information in the present embodiment comprises the information of being proved to be successful and authentication failed information.

The implementation method of the acquisition new password in the present embodiment has following several mode,

(1) the first implementation: main frame 1 also comprises:

Second acquisition module, for obtaining cipher list from license lock;

Output module, for output password list;

First sending module 13 is for sending to license lock 2 by the password of choosing in selection information.

In the first implementation, cipher list generates authority through encryption and is stored in main frame, and in main frame, store multiple authority;

Second acquisition module specifically for obtaining operable lock mark, the authority corresponding according to operable lock identifier lookup from license lock 2;

First sending module 13 is also for sending to license lock 2 by the authority found;

License lock 2 also comprises: deciphering module, and for being decrypted authority, successful decryption obtains cipher list;

Second sending module 24 is deciphered the cipher list obtained and is sent to main frame 1.

(2) the second implementation: store multiple cipher list in license lock;

Main frame 1 also comprises the 3rd acquisition module, for obtaining operable lock mark from operable lock 3;

First sending module 13 is also for sending to license lock 2 by operable lock mark;

License lock 2 also comprises: search module, for the cipher list corresponding according to operable lock identifier lookup.

(3) the third implementation, stores multiple cipher list in license lock;

License lock 2 also comprises: the 3rd judge module, for judging whether operable lock mark conforms to the cipher list of storage inside.

(4) the 4th kinds of implementations, according to the serial number gencration new password that user chooses;

Main frame 1 also comprises output module and the 3rd judge module,

Output module: for exporting sequence number list;

In the present embodiment, this sequence number list can for prestore in main frame or main frame obtains from license lock;

3rd judge module: for judging whether receive selection information in Preset Time;

The sequence number of the first sending module 13 also for the user in selection information being chosen sends to license lock 2;

The serial number gencration new password of the first acquisition module 22 specifically for choosing according to user.

Intuitively see new password for the convenience of the user, main frame also comprises generation output module, for according to the serial number gencration new password in sequence number list, all new passwords is formed cipher list and exports.

(5) the 5th kinds of implementations, according to the serial number gencration new password of user's input;

Main frame 1 also comprises output module and the 3rd judge module,

Output module: for exporting dialog box;

3rd judge module: for judging the sequence number whether receiving user's input in Preset Time;

The sequence number of the first sending module also for user being inputted sends to license lock 2;

The serial number gencration new password of the first acquisition module 22 specifically for inputting according to user.

(6) the 6th kinds of implementations, are previously stored with new password list and corresponding sequence number list in license lock, then obtain corresponding new password according to the sequence number that user chooses;

Main frame 1 also comprises acquisition output module and the 3rd judge module,

Obtain output module: for obtaining sequence number list and export from license lock 2;

License lock 2 also comprises: the 4th acquisition module, and the sequence number for choosing according to user obtains corresponding new password from the cipher list of storage inside.

The present embodiment, as to the initial password amendment of operable lock once, and verified that the specific implementation of instruction when host side generates is as follows:

Second sending module 24 is also for sending to main frame 1 by the operable lock initial password of license lock 2 storage inside;

First generation module 14 is specifically for generating checking instruction according to operable lock initial password, result and new password;

Authentication module 33 comprises: authentication unit, verifies for resolving to parsing module 32 new password obtained; Whether the first judging unit is identical with the password of storage inside for judging that parsing module 32 resolves the operable lock initial password obtained.

The present embodiment, as to the initial password amendment of operable lock once, and verified that the specific implementation of instruction when license lock end generates is as follows:

First generation module generates checking instruction specifically for the operable lock initial password according to storage inside, result and new password;

In the present embodiment, in license lock, following several method is comprised to the processing procedure of new password:

I, processing module 23 are signed to new password specifically for the own private key of use authority lock 2;

Accordingly, authentication module 33 comprises: decryption unit, for being decrypted resolving the signature result obtained with the license lock PKI of operable lock 3 storage inside; Calculating judging unit, for using preset digest algorithm to calculate resolving the new password obtained, and judging that whether result of calculation is consistent with the decrypted result that decryption unit successful decryption obtains.

The operable lock PKI that II, processing module 23 lock 2 storage inside specifically for use authority is encrypted new password;

Authentication module comprises: decryption unit, for being decrypted resolving the encrypted result obtained with the own private key of operable lock 3 storage inside; Judging unit, whether consistent with the decrypted result that decryption unit successful decryption obtains for judging that parsing module 32 resolves the new password obtained.

For strengthening the security of retouching operation lock cipher, can also realize with the following methods;

1. generate in host side in checking instruction, and include operable lock coding in checking instruction, before Modify password, operable lock need be verified operable lock coding;

Main frame 1 also comprises the 5th acquisition module, for obtaining operable lock coding from operable lock 3;

The first generation module 14 in main frame 1 is specifically for generating checking instruction according to operable lock coding, result and new password;

Authentication module 33 comprises: judging unit, for judging that parsing module 32 is resolved the operable lock coding obtained and whether encoded consistent with the operable lock of operable lock 3 storage inside; Authentication unit, verifies for resolving to parsing module 32 new password obtained.

2. generate at license lock end in checking instruction, and include operable lock coding in checking instruction, before Modify password, operable lock need be verified operable lock coding;

Main frame 1 also comprises the 5th acquisition module, and user obtains operable lock coding from operable lock 3;

First sending module 13 is also for sending to license lock 2 by operable lock coding;

The first generation module in license lock 2 is specifically for generating checking instruction according to operable lock coding, result and new password;

Authentication module 33 comprises: judging unit, for judging that parsing module 32 is resolved the operable lock coding obtained and whether encoded consistent with the operable lock of operable lock 3 storage inside; Authentication unit, verifies for resolving to described parsing module the new password obtained.

3. operable lock is before Modify password, the legitimacy of password is verified, whether then operable lock 3 also comprises: the 4th judge module, identical with the data on relevant position in the password of storage inside for judging that parsing module 32 to resolve in the new password obtained data on ad-hoc location.

The above; be only the present invention's preferably embodiment, but protection scope of the present invention is not limited thereto, is anyly familiar with those skilled in the art in technical scope disclosed by the invention; the change that can expect easily or replacement, all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection domain of claim.

Claims

1. revise a method for password of encryption lock, it is characterized in that, comprising:

Step B: amendment information is sent to license lock by described main frame;

2. the method for claim 1, is characterized in that, described step D and step e replace with:

Step D ': described license lock processes described new password;

3. method as claimed in claim 1 or 2, is characterized in that, comprise between described steps A and step B: described main frame obtains cipher list from described license lock, and is exported;

4. method as claimed in claim 3, it is characterized in that, described main frame obtains cipher list and specifically comprises from described license lock:

5. method as claimed in claim 3, it is characterized in that, described main frame obtains cipher list and specifically comprises from described license lock:

6. method as claimed in claim 3, it is characterized in that, described main frame obtains cipher list and specifically comprises from described license lock:

Described license lock receives described operable lock mark, judges whether described operable lock mark conforms to described cipher list, is continue, otherwise returns error message to main frame, terminates.

7. method as claimed in claim 1 or 2, is characterized in that, comprise between described steps A and step B: described main frame exports the selection information that user's input is waited in sequence number list, and judge whether receive selection information in Preset Time, continue, otherwise output error message, terminate;

8. method as claimed in claim 7, is characterized in that, also comprise between described steps A and step B: described main frame, according to the serial number gencration new password in described sequence number list, forms cipher list and exports;

9. method as claimed in claim 1 or 2, is characterized in that, comprise between described steps A and step B: described main frame exports dialog box, waiting for that user inputs sequence number, and judge the sequence number whether receiving user's input in Preset Time, is continue, otherwise output error message, terminates;

10. method as claimed in claim 1 or 2, it is characterized in that, comprise between described steps A and step B: described main frame obtains sequence number list and exports from described license lock, wait for the selection information of user's input, and judge whether receive selection information in Preset Time, continue, otherwise output error message, terminate;

11. the method for claim 1, is characterized in that, described step D also comprises: the operable lock initial password of storage inside is sent to main frame by described license lock;

Also comprise in described step F:

12. methods as claimed in claim 2, is characterized in that, step e ' in generate checking instruction and be specially: described license lock generates checking instruction according to the operable lock initial password of storage inside, result and new password, and sends it to described operable lock;

Also comprise in described step F:

13. methods as claimed in claim 1 or 2, it is characterized in that, described license lock is carried out process to described new password and is specially: described license lock uses own private key to sign to described new password, and signature result and described new password are sent to described main frame;

14. methods as claimed in claim 13, is characterized in that, verify specifically comprise in described step F to analysis result:

15. methods as claimed in claim 1 or 2, it is characterized in that, described license lock is carried out process to described new password and is specially: described license lock uses the operable lock PKI of storage inside to be encrypted described new password, and encrypted result and described new password are sent to described main frame;

16. the method for claim 1, is characterized in that, also comprise between described steps A and step B: described main frame sends to described operable lock and obtains instruction, obtains the random number in described operable lock;

17. methods as claimed in claim 2, is characterized in that, also comprise: described main frame obtains random number and sends it to described license lock from described operable lock before described step D ';

18. methods as described in claim 16 or 17, it is characterized in that, described license lock processes described new password and random number, is specially:

19. methods as claimed in claim 18, it is characterized in that, described step F specifically comprises:

20. methods as described in claim 16 or 17, it is characterized in that, described license lock processes described new password and random number and specifically comprises: described license lock uses the operable lock PKI of storage inside to be encrypted described new password and random number;

21. the method for claim 1, is characterized in that, comprise before described step e: described main frame obtains operable lock coding from described operable lock;

Described step F specifically comprises:

22. methods as claimed in claim 2, is characterized in that, described step e ' also comprise before: described main frame obtains operable lock and encodes and send it to described license lock from described operable lock;

Described step F specifically comprises:

23. methods as claimed in claim 1 or 2, is characterized in that, also comprise in described step F:

Described operable lock judges that in the new password that parsing obtains, on ad-hoc location, whether data are identical with the data on relevant position in the password of storage inside, are continue, otherwise give described main frame return message, terminate.

24. 1 kinds of systems revising password of encryption lock, it is characterized in that, comprising: license lock, main frame and operable lock, wherein, described main frame comprises:

First generation module, for generating checking instruction;

Described license lock comprises:

Processing module, for processing described new password;

Described operable lock comprises:

Parsing module, for resolving described checking instruction;

3rd sending module, for sending information to described first receiver module.

25. systems as claimed in claim 24, it is characterized in that, described first generation module is included in described license lock.

26. systems as described in claim 24 or 25, it is characterized in that, described main frame also comprises:

Output module, for exporting described cipher list;

27. systems as claimed in claim 26, is characterized in that, described second acquisition module specifically for obtaining operable lock mark, the authority corresponding according to described operable lock identifier lookup from described license lock;

28. systems as claimed in claim 26, it is characterized in that, described main frame also comprises the 3rd acquisition module, for obtaining operable lock mark from described operable lock;

29. systems as claimed in claim 26, it is characterized in that, described main frame also comprises the 3rd acquisition module, for obtaining operable lock mark from described operable lock;

Described license lock also comprises: the 3rd judge module, for judging whether described operable lock mark conforms to described cipher list.

30. systems as described in claim 24 or 25, it is characterized in that, described main frame also comprises output module and the 3rd judge module,

Described output module: for exporting sequence number list;

31. systems as described in claim 24 or 25, it is characterized in that, described main frame also comprises output module and the 3rd judge module,

Described output module: for exporting dialog box;

32. systems as claimed in claim 26, is characterized in that, described main frame also comprises acquisition output module and the 3rd judge module,

33. systems as claimed in claim 24, is characterized in that, described second sending module is also for sending to described main frame by the operable lock initial password of described license lock storage inside;

34. systems as claimed in claim 25, is characterized in that, described first generation module generates checking instruction specifically for the operable lock initial password according to storage inside, described result and new password;

35. systems as described in claim 24 or 25, it is characterized in that, described processing module is signed to described new password specifically for using the own private key of described license lock;

Described authentication module comprises:

36. systems as claimed in claim 24, is characterized in that, described processing module is encrypted described new password specifically for using the operable lock PKI of described license lock storage inside;

Described authentication module comprises:

37. systems as claimed in claim 24, it is characterized in that, described main frame also comprises the 5th acquisition module, for obtaining operable lock coding from described operable lock;

Described authentication module comprises:

38. systems as claimed in claim 25, it is characterized in that, described main frame also comprises the 5th acquisition module, and user obtains operable lock coding from described operable lock;

Described authentication module comprises:

39. systems as described in claim 24 or 25, it is characterized in that, whether described operable lock also comprises: the 4th judge module, identical with the data on relevant position in the password of storage inside for judging that described parsing module to resolve in the new password obtained data on ad-hoc location.