CN103646205A - Method for controlling operation of encryption lock - Google Patents

Method for controlling operation of encryption lock Download PDF

Info

Publication number
CN103646205A
CN103646205A CN201310718834.1A CN201310718834A CN103646205A CN 103646205 A CN103646205 A CN 103646205A CN 201310718834 A CN201310718834 A CN 201310718834A CN 103646205 A CN103646205 A CN 103646205A
Authority
CN
China
Prior art keywords
steps
module
encryption lock
sign
item
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201310718834.1A
Other languages
Chinese (zh)
Other versions
CN103646205B (en
Inventor
陆舟
于华章
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Feitian Technologies Co Ltd
Original Assignee
Feitian Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Feitian Technologies Co Ltd filed Critical Feitian Technologies Co Ltd
Priority to CN201310718834.1A priority Critical patent/CN103646205B/en
Publication of CN103646205A publication Critical patent/CN103646205A/en
Application granted granted Critical
Publication of CN103646205B publication Critical patent/CN103646205B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards

Abstract

The invention discloses a method for controlling operation of an encryption lock. The method comprises the steps of creating a corresponding characteristic item if the encryption lock receives a characteristic item creation instruction issued by a host, creating a module corresponding to the characteristic item in the characteristic item, setting corresponding module authorization effective information, writing data in the characteristic item creation instruction into the encryption lock, creating a module corresponding to the data in the characteristic item, setting corresponding module authorization effective information, logging in the corresponding effective characteristic item if receiving a characteristic item log-in instruction, creating a module to be added in the corresponding logged-in characteristic item, and setting corresponding module authorization effective information if receiving a module adding instruction, reading the effective data in the corresponding logged-in characteristic item if receiving a data processing instruction, and exiting the currently logged-in characteristic item if receiving a characteristic item exit instruction. The method can create multiple characteristic items to allow the encryption lock to have multiple operation modes, and the module adding and upgrade can be performed uniformly.

Description

A kind of method of controlling encryption lock work
Technical field
The present invention relates to information security field, relate in particular to a kind of method of controlling encryption lock work.
Background technology
Encryption lock is a kind of intelligent instrument with software protection function; before encryption lock dispatches from the factory, just arrange therein some independently authorization messages (for example arrange metering module value, arrange timing module value, write key, to certain position of user data area or certain file data writing of file system etc.); these authorization messages are not contact each other; can only need to use separately; encryption lock can only carry out work under a kind of application model; and need respectively the authorization message in encryption lock is modified or upgraded, operate comparatively loaded down with trivial details.How realizing encryption lock can work under multiple application model, and the mandate in modification or upgrade encryption lock can once to complete be prior art problem demanding prompt solution.
Summary of the invention
The object of the invention is to use pattern single in order to overcome encryption lock in prior art, the problem revise, updating operation being comparatively loaded down with trivial details, provides a kind of control encryption lock method of work.
The invention provides a kind of method of controlling encryption lock work, comprising:
Steps A 1: encryption lock powers on and carries out initialization;
Steps A 2: described encryption lock is waited for the instruction that Receiving Host sends;
Steps A 3: when described encryption lock receives the instruction that main frame issues, judge the type of described instruction, as performed step A4 for creating characteristic item instruction, as performed step A6 for the instruction of login feature item, as performed step A7 for interpolation module instruction; As performed step A8 for data processing instructions, as performed step A9 for the instruction of exit feature item;
Steps A 4: described encryption lock creates characteristic of correspondence item according to the characteristic item sign in the instruction of described establishment characteristic item, during the described characteristic item of judgement login, whether need to enable module, in described characteristic item, create the module corresponding with described characteristic item and corresponding module mandate effective information is set, execution step A5, otherwise execution step A5;
Steps A 5: described encryption lock judges whether described characteristic item to carry out data writing operation, the data in the instruction of described establishment characteristic item to be written in described encryption lock, whether judgement needs to enable module while reading described data, as needs as described in create in characteristic item with as described in module corresponding to data corresponding module mandate effective information is set, return to steps A 2, if do not needed, return to steps A 2; Otherwise return to steps A 2; Described data comprise: data in key and/or cryptographic algorithm and/or lock;
Steps A 6: described encryption lock is searched characteristic of correspondence item according to the characteristic item sign in the instruction of described login feature item, as found, in the characteristic item finding as described in judgement, whether exist with as described in the corresponding module of characteristic item, as described in judging as existed, whether corresponding module authorizes effectively, as effectively logined successfully, returns to steps A 2, as invalid, login unsuccessful, return to steps A 2, if do not existed, login unsuccessfully, return to steps A 2, as do not found, login unsuccessfully, return to steps A 2;
Steps A 7: whether described encryption lock judgement logins with the characteristic item sign characteristic of correspondence item in described interpolation module instruction, as described in judging as logined, in characteristic item, whether there is the module of the same type with the module that will add, that the described module that will add exists, return to steps A 2, otherwise the module that will add described in creating in described characteristic item also arranges corresponding module mandate effective information, return to steps A 2, as do not logined and return to steps A 2; The described module that will add comprises: the module corresponding with described characteristic item and/or described data;
Steps A 8: whether described encryption lock judgement logins with the characteristic item sign characteristic of correspondence item in described data processing instructions, whether the module corresponding with data in lock as described in judging as logined in characteristic item authorizes effectively, the data that read in described characteristic item, return to steps A 2, otherwise return to steps A 2, as do not logined and return to steps A 2; Described data processing instructions comprise call key instruction and/or call cryptographic algorithm instruction and/or read lock in data command;
Steps A 9: whether described encryption lock judgement logins with the characteristic item sign characteristic of correspondence item in the instruction of described exit feature item, is to exit described characteristic of correspondence item, returns to steps A 2, otherwise returns to steps A 2.
Further, described establishment characteristic of correspondence item comprises: create configuration file;
Describedly in described characteristic item, create the module corresponding with described characteristic item and corresponding module mandate effective information is set, comprise: select an idle module, the module of described free time is set to initiate mode and itself and described characteristic item is bound, effective authorization message of described characteristic item is written in the module of described binding, the sign of the module of described binding is written in described configuration file;
Describedly in described characteristic item, create the module corresponding with described data and corresponding module mandate effective information is set, comprise: select an idle module, and the module of described free time is set to initiate mode and by itself and described data binding, effective authorization message of described data is written in the module of described binding, the sign of the module of described binding is written in described configuration file;
Described data in lock are write in encryption lock, comprising: select an idle file, data in described lock are written in described idle file, and corresponding file identification is written in described configuration file;
Described module comprises timing module and/or metering module and/or cut-off date module.
Further, described steps A 7 comprises:
Steps A 7-0: described encryption lock obtains characteristic item sign from described interpolation module instruction;
Steps A 7-1: whether described encryption lock judgement identifies corresponding characteristic item with described characteristic item and login, and is to perform step A7-2, otherwise returns to steps A 2;
Steps A 7-2: described encryption lock is searched corresponding configuration file according to described characteristic item sign, performs step A7-3, otherwise return to steps A 2 as found;
Steps A 7-3: described encryption lock judges according to described interpolation module instruction the sign that whether has module of the same type in described configuration file, is that the described module that will add exists, returns to steps A 2, otherwise execution step A7-4;
Steps A 7-4: the module that will add described in creating in described characteristic item the mandate effective information that described module is set, return to steps A 2.
Further, idle module of described selection, the module of described free time is set to initiate mode and itself and described characteristic item is bound, effective authorization message of described characteristic item is written in the module of described binding, the sign of the module of described binding is written in described configuration file, comprises:
Step B1: the type of the module that described encryption lock judgement residue does not create, as performed step B2 for timing module, as performed step B4 for metering module, as performed step B6 for cut-off date module;
Step B2: whether available free described encryption lock judge in timing module list timing module, is to perform step B3, otherwise creates timing module failure, execution step B8;
Step B3: described encryption lock is selected an idle timing module, the timing module of described free time is set to initiate mode and itself and described characteristic item is bound, the effecting surplus time of login feature item is written in described timing module, and the sign of described timing module is written in corresponding configuration file to execution step B8;
Step B4: whether available free described encryption lock judge in metering module list metering module, is to perform step B5, otherwise creates the failure of metering module, execution step B8;
Step B5: described encryption lock is selected an idle metering module, the metering module of described free time is set to initiate mode and itself and described characteristic item is bound, the effecting surplus number of times of login feature item is written in described metering module, and the sign of described metering module is written in corresponding configuration file to execution step B8;
Step B6: whether available free described encryption lock judge in cut-off date module list cut-off date module, is to perform step B7, otherwise creates cut-off date module failure, execution step B8;
Step B7: described encryption lock is selected an idle cut-off date module, the cut-off date module of described free time is set to initiate mode and itself and described characteristic item is bound, effective cut-off date of login feature item is written in the cut-off date module of described free time, and the sign of described cut-off date module is written in corresponding configuration file to execution step B8;
Step B8: all modules that need to enable when described encryption lock judges whether to have created the described characteristic item of login, are to continue, otherwise return to step B1.
Further, described steps A 6 comprises:
Steps A 6-1: described encryption lock obtains characteristic item sign from the instruction of described login feature item;
Steps A 6-2: described encryption lock is searched with described characteristic item and identified corresponding configuration file, performs step A6-3 as found, and logins unsuccessfully as do not found, and returns to steps A 2;
Steps A 6-3: described encryption lock judges the sign that whether has the module of binding with the characteristic item of current login in described configuration file, is to perform step A6-4, otherwise logins successfully, and returns to steps A 2;
Steps A 6-4: described encryption lock judges the type of the sign of the module that remains untreated and described characteristic item binding, as performed step A6-5 for the sign of timing module, as for the sign of metering module performs step A6-6, as performed step A6-7 for the sign of cut-off date module;
Steps A 6-5: described encryption lock obtains the effecting surplus time of login feature item according to the sign of described timing module from corresponding timing module, whether the effecting surplus time that judges described login feature item equals the first Preset Time, that described characteristic item is invalid, return to steps A 2, otherwise execution step A6-8;
Steps A 6-6: described encryption lock obtains the effecting surplus number of times of login feature item from corresponding metering module according to the sign of described metering module, whether the effecting surplus number of times that judges described login feature item is the first preset times, that described characteristic item is invalid, return to steps A 2, otherwise execution step A6-8;
Steps A 6-7: described encryption lock obtains effective closing time of login feature item from corresponding cut-off date module according to the sign of described cut-off date module, judge whether current login time surpasses effective cut-off date of described login feature item, that described characteristic item is invalid, return to steps A 2, otherwise execution step A6-8;
Steps A 6-8: the described encryption lock all modules with described characteristic item binding that judge whether to finish dealing with are to login successfully, and return to steps A 2, otherwise return to steps A 6-4.
Further, idle module of described selection, and the module of described free time is set to initiate mode and by data binding in itself and described lock, effective authorization message of data in described lock is written in the module of described binding, the sign of the module of described binding is written in described configuration file, comprises:
Step C1: the type of the module that described encryption lock judgement residue does not create, as performed step C2 for timing module, as performed step C4 for metering module, as performed step C6 for cut-off date module;
Step C2: whether available free described encryption lock judge in timing module list timing module, is to perform step C3, otherwise creates timing module failure, execution step C8;
Step C3: described encryption lock is selected an idle timing module, the timing module of described free time is set to initiate mode and by data binding in itself and described lock, the effecting surplus time of data in lock is written in described timing module, and the sign of described timing module is written in corresponding configuration file to execution step C8;
Step C4: whether available free described encryption lock judge in metering module list metering module, is to perform step C5, otherwise creates the failure of metering module, execution step C8;
Step C5: described encryption lock is selected an idle metering module, the metering module of described free time is set to initiate mode and by data binding in itself and described lock, the effecting surplus number of times of data in lock is written in described metering module, and the sign of described metering module is written in corresponding configuration file to execution step C8;
Step C6: whether available free described encryption lock judge in cut-off date module list cut-off date module, is to perform step C7, otherwise creates cut-off date module failure, execution step C8;
Step C7: described encryption lock is selected an idle cut-off date module, and the cut-off date module of described free time is set to initiate mode and by data binding in itself and described lock, effective cut-off date of data in lock is written in described cut-off date module, and the sign of described cut-off date module is written in corresponding configuration file to execution step C8;
Step C8: described encryption lock judges whether to have created while reading the interior data of described lock need to enable all modules, is to continue, otherwise returns to step C1.
Further, described data processing instructions comprises and calls key instruction, and described steps A 8 comprises:
Steps A 800: described encryption lock obtains characteristic item sign from described calling key instruction;
Steps A 801: whether the judgement of described encryption lock logins with described characteristic item sign characteristic of correspondence item, is to perform step A802, otherwise described characteristic of correspondence item do not login, and returns to steps A 2;
Steps A 802: described encryption lock is searched corresponding configuration file according to described characteristic item sign, perform step A803, otherwise described characteristic item is invalid as found, and returns to steps A 2;
Steps A 803: whether having the sign with the module of key bindings in the configuration file finding described in the judgement of described encryption lock, is to perform step A804, otherwise execution step A809;
Steps A 804: the type of the sign of the module of the judgement of described encryption lock untreated described and key bindings, as performed step A805 for the sign of timing module, as for the sign of metering module performs step A806, as performed step A807 for the sign of cut-off date module;
Steps A 805: the effecting surplus time that described encryption lock obtains key according to the sign of the timing module of described and key bindings from corresponding timing module, whether the effecting surplus time that judges described key equals the second Preset Time, that described key is invalid, return to steps A 2, otherwise execution step A808;
Steps A 806: described encryption lock obtains the effecting surplus number of times of key according to the sign of the metering module of described and key bindings from corresponding metering module, whether the effecting surplus number of times that judges described key is the second preset times, that described key is invalid, return to steps A 2, otherwise execution step A808;
Steps A 807: described encryption lock obtains effective closing time of key from corresponding cut-off date module according to the sign of the cut-off date module of described and key bindings, judge whether current time surpasses effective cut-off date of described key, that described key is invalid, return to steps A 2, otherwise execution step A808;
Steps A 808: the described encryption lock all modules with described key bindings that judge whether to finish dealing with, are to perform step A809, otherwise return to steps A 804;
Steps A 809: described encryption lock calls key according to the key file sign in described configuration file from corresponding key file, returns to steps A 2.
Further, described data processing instructions comprises and calls cryptographic algorithm instruction, and described steps A 8 comprises:
Steps A 810: described encryption lock obtains characteristic item sign from described calling cryptographic algorithm instruction;
Steps A 811: whether the judgement of described encryption lock logins with described characteristic item sign characteristic of correspondence item, is to perform step A812, otherwise described characteristic of correspondence item do not login, and returns to steps A 2;
Steps A 812: described encryption lock is searched corresponding configuration file according to described characteristic item sign, perform step A813, otherwise described characteristic item is invalid as found, and returns to steps A 2;
Steps A 813: whether having the sign of the module of binding with cryptographic algorithm in the configuration file finding described in described encryption lock judgement, is to perform step A814, otherwise execution step A819;
Steps A 814: the type of the sign of the module of binding with cryptographic algorithm described in described encryption lock judgement is untreated, as performed step A815 for the sign of timing module, as for the sign of metering module performs step A816, as performed step A817 for the sign of cut-off date module;
Steps A 815: the effecting surplus time that described encryption lock obtains cryptographic algorithm according to the sign of the described timing module of binding with cryptographic algorithm from corresponding timing module, whether the effecting surplus time that judges described cryptographic algorithm equals the 3rd Preset Time, that described cryptographic algorithm is invalid, return to steps A 2, otherwise execution step A818;
Steps A 816: described encryption lock obtains the effecting surplus number of times of cryptographic algorithm according to the sign of described metering module of binding with cryptographic algorithm from corresponding metering module, whether the effecting surplus number of times that judges described cryptographic algorithm is the 3rd preset times, that described cryptographic algorithm is invalid, return to steps A 2, otherwise execution step A818;
Steps A 817: described encryption lock obtains effective closing time of cryptographic algorithm from corresponding cut-off date module according to the sign of described cut-off date module of binding with cryptographic algorithm, judge whether current time surpasses effective cut-off date of described cryptographic algorithm, that described cryptographic algorithm is invalid, return to steps A 2, otherwise execution step A818;
Steps A 818: the described encryption lock all modules with described cryptographic algorithm binding that judge whether to finish dealing with, are to perform step A819, otherwise return to steps A 814;
Steps A 819: described encryption lock calls cryptographic algorithm according to the cryptographic algorithm file identification in described configuration file from corresponding cryptographic algorithm file, returns to steps A 2.
Further, described data processing instructions comprises data command in read lock, and described steps A 8 comprises:
Steps A 820: described encryption lock obtains characteristic item sign in described read lock data command;
Steps A 821: whether the judgement of described encryption lock logins with described characteristic item sign characteristic of correspondence item, is to perform step A822, otherwise described characteristic of correspondence item do not login, and returns to steps A 2;
Steps A 822: described encryption lock is searched corresponding configuration file according to described characteristic item sign, perform step A823, otherwise described characteristic item is invalid as found, and returns to steps A 2;
Steps A 823: in the configuration file finding described in the judgement of described encryption lock, whether exist with the lock that will read in the sign of module of data binding, be to perform step A824, otherwise execution step A829;
Steps A 824: the type of the sign of the module of data binding in the judgement of described encryption lock untreated described and lock, as performed step A825 for the sign of timing module, as for the sign of metering module performs step A826, as performed step A827 for the sign of cut-off date module;
Steps A 825: described encryption lock is according to the described effecting surplus time of obtaining the interior data of lock with the sign of locking the timing module of interior data binding from corresponding timing module, whether the effecting surplus time that judges data in described lock equals the 4th Preset Time, that the interior data of the described lock that will read are invalid, return to steps A 2, otherwise execution step A828;
Steps A 826: described encryption lock obtains with the sign of locking the metering module of interior data binding the effecting surplus number of times of locking interior data according to described from corresponding metering module, whether the effecting surplus number of times that judges data in described lock is the 4th preset times, that the interior data of the described lock that will read are invalid, return to steps A 2, otherwise execution step A828;
Steps A 827: described encryption lock is according to described effective closing time of obtaining the interior data of lock with the sign of locking the cut-off date module of interior data binding from corresponding cut-off date module, judge whether current time surpasses effective cut-off date of data in described lock, that the interior data of the described lock that will read are invalid, return to steps A 2, otherwise execution step A828;
Steps A 828: described encryption lock judge whether to finish dealing with described lock in all modules of data binding, be to perform step A829, otherwise return to steps A 824;
Steps A 829: described encryption lock reads data in lock according to the data file sign in described configuration file from corresponding data file, returns to steps A 2.
Further, as described in steps A 3 as described in judgement the type of instruction be the instruction of upgrade feature item, described method also comprises:
Steps A 10: described encryption lock obtains characteristic item sign and AKU from the instruction of described upgrade feature item;
Steps A 11: whether the judgement of described encryption lock logins with described characteristic item sign characteristic of correspondence item, is to perform step A12, otherwise described characteristic of correspondence item do not login, and returns to steps A 2;
Steps A 12: described encryption lock is searched corresponding configuration file according to described characteristic item sign, performs step A13, as do not find and upgrade unsuccessfully as found, and returns to steps A 2;
Steps A 13: described encryption lock is used the upgrading private key in described encryption lock to be decrypted described AKU, as successful decryption obtains deciphering AKU, execution step A14, as the Decryption failures failure of upgrading, returns to steps A 2;
Steps A 14: described encryption lock judges whether to meet promotion condition, is to perform step A15, otherwise upgrades unsuccessfully, returns to steps A 2;
Steps A 15: the characteristic item information in encryption lock described in the characteristic item information updating in described deciphering AKU for described encryption lock, return to steps A 2.
Further, described steps A 14 comprises:
Steps A 14-1: described encryption lock carries out verification to described deciphering AKU, judges that whether AKU form is correct, is to perform step A14-2, otherwise upgrades unsuccessfully, returns to steps A 2;
Steps A 14-2: described encryption lock judges in described deciphering AKU whether have hardware ID, is to perform step A14-3, otherwise upgrades unsuccessfully, returns to steps A 2;
Steps A 14-3: described encryption lock judges that whether the hardware ID in described deciphering AKU is consistent with the hardware ID of preserving in described encryption lock, is to perform step A14-4, otherwise upgrades unsuccessfully, returns to steps A 2;
Steps A 14-4: described encryption lock judges in described deciphering AKU whether stab if having time, be to perform step A14-5, otherwise upgrade unsuccessfully, return to steps A 2;
Steps A 14-5: described encryption lock judges whether the timestamp in described deciphering AKU is greater than the timestamp of preserving in described encryption lock, with the timestamp of preserving in encryption lock described in the update of time stamp in described deciphering AKU, execution step A15, otherwise upgrade unsuccessfully, steps A 2 returned to.
Further, in described steps A 6, login successfully and also comprise afterwards: create with described characteristic item and identify corresponding login sign;
Whether described encryption lock judgement logins with the characteristic item sign characteristic of correspondence item in described interpolation module instruction, be specially: search with described characteristic item and identify corresponding login sign, as find characteristic of correspondence item to login, as do not find characteristic of correspondence item not login;
After exiting characteristic of correspondence item described in described steps A 9, also comprise: delete and identify corresponding login sign with described characteristic item.
Further, in described steps A 6, login successfully and comprise afterwards: described encryption lock generates the match flag of described characteristic item and is saved in described configuration file, and described encryption lock returns to described main frame by described match flag;
Whether the judgement of encryption lock described in described steps A 7 logins with the characteristic item sign characteristic of correspondence item in described interpolation module instruction, comprise: described encryption lock obtains match flag from described interpolation module instruction, judge and in encryption lock, whether have identical match flag, be that characteristic of correspondence item is logined, otherwise characteristic of correspondence item is not logined;
Whether the judgement of encryption lock described in described steps A 8 logins with the characteristic item sign characteristic of correspondence item in described data processing instructions, comprise: described encryption lock obtains match flag from described data processing instructions, judge and in encryption lock, whether have identical match flag, be that characteristic of correspondence item is logined, otherwise characteristic of correspondence item is not logined;
Described steps A 9 comprises: described encryption lock obtains match flag from the instruction of described exit feature item, judges in encryption lock whether have identical match flag, is the match flag of deleting in described encryption lock, returns to steps A 2, otherwise returns to steps A 2.
Further, in described steps A 5, also comprise: the time that writes character pair item in described configuration file authorizes;
Described encryption lock judgement also comprises after having logined with described characteristic item sign characteristic of correspondence item: the time of the characteristic item in the current configuration file of described encryption lock real-time inspection authorizes, as the time authorize expired delete as described in match flag, return to steps A 2, otherwise continue.
Further, in described steps A 5, also comprise: timer is set;
After logining successfully in described steps A 6, also comprise: open described timer, described timer continues timing;
While exiting described characteristic of correspondence item in described steps A 9, also comprise: close described timer, described timer stops timing;
Described encryption lock judgement also comprises after having logined with described characteristic item sign characteristic of correspondence item: described encryption lock judges whether the timing of described timer surpasses default login duration, is to delete described match flag, returns to steps A 2, otherwise continues.
Further, in described steps A 5, also comprise: the creation-time of storing described characteristic item;
Described encryption lock judgement also comprises after having logined with described characteristic item sign characteristic of correspondence item: described encryption lock checks the time interval of creation-time and the current time of current characteristic item, as equal default use duration delete as described in match flag, return to steps A 2, otherwise continue.
The present invention compared with prior art, has the following advantages:
The inventive method is by creating characteristic item, then according to the different working modes of encryption lock, create different authorisation features items data writing, in using the process of encryption lock, first need login feature item, when characteristic item is effective, again the modules in characteristic item and data are carried out to decision operation, simple to operate; In the process of follow-up use encryption lock, can in current characteristic item, add different authorization modules according to encryption lock mode of operation and authorization message; And in the use procedure of encryption lock, can directly to characteristic item, upgrade, without respectively modules being gone to upgrading, reduce the probability of makeing mistakes in escalation process; And when licensing mode is modified, do not need to revise code yet, directly upgrade the content of the characteristic item of encryption lock, safety simple to operate.
Accompanying drawing explanation
A kind of method flow diagram of controlling encryption lock work that Fig. 1 provides for the embodiment of the present invention one;
Fig. 2 and Fig. 3 are steps A 4 in Fig. 1 and the specific implementation process flow diagram of A5;
Fig. 4 is the specific implementation process flow diagram of the steps A 6 in Fig. 1;
Fig. 5 is the specific implementation process flow diagram of the steps A 7 in Fig. 1;
Fig. 6 is that encryption lock receives while calling key instruction the specific implementation process flow diagram in steps A 8 in Fig. 1;
Fig. 7 is that encryption lock receives while calling cryptographic algorithm instruction the specific implementation process flow diagram in steps A 8 in Fig. 1;
Fig. 8 is encryption lock specific implementation process flow diagram in A8 in block diagram 1 while receiving data command in read lock;
Fig. 9 is the specific implementation process flow diagram of encryption lock while receiving the instruction of upgrade feature item;
Figure 10 is the specific implementation process flow diagram of the steps A 9 in Fig. 1.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the present invention's part embodiment, rather than whole embodiment.Embodiment based in the present invention, those skilled in the art, not making the every other embodiment obtaining under creative work prerequisite, belong to the scope of protection of the invention.
The method of the control encryption lock work that the embodiment of the present invention provides, it is defined feature item (Feature) in encryption lock, by creating a characteristic item, a kind of authorization is set, can under this characteristic item, add again timing module, metering module, cut-off date module, and write in key, cryptographic algorithm, lock the information such as data, these authorization messages are all included in characteristic item, and user could use these information after only signing in to characteristic item.An encryption lock can create a plurality of characteristic items, and different mode of operations is licensed different characteristic items; The information such as the module in different characteristic item, key, data are separate, can not interact.In using encryption lock process, application program can be by calling the English full name of API(: Application Programming Interface, Chinese full name: the parameter that application programming interface) increases a characteristic item ID, when opening encryption lock, API signs in to the characteristic item of appointment by characteristic item ID, and then these authorization messages are checked, validity such as timing module, metering module, cut-off date module, by creating characteristic item, control the course of work of encryption lock, realized the pattern of many application.In the method for the control encryption lock work that the embodiment of the present invention provides, can also upgrade to characteristic item.
Embodiment mono-
The embodiment of the present invention one provides a kind of method of controlling encryption lock work, as shown in Figure 1, comprising:
Steps A 1: encryption lock powers on, carries out initialization;
Concrete, in the present embodiment, carry out initialization and comprise: each sign is resetted;
Steps A 2: encryption lock is waited for the instruction that Receiving Host sends;
Steps A 3: when receiving the instruction that main frame issues, the type of decision instruction, as performed step A4 for creating characteristic item instruction, as carried out A6 for the instruction of login feature item, as interpolation module instruction performs step A7; As performed step A8 for data processing instructions, as performed step A9 for the instruction of exit feature item;
In the present embodiment, data processing instructions comprise call key instruction and/or call cryptographic algorithm instruction and/or read lock in data command;
In steps A 3 in the present embodiment, as receiving the instruction of upgrade feature item, encryption lock characteristic of correspondence item is carried out to updating operation; The instruction receiving as encryption lock is returned to error message to main frame during for above-mentioned instruction, returns to steps A 2, continues to wait for to receive instruction;
In the present embodiment, when Host Detection is called to establishment characteristic item (Feature) interface, obtain characteristic item sign (FeatureID), according to FeatureID, organize corresponding establishment characteristic item instruction and be handed down to encryption lock; When Host Detection is called to login feature item interface, obtain FeatureID, according to FeatureID, organize corresponding login feature item instruction and be handed down to encryption lock; When Host Detection is called to interpolation module interface, obtain FeatureID, according to FeatureID, build corresponding interpolation module instruction and send to encryption lock; When Host Detection is called to cipher key interface, obtain the FeatureID that this key is corresponding, according to corresponding the calling key instruction and be handed down to encryption lock of FeatureID tissue; When Host Detection is called to cryptographic algorithm interface, obtain FeatureID corresponding to this cryptographic algorithm, according to corresponding the calling cryptographic algorithm instruction and be handed down to encryption lock of FeatureID tissue; When Host Detection is called to the interface of data in read lock, obtain corresponding FeatureID, according to FeatureID, organize in corresponding read lock data command and be handed down to encryption lock; When the upgrading tool in main frame receives the request of making Feature AKU, obtain FeatureID, according to FeatureID, organize corresponding upgrade feature item instruction and be handed down to encryption lock; When Host Detection is called to exit feature item interface, obtain FeatureID, according to FeatureID, organize corresponding exit feature item instruction and be handed down to encryption lock;
Concrete, in the present embodiment, main frame is called by the above-mentioned interface of button detection trigger;
Steps A 4: encryption lock creates characteristic of correspondence item according to the characteristic item sign creating in characteristic item instruction, while judging login feature item, whether need to enable module, in characteristic item, create the module corresponding with characteristic item and corresponding module mandate effective information is set, execution step A5, otherwise execution step A5;
In the present embodiment, according to the characteristic item sign creating in characteristic item instruction, create characteristic of correspondence item, be specially: according to the characteristic item sign creating in characteristic item instruction, create corresponding configuration file;
Steps A 5: encryption lock judges whether characteristic item to carry out data writing operation, data in the lock creating in characteristic item instruction to be written in encryption lock, whether judgement needs to enable module while reading the interior data of lock, as needs create the module corresponding with data in lock and corresponding module mandate effective information are set in characteristic item, return to steps A 2, if do not needed, return to steps A 2; Otherwise return to steps A 2;
Data in the present embodiment comprise: data in key and/or cryptographic algorithm and/or lock;
Concrete, in the present embodiment, the specific implementation process of steps A 4 and steps A 5 is as shown in Figures 2 and 3;
Steps A 6: encryption lock is searched characteristic of correspondence item according to the characteristic item sign in the instruction of login feature item, as found in the characteristic item that judgement is found, whether exist and the corresponding module of characteristic item, as existed, judge that whether corresponding module authorizes effectively, as effectively logined successfully, returns to steps A 2, as invalid, login unsuccessful, return to steps A 2, if do not existed, login unsuccessfully, return to steps A 2, as do not found, login unsuccessfully, return to steps A 2;
Concrete, in the present embodiment, the specific implementation process of steps A 6 is as shown in Figure 4;
Steps A 7: whether encryption lock judgement logins with the characteristic item sign characteristic of correspondence item adding in module instruction, as logined whether have the module of the same type with the module that will add in judging characteristic item, that the module that will add exists, return to steps A 2, otherwise in characteristic item, create the module that will add and corresponding module mandate effective information is set, return to steps A 2, as do not logined and return to steps A 2;
In the present embodiment, the module that will add comprises: the module corresponding with characteristic item and/or data; Described data comprise data in key and/or cryptographic algorithm and/or lock;
In the present embodiment, the specific implementation process of steps A 7 as shown in Figure 5;
Steps A 8: whether encryption lock judgement logins with the characteristic item sign characteristic of correspondence item in data processing instructions, as whether the module corresponding with data of logining in judging characteristic item authorizes effectively, the data that read in characteristic item, return to steps A 2, otherwise return to steps A 2, as do not logined and return to steps A 2;
In the present embodiment, data processing instructions comprise call key instruction and/or call cryptographic algorithm instruction and/or read lock in data command;
Concrete, in the present embodiment, encryption lock receive call key instruction specific implementation process as shown in Figure 6; Encryption lock receive call cryptographic algorithm instruction specific implementation process as shown in Figure 7; The specific implementation process that encryption lock receives data command in read lock as shown in Figure 8;
Steps A 9: whether encryption lock judgement logins with the characteristic item sign characteristic of correspondence item in the instruction of exit feature item, is to exit characteristic of correspondence item, returns to steps A 2, otherwise returns to steps A 2;
Concrete, in the present embodiment, the specific implementation process of steps A 9 is as shown in figure 10.
In the present embodiment, as authenticated user identity,, in creating the process of characteristic item operation, during as judgement login feature item, need to test PIN code, reminding user input PIN code; The PIN code that judges whether to receive user's input, is to preserve PIN code, otherwise reports an error; Preferably, in the present embodiment, whether judgement receives the PIN code that user inputs in Preset Time.
Accordingly, when login feature item operates, just need to authenticate user identity, before steps A 5, comprise: prompting user inputs PIN code, judging whether to receive the PIN code of user's input, as receive that PIN code judges that whether the PIN code of input is consistent with the PIN code of preserving, is to perform step A5, otherwise report an error, as do not received, PIN code reports an error; In the present embodiment, can arrange and repeatedly input user's PIN code, when as inconsistent in the PIN code of the PIN code preservation of judgement input, reminding user is inputted PIN code again, until user's input error number of times reaches preset times, reports an error.
As shown in Figures 2 and 3, in the present embodiment method, the specific implementation process of steps A 4 and steps A 5 comprises:
Step 101: encryption lock obtains FeatureID from create characteristic item instruction, creates corresponding configuration file according to FeatureID;
Step 102: encryption lock, according to creating when corresponding Feature is logined in characteristic item instruction judgement whether need to enable module, is to perform step 103, otherwise execution step 111;
In the present embodiment, step 102 is specially: encryption lock judgement creates in characteristic item instruction whether enable module sign, is to need to enable module, otherwise does not need to enable module;
Step 103: the Feature of the login correspondence that encryption lock judgement residue does not create need to enable the type of module, as is timing module, is to perform step 104, as performed step 106 for metering module, as carried out 108 for cut-off date module;
In the present embodiment, step 103 is specially: the type that module sign is enabled in judgement, as performed step 104 for timing module sign, as performed step 106 for metering module sign, as carried out 108 for cut-off date module sign;
Step 104: whether available free encryption lock judge in timing module list timing module, to select an idle timing module, this idle timing module is set to initiate mode and itself and this Feature is bound to execution step 105, otherwise execution step 110;
Step 105: encryption lock is written to the effecting surplus time of login Feature in the timing module of binding with Feature, and the sign of corresponding timing module is written in configuration file to execution step 110;
Concrete, in the present embodiment, the sign of timing module can be title, index, numbering or the ID etc. of module; Select in the present embodiment an idle timing module preferably to select to number minimum idle timing module;
Step 106: whether available free encryption lock judge in metering module list metering module, to select an idle metering module, this idle metering module is set to initiate mode and itself and this Feature is bound to execution step 107, otherwise execution step 110;
Step 107: encryption lock is written to the effecting surplus number of times of login Feature in the metering module of binding with Feature, and the sign of corresponding metering module is written in configuration file, execution step 110;
Concrete, in the present embodiment, the sign of metering module can be title, index or the ID etc. of module; Select in the present embodiment an idle metering module preferably to select the idle metering module of ID minimum;
Step 108: whether available free encryption lock judge in cut-off date module list cut-off date module, to select an idle cut-off date module, and this idle cut-off date module is set to initiate mode and itself and this Feature is bound, execution step 109, otherwise execution step 110;
Step 109: encryption lock is written to effective cut-off date of login Feature in the cut-off date module of binding with Feature, and the sign of corresponding cut-off date module is written in configuration file to execution step 110;
Concrete, in the present embodiment, the sign of cut-off date module can be title, index or the ID etc. of module; Select in the present embodiment an idle cut-off date module preferably to select the idle cut-off date module of ID minimum;
Step 110: all modules that need to enable when encryption lock judges whether to have created this Feature of login, are to perform step 111, otherwise return to step 103;
In the present embodiment, step 110 is specially: encryption lock traversal is enabled module sign, judges whether to have created the corresponding module of all signs, is to have created all modules, otherwise has not created all modules, need to proceed to create;
Step 111: the action type to Feature that encryption lock judgement residue does not arrange, as performed step 112 for writing key, as performed step 122 for writing cryptographic algorithm, as performed step 132 for writing data in lock, as the operation without Feature is carried out, to main frame, return to Feature successful information is set, return to steps A 2;
Step 112: encryption lock judges whether available free key file is to perform step 113; Otherwise create idle key file, execution step 113;
In the present embodiment, the corresponding key file sign of each key file, key file sign can be file name, index or ID, numbering etc.; Preferably, encryption lock is according to the key file numbering key file that uses in order from small to large;
Step 113: encryption lock is written to key in idle key file, and corresponding key file sign is written in configuration file;
Preferably, in the present embodiment, as available free key file is written to key in the key file of idle key file ID minimum;
Step 114: the type of the module that encryption lock judgement residue does not create need to enable while calling this key, as performed step 115 for timing module, as performed step 117 for metering module, as performed step 119 for cut-off date module;
When in the present embodiment, key is called in judgement as encryption lock, without the module of enabling, perform step 142;
Step 115: whether available free encryption lock judge in timing module list timing module, to select an idle timing module, this idle timing module is set to initiate mode and by itself and this key bindings, execution step 116, otherwise execution step 121;
Step 116: encryption lock is written to the effecting surplus time of key in the timing module with this key bindings, and the sign of corresponding timing module is written in configuration file, execution step 121;
Step 117: whether available free encryption lock judge in metering module list metering module, to select an idle metering module, this idle metering module is set to initiate mode and by itself and this key bindings, execution step 118, otherwise execution step 121;
Step 118: encryption lock is written to the effecting surplus number of times of key in the metering module with this key bindings, and the sign of corresponding metering module is written in configuration file, execution step 121;
Step 119: whether available free encryption lock judge in cut-off date module list cut-off date module, to select an idle cut-off date module, this cut-off date module is set to initiate mode and by itself and this key bindings, execution step 120, otherwise execution step 121;
Step 120: encryption lock is written to effective cut-off date of key in the cut-off date module with this key bindings, and the sign of corresponding cut-off date module is written in configuration file, execution step 121;
Step 121: all modules that need to enable when encryption lock judges whether to create this key of complete call, are to perform step 142, otherwise return to step 114;
Step 122: encryption lock judges whether available free algorithm file is to perform step 123; Otherwise create idle algorithm file, execution step 123;
In the present embodiment, the corresponding algorithm file identification of each algorithm file, algorithm file identification can be file name, index or ID etc.; Preferably, encryption lock is according to the algorithm reference number of a document algorithm file that uses in order from small to large;
Step 123: encryption lock is written to cryptographic algorithm in idle algorithm file, and corresponding algorithm file identification is written in configuration file;
Preferably, in the present embodiment, as available free algorithm file is written to cryptographic algorithm in the algorithm file of idle algorithm reference number of a document minimum;
Step 124: the type of the module that encryption lock judgement residue does not create need to enable while calling this cryptographic algorithm, as performed step 125 for timing module, as performed step 127 for metering module, as performed step 129 for cut-off date module;
When in the present embodiment, cryptographic algorithm is called in judgement as encryption lock, without the module of enabling, perform step 142;
Step 125: whether available free encryption lock judge in timing module list timing module, to select an idle timing module, this idle timing module is set to initiate mode and itself and this cryptographic algorithm is bound to execution step 126, otherwise execution step 131;
Step 126: encryption lock is written to the effecting surplus time of cryptographic algorithm in the timing module of binding with this cryptographic algorithm, and the sign of corresponding timing module is written in configuration file, execution step 131;
Step 127: whether available free encryption lock judge in metering module list metering module, to select an idle metering module, this idle metering module is set to initiate mode and itself and this cryptographic algorithm is bound to execution step 128, otherwise execution step 131;
Step 128: encryption lock is written to the effecting surplus number of times of cryptographic algorithm in the metering module of binding with this cryptographic algorithm, and the sign of corresponding metering module is written in configuration file, execution step 131;
Step 129: whether available free encryption lock judge in cut-off date module list cut-off date module, to select an idle cut-off date module, this cut-off date module is set to initiate mode and itself and this cryptographic algorithm is bound to execution step 130, otherwise execution step 131;
Step 130: encryption lock is written to effective cut-off date of cryptographic algorithm in the cut-off date module of binding with this cryptographic algorithm, and the sign of corresponding cut-off date module is written in configuration file, execution step 131;
Step 131: all modules that need to enable when encryption lock judges whether to create this cryptographic algorithm of complete call, are to perform step 142, otherwise return to step 124;
Step 132: encryption lock judges whether available free data file is to perform step 133; Otherwise create idle data file, execution step 133;
In the present embodiment, the corresponding data file identification of each data file, data file sign can be file name, index or ID etc.; Preferably, encryption lock is according to the data file numbering data file that uses in order from small to large;
Step 133: encryption lock is written to data in lock in idle data file, and corresponding data file sign is written in configuration file;
Preferably, in the present embodiment, as writing data into idle data file, available free data file numbers in minimum data file;
Step 134: the type of the module that encryption lock judgement residue does not create need to enable while reading the interior data of this lock, as performed step 135 for timing module, as performed step 137 for metering module, as performed step 139 for cut-off date module;
When in the present embodiment, the interior data of this lock are read in judgement as encryption lock, without the module of enabling, perform step 142;
Step 135: whether available free encryption lock judge in timing module list timing module, to select an idle timing module, this idle timing module is set to initiate mode and by data binding in itself and this lock, execution step 136, otherwise execution step 141;
Step 136: encryption lock by effecting surplus time of data in lock be written to this lock in the timing module of data binding, and the sign of corresponding timing module is written in configuration file, perform step 141;
Step 137: whether available free encryption lock judge in metering module list metering module, to select an idle metering module, this idle metering module is set to initiate mode and by data binding in itself and this lock, execution step 138, otherwise execution step 141;
Step 138: encryption lock by the effecting surplus number of times of data in lock be written to this lock in the metering module of data binding, and the sign of corresponding metering module is written in configuration file, perform step 141;
Step 139: whether available free encryption lock judge in cut-off date module list cut-off date module, to select an idle cut-off date module, this idle cut-off date module is set to initiate mode and by data binding in itself and this lock, execution step 140, otherwise execution step 141;
Step 140: encryption lock by effective cut-off date of data in lock be written to this lock in the cut-off date module of data binding, and the sign of corresponding cut-off date module is written in configuration file, perform step 141;
Step 141: encryption lock judges whether to have created the module that need to enable while reading the interior data of this lock, is to perform step 142, otherwise returns to step 134;
Step 142: judging whether all operations that this Feature is carried out have been set, is to return to Feature to main frame successful information is set, and returns to steps A 2, otherwise returns to step 111;
In the present embodiment, modules is set to initiate mode to be specially: by flag set corresponding to this module, module in the present embodiment comprises: with the timing module of Feature binding, metering module with Feature binding, cut-off date module with Feature binding, with key bindings timing module, metering module with key bindings, cut-off date module with key bindings, timing module with cryptographic algorithm binding, metering module with cryptographic algorithm binding, cut-off date module with cryptographic algorithm binding, timing module with data binding in lock, metering module with data binding in lock, cut-off date module with data binding in lock.
Preferably, the module in the present embodiment and file are according to numbering using in order from small to large.
Referring to Fig. 4, in the present embodiment method, the specific implementation process of steps A 6 comprises:
Step 201: encryption lock obtains FeatureID from the instruction of login feature item;
In the present embodiment, FeatureID, Feature and configuration file are mutually corresponding;
Step 202: encryption lock judges whether to find the configuration file corresponding with this FeatureID, is to perform step 203, otherwise does not have information to the Feature that main frame returns to login, returns to steps A 2;
Step 203: encryption lock judges the sign that whether has the module of binding with this Feature in this configuration file, is to perform step 204, otherwise return to login Feature successful information to main frame, return to steps A 2;
Concrete, the module with Feature binding in the present embodiment be with the timing module of Feature binding and/or with the metering module of Feature binding and/or the cut-off date module of binding with Feature;
Step 204: encryption lock judgement remains the type of the sign of untreated and the module that Feature binds, as performed step 205 for the sign of timing module, as for the sign of metering module performs step 206, as performed step 207 for the sign of cut-off date module;
Step 205: the effecting surplus time that encryption lock obtains login Feature according to the sign of the timing module with this Feature binding from corresponding timing module, whether the effecting surplus time of judgement login Feature equals the first Preset Time, to main frame, to return to login failure information, return to steps A 2, otherwise execution step 208;
Preferably, the first Preset Time is 0, and the effecting surplus time of for example logining Feature is 3600 hours, starts countdown after creating Feature, represents that the Feature of current login lost efficacy when the effecting surplus time of login Feature is 0;
Step 206: encryption lock obtains the effecting surplus number of times of login Feature from corresponding metering module according to the sign of the metering module with this Feature binding, whether the effecting surplus number of times of judgement login Feature is the first preset times, to main frame, to return to login failure information, return to steps A 2, otherwise execution step 208;
Preferably, the first preset times is 0, and the effecting surplus number of times of for example logining Feature is 1000, successfully logins residue degree after Feature at every turn and, from subtracting 1, represents that the Feature of current login lost efficacy when residue degree is 0;
Step 207: effective closing time that encryption lock obtains login Feature according to the sign of the cut-off date module with this Feature binding from corresponding cut-off date module, judge whether current login time surpasses effective cut-off date of login Feature, to main frame, to return to login failure information, return to steps A 2, otherwise execution step 208;
Be on October 21st, 2014 effective closing time of for example logining Feature, when the time of this Feature of login is on October 22nd, 2014, represents that the Feature of current login lost efficacy;
Step 208: all modules that judge whether to finish dealing with this Feature binding are to return and successfully login Feature information to main frame, return to steps A 2, otherwise return to step 204;
The corresponding judgement of sign of all modules of binding with this Feature in configuration file in the present embodiment, represents that this Feature is effective while being all judged as NO;
Concrete, in the present embodiment, as comprising, the sign of the module in configuration file the sign of metering module also comprises when step 208 is judged as YES: the effecting surplus number of times that upgrades the login Feature in metering module, preferably, the effecting surplus number of times of login Feature is subtracted to 1 certainly;
While being judged as YES in step 208, also comprise: create and the corresponding login sign of this Feature, login sign is corresponding one by one with FeatureID.
The specific implementation process of the steps A 7 in the embodiment of the present invention as shown in Figure 5, comprising:
Step 300: encryption lock obtains FeatureID from add module instruction;
Step 301: whether the encryption lock judgement Feature corresponding with this FeatureID logins, is to perform step 302, otherwise returns and do not login Feature information to main frame, returns to steps A 2;
In the present embodiment, step 301 is specially: search the login sign corresponding with this FeatureID, as find corresponding Feature to login, as do not find corresponding Feature not login;
Step 302: encryption lock is searched corresponding configuration file according to FeatureID, performs step 303 as found, as does not find and return to error message to main frame, returns to steps A 2;
Step 303: encryption lock judges the type of un-added module according to interpolation module instruction, as performed step 304 for timing module; As performed step 307 for metering module, as performed step 310 for cut-off date module;
Step 304: encryption lock judges the sign that whether has the timing module of binding with this Feature in configuration file, is to return to the already present information of timing module to main frame, execution step 313, otherwise execution step 305;
In the present embodiment, as there is the sign of timing module in configuration file, show to enable with the timing module of this Feature binding;
Step 305: whether available free encryption lock judge in timing module list timing module, is to perform step 306, otherwise returns to error message to main frame, execution step 313;
Step 306: encryption lock is selected an idle timing module, this idle timing module is set to initiate mode and itself and this Feature is bound, the effecting surplus time of login Feature is written in the timing module of binding with this Feature, and the sign of corresponding timing module is written in configuration file to execution step 313;
Preferably, encryption lock is set to initiate mode by the minimum idle timing module of numbering in the present embodiment, and this timing module numbering is kept in configuration file;
Step 307: encryption lock judges the sign that whether has the metering module of binding with this Feature in configuration file, is to return to the already present information of metering module to main frame, execution step 313, otherwise execution step 308;
In the present embodiment, as there is the sign of the metering module of binding with this Feature in configuration file, show to enable with the metering module of this Feature binding;
Step 308: whether available free encryption lock judge in metering module list metering module, is to perform step 309, otherwise returns to error message to main frame, execution step 313;
Step 309: encryption lock is selected an idle metering module, this idle metering module is set to initiate mode and itself and this Feature is bound, the effecting surplus number of times of login Feature is written in the metering module of binding with Feature, and the sign of corresponding metering module is written in configuration file to execution step 313;
Preferably, encryption lock is set to initiate mode by the minimum idle metering module of numbering in the present embodiment, and this metering module numbering is kept in configuration file;
Step 310: encryption lock judges the sign that whether has the cut-off date module of binding with this Feature in configuration file, is to return to the already present information of cut-off date module to main frame, execution step 313, otherwise execution step 311;
In the present embodiment, as there is the sign of the cut-off date module of binding with this Feature in configuration file, show to enable with the cut-off date module of this Feature binding;
Step 311: whether available free encryption lock judge in cut-off date module list cut-off date module, is to perform step 312, otherwise returns to error message to main frame, execution step 313;
Step 312: encryption lock is selected an idle cut-off date module, this idle cut-off date module is set to initiate mode and itself and this Feature is bound, effective cut-off date of login Feature is written in the cut-off date module of binding with Feature, and the sign of corresponding cut-off date module is written in configuration file to execution step 313;
Preferably, encryption lock is set to initiate mode by the cut-off date module of idle numbering minimum in the present embodiment, and this cut-off date module numbering is kept in configuration file;
Step 313: whether encryption lock judgement is added module operation and completed, is to main frame, to return and add module successful information, returns to steps A 2, otherwise returns to step 303;
Concrete, step 313 comprises: whether the modules information that judgement is added in module instruction finishes dealing with, and is to add module operation to complete, otherwise add module operation, does not complete.
In the interpolation module operation of the present embodiment, step 304,307,310 also can be carried out before step 303, after step 302, performed step 302 ';
Step 302 ': encryption lock judges according to adding module instruction the sign that whether has module of the same type in configuration file, is to return to the already present information of module of adding, execution step A2, otherwise execution step 303;
In step 303 as being judged as timing module and performing step 305, as be judged as metering module and perform step 308, as be judged as cut-off date module and perform step 311.
In the present embodiment, in this Feature, added after timing module and/or metering module and/or cut-off date module, while carrying out corresponding operating after receiving the instruction that the above-mentioned module to adding that main frame issues operates, first from this instruction, obtain FeatureID, according to FeatureID, search corresponding configuration file, from the configuration file finding, find the module id of binding with current Feature, then the module corresponding with module id carried out to read-write operation.
In the present embodiment, in interpolation and key, cryptographic algorithm and lock, the processing procedure of the module of data binding is identical with the method shown in Fig. 5, does not repeat them here.
In the present embodiment method, if the data processing instructions receiving is to call the specific implementation process of steps A 8 of key instruction, as shown in Figure 6, comprising:
Step 400: encryption lock obtains FeatureID from call key instruction;
Step 401: whether the encryption lock judgement Feature corresponding with this FeatureID logins, is to perform step 402, otherwise returns and do not login Feature information to main frame, returns to steps A 2;
Concrete, step 401 is identical with the implementation procedure of step 301, does not repeat them here;
Step 402: encryption lock is searched corresponding configuration file according to FeatureID, performs step 403 as found, as does not find and return and call wrong cipher key information to main frame, returns to steps A 2;
Step 403: encryption lock judges the sign whether existing in configuration file with the module of key bindings, is to perform step 404, otherwise execution step 409;
Concrete, in the present embodiment and module key bindings be with the timing module of key bindings and/or with the metering module of key bindings and/or with the cut-off date module of key bindings;
Step 404: the type of the sign of the untreated module with key bindings of encryption lock judgement, as for the sign of timing module performs step 405, as for the sign of metering module performs step 406, as performed step 407 for the sign of cut-off date module;
Step 405: the effecting surplus time that encryption lock obtains key according to the sign of the timing module with key bindings from corresponding timing module, whether the effecting surplus time that judges key equals the second Preset Time, to main frame, to return to the wrong cipher key information of calling, return to steps A 2, otherwise execution step 408;
Preferably, the second Preset Time is 0, and for example the effecting surplus time of key is initially set to 3600 hours, starts countdown after creating key, when the effecting surplus time of key is 0, represents that this key is invalid, returns to the wrong cipher key information of calling;
Step 406: encryption lock obtains the effecting surplus number of times of key according to the sign of the metering module with key bindings from corresponding metering module, whether the effecting surplus number of times that judges key is the second preset times, to main frame, to return to the wrong cipher key information of calling, return to steps A 2, otherwise execution step 408;
Preferably, the second preset times is 0, and for example the effecting surplus number of times of key is initially set to 1000, successfully calls residue degree after key at every turn and, from subtracting 1, represents that this key is invalid when residue degree is 0, returns to the wrong cipher key information of calling;
Step 407: encryption lock obtains effective closing time of key from corresponding cut-off date module according to the sign of the cut-off date module with key bindings, judge whether current time surpasses effective cut-off date of key, to main frame, to return to the wrong cipher key information of calling, return to steps A 2, otherwise execution step 408;
For example be on October 21st, 4014 effective closing time of key, and when calling the time of this key while being on October 22nd, 4014, this key is invalid, returns to the wrong cipher key information of calling;
Step 408: the encryption lock all modules with key bindings that judge whether to finish dealing with, are to perform step 409, otherwise return to step 404;
In the present embodiment, the corresponding judgement of sign in configuration file and all modules this key bindings is all judged as otherwise represents that this key is effective;
Concrete, in the present embodiment, as the sign of the module in configuration file comprises, the sign of metering module also comprise when step 408 is judged as YES: upgrade the effecting surplus number of times of the key in metering module, preferred, by the effecting surplus number of times of key from subtracting 1;
Step 409: encryption lock calls key according to the key file sign in configuration file from corresponding key file, returns and calls key successful information to main frame, returns to steps A 2.
In the present embodiment method, if the data processing instructions receiving is the specific implementation process of calling cryptographic algorithm instruction steps A 8, as shown in Figure 7, comprising:
Step 500: encryption lock obtains FeatureID from call cryptographic algorithm instruction;
Step 501: whether the encryption lock judgement Feature corresponding with FeatureID logins, is to perform step 502, otherwise returns and do not login Feature information to main frame, returns to steps A 2;
Concrete, step 501 is identical with the implementation procedure of step 301, does not repeat them here;
Step 502: encryption lock is searched corresponding configuration file according to FeatureID, performs step 503 as found, as does not find and return to error message, returns to steps A 2;
Step 503: encryption lock judges the sign that whether has the module of binding with cryptographic algorithm in configuration file, is to perform step 504, otherwise execution step 509;
Concrete, the module with cryptographic algorithm binding in the present embodiment comprises: with the timing module of cryptographic algorithm binding and/or with the metering module of cryptographic algorithm binding and/or with the cut-off date module of cryptographic algorithm binding;
Step 504: encryption lock judges the type of the sign of untreated and the module that cryptographic algorithm is bound, as performed step 505 for the sign of timing module, as for the sign of metering module performs step 506, as performed step 507 for the sign of cut-off date module;
Step 505: the effecting surplus time that encryption lock obtains cryptographic algorithm according to the sign of the timing module with cryptographic algorithm binding from corresponding timing module, whether the effecting surplus time that judges cryptographic algorithm equals the 3rd Preset Time, to main frame, to return and call cryptographic algorithm error message, return to steps A 2, otherwise execution step 508;
Preferably, the 3rd Preset Time is 0, and for example the effecting surplus time of cryptographic algorithm is initially set to 3600 hours, starts countdown after creating cryptographic algorithm, when the effecting surplus time of cryptographic algorithm is 0, represents that this cryptographic algorithm is invalid;
Step 506: encryption lock obtains the effecting surplus number of times of cryptographic algorithm according to the sign of the metering module with cryptographic algorithm binding from corresponding metering module, whether the effecting surplus number of times that judges cryptographic algorithm is the 3rd preset times, to main frame, to return and call cryptographic algorithm error message, return to steps A 2, otherwise execution step 508;
Preferably, the 3rd preset times is 0, and for example the effecting surplus number of times of cryptographic algorithm is initially set to 1000, successfully calls residue degree after cryptographic algorithm at every turn and, from subtracting 1, represents that this cryptographic algorithm is invalid when residue degree is 0;
Step 507: encryption lock obtains effective closing time of cryptographic algorithm from corresponding cut-off date module according to the sign of the cut-off date module with cryptographic algorithm binding, judge whether current time surpasses effective cut-off date of cryptographic algorithm, to main frame, to return and call cryptographic algorithm error message, return to steps A 2, otherwise execution step 508;
For example be on October 21st, 5014 effective closing time of cryptographic algorithm, and when the time of this cryptographic algorithm is on October 22nd, 5014, this cryptographic algorithm is invalid, returns and calls cryptographic algorithm error message;
Step 508: the encryption lock all modules with cryptographic algorithm binding that judge whether to finish dealing with, are to perform step 509, otherwise return to step 504;
In the present embodiment, the corresponding judgement of the sign of all modules in configuration file is all judged as otherwise represents that this cryptographic algorithm is effective;
Concrete, in the present embodiment, as comprising, the sign of the module in configuration file the sign of metering module also comprises when step 508 is judged as YES: the effecting surplus number of times that upgrades the cryptographic algorithm in metering module, preferably, the effecting surplus number of times of cryptographic algorithm is subtracted to 1 certainly;
Step 509: encryption lock calls cryptographic algorithm according to the cryptographic algorithm file identification in configuration file from corresponding cryptographic algorithm file, returns and calls cryptographic algorithm successful information to main frame, returns to steps A 2.
As shown in Figure 8, the specific implementation process that is data command steps A 8 in read lock as the data processing instructions receiving in the present embodiment method comprises:
Step 600: encryption lock obtains FeatureID in read lock data command;
Step 601: whether the encryption lock judgement Feature corresponding with this FeatureID logins, is to perform step 602, otherwise returns and do not login Feature information to main frame, returns to steps A 2;
Concrete, step 601 is identical with the implementation procedure of step 301, does not repeat them here;
Step 602: encryption lock is searched corresponding configuration file according to FeatureID, performs step 603 as found, as does not find and return to reading out data error message to main frame, returns to steps A 2;
Step 603: encryption lock judge in configuration file, whether exist with the lock that will read in the sign of module of data binding, be to perform step 604, otherwise execution step 609;
Concrete, in the lock that will read in the present embodiment, the module of data binding is to comprise: with the timing module of data binding in lock and/or with lock in data binding metering module and/or with lock in the cut-off date module of data binding;
Step 604: encryption lock judges the type of the sign of the module of data binding in untreated and lock, as performed step 605 for the sign of timing module, as for the sign of metering module performs step 606, as performed step 607 for the sign of cut-off date module;
Step 605: the effecting surplus time that encryption lock obtains data in lock according to the sign of the timing module with data binding in lock from corresponding timing module, in judgement lock, whether the effecting surplus time of data equals the 4th Preset Time, to main frame, to return to reading out data error message, return to steps A 2, otherwise execution step 608;
Preferably, the 4th Preset Time is 0, and for example in lock, the effecting surplus time of data is initially set to 3600 hours, creates in lock and starts countdown after data, when the effecting surplus time of data is 0 in lock, represent that in this lock, data are invalid, return to reading out data error message;
Step 606: encryption lock obtains the effecting surplus number of times of data in lock from corresponding metering module according to the sign of the metering module with data binding in lock, in judgement lock, whether the effecting surplus number of times of data is the 4th preset times, to main frame, to return to reading out data error message, return to steps A 2, otherwise execution step 608;
Preferably, the 4th preset times is 0, and for example in lock, the effecting surplus number of times of data is initially set to 1000, successfully reads in lock residue degree after data at every turn and, from subtracting 1, represents that in this lock, data are invalid when residue degree is 0, returns to reading out data error message;
Step 607: effective closing time that encryption lock obtains data in lock according to the sign of the cut-off date module with data binding in lock from corresponding cut-off date module, judge whether current time surpasses effective cut-off date of data in lock, to main frame, to return to reading out data error message, return to steps A 2, otherwise execution step 608;
For example in lock, effective closing time of data is on October 21st, 6014, and the time of reading data in lock, while being on October 22nd, 6014, in this lock, data were invalid, return to reading out data error message;
Step 608: encryption lock judges whether to finish dealing with and all modules of locking interior data binding, is to perform step 609, otherwise returns to step 604;
In the present embodiment, in configuration file with lock in the corresponding judgement of sign of all modules of data binding be all judged as otherwise represent that in this lock, data are effective;
Concrete, in the present embodiment, as comprising, the sign of the module in configuration file the sign of metering module also comprises when step 608 is judged as YES: the effecting surplus number of times that upgrades data in the lock in metering module, preferably, the effecting surplus number of times of data in lock is subtracted to 1 certainly;
Step 609: encryption lock reads data in lock according to the data file sign in configuration file from corresponding data file, returns to reading out data successful information to main frame, returns to steps A 2.
Referring to Fig. 9, in the present embodiment method, as receiving the instruction of upgrade feature item, encryption lock in steps A 3 carries out the operation of upgrade feature item, and specific implementation flow process comprises:
Step 700: encryption lock obtains FeatureID and AKU from the instruction of upgrade feature item;
Step 701: whether the encryption lock judgement Feature corresponding with FeatureID logins, is to perform step 702, otherwise returns and do not login Feature information to main frame, returns to steps A 2;
Concrete, step 701 is identical with the implementation procedure of step 301, does not repeat them here;
Step 702: encryption lock is searched corresponding configuration file according to FeatureID, performs step 703 as found, as does not find and return to upgrading failure information to main frame, returns to steps A 2;
Step 703: encryption lock is used the upgrading private key in encryption lock to be decrypted AKU, as successful decryption obtains deciphering AKU, execution step 704, as Decryption failures returns to upgrading failure information to main frame, returns to steps A 2;
Step 704: encryption lock carries out verification to deciphering AKU, judges that whether AKU form is correct, is to perform step 705, otherwise returns to upgrading failure information to main frame, returns to steps A 2;
Step 705: whether have hardware ID in encryption lock judgement deciphering AKU, be to perform step 706, otherwise return to upgrading failure information to main frame, return to steps A 2;
Step 706: whether the hardware ID in encryption lock judgement deciphering AKU is consistent with the hardware ID of preserving in encryption lock, is to perform step 707, otherwise returns to upgrading failure information to main frame, returns to steps A 2;
Step 707: whether stab if having time in encryption lock judgement deciphering AKU, be to perform step 708, otherwise return to upgrading failure information to main frame, return to steps A 2;
Step 708: whether the timestamp in encryption lock judgement deciphering AKU is greater than the timestamp of preserving in encryption lock, is to perform step 709, otherwise returns to upgrading failure information to main frame, returns to steps A 2;
Preferably, in the present embodiment, it is the date of production that encryption lock arranges the timestamp of preserving in encryption lock when dispatching from the factory;
Step 709: the timestamp of preserving in the update of time stamp encryption lock in deciphering AKU for encryption lock, by the Feature information in the Feature information updating encryption lock in deciphering AKU, to main frame, return to the information of upgrading successfully, return to steps A 2;
Specifically, in this embodiment, Feature information includes: the effective time remaining Login Feature and / or the remaining number of login Feature effective and / or login Feature expiration date and / or encryption keys stored within the lock and / or effective time remaining expiration date of the effective time remaining keys and / or effective remaining number keys and / or keys and / or encryption locks the memory encryption algorithms and / or encryption algorithms and / or encryption algorithm is effective the remaining number expiration date and / or encryption algorithms and / or lock the data stored within the encrypted lock and / or effective time remaining locked in the data and / or lock the remaining number of valid data within and / or lock the data expiration date; such as Feature information stored within the lock key, then use the key to decrypt the upgrade package to update the configuration file identifies the key file corresponding key file key.
As shown in figure 10, the specific implementation process for the steps A 9 in method described in the embodiment of the present invention, comprising:
Concrete, in the present embodiment, carry out the operation of exit feature item and be specially:
Steps A 9-1: encryption lock obtains FeatureID from the instruction of exit feature item;
Steps A 9-2: whether the encryption lock judgement Feature corresponding with FeatureID logins, is to perform step A9-3, otherwise returns and do not login Feature information to main frame, returns to steps A 2;
Concrete, steps A 9-2 comprises: encryption lock is searched the login sign corresponding with FeatureID, as finds corresponding Feature to login, as does not find corresponding Feature not login;
Steps A 9-3: encryption lock exits corresponding Feature, returns and successfully exits Feature information to main frame, returns to steps A 2;
Concrete, in the present embodiment, encryption lock exits corresponding Feature and is specially: delete and identify corresponding login sign with this characteristic item.
After login feature item, create and preserve in the present embodiment login sign, during exit feature item, delete login sign, judge whether characteristic of correspondence item is logined and be specially: search corresponding login sign, as find characteristic of correspondence item to login, as do not find characteristic of correspondence item not login; Due to the corresponding login sign of each characteristic item, so in the present embodiment a plurality of characteristic items can be set, separate work, but the data under a characteristic item manage mutually, can unified management controls the work of encryption lock.
In the present embodiment, a plurality of characteristic items can be set in encryption lock, its implementation is:
(1) after successful login feature item, also comprise: the match flag of encryption lock generating feature item is also preserved; And match flag is returned to main frame.Match flag in the present embodiment can be random number or sequence number etc., when preserving match flag, corresponding FeatureID can also be preserved together; Or directly using the FeatureID in the instruction of login feature item as match flag, also preserve, without being returned to main frame;
(2) encryption lock (for example calls key instruction receiving the instruction that Feature is operated that main frame issues, call cryptographic algorithm instruction, data command in read lock, the instruction of upgrade feature item, the instruction of exit feature item) after, encryption lock obtains match flag from the instruction receiving, judge and in encryption lock, whether have identical match flag, as existed, illustrate that this Feature logins, allow to read the interior data of lock in this Feature and call key and the cryptographic algorithm in this Feature, if do not existed, illustrate that this Feature does not login, encryption lock returns to the Feature information of not logining to main frame.For example, match flag is random number, in encryption lock, searches identical random number or corresponding FeatureID, illustrates that this Feature logins as found; If match flag is FeatureID, in encryption lock, search identical FeatureID, as found, illustrate that this Feature logins;
Concrete, in the present embodiment, step 300 and 301 replaces with:
Step 300 ': encryption lock obtains match flag from add module instruction;
Step 301 ': encryption lock judges in encryption lock whether have identical match flag, is to perform step 302, otherwise returns to the Feature information of not logining to main frame.
Step 400 and 401 replaces with:
Step 400 ': encryption lock obtains match flag from call key instruction;
Step 401 ': encryption lock judges in encryption lock whether have identical match flag, is to perform step 402, otherwise returns to the Feature information of not logining to main frame.
Step 500 and 501 replaces with:
Step 500 ': encryption lock obtains match flag from call cryptographic algorithm instruction;
Step 501 ': encryption lock judges in encryption lock whether have identical match flag, is to perform step 502, otherwise returns to the Feature information of not logining to main frame.
Step 600 and 601 replaces with:
Step 600 ': encryption lock obtains match flag in read lock data command;
Step 601 ': encryption lock judges in encryption lock whether have identical match flag, is to perform step 602, otherwise returns to the Feature information of not logining to main frame.
Step 700 and 701 replaces with:
Step 700 ': encryption lock obtains match flag and AKU from the instruction of upgrade feature item;
Step 701 ': encryption lock judges in encryption lock whether have identical match flag, is to perform step 702, otherwise returns to the Feature information of not logining to main frame.
Steps A 9-1, steps A 9-2, steps A 9-3 replace with:
Steps A 9-1 ': encryption lock obtains match flag from the instruction of exit feature item;
Steps A 9-2 ': encryption lock judges in encryption lock whether have identical match flag, is to perform step A9-3 ', otherwise returns and do not login Feature information to main frame, returns to steps A 2;
Steps A 9-3 ': encryption lock is deleted the identical match flag in encryption lock, returns to successfully exit feature item information to main frame, returns to steps A 2.
In the present embodiment, the timing module in each characteristic item can be replaced by other modes, for example:
(1) for example, when encryption lock is successfully logined the laggard line operate of Feature (add module, call key, call cryptographic algorithm, read data, upgrade feature item in lock), the time of Feature in the current configuration file of quantitative check authorizes, as time mandate expires, encryption lock is deleted corresponding match flag, to main frame, returns to error message.
In which, the time that writes character pair item while creating characteristic item in configuration file authorizes;
(2) when encryption lock is successfully logined the laggard line operate of Feature, check the login duration of this Feature, as login duration surpasses default login duration, encryption lock is deleted corresponding match flag, to main frame, returns to error message;
In which, for each Feature arranges the timer that an initial timing is 0, for recording the login duration of corresponding Feature; Opening timing device during each login Feature, timer is proceeded timing, timeing closing device when exiting this Feature, timer stops timing.
(3) when encryption lock is successfully logined the laggard line operate of Feature, check that this Feature starts the time interval to current time from creating, as equal the default duration that uses, encryption lock is deleted corresponding match flag, to main frame, returns to error message;
In this implementation, after establishment Feature, store its corresponding creation-time.
The method of the embodiment of the present invention is by creating characteristic item, then according to the different working modes of encryption lock, create different authorisation features items data writing, in using the process of encryption lock, first need login feature item, when characteristic item is effective, again the modules in characteristic item and data are carried out to decision operation, simple to operate; In the process of follow-up use encryption lock, can in current characteristic item, add different authorization modules according to encryption lock mode of operation and authorization message; And in the use procedure of encryption lock, can directly to characteristic item, upgrade, without respectively modules being gone to upgrading, reduce the probability of makeing mistakes in escalation process; And when licensing mode is modified, do not need to revise code yet, directly upgrade the content of the characteristic item of encryption lock, safety simple to operate.
The above; be only the present invention's embodiment preferably, but protection scope of the present invention is not limited to this, is anyly familiar with those skilled in the art in technical scope disclosed by the invention; the variation that can expect easily or replacement, within all should being encompassed in protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection domain of claim.

Claims (16)

1. a method of controlling encryption lock work, is characterized in that, comprising:
Steps A 1: encryption lock powers on and carries out initialization;
Steps A 2: described encryption lock is waited for the instruction that Receiving Host sends;
Steps A 3: when described encryption lock receives the instruction that main frame issues, judge the type of described instruction, as performed step A4 for creating characteristic item instruction, as performed step A6 for the instruction of login feature item, as performed step A7 for interpolation module instruction; As performed step A8 for data processing instructions, as performed step A9 for the instruction of exit feature item;
Steps A 4: described encryption lock creates characteristic of correspondence item according to the characteristic item sign in the instruction of described establishment characteristic item, during the described characteristic item of judgement login, whether need to enable module, in described characteristic item, create the module corresponding with described characteristic item and corresponding module mandate effective information is set, execution step A5, otherwise execution step A5;
Steps A 5: described encryption lock judges whether described characteristic item to carry out data writing operation, the data in the instruction of described establishment characteristic item to be written in described encryption lock, whether judgement needs to enable module while reading described data, as needs as described in create in characteristic item with as described in module corresponding to data corresponding module mandate effective information is set, return to steps A 2, if do not needed, return to steps A 2; Otherwise return to steps A 2; Described data comprise: data in key and/or cryptographic algorithm and/or lock;
Steps A 6: described encryption lock is searched characteristic of correspondence item according to the characteristic item sign in the instruction of described login feature item, as found, in the characteristic item finding as described in judgement, whether exist with as described in the corresponding module of characteristic item, as described in judging as existed, whether corresponding module authorizes effectively, as effectively logined successfully, returns to steps A 2, as invalid, login unsuccessful, return to steps A 2, if do not existed, login unsuccessfully, return to steps A 2, as do not found, login unsuccessfully, return to steps A 2;
Steps A 7: whether described encryption lock judgement logins with the characteristic item sign characteristic of correspondence item in described interpolation module instruction, as described in judging as logined, in characteristic item, whether there is the module of the same type with the module that will add, that the described module that will add exists, return to steps A 2, otherwise the module that will add described in creating in described characteristic item also arranges corresponding module mandate effective information, return to steps A 2, as do not logined and return to steps A 2; The described module that will add comprises: the module corresponding with described characteristic item and/or described data;
Steps A 8: whether described encryption lock judgement logins with the characteristic item sign characteristic of correspondence item in described data processing instructions, whether the module corresponding with data in lock as described in judging as logined in characteristic item authorizes effectively, the data that read in described characteristic item, return to steps A 2, otherwise return to steps A 2, as do not logined and return to steps A 2; Described data processing instructions comprise call key instruction and/or call cryptographic algorithm instruction and/or read lock in data command;
Steps A 9: whether described encryption lock judgement logins with the characteristic item sign characteristic of correspondence item in the instruction of described exit feature item, is to exit described characteristic of correspondence item, returns to steps A 2, otherwise returns to steps A 2.
2. the method for claim 1, is characterized in that, described establishment characteristic of correspondence item comprises: create configuration file;
Describedly in described characteristic item, create the module corresponding with described characteristic item and corresponding module mandate effective information is set, comprise: select an idle module, the module of described free time is set to initiate mode and itself and described characteristic item is bound, effective authorization message of described characteristic item is written in the module of described binding, the sign of the module of described binding is written in described configuration file;
Describedly in described characteristic item, create the module corresponding with described data and corresponding module mandate effective information is set, comprise: select an idle module, and the module of described free time is set to initiate mode and by itself and described data binding, effective authorization message of described data is written in the module of described binding, the sign of the module of described binding is written in described configuration file;
Described data in lock are write in encryption lock, comprising: select an idle file, data in described lock are written in described idle file, and corresponding file identification is written in described configuration file;
Described module comprises timing module and/or metering module and/or cut-off date module.
3. method as claimed in claim 2, is characterized in that, described steps A 7 comprises:
Steps A 7-0: described encryption lock obtains characteristic item sign from described interpolation module instruction;
Steps A 7-1: whether described encryption lock judgement identifies corresponding characteristic item with described characteristic item and login, and is to perform step A7-2, otherwise returns to steps A 2;
Steps A 7-2: described encryption lock is searched corresponding configuration file according to described characteristic item sign, performs step A7-3, otherwise return to steps A 2 as found;
Steps A 7-3: described encryption lock judges according to described interpolation module instruction the sign that whether has module of the same type in described configuration file, is that the described module that will add exists, returns to steps A 2, otherwise execution step A7-4;
Steps A 7-4: the module that will add described in creating in described characteristic item the mandate effective information that described module is set, return to steps A 2.
4. method as claimed in claim 2, it is characterized in that, idle module of described selection, the module of described free time is set to initiate mode and itself and described characteristic item is bound, effective authorization message of described characteristic item is written in the module of described binding, the sign of the module of described binding is written in described configuration file, comprises:
Step B1: the type of the module that described encryption lock judgement residue does not create, as performed step B2 for timing module, as performed step B4 for metering module, as performed step B6 for cut-off date module;
Step B2: whether available free described encryption lock judge in timing module list timing module, is to perform step B3, otherwise creates timing module failure, execution step B8;
Step B3: described encryption lock is selected an idle timing module, the timing module of described free time is set to initiate mode and itself and described characteristic item is bound, the effecting surplus time of login feature item is written in described timing module, and the sign of described timing module is written in corresponding configuration file to execution step B8;
Step B4: whether available free described encryption lock judge in metering module list metering module, is to perform step B5, otherwise creates the failure of metering module, execution step B8;
Step B5: described encryption lock is selected an idle metering module, the metering module of described free time is set to initiate mode and itself and described characteristic item is bound, the effecting surplus number of times of login feature item is written in described metering module, and the sign of described metering module is written in corresponding configuration file to execution step B8;
Step B6: whether available free described encryption lock judge in cut-off date module list cut-off date module, is to perform step B7, otherwise creates cut-off date module failure, execution step B8;
Step B7: described encryption lock is selected an idle cut-off date module, the cut-off date module of described free time is set to initiate mode and itself and described characteristic item is bound, effective cut-off date of login feature item is written in the cut-off date module of described free time, and the sign of described cut-off date module is written in corresponding configuration file to execution step B8;
Step B8: all modules that need to enable when described encryption lock judges whether to have created the described characteristic item of login, are to continue, otherwise return to step B1.
5. method as claimed in claim 4, is characterized in that, described steps A 6 comprises:
Steps A 6-1: described encryption lock obtains characteristic item sign from the instruction of described login feature item;
Steps A 6-2: described encryption lock is searched with described characteristic item and identified corresponding configuration file, performs step A6-3 as found, and logins unsuccessfully as do not found, and returns to steps A 2;
Steps A 6-3: described encryption lock judges the sign that whether has the module of binding with the characteristic item of current login in described configuration file, is to perform step A6-4, otherwise logins successfully, and returns to steps A 2;
Steps A 6-4: described encryption lock judges the type of the sign of the module that remains untreated and described characteristic item binding, as performed step A6-5 for the sign of timing module, as for the sign of metering module performs step A6-6, as performed step A6-7 for the sign of cut-off date module;
Steps A 6-5: described encryption lock obtains the effecting surplus time of login feature item according to the sign of described timing module from corresponding timing module, whether the effecting surplus time that judges described login feature item equals the first Preset Time, that described characteristic item is invalid, return to steps A 2, otherwise execution step A6-8;
Steps A 6-6: described encryption lock obtains the effecting surplus number of times of login feature item from corresponding metering module according to the sign of described metering module, whether the effecting surplus number of times that judges described login feature item is the first preset times, that described characteristic item is invalid, return to steps A 2, otherwise execution step A6-8;
Steps A 6-7: described encryption lock obtains effective closing time of login feature item from corresponding cut-off date module according to the sign of described cut-off date module, judge whether current login time surpasses effective cut-off date of described login feature item, that described characteristic item is invalid, return to steps A 2, otherwise execution step A6-8;
Steps A 6-8: the described encryption lock all modules with described characteristic item binding that judge whether to finish dealing with are to login successfully, and return to steps A 2, otherwise return to steps A 6-4.
6. method as claimed in claim 2, it is characterized in that, idle module of described selection, and the module of described free time is set to initiate mode and by data binding in itself and described lock, effective authorization message of data in described lock is written in the module of described binding, the sign of the module of described binding is written in described configuration file, comprises:
Step C1: the type of the module that described encryption lock judgement residue does not create, as performed step C2 for timing module, as performed step C4 for metering module, as performed step C6 for cut-off date module;
Step C2: whether available free described encryption lock judge in timing module list timing module, is to perform step C3, otherwise creates timing module failure, execution step C8;
Step C3: described encryption lock is selected an idle timing module, the timing module of described free time is set to initiate mode and by data binding in itself and described lock, the effecting surplus time of data in lock is written in described timing module, and the sign of described timing module is written in corresponding configuration file to execution step C8;
Step C4: whether available free described encryption lock judge in metering module list metering module, is to perform step C5, otherwise creates the failure of metering module, execution step C8;
Step C5: described encryption lock is selected an idle metering module, the metering module of described free time is set to initiate mode and by data binding in itself and described lock, the effecting surplus number of times of data in lock is written in described metering module, and the sign of described metering module is written in corresponding configuration file to execution step C8;
Step C6: whether available free described encryption lock judge in cut-off date module list cut-off date module, is to perform step C7, otherwise creates cut-off date module failure, execution step C8;
Step C7: described encryption lock is selected an idle cut-off date module, and the cut-off date module of described free time is set to initiate mode and by data binding in itself and described lock, effective cut-off date of data in lock is written in described cut-off date module, and the sign of described cut-off date module is written in corresponding configuration file to execution step C8;
Step C8: described encryption lock judges whether to have created while reading the interior data of described lock need to enable all modules, is to continue, otherwise returns to step C1.
7. method as claimed in claim 6, is characterized in that, described data processing instructions comprises and call key instruction, and described steps A 8 comprises:
Steps A 800: described encryption lock obtains characteristic item sign from described calling key instruction;
Steps A 801: whether the judgement of described encryption lock logins with described characteristic item sign characteristic of correspondence item, is to perform step A802, otherwise described characteristic of correspondence item do not login, and returns to steps A 2;
Steps A 802: described encryption lock is searched corresponding configuration file according to described characteristic item sign, perform step A803, otherwise described characteristic item is invalid as found, and returns to steps A 2;
Steps A 803: whether having the sign with the module of key bindings in the configuration file finding described in the judgement of described encryption lock, is to perform step A804, otherwise execution step A809;
Steps A 804: the type of the sign of the module of the judgement of described encryption lock untreated described and key bindings, as performed step A805 for the sign of timing module, as for the sign of metering module performs step A806, as performed step A807 for the sign of cut-off date module;
Steps A 805: the effecting surplus time that described encryption lock obtains key according to the sign of the timing module of described and key bindings from corresponding timing module, whether the effecting surplus time that judges described key equals the second Preset Time, that described key is invalid, return to steps A 2, otherwise execution step A808;
Steps A 806: described encryption lock obtains the effecting surplus number of times of key according to the sign of the metering module of described and key bindings from corresponding metering module, whether the effecting surplus number of times that judges described key is the second preset times, that described key is invalid, return to steps A 2, otherwise execution step A808;
Steps A 807: described encryption lock obtains effective closing time of key from corresponding cut-off date module according to the sign of the cut-off date module of described and key bindings, judge whether current time surpasses effective cut-off date of described key, that described key is invalid, return to steps A 2, otherwise execution step A808;
Steps A 808: the described encryption lock all modules with described key bindings that judge whether to finish dealing with, are to perform step A809, otherwise return to steps A 804;
Steps A 809: described encryption lock calls key according to the key file sign in described configuration file from corresponding key file, returns to steps A 2.
8. method as claimed in claim 6, is characterized in that, described data processing instructions comprises and call cryptographic algorithm instruction, and described steps A 8 comprises:
Steps A 810: described encryption lock obtains characteristic item sign from described calling cryptographic algorithm instruction;
Steps A 811: whether the judgement of described encryption lock logins with described characteristic item sign characteristic of correspondence item, is to perform step A812, otherwise described characteristic of correspondence item do not login, and returns to steps A 2;
Steps A 812: described encryption lock is searched corresponding configuration file according to described characteristic item sign, perform step A813, otherwise described characteristic item is invalid as found, and returns to steps A 2;
Steps A 813: whether having the sign of the module of binding with cryptographic algorithm in the configuration file finding described in described encryption lock judgement, is to perform step A814, otherwise execution step A819;
Steps A 814: the type of the sign of the module of binding with cryptographic algorithm described in described encryption lock judgement is untreated, as performed step A815 for the sign of timing module, as for the sign of metering module performs step A816, as performed step A817 for the sign of cut-off date module;
Steps A 815: the effecting surplus time that described encryption lock obtains cryptographic algorithm according to the sign of the described timing module of binding with cryptographic algorithm from corresponding timing module, whether the effecting surplus time that judges described cryptographic algorithm equals the 3rd Preset Time, that described cryptographic algorithm is invalid, return to steps A 2, otherwise execution step A818;
Steps A 816: described encryption lock obtains the effecting surplus number of times of cryptographic algorithm according to the sign of described metering module of binding with cryptographic algorithm from corresponding metering module, whether the effecting surplus number of times that judges described cryptographic algorithm is the 3rd preset times, that described cryptographic algorithm is invalid, return to steps A 2, otherwise execution step A818;
Steps A 817: described encryption lock obtains effective closing time of cryptographic algorithm from corresponding cut-off date module according to the sign of described cut-off date module of binding with cryptographic algorithm, judge whether current time surpasses effective cut-off date of described cryptographic algorithm, that described cryptographic algorithm is invalid, return to steps A 2, otherwise execution step A818;
Steps A 818: the described encryption lock all modules with described cryptographic algorithm binding that judge whether to finish dealing with, are to perform step A819, otherwise return to steps A 814;
Steps A 819: described encryption lock calls cryptographic algorithm according to the cryptographic algorithm file identification in described configuration file from corresponding cryptographic algorithm file, returns to steps A 2.
9. method as claimed in claim 6, is characterized in that, described data processing instructions comprises data command in read lock, and described steps A 8 comprises:
Steps A 820: described encryption lock obtains characteristic item sign in described read lock data command;
Steps A 821: whether the judgement of described encryption lock logins with described characteristic item sign characteristic of correspondence item, is to perform step A822, otherwise described characteristic of correspondence item do not login, and returns to steps A 2;
Steps A 822: described encryption lock is searched corresponding configuration file according to described characteristic item sign, perform step A823, otherwise described characteristic item is invalid as found, and returns to steps A 2;
Steps A 823: in the configuration file finding described in the judgement of described encryption lock, whether exist with the lock that will read in the sign of module of data binding, be to perform step A824, otherwise execution step A829;
Steps A 824: the type of the sign of the module of data binding in the judgement of described encryption lock untreated described and lock, as performed step A825 for the sign of timing module, as for the sign of metering module performs step A826, as performed step A827 for the sign of cut-off date module;
Steps A 825: described encryption lock is according to the described effecting surplus time of obtaining the interior data of lock with the sign of locking the timing module of interior data binding from corresponding timing module, whether the effecting surplus time that judges data in described lock equals the 4th Preset Time, that the interior data of the described lock that will read are invalid, return to steps A 2, otherwise execution step A828;
Steps A 826: described encryption lock obtains with the sign of locking the metering module of interior data binding the effecting surplus number of times of locking interior data according to described from corresponding metering module, whether the effecting surplus number of times that judges data in described lock is the 4th preset times, that the interior data of the described lock that will read are invalid, return to steps A 2, otherwise execution step A828;
Steps A 827: described encryption lock is according to described effective closing time of obtaining the interior data of lock with the sign of locking the cut-off date module of interior data binding from corresponding cut-off date module, judge whether current time surpasses effective cut-off date of data in described lock, that the interior data of the described lock that will read are invalid, return to steps A 2, otherwise execution step A828;
Steps A 828: described encryption lock judge whether to finish dealing with described lock in all modules of data binding, be to perform step A829, otherwise return to steps A 824;
Steps A 829: described encryption lock reads data in lock according to the data file sign in described configuration file from corresponding data file, returns to steps A 2.
10. method as claimed in claim 2, is characterized in that, as described in steps A 3 as described in judgement the type of instruction be the instruction of upgrade feature item, described method also comprises:
Steps A 10: described encryption lock obtains characteristic item sign and AKU from the instruction of described upgrade feature item;
Steps A 11: whether the judgement of described encryption lock logins with described characteristic item sign characteristic of correspondence item, is to perform step A12, otherwise described characteristic of correspondence item do not login, and returns to steps A 2;
Steps A 12: described encryption lock is searched corresponding configuration file according to described characteristic item sign, performs step A13, as do not find and upgrade unsuccessfully as found, and returns to steps A 2;
Steps A 13: described encryption lock is used the upgrading private key in described encryption lock to be decrypted described AKU, as successful decryption obtains deciphering AKU, execution step A14, as the Decryption failures failure of upgrading, returns to steps A 2;
Steps A 14: described encryption lock judges whether to meet promotion condition, is to perform step A15, otherwise upgrades unsuccessfully, returns to steps A 2;
Steps A 15: the characteristic item information in encryption lock described in the characteristic item information updating in described deciphering AKU for described encryption lock, return to steps A 2.
11. methods as claimed in claim 10, is characterized in that, described steps A 14 comprises:
Steps A 14-1: described encryption lock carries out verification to described deciphering AKU, judges that whether AKU form is correct, is to perform step A14-2, otherwise upgrades unsuccessfully, returns to steps A 2;
Steps A 14-2: described encryption lock judges in described deciphering AKU whether have hardware ID, is to perform step A14-3, otherwise upgrades unsuccessfully, returns to steps A 2;
Steps A 14-3: described encryption lock judges that whether the hardware ID in described deciphering AKU is consistent with the hardware ID of preserving in described encryption lock, is to perform step A14-4, otherwise upgrades unsuccessfully, returns to steps A 2;
Steps A 14-4: described encryption lock judges in described deciphering AKU whether stab if having time, be to perform step A14-5, otherwise upgrade unsuccessfully, return to steps A 2;
Steps A 14-5: described encryption lock judges whether the timestamp in described deciphering AKU is greater than the timestamp of preserving in described encryption lock, with the timestamp of preserving in encryption lock described in the update of time stamp in described deciphering AKU, execution step A15, otherwise upgrade unsuccessfully, steps A 2 returned to.
12. the method for claim 1, is characterized in that, also comprise: establishment preservation and described characteristic item identify corresponding login sign in described steps A 6 after logining successfully;
Whether described encryption lock judgement logins with the characteristic item sign characteristic of correspondence item in described interpolation module instruction, be specially: search with described characteristic item and identify corresponding login sign, as find characteristic of correspondence item to login, as do not find characteristic of correspondence item not login;
After exiting characteristic of correspondence item described in described steps A 9, also comprise: delete and identify corresponding login sign with described characteristic item.
13. methods as claimed in claim 2, it is characterized in that, after logining successfully in described steps A 6, comprise: described encryption lock generates the match flag of described characteristic item and is saved in described configuration file, and described encryption lock returns to described main frame by described match flag;
Whether the judgement of encryption lock described in described steps A 7 logins with the characteristic item sign characteristic of correspondence item in described interpolation module instruction, comprise: described encryption lock obtains match flag from described interpolation module instruction, judge and in encryption lock, whether have identical match flag, be that characteristic of correspondence item is logined, otherwise characteristic of correspondence item is not logined;
Whether the judgement of encryption lock described in described steps A 8 logins with the characteristic item sign characteristic of correspondence item in described data processing instructions, comprise: described encryption lock obtains match flag from described data processing instructions, judge and in encryption lock, whether have identical match flag, be that characteristic of correspondence item is logined, otherwise characteristic of correspondence item is not logined;
Described steps A 9 comprises: described encryption lock obtains match flag from the instruction of described exit feature item, judges in encryption lock whether have identical match flag, is the match flag of deleting in described encryption lock, returns to steps A 2, otherwise returns to steps A 2.
14. methods as claimed in claim 13, is characterized in that, in described steps A 5, also comprise: the time that writes character pair item in described configuration file authorizes;
Described encryption lock judgement also comprises after having logined with described characteristic item sign characteristic of correspondence item: the time of the characteristic item in the current configuration file of described encryption lock real-time inspection authorizes, as the time authorize expired delete as described in match flag, return to steps A 2, otherwise continue.
15. methods as claimed in claim 13, is characterized in that, also comprise: timer is set in described steps A 5;
After logining successfully in described steps A 6, also comprise: open described timer, described timer continues timing;
While exiting described characteristic of correspondence item in described steps A 9, also comprise: close described timer, described timer stops timing;
Described encryption lock judgement also comprises after having logined with described characteristic item sign characteristic of correspondence item: described encryption lock judges whether the timing of described timer surpasses default login duration, is to delete described match flag, returns to steps A 2, otherwise continues.
16. methods as claimed in claim 13, is characterized in that, also comprise: the creation-time of storing described characteristic item in described steps A 5;
Described encryption lock judgement also comprises after having logined with described characteristic item sign characteristic of correspondence item: described encryption lock checks the time interval of creation-time and the current time of current characteristic item, as equal default use duration delete as described in match flag, return to steps A 2, otherwise continue.
CN201310718834.1A 2013-12-24 2013-12-24 A kind of method controlling operation of encryption lock Expired - Fee Related CN103646205B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310718834.1A CN103646205B (en) 2013-12-24 2013-12-24 A kind of method controlling operation of encryption lock

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310718834.1A CN103646205B (en) 2013-12-24 2013-12-24 A kind of method controlling operation of encryption lock

Publications (2)

Publication Number Publication Date
CN103646205A true CN103646205A (en) 2014-03-19
CN103646205B CN103646205B (en) 2016-04-06

Family

ID=50251418

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310718834.1A Expired - Fee Related CN103646205B (en) 2013-12-24 2013-12-24 A kind of method controlling operation of encryption lock

Country Status (1)

Country Link
CN (1) CN103646205B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104050398B (en) * 2014-06-17 2017-01-18 飞天诚信科技股份有限公司 Multifunctional encryption lock and operating method thereof
CN106992979A (en) * 2017-03-29 2017-07-28 昆明飞利泰电子系统工程有限公司 The key acquisition method and system of video monitoring equipment
CN113643462A (en) * 2021-08-09 2021-11-12 厦门立林科技有限公司 Access control management system and method based on aging permission group and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102236759A (en) * 2011-07-29 2011-11-09 飞天诚信科技股份有限公司 Method and device for adjusting authorization of encryption lock module
WO2012146079A1 (en) * 2011-04-29 2012-11-01 北京深思洛克软件技术股份有限公司 Software protection method
CN103413074A (en) * 2013-07-08 2013-11-27 北京深思数盾科技有限公司 Method and device for protecting software through API

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012146079A1 (en) * 2011-04-29 2012-11-01 北京深思洛克软件技术股份有限公司 Software protection method
CN102236759A (en) * 2011-07-29 2011-11-09 飞天诚信科技股份有限公司 Method and device for adjusting authorization of encryption lock module
CN103413074A (en) * 2013-07-08 2013-11-27 北京深思数盾科技有限公司 Method and device for protecting software through API

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104050398B (en) * 2014-06-17 2017-01-18 飞天诚信科技股份有限公司 Multifunctional encryption lock and operating method thereof
CN106992979A (en) * 2017-03-29 2017-07-28 昆明飞利泰电子系统工程有限公司 The key acquisition method and system of video monitoring equipment
CN113643462A (en) * 2021-08-09 2021-11-12 厦门立林科技有限公司 Access control management system and method based on aging permission group and storage medium
CN113643462B (en) * 2021-08-09 2023-06-27 厦门立林科技有限公司 Access control management system, method and storage medium based on aging permission group

Also Published As

Publication number Publication date
CN103646205B (en) 2016-04-06

Similar Documents

Publication Publication Date Title
US8364952B2 (en) Methods and system for a key recovery plan
US10530576B2 (en) System and method for computing device with improved firmware service security using credential-derived encryption key
CA3030129C (en) Electronic credential management system
CN101258505B (en) Secure software updates
US8863309B2 (en) Selectively unlocking a core root of trust for measurement (CRTM)
US10268845B2 (en) Securing of the loading of data into a nonvolatile memory of a secure element
US20110276807A1 (en) Remote update method for firmware
CN101523399A (en) Methods and systems for modifying an integrity measurement based on user athentication
CN107944234B (en) Machine refreshing control method for Android equipment
CN106156607B (en) SElinux secure access method and POS terminal
CN103646205A (en) Method for controlling operation of encryption lock
US9210134B2 (en) Cryptographic processing method and system using a sensitive data item
CN105187410A (en) Application self-upgrading method and system
US9977907B2 (en) Encryption processing method and device for application, and terminal
EP3706024A1 (en) Method and device for container background unlock
CN111093190B (en) Method, device, system, electronic equipment and storage medium for writing key data
US20160078235A1 (en) Device and management module
CN104346299A (en) Updating control method and device of mobile terminal
CN112585608A (en) Embedded equipment, legality identification method, controller and encryption chip
KR102026279B1 (en) How to manage your application
CN110427203B (en) SIM card, updating method of SIM card and updating method of SIM card operating system
US8447984B1 (en) Authentication system and method for operating the same
CN112685698A (en) Software authorization method and system based on USB Key
CN104134025A (en) Mobile terminal locking method and device based on SIM cards and mobile terminal
CN117235747B (en) Method for modifying BIOS startup password under LINUX

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20160406