CN108629192A - A kind of authorization data processing method and processing device - Google Patents

A kind of authorization data processing method and processing device Download PDF

Info

Publication number
CN108629192A
CN108629192A CN201810344580.4A CN201810344580A CN108629192A CN 108629192 A CN108629192 A CN 108629192A CN 201810344580 A CN201810344580 A CN 201810344580A CN 108629192 A CN108629192 A CN 108629192A
Authority
CN
China
Prior art keywords
code
dynamic
authorization data
encrypted
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810344580.4A
Other languages
Chinese (zh)
Other versions
CN108629192B (en
Inventor
何军强
叶飞虎
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Hong Quan Internet Of Things Technology Ltd By Share Ltd
Original Assignee
Hangzhou Hong Quan Internet Of Things Technology Ltd By Share Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Hong Quan Internet Of Things Technology Ltd By Share Ltd filed Critical Hangzhou Hong Quan Internet Of Things Technology Ltd By Share Ltd
Priority to CN201810344580.4A priority Critical patent/CN108629192B/en
Publication of CN108629192A publication Critical patent/CN108629192A/en
Application granted granted Critical
Publication of CN108629192B publication Critical patent/CN108629192B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the present invention discloses a kind of authorization data processing method and processing device, wherein method includes:The authorization data file that first terminal is sent is received, the authorization data file is that dynamic key number is added after first terminal encryption authorization data to obtain;If detecting the triggering command of authorization data programming to target device, according to authorization data file acquisition dynamic key number and encrypted authorization data;Dynamic key number is encrypted, dynamic code and dynamic requests code are generated;Dynamic requests code is issued into first terminal, so that it is decrypted dynamic requests code and obtains dynamic key number, calculated according to dynamic key number and generate key code, authorized access code is encrypted to key code and returns to the authorization code;Authorization code is decrypted, key code is obtained;It, will be in encrypted authorization data programming decryption to target device according to key code and dynamic code.The embodiment of the present invention can be such that a authorization data is used multiple times, and can safely and effectively control management, easy to operate.

Description

A kind of authorization data processing method and processing device
Technical field
The present embodiments relate to technical field of data processing, and in particular to a kind of authorization data processing method and processing device.
Background technology
Currently, Party A needs the authorization data of Party B, and Party B does not allow Party A to copy authorization data privately, and authorizes Data are authorized by part.Party A cannot carry out direct network connection with Party B, and authorization data is only issued Party A by Party B by mail, together When authorization data need to encrypt, Party A after receiving data needs that the authorization code of Party B authorization data could be used.
Party A calls the key number for authorizing interface reading authorization data to include and generates dynamic requests code, and request code is numeric word Letter string can be told by phone, short message, wechat, QQ or mail etc. approach to Party B.Party B is according to the request code of offer Authorization code is generated, authorization code is numeric word letter string, can be replied to by phone, short message, wechat, QQ or mail etc. approach Party A.Authorization code is inputed to mandate interface by Party A, authorizes interface according to key number, dynamic code and authorization code decryption and authorization data, And the burned equipment of the authorization data of decryption.
It is uncontrollable but there are authorization datas if Party B's authorization data is not encrypted to Party A, and influence Party B very Multi-service.Such as:Vehicle configuration, depot (Party B) originally can be by brushing ECU (electronic control unit) come certain function, retailer (Party A) oneself can brush ECU and earn more profits to sell special purpose vehicle if possessing authorization data.So Party B's authorization data must It must encrypt, and Party A is supplied to by certain mode, while again cannot be too complicated, otherwise can additionally increase excessive cost.If second Square authorization data has that key management is difficult by giving Party A after part encryption, and can increase the operation of Party A and Party B at This.Such as:Brush ECU computers are by vehicle-mounted OBD (onboard diagnostic system) burned authorization data, that is, by removable computer in vehicle Upper attended operation, and identical a collection of vehicle all can be operated so, if being decoded the ease for use of programming operation by part encryption Too poor, operability is not high.
In consideration of it, how to handle authorization data so that a authorization data can be used for multiple times, can be safe and effective Control management and it is easy to operate become the current technical issues that need to address.
Invention content
Since existing method is there are the above problem, the embodiment of the present invention proposes a kind of authorization data processing method and processing device.
In a first aspect, the embodiment of the present invention proposes a kind of authorization data processing method, including:
The authorization data file that first terminal is sent is received, the authorization data file is the first terminal to authorizing number It is added obtained from dynamic key number according to after being encrypted;
If detecting the triggering command of the authorization data programming to target device, according to authorization data text Part obtains the dynamic key number and encrypted authorization data;
The dynamic key number is encrypted, dynamic code and dynamic requests code are generated;
The dynamic requests code is sent to the first terminal so that the first terminal to the dynamic requests code into Row decryption, obtains the dynamic key number, is calculated according to the dynamic key number and generates key code, the key code is encrypted, and obtains Authorization code, and return to the authorization code;
The authorization code that the first terminal is sent is received, the authorization code is decrypted, the key code is obtained;
It, will be in the encrypted authorization data programming decryption to target device according to the key code and the dynamic code.
Optionally, described according to the key code and the dynamic code, the encrypted authorization data programming decryption is arrived In target device, including:
According to the key code and the dynamic code, by burn writing equipment interface by the encrypted authorization data programming solution It is close in target device.
Optionally, described according to the key code and the dynamic code, it encrypted is awarded described by burn writing equipment interface Flexible strategy are decrypted according to programming into target device, including:
Between burn writing equipment interface and onboard diagnostic system OBD be mutually authenticated by when, according to the key code and institute Dynamic code is stated, it will be in the encrypted authorization data programming decryption to target device by burn writing equipment interface.
Second aspect, the embodiment of the present invention propose a kind of authorization data processing method, including:
Dynamic key number is added after authorization data is encrypted, generates authorization data file;
The authorization data file is sent to second terminal, so that the second terminal is according to the authorization data file The dynamic key number and encrypted authorization data are obtained, the dynamic key number is encrypted, dynamic code is generated and dynamic is asked Code is sought, and returns to the dynamic requests code;
The dynamic requests code that second terminal is sent is received, the dynamic requests code is decrypted, obtains dynamic key number;
It is calculated according to the dynamic key number and generates key code;
The key code is encrypted, authorized access code, and the authorization code is sent to second terminal, so that described Authorization code is decrypted described in two terminal-pairs, obtains the key code, according to the key code and the dynamic code, after the encryption Authorization data programming decryption in target device.
The third aspect, the embodiment of the present invention also propose a kind of authorization data processing unit, are applied to second terminal, including:
Receiving module, the authorization data file for receiving first terminal transmission, the authorization data file are described the One terminal-pair authorization data is added after being encrypted obtained from dynamic key number;
Acquisition module, if for detecting by the triggering command of the authorization data programming to target device, according to institute Authorization data file is stated, the dynamic key number and encrypted authorization data are obtained;
First generation module generates dynamic code and dynamic requests code for the dynamic key number to be encrypted;
First sending module, for the dynamic requests code to be sent to the first terminal, so that the first terminal The dynamic requests code is decrypted, the dynamic key number is obtained, is calculated according to the dynamic key number and generates key code, to described Key code is encrypted, authorized access code, and returns to the authorization code;
First deciphering module, the authorization code sent for receiving the first terminal, is decrypted the authorization code, obtains Obtain the key code;
Programming module, for according to the key code and the dynamic code, the encrypted authorization data programming to be decrypted Into target device.
Fourth aspect, the embodiment of the present invention also propose a kind of authorization data processing unit, are applied to first terminal, including:
Second generation module generates authorization data file for dynamic key number to be added after authorization data is encrypted;
Second sending module, for the authorization data file to be sent to second terminal, so that the second terminal root According to dynamic key number described in the authorization data file acquisition and encrypted authorization data, the dynamic key number is encrypted, Dynamic code and dynamic requests code are generated, and returns to the dynamic requests code;
Second deciphering module, the dynamic requests code for receiving second terminal transmission, solves the dynamic requests code It is close, obtain dynamic key number;
Third generation module generates key code for being calculated according to the dynamic key number;
Third sending module, for the key code to be encrypted, authorized access code, and the authorization code is sent to Two terminals obtain the key code so that the authorization code is decrypted in the second terminal, according to the key code and described dynamic State code, will be in the encrypted authorization data programming decryption to target device.
5th aspect, the embodiment of the present invention provide a kind of electronic equipment, including:First processor, first memory, first Bus and storage are on the first memory and the computer program that can be run on first processor;
Wherein, the first processor and first memory complete mutual communication by first bus;
The first processor realizes the method described in above-mentioned first aspect when executing the computer program.
6th aspect, the embodiment of the present invention provide another electronic equipment, including:Second processor, second memory, Two lines bus and it is stored in the computer program that can be run on second memory and in second processor;
Wherein, the second processor and second memory complete mutual communication by second bus;
The second processor realizes the method described in above-mentioned second aspect when executing the computer program.
7th aspect, the embodiment of the present invention provide a kind of non-transient computer readable storage medium, on the storage medium It is stored with computer program, which realizes the method described in above-mentioned first aspect when being executed by processor.
Eighth aspect, the embodiment of the present invention provide a kind of non-transient computer readable storage medium, on the storage medium It is stored with computer program, which realizes the method described in above-mentioned second aspect when being executed by processor.
As shown from the above technical solution, the authorization data file that the embodiment of the present invention is sent by receiving first terminal, should Authorization data file is added obtained from dynamic key number after authorization data is encrypted in first terminal;It will be described detecting Authorization data programming to target device triggering command when according to authorization data file acquisition dynamic key number and encrypted mandate Data are encrypted dynamic key number and generate dynamic code and dynamic requests code;Dynamic requests code is sent to first terminal, makes it It decrypts dynamic requests code and obtains dynamic key number, calculated according to dynamic key number and generate key code, encrypt key code authorized access code and return The authorization code;It decrypts the authorization code received and obtains key code;According to key code and dynamic code by encrypted authorization data programming solution It is close in target device, a authorization data can be used multiple times as a result, can safely and effectively control management, and operation side Just.
Description of the drawings
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technology description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with Other attached drawings are obtained according to these figures.
Fig. 1 is a kind of flow diagram for authorization data processing method that one embodiment of the invention provides;
Fig. 2 is a kind of flow diagram for authorization data processing method that another embodiment of the present invention provides;
Fig. 3 is a kind of structural schematic diagram for authorization data processing unit that one embodiment of the invention provides;
Fig. 4 is a kind of structural schematic diagram for authorization data processing unit that another embodiment of the present invention provides;
Fig. 5 is the entity structure schematic diagram for the electronic equipment that one embodiment of the invention provides;
Fig. 6 is the entity structure schematic diagram for the electronic equipment that another embodiment of the present invention provides.
Specific implementation mode
Below in conjunction with the accompanying drawings, the specific implementation mode of the present invention is further described.Following embodiment is only used for more Technical scheme of the present invention is clearly demonstrated, and not intended to limit the protection scope of the present invention.
Fig. 1 shows a kind of flow diagram for authorization data processing method that one embodiment of the invention provides, such as Fig. 1 institutes Show, the authorization data processing method of the present embodiment, including:
S1, the authorization data file that first terminal is sent is received, the authorization data file is the first terminal to awarding Flexible strategy are added according to after being encrypted obtained from dynamic key number.
It is understood that the executive agent of the present embodiment is second terminal, i.e. Party A in background technology.
If S2, detecting by the triggering command of the authorization data programming to target device, according to the authorization data File obtains the dynamic key number and encrypted authorization data.
S3, the dynamic key number is encrypted, generates dynamic code and dynamic requests code.
S4, the dynamic requests code is sent to the first terminal, so that the first terminal is to the dynamic requests Code is decrypted, and obtains the dynamic key number, is calculated according to the dynamic key number and generates key code, the key code is encrypted, Authorized access code, and return to the authorization code.
S5, the authorization code that the first terminal is sent is received, the authorization code is decrypted, the key code is obtained.
S6, according to the key code and the dynamic code, by the encrypted authorization data programming decryption to target device In.
In a particular application, the present embodiment can be incited somebody to action according to the key code and the dynamic code by burn writing equipment interface In the encrypted authorization data programming decryption to target device.
In the present embodiment, corresponding key is generated according to the key code and the dynamic code, generates key directly by burning Write device interface controls.Burn writing equipment interface directly by the encrypted authorization data programming decryption to target device, solves It is close to bind with target device programming, by tracking authorized data can not programming to target device.
It is understood that during the entire process of the present embodiment the method, the first terminal (i.e. Party B) is without pipe Key is managed, but decruption key is generated by dynamic requests code and authorization code.Although the decruption key for encryption data only has One, but generate key function and belong to irreversible surjective function, many kinds of parameters can generate the same key.And it moves every time For state request code all by key dynamic generation, the probability of same request code is 1/4200000000th.
It is understood that in the present embodiment, the first terminal generates the principle of authorization code according to dynamic requests code It is similar to the electronic cipher device of bank, and it is equivalent to an electronic cipher per the dynamic key number in a authorization data file Device is numbered.Each dynamic requests code can all generate a corresponding authorization code, this is equivalent to dynamic code in electronic cipher device and corresponds to Confirmation code.
It should be noted that using the present embodiment the method, second terminal obtains the mandate that the first terminal is sent Code after, can directly input the authorization code can programming authorization data success, repeat using the programming of the present embodiment the method not Same target device.
A kind of authorization data processing method provided in this embodiment, the authorization data text sent by receiving first terminal Part, the authorization data file are added obtained from dynamic key number after authorization data is encrypted in first terminal;It is detecting After when the triggering command of the authorization data programming to target device according to authorization data file acquisition dynamic key number and encryption Authorization data, dynamic key number is encrypted and generates dynamic code and dynamic requests code;Dynamic requests code is sent to first eventually End makes it decrypt dynamic requests code and obtains dynamic key number, calculated according to dynamic key number and generate key code, encrypt key code authorized access code And return to the authorization code;It decrypts the authorization code received and obtains key code;According to key code and dynamic code by encrypted authorization data In programming decryption to target device, a authorization data can be used multiple times as a result, can safely and effectively control management, and It is easy to operate.
The present embodiment the method is suitable for a authorization data and the scene for needing to be effectively controlled is used for multiple times, such as: It needs to update vehicle parameter between depot and retailer.Certainly, when this algorithm is applied to management system, first terminal and second is eventually End is required for cooperation more efficient.
Further, on the basis of the above embodiments, the step S6 may include:
Between burn writing equipment interface and onboard diagnostic system OBD be mutually authenticated by when, according to the key code and institute Dynamic code is stated, it will be in the encrypted authorization data programming decryption to target device by burn writing equipment interface.
This is second of protection mechanism of the present embodiment the method, can more effectively improve the peace that authorization data uses Quan Xing.
A kind of authorization data processing method provided in this embodiment, can be such that a authorization data is used multiple times, can pacify Complete effective control management, it is easy to operate.
Fig. 2 shows a kind of flow diagram for authorization data processing method that another embodiment of the present invention provides, such as Fig. 2 It is shown, the authorization data processing method of the present embodiment, including:
P1, dynamic key number is added after authorization data is encrypted, generates authorization data file.
It is understood that the executive agent of the present embodiment is first terminal, i.e. Party B in background technology.
In a particular application, the present embodiment can use Encryption Algorithm interface, be added after authorization data is encrypted dynamic State key number generates authorization data file.
P2, the authorization data file is sent to second terminal, so that the second terminal is according to the authorization data Dynamic key number described in file acquisition and encrypted authorization data, are encrypted the dynamic key number, generate dynamic code and move State request code, and return to the dynamic requests code.
P3, the dynamic requests code that second terminal is sent is received, the dynamic requests code is decrypted, obtain dynamic key Number.
P4, generation key code is calculated according to the dynamic key number.
P5, the key code is encrypted, authorized access code, and the authorization code is sent to second terminal, so that institute It states second terminal the authorization code is decrypted, obtains the key code, according to the key code and the dynamic code, described will add In authorization data programming decryption to target device after close.
It is understood that during the entire process of the present embodiment the method, first terminal (i.e. Party B) is close without managing Key, but decruption key is generated by dynamic requests code and authorization code.Although there are one the decruption keys for being directed to encryption data, But it generates key function and belongs to irreversible surjective function, many kinds of parameters can generate the same key.And it dynamically asks every time Ask code all by key dynamic generation, the probability of same request code is 1/4200000000th.
It is understood that in the present embodiment, first terminal generates the principle and silver of authorization code according to dynamic requests code Capable electronic cipher device is similar, and is equivalent to an electronic cipher device per the dynamic key number in a authorization data file and compiles Number.Each dynamic requests code can all generate a corresponding authorization code, this is equivalent to dynamic code in electronic cipher device and corresponds to really Recognize code.
It is understood that in the present embodiment, second terminal generates corresponding according to the key code and the dynamic code Key generates key directly by burn writing equipment Interface Controller.Burn writing equipment interface directly burns the encrypted authorization data It writes in decryption to target device, decryption is bound with target device programming, can not programming by tracking authorized data To target device.
It should be noted that using the present embodiment the method, second terminal obtains the mandate that the first terminal is sent Code after, can directly input the authorization code can programming authorization data success, repeat using the programming of the present embodiment the method not Same target device.
A kind of authorization data processing method provided in this embodiment, by the way that dynamic key number is added after being encrypted to authorization data, It generates authorization data file cocurrent and gives second terminal, make second terminal according to authorization data file acquisition dynamic key number and encryption Authorization data afterwards, encryption dynamic key number carry out generating dynamic code and dynamic requests code and the dynamic requests code for returning to generation;It connects The dynamic requests code that second terminal is sent is received, decryption dynamic requests code obtains dynamic key number;It is calculated according to dynamic key number and generates key Code;Encryption key code authorized access code is simultaneously sent to second terminal, so that second terminal decryption and authorization code obtains key code, according to key code Encrypted authorization data programming is decrypted into target device with dynamic code, a authorization data can repeatedly be made as a result, With can safely and effectively control management, and easy to operate.
The present embodiment the method is suitable for a authorization data and the scene for needing to be effectively controlled is used for multiple times, such as: It needs to update vehicle parameter between depot and retailer.Certainly, when this algorithm is applied to management system, first terminal and second is eventually End is required for cooperation more efficient.
Fig. 3 shows a kind of structural schematic diagram for authorization data processing unit that one embodiment of the invention provides, this implementation Example the method is applied to second terminal (Party A i.e. in background technology), as shown in figure 3, the authorization data processing of the present embodiment Device, including:Receiving module 31, acquisition module 32, the first generation module 33, the first sending module 34, the first deciphering module 35 With programming module 36;Wherein:
The receiving module 31, the authorization data file for receiving first terminal transmission, the authorization data file are The first terminal is added after authorization data is encrypted obtained from dynamic key number;
The acquisition module 32, if for detecting the triggering command of the authorization data programming to target device, According to the authorization data file, the dynamic key number and encrypted authorization data are obtained;
First generation module 33 generates dynamic code and dynamic requests code for the dynamic key number to be encrypted;
First sending module 34, for the dynamic requests code to be sent to the first terminal, so that described Dynamic requests code described in one terminal-pair is decrypted, and obtains the dynamic key number, is calculated according to the dynamic key number and generates key code, The key code is encrypted, authorized access code, and returns to the authorization code;
First deciphering module 35, the authorization code sent for receiving the first terminal, carries out the authorization code Decryption, obtains the key code;
The programming module 36, for according to the key code and the dynamic code, the encrypted authorization data to be burnt It writes in decryption to target device.
Specifically, the receiving module 31 receives the authorization data file that first terminal is sent, the authorization data file It is to be added obtained from dynamic key number after authorization data is encrypted in the first terminal;If the acquisition module 32 detects By the triggering command of the authorization data programming to target device, then according to the authorization data file, the dynamic key is obtained Number and encrypted authorization data;The dynamic key number is encrypted in first generation module 33, generates dynamic code and moves State request code;The dynamic requests code is sent to the first terminal by first sending module 34, so that described first is whole The dynamic requests code is decrypted in end, obtains the dynamic key number, is calculated according to the dynamic key number and generates key code, to institute It states key code to be encrypted, authorized access code, and returns to the authorization code;First deciphering module 35 receives the first terminal The authorization code is decrypted in the authorization code of transmission, obtains the key code;The programming module 36 is according to the key code and institute Dynamic code is stated, it will be in the encrypted authorization data programming decryption to target device.
In a particular application, the programming module 36 can pass through burn writing equipment according to the key code and the dynamic code Interface, will be in the encrypted authorization data programming decryption to target device.
In the present embodiment, the programming module 36 generates corresponding key according to the key code and the dynamic code, raw At key directly by burn writing equipment Interface Controller.Burn writing equipment interface directly arrives the encrypted authorization data programming decryption In target device, decryption with target device programming bind, even if by track authorized data can not programming set to target It is standby.
It is understood that in the present embodiment, the first terminal (i.e. Party B) is not necessarily to manage key, but by dynamic State request code and authorization code generate decruption key.Although there are one the decruption keys for being directed to encryption data, key letter is generated Number belongs to irreversible surjective function, and many kinds of parameters can generate the same key.And dynamic requests code all passes through key every time Number dynamic generation, the probability of same request code is 1/4200000000th.
It is understood that in the present embodiment, the first terminal generates the principle of authorization code according to dynamic requests code It is similar to the electronic cipher device of bank, and it is equivalent to an electronic cipher per the dynamic key number in a authorization data file Device is numbered.Each dynamic requests code can all generate a corresponding authorization code, this is equivalent to dynamic code in electronic cipher device and corresponds to Confirmation code.
It should be noted that using the present embodiment described device, second terminal obtains the mandate that the first terminal is sent Code after, can directly input the authorization code can programming authorization data success, repeat using the programming of the present embodiment the method not Same target device.
A kind of authorization data processing unit provided in this embodiment is applied to second terminal, can make a authorization data It is used multiple times, can safely and effectively control management, it is easy to operate.
The present embodiment described device is suitable for a authorization data and the scene for needing to be effectively controlled is used for multiple times, such as: It needs to update vehicle parameter between depot and retailer.Certainly, when this algorithm is applied to management system, first terminal and second is eventually End is required for cooperation more efficient.
Further, on the basis of the above embodiments, the programming module 36, can be specifically used for
Between burn writing equipment interface and onboard diagnostic system OBD be mutually authenticated by when, according to the key code and institute Dynamic code is stated, it will be in the encrypted authorization data programming decryption to target device by burn writing equipment interface.
This is second of protection mechanism of the present embodiment described device, can more effectively improve the peace that authorization data uses Quan Xing.
A kind of authorization data processing unit provided in this embodiment is applied to second terminal, can make a authorization data It is used multiple times, can safely and effectively control management, it is easy to operate.
The authorization data processing unit of the present embodiment can be used for executing the technical side of embodiment of the method shown in earlier figures 1 Case, implementing principle and technical effect are similar, and details are not described herein again.
Fig. 4 shows a kind of structural schematic diagram for authorization data processing unit that another embodiment of the present invention provides, this reality It applies the method and is applied to first terminal (Party B i.e. in background technology), as shown in figure 4, at the authorization data of the present embodiment Device is managed, including:Second generation module 41, the second sending module 42, the second deciphering module 43, third generation module 44 and third Sending module 45;Wherein:
Second generation module 41 generates authorization data for dynamic key number to be added after authorization data is encrypted File;
Second sending module 42, for the authorization data file to be sent to second terminal, so that described second Terminal carries out the dynamic key number according to dynamic key number described in the authorization data file acquisition and encrypted authorization data Encryption generates dynamic code and dynamic requests code, and returns to the dynamic requests code;
Second deciphering module 43, the dynamic requests code for receiving second terminal transmission, to the dynamic requests code It is decrypted, obtains dynamic key number;
The third generation module 44 generates key code for being calculated according to the dynamic key number;
The third sending module 45, for the key code to be encrypted, authorized access code, and the authorization code is sent out Give second terminal, so that the authorization code is decrypted in the second terminal, obtain the key code, according to the key code and The dynamic code, will be in the encrypted authorization data programming decryption to target device.
Specifically, dynamic key number is added after authorization data is encrypted in second generation module 41, generates and authorizes number According to file;The authorization data file is sent to second terminal by second sending module 42, so that the second terminal root According to dynamic key number described in the authorization data file acquisition and encrypted authorization data, the dynamic key number is encrypted, Dynamic code and dynamic requests code are generated, and returns to the dynamic requests code;Second deciphering module 43 receives second terminal hair The dynamic requests code is decrypted in the dynamic requests code sent, obtains dynamic key number;The third generation module 44 is according to institute It states dynamic key number and calculates generation key code;The key code is encrypted in the third sending module 45, authorized access code, and by institute It states authorization code and is sent to second terminal, so that the authorization code is decrypted in the second terminal, obtain the key code, according to The key code and the dynamic code, will be in the encrypted authorization data programming decryption to target device.
In a particular application, second generation module 41 can use Encryption Algorithm interface, add to authorization data Dynamic key number is added after close, generates authorization data file.
It is understood that in the present embodiment, first terminal (i.e. Party B) is not necessarily to manage key, but by dynamically asking Code and authorization code is asked to generate decruption key.Although there are one the decruption keys for being directed to encryption data, key function category is generated In irreversible surjective function, many kinds of parameters can generate the same key.And dynamic requests code is all dynamic by key number every time State generates, and the probability of same request code is 1/4200000000th.
It is understood that in the present embodiment, first terminal generates the principle and silver of authorization code according to dynamic requests code Capable electronic cipher device is similar, and is equivalent to an electronic cipher device per the dynamic key number in a authorization data file and compiles Number.Each dynamic requests code can all generate a corresponding authorization code, this is equivalent to dynamic code in electronic cipher device and corresponds to really Recognize code.
It is understood that in the present embodiment, second terminal generates corresponding according to the key code and the dynamic code Key generates key directly by burn writing equipment Interface Controller.Burn writing equipment interface directly burns the encrypted authorization data It writes in decryption to target device, decryption is bound with target device programming, can not programming by tracking authorized data To target device.
It should be noted that using the present embodiment described device, second terminal obtains the mandate that the first terminal is sent Code after, can directly input the authorization code can programming authorization data success, can the different target device of programming.
A kind of authorization data processing unit provided in this embodiment is applied to first terminal, can make a authorization data It is used multiple times, can safely and effectively control management, it is easy to operate.
The present embodiment described device is suitable for a authorization data and the scene for needing to be effectively controlled is used for multiple times, such as: It needs to update vehicle parameter between depot and retailer.Certainly, when this algorithm is applied to management system, first terminal and second is eventually End is required for cooperation more efficient.
The authorization data processing unit of the present embodiment can be used for executing the technical side of embodiment of the method shown in earlier figures 2 Case, implementing principle and technical effect are similar, and details are not described herein again.
Fig. 5 shows the entity structure schematic diagram for a kind of electronic equipment that one embodiment of the invention provides, as shown in figure 5, The electronic equipment may include:First processor 501, first memory 502, the first bus 503 and it is stored in first memory On 502 and the computer program that can be run on first processor 501;
Wherein, the first processor 501 and first memory 502 are completed mutual by first bus 503 Communication;
The first processor 501 realizes the side that above-mentioned each method embodiment is provided when executing the computer program Method, such as including:The authorization data file that first terminal is sent is received, the authorization data file is the first terminal to awarding Flexible strategy are added according to after being encrypted obtained from dynamic key number;If detecting touching the authorization data programming to target device Send instructions, then according to the authorization data file, obtains the dynamic key number and encrypted authorization data;To the dynamic key It number is encrypted, generates dynamic code and dynamic requests code;The dynamic requests code is sent to the first terminal, so that described The dynamic requests code is decrypted in first terminal, obtains the dynamic key number, is calculated according to the dynamic key number and generates key Code, is encrypted the key code, authorized access code, and return to the authorization code;Receive the mandate that the first terminal is sent Code, is decrypted the authorization code, obtains the key code;It, will be described encrypted according to the key code and the dynamic code In authorization data programming decryption to target device.
The embodiment of the present invention provides a kind of non-transient computer readable storage medium, is stored thereon with computer program, should Realize the method that embodiment of the method is provided shown in above-mentioned Fig. 1 when computer program is executed by processor, such as including:Receive the The authorization data file that one terminal is sent, the authorization data file are added after authorization data is encrypted in the first terminal Enter obtained from dynamic key number;If detecting the triggering command of the authorization data programming to target device, according to Authorization data file obtains the dynamic key number and encrypted authorization data;The dynamic key number is encrypted, is generated dynamic State code and dynamic requests code;The dynamic requests code is sent to the first terminal, so that the first terminal is to described dynamic State request code is decrypted, and obtains the dynamic key number, is calculated according to the dynamic key number and generates key code, is carried out to the key code Encryption, authorized access code, and return to the authorization code;Receive the authorization code that the first terminal is sent, to the authorization code into Row decryption, obtains the key code;According to the key code and the dynamic code, the encrypted authorization data programming decryption is arrived In target device.
Fig. 6 shows the entity structure schematic diagram for a kind of electronic equipment that another embodiment of the present invention provides, such as Fig. 6 institutes Show, which may include:Second processor 601, second memory 602, the second bus 603 and it is stored in the second storage On device 602 and the computer program that can be run in second processor 601;
Wherein, the second processor 601 and second memory 602 are completed mutual by second bus 603 Communication;
The second processor 601 realizes the side that above-mentioned each method embodiment is provided when executing the computer program Method, such as including:Dynamic key number is added after authorization data is encrypted, generates authorization data file;By the authorization data File is sent to second terminal, so that the second terminal is according to dynamic key number described in the authorization data file acquisition and encryption The dynamic key number is encrypted in authorization data afterwards, generates dynamic code and dynamic requests code, and return to the dynamic requests Code;The dynamic requests code that second terminal is sent is received, the dynamic requests code is decrypted, obtains dynamic key number;According to institute It states dynamic key number and calculates generation key code;The key code is encrypted, authorized access code, and the authorization code is sent to second Terminal obtains the key code so that the authorization code is decrypted in the second terminal, according to the key code and the dynamic Code, will be in the encrypted authorization data programming decryption to target device.
The embodiment of the present invention provides a kind of non-transient computer readable storage medium, is stored thereon with computer program, should Realize the method that embodiment of the method is provided shown in above-mentioned Fig. 2 when computer program is executed by processor, such as including:To authorizing Dynamic key number is added after being encrypted in data, generates authorization data file;The authorization data file is sent to second terminal, So that the second terminal is according to dynamic key number described in the authorization data file acquisition and encrypted authorization data, to described Dynamic key number is encrypted, and generates dynamic code and dynamic requests code, and return to the dynamic requests code;Second terminal is received to send Dynamic requests code, the dynamic requests code is decrypted, obtain dynamic key number;It is calculated according to the dynamic key number and generates key Code;The key code is encrypted, authorized access code, and the authorization code is sent to second terminal, so that described second is whole The authorization code is decrypted in end, obtains the key code, according to the key code and the dynamic code, encrypted is awarded described Flexible strategy are decrypted according to programming into target device.
It should be understood by those skilled in the art that, embodiments herein can be provided as method, apparatus or computer program Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the application Apply the form of example.Moreover, the application can be used in one or more wherein include computer usable program code computer The computer program production implemented in usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) The form of product.
The application be with reference to according to the method, apparatus of the embodiment of the present application and the flow chart of computer program product and/or Block diagram describes.It should be understood that each flow that can be realized by computer program instructions in flowchart and/or the block diagram and/or The combination of flow and/or box in box and flowchart and/or the block diagram.These computer program instructions can be provided to arrive All-purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices processor to generate one Machine so that the instruction executed by computer or the processor of other programmable data processing devices generates flowing The device/system for the function of being specified in one flow of journey figure or multiple flows and/or one box of block diagram or multiple boxes.
These computer program instructions, which may also be stored in, can guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works so that instruction generation stored in the computer readable memory includes referring to Enable the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one box of block diagram or The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device so that count Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, in computer or The instruction executed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one The step of function of being specified in a box or multiple boxes.
It should be noted that herein, relational terms such as first and second and the like are used merely to a reality Body or operation are distinguished with another entity or operation, are deposited without necessarily requiring or implying between these entities or operation In any actual relationship or order or sequence.Moreover, the terms "include", "comprise" or its any other variant are intended to Non-exclusive inclusion, so that the process, method, article or equipment including a series of elements is not only wanted including those Element, but also include other elements that are not explicitly listed, or further include for this process, method, article or equipment Intrinsic element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that There is also other identical elements in process, method, article or equipment including the element.The fingers such as term "upper", "lower" The orientation or positional relationship shown is to be based on the orientation or positional relationship shown in the drawings, and is merely for convenience of the description present invention and simplifies Description, does not indicate or imply the indicated device or element must have a particular orientation, with specific azimuth configuration and behaviour Make, therefore is not considered as limiting the invention.Unless otherwise clearly defined and limited, term " installation ", " connected ", " connection " shall be understood in a broad sense, for example, it may be being fixedly connected, may be a detachable connection, or be integrally connected;Can be Mechanical connection can also be electrical connection;It can be directly connected, can also can be indirectly connected through an intermediary two Connection inside element.For the ordinary skill in the art, above-mentioned term can be understood at this as the case may be Concrete meaning in invention.
In the specification of the present invention, numerous specific details are set forth.Although it is understood that the embodiment of the present invention can To put into practice without these specific details.In some instances, well known method, structure and skill is not been shown in detail Art, so as not to obscure the understanding of this description.Similarly, it should be understood that disclose in order to simplify the present invention and helps to understand respectively One or more of a inventive aspect, in the above description of the exemplary embodiment of the present invention, each spy of the invention Sign is grouped together into sometimes in single embodiment, figure or descriptions thereof.However, should not be by the method solution of the disclosure It releases and is intended in reflection is following:The feature that i.e. the claimed invention requirement ratio is expressly recited in each claim is more More features.More precisely, as the following claims reflect, inventive aspect is to be less than single reality disclosed above Apply all features of example.Therefore, it then follows thus claims of specific implementation mode are expressly incorporated in the specific implementation mode, Wherein each claim itself is as a separate embodiment of the present invention.It should be noted that in the absence of conflict, this The feature in embodiment and embodiment in application can be combined with each other.The invention is not limited in any single aspect, It is not limited to any single embodiment, is also not limited to the arbitrary combination and/or displacement of these aspects and/or embodiment.And And can be used alone of the invention each aspect and/or embodiment or with other one or more aspects and/or its implement Example is used in combination.
Finally it should be noted that:The above embodiments are only used to illustrate the technical solution of the present invention., rather than its limitations;To the greatest extent Present invention has been described in detail with reference to the aforementioned embodiments for pipe, it will be understood by those of ordinary skill in the art that:Its according to So can with technical scheme described in the above embodiments is modified, either to which part or all technical features into Row equivalent replacement;And these modifications or replacements, various embodiments of the present invention technology that it does not separate the essence of the corresponding technical solution The range of scheme should all cover in the claim of the present invention and the range of specification.

Claims (10)

1. a kind of authorization data processing method, which is characterized in that including:
Receive the authorization data file that first terminal is sent, the authorization data file be the first terminal to authorization data into It is added obtained from dynamic key number after row encryption;
If detecting the triggering command of the authorization data programming to target device, according to the authorization data file, obtain Take the dynamic key number and encrypted authorization data;
The dynamic key number is encrypted, dynamic code and dynamic requests code are generated;
The dynamic requests code is sent to the first terminal, so that the first terminal solves the dynamic requests code It is close, the dynamic key number is obtained, is calculated according to the dynamic key number and generates key code, the key code is encrypted, is authorized Code, and return to the authorization code;
The authorization code that the first terminal is sent is received, the authorization code is decrypted, the key code is obtained;
It, will be in the encrypted authorization data programming decryption to target device according to the key code and the dynamic code.
2., will be described according to the method described in claim 1, it is characterized in that, described according to the key code and the dynamic code In encrypted authorization data programming decryption to target device, including:
According to the key code and the dynamic code, the encrypted authorization data programming decryption is arrived by burn writing equipment interface In target device.
3. according to the method described in claim 2, it is characterized in that, described according to the key code and the dynamic code, pass through burning Write device interface decrypts the encrypted authorization data programming into target device, including:
Between burn writing equipment interface and onboard diagnostic system OBD be mutually authenticated by when, according to the key code and described dynamic State code, will be in the encrypted authorization data programming decryption to target device by burn writing equipment interface.
4. a kind of authorization data processing method, which is characterized in that including:
Dynamic key number is added after authorization data is encrypted, generates authorization data file;
The authorization data file is sent to second terminal, so that the second terminal is according to the authorization data file acquisition The dynamic key number and encrypted authorization data, are encrypted the dynamic key number, generate dynamic code and dynamic requests code, And return to the dynamic requests code;
The dynamic requests code that second terminal is sent is received, the dynamic requests code is decrypted, obtains dynamic key number;
It is calculated according to the dynamic key number and generates key code;
The key code is encrypted, authorized access code, and the authorization code is sent to second terminal, so that described second is whole The authorization code is decrypted in end, obtains the key code, according to the key code and the dynamic code, encrypted is awarded described Flexible strategy are decrypted according to programming into target device.
5. a kind of authorization data processing unit is applied to second terminal, which is characterized in that including:
Receiving module, the authorization data file for receiving first terminal transmission, the authorization data file are described first whole End is added after authorization data is encrypted obtained from dynamic key number;
If acquisition module is awarded for detecting the triggering command of the authorization data programming to target device according to Data file is weighed, the dynamic key number and encrypted authorization data are obtained;
First generation module generates dynamic code and dynamic requests code for the dynamic key number to be encrypted;
First sending module, for the dynamic requests code to be sent to the first terminal, so that the first terminal is to institute It states dynamic requests code to be decrypted, obtains the dynamic key number, calculated according to the dynamic key number and generate key code, to the key code It is encrypted, authorized access code, and returns to the authorization code;
First deciphering module, the authorization code sent for receiving the first terminal, is decrypted the authorization code, obtains institute State key code;
Programming module, for according to the key code and the dynamic code, the encrypted authorization data programming to be decrypted to mesh In marking device.
6. a kind of authorization data processing unit is applied to first terminal, which is characterized in that including:
Second generation module generates authorization data file for dynamic key number to be added after authorization data is encrypted;
Second sending module, for the authorization data file to be sent to second terminal, so that the second terminal is according to institute Dynamic key number described in authorization data file acquisition and encrypted authorization data are stated, the dynamic key number is encrypted, is generated Dynamic code and dynamic requests code, and return to the dynamic requests code;
Second deciphering module, the dynamic requests code for receiving second terminal transmission, is decrypted the dynamic requests code, obtains Obtain dynamic key number;
Third generation module generates key code for being calculated according to the dynamic key number;
Third sending module, for the key code to be encrypted, authorized access code, and the authorization code is sent to second eventually End, so that the authorization code is decrypted in the second terminal, obtains the key code, according to the key code and the dynamic Code, will be in the encrypted authorization data programming decryption to target device.
7. a kind of electronic equipment, which is characterized in that including:First processor, first memory, the first bus and it is stored in first On memory and the computer program that can be run on first processor;
Wherein, the first processor and first memory complete mutual communication by first bus;
The first processor realizes method as claimed in any one of claims 1-3 when executing the computer program.
8. a kind of electronic equipment, which is characterized in that including:Second processor, second memory, the second bus and it is stored in second On memory and the computer program that can be run in second processor;
Wherein, the second processor and second memory complete mutual communication by second bus;
The second processor realizes method as claimed in claim 4 when executing the computer program.
9. a kind of non-transient computer readable storage medium, which is characterized in that it is stored with computer program on the storage medium, The computer program realizes method as claimed in any one of claims 1-3 when being executed by processor.
10. a kind of non-transient computer readable storage medium, which is characterized in that be stored with computer journey on the storage medium Sequence, the computer program realize method as claimed in claim 4 when being executed by processor.
CN201810344580.4A 2018-04-17 2018-04-17 Authorization data processing method and device Active CN108629192B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810344580.4A CN108629192B (en) 2018-04-17 2018-04-17 Authorization data processing method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810344580.4A CN108629192B (en) 2018-04-17 2018-04-17 Authorization data processing method and device

Publications (2)

Publication Number Publication Date
CN108629192A true CN108629192A (en) 2018-10-09
CN108629192B CN108629192B (en) 2020-04-10

Family

ID=63705253

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810344580.4A Active CN108629192B (en) 2018-04-17 2018-04-17 Authorization data processing method and device

Country Status (1)

Country Link
CN (1) CN108629192B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111369249A (en) * 2020-02-25 2020-07-03 桂林微网互联信息技术有限公司 Digital encryption authorization processing method and user terminal
CN113158263A (en) * 2021-04-21 2021-07-23 四川九洲电器集团有限责任公司 Dynamic DSP function reconstruction method and device based on iButton authorization

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060190731A1 (en) * 2005-02-22 2006-08-24 Sony Corporation Systems and methods for device registration using optical transmission
CN103631609A (en) * 2012-08-21 2014-03-12 广州汽车集团股份有限公司 Method and system for refreshing vehicle-mounted ECU application program
CN103929670A (en) * 2014-04-30 2014-07-16 深圳市九洲电器有限公司 Set top box programming method and system
CN104615058A (en) * 2015-02-05 2015-05-13 桂凌云 Brushing and writing system of vehicle-mounted chip and brushing and writing method thereof
CN106302379A (en) * 2015-06-26 2017-01-04 比亚迪股份有限公司 The authentication method of vehicle mounted electrical apparatus, system and its apparatus
CN106506149A (en) * 2016-11-07 2017-03-15 福建星海通信科技有限公司 Key generation method and system between a kind of TBOX terminals and TSP platforms
CN106685653A (en) * 2016-12-29 2017-05-17 同济大学 Vehicle remote firmware updating method and device based on information security technology

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060190731A1 (en) * 2005-02-22 2006-08-24 Sony Corporation Systems and methods for device registration using optical transmission
CN103631609A (en) * 2012-08-21 2014-03-12 广州汽车集团股份有限公司 Method and system for refreshing vehicle-mounted ECU application program
CN103929670A (en) * 2014-04-30 2014-07-16 深圳市九洲电器有限公司 Set top box programming method and system
CN104615058A (en) * 2015-02-05 2015-05-13 桂凌云 Brushing and writing system of vehicle-mounted chip and brushing and writing method thereof
CN106302379A (en) * 2015-06-26 2017-01-04 比亚迪股份有限公司 The authentication method of vehicle mounted electrical apparatus, system and its apparatus
CN106506149A (en) * 2016-11-07 2017-03-15 福建星海通信科技有限公司 Key generation method and system between a kind of TBOX terminals and TSP platforms
CN106685653A (en) * 2016-12-29 2017-05-17 同济大学 Vehicle remote firmware updating method and device based on information security technology

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111369249A (en) * 2020-02-25 2020-07-03 桂林微网互联信息技术有限公司 Digital encryption authorization processing method and user terminal
CN113158263A (en) * 2021-04-21 2021-07-23 四川九洲电器集团有限责任公司 Dynamic DSP function reconstruction method and device based on iButton authorization

Also Published As

Publication number Publication date
CN108629192B (en) 2020-04-10

Similar Documents

Publication Publication Date Title
CN108462568B (en) Block chain-based secure file storage and sharing method and cloud storage system
CN110473094B (en) Data authorization method and device based on block chain
CN110460439A (en) Information transferring method, device, client, server-side and storage medium
CN103503366B (en) Manage the data for authenticating device
CN108960825A (en) Electric endorsement method and device, electronic equipment based on block chain
CN110109930A (en) Government data storage, querying method and system based on block chain duplex structure
CN105516948B (en) A kind of apparatus control method and device
CN110049040A (en) To the methods, devices and systems of the control authority authorization of smart machine
CN103988464A (en) System and method for key management for issuer security domain using global platform specifications
CN110417502A (en) A kind of block chain nodal clock common recognition method and device
CN103597456A (en) Method and apparatus for implementing memory segment access control in a distributed memory environment
CN110134930A (en) Electronic contract management method, device, computer equipment and storage medium
CN109146489A (en) Safe payment method, device, server and storage medium
CN109017676A (en) Control method for vehicle, device and storage medium
CN104348820A (en) Server, terminal and digital copyright protection content forwarding method
CN103294938A (en) Access request verification method and system, authorization information generation method, hardware equipment
CN108629192A (en) A kind of authorization data processing method and processing device
CN107896227A (en) A kind of data calling method, device and device data cloud platform
CN109831435A (en) A kind of database operation method, system and proxy server and storage medium
CN107769928A (en) A kind of terminal and computer-readable recording medium
CN109543365A (en) A kind of authorization method and device
CN111582876A (en) Operation authentication method, device, storage medium and electronic device
CN101350712B (en) Data management method and terminal
CN108846671B (en) Online secure transaction method and system based on block chain
CN102542645A (en) Entrance guard authentication method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
PE01 Entry into force of the registration of the contract for pledge of patent right

Denomination of invention: An authorization data processing method and device

Effective date of registration: 20210819

Granted publication date: 20200410

Pledgee: CITIC Bank Limited by Share Ltd. Hangzhou branch

Pledgor: HANGZHOU HOPECHART IOT TECHNOLOGY Co.,Ltd.

Registration number: Y2021330001185

PE01 Entry into force of the registration of the contract for pledge of patent right