CN108629192A - A kind of authorization data processing method and processing device - Google Patents
A kind of authorization data processing method and processing device Download PDFInfo
- Publication number
- CN108629192A CN108629192A CN201810344580.4A CN201810344580A CN108629192A CN 108629192 A CN108629192 A CN 108629192A CN 201810344580 A CN201810344580 A CN 201810344580A CN 108629192 A CN108629192 A CN 108629192A
- Authority
- CN
- China
- Prior art keywords
- code
- dynamic
- authorization data
- encrypted
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the present invention discloses a kind of authorization data processing method and processing device, wherein method includes:The authorization data file that first terminal is sent is received, the authorization data file is that dynamic key number is added after first terminal encryption authorization data to obtain;If detecting the triggering command of authorization data programming to target device, according to authorization data file acquisition dynamic key number and encrypted authorization data;Dynamic key number is encrypted, dynamic code and dynamic requests code are generated;Dynamic requests code is issued into first terminal, so that it is decrypted dynamic requests code and obtains dynamic key number, calculated according to dynamic key number and generate key code, authorized access code is encrypted to key code and returns to the authorization code;Authorization code is decrypted, key code is obtained;It, will be in encrypted authorization data programming decryption to target device according to key code and dynamic code.The embodiment of the present invention can be such that a authorization data is used multiple times, and can safely and effectively control management, easy to operate.
Description
Technical field
The present embodiments relate to technical field of data processing, and in particular to a kind of authorization data processing method and processing device.
Background technology
Currently, Party A needs the authorization data of Party B, and Party B does not allow Party A to copy authorization data privately, and authorizes
Data are authorized by part.Party A cannot carry out direct network connection with Party B, and authorization data is only issued Party A by Party B by mail, together
When authorization data need to encrypt, Party A after receiving data needs that the authorization code of Party B authorization data could be used.
Party A calls the key number for authorizing interface reading authorization data to include and generates dynamic requests code, and request code is numeric word
Letter string can be told by phone, short message, wechat, QQ or mail etc. approach to Party B.Party B is according to the request code of offer
Authorization code is generated, authorization code is numeric word letter string, can be replied to by phone, short message, wechat, QQ or mail etc. approach
Party A.Authorization code is inputed to mandate interface by Party A, authorizes interface according to key number, dynamic code and authorization code decryption and authorization data,
And the burned equipment of the authorization data of decryption.
It is uncontrollable but there are authorization datas if Party B's authorization data is not encrypted to Party A, and influence Party B very
Multi-service.Such as:Vehicle configuration, depot (Party B) originally can be by brushing ECU (electronic control unit) come certain function, retailer
(Party A) oneself can brush ECU and earn more profits to sell special purpose vehicle if possessing authorization data.So Party B's authorization data must
It must encrypt, and Party A is supplied to by certain mode, while again cannot be too complicated, otherwise can additionally increase excessive cost.If second
Square authorization data has that key management is difficult by giving Party A after part encryption, and can increase the operation of Party A and Party B at
This.Such as:Brush ECU computers are by vehicle-mounted OBD (onboard diagnostic system) burned authorization data, that is, by removable computer in vehicle
Upper attended operation, and identical a collection of vehicle all can be operated so, if being decoded the ease for use of programming operation by part encryption
Too poor, operability is not high.
In consideration of it, how to handle authorization data so that a authorization data can be used for multiple times, can be safe and effective
Control management and it is easy to operate become the current technical issues that need to address.
Invention content
Since existing method is there are the above problem, the embodiment of the present invention proposes a kind of authorization data processing method and processing device.
In a first aspect, the embodiment of the present invention proposes a kind of authorization data processing method, including:
The authorization data file that first terminal is sent is received, the authorization data file is the first terminal to authorizing number
It is added obtained from dynamic key number according to after being encrypted;
If detecting the triggering command of the authorization data programming to target device, according to authorization data text
Part obtains the dynamic key number and encrypted authorization data;
The dynamic key number is encrypted, dynamic code and dynamic requests code are generated;
The dynamic requests code is sent to the first terminal so that the first terminal to the dynamic requests code into
Row decryption, obtains the dynamic key number, is calculated according to the dynamic key number and generates key code, the key code is encrypted, and obtains
Authorization code, and return to the authorization code;
The authorization code that the first terminal is sent is received, the authorization code is decrypted, the key code is obtained;
It, will be in the encrypted authorization data programming decryption to target device according to the key code and the dynamic code.
Optionally, described according to the key code and the dynamic code, the encrypted authorization data programming decryption is arrived
In target device, including:
According to the key code and the dynamic code, by burn writing equipment interface by the encrypted authorization data programming solution
It is close in target device.
Optionally, described according to the key code and the dynamic code, it encrypted is awarded described by burn writing equipment interface
Flexible strategy are decrypted according to programming into target device, including:
Between burn writing equipment interface and onboard diagnostic system OBD be mutually authenticated by when, according to the key code and institute
Dynamic code is stated, it will be in the encrypted authorization data programming decryption to target device by burn writing equipment interface.
Second aspect, the embodiment of the present invention propose a kind of authorization data processing method, including:
Dynamic key number is added after authorization data is encrypted, generates authorization data file;
The authorization data file is sent to second terminal, so that the second terminal is according to the authorization data file
The dynamic key number and encrypted authorization data are obtained, the dynamic key number is encrypted, dynamic code is generated and dynamic is asked
Code is sought, and returns to the dynamic requests code;
The dynamic requests code that second terminal is sent is received, the dynamic requests code is decrypted, obtains dynamic key number;
It is calculated according to the dynamic key number and generates key code;
The key code is encrypted, authorized access code, and the authorization code is sent to second terminal, so that described
Authorization code is decrypted described in two terminal-pairs, obtains the key code, according to the key code and the dynamic code, after the encryption
Authorization data programming decryption in target device.
The third aspect, the embodiment of the present invention also propose a kind of authorization data processing unit, are applied to second terminal, including:
Receiving module, the authorization data file for receiving first terminal transmission, the authorization data file are described the
One terminal-pair authorization data is added after being encrypted obtained from dynamic key number;
Acquisition module, if for detecting by the triggering command of the authorization data programming to target device, according to institute
Authorization data file is stated, the dynamic key number and encrypted authorization data are obtained;
First generation module generates dynamic code and dynamic requests code for the dynamic key number to be encrypted;
First sending module, for the dynamic requests code to be sent to the first terminal, so that the first terminal
The dynamic requests code is decrypted, the dynamic key number is obtained, is calculated according to the dynamic key number and generates key code, to described
Key code is encrypted, authorized access code, and returns to the authorization code;
First deciphering module, the authorization code sent for receiving the first terminal, is decrypted the authorization code, obtains
Obtain the key code;
Programming module, for according to the key code and the dynamic code, the encrypted authorization data programming to be decrypted
Into target device.
Fourth aspect, the embodiment of the present invention also propose a kind of authorization data processing unit, are applied to first terminal, including:
Second generation module generates authorization data file for dynamic key number to be added after authorization data is encrypted;
Second sending module, for the authorization data file to be sent to second terminal, so that the second terminal root
According to dynamic key number described in the authorization data file acquisition and encrypted authorization data, the dynamic key number is encrypted,
Dynamic code and dynamic requests code are generated, and returns to the dynamic requests code;
Second deciphering module, the dynamic requests code for receiving second terminal transmission, solves the dynamic requests code
It is close, obtain dynamic key number;
Third generation module generates key code for being calculated according to the dynamic key number;
Third sending module, for the key code to be encrypted, authorized access code, and the authorization code is sent to
Two terminals obtain the key code so that the authorization code is decrypted in the second terminal, according to the key code and described dynamic
State code, will be in the encrypted authorization data programming decryption to target device.
5th aspect, the embodiment of the present invention provide a kind of electronic equipment, including:First processor, first memory, first
Bus and storage are on the first memory and the computer program that can be run on first processor;
Wherein, the first processor and first memory complete mutual communication by first bus;
The first processor realizes the method described in above-mentioned first aspect when executing the computer program.
6th aspect, the embodiment of the present invention provide another electronic equipment, including:Second processor, second memory,
Two lines bus and it is stored in the computer program that can be run on second memory and in second processor;
Wherein, the second processor and second memory complete mutual communication by second bus;
The second processor realizes the method described in above-mentioned second aspect when executing the computer program.
7th aspect, the embodiment of the present invention provide a kind of non-transient computer readable storage medium, on the storage medium
It is stored with computer program, which realizes the method described in above-mentioned first aspect when being executed by processor.
Eighth aspect, the embodiment of the present invention provide a kind of non-transient computer readable storage medium, on the storage medium
It is stored with computer program, which realizes the method described in above-mentioned second aspect when being executed by processor.
As shown from the above technical solution, the authorization data file that the embodiment of the present invention is sent by receiving first terminal, should
Authorization data file is added obtained from dynamic key number after authorization data is encrypted in first terminal;It will be described detecting
Authorization data programming to target device triggering command when according to authorization data file acquisition dynamic key number and encrypted mandate
Data are encrypted dynamic key number and generate dynamic code and dynamic requests code;Dynamic requests code is sent to first terminal, makes it
It decrypts dynamic requests code and obtains dynamic key number, calculated according to dynamic key number and generate key code, encrypt key code authorized access code and return
The authorization code;It decrypts the authorization code received and obtains key code;According to key code and dynamic code by encrypted authorization data programming solution
It is close in target device, a authorization data can be used multiple times as a result, can safely and effectively control management, and operation side
Just.
Description of the drawings
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technology description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with
Other attached drawings are obtained according to these figures.
Fig. 1 is a kind of flow diagram for authorization data processing method that one embodiment of the invention provides;
Fig. 2 is a kind of flow diagram for authorization data processing method that another embodiment of the present invention provides;
Fig. 3 is a kind of structural schematic diagram for authorization data processing unit that one embodiment of the invention provides;
Fig. 4 is a kind of structural schematic diagram for authorization data processing unit that another embodiment of the present invention provides;
Fig. 5 is the entity structure schematic diagram for the electronic equipment that one embodiment of the invention provides;
Fig. 6 is the entity structure schematic diagram for the electronic equipment that another embodiment of the present invention provides.
Specific implementation mode
Below in conjunction with the accompanying drawings, the specific implementation mode of the present invention is further described.Following embodiment is only used for more
Technical scheme of the present invention is clearly demonstrated, and not intended to limit the protection scope of the present invention.
Fig. 1 shows a kind of flow diagram for authorization data processing method that one embodiment of the invention provides, such as Fig. 1 institutes
Show, the authorization data processing method of the present embodiment, including:
S1, the authorization data file that first terminal is sent is received, the authorization data file is the first terminal to awarding
Flexible strategy are added according to after being encrypted obtained from dynamic key number.
It is understood that the executive agent of the present embodiment is second terminal, i.e. Party A in background technology.
If S2, detecting by the triggering command of the authorization data programming to target device, according to the authorization data
File obtains the dynamic key number and encrypted authorization data.
S3, the dynamic key number is encrypted, generates dynamic code and dynamic requests code.
S4, the dynamic requests code is sent to the first terminal, so that the first terminal is to the dynamic requests
Code is decrypted, and obtains the dynamic key number, is calculated according to the dynamic key number and generates key code, the key code is encrypted,
Authorized access code, and return to the authorization code.
S5, the authorization code that the first terminal is sent is received, the authorization code is decrypted, the key code is obtained.
S6, according to the key code and the dynamic code, by the encrypted authorization data programming decryption to target device
In.
In a particular application, the present embodiment can be incited somebody to action according to the key code and the dynamic code by burn writing equipment interface
In the encrypted authorization data programming decryption to target device.
In the present embodiment, corresponding key is generated according to the key code and the dynamic code, generates key directly by burning
Write device interface controls.Burn writing equipment interface directly by the encrypted authorization data programming decryption to target device, solves
It is close to bind with target device programming, by tracking authorized data can not programming to target device.
It is understood that during the entire process of the present embodiment the method, the first terminal (i.e. Party B) is without pipe
Key is managed, but decruption key is generated by dynamic requests code and authorization code.Although the decruption key for encryption data only has
One, but generate key function and belong to irreversible surjective function, many kinds of parameters can generate the same key.And it moves every time
For state request code all by key dynamic generation, the probability of same request code is 1/4200000000th.
It is understood that in the present embodiment, the first terminal generates the principle of authorization code according to dynamic requests code
It is similar to the electronic cipher device of bank, and it is equivalent to an electronic cipher per the dynamic key number in a authorization data file
Device is numbered.Each dynamic requests code can all generate a corresponding authorization code, this is equivalent to dynamic code in electronic cipher device and corresponds to
Confirmation code.
It should be noted that using the present embodiment the method, second terminal obtains the mandate that the first terminal is sent
Code after, can directly input the authorization code can programming authorization data success, repeat using the programming of the present embodiment the method not
Same target device.
A kind of authorization data processing method provided in this embodiment, the authorization data text sent by receiving first terminal
Part, the authorization data file are added obtained from dynamic key number after authorization data is encrypted in first terminal;It is detecting
After when the triggering command of the authorization data programming to target device according to authorization data file acquisition dynamic key number and encryption
Authorization data, dynamic key number is encrypted and generates dynamic code and dynamic requests code;Dynamic requests code is sent to first eventually
End makes it decrypt dynamic requests code and obtains dynamic key number, calculated according to dynamic key number and generate key code, encrypt key code authorized access code
And return to the authorization code;It decrypts the authorization code received and obtains key code;According to key code and dynamic code by encrypted authorization data
In programming decryption to target device, a authorization data can be used multiple times as a result, can safely and effectively control management, and
It is easy to operate.
The present embodiment the method is suitable for a authorization data and the scene for needing to be effectively controlled is used for multiple times, such as:
It needs to update vehicle parameter between depot and retailer.Certainly, when this algorithm is applied to management system, first terminal and second is eventually
End is required for cooperation more efficient.
Further, on the basis of the above embodiments, the step S6 may include:
Between burn writing equipment interface and onboard diagnostic system OBD be mutually authenticated by when, according to the key code and institute
Dynamic code is stated, it will be in the encrypted authorization data programming decryption to target device by burn writing equipment interface.
This is second of protection mechanism of the present embodiment the method, can more effectively improve the peace that authorization data uses
Quan Xing.
A kind of authorization data processing method provided in this embodiment, can be such that a authorization data is used multiple times, can pacify
Complete effective control management, it is easy to operate.
Fig. 2 shows a kind of flow diagram for authorization data processing method that another embodiment of the present invention provides, such as Fig. 2
It is shown, the authorization data processing method of the present embodiment, including:
P1, dynamic key number is added after authorization data is encrypted, generates authorization data file.
It is understood that the executive agent of the present embodiment is first terminal, i.e. Party B in background technology.
In a particular application, the present embodiment can use Encryption Algorithm interface, be added after authorization data is encrypted dynamic
State key number generates authorization data file.
P2, the authorization data file is sent to second terminal, so that the second terminal is according to the authorization data
Dynamic key number described in file acquisition and encrypted authorization data, are encrypted the dynamic key number, generate dynamic code and move
State request code, and return to the dynamic requests code.
P3, the dynamic requests code that second terminal is sent is received, the dynamic requests code is decrypted, obtain dynamic key
Number.
P4, generation key code is calculated according to the dynamic key number.
P5, the key code is encrypted, authorized access code, and the authorization code is sent to second terminal, so that institute
It states second terminal the authorization code is decrypted, obtains the key code, according to the key code and the dynamic code, described will add
In authorization data programming decryption to target device after close.
It is understood that during the entire process of the present embodiment the method, first terminal (i.e. Party B) is close without managing
Key, but decruption key is generated by dynamic requests code and authorization code.Although there are one the decruption keys for being directed to encryption data,
But it generates key function and belongs to irreversible surjective function, many kinds of parameters can generate the same key.And it dynamically asks every time
Ask code all by key dynamic generation, the probability of same request code is 1/4200000000th.
It is understood that in the present embodiment, first terminal generates the principle and silver of authorization code according to dynamic requests code
Capable electronic cipher device is similar, and is equivalent to an electronic cipher device per the dynamic key number in a authorization data file and compiles
Number.Each dynamic requests code can all generate a corresponding authorization code, this is equivalent to dynamic code in electronic cipher device and corresponds to really
Recognize code.
It is understood that in the present embodiment, second terminal generates corresponding according to the key code and the dynamic code
Key generates key directly by burn writing equipment Interface Controller.Burn writing equipment interface directly burns the encrypted authorization data
It writes in decryption to target device, decryption is bound with target device programming, can not programming by tracking authorized data
To target device.
It should be noted that using the present embodiment the method, second terminal obtains the mandate that the first terminal is sent
Code after, can directly input the authorization code can programming authorization data success, repeat using the programming of the present embodiment the method not
Same target device.
A kind of authorization data processing method provided in this embodiment, by the way that dynamic key number is added after being encrypted to authorization data,
It generates authorization data file cocurrent and gives second terminal, make second terminal according to authorization data file acquisition dynamic key number and encryption
Authorization data afterwards, encryption dynamic key number carry out generating dynamic code and dynamic requests code and the dynamic requests code for returning to generation;It connects
The dynamic requests code that second terminal is sent is received, decryption dynamic requests code obtains dynamic key number;It is calculated according to dynamic key number and generates key
Code;Encryption key code authorized access code is simultaneously sent to second terminal, so that second terminal decryption and authorization code obtains key code, according to key code
Encrypted authorization data programming is decrypted into target device with dynamic code, a authorization data can repeatedly be made as a result,
With can safely and effectively control management, and easy to operate.
The present embodiment the method is suitable for a authorization data and the scene for needing to be effectively controlled is used for multiple times, such as:
It needs to update vehicle parameter between depot and retailer.Certainly, when this algorithm is applied to management system, first terminal and second is eventually
End is required for cooperation more efficient.
Fig. 3 shows a kind of structural schematic diagram for authorization data processing unit that one embodiment of the invention provides, this implementation
Example the method is applied to second terminal (Party A i.e. in background technology), as shown in figure 3, the authorization data processing of the present embodiment
Device, including:Receiving module 31, acquisition module 32, the first generation module 33, the first sending module 34, the first deciphering module 35
With programming module 36;Wherein:
The receiving module 31, the authorization data file for receiving first terminal transmission, the authorization data file are
The first terminal is added after authorization data is encrypted obtained from dynamic key number;
The acquisition module 32, if for detecting the triggering command of the authorization data programming to target device,
According to the authorization data file, the dynamic key number and encrypted authorization data are obtained;
First generation module 33 generates dynamic code and dynamic requests code for the dynamic key number to be encrypted;
First sending module 34, for the dynamic requests code to be sent to the first terminal, so that described
Dynamic requests code described in one terminal-pair is decrypted, and obtains the dynamic key number, is calculated according to the dynamic key number and generates key code,
The key code is encrypted, authorized access code, and returns to the authorization code;
First deciphering module 35, the authorization code sent for receiving the first terminal, carries out the authorization code
Decryption, obtains the key code;
The programming module 36, for according to the key code and the dynamic code, the encrypted authorization data to be burnt
It writes in decryption to target device.
Specifically, the receiving module 31 receives the authorization data file that first terminal is sent, the authorization data file
It is to be added obtained from dynamic key number after authorization data is encrypted in the first terminal;If the acquisition module 32 detects
By the triggering command of the authorization data programming to target device, then according to the authorization data file, the dynamic key is obtained
Number and encrypted authorization data;The dynamic key number is encrypted in first generation module 33, generates dynamic code and moves
State request code;The dynamic requests code is sent to the first terminal by first sending module 34, so that described first is whole
The dynamic requests code is decrypted in end, obtains the dynamic key number, is calculated according to the dynamic key number and generates key code, to institute
It states key code to be encrypted, authorized access code, and returns to the authorization code;First deciphering module 35 receives the first terminal
The authorization code is decrypted in the authorization code of transmission, obtains the key code;The programming module 36 is according to the key code and institute
Dynamic code is stated, it will be in the encrypted authorization data programming decryption to target device.
In a particular application, the programming module 36 can pass through burn writing equipment according to the key code and the dynamic code
Interface, will be in the encrypted authorization data programming decryption to target device.
In the present embodiment, the programming module 36 generates corresponding key according to the key code and the dynamic code, raw
At key directly by burn writing equipment Interface Controller.Burn writing equipment interface directly arrives the encrypted authorization data programming decryption
In target device, decryption with target device programming bind, even if by track authorized data can not programming set to target
It is standby.
It is understood that in the present embodiment, the first terminal (i.e. Party B) is not necessarily to manage key, but by dynamic
State request code and authorization code generate decruption key.Although there are one the decruption keys for being directed to encryption data, key letter is generated
Number belongs to irreversible surjective function, and many kinds of parameters can generate the same key.And dynamic requests code all passes through key every time
Number dynamic generation, the probability of same request code is 1/4200000000th.
It is understood that in the present embodiment, the first terminal generates the principle of authorization code according to dynamic requests code
It is similar to the electronic cipher device of bank, and it is equivalent to an electronic cipher per the dynamic key number in a authorization data file
Device is numbered.Each dynamic requests code can all generate a corresponding authorization code, this is equivalent to dynamic code in electronic cipher device and corresponds to
Confirmation code.
It should be noted that using the present embodiment described device, second terminal obtains the mandate that the first terminal is sent
Code after, can directly input the authorization code can programming authorization data success, repeat using the programming of the present embodiment the method not
Same target device.
A kind of authorization data processing unit provided in this embodiment is applied to second terminal, can make a authorization data
It is used multiple times, can safely and effectively control management, it is easy to operate.
The present embodiment described device is suitable for a authorization data and the scene for needing to be effectively controlled is used for multiple times, such as:
It needs to update vehicle parameter between depot and retailer.Certainly, when this algorithm is applied to management system, first terminal and second is eventually
End is required for cooperation more efficient.
Further, on the basis of the above embodiments, the programming module 36, can be specifically used for
Between burn writing equipment interface and onboard diagnostic system OBD be mutually authenticated by when, according to the key code and institute
Dynamic code is stated, it will be in the encrypted authorization data programming decryption to target device by burn writing equipment interface.
This is second of protection mechanism of the present embodiment described device, can more effectively improve the peace that authorization data uses
Quan Xing.
A kind of authorization data processing unit provided in this embodiment is applied to second terminal, can make a authorization data
It is used multiple times, can safely and effectively control management, it is easy to operate.
The authorization data processing unit of the present embodiment can be used for executing the technical side of embodiment of the method shown in earlier figures 1
Case, implementing principle and technical effect are similar, and details are not described herein again.
Fig. 4 shows a kind of structural schematic diagram for authorization data processing unit that another embodiment of the present invention provides, this reality
It applies the method and is applied to first terminal (Party B i.e. in background technology), as shown in figure 4, at the authorization data of the present embodiment
Device is managed, including:Second generation module 41, the second sending module 42, the second deciphering module 43, third generation module 44 and third
Sending module 45;Wherein:
Second generation module 41 generates authorization data for dynamic key number to be added after authorization data is encrypted
File;
Second sending module 42, for the authorization data file to be sent to second terminal, so that described second
Terminal carries out the dynamic key number according to dynamic key number described in the authorization data file acquisition and encrypted authorization data
Encryption generates dynamic code and dynamic requests code, and returns to the dynamic requests code;
Second deciphering module 43, the dynamic requests code for receiving second terminal transmission, to the dynamic requests code
It is decrypted, obtains dynamic key number;
The third generation module 44 generates key code for being calculated according to the dynamic key number;
The third sending module 45, for the key code to be encrypted, authorized access code, and the authorization code is sent out
Give second terminal, so that the authorization code is decrypted in the second terminal, obtain the key code, according to the key code and
The dynamic code, will be in the encrypted authorization data programming decryption to target device.
Specifically, dynamic key number is added after authorization data is encrypted in second generation module 41, generates and authorizes number
According to file;The authorization data file is sent to second terminal by second sending module 42, so that the second terminal root
According to dynamic key number described in the authorization data file acquisition and encrypted authorization data, the dynamic key number is encrypted,
Dynamic code and dynamic requests code are generated, and returns to the dynamic requests code;Second deciphering module 43 receives second terminal hair
The dynamic requests code is decrypted in the dynamic requests code sent, obtains dynamic key number;The third generation module 44 is according to institute
It states dynamic key number and calculates generation key code;The key code is encrypted in the third sending module 45, authorized access code, and by institute
It states authorization code and is sent to second terminal, so that the authorization code is decrypted in the second terminal, obtain the key code, according to
The key code and the dynamic code, will be in the encrypted authorization data programming decryption to target device.
In a particular application, second generation module 41 can use Encryption Algorithm interface, add to authorization data
Dynamic key number is added after close, generates authorization data file.
It is understood that in the present embodiment, first terminal (i.e. Party B) is not necessarily to manage key, but by dynamically asking
Code and authorization code is asked to generate decruption key.Although there are one the decruption keys for being directed to encryption data, key function category is generated
In irreversible surjective function, many kinds of parameters can generate the same key.And dynamic requests code is all dynamic by key number every time
State generates, and the probability of same request code is 1/4200000000th.
It is understood that in the present embodiment, first terminal generates the principle and silver of authorization code according to dynamic requests code
Capable electronic cipher device is similar, and is equivalent to an electronic cipher device per the dynamic key number in a authorization data file and compiles
Number.Each dynamic requests code can all generate a corresponding authorization code, this is equivalent to dynamic code in electronic cipher device and corresponds to really
Recognize code.
It is understood that in the present embodiment, second terminal generates corresponding according to the key code and the dynamic code
Key generates key directly by burn writing equipment Interface Controller.Burn writing equipment interface directly burns the encrypted authorization data
It writes in decryption to target device, decryption is bound with target device programming, can not programming by tracking authorized data
To target device.
It should be noted that using the present embodiment described device, second terminal obtains the mandate that the first terminal is sent
Code after, can directly input the authorization code can programming authorization data success, can the different target device of programming.
A kind of authorization data processing unit provided in this embodiment is applied to first terminal, can make a authorization data
It is used multiple times, can safely and effectively control management, it is easy to operate.
The present embodiment described device is suitable for a authorization data and the scene for needing to be effectively controlled is used for multiple times, such as:
It needs to update vehicle parameter between depot and retailer.Certainly, when this algorithm is applied to management system, first terminal and second is eventually
End is required for cooperation more efficient.
The authorization data processing unit of the present embodiment can be used for executing the technical side of embodiment of the method shown in earlier figures 2
Case, implementing principle and technical effect are similar, and details are not described herein again.
Fig. 5 shows the entity structure schematic diagram for a kind of electronic equipment that one embodiment of the invention provides, as shown in figure 5,
The electronic equipment may include:First processor 501, first memory 502, the first bus 503 and it is stored in first memory
On 502 and the computer program that can be run on first processor 501;
Wherein, the first processor 501 and first memory 502 are completed mutual by first bus 503
Communication;
The first processor 501 realizes the side that above-mentioned each method embodiment is provided when executing the computer program
Method, such as including:The authorization data file that first terminal is sent is received, the authorization data file is the first terminal to awarding
Flexible strategy are added according to after being encrypted obtained from dynamic key number;If detecting touching the authorization data programming to target device
Send instructions, then according to the authorization data file, obtains the dynamic key number and encrypted authorization data;To the dynamic key
It number is encrypted, generates dynamic code and dynamic requests code;The dynamic requests code is sent to the first terminal, so that described
The dynamic requests code is decrypted in first terminal, obtains the dynamic key number, is calculated according to the dynamic key number and generates key
Code, is encrypted the key code, authorized access code, and return to the authorization code;Receive the mandate that the first terminal is sent
Code, is decrypted the authorization code, obtains the key code;It, will be described encrypted according to the key code and the dynamic code
In authorization data programming decryption to target device.
The embodiment of the present invention provides a kind of non-transient computer readable storage medium, is stored thereon with computer program, should
Realize the method that embodiment of the method is provided shown in above-mentioned Fig. 1 when computer program is executed by processor, such as including:Receive the
The authorization data file that one terminal is sent, the authorization data file are added after authorization data is encrypted in the first terminal
Enter obtained from dynamic key number;If detecting the triggering command of the authorization data programming to target device, according to
Authorization data file obtains the dynamic key number and encrypted authorization data;The dynamic key number is encrypted, is generated dynamic
State code and dynamic requests code;The dynamic requests code is sent to the first terminal, so that the first terminal is to described dynamic
State request code is decrypted, and obtains the dynamic key number, is calculated according to the dynamic key number and generates key code, is carried out to the key code
Encryption, authorized access code, and return to the authorization code;Receive the authorization code that the first terminal is sent, to the authorization code into
Row decryption, obtains the key code;According to the key code and the dynamic code, the encrypted authorization data programming decryption is arrived
In target device.
Fig. 6 shows the entity structure schematic diagram for a kind of electronic equipment that another embodiment of the present invention provides, such as Fig. 6 institutes
Show, which may include:Second processor 601, second memory 602, the second bus 603 and it is stored in the second storage
On device 602 and the computer program that can be run in second processor 601;
Wherein, the second processor 601 and second memory 602 are completed mutual by second bus 603
Communication;
The second processor 601 realizes the side that above-mentioned each method embodiment is provided when executing the computer program
Method, such as including:Dynamic key number is added after authorization data is encrypted, generates authorization data file;By the authorization data
File is sent to second terminal, so that the second terminal is according to dynamic key number described in the authorization data file acquisition and encryption
The dynamic key number is encrypted in authorization data afterwards, generates dynamic code and dynamic requests code, and return to the dynamic requests
Code;The dynamic requests code that second terminal is sent is received, the dynamic requests code is decrypted, obtains dynamic key number;According to institute
It states dynamic key number and calculates generation key code;The key code is encrypted, authorized access code, and the authorization code is sent to second
Terminal obtains the key code so that the authorization code is decrypted in the second terminal, according to the key code and the dynamic
Code, will be in the encrypted authorization data programming decryption to target device.
The embodiment of the present invention provides a kind of non-transient computer readable storage medium, is stored thereon with computer program, should
Realize the method that embodiment of the method is provided shown in above-mentioned Fig. 2 when computer program is executed by processor, such as including:To authorizing
Dynamic key number is added after being encrypted in data, generates authorization data file;The authorization data file is sent to second terminal,
So that the second terminal is according to dynamic key number described in the authorization data file acquisition and encrypted authorization data, to described
Dynamic key number is encrypted, and generates dynamic code and dynamic requests code, and return to the dynamic requests code;Second terminal is received to send
Dynamic requests code, the dynamic requests code is decrypted, obtain dynamic key number;It is calculated according to the dynamic key number and generates key
Code;The key code is encrypted, authorized access code, and the authorization code is sent to second terminal, so that described second is whole
The authorization code is decrypted in end, obtains the key code, according to the key code and the dynamic code, encrypted is awarded described
Flexible strategy are decrypted according to programming into target device.
It should be understood by those skilled in the art that, embodiments herein can be provided as method, apparatus or computer program
Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the application
Apply the form of example.Moreover, the application can be used in one or more wherein include computer usable program code computer
The computer program production implemented in usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.)
The form of product.
The application be with reference to according to the method, apparatus of the embodiment of the present application and the flow chart of computer program product and/or
Block diagram describes.It should be understood that each flow that can be realized by computer program instructions in flowchart and/or the block diagram and/or
The combination of flow and/or box in box and flowchart and/or the block diagram.These computer program instructions can be provided to arrive
All-purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices processor to generate one
Machine so that the instruction executed by computer or the processor of other programmable data processing devices generates flowing
The device/system for the function of being specified in one flow of journey figure or multiple flows and/or one box of block diagram or multiple boxes.
These computer program instructions, which may also be stored in, can guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works so that instruction generation stored in the computer readable memory includes referring to
Enable the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one box of block diagram or
The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device so that count
Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, in computer or
The instruction executed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one
The step of function of being specified in a box or multiple boxes.
It should be noted that herein, relational terms such as first and second and the like are used merely to a reality
Body or operation are distinguished with another entity or operation, are deposited without necessarily requiring or implying between these entities or operation
In any actual relationship or order or sequence.Moreover, the terms "include", "comprise" or its any other variant are intended to
Non-exclusive inclusion, so that the process, method, article or equipment including a series of elements is not only wanted including those
Element, but also include other elements that are not explicitly listed, or further include for this process, method, article or equipment
Intrinsic element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that
There is also other identical elements in process, method, article or equipment including the element.The fingers such as term "upper", "lower"
The orientation or positional relationship shown is to be based on the orientation or positional relationship shown in the drawings, and is merely for convenience of the description present invention and simplifies
Description, does not indicate or imply the indicated device or element must have a particular orientation, with specific azimuth configuration and behaviour
Make, therefore is not considered as limiting the invention.Unless otherwise clearly defined and limited, term " installation ", " connected ",
" connection " shall be understood in a broad sense, for example, it may be being fixedly connected, may be a detachable connection, or be integrally connected;Can be
Mechanical connection can also be electrical connection;It can be directly connected, can also can be indirectly connected through an intermediary two
Connection inside element.For the ordinary skill in the art, above-mentioned term can be understood at this as the case may be
Concrete meaning in invention.
In the specification of the present invention, numerous specific details are set forth.Although it is understood that the embodiment of the present invention can
To put into practice without these specific details.In some instances, well known method, structure and skill is not been shown in detail
Art, so as not to obscure the understanding of this description.Similarly, it should be understood that disclose in order to simplify the present invention and helps to understand respectively
One or more of a inventive aspect, in the above description of the exemplary embodiment of the present invention, each spy of the invention
Sign is grouped together into sometimes in single embodiment, figure or descriptions thereof.However, should not be by the method solution of the disclosure
It releases and is intended in reflection is following:The feature that i.e. the claimed invention requirement ratio is expressly recited in each claim is more
More features.More precisely, as the following claims reflect, inventive aspect is to be less than single reality disclosed above
Apply all features of example.Therefore, it then follows thus claims of specific implementation mode are expressly incorporated in the specific implementation mode,
Wherein each claim itself is as a separate embodiment of the present invention.It should be noted that in the absence of conflict, this
The feature in embodiment and embodiment in application can be combined with each other.The invention is not limited in any single aspect,
It is not limited to any single embodiment, is also not limited to the arbitrary combination and/or displacement of these aspects and/or embodiment.And
And can be used alone of the invention each aspect and/or embodiment or with other one or more aspects and/or its implement
Example is used in combination.
Finally it should be noted that:The above embodiments are only used to illustrate the technical solution of the present invention., rather than its limitations;To the greatest extent
Present invention has been described in detail with reference to the aforementioned embodiments for pipe, it will be understood by those of ordinary skill in the art that:Its according to
So can with technical scheme described in the above embodiments is modified, either to which part or all technical features into
Row equivalent replacement;And these modifications or replacements, various embodiments of the present invention technology that it does not separate the essence of the corresponding technical solution
The range of scheme should all cover in the claim of the present invention and the range of specification.
Claims (10)
1. a kind of authorization data processing method, which is characterized in that including:
Receive the authorization data file that first terminal is sent, the authorization data file be the first terminal to authorization data into
It is added obtained from dynamic key number after row encryption;
If detecting the triggering command of the authorization data programming to target device, according to the authorization data file, obtain
Take the dynamic key number and encrypted authorization data;
The dynamic key number is encrypted, dynamic code and dynamic requests code are generated;
The dynamic requests code is sent to the first terminal, so that the first terminal solves the dynamic requests code
It is close, the dynamic key number is obtained, is calculated according to the dynamic key number and generates key code, the key code is encrypted, is authorized
Code, and return to the authorization code;
The authorization code that the first terminal is sent is received, the authorization code is decrypted, the key code is obtained;
It, will be in the encrypted authorization data programming decryption to target device according to the key code and the dynamic code.
2., will be described according to the method described in claim 1, it is characterized in that, described according to the key code and the dynamic code
In encrypted authorization data programming decryption to target device, including:
According to the key code and the dynamic code, the encrypted authorization data programming decryption is arrived by burn writing equipment interface
In target device.
3. according to the method described in claim 2, it is characterized in that, described according to the key code and the dynamic code, pass through burning
Write device interface decrypts the encrypted authorization data programming into target device, including:
Between burn writing equipment interface and onboard diagnostic system OBD be mutually authenticated by when, according to the key code and described dynamic
State code, will be in the encrypted authorization data programming decryption to target device by burn writing equipment interface.
4. a kind of authorization data processing method, which is characterized in that including:
Dynamic key number is added after authorization data is encrypted, generates authorization data file;
The authorization data file is sent to second terminal, so that the second terminal is according to the authorization data file acquisition
The dynamic key number and encrypted authorization data, are encrypted the dynamic key number, generate dynamic code and dynamic requests code,
And return to the dynamic requests code;
The dynamic requests code that second terminal is sent is received, the dynamic requests code is decrypted, obtains dynamic key number;
It is calculated according to the dynamic key number and generates key code;
The key code is encrypted, authorized access code, and the authorization code is sent to second terminal, so that described second is whole
The authorization code is decrypted in end, obtains the key code, according to the key code and the dynamic code, encrypted is awarded described
Flexible strategy are decrypted according to programming into target device.
5. a kind of authorization data processing unit is applied to second terminal, which is characterized in that including:
Receiving module, the authorization data file for receiving first terminal transmission, the authorization data file are described first whole
End is added after authorization data is encrypted obtained from dynamic key number;
If acquisition module is awarded for detecting the triggering command of the authorization data programming to target device according to
Data file is weighed, the dynamic key number and encrypted authorization data are obtained;
First generation module generates dynamic code and dynamic requests code for the dynamic key number to be encrypted;
First sending module, for the dynamic requests code to be sent to the first terminal, so that the first terminal is to institute
It states dynamic requests code to be decrypted, obtains the dynamic key number, calculated according to the dynamic key number and generate key code, to the key code
It is encrypted, authorized access code, and returns to the authorization code;
First deciphering module, the authorization code sent for receiving the first terminal, is decrypted the authorization code, obtains institute
State key code;
Programming module, for according to the key code and the dynamic code, the encrypted authorization data programming to be decrypted to mesh
In marking device.
6. a kind of authorization data processing unit is applied to first terminal, which is characterized in that including:
Second generation module generates authorization data file for dynamic key number to be added after authorization data is encrypted;
Second sending module, for the authorization data file to be sent to second terminal, so that the second terminal is according to institute
Dynamic key number described in authorization data file acquisition and encrypted authorization data are stated, the dynamic key number is encrypted, is generated
Dynamic code and dynamic requests code, and return to the dynamic requests code;
Second deciphering module, the dynamic requests code for receiving second terminal transmission, is decrypted the dynamic requests code, obtains
Obtain dynamic key number;
Third generation module generates key code for being calculated according to the dynamic key number;
Third sending module, for the key code to be encrypted, authorized access code, and the authorization code is sent to second eventually
End, so that the authorization code is decrypted in the second terminal, obtains the key code, according to the key code and the dynamic
Code, will be in the encrypted authorization data programming decryption to target device.
7. a kind of electronic equipment, which is characterized in that including:First processor, first memory, the first bus and it is stored in first
On memory and the computer program that can be run on first processor;
Wherein, the first processor and first memory complete mutual communication by first bus;
The first processor realizes method as claimed in any one of claims 1-3 when executing the computer program.
8. a kind of electronic equipment, which is characterized in that including:Second processor, second memory, the second bus and it is stored in second
On memory and the computer program that can be run in second processor;
Wherein, the second processor and second memory complete mutual communication by second bus;
The second processor realizes method as claimed in claim 4 when executing the computer program.
9. a kind of non-transient computer readable storage medium, which is characterized in that it is stored with computer program on the storage medium,
The computer program realizes method as claimed in any one of claims 1-3 when being executed by processor.
10. a kind of non-transient computer readable storage medium, which is characterized in that be stored with computer journey on the storage medium
Sequence, the computer program realize method as claimed in claim 4 when being executed by processor.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810344580.4A CN108629192B (en) | 2018-04-17 | 2018-04-17 | Authorization data processing method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810344580.4A CN108629192B (en) | 2018-04-17 | 2018-04-17 | Authorization data processing method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108629192A true CN108629192A (en) | 2018-10-09 |
CN108629192B CN108629192B (en) | 2020-04-10 |
Family
ID=63705253
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810344580.4A Active CN108629192B (en) | 2018-04-17 | 2018-04-17 | Authorization data processing method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108629192B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111369249A (en) * | 2020-02-25 | 2020-07-03 | 桂林微网互联信息技术有限公司 | Digital encryption authorization processing method and user terminal |
CN113158263A (en) * | 2021-04-21 | 2021-07-23 | 四川九洲电器集团有限责任公司 | Dynamic DSP function reconstruction method and device based on iButton authorization |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060190731A1 (en) * | 2005-02-22 | 2006-08-24 | Sony Corporation | Systems and methods for device registration using optical transmission |
CN103631609A (en) * | 2012-08-21 | 2014-03-12 | 广州汽车集团股份有限公司 | Method and system for refreshing vehicle-mounted ECU application program |
CN103929670A (en) * | 2014-04-30 | 2014-07-16 | 深圳市九洲电器有限公司 | Set top box programming method and system |
CN104615058A (en) * | 2015-02-05 | 2015-05-13 | 桂凌云 | Brushing and writing system of vehicle-mounted chip and brushing and writing method thereof |
CN106302379A (en) * | 2015-06-26 | 2017-01-04 | 比亚迪股份有限公司 | The authentication method of vehicle mounted electrical apparatus, system and its apparatus |
CN106506149A (en) * | 2016-11-07 | 2017-03-15 | 福建星海通信科技有限公司 | Key generation method and system between a kind of TBOX terminals and TSP platforms |
CN106685653A (en) * | 2016-12-29 | 2017-05-17 | 同济大学 | Vehicle remote firmware updating method and device based on information security technology |
-
2018
- 2018-04-17 CN CN201810344580.4A patent/CN108629192B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060190731A1 (en) * | 2005-02-22 | 2006-08-24 | Sony Corporation | Systems and methods for device registration using optical transmission |
CN103631609A (en) * | 2012-08-21 | 2014-03-12 | 广州汽车集团股份有限公司 | Method and system for refreshing vehicle-mounted ECU application program |
CN103929670A (en) * | 2014-04-30 | 2014-07-16 | 深圳市九洲电器有限公司 | Set top box programming method and system |
CN104615058A (en) * | 2015-02-05 | 2015-05-13 | 桂凌云 | Brushing and writing system of vehicle-mounted chip and brushing and writing method thereof |
CN106302379A (en) * | 2015-06-26 | 2017-01-04 | 比亚迪股份有限公司 | The authentication method of vehicle mounted electrical apparatus, system and its apparatus |
CN106506149A (en) * | 2016-11-07 | 2017-03-15 | 福建星海通信科技有限公司 | Key generation method and system between a kind of TBOX terminals and TSP platforms |
CN106685653A (en) * | 2016-12-29 | 2017-05-17 | 同济大学 | Vehicle remote firmware updating method and device based on information security technology |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111369249A (en) * | 2020-02-25 | 2020-07-03 | 桂林微网互联信息技术有限公司 | Digital encryption authorization processing method and user terminal |
CN113158263A (en) * | 2021-04-21 | 2021-07-23 | 四川九洲电器集团有限责任公司 | Dynamic DSP function reconstruction method and device based on iButton authorization |
Also Published As
Publication number | Publication date |
---|---|
CN108629192B (en) | 2020-04-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108462568B (en) | Block chain-based secure file storage and sharing method and cloud storage system | |
CN110473094B (en) | Data authorization method and device based on block chain | |
CN110460439A (en) | Information transferring method, device, client, server-side and storage medium | |
CN103503366B (en) | Manage the data for authenticating device | |
CN108960825A (en) | Electric endorsement method and device, electronic equipment based on block chain | |
CN110109930A (en) | Government data storage, querying method and system based on block chain duplex structure | |
CN105516948B (en) | A kind of apparatus control method and device | |
CN110049040A (en) | To the methods, devices and systems of the control authority authorization of smart machine | |
CN103988464A (en) | System and method for key management for issuer security domain using global platform specifications | |
CN110417502A (en) | A kind of block chain nodal clock common recognition method and device | |
CN103597456A (en) | Method and apparatus for implementing memory segment access control in a distributed memory environment | |
CN110134930A (en) | Electronic contract management method, device, computer equipment and storage medium | |
CN109146489A (en) | Safe payment method, device, server and storage medium | |
CN109017676A (en) | Control method for vehicle, device and storage medium | |
CN104348820A (en) | Server, terminal and digital copyright protection content forwarding method | |
CN103294938A (en) | Access request verification method and system, authorization information generation method, hardware equipment | |
CN108629192A (en) | A kind of authorization data processing method and processing device | |
CN107896227A (en) | A kind of data calling method, device and device data cloud platform | |
CN109831435A (en) | A kind of database operation method, system and proxy server and storage medium | |
CN107769928A (en) | A kind of terminal and computer-readable recording medium | |
CN109543365A (en) | A kind of authorization method and device | |
CN111582876A (en) | Operation authentication method, device, storage medium and electronic device | |
CN101350712B (en) | Data management method and terminal | |
CN108846671B (en) | Online secure transaction method and system based on block chain | |
CN102542645A (en) | Entrance guard authentication method and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: An authorization data processing method and device Effective date of registration: 20210819 Granted publication date: 20200410 Pledgee: CITIC Bank Limited by Share Ltd. Hangzhou branch Pledgor: HANGZHOU HOPECHART IOT TECHNOLOGY Co.,Ltd. Registration number: Y2021330001185 |
|
PE01 | Entry into force of the registration of the contract for pledge of patent right |