CN108848064A - authorization management method and system - Google Patents

authorization management method and system Download PDF

Info

Publication number
CN108848064A
CN108848064A CN201810510212.2A CN201810510212A CN108848064A CN 108848064 A CN108848064 A CN 108848064A CN 201810510212 A CN201810510212 A CN 201810510212A CN 108848064 A CN108848064 A CN 108848064A
Authority
CN
China
Prior art keywords
authorization
hardware
platform
client
code
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810510212.2A
Other languages
Chinese (zh)
Other versions
CN108848064B (en
Inventor
王帮德
王涛
高飞
周冰
张园
赵向东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
WUHAN JIULE TECHNOLOGY Co Ltd
Original Assignee
WUHAN JIULE TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by WUHAN JIULE TECHNOLOGY Co Ltd filed Critical WUHAN JIULE TECHNOLOGY Co Ltd
Priority to CN201810510212.2A priority Critical patent/CN108848064B/en
Publication of CN108848064A publication Critical patent/CN108848064A/en
Application granted granted Critical
Publication of CN108848064B publication Critical patent/CN108848064B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the present application provides a kind of authorization management method and system, by adding hardware client, it is decrypted after the encrypted platform hardware ID that hardware client receives authorized client transmission, and authorization code is calculated according to the platform hardware ID after decryption, authorization code is encrypted to obtain ciphertext, and ciphertext is sent to authorized client.Authorized client is to authorized code after ciphertext decryption and sends it to embedded platform, and authorization code is stored in storage equipment by embedded platform.Verifying authorization code is generated after embedded platform restarting to verify to the authorization code of storage, after being verified, the static library file in embedded platform can be worked normally.The empowerment management scheme encrypts interactive information with realizing by adding hardware client, reduces the risk that authorization message is cracked, and avoids the drawbacks of needing the increase of management cost brought by external IC in the prior art.

Description

Authorization management method and system
Technical field
The present invention relates to embedded system development technical fields, in particular to a kind of authorization management method and system.
Background technique
In embedded system development, a function is realized, need to write source code file (.c and .h file, file Language is computer programming language, can read) embedded and its peripheral hardware is controlled, realize corresponding function.In order to protect creation The write code of person can be compiled by tool and generate static link library (.a or .lib).Only need to provide .h indexing head text in this way Part and static library file are obtained with the support of the function.This method can guarantee that developer and its institution where he works are not revealing It is used under the premise of source code for other people or other mechanisms.However simple offer static link library not can guarantee other side whether With lawful authority, so the empowerment management to static library file also necessitates.In the prior art frequently with external IC or Be authorization is verified by Encryption Algorithm, but the mode of external IC increases management cost, and in the prior art often Cipher mode cracks that difficulty is lower, and safety is poor.
Summary of the invention
In view of this, the purpose of the application is, a kind of authorization management method and system are provided to improve the above problem.
The embodiment of the present application provides a kind of authorization management method, is applied to authentication management system, the authentication management system Hardware client and embedded platform including authorized client and with authorized client communication connection, the method packet It includes:
The embedded platform is after receiving the authorized order that the authorized client is sent, by the embedded platform Platform hardware ID be back to the authorized client;
The authorized client encrypts the platform hardware ID, encrypted platform hardware ID is sent to described Hardware client;
Encrypted platform hardware ID is decrypted in the hardware client, is calculated according to the platform hardware ID after decryption Authorized code, and the authorization code is encrypted to obtain ciphertext, the ciphertext is sent to the authorized client;
The ciphertext is decrypted for authorization to code in the authorized client, and the authorization code is sent to described Embedded platform;
The authorization code received is stored in storage equipment by the embedded platform;
The embedded platform is verified the authorization code in the storage equipment, after restarting if verifying is logical It crosses, then static library file in the embedded platform works normally, if verifying does not pass through, the static state library file not work Make.
Optionally, after the step of encrypted platform hardware ID is decrypted in the hardware client, the method Further include:
The hardware client is updated the authorization number of the static library file in the embedded platform of storage, And store-updated authorization number.
Optionally, after the step of encrypted platform hardware ID is decrypted in the hardware client, the method Further include:
Whether the authorization number that the hardware client detects the static library file in the embedded platform reaches default Upper limit value determines that authorization does not pass through, and terminate authorization flow if reaching the preset upper limit value.
Optionally, the step of authorization code is calculated in the platform hardware ID according to after decryption, including:
The hardware client generates random number, using the random number as encryption factor;
It is searched to obtain ciphertext array according to the encryption factor, the ciphertext array and the platform hardware ID is added Close calculating is for authorization to code.
Optionally, described to be searched to obtain ciphertext array according to the encryption factor, to the ciphertext array and the platform Hardware ID carries out the step of computations are for authorization to code, including:
It is corresponding close to obtain the encryption factor that table lookup operation is carried out to the black list prestored according to the encryption factor Literary array;
The authorized array of computing with encrypted functions is utilized according to the platform hardware ID and the ciphertext array;
The authorization array is recombinated, and the specific bit of authorization array in the reassembled be added the encryption factor with Authorized code.
Optionally, the embedded platform verifies the authorization code in the storage equipment after restarting Step, including:
The embedded platform obtains the corresponding authorization of platform hardware ID from the storage equipment after restarting Code;
The specific bit of the authorization code is read to obtain the encryption factor in the authorization code, and according to the encryption factor Authorization code is verified with the platform hardware ID;
It is whether consistent with the authorization code to detect the verifying authorization code, if unanimously, decision verification passes through.
Optionally, described the step of authorization code is verified according to the encryption factor and the platform hardware ID, including:
Using the encryption factor obtained as the ciphertext table in the static library file that search index stores the encryption because The corresponding encryption array of son;
The platform hardware ID and the encryption array are encrypted for authorization to array using Encryption Algorithm;
The authorization array is recombinated, and the specific bit of authorization array in the reassembled be added the encryption factor with It is verified authorization code.
The embodiment of the present application also provides a kind of authentication management system, the authentication management system include authorized client and With the hardware client and embedded platform of authorized client communication connection:
The embedded platform is used to receive the authorized order that the authorized client is sent, and is obtained according to the authorized order Platform hardware ID is obtained, and the platform hardware ID is back to the authorized client;
Encrypted platform hardware ID is sent to by the authorized client for encrypting to the platform hardware ID The hardware client;
The hardware client is for being decrypted encrypted platform hardware ID, according to the platform hardware ID after decryption Authorization code is calculated, and the authorization code is encrypted to obtain ciphertext, the ciphertext is sent to the authorization visitor Family end;
The authorization code is sent to by the authorized client for being decrypted the ciphertext for authorization to code The embedded platform;
The embedded platform is used to be stored in the authorization code received in storage equipment;
The embedded platform is used for after restarting, is verified to the authorization code in the storage equipment, if testing Card passes through, then the static library file in the embedded platform works normally, if verifying does not pass through, the static state library file is not Work.
Optionally, the hardware client is also used to the authorization of the static library file in the embedded platform to storage Number is updated, and store-updated authorization number.
Optionally, the hardware client is also used to detect the authorization number of the static library file in the embedded platform Whether reach preset upper limit value, if reaching the preset upper limit value, determines that authorization does not pass through, and terminate authorization flow.
Authorization management method provided by the embodiments of the present application and system, by adding hardware client, in hardware client It is decrypted after receiving the encrypted platform hardware ID of authorized client transmission, and according to the platform hardware after decryption Authorization code is calculated in ID, is encrypted to authorization code to obtain ciphertext, and ciphertext is sent to authorized client.Authorize client End is to authorized code after ciphertext decryption and sends it to embedded platform, and authorization code is stored in storage and set by embedded platform In standby.After embedded platform restarting, verifying authorization code is generated to verify to the authorization code of storage, is being verified Afterwards, the static library file in embedded platform can work normally.The empowerment management scheme, by adding hardware client to realize Interactive information is encrypted, the risk that is cracked of authorization message is reduced, and avoids and needs external IC institute in the prior art The drawbacks of bring management cost increases.
To enable the above objects, features and advantages of the present invention to be clearer and more comprehensible, preferred embodiment is cited below particularly, and cooperate Appended attached drawing, is described in detail below.
Detailed description of the invention
In order to illustrate the technical solution of the embodiments of the present invention more clearly, below will be to needed in the embodiment attached Figure is briefly described, it should be understood that the following drawings illustrates only certain embodiments of the present invention, therefore is not construed as pair The restriction of range for those of ordinary skill in the art without creative efforts, can also be according to this A little attached drawings obtain other relevant attached drawings.
Fig. 1 is the application scenarios schematic diagram of authorization management method provided by the embodiments of the present application.
Fig. 2 is the flow chart of authorization management method provided by the embodiments of the present application.
Fig. 3 is the flow chart of the sub-step of step S130 in Fig. 2.
Fig. 4 is the flow chart of the sub-step of step S150 in Fig. 2.
Fig. 5 is the flow chart of the sub-step of step S152 in Fig. 4.
Fig. 6 is the interaction schematic diagram of authorized client provided by the embodiments of the present application, hardware client and embedded platform.
Icon:100- authorized client;200- hardware client;300- embedded platform.
Specific embodiment
Inventor it has been investigated that, in the prior art the common authorization method of embedded system including the use of encryption IC carry out Authority checking.But which needs external IC, increases cost for the use of library file.Meanwhile external IC generally utilize with Machine number is verified, but the generation of random number needs to rely on platform generation, and static library file be unable to completely control, and platform is reset It can be allowed to generate fixed numerical value after to random number generation function, the encipherment scheme can be cracked, in summary two o'clock, the party Case is not suitable for the authorization of static library file.
In addition, authorization code Key1 is also generated using the hardware ID of embedded platform using authorized client in the prior art, Embedded device receives client and sends the storage that authorization code carries out FLASH.In actual use, it is calculated by ID Key2 judges whether that authorization is reasonable by comparing Key1 and Key2.But because static library platform dependent is run, authorization The be stored in FLASH of code is that FLASH, ID and the Key of platform are in plain text, it is lower to crack difficulty for platform.
Find that the embodiment of the present invention provides a kind of empowerment management scheme, by adding hardware client based on the studies above To realize the encryption to the information of transmission, and platform hardware ID and ciphertext data authorized access code are utilized, to increase Encryption Algorithm Crack difficulty, thus realize to management authorization library file effective management.
Below in conjunction with attached drawing in the embodiment of the present invention, technical solution in the embodiment of the present invention carries out clear, complete Ground description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.Usually exist The component of the embodiment of the present invention described and illustrated in attached drawing can be arranged and be designed with a variety of different configurations herein.
Therefore, the detailed description of the embodiment of the present invention provided in the accompanying drawings is not intended to limit below claimed The scope of the present invention, but be merely representative of selected embodiment of the invention.Based on the embodiment of the present invention, those skilled in the art Member's every other embodiment obtained without making creative work, shall fall within the protection scope of the present invention.
It should be noted that:Similar label and letter indicate similar terms in following attached drawing, therefore, once a certain Xiang Yi It is defined in a attached drawing, does not then need that it is further defined and explained in subsequent attached drawing.
Referring to Fig. 1, being the application scenarios schematic diagram of authorization management method provided in an embodiment of the present invention.The scene includes Authentication management system, the system include authorized client 100, hardware client 200 and embedded platform 300.The authorization Client 100 is communicated to connect with the hardware client 200 and the embedded platform 300 respectively, with realize data transmission and Interaction.In the present embodiment, the authorized client 100 may include multiple, multiple authorized clients 100 respectively with institute It states hardware client 200 and the embedded platform 300 communicates to connect.In the present embodiment, the authorized client 100 can be with Including but not limited to, the terminal devices such as computer, laptop, smart phone, the hardware client 200 are specific use In the terminal device for generating authorization code and being counted to authorization number.The embedded platform 300 is to be stored with static library The service platform of file.
Referring to Fig. 2, being a kind of empowerment management side applied to above-mentioned authentication management system provided in an embodiment of the present invention The flow chart of method.It should be noted that method provided by the invention is not limitation with Fig. 2 and specific order as described below.Under Each step shown in Figure 2 will be described in detail in face.
Step S110, the embedded platform 300 after receiving the authorized order that the authorized client 100 is sent, The platform hardware ID of the embedded platform 300 is back to the authorized client 100.
In the present embodiment, empowerment management can be divided into initialization and using two big steps of management, during initialization, authorization The user of client 100 can send authorized order to the embedded platform 300 by the authorized client 100.Wherein, institute The synthesis that embedded platform 300 is hardware and software is stated, is stored with static library file in the embedded platform 300, this is quiet State library file is reproducible, therefore need to carry out empowerment management, after authorization passes through, the embedded platform 300 to embedded platform 300 In static library file can just work normally, in this way, static library file is avoided infinitely to be used.Each embedded platform 300 With unique platform hardware ID.The embedded platform 300 is in the authorized order for receiving the transmission of authorized client 100 Afterwards, the platform hardware ID of embedded platform 300 is back to the authorized client 100.
Step S120, the authorized client 100 encrypt the platform hardware ID, by encrypted platform hardware ID is sent to the hardware client 200.
Encrypted platform hardware ID is decrypted in step S130, the hardware client 200, according to flat after decryption Authorization code is calculated in platform hardware ID, and is encrypted to obtain ciphertext to the authorization code, and the ciphertext is sent to institute State authorized client 100.
The authorized client 100 is after receiving the platform hardware ID that the embedded platform 300 returns, to described flat Platform hardware ID is encrypted, such as symmetric encipherment algorithm, rivest, shamir, adelman either Hash Encryption Algorithm etc..It is encrypted Platform hardware ID is sent to the hardware client 200.
The hardware client 200 can be used and the authorized client after receiving encrypted platform hardware ID The platform hardware ID is decrypted in 100 corresponding decipherment algorithms.
After the platform hardware ID after being decrypted, the hardware client 200 is counted according to the platform hardware ID after decryption Calculate authorized code.It should be noted that in the present embodiment, after the hardware client 200 decryption obtains platform hardware ID, The authorization number of the static library file in the embedded platform 300 can be also managed.Optionally, the hardware client It is stored with the authorization number of the static library file in the embedded platform 300 in 200, and constantly it is updated.Therefore, It, can be in the storage embedded platform 300 after received platform hardware ID is decrypted in the hardware client 200 The authorization number of static library file is updated, and store-updated authorization number.
In the present embodiment, in order to which the static library file being effectively ensured in embedded platform 300 uses in effective range, because This, in the present embodiment, the hardware client 200 can authorization number to the static library file in embedded platform 300 into Row management.It can be seen from the above, the authorization for the static library file being stored in the hardware client 200 in embedded platform 300 Number, therefore, the hardware client 200 can detect in the embedded platform 300 after obtaining the platform hardware ID Whether the authorization number of static library file reaches preset upper limit value.If reaching the preset upper limit value, it can determine that authorization is not led to It crosses, to terminate this authorization flow.If on the authorization number of the static library file in the embedded platform 300 not up to authorizes Limit value can then continue follow-up process.Optionally, the hardware client 200 is calculated according to the platform hardware ID after decryption Authorization code, and the authorization code is encrypted to obtain ciphertext, the ciphertext is sent to the authorized client 100. Likewise, any one in symmetric cryptography, asymmetric encryption either Hash Encryption Algorithm can be used in encryption herein.
Referring to Fig. 3, in the present embodiment, the hardware client 200 is calculated according to the platform hardware ID after decryption It can be executed to the step of authorization code by following sub-step:
Step S131, the hardware client 200 generates random number, using the random number as encryption factor.
Step S132 searches to obtain ciphertext array according to the encryption factor, to the ciphertext array and the platform hard Part ID carries out computations for authorization to code.
In the present embodiment, the ciphertext list including multiple groups constant array, hardware visitor are stored in the hardware client 200 Family end 200 can produce a random number, using the random number as encryption factor n.Hardware visitor is searched using encryption factor n as index Ciphertext list in family end 200 is to obtain ciphertext array N [n] corresponding with encryption factor n.Also, it can be close to what is found Literary array N [n] and platform hardware ID carry out computations for authorization to code.
In the present embodiment, encryption algorithm F (ID, N can be utilized according to the platform hardware ID and the ciphertext array N [n] [n]) authorization array Key_value is calculated.Wherein, Encryption Algorithm in the prior art can be used in the Encryption Algorithm, this Embodiment does not repeat.After authorized array Key_value, the hardware client 200 can be to the authorization array Key_value is recombinated, and the specific bit of authorization array Key_value in the reassembled, such as K are added above-mentioned add Close factor of n is to form authorization code.
The ciphertext is decrypted for authorization to code in step S140, the authorized client 100, and by the authorization Code is sent to the embedded platform 300.
The authorization code received is stored in storage equipment by step S150, the embedded platform 300.
Step S160, the embedded platform 300 test the authorization code in the storage equipment after restarting Card, if being verified, the static library file in the embedded platform 300 is worked normally, described quiet if verifying does not pass through State library file does not work.
In the present embodiment, the authorized client 100 is receiving the encrypted of the transmission of hardware client 200 After authorization code, it is decrypted for authorization to code using corresponding decipherment algorithm, and the authorization code is sent to described Embedded platform 300.
The embedded platform 300 is stored in storage equipment receiving the authorization code for the authorization code.This reality It applies in example, in the use management process of authorization, i.e., the described embedded platform 300 calls static library file after restarting When, the authorization code of storage need to be verified, after being verified, static library file can just be worked normally.Optionally, it please refers to Fig. 4, in the present embodiment, the embedded platform 300 can verify the authorization code by following steps:
Step S151, the embedded platform 300 obtain the corresponding authorization code of platform hardware ID from the storage equipment.
Step S152 reads the specific bit of the authorization code to obtain the encryption factor in the authorization code, and according to institute It states encryption factor and the platform hardware ID is verified authorization code.
It is whether consistent with the authorization code to detect the verifying authorization code by step S153, if unanimously, decision verification is logical It crosses.
In the present embodiment, it is stored with proving program in the static state library file, it can be to embedded flat using the proving program Authorization code in platform 300 is verified.The process that authorization code need to be generated with reference to hardware client 200 in verifying, i.e., by inverse Whether consistent both encryption factor is obtained to mode, then the verifying authorization code locally generated using Encryption Algorithm, then detected Therefore, it is determined that whether the authorization code is effective.
It can be seen from the above, the embedded platform 300 is deposited after the authorization code for receiving the transmission of authorized client 100 Storage is in storage equipment.When needing to verify authorization code, embedded platform 300 can be set according to platform hardware ID from storage Corresponding authorization code is obtained for middle.The specific bit of authorization code is read to obtain the encryption factor in the authorization code.It needs to illustrate , which is that specifying for the encryption factor is added in the authorization array of above-mentioned hardware client 200 in the reassembled Position.Therefore, the encryption factor that embedded platform 300 obtains at this time, as encryption caused by the hardware client 200 because Son.
Embedded platform 300 is verified authorization code according to the encryption factor and the platform hardware ID that read, wherein The process can be executed by following steps, please refer to Fig. 5:
Step S1521, using the encryption factor as the ciphertext table in the static library file that search index stores to obtain Obtain the corresponding encryption array of the encryption factor.
Step S1522 encrypts to be awarded the platform hardware ID and the encryption array using Encryption Algorithm Flexible strategy group.
Step S1523 recombinates the authorization array, and described in the specific bit addition of authorization array in the reassembled Encryption factor is to be verified authorization code.
The embedded platform 300 is searched using the encryption factor read as index in the static library file of storage Ciphertext table, wherein the ciphertext table is consistent with the black list in the hardware client 200, is equally by multiple groups constant array group At.By searching for ciphertext table to obtain encryption array corresponding with the encryption factor.And using Encryption Algorithm to the platform hard Part ID and the encryption array are encrypted for authorization to array.The authorization array is recombinated, and in the reassembled Authorize the specific bit of array that the encryption factor is added to be verified authorization code.Wherein, add used by embedded platform 300 Close algorithm is identical as the Encryption Algorithm that the hardware client 200 uses, also, the embedded platform 300 is described in the recombination Upsetting for using when authorizing array is regular identical with rule is upset used by the hardware client 200.The specific bit is For the above-mentioned position for extracting encryption factor from authorization code.
It should be appreciated that if the authorization code be by authorized client 100 and by hardware client 200 encrypt after be written to In embedded platform 300, then static library file is reversely obtained according to the authorization code in the embedded platform 300 encryption because Son is the encryption factor that hardware client 200 generates, also, due to the ciphertext table and hardware client in embedded platform 300 Black list in end 200 is consistent, therefore, encrypted obtained in the ciphertext table using encryption factor as index array with it is described Encryption array obtained in hardware client 200 is consistent.
Also, in the situation identical with the Encryption Algorithm that hardware client 200 uses of embedded platform 300, it is based on phase With the obtained authorization array of encryption array and platform hardware ID it is also identical.Further, using it is identical upset rule it is right After authorization array is recombinated, obtained authorization array is also consistent.After the specific bit insertion encryption factor of authorization array, embedding Enter in formula platform 300 that finally obtained verifying authorization code should be consistent with the authorization code that hardware platform generates.
Therefore, in the present embodiment, authorization code is verified to right by above step in the embedded platform 300 The authorization code being written in initialization procedure is verified.Embedded platform 300 is in the verifying authorization code and institute detected State authorization code it is consistent when, can determine that and be verified, then the static library file in the embedded platform 300 can work normally.It is no Then, static library file does not work.
In order to make those skilled in the art that empowerment management scheme provided by the present invention, the present embodiment be more clearly understood In the interactive process between the authorized client 100, hardware client 200 and embedded platform 300 is described, ask In conjunction with referring to Fig. 6.
The authorized client 100 sends authorized order to the embedded platform 300, and embedded platform 300 is by platform Hardware ID is back to the authorized client 100.The authorized client 100 encrypts the platform hardware ID, and will Encrypted platform hardware ID is sent to the hardware client 200.The hardware client 200 to the platform hardware ID into Row decryption, and whether the authorization number for detecting the static library file in embedded platform 300 reaches preset upper limit value.If reaching Preset upper limit value then terminates authorization flow.It is authorized further according to the platform hardware ID after decryption if not up to preset upper limit value Code, and the authorized client 100 is sent to after authorization code is encrypted.The authorized client 100 is receiving The authorization code is decrypted after the authorization code of ciphertext form, and the authorization code after decryption is sent to the embedded platform 300。
The embedded platform 300 is stored in storage equipment after receiving authorization code.Embedded platform 300 again After starting, need to verify the authorization code of storage.In static library file include proving program, it is storable to authorization code into Row reverse process, and encrypted again using obtained encryption factor to be verified authorization code.Detection verifying authorization code and Whether the authorization code of storage is consistent, if unanimously, can determine that authorization passes through, static library file can be worked normally.If verifying does not pass through, Then static library file does not work.
The application another preferred embodiment also provides a kind of authentication management system, and the authentication management system includes authorization visitor Family end 100 and the hardware client 200 and embedded platform 300 communicated to connect with the authorized client 100.
The embedded platform 300 is used to receive the authorized order that the authorized client 100 is sent, according to the authorization Instruction obtains platform hardware ID, and the platform hardware ID is back to the authorized client 100.
The authorized client 100 sends out encrypted platform hardware ID for encrypting to the platform hardware ID It send to the hardware client 200.
The hardware client 200 is for being decrypted encrypted platform hardware ID, according to the platform hard after decryption Authorization code is calculated in part ID, and is encrypted to obtain ciphertext to the authorization code, and the ciphertext is sent to described award Weigh client 100.
The authorized client 100 sends out the authorization code for being decrypted the ciphertext for authorization to code It send to the embedded platform 300.
The embedded platform 300 is used to be stored in the authorization code received in storage equipment.
The embedded platform 300 is used for after restarting, is verified to the authorization code in the storage equipment, if It being verified, then the static library file in the embedded platform 300 works normally, if verifying does not pass through, the static library File does not work.
Further, the hardware client 200 is also used to the static library text in the embedded platform 300 to storage The authorization number of part is updated, and store-updated authorization number.
Wherein, in the present embodiment, the hardware client 200 is also used to detect quiet in the embedded platform 300 Whether the authorization number of state library file reaches preset upper limit value, if reaching the preset upper limit value, determines that authorization does not pass through, and Terminate authorization flow.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description Specific work process, no longer can excessively be repeated herein with reference to the corresponding process in preceding method.
In conclusion authorization management method provided by the embodiments of the present application and system, by adding hardware client 200, It is decrypted after the encrypted platform hardware ID that hardware client 200 receives the transmission of authorized client 100, and root Authorization code is calculated according to the platform hardware ID after decryption, authorization code is encrypted to obtain ciphertext, and ciphertext is sent to Authorized client 100.Authorized client 100 is to authorized code after ciphertext decryption and sends it to embedded platform 300, embedding Enter formula platform 300 authorization code is stored in storage equipment.After the restarting of embedded platform 300, verifying authorization code is generated To verify to storage authorization code, after being verified, the static library file in embedded platform 300 can be worked normally.It should Empowerment management scheme encrypts interactive information with realizing by adding hardware client 200, reduces authorization message and is broken The risk of solution, and avoid the drawbacks of needing the increase of management cost brought by external IC in the prior art.
Further, platform hardware ID and encryption factor authorized access code are utilized in the empowerment management scheme, and to authorization Code is recombinated, while being inserted into encryption factor in specific bit, improves the safety of authorization code.Also, in hardware client 200 Information transmission is carried out using ciphertext between authorized client 100, it is therefore prevented that the risk that hardware client 200 is replicated.
In embodiment provided herein, it should be understood that disclosed device and method, it can also be by other Mode realize.The apparatus embodiments described above are merely exemplary, for example, the flow chart and block diagram in attached drawing are shown Architectural framework in the cards, function and the behaviour of devices in accordance with embodiments of the present invention, method and computer program product Make.In this regard, each box in flowchart or block diagram can represent a part of a module, section or code, institute The a part for stating module, section or code includes one or more executable instructions for implementing the specified logical function. It should also be noted that function marked in the box can also be to be different from attached drawing in some implementations as replacement The sequence marked occurs.For example, two continuous boxes can actually be basically executed in parallel, they sometimes can also be by Opposite sequence executes, and this depends on the function involved.It is also noted that each box in block diagram and or flow chart, And the combination of the box in block diagram and or flow chart, hardware can be based on the defined function of execution or the dedicated of movement System realize, or can realize using a combination of dedicated hardware and computer instructions.
It should be noted that, in this document, the terms "include", "comprise" or its any other variant are intended to non-row His property includes, so that the process, method, article or equipment for including a series of elements not only includes those elements, and And further include other elements that are not explicitly listed, or further include for this process, method, article or equipment institute it is intrinsic Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including institute State in the process, method, article or equipment of element that there is also other identical elements.
The foregoing is only a preferred embodiment of the present invention, is not intended to restrict the invention, for the skill of this field For art personnel, the invention may be variously modified and varied.All within the spirits and principles of the present invention, made any to repair Change, equivalent replacement, improvement etc., should all be included in the protection scope of the present invention.It should be noted that:Similar label and letter exist Similar terms are indicated in following attached drawing, therefore, once being defined in a certain Xiang Yi attached drawing, are then not required in subsequent attached drawing It is further defined and explained.
The above description is merely a specific embodiment, but scope of protection of the present invention is not limited thereto, any Those familiar with the art in the technical scope disclosed by the present invention, can easily think of the change or the replacement, and should all contain Lid is within protection scope of the present invention.Therefore, protection scope of the present invention should be based on the protection scope of the described claims.

Claims (10)

1. a kind of authorization management method, which is characterized in that be applied to authentication management system, the authentication management system includes authorization Client and the hardware client and embedded platform communicated to connect with the authorized client, the method includes:
The embedded platform is after receiving the authorized order that the authorized client is sent, by the flat of the embedded platform Platform hardware ID is back to the authorized client;
The authorized client encrypts the platform hardware ID, and encrypted platform hardware ID is sent to the hardware Client;
Encrypted platform hardware ID is decrypted in the hardware client, is calculated according to the platform hardware ID after decryption Authorization code, and the authorization code is encrypted to obtain ciphertext, the ciphertext is sent to the authorized client;
The ciphertext is decrypted for authorization to code in the authorized client, and the authorization code is sent to the insertion Formula platform;
The authorization code received is stored in storage equipment by the embedded platform;
The embedded platform verifies the authorization code in the storage equipment after restarting, if being verified, Static library file in the embedded platform works normally, if verifying does not pass through, the static state library file does not work.
2. authorization management method according to claim 1, which is characterized in that the hardware client is to encrypted platform After the step of hardware ID is decrypted, the method also includes:
The hardware client is updated the authorization number of the static library file in the embedded platform of storage, and deposits Store up updated authorization number.
3. authorization management method according to claim 1, which is characterized in that the hardware client is to encrypted platform After the step of hardware ID is decrypted, the method also includes:
Whether the authorization number that the hardware client detects the static library file in the embedded platform reaches preset upper limit Value determines that authorization does not pass through, and terminate authorization flow if reaching the preset upper limit value.
4. authorization management method according to claim 1, which is characterized in that the platform hardware ID according to after decryption is counted The step of calculating authorized code, including:
The hardware client generates random number, using the random number as encryption factor;
It is searched to obtain ciphertext array according to the encryption factor, encryption meter is carried out to the ciphertext array and the platform hardware ID It calculates for authorization to code.
5. authorization management method according to claim 4, which is characterized in that described to search to obtain according to the encryption factor Ciphertext array carries out the step of computations are for authorization to code to the ciphertext array and the platform hardware ID, including:
Table lookup operation is carried out to obtain the corresponding ciphertext number of the encryption factor to the black list prestored according to the encryption factor Group;
The authorized array of computing with encrypted functions is utilized according to the platform hardware ID and the ciphertext array;
The authorization array is recombinated, and the encryption factor is added to obtain in the specific bit of authorization array in the reassembled Authorization code.
6. authorization management method according to claim 1, which is characterized in that the embedded platform after restarting, The step of authorization code in the storage equipment is verified, including:
The embedded platform obtains the corresponding authorization code of platform hardware ID from the storage equipment after restarting;
The specific bit of the authorization code is read to obtain the encryption factor in the authorization code, and according to the encryption factor and institute It states platform hardware ID and is verified authorization code;
It is whether consistent with the authorization code to detect the verifying authorization code, if unanimously, decision verification passes through.
7. authorization management method according to claim 6, which is characterized in that described according to the encryption factor and described flat The step of platform hardware ID is verified authorization code, including:
Using the encryption factor as the ciphertext table in the static library file that search index stores to obtain the encryption factor pair The encryption array answered;
The platform hardware ID and the encryption array are encrypted for authorization to array using Encryption Algorithm;
The authorization array is recombinated, and the encryption factor is added to obtain in the specific bit of authorization array in the reassembled Verify authorization code.
8. a kind of authentication management system, which is characterized in that the authentication management system includes authorized client and awards with described Weigh the hardware client and embedded platform of client communication connection:
The embedded platform is used to receive the authorized order that the authorized client is sent, and is put down according to the authorized order Platform hardware ID, and the platform hardware ID is back to the authorized client;
Encrypted platform hardware ID is sent to described by the authorized client for encrypting to the platform hardware ID Hardware client;
The hardware client is calculated for encrypted platform hardware ID to be decrypted according to the platform hardware ID after decryption Authorized code, and the authorization code is encrypted to obtain ciphertext, the ciphertext is sent to the authorized client;
The authorization code is sent to described for being decrypted the ciphertext for authorization to code by the authorized client Embedded platform;
The embedded platform is used to be stored in the authorization code received in storage equipment;
The embedded platform is used for after restarting, is verified to the authorization code in the storage equipment, if verifying is logical It crosses, then static library file in the embedded platform works normally, if verifying does not pass through, the static state library file not work Make.
9. authentication management system according to claim 8, which is characterized in that the hardware client is also used to storage The authorization number of static library file in the embedded platform is updated, and store-updated authorization number.
10. authentication management system according to claim 8, which is characterized in that the hardware client is also used to detect institute Whether the authorization number for stating the static library file in embedded platform reaches preset upper limit value, if reaching the preset upper limit value, Then determine that authorization does not pass through, and terminates authorization flow.
CN201810510212.2A 2018-05-24 2018-05-24 Authorization management method and system Active CN108848064B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810510212.2A CN108848064B (en) 2018-05-24 2018-05-24 Authorization management method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810510212.2A CN108848064B (en) 2018-05-24 2018-05-24 Authorization management method and system

Publications (2)

Publication Number Publication Date
CN108848064A true CN108848064A (en) 2018-11-20
CN108848064B CN108848064B (en) 2020-12-29

Family

ID=64213467

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810510212.2A Active CN108848064B (en) 2018-05-24 2018-05-24 Authorization management method and system

Country Status (1)

Country Link
CN (1) CN108848064B (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110730177A (en) * 2019-10-18 2020-01-24 四川九州电子科技股份有限公司 Remote authorization system and method
CN110809270A (en) * 2019-09-23 2020-02-18 珠海格力电器股份有限公司 Application control method, system and readable medium
CN111104363A (en) * 2019-12-27 2020-05-05 浪潮(北京)电子信息产业有限公司 FPGA cloud platform using method, device, equipment and medium
CN111222104A (en) * 2019-12-31 2020-06-02 苏州思必驰信息科技有限公司 Method, device and system for authorizing embedded device by using hardware dongle
CN112446055A (en) * 2019-08-10 2021-03-05 丹东东方测控技术股份有限公司 Method for preventing embedded electronic circuit equipment from being copied
CN113329025A (en) * 2021-06-07 2021-08-31 中国电子科技集团公司第二十九研究所 Software authorization-based embedded symmetric encryption recorded data protection method and system
CN113515728A (en) * 2021-05-18 2021-10-19 北京飞利信电子技术有限公司 Internet of things platform software authorization control system and method based on multistage deployment
CN114546506A (en) * 2022-02-24 2022-05-27 科东(广州)软件科技有限公司 Authorization method, device, equipment and medium for embedded operating system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101577906A (en) * 2009-06-12 2009-11-11 大唐微电子技术有限公司 Smart card and terminal capable of realizing machine card security authentication
CN101583124A (en) * 2009-06-10 2009-11-18 大唐微电子技术有限公司 Authentication method and system of subscriber identity module and terminal
CN101931623A (en) * 2010-07-06 2010-12-29 华南理工大学 Safety communication method suitable for remote control with limited capability at controlled end
CN103955652A (en) * 2014-04-30 2014-07-30 武汉库百网络技术有限公司 File encryption method and device based on Andriod equipment authentication
US8817984B2 (en) * 2011-02-03 2014-08-26 mSignia, Inc. Cryptographic security functions based on anticipated changes in dynamic minutiae
CN104200143A (en) * 2014-09-04 2014-12-10 广东欧珀移动通信有限公司 Method and system for inputting password into intelligent mobile terminal rapidly through wearable device

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101583124A (en) * 2009-06-10 2009-11-18 大唐微电子技术有限公司 Authentication method and system of subscriber identity module and terminal
CN101577906A (en) * 2009-06-12 2009-11-11 大唐微电子技术有限公司 Smart card and terminal capable of realizing machine card security authentication
CN101931623A (en) * 2010-07-06 2010-12-29 华南理工大学 Safety communication method suitable for remote control with limited capability at controlled end
US8817984B2 (en) * 2011-02-03 2014-08-26 mSignia, Inc. Cryptographic security functions based on anticipated changes in dynamic minutiae
CN103955652A (en) * 2014-04-30 2014-07-30 武汉库百网络技术有限公司 File encryption method and device based on Andriod equipment authentication
CN104200143A (en) * 2014-09-04 2014-12-10 广东欧珀移动通信有限公司 Method and system for inputting password into intelligent mobile terminal rapidly through wearable device

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112446055A (en) * 2019-08-10 2021-03-05 丹东东方测控技术股份有限公司 Method for preventing embedded electronic circuit equipment from being copied
CN110809270A (en) * 2019-09-23 2020-02-18 珠海格力电器股份有限公司 Application control method, system and readable medium
CN110809270B (en) * 2019-09-23 2020-12-18 珠海格力电器股份有限公司 Application control method, system and readable medium
CN110730177A (en) * 2019-10-18 2020-01-24 四川九州电子科技股份有限公司 Remote authorization system and method
CN111104363A (en) * 2019-12-27 2020-05-05 浪潮(北京)电子信息产业有限公司 FPGA cloud platform using method, device, equipment and medium
CN111104363B (en) * 2019-12-27 2022-04-22 浪潮(北京)电子信息产业有限公司 FPGA cloud platform using method, device, equipment and medium
CN111222104A (en) * 2019-12-31 2020-06-02 苏州思必驰信息科技有限公司 Method, device and system for authorizing embedded device by using hardware dongle
CN113515728B (en) * 2021-05-18 2023-08-04 北京飞利信电子技术有限公司 Internet of things platform software authorization control system and method based on multistage deployment
CN113515728A (en) * 2021-05-18 2021-10-19 北京飞利信电子技术有限公司 Internet of things platform software authorization control system and method based on multistage deployment
CN113329025A (en) * 2021-06-07 2021-08-31 中国电子科技集团公司第二十九研究所 Software authorization-based embedded symmetric encryption recorded data protection method and system
CN113329025B (en) * 2021-06-07 2022-06-28 中国电子科技集团公司第二十九研究所 Recording data protection method and system based on software authorization embedded symmetric encryption
CN114546506B (en) * 2022-02-24 2022-12-02 科东(广州)软件科技有限公司 Authorization method, device, equipment and medium for embedded operating system
CN114546506A (en) * 2022-02-24 2022-05-27 科东(广州)软件科技有限公司 Authorization method, device, equipment and medium for embedded operating system

Also Published As

Publication number Publication date
CN108848064B (en) 2020-12-29

Similar Documents

Publication Publication Date Title
CN108848064A (en) authorization management method and system
CN1985466B (en) Method of delivering direct proof private keys in signed groups to devices using a distribution CD
CN110519260B (en) Information processing method and information processing device
JP5563067B2 (en) Method for authenticating access to secured chip by test equipment
US10256983B1 (en) Circuit that includes a physically unclonable function
CN101019368B (en) Method of delivering direct proof private keys to devices using a distribution CD
US20080216172A1 (en) Systems, methods, and apparatus for secure transactions in trusted systems
CN105450637A (en) Single sign-on method and device for multiple application systems
CN106101150B (en) The method and system of Encryption Algorithm
CN111160909B (en) Hidden static supervision system and method for blockchain supply chain transaction
CN103559454B (en) Data protection system and method
CN112422287B (en) Multi-level role authority control method and device based on cryptography
CN107196907A (en) A kind of guard method of Android SO files and device
CN109815747A (en) Offline auditing method, electronic device and readable storage medium storing program for executing based on block chain
CN107944234A (en) A kind of brush machine control method of Android device
CN115348107A (en) Internet of things equipment secure login method and device, computer equipment and storage medium
CN116232639B (en) Data transmission method, device, computer equipment and storage medium
CN106850609A (en) The method of calibration and device of a kind of file
CN107846421B (en) A kind of document management method and device
KR100897075B1 (en) Method of delivering direct proof private keys in signed groups to devices using a distribution cd
CN116827560B (en) Dynamic password authentication method and system based on asynchronous password
CN117938546B (en) Verification and data access method of electronic account
CN116647413B (en) Application login method, device, computer equipment and storage medium
CN109981612B (en) Method and system for preventing cipher machine equipment from being illegally copied and cipher machine equipment
Barker et al. SP 800-21 Second edition. Guideline for Implementing Cryptography in the Federal Government

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant