CN109255207A - A kind of application authentication system and authentication method - Google Patents
A kind of application authentication system and authentication method Download PDFInfo
- Publication number
- CN109255207A CN109255207A CN201710576472.5A CN201710576472A CN109255207A CN 109255207 A CN109255207 A CN 109255207A CN 201710576472 A CN201710576472 A CN 201710576472A CN 109255207 A CN109255207 A CN 109255207A
- Authority
- CN
- China
- Prior art keywords
- random number
- true random
- authentication
- key
- certification terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 90
- 238000012795 verification Methods 0.000 claims abstract description 5
- 230000008569 process Effects 0.000 claims description 66
- 238000004422 calculation algorithm Methods 0.000 claims description 24
- 230000006870 function Effects 0.000 claims description 21
- 238000003860 storage Methods 0.000 claims description 5
- 238000010586 diagram Methods 0.000 description 9
- 238000011161 development Methods 0.000 description 8
- 238000004590 computer program Methods 0.000 description 7
- 238000012545 processing Methods 0.000 description 7
- 238000007726 management method Methods 0.000 description 5
- 238000009826 distribution Methods 0.000 description 2
- 238000009434 installation Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000000903 blocking effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000000151 deposition Methods 0.000 description 1
- 238000005538 encapsulation Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/105—Arrangements for software license management or administration, e.g. for managing licenses at corporate level
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/107—License processing; Key processing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The present invention provides a kind of application authentication system and authentication method, Verification System includes certification terminal and application authentication module, and application authentication module includes the first true random number generation module for generating the first true random number;The first authentication key generation module of the first authentication key is generated according to the first true random number and from the second true random number that certification terminal obtains;The whether consistent identification submodule of the second authentication key for comparing the first authentication key and being obtained from certification terminal.Certification terminal includes: to generate second true random number the second true random number generation module;Module is identified to the certification number of application program being compared by access times with the preset times upper limit;The second authentication key generation module of the second authentication key is generated according to the first true random number and the second true random number.Technical solution provided by the invention ensure that the safety for the application program use scope that application developers provide and the controllability of access times.
Description
Technical field
The present invention relates to application authentications, and in particular to a kind of application authentication system and authentication method.
Background technique
COS is Chip Operating System, referred to as chip operating system.With the internal intelligence for having microprocessor
The appearance with safety chip can be blocked, so that the work of management this complexity of card itself is implemented as reality.The appearance of COS
The interaction of card and reader is not only significantly improved, use is safer, and makes smart card itself towards individual calculus
The direction of machine has strided forward major step.The major function of COS is to control smart card and extraneous information exchange, depositing in management card
Reservoir and the processing that various orders are completed inside card.
It loads and Native card is known as with the card of the native languages such as assembler language, C language exploitation COS, in Native card,
COS platform and application, which will not generally separate, develops.The same producer, not only carries out the exploitation of COS platform, but also that is applied open
Hair.The card for loading JavaCard platform is known as Java card, and Java card is the product that Java technology is combined with smart card techniques, is
A kind of novel smart card system.The characteristics such as the object-oriented of Java language, cross-platform and high security are introduced into intelligence by it
In capable of blocking.Java card introduce unified standard Application Programming Interface (Application Processing Interface,
API), Java card platform and application and development are separated.
Java card API is one of the important component of Java card running environment, it provide a set of unification for answering
With interfaces such as the programming interface of exploitation, including I/O interface, exception management, safety management, so that application and development and platform development can
To be kept completely separate.The API that standard can be used in application on Java card is programmed and debugs, and generation can download file (CAP text
Part).After card issuing, the application managements such as downloading, installation and the deletion that can be applied again.
After application is separated with platform development, any one is called the application of standard API exploitation that can be loaded into another family
On the Java card platform that identical version API is provided.In this way, the application of an application developers can provide in business associate
It is issued to the platform of another platform development quotient, to develop product cooperatively.In this process, the application of application developers
The Downloadable application program (CAP file) generated is provided to platform development quotient.In this way, application program just have it is stolen or
The risk of project and access times beyond commercial contract engagement.After the completion of project cooperation, platform development quotient can also continue to send out
The application program is exercised, in this way, there is very big risk for application provider.Therefore, it is necessary to find a method
Protect the use of application program.
Summary of the invention
In existing Java card Mode of Cooperative Exploitation, the possible needs of file (CAP file) of downloading of application developers are mentioned
Supply platform developer issues.In distribution process, there are CAP files arbitrarily to be used, and beyond contract engagement
The case where access times.In transmit process, it is also possible to there is a situation where the loss of CAP file or it is stolen, so that application
CAP file cannot get effective security protection.
The present invention prevents the generation of above-mentioned phenomenon using technological means, to guarantee the application program of application developers offer
The safety of (CAP file) use scope and the controllability of access times, and other people unrelated with project can be made to get
After the application program, cannot arbitrarily it use.
The present invention provides a kind of application authentication module, comprising:
First true random number generation module, for generating the first true random number;
First authentication key generation module, for truly random according to the first true random number and second from certification terminal acquisition
Number generates the first authentication key;
Identify submodule, for compare the first authentication key with from certification terminal obtain the second authentication key whether one
It causes, the function of application program allows to be called by external equipment if consistent;Otherwise do not allow to be called.
First authentication key generation module includes:
First process key generates submodule, fixed key for being stored according to application authentication module and from certification
The second true random number that terminal obtains generates the first process key;
First authentication key generates submodule, for generating the first certification according to the first true random number and the first process key
Key.
The application authentication module further include: for storing the memory module of fixed key.
The present invention provides a kind of certification terminal, comprising:
Second true random number generation module, for generating the second true random number;
It authenticates number and identifies module, for obtaining the first true random number from application authentication module, and to application program
Be compared by access times with the preset times upper limit, if passing through after adding 1 by access times without departing from the preset times upper limit
Second authentication key generation module generates the second authentication key;Otherwise the first true random number is retracted into application authentication module;
Second authentication key generation module, it is close for generating the second certification according to the first true random number and the second true random number
Key.
The second authentication key generation module includes:
Second process key generates submodule, for raw according to the fixed key of certification terminal storage and the second true random number
At the second process key;
Second authentication key generates submodule, for generating the second certification according to the first true random number and the second process key
Key.
The certification terminal further include:
Memory module, for store application program by access times and the preset times upper limit and fixed key.
The present invention provides a kind of application authentication system, comprising: application authentication module as described above and institute
The certification terminal stated.
The present invention provides a kind of application authentication method, comprising:
First true random number of generation is sent to certification terminal by application authentication module;
Certification terminal being compared with the preset times upper limit by access times to application program, if by access times
The preset times upper limit is less than after adding 1, then the certification terminal generates second true according to the first true random number and certification terminal
The second authentication key of generating random number is simultaneously sent to the application authentication module;Otherwise by first, very number retracts application at any time
Program authentication module;
The application authentication module is according to the first true random number and from the second authentication key that certification terminal obtains
The second true random number generate the first authentication key, and whether first authentication key and the second authentication key consistent,
The function of application program allows to be called by external equipment if consistent;Otherwise do not allow to be called.
The certification terminal generates the second certification according to the second true random number that the first true random number and certification terminal generate
Key includes:
The certification terminal generates the second true random number;
The fixed key and the encryption of the second true random number that the certification terminal stores it generate the second process key;
The certification terminal generates the second authentication key to the first true random number and the encryption of the second process key.
The application authentication module is according to the first true random number and from the second authentication key that certification terminal obtains
The second true random number generate the first authentication key include:
The fixed key that the application authentication module stores it and the second authentication key obtained from certification terminal
In the second true random number encryption generate the first process key;
The application authentication module generates the first authentication key to the first true random number and the encryption of the first process key.
The Encryption Algorithm for generating first process key is identical as the Encryption Algorithm for generating second process key;It is raw
It is identical as the Encryption Algorithm for generating second authentication key at the Encryption Algorithm of first authentication key.
The present invention provides a kind of application authentication module, comprising:
First true random number generation module, for generating the first true random number;
First authentication key authentication module, for verifying the decryption generation from the second authentication key that certification terminal obtains
The first true random number that first true random number, the second true random number and the first true random number generation module generate and from certification terminal
The consistency of the second true random number obtained, if consistent, the function permission of application program is called by external equipment;Otherwise not
Allow to be called.
First authentication key authentication module includes:
First authentication key verifies submodule, for generation to be decrypted to the second authentication key obtained from certification terminal
Second process key and the first true random number, and verify that first true random number and the first true random number generation module generate the
The consistency of one random number;
First process key verifies submodule, and the second process key for generating to the decryption of the second authentication key solves
The second random number is generated after close, and it is consistent with the second true random number from certification terminal acquisition to verify second true random number
Property;
Implementation sub-module, if the first authentication key verifying submodule and the first process key verifying submodule verify consistency
Pass through, then the function permission of application program is called by external equipment;Otherwise do not allow to be called.
The present invention provides a kind of Verification System, comprising: one of above-mentioned application authentication module and certification terminal.
The present invention provides a kind of authentication method, comprising:
First true random number of generation is sent to certification terminal by application authentication module;
Certification terminal being compared with the preset times upper limit by access times to application program, if by access times
The preset times upper limit is less than after adding 1, then the certification terminal generates second true according to the first true random number and certification terminal
The second authentication key of generating random number is simultaneously sent to the application authentication module;Otherwise by first, very number retracts application at any time
Program authentication module;
The application authentication module decrypts the first of generation according to from the second authentication key that certification terminal obtains
The first true random number and obtained from certification terminal that true random number, the second true random number and the first true random number generation module generate
The second true random number consistency, if consistent, the function permission of application program is called by external equipment;Otherwise do not allow
It is called.
Compared with the latest prior art, technical solution provided by the invention has the advantages that
Technical solution provided by the invention, application authentication terminal use certification number identification submodule identification certification time
Number ensure that the controllability of application program access times, and generates authentication key by Encryption Algorithm and ensure that application program uses
The safety of range;
Technical solution provided by the invention, application authentication module are calculated according to true random number and process key by encryption
Method, which generates authentication key, ensure that the safety of application program use scope, and after making irrelevant personnel get the application program
It cannot arbitrarily use;
Technical solution provided by the invention, application authentication system identify submodule identification certification time by certification number
Number ensure that the controllability of application program access times, and generates authentication key by Encryption Algorithm and reflect to authentication key
Surely it ensure that the safety of application program use scope;
Technical solution provided by the invention, application authentication method, which first carries out certification to certification number, ensure that using journey
The controllability of sequence access times, the case where avoiding the access times beyond contract engagement;It is kept away by the identification to authentication key
Exempt from the case where application program is stolen, ensure that the safety of application program use scope.
Detailed description of the invention
Fig. 1 is a kind of structural schematic diagram of application authentication module in the embodiment of the present invention;
Fig. 2 is a kind of structural schematic diagram for authenticating terminal in the embodiment of the present invention;
Fig. 3 is a kind of structural schematic diagram of application authentication system in the embodiment of the present invention;
Fig. 4 is a kind of flow chart of application authentication method in the embodiment of the present invention.
Specific embodiment
The present invention will be further described in detail with reference to the accompanying drawing:
In existing intelligent chip Mode of Cooperative Exploitation, application developers are downloaded application program and may be provided to
Platform development quotient issues.In distribution process, there are application programs arbitrarily to be used, and exceeds the use of contract engagement
The case where number.In transmit process, it is also possible to there is a situation where the loss of application program or be stolen, so that application call
Less than effective security protection.
Embodiment one
In order to solve the defect that can be arbitrarily used after application program downloading installation in the prior art, the present invention provides one
Kind application authentication module, the structure of the authentication module are as shown in Figure 1, comprising:
First true random number generation module, for generating the first true random number, this random number is generated as authentication key
Input parameter;
First authentication key generation module, for truly random according to the first true random number and second from certification terminal acquisition
Number generates the first authentication key;
Identify submodule, for compare the first authentication key with from certification terminal obtain the second authentication key whether one
It causes, the function of application program allows to be called by external equipment if consistent;Otherwise do not allow to be called.
Optionally, the first authentication key generation module can further comprise:
First process key generates submodule, fixed key for being stored according to application authentication module and from certification
The second true random number that terminal obtains generates the first process key, the key that this process key is generated as authentication key;
First authentication key generates submodule, for generating the first certification according to the first true random number and the first process key
Key.The algorithm for generating authentication key can be symmetry algorithm or asymmetric arithmetic.
The present invention also provides a kind of certification terminal, application program (CAP file) is had recorded in the certification terminal and is able to use
Upper limit number can not also be authenticated after CAP file is certified number more than this upper limit.The certification terminal is according to encapsulation
The difference of form can be smart card, module or USB KEY etc., and the structure of the certification terminal is as shown in Figure 2, comprising:
Second true random number generation module, for generating the second true random number;
It authenticates number and identifies module, for obtaining the first true random number from application authentication module, and to application program
Be compared by access times with the preset times upper limit, if passing through after adding 1 by access times without departing from the preset times upper limit
Second authentication key generation module generates the second authentication key;Otherwise the first true random number is retracted into application authentication module;
Second authentication key generation module, it is close for generating the second certification according to the first true random number and the second true random number
Key.
The certification terminal further include:
Memory module, for store application program by access times and the preset times upper limit and fixed key.
The second authentication key generation module includes:
Second process key generates submodule, for raw according to the fixed key of certification terminal storage and the second true random number
At the second process key;
Second authentication key generates submodule, for generating the second certification according to the first true random number and the second process key
Key.The algorithm for generating authentication key can be symmetry algorithm or asymmetric arithmetic.
As shown in figure 3, the present invention also provides a kind of Verification Systems, comprising: application authentication module as shown in Figure 1 and
Certification terminal as shown in Figure 2, the algorithm that the certification terminal generates authentication key is symmetry algorithm.
As shown in figure 4, the present invention provides a kind of authentication method, comprising:
Java card platform through safety certification after, by Java card apply application program download on platform, use it
Before, authentication command is sent to application authentication module;
First true random number of generation is added in authentication command by application authentication module is sent to certification terminal;
The certification terminal is carried out application program by access times and the preset times upper limit after receiving authentication command
Compare, if being less than the preset times upper limit after adding 1 by access times, the certification terminal is according to the first true random number and certification
The second true random number that terminal generates generates the second authentication key and is sent to the application authentication module;Otherwise by first
Very number retracts application authentication module at any time;
The application authentication module is according to the first true random number and from the second authentication key that certification terminal obtains
The second true random number generate the first authentication key, and whether first authentication key and the second authentication key consistent,
The function of application program can be called by external equipment if consistent;Otherwise it cannot be called.
The certification terminal generates the second certification according to the second true random number that the first true random number and certification terminal generate
Key includes:
The certification terminal generates the second true random number;
The fixed key and the encryption of the second true random number that the certification terminal stores it generate the second process key;
The certification terminal generates the second authentication key to the first true random number and the encryption of the second process key.
The application authentication module is according to the first true random number and from the second authentication key that certification terminal obtains
The second true random number generate the first authentication key include:
The fixed key that the application authentication module stores it and the second authentication key obtained from certification terminal
In the second true random number encryption generate the first process key;
The application authentication module generates the first authentication key to the first true random number and the encryption of the first process key.
The Encryption Algorithm for generating first process key is identical as the Encryption Algorithm for generating second process key;It is raw
It is identical as the Encryption Algorithm for generating second authentication key at the Encryption Algorithm of first authentication key.
The Encryption Algorithm uses symmetric encipherment algorithm.
Embodiment two
The present invention provides a kind of application authentication module, comprising:
First true random number generation module, for generating the first true random number;
First authentication key authentication module, for verifying the decryption generation from the second authentication key that certification terminal obtains
The first true random number that first true random number, the second true random number and the first true random number generation module generate and from certification terminal
The consistency of the second true random number obtained, if consistent, the function permission of application program is called by external equipment;Otherwise not
Allow to be called.
First authentication key generation module includes:
First authentication key verifies submodule, for generation to be decrypted to the second authentication key obtained from certification terminal
Second process key and the first true random number, and verify that first true random number and the first true random number generation module generate the
The consistency of one random number;
First process key verifies submodule, and the second process key for generating to the decryption of the second authentication key solves
The second random number is generated after close, and it is consistent with the second true random number from certification terminal acquisition to verify second true random number
Property;
Implementation sub-module, if the first authentication key verifying submodule and the first process key verifying submodule verify consistency
Pass through, then the function permission of application program is called by external equipment;Otherwise do not allow to be called.
The present invention provides a kind of Verification System, comprising: above-mentioned application authentication module and embodiment in the present embodiment
One of one certification terminal, the algorithm that the certification terminal generates authentication key is asymmetric arithmetic.
The present invention also provides a kind of authentication methods, comprising:
First true random number of generation is sent to certification terminal by application authentication module;
Certification terminal being compared with the preset times upper limit by access times to application program, if by access times
The preset times upper limit is less than after adding 1, then the certification terminal generates second true according to the first true random number and certification terminal
The second authentication key of generating random number is simultaneously sent to the application authentication module;Otherwise by first, very number retracts application at any time
Program authentication module;
The application authentication module decrypts the first of generation according to from the second authentication key that certification terminal obtains
The first true random number and obtained from certification terminal that true random number, the second true random number and the first true random number generation module generate
The second true random number consistency, if consistent, the function permission of application program is called by external equipment;Otherwise do not allow
It is called.
The certification terminal generates the second certification according to the second true random number that the first true random number and certification terminal generate
Key includes:
The certification terminal generates the second true random number;
The fixed key and the encryption of the second true random number that the certification terminal stores it generate the second process key;
The certification terminal generates the second authentication key to the first true random number and the encryption of the second process key.
The application authentication module decrypts the first of generation according to from the second authentication key that certification terminal obtains
The first true random number and obtained from certification terminal that true random number, the second true random number and the first true random number generation module generate
The second true random number consistency, comprising:
The application authentication module is decrypted the second authentication key obtained from certification terminal and generates the second mistake
Journey key and the first true random number, and it is random to verify first true random number and the first true random number generation module generate first
Several consistency;
The second process key that the application authentication module generates the decryption of the second authentication key is raw after being decrypted
At the second random number, and verify the consistency of second true random number with the second true random number obtained from certification terminal;If the
One authentication key verifying submodule and the first process key verifying submodule verifying consistency pass through, then the function of application program
Permission is called by external equipment;Otherwise do not allow to be called.
Encryption and decryption are all made of rivest, shamir, adelman in embodiment two.
Application authentication module proposed by the present invention, terminal, system and method prevent the generation of phenomenon here, to guarantee
Application developers provide application program use scope safety and access times controllability, and can make with project without
Close other people get the application program after, cannot arbitrarily use.
The inventive concept that those skilled in the art provide according to the present invention be easy to construct it is a kind of based on asymmetric plus
Application authentication module, certification terminal and the certification system being made of application authentication module and certification terminal of close algorithm
System.
It should be understood by those skilled in the art that, embodiments herein can provide as method, system or computer program
Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the application
Apply the form of example.Moreover, it wherein includes the computer of computer usable program code that the application, which can be used in one or more,
The computer program implemented in usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) produces
The form of product.
The application is referring to method, the process of equipment (system) and computer program product according to the embodiment of the present application
Figure and/or block diagram describe.It should be understood that every one stream in flowchart and/or the block diagram can be realized by computer program instructions
The combination of process and/or box in journey and/or box and flowchart and/or the block diagram.It can provide these computer programs
Instruct the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce
A raw machine, so that being generated by the instruction that computer or the processor of other programmable data processing devices execute for real
The device for the function of being specified in present one or more flows of the flowchart and/or one or more blocks of the block diagram.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates,
Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or
The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting
Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or
The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one
The step of function of being specified in a box or multiple boxes.
Finally it should be noted that: the above examples are only used to illustrate the technical scheme of the present invention rather than to its protection scope
Limitation, although the application is described in detail referring to above-described embodiment, those of ordinary skill in the art should
Understand: those skilled in the art read the specific embodiment of application can still be carried out after the application various changes, modification or
Person's equivalent replacement, but these changes, modification or equivalent replacement, are applying within pending claims.
Claims (16)
1. a kind of application authentication module characterized by comprising
First true random number generation module, for generating the first true random number;
First authentication key generation module, for raw according to the first true random number and the second true random number obtained from certification terminal
At the first authentication key;
Identify submodule, whether the second authentication key for comparing the first authentication key with obtaining from certification terminal is consistent, if
The permission of the consistent then function of application program is called by external equipment;Otherwise do not allow to be called.
2. application authentication module as described in claim 1, which is characterized in that the first authentication key generation module includes:
First process key generates submodule, fixed key for store according to application authentication module and from authenticating terminal
The second true random number obtained generates the first process key;
First authentication key generates submodule, close for generating the first certification according to the first true random number and the first process key
Key.
3. a kind of certification terminal characterized by comprising
Second true random number generation module, for generating the second true random number;
It authenticates number and identifies module, for obtaining the first true random number from application authentication module, and to the quilt of application program
Access times are compared with the preset times upper limit, if passing through second without departing from the preset times upper limit after adding 1 by access times
Authentication key generation module generates the second authentication key;Otherwise the first true random number is retracted into application authentication module;
Second authentication key generation module, for generating the second authentication key according to the first true random number and the second true random number.
4. certification terminal as claimed in claim 3, which is characterized in that the second authentication key generation module includes:
Second process key generates submodule, for generating the according to the fixed key and the second true random number of certification terminal storage
Two process keys;
Second authentication key generates submodule, close for generating the second certification according to the first true random number and the second process key
Key.
5. certification terminal as claimed in claim 4, which is characterized in that the certification terminal further include:
Memory module, for store application program by access times and the preset times upper limit and fixed key.
6. a kind of application authentication system characterized by comprising application authentication mould as claimed in claim 1 or 2
Block, and such as certification terminal as claimed in claim 3 to 5.
7. a kind of application authentication method characterized by comprising
First true random number of generation is sent to certification terminal by application authentication module;
Certification terminal being compared with the preset times upper limit by access times to application program, if adding 1 by access times
After be less than the preset times upper limit, then the certification terminal generates second truly random according to the first true random number and certification terminal
Number generates the second authentication key and is sent to the application authentication module;Otherwise by first, very number retracts application program at any time
Authentication module;
The application authentication module is according to the first true random number and from the in the second authentication key that certification terminal obtains
Two true random numbers generate the first authentication key, and whether first authentication key and the second authentication key are consistent, if one
The function permission of then application program is caused to be called by external equipment;Otherwise do not allow to be called.
8. authentication method as claimed in claim 7, which is characterized in that the certification terminal is according to the first true random number and certification
The second true random number that terminal generates generates the second authentication key
The certification terminal generates the second true random number;
The fixed key and the encryption of the second true random number that the certification terminal stores it generate the second process key;
The certification terminal generates the second authentication key to the first true random number and the encryption of the second process key.
9. authentication method as claimed in claim 8, which is characterized in that the application authentication module is truly random according to first
It counts and generates the first authentication key from the second true random number in the second authentication key that certification terminal obtains and include:
Fixed key that the application authentication module stores it and from the second authentication key that certification terminal obtains
The encryption of second true random number generates the first process key;
The application authentication module generates the first authentication key to the first true random number and the encryption of the first process key.
10. authentication method as claimed in claim 9, which is characterized in that generate the Encryption Algorithm of first process key with
The Encryption Algorithm for generating second process key is identical;It generates the Encryption Algorithm of first authentication key and generates described the
The Encryption Algorithm of two authentication keys is identical.
11. a kind of application authentication module characterized by comprising
First true random number generation module, for generating the first true random number;
First authentication key authentication module decrypts the first of generation from the second authentication key that certification terminal obtains for verifying
The first true random number and obtained from certification terminal that true random number, the second true random number and the first true random number generation module generate
The second true random number consistency, if consistent, the function permission of application program is called by external equipment;Otherwise do not allow
It is called.
12. application authentication module as claimed in claim 11, which is characterized in that the first authentication key authentication module packet
It includes:
First authentication key verifies submodule, for generation second to be decrypted to the second authentication key obtained from certification terminal
Process key and the first true random number, and verify that first true random number and the first true random number generation module generate first with
The consistency of machine number;
First process key verifies submodule, after the second process key for generating to the decryption of the second authentication key is decrypted
The second random number is generated, and verifies the consistency of second true random number with the second true random number obtained from certification terminal;
Implementation sub-module, if the first authentication key verifying submodule and the first process key verifying submodule verifying consistency are logical
It crosses, then the function permission of application program is called by external equipment;Otherwise do not allow to be called.
13. a kind of Verification System characterized by comprising the application authentication module as described in claim 11 or 12, with
And such as certification terminal as claimed in claim 3 to 5.
14. a kind of authentication method characterized by comprising
First true random number of generation is sent to certification terminal by application authentication module;
Certification terminal being compared with the preset times upper limit by access times to application program, if adding 1 by access times
After be less than the preset times upper limit, then the certification terminal generates second truly random according to the first true random number and certification terminal
Number generates the second authentication key and is sent to the application authentication module;Otherwise by first, very number retracts application program at any time
Authentication module;
The application authentication module according to decrypted from the second authentication key that certification terminal obtains the first of generation very with
The first true random number that machine number, the second true random number and the first true random number generation module generate and obtained from certification terminal the
The consistency of two true random numbers, if consistent, the function permission of application program is called by external equipment;Otherwise do not allow to be adjusted
With.
15. authentication method as claimed in claim 14, which is characterized in that the certification terminal is according to the first true random number and recognizes
The second true random number that card terminal generates generates the second authentication key
The certification terminal generates the second true random number;
The fixed key and the encryption of the second true random number that the certification terminal stores it generate the second process key;
The certification terminal generates the second authentication key to the first true random number and the encryption of the second process key.
16. authentication method as claimed in claim 14, which is characterized in that the application authentication module is according to whole from certification
The first true random number, the second true random number and the first true random number of decrypting generation in the second authentication key obtained is held to generate mould
The consistency of the first true random number and the second true random number obtained from certification terminal that block generates, comprising:
It is close that second process that generates is decrypted to the second authentication key obtained from certification terminal in the application authentication module
Key and the first true random number, and verify the first random number that first true random number and the first true random number generation module generate
Consistency;
The second process key that the application authentication module generates the decryption of the second authentication key generates the after being decrypted
Two random numbers, and verify the consistency of second true random number with the second true random number obtained from certification terminal;If first recognizes
Card key authentication submodule and the first process key verifying submodule verifying consistency pass through, then the function of application program allows
It is called by external equipment;Otherwise do not allow to be called.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710576472.5A CN109255207B (en) | 2017-07-14 | 2017-07-14 | Application program authentication system and authentication method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710576472.5A CN109255207B (en) | 2017-07-14 | 2017-07-14 | Application program authentication system and authentication method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109255207A true CN109255207A (en) | 2019-01-22 |
| CN109255207B CN109255207B (en) | 2022-07-01 |
Family
ID=65051873
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710576472.5A Active CN109255207B (en) | 2017-07-14 | 2017-07-14 | Application program authentication system and authentication method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109255207B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1768502A (en) * | 2002-06-19 | 2006-05-03 | 安全通信公司 | Inter-authentication method and device |
| CN101163010A (en) * | 2007-11-14 | 2008-04-16 | 华为软件技术有限公司 | Method of authenticating request message and related equipment |
| CN101256611A (en) * | 2008-04-03 | 2008-09-03 | 中兴通讯股份有限公司 | Method for implementing digital copyright management protection in Java application |
| CN101378320A (en) * | 2008-09-27 | 2009-03-04 | 北京数字太和科技有限责任公司 | Authentication method and system |
| US20140157374A1 (en) * | 2012-12-03 | 2014-06-05 | Felica Networks, Inc. | Communication terminal, communication method, program, and communication system |
| CN104732120A (en) * | 2015-04-08 | 2015-06-24 | 迈普通信技术股份有限公司 | FPGA property right protection method and system |
-
2017
- 2017-07-14 CN CN201710576472.5A patent/CN109255207B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1768502A (en) * | 2002-06-19 | 2006-05-03 | 安全通信公司 | Inter-authentication method and device |
| CN101163010A (en) * | 2007-11-14 | 2008-04-16 | 华为软件技术有限公司 | Method of authenticating request message and related equipment |
| CN101256611A (en) * | 2008-04-03 | 2008-09-03 | 中兴通讯股份有限公司 | Method for implementing digital copyright management protection in Java application |
| CN101378320A (en) * | 2008-09-27 | 2009-03-04 | 北京数字太和科技有限责任公司 | Authentication method and system |
| US20140157374A1 (en) * | 2012-12-03 | 2014-06-05 | Felica Networks, Inc. | Communication terminal, communication method, program, and communication system |
| CN104732120A (en) * | 2015-04-08 | 2015-06-24 | 迈普通信技术股份有限公司 | FPGA property right protection method and system |
Non-Patent Citations (1)
| Title |
|---|
| 李章兵等: "一种动态证书副本的软件版权保护模型研究", 《小型微型计算机系统》 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109255207B (en) | 2022-07-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR101518420B1 (en) | Apparatus and method for managing apk file in a android platform | |
| CN103164666B (en) | The method for protecting the storage arrangement and certification storage arrangement of secure data | |
| US20160203087A1 (en) | Method for providing security for common intermediate language-based program | |
| KR101391982B1 (en) | Encryption method for preventing decompile of andriod application | |
| CN106599629B (en) | Android application program reinforcing method and device | |
| CN104794388B (en) | application program access protection method and application program access protection device | |
| CN111680305A (en) | Data processing method, device and equipment based on block chain | |
| CN105408912A (en) | Process authentication and resource permissions | |
| CN109992987B (en) | Script file protection method and device based on Nginx and terminal equipment | |
| CN104657630A (en) | Integrated circuit provisioning using physical unclonable function | |
| Dmitrienko et al. | Secure free-floating car sharing for offline cars | |
| CN106503494A (en) | A kind of firmware protection location and guard method with flash memory microcontroller on piece | |
| CN105612715A (en) | Security processing unit with configurable access control | |
| CN109104724A (en) | A kind of data ciphering method and device for device upgrade | |
| CN106055931B (en) | Mobile terminal software safe component system and the cipher key system for the system | |
| CN109656750A (en) | For the guidance load based on PUF that data are restored on safe flashing device | |
| CN106133739A (en) | Data are to the safeguard protection of the loading in the nonvolatile memory of safety element | |
| CN107196907A (en) | A kind of guard method of Android SO files and device | |
| WO2023029447A1 (en) | Model protection method, device, apparatus, system and storage medium | |
| CN109086578A (en) | A kind of method that soft ware authorization uses, equipment and storage medium | |
| CN107111728A (en) | Safe key export function | |
| CN104506504A (en) | Security mechanism and security device for confidential information of card-free terminal | |
| CN106056017A (en) | Intelligent card COS encrypting and downloading system | |
| CN108898008A (en) | The operation method and device of application program | |
| CN104850764B (en) | A kind of method for protecting software and system based on smart card |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 100192 Beijing city Haidian District Qinghe small Camp Road No. 15 Applicant after: CHINA ELECTRIC POWER RESEARCH INSTITUTE Co.,Ltd. Applicant after: STATE GRID CORPORATION OF CHINA Address before: 100192 Beijing city Haidian District Qinghe small Camp Road No. 15 Applicant before: China Electric Power Research Institute Applicant before: State Grid Corporation of China |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20230627 Address after: 100192 Beijing city Haidian District Qinghe small Camp Road No. 15 Patentee after: CHINA ELECTRIC POWER RESEARCH INSTITUTE Co.,Ltd. Address before: 100192 Beijing city Haidian District Qinghe small Camp Road No. 15 Patentee before: CHINA ELECTRIC POWER RESEARCH INSTITUTE Co.,Ltd. Patentee before: STATE GRID CORPORATION OF CHINA |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20230913 Address after: 200131 Floor 4 and 5, Building 1, No. 251, Libing Road, No. 28, Faraday Road, Pudong New Area Free Trade Pilot Zone, Shanghai Patentee after: China Online Shanghai Energy Internet Research Institute Co.,Ltd. Address before: 100192 Beijing city Haidian District Qinghe small Camp Road No. 15 Patentee before: CHINA ELECTRIC POWER RESEARCH INSTITUTE Co.,Ltd. |
|
| TR01 | Transfer of patent right |