CN109543367B - Quantum encryption-based software authorization method and device and storage medium - Google Patents

Quantum encryption-based software authorization method and device and storage medium Download PDF

Info

Publication number
CN109543367B
CN109543367B CN201811352787.2A CN201811352787A CN109543367B CN 109543367 B CN109543367 B CN 109543367B CN 201811352787 A CN201811352787 A CN 201811352787A CN 109543367 B CN109543367 B CN 109543367B
Authority
CN
China
Prior art keywords
software
authorized
text file
quantum key
authorization
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811352787.2A
Other languages
Chinese (zh)
Other versions
CN109543367A (en
Inventor
鲍捷
韦国华
胡小鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Suzhou Keda Technology Co Ltd
Original Assignee
Suzhou Keda Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Suzhou Keda Technology Co Ltd filed Critical Suzhou Keda Technology Co Ltd
Priority to CN201811352787.2A priority Critical patent/CN109543367B/en
Publication of CN109543367A publication Critical patent/CN109543367A/en
Application granted granted Critical
Publication of CN109543367B publication Critical patent/CN109543367B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Storage Device Security (AREA)

Abstract

The application relates to a software authorization method, a device and a storage medium based on quantum encryption, belonging to the technical field of software protection, wherein the method comprises the following steps: acquiring a quantum key from a first quantum key machine when software to be authorized runs; reading an encrypted authorization text file of the software to be authorized, wherein the encrypted authorization text file is obtained by encrypting the authorization text file of the software to be authorized by using the quantum key obtained from the second quantum key machine by the server; after the encrypted authorization text file is read, decrypting the encrypted authorization text file by using the quantum key to obtain an authorization text file; authenticating and authorizing the software to be authorized by using the authorization text file; the problem that the change of a private key in the prior art causes the change of a software program, so that the complexity of software maintenance is high can be solved; the complexity of software maintenance is reduced, and the security of the authorized text file is improved.

Description

Quantum encryption-based software authorization method and device and storage medium
Technical Field
The application relates to a software authorization method, a device and a storage medium based on quantum encryption, belonging to the technical field of software protection.
Background
After a software developer develops a piece of software, a user needs to acquire an authorization file provided by the software developer before using the software, so that the software is prevented from being copied and stolen.
Currently, the software authorization methods include: the manufacturer encrypts the authorization text file by using a private key; and hashing the public key, and writing the hashed value into a program of the software. Correspondingly, the user acquires the public key when the terminal runs the software, hashes the public key, and compares the hashed result with the hashed value in the program; when the hashed result is consistent with the hashed value in the program, the public key is not tampered; decrypting the encrypted authorization text file by using the public key, and authenticating the software by using the authorization text file; and when the hashed result is inconsistent with the hashed value in the program, the public key is falsified, and the software stops running.
However, when a manufacturer needs to replace a private key, the corresponding public key is also replaced, and at this time, since the hash value of the public key needs to be written in the software program, the software program also needs to be changed accordingly, thereby increasing the complexity of software maintenance.
Disclosure of Invention
The application provides a software authorization method, a device and a storage medium based on quantum encryption, which can solve the problem that the change of a private key in the prior art causes the program change of software, thereby causing the higher complexity of software maintenance. The application provides the following technical scheme:
in a first aspect, a quantum encryption-based software authorization method is provided, and is used in a terminal, where the method includes:
acquiring a quantum key from a first quantum key machine when software to be authorized runs;
reading the encrypted authorization text file of the software to be authorized, wherein the encrypted authorization text file is obtained by encrypting the authorization text file of the software to be authorized by using the quantum key acquired from a second quantum key machine through a server;
after the encrypted authorization text file is read, decrypting the encrypted authorization text file by using the quantum key to obtain an authorization text file;
and authenticating and authorizing the software to be authorized by using the authorization text file.
Optionally, the obtaining a quantum key from a first quantum key engine when the software to be authorized runs includes:
acquiring the quantum key from the first quantum key machine based on a quantum key encryption network according to the software identifier of the software to be authorized;
the first quantum key machine stores the corresponding relationship between the software identifier and the quantum key, and the second quantum key machine also stores the corresponding relationship.
Optionally, the method further comprises:
and acquiring and installing the encrypted authorization text file in other acquisition modes different from the acquisition mode of the software to be authorized.
Optionally, the authenticating and authorizing the software to be authorized by using the authorization text file includes:
detecting whether the authentication information recorded in the authorization text file is consistent with the authentication information received by the terminal or not, wherein the authentication information is used for authenticating the identity of the user logging in the software to be authorized;
detecting whether the software to be authorized meets the operation requirement indicated by the authentication information recorded in the authorization text file, wherein the authentication information is used for authenticating the operation authority of the software to be authorized;
and when the authentication information recorded in the authorization text file is consistent with the authentication information received by the terminal and the software to be authorized meets the operation requirement indicated by the authentication information, determining that the software to be authorized passes the authentication and authorizing the software to be authorized.
In a second aspect, a quantum encryption-based software authorization method is provided, which is used in a server, and includes:
generating an authorization text file of software to be authorized;
obtaining a quantum key from a second quantum key machine;
encrypting the authorization text file by using the quantum key to obtain an encrypted authorization text file; the encrypted authorization text file is used for the terminal to obtain the quantum key from a first quantum key machine when the terminal runs the software to be authorized, and the terminal decrypts the quantum key; and using the decrypted authorization text file to authenticate and authorize the software to be authorized.
Optionally, the obtaining a quantum key from the second quantum key machine includes:
and acquiring the quantum key from the second quantum key machine based on a quantum key encryption network according to the software identifier of the software to be authorized, wherein the second quantum key machine generates the quantum key and then stores the corresponding relation between the software identifier and the quantum key.
In a third aspect, a quantum encryption-based software authorization apparatus is provided, which is used in a terminal, and includes:
the key acquisition module is used for acquiring a quantum key from a first quantum key machine when the software to be authorized runs;
the file reading module is used for reading the encrypted authorization text file of the software to be authorized, wherein the encrypted authorization text file is obtained by encrypting the authorization text file of the software to be authorized by using the quantum key acquired from the second quantum key machine through the server;
the file decryption module is used for decrypting the encrypted authorization text file by using the quantum key after the encrypted authorization text file is read, so that an authorization text file is obtained;
and the software authorization module is used for authenticating and authorizing the software to be authorized by using the authorization text file.
In a fourth aspect, a quantum encryption-based software authorization apparatus is provided, which is used in a server, and includes:
the file generation module is used for generating an authorization text file of software to be authorized;
the key obtaining module is used for obtaining the quantum key from the second quantum key machine;
the file encryption module is used for encrypting the authorization text file by using the quantum key to obtain an encrypted authorization text file; the encrypted authorization text file is used for the terminal to obtain the quantum key from a first quantum key machine when the terminal runs the software to be authorized, and the terminal decrypts the quantum key; and using the decrypted authorization text file to authenticate and authorize the software to be authorized.
In a fifth aspect, a quantum cryptography-based software authorization apparatus is provided, the apparatus comprising a processor and a memory; the memory stores a program, the program is loaded and executed by the processor to implement the quantum encryption-based software authorization method of the first aspect; or, implementing the software authorization method based on quantum cryptography according to the second aspect.
In a sixth aspect, there is provided a computer-readable storage medium, in which a program is stored, the program being loaded and executed by the processor to implement the quantum cryptography-based software authorization method of the first aspect; or, implementing the software authorization method based on quantum cryptography according to the second aspect.
The beneficial effect of this application lies in: encrypting the authorization text file by using the quantum key obtained from the second quantum key machine; decrypting the encrypted authorization text file by using the same quantum key acquired from the first quantum key machine, and authorizing the software to be authorized by using the authorization text; the problem that the change of a private key in the prior art causes the change of a software program, so that the complexity of software maintenance is high can be solved; the quantum key only needs to encrypt the authorization text file and does not need to be written into a software program, so that the identity of a user of the quantum key is not easy to be tampered, the probability that the quantum key received by the terminal is sent by the first quantum key machine is high, namely, a sender of the quantum key is safe, and at the moment, the quantum key only needs to encrypt the authorization text file and does not need to be written into the software program, so that the software program does not need to be changed when the quantum key is changed, and the complexity of software maintenance can be reduced.
In addition, the quantum key is obtained from the quantum key machine, and the quantum key distributed by the quantum key machine is difficult to copy, so that the security of encrypting/decrypting the authorization text file by using the quantum key is high; the problem that the authorization text file is easy to be distorted due to the fact that the public key is easy to be obtained by a third party when the private key is used for encrypting the authorization text file and the public key is used for decrypting the encrypted authorization text file can be solved; the security of the authorization text file can be improved.
The foregoing description is only an overview of the technical solutions of the present application, and in order to make the technical solutions of the present application more clear and clear, and to implement the technical solutions according to the content of the description, the following detailed description is made with reference to the preferred embodiments of the present application and the accompanying drawings.
Drawings
FIG. 1 is a schematic structural diagram of a software authorization system based on quantum cryptography according to an embodiment of the present application;
FIG. 2 is a flow chart of a quantum encryption based software authorization method provided by an embodiment of the present application;
FIG. 3 is a flowchart of a server generating an encrypted authorization text file according to an embodiment of the present application;
FIG. 4 is a flowchart illustrating a process of authenticating software to be authorized by a terminal using an authorization text file according to an embodiment of the present application;
FIG. 5 is a block diagram of a quantum cryptography-based software authorization apparatus provided by an embodiment of the present application;
FIG. 6 is a block diagram of a quantum cryptography-based software authorization apparatus provided by an embodiment of the present application;
fig. 7 is a block diagram of a quantum encryption-based software authorization apparatus according to an embodiment of the present application.
Detailed Description
The following detailed description of embodiments of the present application will be described in conjunction with the accompanying drawings and examples. The following examples are intended to illustrate the present application but are not intended to limit the scope of the present application.
First, several terms referred to in the present application will be described.
Quantum key technology: the method is a product combining cryptography and quantum mechanics, and can realize the safe classical communication in a point-to-point mode. The 'Heisenberg inaccuracy principle' is a basic principle of quantum mechanics, and means that the position and momentum of a quantum can not be measured at the same time with the same precision, and only one of the position and the momentum can be measured accurately. Based on the principle of inaccurate measurement, the quantum key is difficult to copy in the transmission process, and even if the copy result obtained by forced copying is not matched with the identity information of the user.
Fig. 1 is a schematic structural diagram of a quantum encryption-based software authorization system according to an embodiment of the present application, and as shown in fig. 1, the system at least includes: a terminal 110, a first quantum key engine 120 communicatively coupled to the terminal 110, a server 130, and a second quantum key engine 140 communicatively coupled to the server 130.
The terminal 110 is provided with software to be authorized, and the software to be authorized can be downloaded from an application store by the terminal 110; or the software to be authorized in the terminal 110 may be installed by default when the terminal 110 leaves the factory, and certainly, the obtaining manner of the software to be authorized in the terminal 110 may also be other manners, which is not limited in this embodiment. Optionally, the terminal 110 may be a video conference terminal, a mobile phone, a computer, a wearable device, a tablet computer, or other devices having a function of communicating with a quantum key machine, and the present embodiment does not limit the device type of the terminal 110. Optionally, the type of the software to be authorized may be video conference software, social software, electronic transaction software, and the like, and the type of the software to be authorized is not limited in this embodiment.
The first quantum key machine 120 may communicate with the terminal 110 based on optical signals; alternatively, the terminal 110 may communicate with the terminal 110 based on the quantum key encryption network, or may communicate with the terminal 110 based on another communication method with higher security than the public network, and the communication method between the first quantum key machine 120 and the terminal 110 is not limited in this embodiment. The first quantum key machine 120 is used to distribute quantum keys to the terminals 110.
The server 130 is used to provide the terminal 110 with an authentication service of software to be authorized. Alternatively, the server 130 may be constituted by a separate server host; alternatively, a plurality of server hosts may be used, and the configuration of the server 130 is not limited in this embodiment. The server 130 is configured to generate an authorization text file and encrypt the authorization text file. The authorization text file is used for authenticating software to be authorized.
The second quantum key engine 140 may communicate with the server 130 based on optical signals; alternatively, the communication with the server 130 is based on the quantum key encryption network, but may be based on another communication method with higher security than the public network to communicate with the server 130, and the communication method between the second quantum key machine 140 and the server 130 is not limited in this embodiment. The second quantum key engine 140 is used to distribute quantum keys to the server 130.
Alternatively, the second quantum key engine 140 may be the same device as the first quantum key engine 120; alternatively, the second quantum key engine 140 may be a different device than the first quantum key engine 120. When the second quantum key machine 140 may also be a different device from the first quantum key machine 120, for the same software to be authorized, the quantum key distributed by the first quantum key machine 120 to the terminal 110 is the same as the quantum key distributed by the second quantum key machine 140 to the server 130. When the quantum key distributed by the first quantum key machine 120 to the terminal 110 is different from the quantum key distributed by the second quantum key machine 140 to the server 130, the first quantum key machine 120 needs to negotiate with the second quantum key machine 140 to use the same quantum key.
Illustratively, in this embodiment, the server 130 obtains an authorization text file of the software to be authorized; obtaining a quantum key from the second quantum key engine 140; and encrypting the authorization text file by using the quantum key to obtain the encrypted authorization text file. Correspondingly, the terminal 110 is configured to obtain a quantum key from the first quantum key machine 110 when the software to be authorized runs; reading an encrypted authorization text file of software to be authorized; after the encrypted authorization text file is read, decrypting the encrypted authorization text file by using the quantum key to obtain an authorization text file; and authenticating the software to be authorized by using the authorization text file.
Optionally, the authorization text file includes authentication information and/or authentication information. The authentication information is used to authenticate the identity of the user who logs in the software to be authorized, such as: the authentication information comprises a user identifier, a terminal identifier and the like; the authentication information is used to authenticate the operation authority of the software to be authorized, such as: the authentication information comprises a validity period, the maximum calling number of the video conference software, the maximum code rate of the video conference software for holding a conference, the number of codecs required by the video conference software, and/or the protocol type.
In this embodiment, since the quantum key is obtained from the quantum key engine, and the quantum key distributed by the quantum key engine is difficult to copy, the security of encrypting/decrypting the authorization text file using the quantum key is high. In addition, the identity of a user of the quantum key is not easy to be tampered, at this time, the probability that the quantum key received by the terminal is sent by the first quantum key machine is high, namely, the sender of the quantum key is safe, at this time, the quantum key only needs to encrypt the authorization text file, and does not need to be written into a software program, so that the software program does not need to be changed when the quantum key is changed, and the complexity of software maintenance can be reduced.
It should be added that, in this embodiment, only one terminal 110 is taken as an example for description, and in actual implementation, the number of terminals 110 may be multiple, which is not limited in this embodiment.
Fig. 2 is a flowchart of a quantum encryption-based software authorization method according to an embodiment of the present application, and this embodiment illustrates an example in which the method is applied to the quantum encryption-based software authorization system 110 shown in fig. 1. The method at least comprises the following steps:
step 201, the server generates an authorization text file of the software to be authorized.
Optionally, the server writes the authentication information and the authentication information into a preset text file to obtain an authorized text file.
The authentication information is used to authenticate the identity of the user who logs in the software to be authorized, such as: the authentication information includes a user identification and/or a terminal identification, etc. The user identification can be a user account for logging in the software to be authorized; the terminal identifier may be a Media Access Control Address (MAC Address), a unique code of a Central Processing Unit (CPU), a unique code of a chip in the terminal, or the like, and may be one or more terminal identifiers.
The authentication information is used to authenticate the operation authority of the software to be authorized, such as: the authentication information comprises a validity period, the maximum calling number of the video conference software, the maximum code rate of the video conference software for holding a conference, the number of codecs required by the video conference software, a protocol type, authority information and the like. The expiration date refers to the expiration date of use of the software to be authorized; the maximum calling number refers to the maximum number of access terminals allowed in a conference when a multipoint conference is started by using video conference software; the maximum code rate for holding a conference refers to the maximum bandwidth allowed to be accessed when video conference software is used for carrying out the video conference; the number of the codecs refers to the maximum number of the audio and video encoders used after the video conference software is used for starting the conference; the protocol type refers to a protocol used by software to be authorized; the authority information is used to indicate the function of the software to be authorized that the user is allowed to use. Such as: the conference initiator is allowed to use the function of turning off all conference participation speaking functions, which the conference participants cannot use.
In step 202, the server obtains the quantum key from the second quantum key machine.
Optionally, the server obtains the quantum key from the second quantum key machine according to the software identifier of the software to be authorized based on the quantum key encryption network. And the second quantum key machine generates a quantum key and then stores the corresponding relation between the software identification and the quantum key. Software identification includes but is not limited to: at least one of a software name, a version number, and a developer name of the software to be authorized. Of course, the second quantum key machine may also establish a corresponding relationship between the software identifier, the user identifier, and the quantum key, or establish a corresponding relationship between the software identifier, the user identifier, the terminal identifier, and the quantum key, and this embodiment does not limit the establishment manner of the corresponding relationship.
And step 203, the server encrypts the authorization text file by using the quantum key to obtain the encrypted authorization text file.
The encrypted authorization text file is used for the terminal to obtain the quantum key from the first quantum key machine when the terminal runs the software to be authorized, and the terminal decrypts the quantum key by using the quantum key; and authenticating the software to be authorized by using the decrypted authorization text file.
Alternatively, the server may be based on an Advanced Encryption Standard algorithm (Advanced Encryption Standard,
AES) encrypts the authorization text file using a quantum key, such as: AES-128 algorithm, etc., of course, the server may also encrypt the authorization text file using the quantum key based on other encryption algorithms, and this embodiment does not limit the encryption algorithm.
Illustratively, referring to the flow chart of the server generating the encrypted authorization text file shown in fig. 3, the flow at least includes steps 31-35:
step 31, inputting authentication information;
step 32, inputting authentication information of software to be authorized;
alternatively, step 32 may be performed after step 31; alternatively, it may be performed before step 31; alternatively, the step 31 may be executed simultaneously, and the execution sequence between the step 31 and the step 32 is not limited in this embodiment.
Step 33, writing the authentication information and the authentication information into a preset text file to obtain an authorized text file;
step 34, connecting a second quantum key machine, and obtaining a quantum key from the second quantum key machine;
and step 35, encrypting the authorization text file by using the quantum key to obtain the encrypted authorization text file.
And step 204, the terminal acquires the encrypted authorization text file generated by the server.
Optionally, the terminal acquires and installs the encrypted authorization text file in another acquisition mode different from that of the software to be authorized. Such as: the method for acquiring the software to be authorized by the terminal comprises the following steps: the method for downloading the software to be authorized from the application store includes, but is not limited to, mail downloading, copying from a removable memory card, web page downloading, and the like, where the method for acquiring the encrypted authorization text file by the terminal is not limited to other acquisition methods.
In step 205, the terminal obtains the quantum key from the first quantum key machine when the software to be authorized runs.
Optionally, when the terminal starts software to be authorized, connecting a first quantum key machine; accordingly, the first quantum key may assign a corresponding quantum key to the terminal. The quantum key distributed to the terminal by the first quantum key machine is the same as the quantum key distributed to the server by the second quantum key machine.
Optionally, the terminal acquires the quantum key from the first quantum key machine based on the quantum key encryption network according to the software identifier of the software to be authorized; the first quantum key machine stores a corresponding relationship between the software identifier and the quantum key, and the second quantum key machine also stores a corresponding relationship, and the related description of the corresponding relationship refers to step 202, which is not described herein again.
And step 206, the terminal reads the encrypted authorization text file of the software to be authorized.
The encrypted authorization text file is obtained by encrypting the authorization text file of the software to be authorized by using the quantum key obtained from the second quantum key machine by the server.
Optionally, after the terminal reads the encrypted authorization text file, step 207 is executed; if the encrypted authorization text file does not exist in the terminal or the encrypted authorization text file is tampered, the terminal fails to read the encrypted authorization text file, at this moment, the terminal stops running the software to be authorized, and the process is ended.
And step 207, after reading the encrypted authorization text file, the terminal decrypts the encrypted authorization text file by using the quantum key to obtain the authorization text file.
Optionally, the terminal decrypts the encrypted authorization text file by using the quantum key based on a decryption algorithm corresponding to the encryption algorithm, for example: decryption is based on AES using a quantum key.
And step 208, authenticating and authorizing the software to be authorized by using the authorization text file.
Optionally, the terminal detects whether the authentication information recorded in the authorization text file is consistent with the authentication information received by the terminal; detecting whether the software to be authorized meets the operation requirement indicated by the authentication information recorded in the authorization text file, wherein the authentication information is used for authenticating the operation authority of the software to be authorized; and when the authentication information recorded in the authorization text file is consistent with the authentication information received by the terminal and the software to be authorized meets the operation requirement indicated by the authentication information, determining that the software to be authorized passes the authentication and authorizing the software to be authorized.
Optionally, the authentication information of the authorization text file further includes authority information, and the terminal authorizes the software to be authorized by using the authority information in the authorization text file. Wherein the authority information is used for indicating the functions of the software to be authorized, which are allowed to be used by the user.
Optionally, when the authentication information recorded in the authorization text file is inconsistent with the authentication information received by the terminal, or the software to be authorized does not meet the operation requirement indicated by the authentication information, it is determined that the authentication of the software to be authorized fails, the terminal stops operating the software to be authorized, and the process is ended.
The authentication information received by the terminal includes but is not limited to at least one of the following: the terminal receives user identification input by a user through a man-machine interaction interface, such as: the terminal receives a user account on a login interface of software to be authorized; the terminal identifier sent by the process for reading the terminal identifier in the operating system received by the terminal, for example: and the terminal receives the MAC address sent by the process for reading the MAC address in the operating system.
Optionally, the terminal may authenticate the software to be authorized by using one information in one authorization text file after decrypting the information; or after all the information in the authorization text file is decrypted, all the decrypted information is used to authenticate the software to be authorized, and the embodiment does not limit the way in which the terminal uses the authorization text file to authenticate the software to be authorized.
Schematically, referring to the flowchart of the terminal shown in fig. 4 for authenticating the software to be authorized by using the authorization text file, the process at least includes steps 41-45:
step 41, detecting whether the terminal identification of the user is consistent with the terminal identification in the authorized text file; when the terminal identifier of the terminal is consistent with the terminal identifier in the authorization text file, executing step 42; when the terminal identifier of the terminal is not consistent with the terminal identifier in the authorized text file, executing step 45;
step 42, detecting whether the user identification input by the user is consistent with the user identification in the authorization text file; when the user id input by the user is consistent with the user id in the authorization text file, step 43 is executed; if the user id input by the user is not consistent with the user id in the authorization text file, execute step 45;
step 43, detecting whether the software to be authorized meets the operation requirement indicated by the authentication information recorded in the authorization text file; when the software to be authorized meets the operation requirement indicated by the authentication information recorded in the authorization text file, executing step 44; when the software to be authorized does not meet the operation requirement indicated by the authentication information recorded in the authorization text file, executing step 45;
and 44, reading the authority information in the authorization text file, authorizing the software to be authorized by using the authority information, and ending the process.
And step 45, stopping running the software to be authorized, and ending the process.
In summary, in the software authorization method based on quantum encryption provided by this embodiment, the authorization text file is encrypted by using the quantum key obtained from the second quantum key machine; decrypting the encrypted authorization text file by using the same quantum key acquired from the first quantum key machine, and authorizing the software to be authorized by using the authorization text; the problem that the change of a private key in the prior art causes the change of a software program, so that the complexity of software maintenance is high can be solved; the quantum key only needs to encrypt the authorization text file and does not need to be written into a software program, so that the identity of a user of the quantum key is not easy to be tampered, the probability that the quantum key received by the terminal is sent by the first quantum key machine is high, namely, a sender of the quantum key is safe, and at the moment, the quantum key only needs to encrypt the authorization text file and does not need to be written into the software program, so that the software program does not need to be changed when the quantum key is changed, and the complexity of software maintenance can be reduced.
In addition, the quantum key is obtained from the quantum key machine, and the quantum key distributed by the quantum key machine is difficult to copy, so that the security of encrypting/decrypting the authorization text file by using the quantum key is high; the problem that the authorization text file is easy to be distorted due to the fact that the public key is easy to be obtained by a third party when the private key is used for encrypting the authorization text file and the public key is used for decrypting the encrypted authorization text file can be solved; the security of the authorization text file can be improved.
In addition, the terminal acquires and installs the encrypted authorization text file in other acquisition modes different from the acquisition mode of the software to be authorized, so that the problem that the software to be authorized and the encrypted authorization text file are acquired in the same mode and the encrypted authorization text file is easy to be intercepted by a third party can be solved; the difficulty of intercepting the encrypted authorization text file by a third party can be improved, and the safety of the authorization text file is improved.
Fig. 5 is a block diagram of a quantum-encryption-based software authorization apparatus according to an embodiment of the present application, and this embodiment is described by taking an example in which the apparatus is applied to the terminal 110 in the quantum-encryption-based software authorization system shown in fig. 1. The device at least comprises the following modules: a key acquisition module 510, a file reading module 520, a file decryption module 530, and a software authorization module 540.
A key obtaining module 510, configured to obtain a quantum key from a first quantum key machine when software to be authorized runs;
a file reading module 520, configured to read an encrypted authorization text file of the software to be authorized, where the encrypted authorization text file is obtained by encrypting, by a server, the authorization text file of the software to be authorized by using the quantum key obtained from a second quantum key machine;
the file decryption module 530 is configured to decrypt the encrypted authorization text file by using the quantum key after the encrypted authorization text file is read, so as to obtain an authorization text file;
and the software authorization module 540 is configured to authenticate and authorize the software to be authorized by using the authorization text file.
For relevant details reference is made to the above-described method embodiments.
Fig. 6 is a block diagram of a quantum-encryption-based software authorization apparatus according to an embodiment of the present application, and this embodiment is described by taking an example in which the apparatus is applied to the server 130 in the quantum-encryption-based software authorization system shown in fig. 1. The device at least comprises the following modules: a file generation module 610, a key acquisition module 620, and a file encryption module 630.
The file generating module 610 is used for generating an authorization text file of software to be authorized;
a key obtaining module 620, configured to obtain a quantum key from a second quantum key machine;
the file encryption module 630 is configured to encrypt the authorization text file by using the quantum key to obtain an encrypted authorization text file; the encrypted authorization text file is used for the terminal to obtain the quantum key from a first quantum key machine when the terminal runs the software to be authorized, and the terminal decrypts the quantum key; and using the decrypted authorization text file to authenticate and authorize the software to be authorized.
For relevant details reference is made to the above-described method embodiments.
It should be noted that: in the software authorization apparatus based on quantum cryptography provided in the above embodiments, when performing software authorization based on quantum cryptography, only the division of the above functional modules is illustrated, and in practical applications, the above functions may be distributed by different functional modules as needed, that is, the internal structure of the software authorization apparatus based on quantum cryptography is divided into different functional modules to complete all or part of the above described functions. In addition, the quantum encryption-based software authorization apparatus provided by the above embodiment and the quantum encryption-based software authorization method embodiment belong to the same concept, and specific implementation processes thereof are detailed in the method embodiment and are not described herein again.
Fig. 7 is a block diagram of a quantum encryption-based software authorization apparatus according to an embodiment of the present application, where the apparatus may be the terminal 110 or the server 130 in fig. 1. The apparatus includes at least a processor 701 and a memory 702.
Processor 701 may include one or more processing cores, such as: 4 core processors, 7 core processors, etc. The processor 701 may be implemented in at least one hardware form of a DSP (Digital Signal Processing), an FPGA (Field-Programmable Gate Array), and a PLA (Programmable Logic Array). The processor 701 may also include a main processor and a coprocessor, where the main processor is a processor for Processing data in an awake state, and is also called a Central Processing Unit (CPU); a coprocessor is a low power processor for processing data in a standby state. In some embodiments, the processor 701 may be integrated with a GPU (Graphics Processing Unit), which is responsible for rendering and drawing the content required to be displayed on the display screen. In some embodiments, the processor 701 may further include an AI (Artificial Intelligence) processor for processing computing operations related to machine learning.
Memory 702 may include one or more computer-readable storage media, which may be non-transitory. Memory 702 may also include high-speed random access memory, as well as non-volatile memory, such as one or more magnetic disk storage devices, flash memory storage devices. In some embodiments, a non-transitory computer readable storage medium in memory 702 is used to store at least one instruction for execution by processor 701 to implement the quantum encryption based software authorization methods provided by method embodiments herein.
In some embodiments, the quantum encryption based software authorization apparatus further optionally includes: a peripheral interface and at least one peripheral. The processor 701, memory 702, and peripheral interface may be connected by bus or signal lines. Each peripheral may be connected to the peripheral interface via a bus, signal line, or circuit board. Illustratively, peripheral devices include, but are not limited to: radio frequency circuit, touch display screen, audio circuit, power supply, etc.
Of course, the software authorization apparatus based on quantum cryptography may also include fewer or more components, which is not limited in this embodiment.
Optionally, the present application further provides a computer-readable storage medium, in which a program is stored, and the program is loaded and executed by a processor to implement the quantum encryption-based software authorization method of the above method embodiment.
Optionally, the present application further provides a computer product, which includes a computer-readable storage medium, in which a program is stored, and the program is loaded and executed by a processor to implement the quantum encryption-based software authorization method of the foregoing method embodiment.
The technical features of the embodiments described above may be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the embodiments described above are not described, but should be considered as being within the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.

Claims (9)

1. A software authorization method based on quantum encryption is characterized in that the method is used in a terminal and comprises the following steps:
acquiring a quantum key from a first quantum key machine when software to be authorized runs;
reading the encrypted authorization text file of the software to be authorized, wherein the encrypted authorization text file is obtained by encrypting the authorization text file of the software to be authorized by using the quantum key acquired from a second quantum key machine through a server;
after the encrypted authorization text file is read, decrypting the encrypted authorization text file by using the quantum key to obtain an authorization text file;
using the authorization text file to authenticate and authorize the software to be authorized;
the authentication and authorization of the software to be authorized by using the authorization text file comprises the following steps:
detecting whether the authentication information recorded in the authorization text file is consistent with the authentication information received by the terminal or not, wherein the authentication information is used for authenticating the identity of the user logging in the software to be authorized;
detecting whether the software to be authorized meets the operation requirement indicated by the authentication information recorded in the authorization text file, wherein the authentication information is used for authenticating the operation authority of the software to be authorized;
and when the authentication information recorded in the authorization text file is consistent with the authentication information received by the terminal and the software to be authorized meets the operation requirement indicated by the authentication information, determining that the software to be authorized passes the authentication and authorizing the software to be authorized.
2. The method of claim 1, wherein obtaining the quantum key from the first quantum key engine when the software to be authorized is running comprises:
acquiring the quantum key from the first quantum key machine based on a quantum key encryption network according to the software identifier of the software to be authorized;
the first quantum key machine stores the corresponding relationship between the software identifier and the quantum key, and the second quantum key machine also stores the corresponding relationship.
3. The method of claim 1, further comprising:
and acquiring and installing the encrypted authorization text file in other acquisition modes different from the acquisition mode of the software to be authorized.
4. A software authorization method based on quantum cryptography is characterized in that the method is used in a server and comprises the following steps:
generating an authorization text file of software to be authorized;
obtaining a quantum key from a second quantum key machine;
encrypting the authorization text file by using the quantum key to obtain an encrypted authorization text file; the encrypted authorization text file is used for the terminal to obtain the quantum key from a first quantum key machine when the terminal runs the software to be authorized, and the terminal decrypts the quantum key; and using the decrypted authorization text file to authenticate and authorize the software to be authorized; the terminal authenticates and authorizes the software to be authorized by using the authorization text file, and the method comprises the following steps: detecting whether the authentication information recorded in the authorization text file is consistent with the authentication information received by the terminal or not, wherein the authentication information is used for authenticating the identity of the user logging in the software to be authorized; detecting whether the software to be authorized meets the operation requirement indicated by the authentication information recorded in the authorization text file, wherein the authentication information is used for authenticating the operation authority of the software to be authorized; and when the authentication information recorded in the authorization text file is consistent with the authentication information received by the terminal and the software to be authorized meets the operation requirement indicated by the authentication information, determining that the software to be authorized passes the authentication and authorizing the software to be authorized.
5. The method of claim 4, wherein obtaining the quantum key from the second quantum key engine comprises:
and acquiring the quantum key from the second quantum key machine based on a quantum key encryption network according to the software identifier of the software to be authorized, wherein the second quantum key machine generates the quantum key and then stores the corresponding relation between the software identifier and the quantum key.
6. A software authorization device based on quantum cryptography, which is used in a terminal, the device comprising:
the key acquisition module is used for acquiring a quantum key from a first quantum key machine when the software to be authorized runs;
the file reading module is used for reading the encrypted authorization text file of the software to be authorized, wherein the encrypted authorization text file is obtained by encrypting the authorization text file of the software to be authorized by using the quantum key acquired from the second quantum key machine through the server;
the file decryption module is used for decrypting the encrypted authorization text file by using the quantum key after the encrypted authorization text file is read, so that an authorization text file is obtained;
the software authorization module is used for authenticating and authorizing the software to be authorized by using the authorization text file;
the software authorization module is configured to:
detecting whether the authentication information recorded in the authorization text file is consistent with the authentication information received by the terminal or not, wherein the authentication information is used for authenticating the identity of the user logging in the software to be authorized;
detecting whether the software to be authorized meets the operation requirement indicated by the authentication information recorded in the authorization text file, wherein the authentication information is used for authenticating the operation authority of the software to be authorized;
and when the authentication information recorded in the authorization text file is consistent with the authentication information received by the terminal and the software to be authorized meets the operation requirement indicated by the authentication information, determining that the software to be authorized passes the authentication and authorizing the software to be authorized.
7. A software authorization device based on quantum cryptography, which is used in a server, the device comprising:
the file generation module is used for generating an authorization text file of software to be authorized;
the key obtaining module is used for obtaining the quantum key from the second quantum key machine;
the file encryption module is used for encrypting the authorization text file by using the quantum key to obtain an encrypted authorization text file; the encrypted authorization text file is used for the terminal to obtain the quantum key from a first quantum key machine when the terminal runs the software to be authorized, and the terminal decrypts the quantum key; and using the decrypted authorization text file to authenticate and authorize the software to be authorized; the terminal authenticates and authorizes the software to be authorized by using the authorization text file, and the method comprises the following steps: detecting whether the authentication information recorded in the authorization text file is consistent with the authentication information received by the terminal or not, wherein the authentication information is used for authenticating the identity of the user logging in the software to be authorized; detecting whether the software to be authorized meets the operation requirement indicated by the authentication information recorded in the authorization text file, wherein the authentication information is used for authenticating the operation authority of the software to be authorized; and when the authentication information recorded in the authorization text file is consistent with the authentication information received by the terminal and the software to be authorized meets the operation requirement indicated by the authentication information, determining that the software to be authorized passes the authentication and authorizing the software to be authorized.
8. A quantum cryptography-based software authorization apparatus, characterized in that the apparatus comprises a processor and a memory; the memory stores a program which is loaded and executed by the processor to implement the quantum cryptography-based software authorization method according to any one of claims 1 to 3; or, implementing the quantum cryptography-based software authorization method as claimed in claim 4 or 5.
9. A computer-readable storage medium, characterized in that the storage medium has stored therein a program for implementing the quantum cryptography-based software authorization method according to any one of claims 1 to 3 when executed by a processor; or, implementing the quantum cryptography-based software authorization method as claimed in claim 4 or 5.
CN201811352787.2A 2018-11-14 2018-11-14 Quantum encryption-based software authorization method and device and storage medium Active CN109543367B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811352787.2A CN109543367B (en) 2018-11-14 2018-11-14 Quantum encryption-based software authorization method and device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811352787.2A CN109543367B (en) 2018-11-14 2018-11-14 Quantum encryption-based software authorization method and device and storage medium

Publications (2)

Publication Number Publication Date
CN109543367A CN109543367A (en) 2019-03-29
CN109543367B true CN109543367B (en) 2020-11-10

Family

ID=65847327

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811352787.2A Active CN109543367B (en) 2018-11-14 2018-11-14 Quantum encryption-based software authorization method and device and storage medium

Country Status (1)

Country Link
CN (1) CN109543367B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111737660B (en) * 2020-06-28 2023-11-17 浙江大华技术股份有限公司 Method, system and storage medium for realizing software authorization

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1833009A1 (en) * 2006-03-09 2007-09-12 First Data Corporation Secure transaction computer network
WO2013048674A1 (en) * 2011-09-30 2013-04-04 Los Alamos National Security, Llc Quantum key management
CN105812367A (en) * 2016-03-15 2016-07-27 浙江神州量子网络科技有限公司 Authentication system and authentication method of network access device in quantum network
CN105871538A (en) * 2015-01-22 2016-08-17 阿里巴巴集团控股有限公司 Quantum key distribution system, quantum key distribution method and device
CN106712931A (en) * 2015-08-20 2017-05-24 上海国盾量子信息技术有限公司 Mobile phone token identity authentication system and method based on quantum cipher network
CN108809631A (en) * 2017-04-28 2018-11-13 广东国盾量子科技有限公司 A kind of quantum key service management system and method

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8693691B2 (en) * 2012-05-25 2014-04-08 The Johns Hopkins University Embedded authentication protocol for quantum key distribution systems

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1833009A1 (en) * 2006-03-09 2007-09-12 First Data Corporation Secure transaction computer network
WO2013048674A1 (en) * 2011-09-30 2013-04-04 Los Alamos National Security, Llc Quantum key management
CN105871538A (en) * 2015-01-22 2016-08-17 阿里巴巴集团控股有限公司 Quantum key distribution system, quantum key distribution method and device
CN106712931A (en) * 2015-08-20 2017-05-24 上海国盾量子信息技术有限公司 Mobile phone token identity authentication system and method based on quantum cipher network
CN105812367A (en) * 2016-03-15 2016-07-27 浙江神州量子网络科技有限公司 Authentication system and authentication method of network access device in quantum network
CN108809631A (en) * 2017-04-28 2018-11-13 广东国盾量子科技有限公司 A kind of quantum key service management system and method

Also Published As

Publication number Publication date
CN109543367A (en) 2019-03-29

Similar Documents

Publication Publication Date Title
US9813247B2 (en) Authenticator device facilitating file security
CN111034120B (en) Encryption key management based on identity information
EP3324572B1 (en) Information transmission method and mobile device
US10454910B2 (en) Management apparatus, computer program product, system, device, method, information processing apparatus, and server
CN107683582B (en) Authentication stylus device
CN109714176B (en) Password authentication method, device and storage medium
CN108199847B (en) Digital security processing method, computer device, and storage medium
CN106411504B (en) Data encryption system, method and device
CN110602140A (en) Encryption and decryption method and system for chip authorization
CN113422679B (en) Key generation method, device and system, encryption method, electronic device and computer readable storage medium
CN110598429B (en) Data encryption storage and reading method, terminal equipment and storage medium
WO2020155812A1 (en) Data storage method and device, and apparatus
CN113378119B (en) Software authorization method, device, equipment and storage medium
TWI827906B (en) Message transmitting system, user device and hardware security module for use therein
CN113836506A (en) Identity authentication method, device, system, electronic equipment and storage medium
KR20200002501A (en) Method for certificating node of public blockchain, apparatus and system for executing the method
WO2023046207A1 (en) Data transmission method and apparatus, and non-volatile computer-readable storage medium
CN112636916A (en) Data processing method, data processing device, storage medium and electronic equipment
CN114386104A (en) Method for storing sensitive data, data reading method and device
CN113535852A (en) File processing method, file access method, device and system based on block chain
CN109543367B (en) Quantum encryption-based software authorization method and device and storage medium
CN202978979U (en) Password security keypad device and password security pad system
CN114117388A (en) Device registration method, device registration apparatus, electronic device, and storage medium
CN114125830B (en) APP data encryption transmission method, device and medium
CN117478338A (en) Digital content downloading system, method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant