CN109922076B - Secure communication method and authorization platform in soft lock permission process - Google Patents
Secure communication method and authorization platform in soft lock permission process Download PDFInfo
- Publication number
- CN109922076B CN109922076B CN201910237165.3A CN201910237165A CN109922076B CN 109922076 B CN109922076 B CN 109922076B CN 201910237165 A CN201910237165 A CN 201910237165A CN 109922076 B CN109922076 B CN 109922076B
- Authority
- CN
- China
- Prior art keywords
- key
- level
- soft lock
- root
- software
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention provides a safety communication method based on soft lock permission, which comprises the following steps: s1, the soft lock license authorization platform distributes a root public key and a root private key for the software development main body, the root private key is stored in an encryption machine connected with the soft lock license authorization platform, and the root public key is distributed to a software using end; s2, the soft lock license authorization platform issues a temporary secret key for encrypting communication by using the root private key through the encryption machine, and issues a license upgrade package of the software to the soft lock, wherein the license upgrade package comprises the temporary secret key; and S3, when the software user accesses the soft lock, verifying whether the temporary secret key is issued by the root private key based on the root public key. The invention also correspondingly provides an authorization platform used in the soft lock licensing process. The invention can perform the key verification process of a plurality of levels, and can generate the communication key by using the private key under the condition of ensuring that the root private key is not leaked.
Description
Technical Field
The invention relates to the field of software copyright protection, in particular to a secure communication method and an authorization platform in a soft lock licensing process.
Background
In order to solve the security of the soft lock permission in the communication process, encryption is required in the communication process generally, the market share of the soft lock permission currently is far larger than that of the hardware lock permission, but the protection strength is strong or weak. The traditional soft lock is easy to crack due to weak encryption strength and single encryption method, and is basically disastrous pirate once cracked. It is therefore necessary to enhance the security of communication.
Disclosure of Invention
In the prior art, private key files are not used for authenticating a software using end. In the method, a software user end needs to use a private key file to mutually authenticate with the soft lock. However, because of the importance of the private key file, a great potential safety hazard exists when the private key file is stored in a software using end, so that the private key file is stored in a credible license platform, and the software using end still only stores the public key. The authentication between the software using end and the soft lock adopts a three-level secret key method, and the secret key relationship is signed layer by layer and encrypted layer by layer.
To solve the problems in the background art, the invention provides a secure communication method based on soft lock permission, which comprises the following steps:
s1, the soft lock license authorization platform distributes a root public key and a root private key for the software development main body, the root private key is stored in an encryption machine connected with the soft lock license authorization platform, and the root public key is distributed to a software using end;
s2, the soft lock license authorization platform issues a temporary secret key for encrypting communication by using the root private key through the encryption machine, and issues a license upgrade package of the software to the soft lock, wherein the license upgrade package comprises the temporary secret key;
and S3, when the software user accesses the soft lock, verifying whether the temporary secret key is issued by the root private key based on the root public key.
Further, in step S2, the temporary key includes a plurality of levels of public-private key pairs, and the next key pair is generated by issuing a private key of the previous key pair.
Further, in step S2, the temporary key includes a multi-level key pair, and is generated as follows: s21, the soft lock permission authorization platform acquires a second-level secret key issued by the encryption machine by using the root private key, wherein the second-level secret key comprises a public key and a private key; and S22, the soft lock license authorization platform issues a third-level secret key by using the second-level secret key, wherein the third-level secret key comprises a public key and a private key.
Further, in S3, when the software using end accesses the soft lock, it is verified by the root public key layer by layer whether the second-level key and the third-level key are issued by the root private key.
Further, the secure communication method further includes: and S4, if the verification is successful, the software using end and the soft lock perform subsequent communication based on the temporary secret key.
Further, the secure communication method further includes: and S4, if the signature verification in S3 is correct, the software using end carries out encrypted communication with the soft lock based on the random communication secret key generated by the third-stage secret key.
Further, after the second-level key and the third-level key are expired, the soft lock license authorization platform regenerates a new second-level key and a new third-level key.
According to another aspect of the present invention, an authorization platform in a soft lock approval process is provided, including:
the key generation module distributes a root public key and a root private key for the software development main body, and the root private key is stored on an encryption machine connected with the authorization system;
the secret key distribution module distributes the root public key to a software using end;
the temporary secret key generation module generates a temporary secret key by using the root private key;
and the license upgrade package distribution module sends the temporary secret key and the license upgrade package of the software to the soft lock.
Further, the temporary key generation module is configured to: and issuing a third-level secret key by using the second-level secret key, wherein the third-level secret key comprises a public key and a private key.
Further, the temporary key generation module is configured to: and regenerating new second-level secret keys and third-level secret keys after the second-level secret keys and the third-level secret keys are expired.
The invention has the beneficial effects that: the software using end only stores the public key, and the software using end and the soft lock are in encrypted communication through the communication secret key, so that the safety of the communication process of the software using end and the soft lock is ensured. And the generation of the communication secret key is verified by a triple secret key encryption mode between the software using end and the soft lock license authorization platform. The method of the invention ensures the independence of the secret key of each software user end, can not form a general solution, also ensures the randomness of the secret key of each communication, and increases the difficulty of cracking.
Drawings
In order that the invention may be more readily understood, it will be described in more detail with reference to specific embodiments thereof that are illustrated in the accompanying drawings. These drawings depict only typical embodiments of the invention and are not therefore to be considered to limit the scope of the invention.
FIG. 1 is a flow chart of one embodiment of the method of the present invention.
Fig. 2 is an architecture diagram of the authorization platform of the present invention.
Detailed Description
Embodiments of the present invention will now be described with reference to the drawings, wherein like parts are designated by like reference numerals. The embodiments described below and the technical features of the embodiments may be combined with each other without conflict.
FIG. 1 shows a flow chart of one embodiment of the method of the present invention. The method of the invention aims at the authentication between a software using end (loaded with software) to be licensed and a soft lock encryption container, wherein the soft lock is an encryption device such as an encryption lock positioned on a computer in a local area network, and other computers in the local area network can access the soft lock on the premise of having the soft lock license. The method of the present invention includes steps S1-S3, described in detail below.
And S1, the soft lock license authorization platform distributes a root public key and a root private key for a software development subject (software developer), the root private key is stored on an encryption machine connected with the authorization platform, and the root public key is distributed to a software user. The root private key is stored in the encryption machine connected with the soft lock permission authorization system, and the root private key cannot be separated from hardware, so that the security of the root private key is ensured. The root public key and the root private key may be public keys and private keys generated by the ecc algorithm.
S2, the authorization platform issues a temporary secret key for encrypted communication by using the root private key through an encryption machine, and issues a license upgrade package of the software to a soft lock, wherein the license upgrade package comprises the temporary secret key.
And S3, when the software user accesses the soft lock, verifying whether the temporary secret key is issued by the root private key based on the root public key.
In one embodiment, the temporary key in step S2 is a pair of public and private keys. In another embodiment, the temporary key in step S2 includes multiple levels of keys, that is, the temporary key includes multiple levels of public-private key pairs, and the next level of key pair is generated by issuing a private key of the previous level of key pair. The invention preferably adopts a two-stage key, and is generated by the following method:
s21, the authorization platform issues a second-level key with the root private key, where the second-level key includes a public key and a private key. Preferably, the second-level key is a temporarily used key, has a validity period, and is cached in the authorization platform.
And S22, the authorization platform issues a third-level key with the second-level key, wherein the third-level key comprises a public key and a private key. Preferably, the third-level key is a temporarily used key, has a validity period, can be cached on the software using end, and generates the third-level key when the time in the key expires.
And after generating a second-level secret key and a third-level secret key, the authorization platform packs the second-level secret key and the third-level secret key into a license upgrade package of the software and sends the license upgrade package to the soft lock.
Thus, in S3, when the software user accesses the soft lock, the software user verifies the secondary key and the tertiary key layer by layer through the root public key, and verifies whether the license upgrade package is issued by the root private key. Through the key verification processes of the three levels, the authentication between the software using end and the soft lock is ensured.
Further, the second-level key or the third-level key has a validity period, when the second-level key or the third-level key expires, the authorization platform regenerates the second-level key or the third-level key and reissues a license upgrade package of the software to the soft lock, wherein the license upgrade package comprises the regenerated second-level key or the regenerated third-level key, so that the soft lock needs to be authenticated again by the software using end, but the software using end still uses the root public key for verification without replacing the root public key again, and meanwhile, the root private key is stored in the secure encryption machine. In this way, the security of the verification process and the security of the communication between the subsequent software using end and the soft lock are ensured.
Preferably, the method of the present invention further comprises: and S4, if the signature verification in S3 is correct, the software using end and the soft lock perform subsequent communication based on the random communication secret key generated by the tertiary secret key.
According to another aspect of the present invention, as shown in FIG. 2, an authorization platform in a soft lock licensing process is provided. The authorization platform comprises: the device comprises a secret key generation module, a secret key distribution module, a temporary secret key generation module and a license upgrade package distribution module.
The secret key generation module distributes a root public key and a root private key for the software development main body, and the root private key is stored on an encryption machine connected with the authorization platform. The key generation module may generate the root public key and the root private key using an ecc algorithm.
And the secret key distribution module distributes the root public key to the software user.
The temporary secret key generation module generates a temporary secret key by using the root private key. In one embodiment of the method of the present invention,
and the license upgrading package distribution module sends the temporary secret key and the license upgrading package of the software to the soft lock.
In one embodiment, the temporary key generation module is configured to: and issuing a third-level secret key by using the second-level secret key, wherein the third-level secret key comprises a public key and a private key. The temporary key generation module is configured to: and regenerating new second-level secret keys and third-level secret keys after the second-level secret keys and the third-level secret keys are expired. And after generating a second-level secret key and a third-level secret key, the authorization platform packs the second-level secret key and the third-level secret key into a license upgrade package of the software and sends the license upgrade package to the soft lock.
Therefore, when the software using end accesses the soft lock, the software using end verifies the second-level secret key and the third-level secret key layer by layer through the root public key, and verifies whether the license upgrade package is issued by the root private key. Through the key verification processes of the three levels, the authentication between the software using end and the soft lock is ensured.
Further, the second-level key or the third-level key has a validity period, when the second-level key or the third-level key expires, the authorization platform regenerates the second-level key or the third-level key and reissues a license upgrade package of the software to the soft lock, wherein the license upgrade package comprises the regenerated second-level key or the regenerated third-level key, so that the soft lock needs to be authenticated again by the software using end, but the software using end still uses the root public key for verification without replacing the root public key again, and meanwhile, the root private key is stored in the secure encryption machine. In this way, the security of the verification process and the security of the communication between the subsequent software using end and the soft lock are ensured.
And if the software using end verifies that the signature of the license upgrade package is correct, the software using end and the soft lock generate a random communication secret key based on the three-level secret key, so that the software using end and the soft lock can perform subsequent encrypted communication use.
Through the key verification process of the three levels, the software using end and the soft lock can be authenticated under the condition that the root private key is not leaked, and the communication key is successfully used for carrying out safe communication after the authentication is successful. And because a root public key and a root private key are generated for each software using end, the independence of the private key of each software using end is ensured, a general solution cannot be formed, the randomness of the communication private key at each time is also ensured, and the difficulty of cracking is increased.
The above-described embodiments are merely preferred embodiments of the present invention, and general changes and substitutions by those skilled in the art within the technical scope of the present invention are included in the protection scope of the present invention.
Claims (9)
1. A secure communication method based on soft lock permission is characterized by comprising the following steps:
s1, the soft lock license authorization platform distributes a root public key and a root private key for the software development main body, the root private key is stored in an encryption machine connected with the soft lock license authorization platform, and the root public key is distributed to a software using end;
s2, the soft lock license authorization platform issues a temporary secret key for encrypting communication by using the root private key through the encryption machine, and issues a license upgrade package of the software to the soft lock, wherein the license upgrade package comprises the temporary secret key, the temporary secret key comprises a plurality of levels of public and private secret key pairs, and the next level of secret key pair is generated by issuing a private key of the previous level of secret key pair;
and S3, when the software using end accesses the soft lock, the software using end verifies whether the temporary secret key is issued by the root private key or not based on the root public key so as to authenticate the soft lock.
2. The secure communication method according to claim 1, wherein in step S2, the temporary key comprises a multi-level key pair, and is generated by:
s21, the soft lock permission authorization platform acquires a second-level secret key issued by the encryption machine by using the root private key, wherein the second-level secret key comprises a public key and a private key;
and S22, the soft lock license authorization platform issues a third-level secret key by using the second-level secret key, wherein the third-level secret key comprises a public key and a private key.
3. The secure communication method according to claim 2,
in S3, when the software user accesses the soft lock, it is verified by the root public key layer by layer whether the second-level key and the third-level key are issued by the root private key.
4. The secure communication method according to claim 1, further comprising:
and S4, if the verification is successful, the software using end and the soft lock perform subsequent communication based on the temporary secret key.
5. The secure communication method according to claim 3, further comprising:
and S4, if the signature verification in S3 is correct, the software using end carries out encrypted communication with the soft lock based on the random communication secret key generated by the third-stage secret key.
6. The secure communication method according to claim 2,
and after the second-level secret key and the third-level secret key are expired, the soft lock license authorization platform regenerates a new second-level secret key and a new third-level secret key.
7. An authorization platform in a soft lock authorization process, comprising:
the key generation module distributes a root public key and a root private key for the software development main body, and the root private key is stored on an encryption machine connected with the authorization platform;
the secret key distribution module distributes the root public key to a software using end;
the temporary secret key generation module generates a temporary secret key by using the root private key, the temporary secret key comprises a multi-stage public and private secret key pair, and the next-stage secret key pair is generated by issuing a private key of the previous-stage secret key pair;
a license upgrade package distribution module that sends a license upgrade package for the software to the soft lock, wherein the license upgrade package includes the temporary key.
8. The authorization platform of claim 7, wherein the temporary key generation module is configured to:
generating a second level key using the root private key, the second level key comprising a public key and a private key,
and issuing a third-level key by using the second-level key, wherein the third-level key comprises a public key and a private key.
9. The authorization platform of claim 7, wherein the temporary key generation module is configured to:
and regenerating new second-level secret keys and third-level secret keys after the second-level secret keys and the third-level secret keys are expired.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910237165.3A CN109922076B (en) | 2019-03-27 | 2019-03-27 | Secure communication method and authorization platform in soft lock permission process |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910237165.3A CN109922076B (en) | 2019-03-27 | 2019-03-27 | Secure communication method and authorization platform in soft lock permission process |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109922076A CN109922076A (en) | 2019-06-21 |
| CN109922076B true CN109922076B (en) | 2020-12-18 |
Family
ID=66967011
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910237165.3A Active CN109922076B (en) | 2019-03-27 | 2019-03-27 | Secure communication method and authorization platform in soft lock permission process |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109922076B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111641507B (en) * | 2020-05-18 | 2023-09-19 | 湖南智领通信科技有限公司 | Software communication architecture component registration management method and device |
| CN112286553B (en) * | 2020-10-27 | 2021-11-05 | 北京深思数盾科技股份有限公司 | User lock upgrading method, device, system, electronic equipment and storage medium |
| CN114189326B (en) * | 2021-12-10 | 2024-04-26 | 中科计算技术西部研究院 | Multiple encryption system and decryption method of plug-in type encryption terminal |
| CN114266017B (en) * | 2021-12-30 | 2022-11-01 | 北京深盾科技股份有限公司 | Software licensing method and electronic equipment |
| CN115242634B (en) * | 2022-07-05 | 2024-03-12 | 蔚来汽车科技(安徽)有限公司 | Software upgrading method, device and storage medium |
| CN116055038B (en) * | 2022-12-22 | 2023-11-03 | 北京深盾科技股份有限公司 | Device authorization method, system and storage medium |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| ATE548703T1 (en) * | 2005-10-31 | 2012-03-15 | Research In Motion Ltd | SECURE LICENSE KEY PROCESS AND SYSTEM |
| CN101729244B (en) * | 2008-10-24 | 2011-12-07 | 中兴通讯股份有限公司 | Method and system for distributing key |
| EP3007383B1 (en) * | 2013-05-28 | 2019-08-14 | Hitachi, Ltd. | Biometric signature system, signature verification method, registration terminal, signature generation terminal, and signature verification device |
| CN103618729A (en) * | 2013-09-03 | 2014-03-05 | 南京邮电大学 | Multi-mechanism hierarchical attribute-based encryption method applied to cloud storage |
| CN105471918B (en) * | 2016-01-13 | 2018-06-12 | 中山大学 | A kind of agency's weight Universal designated verifier signature method |
| CN109309645A (en) * | 2017-07-26 | 2019-02-05 | 中国人民解放军装备学院 | A kind of software distribution security guard method |
-
2019
- 2019-03-27 CN CN201910237165.3A patent/CN109922076B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN109922076A (en) | 2019-06-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109922076B (en) | Secure communication method and authorization platform in soft lock permission process | |
| JP5703391B2 (en) | System and method for tamper resistant boot processing | |
| EP2659373B1 (en) | System and method for secure software update | |
| EP2965254B1 (en) | Systems and methods for maintaining integrity and secrecy in untrusted computing platforms | |
| EP2291787B1 (en) | Techniques for ensuring authentication and integrity of communications | |
| US20060195689A1 (en) | Authenticated and confidential communication between software components executing in un-trusted environments | |
| US7693286B2 (en) | Method of delivering direct proof private keys in signed groups to devices using a distribution CD | |
| CN101494541B (en) | System and method for implementing security protection of PIN code | |
| CN101777983B (en) | Trading signature method, authentication server and system | |
| CN106161024B (en) | USB control chip-level USB equipment credibility authentication method and system thereof | |
| CN112866242B (en) | Block chain-based digital identity authentication method, equipment and storage medium | |
| CN110795126A (en) | Firmware safety upgrading system | |
| CN104639506A (en) | Terminal and application program installation controlling method and system | |
| CN111814132B (en) | Security authentication method and device, security authentication chip and storage medium | |
| CN112084472A (en) | Real-time dynamic authentication method for multi-user secure storage | |
| JP2017011491A (en) | Authentication system | |
| CN105933117A (en) | Data encryption and decryption device and method based on TPM (Trusted Platform Module) key security storage | |
| US20030105980A1 (en) | Method of creating password list for remote authentication to services | |
| CN116193436A (en) | OTA upgrade package issuing method and system for vehicle-mounted equipment | |
| CN111090841A (en) | Authentication method and device for industrial control system | |
| CN112702304A (en) | Vehicle information verification method and device and automobile | |
| KR20130100032A (en) | Method for distributting smartphone application by using code-signing scheme | |
| CN114070548A (en) | Software copyright encryption protection method based on soft dongle device | |
| CN108133370B (en) | Safe payment method and system based on quantum key distribution network | |
| KR101501508B1 (en) | Method and system for authentication by data encryption |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder |
Address after: Room 510, 5/F, Block C, Internet Innovation Center, Building 5, Yard 10 (East District), Northwest Wangdong Road, Haidian District, Beijing 100193 Patentee after: Beijing Shendun Technology Co.,Ltd. Address before: Room 510, 5/F, Block C, Internet Innovation Center, Building 5, Yard 10 (East District), Northwest Wangdong Road, Haidian District, Beijing 100193 Patentee before: BEIJING SENSESHIELD TECHNOLOGY Co.,Ltd. |
|
| CP01 | Change in the name or title of a patent holder |