CN110968844B - Software authorization method in off-line state, server and readable storage medium - Google Patents
Software authorization method in off-line state, server and readable storage medium Download PDFInfo
- Publication number
- CN110968844B CN110968844B CN201911214103.7A CN201911214103A CN110968844B CN 110968844 B CN110968844 B CN 110968844B CN 201911214103 A CN201911214103 A CN 201911214103A CN 110968844 B CN110968844 B CN 110968844B
- Authority
- CN
- China
- Prior art keywords
- software
- key
- file
- certificate
- certificate file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 49
- 238000013475 authorization Methods 0.000 claims description 43
- 238000012795 verification Methods 0.000 claims description 12
- 230000008569 process Effects 0.000 claims description 11
- 238000012545 processing Methods 0.000 abstract description 7
- 230000006870 function Effects 0.000 description 8
- VBMOHECZZWVLFJ-GXTUVTBFSA-N (2s)-2-[[(2s)-6-amino-2-[[(2s)-6-amino-2-[[(2s,3r)-2-[[(2s,3r)-2-[[(2s)-6-amino-2-[[(2s)-2-[[(2s)-6-amino-2-[[(2s)-2-[[(2s)-2-[[(2s)-2,6-diaminohexanoyl]amino]-5-(diaminomethylideneamino)pentanoyl]amino]propanoyl]amino]hexanoyl]amino]propanoyl]amino]hexan Chemical compound NC(N)=NCCC[C@@H](C(O)=O)NC(=O)[C@H](CCCCN)NC(=O)[C@H](CCCCN)NC(=O)[C@H]([C@@H](C)O)NC(=O)[C@H]([C@H](O)C)NC(=O)[C@H](CCCCN)NC(=O)[C@H](C)NC(=O)[C@H](CCCCN)NC(=O)[C@H](C)NC(=O)[C@H](CCCN=C(N)N)NC(=O)[C@@H](N)CCCCN VBMOHECZZWVLFJ-GXTUVTBFSA-N 0.000 description 6
- 108010068904 lysyl-arginyl-alanyl-lysyl-alanyl-lysyl-threonyl-threonyl-lysyl-lysyl-arginine Proteins 0.000 description 6
- 238000010586 diagram Methods 0.000 description 4
- 238000004891 communication Methods 0.000 description 3
- 238000011161 development Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000004422 calculation algorithm Methods 0.000 description 2
- 239000004973 liquid crystal related substance Substances 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 230000008094 contradictory effect Effects 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3006—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
- H04L9/302—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the integer factorization problem, e.g. RSA or quadratic sieve [QS] schemes
Abstract
The invention relates to the technical field of data processing, and discloses a software authorization method in an off-line state, which is applied to a server and comprises the following steps: and loading the first secret key, the public key of the encrypted RSA secret key pair and the first certificate file to a memory, when the machine code of the server is matched with the machine code included in the decrypted second certificate file, authorizing the software according to the service item to be authorized included in the second certificate file, starting the software, updating the first secret key, encrypting the first certificate file again by using the updated first secret key to obtain a third certificate file, encrypting the updated first secret key by using the public key of the decrypted RSA secret key pair, and respectively replacing the encrypted updated first secret key and the encrypted third certificate file with the first secret key and the first certificate file stored in the preset storage space. The invention also provides a server and a computer readable storage medium. The invention solves the problem of low security during software authorization.
Description
Technical Field
The present invention relates to the field of data processing technologies, and in particular, to a software authorization method in an offline state, a server, and a readable storage medium.
Background
With the development of the current society, the technical development of each field is changing day by day, and in order to shorten the development cycle, people tend to develop new technology on the basis of the existing technology, taking software as an example, enterprises developing and operating new software usually cooperate with providers of the existing software to develop and operate the new software on the basis of the existing software, and at this time, the providers of the existing software are required to authorize the existing software, and after the authorization is over, the software operators cannot continue to use the existing software.
At present, the software authorization usually adopts an online authorization manner, however, due to the influence of network viruses, hacker intrusion and other aspects, the security of the current software authorization is not high, and how to ensure the security of the software authorization is a technical problem which needs to be solved urgently at present.
Disclosure of Invention
In view of the above, there is a need to provide a software authorization method in an offline state, aiming to solve the problem of low security during software authorization.
The software authorization method in the off-line state provided by the invention comprises the following steps:
a loading step: responding to a request of a user for starting certain software, and loading a first secret key corresponding to the software, a public key of an encrypted RSA secret key pair and an encrypted first certificate file to a memory from a preset storage space;
and (3) decryption: respectively decrypting the public key and the first certificate file of the encrypted RSA key pair loaded to the memory according to the first key and the first decryption rule, wherein the decrypted second certificate file comprises a machine code of a server to be authorized and a service item to be authorized, and judging whether the machine code of the server is matched with the machine code of the second certificate file;
and (3) authorization step: when the machine code of the server is matched with the machine code included in the second certificate file, authorizing the software according to the service item to be authorized and starting the software;
an updating step: and reloading the first certificate file stored in the preset storage space into the memory, updating the first secret key in the memory according to a preset updating rule, re-encrypting the first certificate file in the memory according to the updated first secret key and the first encryption rule to obtain a third certificate file, encrypting the updated first secret key by using the decrypted public key, and replacing the first secret key and the first certificate file stored in the preset storage space with the encrypted updated first secret key and the encrypted third certificate file respectively.
Optionally, the first decryption rule includes:
acquiring a second key according to the first key and a preset splicing rule, and decrypting the public key of the encrypted RSA key pair by using the second key to obtain a decrypted public key;
and decrypting the first certificate file by using the first secret key to obtain a certificate ciphertext, and decrypting the certificate ciphertext by using the decrypted public key to obtain a second certificate file.
Optionally, the first encryption rule includes:
and decrypting the first certificate file by using the first key to obtain a certificate ciphertext, and performing AES symmetric encryption on the certificate ciphertext by using the updated first key to obtain a third certificate file.
Optionally, the decrypting step further includes:
and if the decryption of the public key of the encrypted RSA key pair or the first certificate file fails, rejecting the software starting request.
Optionally, the method further includes:
a checking step: checking the software at preset time intervals, and if the checking fails, stopping running the software, wherein the checking process comprises the following steps:
loading the encrypted first timing file corresponding to the software to a memory from the preset storage space, and decrypting the first timing file loaded to the memory according to a second decryption rule to obtain a second timing file;
verifying the software according to the second timing file, the second certificate file and a preset verification rule;
and when the verification is successful, updating the second timing file to obtain a third timing file, encrypting the third timing file by using the updated first key stored in the memory to obtain a fourth timing file, replacing the first timing file stored in the preset storage space by using the fourth timing file, and deleting the first, second, third and fourth timing files stored in the memory.
Optionally, the second certificate file further includes an authorization start time and an authorization end time, and the preset verification rule includes:
if the current time of the host is earlier than the authorization starting time or later than the authorization ending time, stopping running the software;
if the duration recorded by the second timing file exceeds the total duration between the authorization termination time and the authorization starting time, stopping running the software;
and if the service item authorized by the software fails to be matched with the service item to be authorized in the second certificate file, stopping running the software.
Optionally, the method further includes:
and if the decryption failure times of the first certificate file and the first timing file stored in the memory exceed a preset threshold value, encrypting the software by using the public key of the decrypted RSA key pair.
Optionally, the second decryption rule includes:
and decrypting the first timing file by using the first key to obtain a second timing file.
Further, to achieve the above object, the present invention also provides a server comprising: the software authorization program can run on the processor, and when being executed by the processor, the software authorization program realizes the steps of the software authorization method in the offline state:
in addition, to achieve the above object, the present invention also provides a computer-readable storage medium having a software authorization program stored thereon, where the software authorization program is executable by one or more processors to implement the steps of the software authorization method in the offline state.
Compared with the prior art, the server in the invention effectively prevents decompilation by loading the first key, the public key of the encrypted RSA key pair and the first certificate file into the memory from the preset storage space, decrypting the public key of the encrypted RSA key pair by adopting the second key, wherein the second key is obtained according to the first key and the preset splicing rule, the first certificate file is decrypted by using the first key and the public key of the decrypted RSA key pair, the safety of the certificate file is ensured, after the software is authorized according to the decrypted second certificate file, the first key is updated according to the preset updating rule, the first certificate file is encrypted by using the updated first key to obtain the third certificate file, the updated first key is encrypted by using the public key of the decrypted RSA key pair, and the encrypted updated first key and the encrypted third certificate file respectively replace the first key, the encrypted first certificate, the encrypted certificate file, the second key and the encrypted certificate file stored in the preset storage space, When software is started next time, a software provider needs to decrypt the updated first secret key into a plaintext state by using a private key of an RSA secret key pair, and then the third certificate file can be loaded and decrypted to authorize the software, so that the software authorization safety is effectively guaranteed.
Drawings
FIG. 1 is a schematic structural diagram of a server according to an embodiment of the present invention;
FIG. 2 is a block diagram of one embodiment of the software authorization process of FIG. 1;
FIG. 3 is a flowchart of an off-line software authorization method according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the description relating to "first", "second", etc. in the present invention is for descriptive purposes only and is not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature. In addition, technical solutions between various embodiments may be combined with each other, but must be realized by a person skilled in the art, and when the technical solutions are contradictory or cannot be realized, such a combination should not be considered to exist, and is not within the protection scope of the present invention.
Fig. 1 is a schematic structural diagram of a server 1 according to an embodiment of the present invention. The server 1 is a device capable of automatically performing numerical calculation and/or information processing in accordance with a command set or stored in advance. The server 1 may be a rack server, a blade server, a tower server, or a rack server, or may be an independent server or a server cluster formed by a plurality of servers.
In the present embodiment, the server 1 includes, but is not limited to, a memory 11 and a processor 12 that are communicatively connected to each other through a system bus, the memory 11 stores a software authorization program 10, and the software authorization program 10 is executable by the processor 12. Fig. 1 shows only a server 1 with components 11-12 and a software authorization program 10, and it will be understood by those skilled in the art that the structure shown in fig. 1 does not constitute a limitation of the server 1, and may comprise fewer or more components than shown, or some components in combination, or a different arrangement of components.
The storage 11 includes a memory and at least one type of readable storage medium. The memory provides cache for the operation of the server 1; the readable storage medium may be a non-volatile storage medium such as flash memory, a hard disk, a multimedia card, a card type memory (e.g., SD or DX memory, etc.), a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a Read Only Memory (ROM), an Electrically Erasable Programmable Read Only Memory (EEPROM), a Programmable Read Only Memory (PROM), a magnetic memory, a magnetic disk, an optical disk, etc. In some embodiments, the readable storage medium may be an internal storage unit of the server 1, such as a hard disk of the server 1; in other embodiments, the non-volatile storage medium may be an external storage device of the server 1, such as a plug-in hard disk provided on the server 1, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like. In this embodiment, the readable storage medium of the memory 11 is generally used for storing an operating system and various application software installed in the server 1, for example, codes of the software authorization program 10 in an embodiment of the present invention. Further, the memory 11 may also be used to temporarily store various types of data that have been output or are to be output.
Processor 12 may be a Central Processing Unit (CPU), controller, microcontroller, microprocessor, or other data Processing chip in some embodiments. The processor 12 is generally used for controlling the overall operation of the server 1, such as performing control and processing related to data interaction or communication with other devices. In this embodiment, the processor 12 is configured to run the program code stored in the memory 11 or process data, such as running the software authorization program 10.
Optionally, the server 1 may further include a user interface, the user interface may include a Display (Display), an input unit such as a Keyboard (Keyboard), and the optional user interface may further include a standard wired interface and a wireless interface. Alternatively, in some embodiments, the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch device, or the like. The display, which may also be referred to as a display screen or display unit, is suitable for displaying information processed in the server 1 and for displaying a visual user interface.
In an embodiment of the present invention, the software authorization program 10 implements the following loading step, decryption step, authorization step and updating step when executed by the processor 12.
A loading step: and responding to a request of a user for starting certain software, and loading a first secret key corresponding to the software, a public key of the encrypted RSA secret key pair and an encrypted first certificate file to the memory from a preset storage space.
In this embodiment, the server 1 is a server of an operator, and in order to ensure security and confidentiality of software development and operation, the software is operated in an offline state on the server 1.
When software is started and operated on the server 1, an authorization file provided by a software provider needs to be obtained, wherein the authorization file comprises a first secret key (in a plaintext state), a public key of an encrypted RSA secret key pair and a first certificate file, and the first certificate file is an encrypted certificate file.
The certificate file is a file according to software authorization, and comprises machine codes of a server to be authorized, authorization starting time, authorization ending time and service items to be authorized.
The first key is a string of characters with preset length, comprises a random character string section and a fixed character string section and is used for decrypting the encrypted certificate file. In this embodiment, the first key is an AES symmetric key, the length is 32 bits, the first 16 bits are random numbers, and the last 16 bits are fixed numbers.
The first key, the public key of the encrypted RSA key pair, and the encrypted certificate file are provided by a software provider to a software operator, and are stored in advance in a preset storage space of the server 1, where the preset storage space may be a storage space corresponding to an internal storage unit of the server 1 (for example, in a software directory of a hard disk of the server 1), or may be a storage space corresponding to an external storage device of the server 1 (for example, a usb disk). The memory is a temporary storage unit of the server 1, and after the software exits, the file in the memory will disappear, that is, the software can be authorized only after the file needs to be reloaded and decrypted when the software is started every time, so that the security of the file is ensured.
In this embodiment, the encryption policy of the software provider on the certificate file and the public key of the RSA key pair is:
carrying out RSA asymmetric encryption on the certificate file by using a private key in an RSA key pair to obtain a certificate ciphertext, and carrying out AES symmetric encryption on the certificate ciphertext by using the first key to obtain a first certificate file;
and setting a second key according to the first key and a preset splicing rule, and carrying out AES symmetric encryption on the public key of the RSA key pair by using the second key to obtain an encrypted public key.
The preset splicing rule is that predetermined character strings and fixed character string sections in the first secret key are spliced, and a splicing result is used as a second secret key. The predetermined character string is a fixed character string embedded in the software, and in this embodiment, the predetermined character string is a 16-bit character string. The second key obtained by adopting a splicing mode can effectively prevent decompilation.
In this embodiment, the AES symmetric encryption algorithm is encrypted in an ECB mode and a PKCS #5 padding mode. The ECB mode is a codebook mode, in which the whole plaintext is divided into several small plaintext blocks (each small block has a length of 128 bits) which are the same, and then each small plaintext block is encrypted.
If the last small plaintext block is less than 16 bytes (128 bits), a corresponding number of characters needs to be made up at the end of this small plaintext block, and PKCS #5 padding indicates that the value of each padded character is equal to the number of missing characters. For example, if the last small plaintext block is {1,2,3,4,5, a, b, c, d, e }, and there are no 6 bytes, the small plaintext block padded with PKCS #5 is {1,2,3,4,5, a, b, c, d, e,6,6,6,6,6,6 }.
AES symmetric encryption, the secret key needs to be known by both communication parties before transmission, the execution speed is high, and the AES symmetric encryption method is suitable for encryption of a large amount of data.
RSA asymmetric encryption, public key encryption of a key pair, private key decryption, or private key encryption, public key decryption. Because of the need of large number of arithmetic such as power modular arithmetic, the security is high, the operating speed is slow, and the method is suitable for the encryption processing of small amount of data.
In this embodiment, the software provider keeps the private key of the RSA key pair, and the software provider encrypts the certificate file in a double-layer encryption manner of RSA asymmetric encryption and AES symmetric encryption, so as to ensure the security of the certificate file.
And (3) decryption: and respectively decrypting the public key and the first certificate file of the encrypted RSA key pair loaded to the memory according to the first key and the first decryption rule, wherein the decrypted second certificate file comprises the machine code of the server to be authorized and the service item to be authorized, and judging whether the machine code of the server 1 is matched with the machine code of the second certificate file.
In this embodiment, each decryption is performed on the file in the memory.
The first decryption rule comprises:
acquiring a second key according to the first key and a preset splicing rule, and decrypting the public key of the encrypted RSA key pair by using the second key to obtain a decrypted public key;
and decrypting the first certificate file by using the first secret key to obtain a certificate ciphertext, and decrypting the certificate ciphertext by using the decrypted public key to obtain a second certificate file.
And the machine code of the server to be authorized is a character string obtained by splicing the CPU serial number of the server to be authorized and the MAC address of the network card. The service items to be authorized correspond to different functional modules of the software.
In this embodiment, by determining whether the machine code of the server 1 matches the machine code of the server to be authorized included in the second certificate file, it is possible to prevent other servers from being authorized by mistake.
In one embodiment of the present invention, the decrypting step further comprises:
and if the decryption of the public key or the first certificate file in the encrypted RSA key pair fails, rejecting the software starting request.
And (3) authorization step: and when the machine code of the server 1 is matched with the machine code included in the first certificate file, authorizing the software according to the service item to be authorized and starting the software.
An updating step: and reloading the first certificate file stored in the preset storage space into the memory, updating the first secret key in the memory according to a preset updating rule, encrypting the first certificate file in the memory again according to the updated first secret key and the first encryption rule to obtain a third certificate file, encrypting the updated first secret key by using the decrypted public key, and replacing the first secret key and the first certificate file stored in the preset storage space with the encrypted updated first secret key and the encrypted third certificate file.
The first encryption rule includes:
and decrypting the first certificate file by using the first key to obtain a certificate ciphertext, and performing AES symmetric encryption on the certificate ciphertext by using the updated first key to obtain a third certificate file.
The preset updating rule is a random character string segment for randomly updating the first key. In this embodiment, the public key in the RSA key pair is used to encrypt the updated first key, before the software exits, the updated first key in the memory is in a plaintext state, after the software exits, the file in the memory disappears, and when the software is started next time, if the private key in the RSA key pair does not exist, the updated first key cannot be decrypted, so that the third certificate file encrypted with the updated first key cannot be decrypted, and the reliability of software authorization is ensured.
Storing the encrypted and updated first key and the third certificate file to the preset storage space, wherein the first key and the third certificate file are mainly used for next authorization and starting of software. Before software is started next time, a software provider is required to decrypt the encrypted updated first secret key into a plaintext state by using a private key of an RSA secret key pair, when the software is started, the updated first secret key and a third certificate file of the plaintext state are loaded into an internal memory, and authorization and starting operations can be completed after decryption.
In one embodiment of the present invention, the software authorization program 10 further implements the following steps when executed by the processor 12:
a checking step: checking the software at preset time intervals (for example, 5 minutes), and if the checking fails, stopping running the software, wherein the checking process comprises the following steps:
loading the encrypted first timing file corresponding to the software to a memory from the preset storage space, and decrypting the first timing file loaded to the memory according to a second decryption rule to obtain a second timing file;
verifying the software according to the second timing file, the second certificate file and a preset verification rule;
and when the verification is successful, updating the second timing file to obtain a third timing file, encrypting the third timing file by using the updated first key stored in the memory to obtain a fourth timing file, replacing the first timing file stored in the preset storage space by using the fourth timing file, and deleting the first, second, third and fourth timing files stored in the memory.
The second certificate file further comprises authorization start time and authorization end time, and the preset verification rule comprises:
if the current time of the host is earlier than the authorization starting time or later than the authorization ending time, stopping running the software;
if the duration recorded by the second timing file exceeds the total duration between the authorization termination time and the authorization starting time, stopping running the software;
and if the service item authorized by the software fails to be matched with the service item to be authorized, which is included in the second certificate file, the software stops running.
In this embodiment, another observation thread is provided for observing whether the checking step is bypassed, and if the checking step is bypassed, the software stops running if the checking step is possibly cracked.
In this embodiment, the timing file is a hidden file named at the beginning, and is used for recording the running time of the software under the corresponding certificate file.
In this embodiment, the second timing file is updated by using a system.notime () function, which is a Java built-in function, and is timed based on a clock cycle of a CPU core of the server 1, so as to measure elapsed time without human intervention, and the system.notime () function is independent of the time of the host and has high timing precision, thereby effectively avoiding the influence caused by tampering the time of the host.
In this embodiment, the first timing file is provided by a software provider and is pre-stored in a preset storage space of the server 1, and an encryption policy of the first timing file includes:
carrying out AES symmetric encryption on the timing file by using the first key to obtain a first timing file;
the second decryption rule comprises:
and decrypting the first timing file by using the first key to obtain a second timing file.
In another embodiment of the present invention, the software authorization program 10, when executed by the processor 12, further implements the steps of:
and if the decryption failure times of the first certificate file and the first timing file stored in the memory exceed a preset threshold value, encrypting the software by using the public key of the decrypted RSA key pair.
In another embodiment of the present invention, the software authorization program 10, when executed by the processor 12, further implements the steps of:
and after the software is started, if the timing file in the preset storage space exceeds a preset time threshold value and is not updated, encrypting the software by using the public key of the decrypted RSA key pair.
As can be seen from the foregoing embodiment, in the server 1 provided in the present invention, first, the first secret key, the public key of the encrypted RSA secret key pair, and the first certificate file are loaded into the memory from the preset storage space, the public key of the encrypted RSA secret key pair is decrypted by using the second secret key, and the second secret key is obtained according to the first secret key and the preset splicing rule, so that decompilation is effectively prevented, and meanwhile, the first certificate file is decrypted in a double-layer manner by using the first secret key and the public key of the decrypted RSA secret key pair, so that the security of the certificate file is ensured; then, after the software is authorized according to the decrypted second certificate file, the first secret key is updated according to a preset updating rule, the updated first secret key is used for encrypting the first certificate file to obtain a third certificate file, the public key of the decrypted RSA secret key pair is used for encrypting the updated first secret key, the encrypted updated first secret key and the encrypted updated third certificate file are used for respectively replacing the first secret key and the first certificate stored in the preset storage space, when the software exits, the file in the internal memory disappears, when the software is started next time, the software provider can load and decrypt the third certificate file to authorize the software after decrypting the updated first secret key into a plaintext state by using the private key of the RSA secret key pair, and the software authorization safety is effectively guaranteed.
In other embodiments, the software authorization program 10 can be divided into one or more modules, and the one or more modules are stored in the memory 11 and executed by one or more processors (in this embodiment, the processor 12) to implement the present invention, and the modules referred to in the present invention refer to a series of computer program instruction segments capable of performing specific functions to describe the execution process of the software authorization program 10 in the server 1.
Fig. 2 is a block diagram of an embodiment of the software authorization program 10 of fig. 1.
In one embodiment of the present invention, the software authorization program 10 includes a loading module 110, a decryption module 120, an authorization module 130, and an update module 140, which illustratively:
the loading module 110 is configured to respond to a request of a user to start a certain software, and load a first key corresponding to the software, a public key of an encrypted RSA key pair, and an encrypted first certificate file to a memory from a preset storage space;
the decryption module 120 is configured to decrypt the public key and the first certificate file of the encrypted RSA key pair loaded to the memory according to the first key and the first decryption rule, respectively, obtain a second certificate file including a machine code of the server to be authorized and a service item to be authorized, and determine whether the machine code of the server 1 matches the machine code included in the second certificate file;
the authorization module 130 is configured to authorize the software according to the service item to be authorized and start the software when the machine code of the server 1 matches the machine code included in the second certificate file;
the updating module 140 is configured to reload the first certificate file stored in the preset storage space to the memory, update the first key in the memory according to a preset updating rule, encrypt the first certificate file in the memory again according to the updated first key and the first encryption rule to obtain a third certificate file, encrypt the updated first key by using the decrypted public key, and replace the first key and the first certificate file stored in the preset storage space with the encrypted updated first key and the encrypted third certificate file, respectively.
The functions or operation steps implemented by the program modules such as the loading module 110, the decryption module 120, the authorization module 130, and the update module 140 when executed are substantially the same as those of the above embodiments, and are not repeated herein.
Fig. 3 is a flowchart illustrating a software authorization method in an offline state according to an embodiment of the present invention, wherein the software authorization method includes steps S1-S4, and is applied to the server 1.
And S1, responding to a request of a user for starting certain software, and loading a first key corresponding to the software, the public key of the encrypted RSA key pair and the encrypted first certificate file to the memory from a preset storage space.
In this embodiment, the server 1 is a server of an operator, and in order to ensure security and confidentiality of software development and operation, the software is operated in an offline state on the server 1.
When software is started and operated on the server 1, an authorization file provided by a software provider needs to be obtained, wherein the authorization file comprises a first secret key, a public key of an encrypted RSA secret key pair and a first certificate file, and the first certificate file is an encrypted certificate file.
The certificate file is a basis file for software authorization, and comprises a service item to be authorized, which is coded by a machine of a server to be authorized.
The first key (plaintext state) is a string of characters with a preset length, and comprises a random character string section and a fixed character string section, and is used for decrypting the encrypted certificate file. In this embodiment, the first key is an AES symmetric key, the length is 32 bits, the first 16 bits are random numbers, and the last 16 bits are fixed numbers.
The first key, the public key of the encrypted RSA key pair, and the encrypted certificate file are provided by a software provider to a software operator, and are stored in advance in a preset storage space of the server 1, where the preset storage space may be a storage space corresponding to an internal storage unit of the server 1 (for example, in a software directory of a hard disk of the server 1), or may be a storage space corresponding to an external storage device of the server 1 (for example, a usb disk). The memory is a temporary storage unit of the server 1, and after the software exits, the file in the memory will disappear, that is, the software can be authorized only after the file needs to be reloaded and decrypted when the software is started every time, so that the security of the file is ensured.
In this embodiment, the encryption policy of the software provider on the certificate file and the public key of the RSA key pair is:
carrying out RSA asymmetric encryption on the certificate file by using a private key in an RSA key pair to obtain a certificate ciphertext, and carrying out AES symmetric encryption on the certificate ciphertext by using the first key to obtain a first certificate file;
and setting a second key according to the first key and a preset splicing rule, and carrying out AES symmetric encryption on the public key of the RSA key pair by using the second key to obtain an encrypted public key.
The preset splicing rule is that predetermined character strings and fixed character string sections in the first secret key are spliced, and a splicing result is used as a second secret key. The predetermined character string is a fixed character string embedded in the software, and in this embodiment, the predetermined character string is a 16-bit character string. The second key obtained by adopting a splicing mode can effectively prevent decompilation.
In this embodiment, the AES symmetric encryption algorithm is encrypted in an ECB mode and a PKCS #5 padding mode. The ECB mode is a codebook mode, in which the whole plaintext is divided into several small plaintext blocks (each small block has a length of 128 bits) which are the same, and then each small plaintext block is encrypted.
If the last small plaintext block is less than 16 bytes (128 bits), a corresponding number of characters needs to be made up at the end of this small plaintext block, and PKCS #5 padding indicates that the value of each padded character is equal to the number of missing characters. For example, if the last small plaintext block is {1,2,3,4,5, a, b, c, d, e }, and there are no 6 bytes, the small plaintext block padded with PKCS #5 is {1,2,3,4,5, a, b, c, d, e,6,6,6,6,6,6 }.
AES symmetric encryption, the secret key needs to be known by both communication parties before transmission, the execution speed is high, and the AES symmetric encryption method is suitable for encryption of a large amount of data.
RSA asymmetric encryption, public key encryption of a key pair, private key decryption, or private key encryption, public key decryption. Because of the need of large number of arithmetic such as power modular arithmetic, the security is high, the operating speed is slow, and the method is suitable for the encryption processing of small amount of data.
In this embodiment, the software provider keeps the private key of the RSA key pair, and the software provider encrypts the certificate file in a double-layer encryption manner of RSA asymmetric encryption and AES symmetric encryption, so as to ensure the security of the certificate file.
S2, respectively decrypting the public key of the encrypted RSA key pair loaded to the memory and the first certificate file according to the first key and the first decryption rule, wherein the second certificate file obtained through decryption comprises the machine code of the server to be authorized and the service item to be authorized, and judging whether the machine code of the server 1 is matched with the machine code of the second certificate file.
In this embodiment, each decryption is performed on the file in the memory.
The first decryption rule comprises:
acquiring a second key according to the first key and a preset splicing rule, and decrypting the public key of the encrypted RSA key pair by using the second key to obtain a decrypted public key;
and decrypting the first certificate file by using the first secret key to obtain a certificate ciphertext, and decrypting the certificate ciphertext by using the decrypted public key to obtain a second certificate file.
And the machine code of the server to be authorized is a character string obtained by splicing the CPU serial number of the server to be authorized and the MAC address of the network card. The service items to be authorized correspond to different functional modules of the software.
In this embodiment, by determining whether the machine code of the server 1 matches the machine code of the server to be authorized in the certificate file, it is possible to prevent other servers from being authorized by mistake.
In an embodiment of the present invention, the step S2 further includes:
and if the decryption of the public key or the first certificate file in the encrypted RSA key pair fails, rejecting the software starting request.
And S3, when the machine code of the server 1 is matched with the machine code included in the second certificate file, authorizing the software according to the service item to be authorized and starting the software.
S4, reloading the first certificate file stored in the preset storage space into the memory, updating the first key in the memory according to a preset update rule, re-encrypting the first certificate file in the memory according to the updated first key and the first encryption rule to obtain a third certificate file, encrypting the updated first key by using the decrypted public key, and replacing the first key and the first certificate file stored in the preset storage space with the encrypted updated first key and the encrypted third certificate file, respectively.
The first encryption rule includes:
and decrypting the first certificate file by using the first key to obtain a certificate ciphertext, and performing AES symmetric encryption on the certificate ciphertext by using the updated first key to obtain a third certificate file.
The preset updating rule is a random character string segment for randomly updating the first key. In this embodiment, the public key in the RSA key pair is used to encrypt the updated first key, before the software exits, the updated first key in the memory is in a plaintext state, after the software exits, the file in the memory disappears, and when the software is started next time, if the private key in the RSA key pair does not exist, the updated first key cannot be decrypted, so that the third certificate file encrypted with the updated first key cannot be decrypted, and the reliability of software authorization is ensured.
Storing the encrypted and updated first key and the third certificate file to the preset storage space, wherein the first key and the third certificate file are mainly used for next authorization and starting of software. Before software is started next time, a software provider is required to decrypt the encrypted updated first secret key into a plaintext state by using a private key of an RSA secret key pair, when the software is started, the updated first secret key and a third certificate file of the plaintext state are loaded into an internal memory, and authorization and starting operations can be completed after decryption.
In one embodiment of the present invention, the software authorization method further includes:
checking the software at preset time intervals (for example, 5 minutes), and if the checking fails, stopping running the software, wherein the checking process comprises the following steps:
loading the encrypted first timing file corresponding to the software to a memory from the preset storage space, and decrypting the first timing file loaded to the memory according to a second decryption rule to obtain a second timing file;
verifying the software according to the second timing file, the second certificate file and a preset verification rule;
and when the verification is successful, updating the second timing file to obtain a third timing file, encrypting the third timing file by using the updated first key stored in the memory to obtain a fourth timing file, replacing the first timing file stored in the preset storage space by using the fourth timing file, and deleting the first, second, third and fourth timing files stored in the memory.
The second certificate file further comprises authorization start time and authorization end time, and the preset verification rule comprises:
if the current time of the host is earlier than the authorization starting time or later than the authorization ending time, stopping running the software;
if the duration recorded in the second timing file exceeds the total duration between the authorization termination time and the authorization start time, stopping running the software;
and if the service item authorized by the software fails to be matched with the service item to be authorized in the decrypted certificate file, stopping running the software.
In this embodiment, another observation thread is provided for observing whether the checking step is bypassed, and if the checking step is bypassed, the software stops running if the checking step is possibly cracked.
In this embodiment, the timing file is a hidden file named at the beginning, and is used for recording the running time of the software under the corresponding certificate file.
In this embodiment, the second timing file is updated by using a system.notime () function, which is a Java built-in function, and is timed based on a clock cycle of a CPU core of the server 1, so as to measure elapsed time without human intervention, and the system.notime () function is independent of the time of the host and has high timing precision, thereby effectively avoiding the influence caused by tampering the time of the host.
In this embodiment, the first timing file is provided by a software provider and is pre-stored in a preset storage space of the server 1, and an encryption policy of the first timing file includes:
carrying out AES symmetric encryption on the timing file by using the first key to obtain a first timing file;
the second decryption rule comprises:
and decrypting the first timing file by using the first key to obtain a second timing file.
In another embodiment of the present invention, the method further comprises:
and if the decryption failure times of the first certificate file and the first timing file in the memory exceed a preset threshold value, encrypting the software by using the public key of the decrypted RSA key pair.
In another embodiment of the present invention, the method further comprises:
and after the software is started, if the timing file in the preset storage space exceeds a preset time threshold value and is not updated, encrypting the software by using the public key of the decrypted RSA key pair.
It can be known from the above embodiments that the software authorization method in the off-line state provided by the present invention is applied to the server 1, and first, the first secret key, the public key of the encrypted RSA secret key pair and the encrypted first certificate file are loaded to the memory from the preset storage space, and the public key of the encrypted RSA secret key pair is decrypted by using the second secret key, and the second secret key is obtained according to the first secret key and the preset splicing rule, thereby effectively preventing decompilation, and simultaneously, the first secret key and the public key of the decrypted RSA secret key pair are used to perform double-layer decryption on the first certificate file, thereby ensuring the security of the certificate file; then, after the software is authorized according to the decrypted second certificate file, the first secret key is updated according to a preset updating rule, the updated first secret key is used for encrypting the first certificate file again to obtain a third certificate file, the decrypted public key of the RSA secret key pair is used for encrypting the updated first secret key, the encrypted updated first secret key and the encrypted third certificate file are used for replacing the first secret key and the first certificate file stored in the preset storage space respectively, when the software exits, the file in the internal memory disappears, when the software is started next time, a software provider can load and decrypt the third certificate file to authorize the software after decrypting the updated first secret key into a plaintext state by using the private key of the RSA secret key pair, and the software authorization safety is effectively guaranteed.
In addition, the embodiment of the present invention further provides a computer-readable storage medium, which may be any one of or any combination of a hard disk, a multimedia card, an SD card, a flash memory card, an SMC, a Read Only Memory (ROM), an Erasable Programmable Read Only Memory (EPROM), a portable compact disc read only memory (CD-ROM), a USB memory, and the like. The computer readable storage medium includes a software authorization program 10, and when executed by a processor, the software authorization program 10 implements the following operations:
responding to a request of a user for starting certain software, and loading a first secret key corresponding to the software, a public key of an encrypted RSA secret key pair and an encrypted first certificate file to a memory from a preset storage space;
respectively decrypting the public key and the first certificate file of the encrypted RSA key pair loaded to the memory according to the first key and the first decryption rule, wherein the decrypted second certificate file comprises a machine code of a server to be authorized and a service item to be authorized, and judging whether the machine code of the server 1 is matched with the machine code of the second certificate file;
if the machine code of the server 1 is matched with the machine code included in the second certificate file, authorizing the service item to be authorized to the software and starting the software;
and reloading the first certificate file stored in the preset storage space into the memory, updating the first secret key in the memory according to a preset updating rule, encrypting the first certificate file in the memory again according to the updated first secret key and the first encryption rule to obtain a third certificate file, encrypting the updated first secret key by using the decrypted public key, and replacing the first secret key and the first certificate file stored in the preset storage space with the encrypted updated first secret key and the encrypted third certificate file respectively.
The specific implementation of the computer-readable storage medium of the present invention is substantially the same as the above-mentioned software authorization method in the offline state and the specific implementation of the server 1, and will not be described herein again.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, apparatus, article, or method that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, apparatus, article, or method. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, apparatus, article, or method that includes the element.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal device (such as a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (8)
1. A software authorization method in an off-line state is applied to a server, and is characterized in that the method comprises the following steps:
a loading step: responding to a request of a user for starting certain software, and loading a first secret key corresponding to the software, a public key of an encrypted RSA secret key pair and an encrypted first certificate file to a memory from a preset storage space;
and (3) decryption: respectively decrypting the public key and the first certificate file of the encrypted RSA key pair loaded to the memory according to the first key and the first decryption rule, wherein the decrypted second certificate file comprises a machine code of a server to be authorized and a service item to be authorized, and judging whether the machine code of the server is matched with the machine code of the second certificate file, wherein the first decryption rule comprises the following steps: acquiring a second key according to the first key and a preset splicing rule, decrypting the public key of the encrypted RSA key pair by using the second key to obtain a decrypted public key, decrypting the first certificate file by using the first key to obtain a certificate ciphertext, and decrypting the certificate ciphertext by using the decrypted public key to obtain a second certificate file;
and (3) authorization step: when the machine code of the server is matched with the machine code included in the second certificate file, authorizing the software according to the service item to be authorized and starting the software;
an updating step: the first certificate file stored in the preset storage space is loaded into the memory again, the first secret key in the memory is updated according to a preset updating rule, the first certificate file in the memory is encrypted again according to the updated first secret key and a first encryption rule to obtain a third certificate file, the updated first secret key is encrypted by using the decrypted public key, and the first secret key and the first certificate file stored in the preset storage space are replaced by the encrypted updated first secret key and the encrypted third certificate file respectively, wherein the first encryption rule comprises: and decrypting the first certificate file by using the first key to obtain a certificate ciphertext, and performing AES symmetric encryption on the certificate ciphertext by using the updated first key to obtain the third certificate file.
2. A method for software authorization in an offline state as recited in claim 1, wherein said decrypting step further comprises:
and if the decryption of the public key of the encrypted RSA key pair or the first certificate file fails, rejecting the software starting request.
3. A method for software authorization in an offline state as recited in claim 2, wherein said method further comprises:
a checking step: checking the software at preset time intervals, if the checking fails, stopping running the software, wherein the process of checking the software comprises the following steps:
loading the encrypted first timing file corresponding to the software to a memory from the preset storage space, and decrypting the first timing file loaded to the memory according to a second decryption rule to obtain a second timing file;
verifying the software according to the second timing file, the second certificate file and a preset verification rule;
and when the verification is successful, updating the second timing file to obtain a third timing file, encrypting the third timing file by using the updated first key stored in the memory to obtain a fourth timing file, replacing the first timing file stored in the preset storage space by using the fourth timing file, and deleting the first, second, third and fourth timing files stored in the memory.
4. The method for software authorization in an offline state according to claim 3, wherein the second certificate file further includes an authorization start time and an authorization end time, and the preset verification rule includes:
if the current time of the host is earlier than the authorization starting time or later than the authorization ending time, stopping running the software;
if the duration recorded by the second timing file exceeds the total duration between the authorization termination time and the authorization starting time, stopping running the software;
and if the service item authorized by the software fails to be matched with the service item to be authorized, which is included in the second certificate file, the software stops running.
5. A method for software authorization in an offline state according to any of claims 1-4, characterized in that the method further comprises:
and if the decryption failure times of the first certificate file and the first timing file stored in the memory exceed a preset threshold value, encrypting the software by using the public key of the decrypted RSA key pair.
6. A method for software authorization in an offline state according to claim 3, wherein said second decryption rule comprises:
and decrypting the first timing file by using the first key to obtain a second timing file.
7. A server, characterized in that the server comprises: memory, a processor, said memory having stored thereon a software authorization program executable on said processor, said software authorization program when executed by said processor implementing the steps of the software authorization method in an offline state according to any one of claims 1 to 6.
8. A computer-readable storage medium having stored thereon a software authorization program executable by one or more processors to perform the steps of the method of software authorization in an offline state according to any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911214103.7A CN110968844B (en) | 2019-12-02 | 2019-12-02 | Software authorization method in off-line state, server and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911214103.7A CN110968844B (en) | 2019-12-02 | 2019-12-02 | Software authorization method in off-line state, server and readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110968844A CN110968844A (en) | 2020-04-07 |
| CN110968844B true CN110968844B (en) | 2021-12-17 |
Family
ID=70032618
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911214103.7A Active CN110968844B (en) | 2019-12-02 | 2019-12-02 | Software authorization method in off-line state, server and readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110968844B (en) |
Families Citing this family (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108377185B (en) * | 2018-03-14 | 2021-01-26 | 四川长虹电器股份有限公司 | Internet of things weak resource terminal key safety management method |
| CN111610996B (en) * | 2020-05-26 | 2023-04-07 | 东信和平科技股份有限公司 | Method and system for upgrading, producing and sampling inspection of IC card personalized software |
| CN111708991A (en) * | 2020-06-17 | 2020-09-25 | 腾讯科技(深圳)有限公司 | Service authorization method, service authorization device, computer equipment and storage medium |
| CN111949949B (en) * | 2020-08-14 | 2022-06-17 | 山东英信计算机技术有限公司 | Software running method, device and equipment and computer readable storage medium |
| CN112349003A (en) * | 2020-11-17 | 2021-02-09 | 深圳Tcl新技术有限公司 | Door lock password transmission method, lock body, server and readable storage medium |
| CN112733166A (en) * | 2021-01-08 | 2021-04-30 | 湖南同有飞骥科技有限公司 | license authentication and authorization function realization method and system |
| CN112948773A (en) * | 2021-02-07 | 2021-06-11 | 深圳市大梦龙途文化传播有限公司 | Script encryption and decryption method, terminal device and readable storage medium |
| CN112699342B (en) * | 2021-03-24 | 2021-07-16 | 统信软件技术有限公司 | Authorization control method, authorization device and computing equipment |
| CN113329025B (en) * | 2021-06-07 | 2022-06-28 | 中国电子科技集团公司第二十九研究所 | Recording data protection method and system based on software authorization embedded symmetric encryption |
| CN113569205A (en) * | 2021-06-25 | 2021-10-29 | 合肥综合性国家科学中心人工智能研究院(安徽省人工智能实验室) | SDK software interface service authorization method and device |
| CN113496028A (en) * | 2021-06-28 | 2021-10-12 | 山东云缦智能科技有限公司 | Software offline authentication method with time limit function |
| CN117319691A (en) * | 2022-06-20 | 2023-12-29 | 中兴通讯股份有限公司 | Authorization control method, device, system, electronic equipment and storage medium |
| CN114978554B (en) * | 2022-07-29 | 2022-10-18 | 广州匠芯创科技有限公司 | Software authorization authentication system and method |
| CN116010904B (en) * | 2022-12-26 | 2023-09-15 | 北京航天智造科技发展有限公司 | Offline authorization method and system |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104050399A (en) * | 2013-03-14 | 2014-09-17 | 索尼公司 | User verification method and device and piracy tracking method and device |
| CN105512519A (en) * | 2015-11-30 | 2016-04-20 | 北大方正集团有限公司 | Digital resource copyright protection method, opening method and device, and hardware storage device |
| CN108446539A (en) * | 2018-03-16 | 2018-08-24 | 福建深空信息技术有限公司 | A kind of software authorization method and soft ware authorization filing system |
| CN109033762A (en) * | 2018-07-05 | 2018-12-18 | 南京云信达科技有限公司 | A method of for solving complicated checked object soft ware authorization |
| CN109684790A (en) * | 2018-12-26 | 2019-04-26 | 佛山市瑞德物联科技有限公司 | Software start-up method, soft ware authorization verification method, equipment and storage medium |
| CN110348181A (en) * | 2019-07-15 | 2019-10-18 | 广东名阳信息科技有限公司 | A kind of method of verification software right to use legitimacy |
-
2019
- 2019-12-02 CN CN201911214103.7A patent/CN110968844B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104050399A (en) * | 2013-03-14 | 2014-09-17 | 索尼公司 | User verification method and device and piracy tracking method and device |
| CN105512519A (en) * | 2015-11-30 | 2016-04-20 | 北大方正集团有限公司 | Digital resource copyright protection method, opening method and device, and hardware storage device |
| CN108446539A (en) * | 2018-03-16 | 2018-08-24 | 福建深空信息技术有限公司 | A kind of software authorization method and soft ware authorization filing system |
| CN109033762A (en) * | 2018-07-05 | 2018-12-18 | 南京云信达科技有限公司 | A method of for solving complicated checked object soft ware authorization |
| CN109684790A (en) * | 2018-12-26 | 2019-04-26 | 佛山市瑞德物联科技有限公司 | Software start-up method, soft ware authorization verification method, equipment and storage medium |
| CN110348181A (en) * | 2019-07-15 | 2019-10-18 | 广东名阳信息科技有限公司 | A kind of method of verification software right to use legitimacy |
Non-Patent Citations (1)
| Title |
|---|
| Software Protection with Encryption and Verification;Wentao Liu 等;《Software Engineering and Knowledge: Theory and Practice》;20120131;第131-138页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110968844A (en) | 2020-04-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110968844B (en) | Software authorization method in off-line state, server and readable storage medium | |
| CN108810894B (en) | Terminal authorization method, device, computer equipment and storage medium | |
| CN109684790B (en) | Software starting method, software authorization verification method, device and storage medium | |
| TWI510959B (en) | Updating an operating system for secure device | |
| CN102508791B (en) | Method and device for encrypting hard disk partition | |
| CN102449631B (en) | For performing the system and method for bookkeeping | |
| EP3700243A1 (en) | Security data processing device | |
| CN108363580A (en) | Application program installation method, device, computer equipment and storage medium | |
| TW202036347A (en) | Method and apparatus for data storage and verification | |
| TW201516733A (en) | System and method for verifying changes to UEFI authenticated variables | |
| CN111666564B (en) | Application program safe starting method and device, computer equipment and storage medium | |
| CN108304698B (en) | Product authorized use method and device, computer equipment and storage medium | |
| CN110795126A (en) | Firmware safety upgrading system | |
| CN106415585A (en) | Key extraction during secure boot | |
| EP2503482A1 (en) | Electronic device with flash memory component | |
| CN109086578A (en) | A kind of method that soft ware authorization uses, equipment and storage medium | |
| JP2009253783A (en) | Mobile terminal, data protection method and program for data protection | |
| CN104794394A (en) | Virtual machine starting verification method and device | |
| CN115129332A (en) | Firmware burning method, computer equipment and readable storage medium | |
| US20160020903A1 (en) | Nonce generation for encryption and decryption | |
| CN112653559B (en) | Electric control unit starting method and device and storage medium | |
| CN111224826B (en) | Configuration updating method, device, system and medium based on distributed system | |
| CN103592927A (en) | Method for binding product server and service function through license | |
| JP6318305B2 (en) | How to manage subscriptions on the provisioning server | |
| CN114189862A (en) | Wireless terminal and interface access authentication method of wireless terminal in Uboot mode |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |