CN111176710A - Operation method of terminal software management system and terminal software management system - Google Patents
Operation method of terminal software management system and terminal software management system Download PDFInfo
- Publication number
- CN111176710A CN111176710A CN201911389196.7A CN201911389196A CN111176710A CN 111176710 A CN111176710 A CN 111176710A CN 201911389196 A CN201911389196 A CN 201911389196A CN 111176710 A CN111176710 A CN 111176710A
- Authority
- CN
- China
- Prior art keywords
- verification code
- application software
- dynamic verification
- interface tool
- terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/70—Software maintenance or management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
- G06F21/445—Program or device authentication by mutual authentication, e.g. between devices or programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2133—Verifying human interaction, e.g., Captcha
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides an operation method of a terminal software management system and the terminal software management system, comprising the following steps: receiving a dynamic verification code B sent by a cloud server; calling an encryption algorithm program to generate an encryption private key and an encryption public key; sending the encrypted public key to an application software management interface tool; receiving user configuration information, an encrypted dynamic verification code A and an application software unique identifier which are sent by application software; decrypting the encrypted dynamic verification code A by using the encrypted private key to obtain a decrypted dynamic verification code A; judging whether the decrypted dynamic verification code A is matched with the dynamic verification code B; if the decrypted dynamic verification code A is matched with the dynamic verification code B, the application software is successfully authenticated, and the validity verification information of the application software is sent to the cloud server; and generating an application software running/stopping instruction according to the validity verification result. The operation method of the terminal software management system and the terminal software management system solve the problem that the prior scheme cannot well solve the problems of authorization management of users and control of software states.
Description
Technical Field
The invention belongs to the technical field of software management and control, and particularly relates to an operation method of a terminal software management system and the terminal software management system.
Background
With the continuous iteration of products/systems (such as system tool software of electronic blackboard and interactive content software of IS), the functions of the products/systems are gradually enriched and improved, the complexity of the products/systems will become higher and higher, and the difficulty of maintaining the products/systems IS increasing.
For users, products/systems are good in terms of rich functions and multiple choices, but troubles are increased, for example, the more powerful the functions of software are, the higher the complexity is, the larger the scale is, the slower the loading speed is and the complexity of operation is increased; if the system software adopts a combination mode of multiple APPs, effective management of numerous APPs is a serious challenge.
Meanwhile, for terminal software, the authorization management of users and the control of software states are problems to be faced. We can have many options:
for example: the terminal software is encrypted by the aid of the dongle, and a user can use the terminal software only after decrypting the terminal software by using a special tool. But this is a very unfriendly experience, always requiring a key to be carried and requiring proper management. For developers, each piece of software needs to be processed in the same encryption mode, which is a complex and difficult task to guarantee.
Alternatively, we can inject an encryption scheme for each piece of software, which can be used within the time frame of the license by the user simply by entering the key once. However, it is also a difficult task for developers to require each developer to perform encryption verification processing on the software they develop.
Or, the management and control of the software can be realized through the cloud. For developers, the work seems to be unchanged, and only the encryption/decryption algorithm implemented at the terminal is transplanted to the cloud for processing, but the software needs to process the interface of the cloud, and it is also challenging to require that each developer obeys the same rule.
In addition to this, we need to face the risk of the key being hijacked.
Disclosure of Invention
The invention provides an operation method of a terminal software management system and the terminal software management system, which aim to solve the problem that the prior scheme can not well realize the authorization management of a user and the control of a software state.
In order to solve the above technical problem, in one aspect, an embodiment of the present invention provides an operation method of a terminal software management system, which is applied to a cloud server of the terminal software management system, and includes:
generating a dynamic verification code A and a dynamic verification code B;
sending the dynamic verification code A to an application software management interface tool;
sending the dynamic verification code B to a terminal equipment service interface tool;
receiving application software validity verification information uploaded by the terminal equipment service interface tool;
and verifying the validity of the application software according to the application software validity verification information and sending a validity verification result to the terminal equipment service interface tool.
According to an embodiment of the present invention, the application software validity verification information includes: the dynamic verification code A, the dynamic verification code B, the user configuration information, the unique application software identifier and the unique terminal equipment identifier.
On the other hand, an embodiment of the present invention further provides an operating method of a terminal software management system, which is applied to an application software management interface tool of the terminal software management system, and includes:
receiving the dynamic verification code A sent by the cloud server;
receiving an encrypted public key sent by the terminal equipment service interface tool;
calling an encryption algorithm program to encrypt the dynamic verification code A by using the encryption public key to obtain an encrypted dynamic verification code A;
and sending the encrypted dynamic verification code A to the application software.
According to an embodiment of the present invention, after the step of receiving the encrypted public key sent by the terminal device service interface tool, the method further includes:
receiving a login request of a user;
and acquiring the user configuration information from the user configuration file.
On the other hand, the embodiment of the invention also provides an operation method of the terminal software management system, which is applied to the application software of the terminal software management system and comprises the following steps:
obtaining the user configuration information from the user configuration file;
acquiring the unique identifier of the application software;
receiving the encrypted dynamic verification code A sent by the terminal equipment service interface tool;
sending the user configuration information, the encrypted dynamic verification code A and the unique application software identifier to the terminal equipment service interface tool;
and receiving an application software running/stopping instruction sent by the terminal equipment service interface tool.
On the other hand, an embodiment of the present invention further provides an operating method of a terminal software management system, which is applied to a terminal device service interface tool of the terminal software management system, and includes:
receiving the dynamic verification code B sent by the cloud server;
calling an encryption algorithm program to generate an encryption private key and the encryption public key;
sending the encrypted public key to the application software management interface tool;
receiving the user configuration information, the encrypted dynamic verification code A and the unique application software identifier sent by the application software;
decrypting the encrypted dynamic verification code A by using the encrypted private key to obtain a decrypted dynamic verification code A;
judging whether the decrypted dynamic verification code A is matched with the dynamic verification code B;
if the decrypted dynamic verification code A is matched with the dynamic verification code B, the application software is successfully authenticated, and the application software validity verification information is sent to the cloud server;
and generating the application software running/stopping instruction according to the validity verification result.
Correspondingly, in another aspect, an embodiment of the present invention further provides a terminal software management system, including a cloud server, where the cloud server includes:
the verification code generation module is used for generating the dynamic verification code A and the dynamic verification code B;
the verification code A sending module is used for sending the dynamic verification code A to the application software management interface tool;
the verification code B sending module is used for sending the dynamic verification code B to the terminal equipment service interface tool;
the verification information receiving module is used for receiving the application software validity verification information uploaded by the terminal equipment service interface tool;
and the validity verification module is used for verifying the validity of the application software according to the application software validity verification information and sending the validity verification result to the terminal equipment service interface tool.
On the other hand, an embodiment of the present invention further provides a terminal software management system, including an application software management interface tool, where the application software management interface tool includes:
the verification code A receiving module is used for receiving the dynamic verification code A sent by the cloud server;
the public key receiving module is used for receiving the encrypted public key sent by the terminal equipment service interface tool;
the encryption module is used for calling an encryption algorithm program to encrypt the dynamic verification code A by using the encryption public key to obtain the encrypted dynamic verification code A;
and the encrypted verification code sending module is used for sending the encrypted dynamic verification code A to the application software.
On the other hand, the embodiment of the present invention further provides a terminal software management system, including application software, where the application software includes:
a first obtaining module, configured to obtain the user configuration information from the user configuration file;
the second acquisition module is used for acquiring the unique identifier of the application software;
the encrypted verification code receiving module is used for receiving the encrypted dynamic verification code A sent by the terminal equipment service interface tool;
the authentication information sending module is used for sending the user configuration information, the encrypted dynamic verification code A and the unique application software identifier to the terminal equipment service interface tool;
and the instruction receiving module is used for receiving the application software running/stopping instruction sent by the terminal equipment service interface tool.
On the other hand, an embodiment of the present invention further provides a terminal software management system, including a terminal device service interface tool, where the terminal device service interface tool includes:
the verification code B receiving module is used for receiving the dynamic verification code B sent by the cloud server;
the key generation module is used for calling an encryption algorithm program to generate the encrypted private key and the encrypted public key;
the public key sending module is used for sending the encrypted public key to the application software management interface tool;
the authentication information receiving module is used for receiving the user configuration information, the encrypted dynamic verification code A and the unique application software identifier which are sent by the application software;
the decryption module is used for decrypting the encrypted dynamic verification code A by using the encrypted private key to obtain a decrypted dynamic verification code A;
the matching module is used for judging whether the decrypted dynamic verification code A is matched with the dynamic verification code B;
the verification information sending module is used for sending the validity verification information of the application software to the cloud server if the decrypted dynamic verification code A is matched with the dynamic verification code B, and the application software is successfully authenticated;
and the instruction generating module is used for generating the application software running/stopping instruction according to the effectiveness verification result.
The invention has the beneficial effects that:
the operation method of the terminal software management system and the terminal software management system of the embodiment of the invention realize the operation control of the terminal software through the system calling mode of the interface tool; all terminal application software can not run without passing the authentication, the running authentication is realized by a single interface, the authentication process is confidential to the terminal application software, the authentication fails, and the interface directly terminates the running of the terminal application software; the interface tool software and the terminal application software are organized in a loose mode, and the terminal application software can normally run independently of the interface tool software; user identity authentication is realized through interface tool software, and an authentication instruction is encrypted; software authentication process application software participates, but the specific execution process is kept secret; the encryption and decryption algorithm is dynamically updated, and even if the interface of the encryption and decryption algorithm is hijacked illegally, the system can still invalidate the hijacked algorithm in the algorithm updating mode; different terminals may use different encryption and decryption algorithms; the key is hidden in the encryption and decryption algorithm interface, and the encryption process is kept secret from any other software of the terminal. Therefore, the operation method of the terminal software management system and the terminal software management system in the embodiment of the invention solve the problem that the authorization management of the user and the control of the software state cannot be well realized in the existing scheme.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments of the present invention will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without inventive exercise.
Fig. 1 is a schematic flow chart of a first embodiment of an operating method of a terminal software management system according to the present invention;
fig. 2 is a flowchart illustrating a second embodiment of the method for operating the terminal software management system according to the present invention;
fig. 3 is a flowchart illustrating a third embodiment of the method for operating the terminal software management system according to the present invention;
fig. 4 is a schematic flowchart of a fourth embodiment of the method for operating the terminal software management system according to the present invention;
fig. 5 is a flowchart illustrating a fifth embodiment of the method for operating the terminal software management system according to the present invention;
fig. 6 is a schematic structural diagram of a terminal software management system according to a first embodiment of the present invention;
fig. 7 is a schematic structural diagram of a second embodiment of a terminal software management system according to the present invention;
fig. 8 is a schematic structural diagram of a third embodiment of a terminal software management system according to the present invention;
fig. 9 is a schematic structural diagram of a terminal software management system according to a fourth embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, an embodiment of the present invention provides an operation method of a terminal software management system, which is applied to a cloud server of the terminal software management system, and includes:
step 100: generating a dynamic verification code A and a dynamic verification code B;
step 101: sending the dynamic verification code A to an application software management interface tool;
step 102: sending the dynamic verification code B to a terminal equipment service interface tool;
step 103: receiving application software validity verification information uploaded by a terminal equipment service interface tool;
step 104: and verifying the validity of the application software according to the application software validity verification information and sending a validity verification result to the terminal equipment service interface tool.
The operation method of the terminal software management system of the embodiment of the invention generates two matched dynamic verification codes A and B on the cloud server, respectively distributes the two dynamic verification codes A and B to the application software management interface tool and the terminal equipment service interface tool, judges whether the application software is successfully authenticated according to whether the two dynamic verification codes are matched or not in the application software authentication process, and performs validity verification on the application software after the application software is successfully authenticated. The dynamic verification code is generated by the cloud server and distributed to the terminal device service interface tool and the application software management interface tool, the verification code of each terminal device may be different (the verification code of each device is randomly generated by the cloud server) at the same time, the terminal device service interface tool and the application software management interface tool cannot generate the verification code independently, and the application software running verification code cannot be updated when the terminal device is not connected to the cloud server. Therefore, in the operation method of the terminal software management system in the embodiment of the invention, the cloud server is used for updating and distributing the verification code, even if the encryption and decryption algorithm program is hijacked illegally, the system can still invalidate the hijacked algorithm in a mode of updating the encryption algorithm, and the terminal and the cloud end adopt a synchronization mechanism to realize the synchronization of the encryption and decryption algorithm and the secret key.
Optionally, the application software validity verification information in the embodiment of the present invention includes: the system comprises a dynamic verification code A, a dynamic verification code B, user configuration information, an application software unique identifier and a terminal equipment unique identifier.
On the other hand, referring to fig. 2, an embodiment of the present invention further provides an operation method of a terminal software management system, which is applied to an application software management interface tool of the terminal software management system, and includes:
step 200: receiving a dynamic verification code A sent by a cloud server;
step 201: receiving an encrypted public key sent by a terminal equipment service interface tool;
step 202: calling an encryption algorithm program to encrypt the dynamic verification code A by using the encryption public key to obtain an encrypted dynamic verification code A;
step 203: and sending the encrypted dynamic verification code A to the application software.
In the operation method of the terminal software management system of the embodiment of the invention, the application software management interface tool encrypts the dynamic verification code A by using the received encrypted public key sent by the terminal equipment service interface tool and sends the encrypted public key to the application software so as to prevent the verification code from being intercepted by other application software.
In some embodiments, after the step 201 of receiving the encrypted public key sent by the terminal device service interface tool, the embodiment of the present invention further includes:
step 204: receiving a login request of a user;
step 205: user configuration information is obtained from the user profile.
On the other hand, referring to fig. 3, an embodiment of the present invention further provides an operation method of a terminal software management system, which is applied to application software of the terminal software management system, and includes:
step 300: acquiring user configuration information from a user configuration file;
step 301: acquiring a unique identifier of application software;
step 302: receiving an encrypted dynamic verification code A sent by a terminal equipment service interface tool;
step 303: sending user configuration information, an encrypted dynamic verification code A and an application software unique identifier to a terminal equipment service interface tool;
step 304: and receiving an application software running/stopping instruction sent by the terminal equipment service interface tool.
In the operation method of the terminal software management system, the application software only needs to send the user configuration information, the encrypted dynamic verification code A and the application software unique identifier to the terminal equipment service interface tool for authentication, other operations are not needed, and the operation/stop operation is carried out after the authentication and validity verification are successful.
On the other hand, referring to fig. 4, an embodiment of the present invention further provides an operation method of a terminal software management system, which is applied to a terminal device service interface tool of the terminal software management system, and includes:
step 400: receiving a dynamic verification code B sent by a cloud server;
step 401: calling an encryption algorithm program to generate an encryption private key and an encryption public key;
step 402: sending the encrypted public key to an application software management interface tool;
step 403: receiving user configuration information, an encrypted dynamic verification code A and an application software unique identifier which are sent by application software;
step 404: decrypting the encrypted dynamic verification code A by using the encrypted private key to obtain a decrypted dynamic verification code A;
step 405: judging whether the decrypted dynamic verification code A is matched with the dynamic verification code B;
step 406: if the decrypted dynamic verification code A is matched with the dynamic verification code B, the application software is successfully authenticated, and the validity verification information of the application software is sent to the cloud server;
step 407: and generating an application software running/stopping instruction according to the validity verification result.
In the embodiment of the invention, the dynamic verification code A code and the dynamic verification code B code have matching performance, namely the code A comprises a verification algorithm selection identifier (for example, a verification algorithm selection serial number is calculated by complementing numbers 13 according to the initial letter of the verification code A), the device management interface carries out A, B code matching verification (for example, A, B complete matching verification, the occurrence frequency of the code B in the code A and the like) according to a specified algorithm, the code A and the code B are randomly distributed by a cloud server, and the matching verification algorithm is built in a cloud end and a terminal device service interface tool.
In the operation method of the terminal software management system of the embodiment of the invention, the terminal equipment service interface tool receives authentication information (the encrypted dynamic verification code A and the unique identifier of the application software) sent by the application software, decrypts the dynamic verification code A by using the own encryption key, judges whether the decrypted verification code A is matched with the dynamic verification code B or not, can determine that the authentication of the application software is successful when the two are matched, and then carries out the subsequent validity verification of the application software.
Referring to fig. 5, the overall authentication and verification process of the operation method of the terminal software management system according to the embodiment of the present invention is shown, wherein the operation of the application software needs to go through two processes: firstly, the operation authority authentication of the application software and secondly the validity verification (namely validity period verification) of the application software. The first process verifies the software running path, prevents the software from running in an illegal mode, and ensures the running safety of the software. The running of the software is realized by an application software management interface tool (namely an APP management interface tool), the system adopts a dynamic verification code (the cloud server is responsible for distribution, and the verification code is distributed by adopting plaintext), the dynamic verification code is an A code and a B code, the A code is allocated to the application software management interface tool, the B code and a verification rule are allocated to a terminal equipment service interface tool, and the software authentication work is realized by the terminal equipment service interface tool. And the terminal equipment service interface tool generates an encryption key and an encryption public key according to the encryption algorithm program, wherein the encryption key is reserved (not disclosed) only by the terminal equipment service interface tool, and the encryption public key is sent to the application software management interface tool. The application software management interface tool uses the public key to encrypt the dynamic verification code A (to prevent the verification code from being intercepted by the application software), the encryption processing is realized by an encryption algorithm program, and the dynamic public key is adopted, and the public key is issued by the terminal equipment service interface tool. The application software management interface tool runs the application software in a process loading mode, the encrypted dynamic verification code A is transmitted to the application software through the form parameter of the main function of the application software, the application software does not need to execute further operation on the dynamic verification code A, the dynamic verification code and the unique identification of the application software are directly transmitted to the terminal equipment service interface tool through the form parameter of the terminal equipment service interface tool, the terminal equipment service interface tool decrypts the dynamic verification code A (the terminal equipment service interface tool restores the dynamic verification code A through the encryption key), and the dynamic verification code A and the dynamic verification code B are matched (for example, the dynamic verification code A is matched with the dynamic verification code B in an equal mode, and the verification code A and the verification code B comprise characteristic matching and the like) for verification, so that the authentication process of the application software is completed. When the verification code passes the authentication, the terminal equipment service interface tool verifies the validity of the application software (trial period, whether the software is in an activated state, software use validity period and the like) according to the unique identifier of the terminal equipment and the registration information of the application software in the system (an application software information table which is synchronous with the cloud server and stored in an encryption mode), if the application is in the valid state, the terminal equipment service interface tool feeds back verification passing information to the application software, the terminal equipment service interface tool directly starts the application software, otherwise, the terminal equipment service interface tool directly closes the application software, and reports the reason that the application software is stopped to a user.
In the embodiment of the invention, the encryption algorithm program can adopt an asymmetric encryption algorithm (such as RSA) to realize the encryption and the reduction of the verification code, and the verification code, the encryption algorithm and the public key are all dynamic. When the cloud server is available, the cloud server always updates the verification code and the encryption algorithm periodically or randomly, when the cloud server is unavailable, the device continues to use the early verification code and the encryption algorithm and sets the validity period of the verification code to be infinite, and once the device is connected to the cloud server again, the cloud server automatically updates the verification code and the encryption algorithm. And the encrypted public key is periodically updated by the terminal device service interface tool.
In the embodiment of the invention, the application software management interface tool and the terminal equipment service interface tool are connected with the cloud server, and when the cloud server is available, the cloud server can update the verification code (A, B), the application software information table and the user account information used in the equipment regularly. The terminal equipment service interface tool updates the encryption public key to the application software management interface tool regularly to prevent the information from being intercepted and cracked. The verification code and the public key have a validity period, the time when the information is valid is identified, and the system realizes information synchronization through the validity period.
The latest information verification code and the public key are always used for the application software management interface tool, the terminal equipment service interface tool firstly adopts the latest information attempt, if the verification fails, the old information verification is adopted, and if the verification fails, the verification fails is judged. If the verification with the latest information is passed, the terminal equipment service interface tool will automatically invalidate the earlier information. This means that the terminal device service interface tool will keep a copy of both messages during the message update process to prevent the failure of the verification due to the out-of-sync messages, and the old message will be automatically invalidated once the verification is successful with the new message.
The operation method of the terminal software management system supports offline use, and when the terminal equipment is not connected to the cloud server, the verification code is reserved until the terminal equipment is connected to the cloud server again. The encryption public key is distributed by the terminal equipment service interface tool, the cloud server does not need to provide any support, the encryption algorithm program can be randomly replaced by the cloud server, and therefore the terminal equipment service interface tool always keeps the copy of the old algorithm program until the new algorithm program passes the verification.
Therefore, in the operation method of the terminal software management system in the embodiment of the invention, the application software of the terminal is not allowed to be directly operated, and the operation management and control are jointly realized by the application software management interface tool and the terminal equipment service interface tool. The application software management interface tool is responsible for running and starting application software and injecting a running key, and the terminal equipment service interface tool is responsible for running key validity verification and application software validity verification (such as whether the service of the application software is expired or not).
Referring to fig. 6 to 9, in correspondence to the operation method of the terminal software management system according to the foregoing embodiment, an embodiment of the present invention further provides a terminal software management system, where the terminal software management system includes a cloud server 1, and as shown in fig. 6, the cloud server 1 includes:
the verification code generation module 11 is used for generating a dynamic verification code A and a dynamic verification code B;
the verification code A sending module 12 is used for sending the dynamic verification code A to the application software management interface tool 2;
a verification code B sending module 13, configured to send the dynamic verification code B to the terminal device service interface tool 3;
the verification information receiving module 14 is configured to receive the validity verification information of the application software uploaded by the terminal device service interface tool 3;
and the validity verification module 15 is used for verifying the validity of the application software according to the application software validity verification information and sending a validity verification result to the terminal equipment service interface tool 3.
On the other hand, the terminal software management system according to the embodiment of the present invention includes an application software management interface tool 2, as shown in fig. 7, where the application software management interface tool 2 includes:
the verification code A receiving module 21 is configured to receive a dynamic verification code A sent by the cloud server 1;
a public key receiving module 22, configured to receive an encrypted public key sent by the terminal device service interface tool 3;
the encryption module 23 is configured to invoke an encryption algorithm program to encrypt the dynamic verification code a by using the encryption public key to obtain an encrypted dynamic verification code a;
and the encrypted verification code sending module 24 is used for sending the encrypted dynamic verification code A to the application software 4.
On the other hand, the terminal software management system according to the embodiment of the present invention includes application software 4, as shown in fig. 8, where the application software 4 includes:
a first obtaining module 41, configured to obtain user configuration information from a user profile;
a second obtaining module 42, configured to obtain the unique application software identifier;
an encrypted verification code receiving module 43, configured to receive an encrypted dynamic verification code a sent by the terminal device service interface tool 3;
the authentication information sending module 44 is used for sending the user configuration information, the encrypted dynamic verification code A and the unique application software identifier to the terminal equipment service interface tool 3;
and the instruction receiving module 45 is configured to receive an application software running/stopping instruction sent by the terminal device service interface tool 3.
On the other hand, the terminal software management system according to the embodiment of the present invention includes a terminal device service interface tool 3, as shown in fig. 9, where the terminal device service interface tool 3 includes:
the verification code B receiving module 31 is configured to receive a dynamic verification code B sent by the cloud server 1;
a key generation module 32, configured to invoke an encryption algorithm program to generate an encryption private key and an encryption public key;
a public key sending module 33, configured to send the encrypted public key to the application software management interface tool 2;
the authentication information receiving module 34 is configured to receive the user configuration information, the encrypted dynamic verification code a and the application software unique identifier sent by the application software 4;
the decryption module 35 is configured to decrypt the encrypted dynamic verification code a with the encrypted private key to obtain a decrypted dynamic verification code a;
the matching module 36 is configured to determine whether the decrypted dynamic verification code a matches the dynamic verification code B;
the verification information sending module 37, if the decrypted dynamic verification code a matches the dynamic verification code B, the application software is successfully authenticated, and the application software validity verification information is sent to the cloud server 1;
and the instruction generating module 38 is used for generating an application software running/stopping instruction according to the validity verification result.
The terminal software management system is an embodiment of a device corresponding to the operation method of the terminal software management system, the terminal software management system of the embodiment organizes, manages, loads and operates through a uniform interface tool, and the interface tool realizes operation control (such as operation authority detection, authentication and the like) of the terminal software through a system calling mode; all terminal application software can not run without passing the authentication, the running authentication is realized by a single interface, the authentication process is confidential to the terminal application software, the authentication fails, and the interface directly terminates the running of the terminal application software; the interface tool software and the terminal application software are organized in a loose mode, the terminal application software can normally run independently of the interface tool software (for example, the normal running of the terminal application software can be realized by controlling a terminal command), the interface tool software does not run independently of the terminal application software, but the interface tool software can check the effectiveness of the managed terminal application software and can eliminate invalid application software; the user identity authentication is realized through interface tool software, and the authentication instruction is encrypted. The user identity and configuration can be synchronized to the cloud, and the terminal can realize user identity verification under the condition of no network; the software authentication process is encrypted, the encryption, decryption and authentication processes of the key are completely separated, the key and the key are dynamically distributed, each key and the key have an independent activation period, and the system can control the validity of the key and the key through the activation period; software authentication process application software participates, but the specific execution process is kept secret. The interface tool software is the input of software authentication, the interface tool software has a verification code and a public key but no secret key, the encryption and decryption algorithm interface has the secret key but no verification code, the equipment service interface has a verification code B but no secret key, and the interface tool software and the equipment interface must rely on the encryption and decryption software to obtain encryption information. The verification code and the secret key are paired, the interface tool software and the equipment interface respectively have a half secret key and the verification code, and the software authentication is independently completed by the equipment interface; the application software must rely on the device interface to run; the encryption and decryption algorithm interface (containing the key) is dynamically updated, and even if the encryption and decryption algorithm interface is hijacked illegally, the system can still invalidate the hijacked algorithm in an algorithm updating mode. And the terminal and the cloud terminal adopt a synchronization mechanism to realize the synchronization of an encryption and decryption algorithm and a secret key. The user authentication and the software authentication adopt the same encryption and decryption algorithm, and the cloud and the terminal use the same encryption and decryption algorithm. Different terminals may use different encryption and decryption algorithms; the key is hidden in the encryption and decryption algorithm interface. The encryption process is kept secret from any other software of the terminal.
While the present invention has been described with reference to the embodiments shown in the drawings, the present invention is not limited to the embodiments, which are illustrative and not restrictive, and it will be apparent to those skilled in the art that various changes and modifications can be made therein without departing from the spirit and scope of the invention as defined in the appended claims.
Claims (10)
1. An operation method of a terminal software management system is applied to a cloud server of the terminal software management system, and is characterized by comprising the following steps:
generating a dynamic verification code A and a dynamic verification code B;
sending the dynamic verification code A to an application software management interface tool;
sending the dynamic verification code B to a terminal equipment service interface tool;
receiving application software validity verification information uploaded by the terminal equipment service interface tool;
and verifying the validity of the application software according to the application software validity verification information and sending a validity verification result to the terminal equipment service interface tool.
2. The method according to claim 1, wherein the application validity verification information includes: the dynamic verification code A, the dynamic verification code B, the user configuration information, the unique application software identifier and the unique terminal equipment identifier.
3. An operation method of a terminal software management system is applied to an application software management interface tool of the terminal software management system, and is characterized by comprising the following steps:
receiving the dynamic verification code A sent by the cloud server;
receiving an encrypted public key sent by the terminal equipment service interface tool;
calling an encryption algorithm program to encrypt the dynamic verification code A by using the encryption public key to obtain an encrypted dynamic verification code A;
and sending the encrypted dynamic verification code A to the application software.
4. The method according to claim 3, wherein the step of receiving the encrypted public key sent by the terminal device service interface tool further comprises:
receiving a login request of a user;
and acquiring the user configuration information from the user configuration file.
5. An operation method of a terminal software management system is applied to application software of the terminal software management system, and is characterized by comprising the following steps:
obtaining the user configuration information from the user configuration file;
acquiring the unique identifier of the application software;
receiving the encrypted dynamic verification code A sent by the terminal equipment service interface tool;
sending the user configuration information, the encrypted dynamic verification code A and the unique application software identifier to the terminal equipment service interface tool;
and receiving an application software running/stopping instruction sent by the terminal equipment service interface tool.
6. An operation method of a terminal software management system is applied to a terminal equipment service interface tool of the terminal software management system, and is characterized by comprising the following steps:
receiving the dynamic verification code B sent by the cloud server;
calling an encryption algorithm program to generate an encryption private key and the encryption public key;
sending the encrypted public key to the application software management interface tool;
receiving the user configuration information, the encrypted dynamic verification code A and the unique application software identifier sent by the application software;
decrypting the encrypted dynamic verification code A by using the encrypted private key to obtain a decrypted dynamic verification code A;
judging whether the decrypted dynamic verification code A is matched with the dynamic verification code B;
if the decrypted dynamic verification code A is matched with the dynamic verification code B, the application software is successfully authenticated, and the application software validity verification information is sent to the cloud server;
and generating the application software running/stopping instruction according to the validity verification result.
7. A terminal software management system is characterized by comprising a cloud server, wherein the cloud server comprises:
the verification code generation module is used for generating the dynamic verification code A and the dynamic verification code B;
the verification code A sending module is used for sending the dynamic verification code A to the application software management interface tool;
the verification code B sending module is used for sending the dynamic verification code B to the terminal equipment service interface tool;
the verification information receiving module is used for receiving the application software validity verification information uploaded by the terminal equipment service interface tool;
and the validity verification module is used for verifying the validity of the application software according to the application software validity verification information and sending the validity verification result to the terminal equipment service interface tool.
8. A terminal software management system comprising an application software management interface tool, said application software management interface tool comprising:
the verification code A receiving module is used for receiving the dynamic verification code A sent by the cloud server;
the public key receiving module is used for receiving the encrypted public key sent by the terminal equipment service interface tool;
the encryption module is used for calling an encryption algorithm program to encrypt the dynamic verification code A by using the encryption public key to obtain the encrypted dynamic verification code A;
and the encrypted verification code sending module is used for sending the encrypted dynamic verification code A to the application software.
9. A terminal software management system, characterized by comprising application software, the application software comprising:
a first obtaining module, configured to obtain the user configuration information from the user configuration file;
the second acquisition module is used for acquiring the unique identifier of the application software;
the encrypted verification code receiving module is used for receiving the encrypted dynamic verification code A sent by the terminal equipment service interface tool;
the authentication information sending module is used for sending the user configuration information, the encrypted dynamic verification code A and the unique application software identifier to the terminal equipment service interface tool;
and the instruction receiving module is used for receiving the application software running/stopping instruction sent by the terminal equipment service interface tool.
10. A terminal software management system, comprising a terminal device service interface tool, the terminal device service interface tool comprising:
the verification code B receiving module is used for receiving the dynamic verification code B sent by the cloud server;
the key generation module is used for calling an encryption algorithm program to generate the encrypted private key and the encrypted public key;
the public key sending module is used for sending the encrypted public key to the application software management interface tool;
the authentication information receiving module is used for receiving the user configuration information, the encrypted dynamic verification code A and the unique application software identifier which are sent by the application software;
the decryption module is used for decrypting the encrypted dynamic verification code A by using the encrypted private key to obtain a decrypted dynamic verification code A;
the matching module is used for judging whether the decrypted dynamic verification code A is matched with the dynamic verification code B;
the verification information sending module is used for sending the validity verification information of the application software to the cloud server if the decrypted dynamic verification code A is matched with the dynamic verification code B, and the application software is successfully authenticated;
and the instruction generating module is used for generating the application software running/stopping instruction according to the effectiveness verification result.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911389196.7A CN111176710B (en) | 2019-12-30 | 2019-12-30 | Operation method of terminal software management system and terminal software management system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911389196.7A CN111176710B (en) | 2019-12-30 | 2019-12-30 | Operation method of terminal software management system and terminal software management system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111176710A true CN111176710A (en) | 2020-05-19 |
| CN111176710B CN111176710B (en) | 2023-10-03 |
Family
ID=70624235
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911389196.7A Active CN111176710B (en) | 2019-12-30 | 2019-12-30 | Operation method of terminal software management system and terminal software management system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111176710B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112528324A (en) * | 2020-12-09 | 2021-03-19 | 深圳市快付通金融网络科技服务有限公司 | Online method and device of application system and computer storage medium |
| CN112540784A (en) * | 2020-12-17 | 2021-03-23 | 中国航空工业集团公司成都飞机设计研究所 | Airplane airborne software change control method |
| CN113923170A (en) * | 2021-09-30 | 2022-01-11 | 深信服科技股份有限公司 | Application identification management method and system |
Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JPH096608A (en) * | 1995-06-22 | 1997-01-10 | Matsushita Electric Ind Co Ltd | Software protection system |
| US20120130874A1 (en) * | 2010-11-22 | 2012-05-24 | Network Appliance, Inc. | Providing security in a cloud storage environment |
| CN102622624A (en) * | 2012-03-21 | 2012-08-01 | 重庆科技学院 | Commodity anti-counterfeiting identification system and commodity anti-counterfeiting identification method |
| CN104519066A (en) * | 2014-12-23 | 2015-04-15 | 飞天诚信科技股份有限公司 | Method for activating token of mobile terminal |
| US20150244684A1 (en) * | 2012-09-10 | 2015-08-27 | Nwstor Limited | Data security management system |
| CN105743916A (en) * | 2016-04-03 | 2016-07-06 | 北京动石科技有限公司 | Information processing method, system and device for enhancing access security |
| KR101709276B1 (en) * | 2016-11-17 | 2017-02-22 | (주)세이퍼존 | Endpoint Security Server Management System |
| CN106657032A (en) * | 2016-12-05 | 2017-05-10 | 北京博惠城信息科技有限公司 | System and method for realizing identity identification and data authentication based on security medium confidential short message |
| CN106850699A (en) * | 2017-04-10 | 2017-06-13 | 中国工商银行股份有限公司 | A kind of mobile terminal login authentication method and system |
| JP2017107343A (en) * | 2015-12-08 | 2017-06-15 | キヤノン株式会社 | Authentication cooperation system, authentication cooperation method, authorization server, and program |
| CN107113315A (en) * | 2016-04-15 | 2017-08-29 | 深圳前海达闼云端智能科技有限公司 | Identity authentication method, terminal and server |
| CN206993151U (en) * | 2017-07-06 | 2018-02-09 | 北京承启通科技有限公司 | Network signal security authentication systems |
| WO2018058544A1 (en) * | 2016-09-30 | 2018-04-05 | 华为技术有限公司 | Service authentication method, system, and related devices |
| CN109033801A (en) * | 2018-07-25 | 2018-12-18 | 努比亚技术有限公司 | Method, mobile terminal and the storage medium of application program verification user identity |
-
2019
- 2019-12-30 CN CN201911389196.7A patent/CN111176710B/en active Active
Patent Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JPH096608A (en) * | 1995-06-22 | 1997-01-10 | Matsushita Electric Ind Co Ltd | Software protection system |
| US20120130874A1 (en) * | 2010-11-22 | 2012-05-24 | Network Appliance, Inc. | Providing security in a cloud storage environment |
| CN102622624A (en) * | 2012-03-21 | 2012-08-01 | 重庆科技学院 | Commodity anti-counterfeiting identification system and commodity anti-counterfeiting identification method |
| US20150244684A1 (en) * | 2012-09-10 | 2015-08-27 | Nwstor Limited | Data security management system |
| CN104519066A (en) * | 2014-12-23 | 2015-04-15 | 飞天诚信科技股份有限公司 | Method for activating token of mobile terminal |
| JP2017107343A (en) * | 2015-12-08 | 2017-06-15 | キヤノン株式会社 | Authentication cooperation system, authentication cooperation method, authorization server, and program |
| CN105743916A (en) * | 2016-04-03 | 2016-07-06 | 北京动石科技有限公司 | Information processing method, system and device for enhancing access security |
| CN107113315A (en) * | 2016-04-15 | 2017-08-29 | 深圳前海达闼云端智能科技有限公司 | Identity authentication method, terminal and server |
| WO2018058544A1 (en) * | 2016-09-30 | 2018-04-05 | 华为技术有限公司 | Service authentication method, system, and related devices |
| KR101709276B1 (en) * | 2016-11-17 | 2017-02-22 | (주)세이퍼존 | Endpoint Security Server Management System |
| CN106657032A (en) * | 2016-12-05 | 2017-05-10 | 北京博惠城信息科技有限公司 | System and method for realizing identity identification and data authentication based on security medium confidential short message |
| CN106850699A (en) * | 2017-04-10 | 2017-06-13 | 中国工商银行股份有限公司 | A kind of mobile terminal login authentication method and system |
| CN206993151U (en) * | 2017-07-06 | 2018-02-09 | 北京承启通科技有限公司 | Network signal security authentication systems |
| CN109033801A (en) * | 2018-07-25 | 2018-12-18 | 努比亚技术有限公司 | Method, mobile terminal and the storage medium of application program verification user identity |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112528324A (en) * | 2020-12-09 | 2021-03-19 | 深圳市快付通金融网络科技服务有限公司 | Online method and device of application system and computer storage medium |
| CN112540784A (en) * | 2020-12-17 | 2021-03-23 | 中国航空工业集团公司成都飞机设计研究所 | Airplane airborne software change control method |
| CN112540784B (en) * | 2020-12-17 | 2024-02-09 | 中国航空工业集团公司成都飞机设计研究所 | Aircraft-mounted software change control method |
| CN113923170A (en) * | 2021-09-30 | 2022-01-11 | 深信服科技股份有限公司 | Application identification management method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111176710B (en) | 2023-10-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111176710B (en) | Operation method of terminal software management system and terminal software management system | |
| EP1500226B1 (en) | System and method for storage and retrieval of a cryptographic secret from a plurality of network enabled clients | |
| CN108376211B (en) | Software authorization management method, server and system | |
| CN111737366B (en) | Private data processing method, device, equipment and storage medium of block chain | |
| CN110719173B (en) | Information processing method and device | |
| CN103136463A (en) | System and method for temporary secure boot process of an electronic device | |
| CN108737171B (en) | Method and system for managing cloud service cluster | |
| KR20080041220A (en) | Distributed single sign-on service | |
| CN104966015A (en) | Control method and system between intelligent equipment | |
| JPH08320847A (en) | Password management system | |
| US7721100B2 (en) | Granting an access to a computer-based object | |
| CN112003697A (en) | Encryption and decryption method and device for cryptographic module, electronic equipment and computer storage medium | |
| US20220247729A1 (en) | Message transmitting system with hardware security module | |
| CN109446793B (en) | Account encryption method and device based on Windows agent | |
| CN110636503B (en) | Data encryption method, device, equipment and computer readable storage medium | |
| CN104899480A (en) | Software copyright protection and management method based on combined public key identity authentication technology | |
| CN112131597A (en) | Method and device for generating encrypted information and intelligent equipment | |
| CN106998250A (en) | The method that mobile phone dynamically manages computer operating system login password | |
| CN113037682A (en) | Encrypted communication method, encrypted communication device, and encrypted communication system | |
| CN114128207A (en) | Data distribution system, data processing device, and program | |
| CN111064753B (en) | One-Time Pad-based password manager implementation method | |
| CN114218598B (en) | Service processing method, device, equipment and storage medium | |
| CN116781761B (en) | Application program calling method and device | |
| CN109981678B (en) | Information synchronization method and device | |
| CN116094757A (en) | Financial mobile equipment safety authentication method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |