CN111176710B - Operation method of terminal software management system and terminal software management system - Google Patents
Operation method of terminal software management system and terminal software management system Download PDFInfo
- Publication number
- CN111176710B CN111176710B CN201911389196.7A CN201911389196A CN111176710B CN 111176710 B CN111176710 B CN 111176710B CN 201911389196 A CN201911389196 A CN 201911389196A CN 111176710 B CN111176710 B CN 111176710B
- Authority
- CN
- China
- Prior art keywords
- verification code
- application software
- dynamic verification
- interface tool
- terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/70—Software maintenance or management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
- G06F21/445—Program or device authentication by mutual authentication, e.g. between devices or programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2133—Verifying human interaction, e.g., Captcha
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides an operation method of a terminal software management system and the terminal software management system, comprising the following steps: receiving a dynamic verification code B sent by a cloud server; calling an encryption algorithm program to generate an encryption private key and an encryption public key; sending the encrypted public key to an application management interface tool; receiving user configuration information, an encrypted dynamic verification code A and an application software unique identifier sent by the application software; decrypting the encrypted dynamic verification code A by using the encryption private key to obtain a decrypted dynamic verification code A; judging whether the decrypted dynamic verification code A is matched with the dynamic verification code B or not; if the decrypted dynamic verification code A is matched with the dynamic verification code B, the application software is successfully authenticated, and the application software validity verification information is sent to the cloud server; and generating an application software running/stopping instruction according to the validity verification result. The running method of the terminal software management system and the terminal software management system solve the problem that the prior scheme can not well solve the authorization management and the control of the software state of the user.
Description
Technical Field
The invention belongs to the technical field of software management and control, and particularly relates to an operation method of a terminal software management system and the terminal software management system.
Background
With continuous iteration of the product/system (such as system tool software of an electronic blackboard and interactive content software of an IS), the functions of the product/system are gradually enriched and perfected, the complexity of the product/system IS also becoming higher and higher, and the maintenance difficulty of the product/system IS increasing.
For users, the functions of the product/system are rich, the selectivity is more good, but the trouble is increased, for example, the more powerful the software is, the higher the complexity is, the larger the scale is, the slower the loading speed is, and the problem of improving the operation complexity is caused; effective management of numerous APPs is a serious challenge if the system software employs a multi-APP combination model.
Meanwhile, for terminal software, the authorization management of the user and the control of the software state are problems that have to be faced. We can have many options:
for example: the terminal software is encrypted by the dongle, and the user can use the dongle after decrypting the dongle by using a special tool. But this is a very unfriendly experience, always requiring a key to be carried and proper management. For the developer, each piece of software needs to be processed in the same encryption mode, which is a complex and difficult to guarantee work.
Alternatively, one may inject an encryption design for each piece of software, which the user can use in the licensed time range as long as the user enters the key once. However, for the developer, it is required that each developer performs encryption verification processing on the software developed by the developer, which is also a difficult task to guarantee.
Or, the control of the software can be realized through the cloud. To the developer, the work seems unchanged, but the encryption/decryption algorithm implemented at the terminal is transplanted to the cloud for execution, but the software needs to process the interface of the cloud, so that each developer is required to follow the same rule, and the same challenge is faced.
In addition to this we need to face the risk of hijacking the keys.
Disclosure of Invention
The invention provides an operation method of a terminal software management system and the terminal software management system, which are used for solving the problem that the prior scheme can not well realize the authorization management of a user and the control of the software state.
In order to solve the above technical problems, in one aspect, an embodiment of the present invention provides an operation method of a terminal software management system, which is applied to a cloud server of the terminal software management system, including:
generating a dynamic verification code A and a dynamic verification code B;
transmitting the dynamic verification code A to an application software management interface tool;
transmitting the dynamic verification code B to a service interface tool of the terminal equipment;
receiving the application software validity verification information uploaded by the service interface tool of the terminal equipment;
and verifying the validity of the application software according to the application software validity verification information and sending a validity verification result to the service interface tool of the terminal equipment.
According to an embodiment of the present invention, the application software validity verification information includes: the dynamic verification code A, the dynamic verification code B, user configuration information, an application software unique identifier and a terminal equipment unique identifier.
On the other hand, the embodiment of the invention also provides an operation method of the terminal software management system, which is applied to an application software management interface tool of the terminal software management system and comprises the following steps:
receiving the dynamic verification code A sent by the cloud server;
receiving an encrypted public key sent by the terminal equipment service interface tool;
invoking an encryption algorithm program to encrypt the dynamic verification code A by using the encryption public key to obtain an encrypted dynamic verification code A;
and sending the encrypted dynamic verification code A to the application software.
According to an embodiment of the present invention, the step of receiving the encrypted public key sent by the service interface tool of the terminal device further includes:
receiving a login request of a user;
and acquiring the user configuration information from the user configuration file.
On the other hand, the embodiment of the invention also provides an operation method of the terminal software management system, which is applied to the application software of the terminal software management system and comprises the following steps:
acquiring the user configuration information from the user configuration file;
acquiring the unique identification of the application software;
receiving the encrypted dynamic verification code A sent by the terminal equipment service interface tool;
transmitting the user configuration information, the encrypted dynamic verification code A and the unique identification of the application software to the service interface tool of the terminal equipment;
and receiving an application software running/stopping instruction sent by the terminal equipment service interface tool.
On the other hand, the embodiment of the invention also provides an operation method of the terminal software management system, which is applied to a terminal equipment service interface tool of the terminal software management system and comprises the following steps:
receiving the dynamic verification code B sent by the cloud server;
invoking an encryption algorithm program to generate an encryption private key and the encryption public key;
sending the encrypted public key to the application management interface tool;
receiving the user configuration information, the encrypted dynamic verification code A and the unique application software identifier which are sent by the application software;
decrypting the encrypted dynamic verification code A by using the encryption private key to obtain a decrypted dynamic verification code A;
judging whether the decrypted dynamic verification code A is matched with the dynamic verification code B or not;
if the decrypted dynamic verification code A is matched with the dynamic verification code B, the application software is successfully authenticated, and the application software validity verification information is sent to the cloud server;
and generating the running/stopping instruction of the application software according to the validity verification result.
Correspondingly, on the other hand, the embodiment of the invention also provides a terminal software management system, which comprises a cloud server, wherein the cloud server comprises:
the verification code generation module is used for generating the dynamic verification code A and the dynamic verification code B;
the verification code A sending module is used for sending the dynamic verification code A to the application software management interface tool;
the verification code B sending module is used for sending the dynamic verification code B to the terminal equipment service interface tool;
the verification information receiving module is used for receiving the application software validity verification information uploaded by the terminal equipment service interface tool;
and the validity verification module is used for verifying the validity of the application software according to the application software validity verification information and sending the validity verification result to the terminal equipment service interface tool.
On the other hand, the embodiment of the invention also provides a terminal software management system, which comprises an application software management interface tool, wherein the application software management interface tool comprises:
the verification code A receiving module is used for receiving the dynamic verification code A sent by the cloud server;
the public key receiving module is used for receiving the encrypted public key sent by the terminal equipment service interface tool;
the encryption module is used for calling an encryption algorithm program to encrypt the dynamic verification code A by using the encryption public key to obtain the encrypted dynamic verification code A;
and the encryption verification code sending module is used for sending the encryption dynamic verification code A to the application software.
On the other hand, the embodiment of the invention also provides a terminal software management system, which comprises application software, wherein the application software comprises:
the first acquisition module is used for acquiring the user configuration information from the user configuration file;
the second acquisition module is used for acquiring the unique identification of the application software;
the encryption verification code receiving module is used for receiving the encryption dynamic verification code A sent by the terminal equipment service interface tool;
the authentication information sending module is used for sending the user configuration information, the encrypted dynamic verification code A and the unique identification of the application software to the service interface tool of the terminal equipment;
and the instruction receiving module is used for receiving the application software running/stopping instruction sent by the terminal equipment service interface tool.
On the other hand, the embodiment of the invention also provides a terminal software management system, which comprises a terminal equipment service interface tool, wherein the terminal equipment service interface tool comprises:
the verification code B receiving module is used for receiving the dynamic verification code B sent by the cloud server;
the key generation module is used for calling an encryption algorithm program to generate the encryption private key and the encryption public key;
the public key sending module is used for sending the encrypted public key to the application software management interface tool;
the authentication information receiving module is used for receiving the user configuration information, the encrypted dynamic verification code A and the unique application software identifier which are sent by the application software;
the decryption module is used for decrypting the encrypted dynamic verification code A by using the encryption private key to obtain a decrypted dynamic verification code A;
the matching module is used for judging whether the decrypted dynamic verification code A is matched with the dynamic verification code B or not;
the verification information sending module is used for sending the application software validity verification information to the cloud server if the decrypted dynamic verification code A is matched with the dynamic verification code B and the application software is successfully authenticated;
and the instruction generation module is used for generating the running/stopping instruction of the application software according to the validity verification result.
The invention has the beneficial effects that:
the running method of the terminal software management system and the terminal software management system realize the running control of the terminal software through the system calling mode of the interface tool; all terminal application software cannot run without passing authentication, running authentication is realized by a single interface, the authentication process is secret to the terminal application software, authentication fails, and the interface directly terminates the running of the terminal application software; the interface tool software and the terminal application software are organized in a loose mode, and the terminal application software can normally run without depending on the interface tool software; user identity verification is realized through interface tool software, and a verification instruction is encrypted; software authentication process application software is involved, but the specific execution process is kept secret; the encryption and decryption algorithm is dynamically updated, and even if the encryption and decryption algorithm interface is illegally hijacked, the system can still invalidate the hijacked algorithm in an algorithm updating mode; different terminals may use different encryption and decryption algorithms; the key is hidden in the encryption and decryption algorithm interface and the encryption process is kept secret from any other software of the terminal. Therefore, the running method of the terminal software management system and the terminal software management system solve the problem that the conventional scheme cannot well realize the authorization management of the user and the control of the software state.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the description of the embodiments of the present invention will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort to a person of ordinary skill in the art.
FIG. 1 is a flow chart of a first embodiment of a method of operating a terminal software management system of the present invention;
FIG. 2 is a flow chart of a second embodiment of a method of operating a terminal software management system of the present invention;
FIG. 3 is a flow chart of a third embodiment of a method of operating a terminal software management system according to the present invention;
FIG. 4 is a flow chart of a fourth embodiment of a method of operating a terminal software management system of the present invention;
FIG. 5 is a flow chart of a fifth embodiment of a method of operating a terminal software management system of the present invention;
FIG. 6 is a schematic diagram of a first embodiment of a terminal software management system according to the present invention;
FIG. 7 is a schematic diagram of a second embodiment of a terminal software management system according to the present invention;
FIG. 8 is a schematic diagram of a third embodiment of a terminal software management system according to the present invention;
fig. 9 is a schematic structural view of a fourth embodiment of a terminal software management system according to the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are some, but not all embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Referring to fig. 1, an embodiment of the present invention provides an operation method of a terminal software management system, which is applied to a cloud server of the terminal software management system, including:
step 100: generating a dynamic verification code A and a dynamic verification code B;
step 101: transmitting the dynamic verification code A to an application software management interface tool;
step 102: transmitting the dynamic verification code B to a service interface tool of the terminal equipment;
step 103: receiving the validity verification information of the application software uploaded by the service interface tool of the terminal equipment;
step 104: and verifying the validity of the application software according to the application software validity verification information and sending a validity verification result to the service interface tool of the terminal equipment.
The running method of the terminal software management system of the embodiment of the invention generates two matched dynamic verification codes A and B on the cloud server, distributes the two matched dynamic verification codes A and B to the application software management interface tool and the terminal equipment service interface tool respectively, judges whether the application software is successfully authenticated or not through the matching of the two dynamic verification codes in the application software authentication process, and performs the validity verification of the application software after the authentication is successful. The dynamic verification code is generated by the cloud server and distributed to the terminal equipment service interface tool and the application software management interface tool, at the same time, the verification code of each terminal equipment can be different (the verification code of each equipment is randomly generated by the cloud server), the terminal equipment service interface tool and the application software management interface tool cannot autonomously generate the verification code, and when the terminal equipment is not connected to the cloud server, the application software running verification code cannot be updated. Therefore, in the running method of the terminal software management system provided by the embodiment of the invention, the verification code is updated and distributed through the cloud server, even if the encryption and decryption algorithm program is illegally hijacked, the system can still invalidate the hijacked algorithm by updating the encryption algorithm, and the terminal and the cloud adopt a synchronization mechanism to realize the synchronization of the encryption and decryption algorithm and the secret key.
Optionally, the application software validity verification information in the embodiment of the present invention includes: dynamic verification code A, dynamic verification code B, user configuration information, unique identification of application software and unique identification of terminal equipment.
On the other hand, referring to fig. 2, the embodiment of the present invention further provides a method for operating a terminal software management system, which is applied to an application software management interface tool of the terminal software management system, and includes:
step 200: receiving a dynamic verification code A sent by a cloud server;
step 201: receiving an encrypted public key sent by a service interface tool of the terminal equipment;
step 202: calling an encryption algorithm program to encrypt the dynamic verification code A by using an encryption public key to obtain an encrypted dynamic verification code A;
step 203: and sending the encrypted dynamic verification code A to the application software.
In the running method of the terminal software management system of the embodiment of the invention, the application software management interface tool encrypts the dynamic verification code A by using the encryption public key sent by the received terminal equipment service interface tool and sends the dynamic verification code A to the application software, so as to prevent the verification code from being intercepted by other application software.
In some embodiments, after step 201 of receiving the encrypted public key sent by the service interface tool of the terminal device, the method further includes:
step 204: receiving a login request of a user;
step 205: user configuration information is obtained from the user configuration file.
On the other hand, referring to fig. 3, the embodiment of the present invention further provides a method for operating a terminal software management system, which is applied to application software of the terminal software management system, and includes:
step 300: acquiring user configuration information from a user configuration file;
step 301: acquiring a unique identifier of application software;
step 302: receiving an encrypted dynamic verification code A sent by a service interface tool of terminal equipment;
step 303: transmitting the user configuration information, the encrypted dynamic verification code A and the unique application software identifier to a service interface tool of the terminal equipment;
step 304: and receiving an application software running/stopping instruction sent by the service interface tool of the terminal equipment.
In the running method of the terminal software management system of the embodiment of the invention, the application software only needs to send the user configuration information, the encrypted dynamic verification code A and the unique identifier of the application software to the terminal equipment service interface tool for authentication, other operations are not needed, and the running/stopping operation is needed after the authentication and the validity verification are successful.
On the other hand, referring to fig. 4, the embodiment of the present invention further provides a method for operating a terminal software management system, which is applied to a terminal equipment service interface tool of the terminal software management system, and includes:
step 400: receiving a dynamic verification code B sent by a cloud server;
step 401: calling an encryption algorithm program to generate an encryption private key and an encryption public key;
step 402: sending the encrypted public key to an application management interface tool;
step 403: receiving user configuration information, an encrypted dynamic verification code A and an application software unique identifier sent by the application software;
step 404: decrypting the encrypted dynamic verification code A by using the encryption private key to obtain a decrypted dynamic verification code A;
step 405: judging whether the decrypted dynamic verification code A is matched with the dynamic verification code B or not;
step 406: if the decrypted dynamic verification code A is matched with the dynamic verification code B, the application software is successfully authenticated, and the application software validity verification information is sent to the cloud server;
step 407: and generating an application software running/stopping instruction according to the validity verification result.
In the embodiment of the invention, the dynamic verification code A and the dynamic verification code B have pairing property, namely the A code contains a verification algorithm selection identifier (such as calculating a verification algorithm selection sequence number by solving the remainder of the number 13 according to the initial letter of the verification code A), the equipment management interface performs A, B code matching verification (such as A, B complete matching verification, the occurrence frequency of the B code in the A code and the like) according to a specified algorithm, the A code and the B code are randomly distributed by a cloud server, and the matching verification algorithm is arranged in a cloud and terminal equipment service interface tool.
In the running method of the terminal software management system of the embodiment of the invention, the terminal equipment service interface tool receives the authentication information (encrypted dynamic verification code A and unique identifier of application software) sent by the application software, decrypts the dynamic verification code A by using the encryption key of the terminal equipment service interface tool, judges whether the decrypted verification code A is matched with the dynamic verification code B, and can determine that the authentication of the application software is successful when the decrypted verification code A is matched with the dynamic verification code B, and then performs the subsequent validity verification of the application software.
Referring to fig. 5, the overall authentication and verification flow of the operation method of the terminal software management system according to the embodiment of the present invention is shown, where the operation of the application software needs to undergo two processes: firstly, the operation authority authentication of the application software, and secondly, the validity verification (namely validity period verification) of the application software. The first process verifies the running path of the software, prevents the software from running in an illegal way and ensures the running safety of the software. The running of the software must be realized by an application software management interface tool (i.e. an APP management interface tool), the system adopts dynamic verification codes (the cloud server takes charge of distribution, the distribution of the verification codes adopts clear text transmission), the dynamic verification codes are divided into two types, namely A codes and B codes, the A codes are distributed to the application software management interface tool, the B codes and verification rules are distributed to a terminal equipment service interface tool, and the software authentication work is realized by the terminal equipment service interface tool. The terminal equipment service interface tool generates an encryption key and an encryption public key according to the encryption algorithm program, wherein the encryption key is only reserved (not disclosed) by the terminal equipment service interface tool, and the encryption public key is sent to the application software management interface tool. The application software management interface tool uses the public key to encrypt the dynamic verification code A (prevent the verification code from being intercepted by the application software), the encryption is realized by an encryption algorithm program, the dynamic public key is adopted, and the release of the public key is realized by the terminal equipment service interface tool. The application software management interface tool runs the application software in a process loading mode, the encrypted dynamic verification code A is transmitted to the application software through the shape parameters of the main function of the application software, the application software does not need to execute further operation on the dynamic verification code A, the dynamic verification code and the unique identification of the application software are directly transmitted to the terminal equipment service interface tool through the shape parameters of the terminal equipment service interface tool, the terminal equipment service interface tool decrypts the dynamic verification code A (the terminal equipment service interface tool restores the dynamic verification code A through an encryption key), and the dynamic verification code A and the dynamic verification code B are matched (if the dynamic verification codes A and B are matched equally, the verification code A and the verification code B contain feature matching and the like) to verify, and the authentication process of the application software is completed. When the verification code passes the authentication, the terminal equipment service interface tool verifies the validity of the application software (trial period, whether the software is in an activated state, the software use validity period and the like) according to the unique identification of the terminal equipment and the registration information (application software information table, synchronous with the cloud server and stored in an encryption mode) of the application software in the system, if the application is in the valid state, the terminal equipment service interface tool feeds back a verification passing message to the application software, and if the application is not in the valid state, the terminal equipment service interface tool directly starts the application software, otherwise, the terminal equipment service interface tool directly closes the application software and reports the reason that the application software is terminated to a user.
The encryption algorithm program in the embodiment of the invention can realize encryption and restoration of the verification code by adopting an asymmetric encryption algorithm (such as RSA), and the verification code, the encryption algorithm and the public key are dynamic. When the cloud server is available, the cloud server always updates the verification code and the encryption algorithm periodically or randomly, when the cloud server is not available, the device can keep the early verification code and the encryption algorithm, the validity period of the verification code is infinite, and once the device is connected to the cloud server again, the cloud server can automatically update the verification code and the encryption algorithm. And the encrypted public key is updated periodically by the end device service interface tool.
In the embodiment of the invention, the application software management interface tool and the terminal equipment service interface tool are connected with the cloud server, and when the cloud server is available, the cloud server can periodically update the verification code (A, B), the application software information table and the user account information used in the equipment. The terminal equipment service interface tool periodically updates the encryption public key to the application software management interface tool so as to prevent information from being intercepted and cracked. The verification code and the public key both have a validity period, the time of validity of the information is marked, and the system realizes information synchronization through the validity period.
The latest information verification code and public key are always used for the application software management interface tool, and the terminal equipment service interface tool firstly adopts the latest information attempt, if the verification fails, old information verification is adopted, and if the verification fails, the verification failure is judged. If the latest information verification is adopted, the service interface tool of the terminal equipment automatically invalidates the earlier information. This means that the service interface tool of the terminal equipment will keep copies of both information during the information update process to prevent verification failure due to out of sync information, and once verification is successful with new information, the old information will be automatically invalidated.
The running method of the terminal software management system in the embodiment of the invention supports offline use, and when the terminal equipment is not connected to the cloud server, the verification code is always reserved until the terminal equipment is connected to the cloud server again. The encryption public key is distributed by the terminal device service interface tool without any support provided by the cloud server, which may randomly replace the encryption algorithm program, so the terminal device service interface tool always retains the old algorithm program copy until the new algorithm program is verified.
Therefore, in the operation method of the terminal software management system of the embodiment of the invention, the application software of the terminal is not allowed to directly operate, and the operation management and control are jointly realized by the application software management interface tool and the terminal equipment service interface tool. The application management interface tool is responsible for the running start of the application and the injection of the running key, and the terminal equipment service interface tool is responsible for the validity verification of the running key, and the validity verification of the application (such as whether the service of the application is expired or not).
Referring to fig. 6 to 9, corresponding to the operation method of the terminal software management system of the foregoing embodiment, the embodiment of the present invention further provides a terminal software management system, where the terminal software management system includes a cloud server 1, as shown in fig. 6, the cloud server 1 includes:
the verification code generation module 11 is used for generating a dynamic verification code A and a dynamic verification code B;
a verification code a transmitting module 12 for transmitting the dynamic verification code a to the application software management interface tool 2;
a verification code B sending module 13, configured to send a dynamic verification code B to the terminal device service interface tool 3;
the verification information receiving module 14 is configured to receive the application software validity verification information uploaded by the service interface tool 3 of the terminal device;
the validity verification module 15 is configured to verify the validity of the application software according to the application software validity verification information and send a validity verification result to the service interface tool 3 of the terminal device.
On the other hand, the terminal software management system according to the embodiment of the present invention includes an application software management interface tool 2, as shown in fig. 7, the application software management interface tool 2 includes:
the verification code a receiving module 21 is configured to receive a dynamic verification code a sent by the cloud server 1;
a public key receiving module 22, configured to receive an encrypted public key sent by the terminal device service interface tool 3;
the encryption module 23 is used for calling an encryption algorithm program to encrypt the dynamic verification code A by using an encryption public key to obtain an encrypted dynamic verification code A;
the encrypted verification code sending module 24 is configured to send the encrypted dynamic verification code a to the application software 4.
On the other hand, the terminal software management system of the embodiment of the present invention includes an application software 4, as shown in fig. 8, where the application software 4 includes:
a first obtaining module 41, configured to obtain user configuration information from a user configuration file;
a second obtaining module 42, configured to obtain a unique identifier of the application software;
an encrypted verification code receiving module 43, configured to receive an encrypted dynamic verification code a sent by the terminal device service interface tool 3;
an authentication information sending module 44, configured to send the user configuration information, the encrypted dynamic verification code a and the application software unique identifier to the terminal device service interface tool 3;
the instruction receiving module 45 is configured to receive an application software running/stopping instruction sent by the service interface tool 3 of the terminal device.
On the other hand, the terminal software management system of the embodiment of the present invention includes a terminal device service interface tool 3, as shown in fig. 9, where the terminal device service interface tool 3 includes:
the verification code B receiving module 31 is configured to receive a dynamic verification code B sent by the cloud server 1;
a key generation module 32 for calling an encryption algorithm program to generate an encryption private key and an encryption public key;
a public key transmission module 33 for transmitting the encrypted public key to the application management interface tool 2;
the authentication information receiving module 34 is configured to receive the user configuration information, the encrypted dynamic verification code a and the application software unique identifier sent by the application software 4;
the decryption module 35 is configured to decrypt the encrypted dynamic verification code a by using the encryption private key to obtain a decrypted dynamic verification code a;
a matching module 36, configured to determine whether the decrypted dynamic verification code a and the decrypted dynamic verification code B are matched;
the verification information sending module 37 sends the verification information of the application software effectiveness to the cloud server 1 if the decrypted dynamic verification code A is matched with the dynamic verification code B and the application software is successfully authenticated;
the instruction generating module 38 is configured to generate an application software running/stopping instruction according to the validity verification result.
The terminal software management system is an embodiment of a device corresponding to the operation method of the terminal software management system, and the terminal software management system of the embodiment organizes, manages, loads and operates through a unified interface tool, and the interface tool realizes operation control (such as operation authority detection, authentication and the like) of the terminal software through a system calling mode; all terminal application software cannot run without passing authentication, running authentication is realized by a single interface, the authentication process is secret to the terminal application software, authentication fails, and the interface directly terminates the running of the terminal application software; the interface tool software and the terminal application software are organized in a loose mode, the terminal application software can normally run independently of the interface tool software (for example, the normal running of the terminal application software can be realized through controlling a terminal command), the interface tool software does not depend on the terminal application software to run, but the interface tool software can check the validity of the managed terminal application software and can exclude invalid application software; user identity verification is achieved through interface tool software, and verification instructions are encrypted. The user identity and configuration can be synchronized to the cloud, and under the condition of no network, the terminal can realize user identity verification; the authentication process of the software is encryption, the encryption, decryption and authentication processes of the keys are completely separated, the keys and the secret keys are dynamically distributed, each key and each secret key have an independent activation period, and the system can control the validity of the secret keys and the secret keys through the activation periods; software authentication process application software is involved, but the particular implementation is kept secret. The interface tool software is the input of software authentication, the interface tool software has the verification code and the public key but no key, the encryption and decryption algorithm interface has the key but no verification code, the equipment service interface has the verification code B but no key, and the interface tool software and the equipment interface must rely on the encryption and decryption software to acquire the encryption information. The verification code and the secret key are paired, the interface tool software and the equipment interface respectively possess half of the secret key and the verification code, and the software authentication and authentication are independently completed by the equipment interface; the application software must rely on the device interface to run; the encryption and decryption algorithm interface (including the secret key) is dynamically updated, and even if the encryption and decryption algorithm interface is illegally hijacked, the system can still invalidate the hijacked algorithm by updating the algorithm. And the terminal and the cloud end adopt a synchronization mechanism to realize the synchronization of an encryption and decryption algorithm and a secret key. The user authentication and the software authentication adopt the same encryption and decryption algorithm, and the cloud end and the terminal use the same encryption and decryption algorithm. Different terminals may use different encryption and decryption algorithms; the key is hidden in the encryption and decryption algorithm interface. The encryption process is kept secret from any other software of the terminal.
The embodiments of the present invention have been described above with reference to the accompanying drawings, but the present invention is not limited to the above-described embodiments, which are merely illustrative and not restrictive, and many forms may be made by those having ordinary skill in the art without departing from the spirit of the present invention and the scope of the claims, which are to be protected by the present invention.
Claims (6)
1. The operation method of the terminal software management system is characterized by being applied to a cloud server of the terminal software management system and comprising the following steps of:
generating a dynamic verification code A and a dynamic verification code B which are matched;
transmitting the dynamic verification code A to an application software management interface tool;
transmitting the dynamic verification code B to a service interface tool of the terminal equipment;
receiving the application software validity verification information uploaded by the service interface tool of the terminal equipment;
verifying the validity of the application software according to the application software validity verification information and sending a validity verification result to the service interface tool of the terminal equipment;
an application software management interface tool applied to a terminal software management system, comprising:
receiving a dynamic verification code A sent by a cloud server;
receiving an encrypted public key sent by a service interface tool of the terminal equipment;
invoking an encryption algorithm program to encrypt the dynamic verification code A by using the encryption public key to obtain an encrypted dynamic verification code A;
sending the encrypted dynamic verification code A to application software;
a terminal equipment service interface tool for use in a terminal software management system, comprising:
receiving a dynamic verification code B sent by the cloud server;
invoking an encryption algorithm program to generate an encryption private key and the encryption public key;
sending the encrypted public key to an application management interface tool;
receiving user configuration information, an encrypted dynamic verification code A and an application software unique identifier sent by the application software;
decrypting the encrypted dynamic verification code A by using the encryption private key to obtain a decrypted dynamic verification code A;
judging whether the decrypted dynamic verification code A is matched with the dynamic verification code B or not;
if the decrypted dynamic verification code A is matched with the dynamic verification code B, the application software is successfully authenticated, and the application software validity verification information is sent to the cloud server;
and generating the running/stopping instruction of the application software according to the validity verification result.
2. The method for operating a terminal software management system according to claim 1, wherein the application software validity verification information includes: the dynamic verification code A, the dynamic verification code B, user configuration information, an application software unique identifier and a terminal equipment unique identifier.
3. The method for operating a terminal software management system according to claim 1 wherein said step of receiving the encrypted public key sent by the terminal device service interface tool further comprises, after:
receiving a login request of a user;
and acquiring the user configuration information from the user configuration file.
4. The method for operating a terminal software management system according to claim 1, wherein the application software applied to the terminal software management system comprises:
acquiring user configuration information from a user configuration file;
acquiring the unique identification of the application software;
receiving an encrypted dynamic verification code A sent by an application software management interface tool;
transmitting the user configuration information, the encrypted dynamic verification code A and the unique identification of the application software to the service interface tool of the terminal equipment;
and receiving an application software running/stopping instruction sent by the terminal equipment service interface tool.
5. A terminal software management system is characterized by comprising a cloud server, an application software management interface tool and a terminal equipment service interface tool,
the cloud server includes:
the verification code generation module is used for generating a dynamic verification code A and a dynamic verification code B which are matched;
the verification code A sending module is used for sending the dynamic verification code A to an application software management interface tool;
the verification code B sending module is used for sending the dynamic verification code B to a service interface tool of the terminal equipment;
the verification information receiving module is used for receiving the validity verification information of the application software uploaded by the service interface tool of the terminal equipment;
the validity verification module is used for verifying the validity of the application software according to the application software validity verification information and sending a validity verification result to the terminal equipment service interface tool;
the application software management interface tool includes:
the verification code A receiving module is used for receiving the dynamic verification code A sent by the cloud server;
the public key receiving module is used for receiving the encrypted public key sent by the terminal equipment service interface tool;
the encryption module is used for calling an encryption algorithm program to encrypt the dynamic verification code A by using the encryption public key to obtain an encrypted dynamic verification code A;
the encryption verification code sending module is used for sending the encryption dynamic verification code A to application software;
the terminal equipment service interface tool comprises:
the verification code B receiving module is used for receiving the dynamic verification code B sent by the cloud server;
the key generation module is used for calling the encryption algorithm program to generate an encryption private key and an encryption public key;
the public key sending module is used for sending the encrypted public key to the application software management interface tool;
the authentication information receiving module is used for receiving user configuration information, encrypted dynamic verification code A and application software unique identification sent by the application software;
the decryption module is used for decrypting the encrypted dynamic verification code A by using the encryption private key to obtain a decrypted dynamic verification code A;
the matching module is used for judging whether the decrypted dynamic verification code A is matched with the dynamic verification code B or not;
the verification information sending module is used for sending the application software validity verification information to the cloud server if the decrypted dynamic verification code A is matched with the dynamic verification code B and the application software is successfully authenticated;
and the instruction generation module is used for generating the running/stopping instruction of the application software according to the validity verification result.
6. The terminal software management system according to claim 5, further comprising application software, the application software comprising:
the first acquisition module is used for acquiring user configuration information from the user configuration file;
the second acquisition module is used for acquiring the unique identification of the application software;
the encryption verification code receiving module is used for receiving the encryption dynamic verification code A sent by the application software management interface tool;
the authentication information sending module is used for sending the user configuration information, the encrypted dynamic verification code A and the unique identification of the application software to a terminal equipment service interface tool;
and the instruction receiving module is used for receiving the application software running/stopping instruction sent by the terminal equipment service interface tool.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911389196.7A CN111176710B (en) | 2019-12-30 | 2019-12-30 | Operation method of terminal software management system and terminal software management system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911389196.7A CN111176710B (en) | 2019-12-30 | 2019-12-30 | Operation method of terminal software management system and terminal software management system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111176710A CN111176710A (en) | 2020-05-19 |
| CN111176710B true CN111176710B (en) | 2023-10-03 |
Family
ID=70624235
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911389196.7A Active CN111176710B (en) | 2019-12-30 | 2019-12-30 | Operation method of terminal software management system and terminal software management system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111176710B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112528324A (en) * | 2020-12-09 | 2021-03-19 | 深圳市快付通金融网络科技服务有限公司 | Online method and device of application system and computer storage medium |
| CN112540784B (en) * | 2020-12-17 | 2024-02-09 | 中国航空工业集团公司成都飞机设计研究所 | Aircraft-mounted software change control method |
| CN113923170A (en) * | 2021-09-30 | 2022-01-11 | 深信服科技股份有限公司 | Application identification management method and system |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JPH096608A (en) * | 1995-06-22 | 1997-01-10 | Matsushita Electric Ind Co Ltd | Software protection system |
| CN102622624A (en) * | 2012-03-21 | 2012-08-01 | 重庆科技学院 | Commodity anti-counterfeiting identification system and commodity anti-counterfeiting identification method |
| CN104519066A (en) * | 2014-12-23 | 2015-04-15 | 飞天诚信科技股份有限公司 | Method for activating token of mobile terminal |
| CN105743916A (en) * | 2016-04-03 | 2016-07-06 | 北京动石科技有限公司 | Information processing method, system and device for enhancing access security |
| KR101709276B1 (en) * | 2016-11-17 | 2017-02-22 | (주)세이퍼존 | Endpoint Security Server Management System |
| CN106657032A (en) * | 2016-12-05 | 2017-05-10 | 北京博惠城信息科技有限公司 | System and method for realizing identity identification and data authentication based on security medium confidential short message |
| CN106850699A (en) * | 2017-04-10 | 2017-06-13 | 中国工商银行股份有限公司 | A kind of mobile terminal login authentication method and system |
| JP2017107343A (en) * | 2015-12-08 | 2017-06-15 | キヤノン株式会社 | Authentication cooperation system, authentication cooperation method, authorization server, and program |
| CN107113315A (en) * | 2016-04-15 | 2017-08-29 | 深圳前海达闼云端智能科技有限公司 | Identity authentication method, terminal and server |
| CN206993151U (en) * | 2017-07-06 | 2018-02-09 | 北京承启通科技有限公司 | Network signal security authentication systems |
| WO2018058544A1 (en) * | 2016-09-30 | 2018-04-05 | 华为技术有限公司 | Service authentication method, system, and related devices |
| CN109033801A (en) * | 2018-07-25 | 2018-12-18 | 努比亚技术有限公司 | Method, mobile terminal and the storage medium of application program verification user identity |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8676710B2 (en) * | 2010-11-22 | 2014-03-18 | Netapp, Inc. | Providing security in a cloud storage environment |
| AU2013312578A1 (en) * | 2012-09-10 | 2015-04-02 | Nwstor Limited | Data security management system |
-
2019
- 2019-12-30 CN CN201911389196.7A patent/CN111176710B/en active Active
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JPH096608A (en) * | 1995-06-22 | 1997-01-10 | Matsushita Electric Ind Co Ltd | Software protection system |
| CN102622624A (en) * | 2012-03-21 | 2012-08-01 | 重庆科技学院 | Commodity anti-counterfeiting identification system and commodity anti-counterfeiting identification method |
| CN104519066A (en) * | 2014-12-23 | 2015-04-15 | 飞天诚信科技股份有限公司 | Method for activating token of mobile terminal |
| JP2017107343A (en) * | 2015-12-08 | 2017-06-15 | キヤノン株式会社 | Authentication cooperation system, authentication cooperation method, authorization server, and program |
| CN105743916A (en) * | 2016-04-03 | 2016-07-06 | 北京动石科技有限公司 | Information processing method, system and device for enhancing access security |
| CN107113315A (en) * | 2016-04-15 | 2017-08-29 | 深圳前海达闼云端智能科技有限公司 | Identity authentication method, terminal and server |
| WO2018058544A1 (en) * | 2016-09-30 | 2018-04-05 | 华为技术有限公司 | Service authentication method, system, and related devices |
| KR101709276B1 (en) * | 2016-11-17 | 2017-02-22 | (주)세이퍼존 | Endpoint Security Server Management System |
| CN106657032A (en) * | 2016-12-05 | 2017-05-10 | 北京博惠城信息科技有限公司 | System and method for realizing identity identification and data authentication based on security medium confidential short message |
| CN106850699A (en) * | 2017-04-10 | 2017-06-13 | 中国工商银行股份有限公司 | A kind of mobile terminal login authentication method and system |
| CN206993151U (en) * | 2017-07-06 | 2018-02-09 | 北京承启通科技有限公司 | Network signal security authentication systems |
| CN109033801A (en) * | 2018-07-25 | 2018-12-18 | 努比亚技术有限公司 | Method, mobile terminal and the storage medium of application program verification user identity |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111176710A (en) | 2020-05-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108810029B (en) | Authentication system and optimization method between micro-service architecture services | |
| CN111176710B (en) | Operation method of terminal software management system and terminal software management system | |
| CN105915338B (en) | Generate the method and system of key | |
| CN111737366B (en) | Private data processing method, device, equipment and storage medium of block chain | |
| CN110719173B (en) | Information processing method and device | |
| CN108737171B (en) | Method and system for managing cloud service cluster | |
| WO2020173332A1 (en) | Trusted execution environment-based application activation method and apparatus | |
| CN107733636B (en) | Authentication method and authentication system | |
| CN103746801A (en) | Method for protecting dynamic password seed key on smart phone or tablet personal computer | |
| US9672367B2 (en) | Method and apparatus for inputting data | |
| CN105592071A (en) | Method and device for authorization between devices | |
| CN109936552A (en) | A kind of cipher key authentication method, server and system | |
| CN105847000A (en) | Token generation method and communication system based on same | |
| EP3292654B1 (en) | A security approach for storing credentials for offline use and copy-protected vault content in devices | |
| JPH08320847A (en) | Password management system | |
| KR20180087543A (en) | Key management method and fido authenticator software authenticator | |
| CN112003697A (en) | Encryption and decryption method and device for cryptographic module, electronic equipment and computer storage medium | |
| JP2014022920A (en) | Electronic signature system, electronic signature method, and electronic signature program | |
| KR102288444B1 (en) | Firmware updating method, apparatus and program of authentication module | |
| CN111404680B (en) | Password management method and device | |
| KR20020040378A (en) | Method for Authentication without Password Transmission on the basis of Public Key | |
| CN112131597A (en) | Method and device for generating encrypted information and intelligent equipment | |
| CN106998250A (en) | The method that mobile phone dynamically manages computer operating system login password | |
| CN105790931B (en) | A kind of cryptographic key distribution method, the network equipment, terminal device and system | |
| JP2020096321A (en) | Authentication system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |