CN112329045B - Encryption lock setting method, client and server - Google Patents

Encryption lock setting method, client and server Download PDF

Info

Publication number
CN112329045B
CN112329045B CN202011328387.5A CN202011328387A CN112329045B CN 112329045 B CN112329045 B CN 112329045B CN 202011328387 A CN202011328387 A CN 202011328387A CN 112329045 B CN112329045 B CN 112329045B
Authority
CN
China
Prior art keywords
lock
encryption
distributor
client
permission
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011328387.5A
Other languages
Chinese (zh)
Other versions
CN112329045A (en
Inventor
孙吉平
李海鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Senseshield Technology Co Ltd
Original Assignee
Beijing Senseshield Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Senseshield Technology Co Ltd filed Critical Beijing Senseshield Technology Co Ltd
Priority to CN202011328387.5A priority Critical patent/CN112329045B/en
Publication of CN112329045A publication Critical patent/CN112329045A/en
Application granted granted Critical
Publication of CN112329045B publication Critical patent/CN112329045B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Abstract

The application discloses an encryption lock setting method, a client and a server, wherein the method comprises the following steps: receiving a lock setting permission sent by a server, and writing the lock setting permission into a distributor lock, wherein the lock setting permission contains user information of a user using an encryption lock; sending a lock setting request to a server based on lock setting permission in a distributor lock, and receiving private data fed back by the server based on the lock setting request; wherein the private data is generated based on the user information; the private data is written to the dongle to enable the dongle to perform operations related to the user information based at least on the private data. The method provides a feasible encryption lock distribution mode for the distributor, and an encryption lock manufacturer does not need to deploy a part of production subsystems for secondarily setting the semi-finished encryption lock to the distributor, so that the operation flow of secondary setting by the distributor is simplified, and the method has high safety.

Description

Encryption lock setting method, client and server
Technical Field
The present application relates to the field of encryption lock technologies, and in particular, to an encryption lock setting method, a client, and a server.
Background
The product manufacturer has successful products, the distributor has wide sales channels, if the products produced by the manufacturer are to realize maximum profit in a certain area, the optimal scheme is to cooperate with local distributors, the manufacturer saves cost, the distributor earns intermediate profits, and the consumer has a long-term stable purchase channel to achieve the purpose of three-win.
This mode of sale also exists in the field of software protection, most commonly the distribution channel sale of hardware dongle. In the age of the single chip microcomputer, the requirement of the user on the encryption lock is not high, only the number of the encryption lock or the count in the lock is obtained, the encryption locks taken by all the users are not different, and the distributor can sell the encryption lock of the manufacturer to any user.
After the encryption lock enters the smart card era, due to the requirement of a user on higher security, the private data of the user is required to be written into the encryption lock when the encryption lock leaves a factory, that is, the encryption lock purchased by the user A from a manufacturer is attached with the private data of the user A, and even if the encryption lock is sold to the user B, the user B cannot use the encryption lock. This form presents a significant problem to the manufacturer, who is unable to cooperate with the distributor, to maximize the benefits, especially in the overseas market, where the manufacturer has little direct marketing channel, and the form of the dongle substantially loses the opportunity for distribution mode sales.
Disclosure of Invention
In view of the above problems in the prior art, the present application provides an encryption lock setting method, a client, and a server, and the technical solution adopted in the embodiments of the present application is as follows:
a method for setting an encryption lock is applied to a client and comprises the following steps:
receiving a lock setting permission sent by a server, and writing the lock setting permission into a distributor lock, wherein the lock setting permission contains user information of a user using the encryption lock;
sending a lock setting request to the server based on the lock setting permission in the distributor lock, and receiving private data fed back by the server based on the lock setting request; wherein the private data is generated based on the user information;
writing the private data to the dongle to enable the dongle to perform operations related to the user information based at least on the private data.
In some embodiments, a first encryption and decryption module is preset in the encryption lock, and the receiving of the private data fed back by the server based on the lock setting request includes:
receiving a first encrypted data packet fed back by the server based on the user information; wherein the first encrypted data packet contains the private data;
correspondingly, the writing the private data into the encryption lock includes:
and writing the first encrypted data packet into the encryption lock, and analyzing the first encrypted data packet through the first encryption and decryption module to obtain the private data.
In some embodiments, a second encryption and decryption module is preset in the distributor lock, and the receiving a lock setting permission sent by the server writes the lock setting permission into the distributor lock includes:
receiving a second encrypted data packet sent by the server; wherein the second encrypted data packet contains the lock setting permission;
and writing the second encrypted data packet into the distributor lock, and analyzing the second encrypted data packet through the second encryption and decryption module to obtain the lock setting permission.
In some embodiments, the method further comprises:
sending a registration request to the server based on distributor information associated with the client to cause the server to write the second encryption and decryption module into the distributor lock based on the distributor information.
In some embodiments, the lock setting permission comprises a number of permissions, the method further comprising:
acquiring the execution times of the sending operation of the locking request sent to the server;
and when the execution times reaches the permission times, forbidding the sending operation of the locking request.
In some embodiments, the locking license is generated for the server based on a received license request, wherein the license request includes the user information and distributor information associated with the client.
In some embodiments, the method further comprises:
and receiving a revocation instruction sent by the server, and writing the revocation instruction into the distributor lock so as to revoke the lock setting permission written into the distributor lock.
A method for setting an encryption lock is applied to a server and comprises the following steps:
receiving a permission request sent by a user side, wherein the permission request comprises user information of a user using the encryption lock and distributor information of the client side;
generating a lock setting permission based on the user information and the distributor information, and sending the lock setting permission to the client so as to write the lock setting permission into a distributor lock through the client;
and receiving a locking request sent by the client based on the locking permission, feeding back private data generated based on the user information to the client based on the locking request, and writing the private data into the encryption lock through the client so that the encryption lock can execute operation related to the user information based on at least the private data.
A client, comprising:
the first receiving module is used for receiving a lock setting permission sent by the server and writing the lock setting permission into a distributor lock, wherein the lock setting permission comprises user information of a user using the encryption lock;
the first sending module is used for sending a lock setting request to the server side based on the lock setting permission in the distributor lock and receiving private data fed back by the server side based on the lock setting request; wherein the private data is generated based on the user information;
a first writing module to write the private data to the dongle to enable the dongle to perform operations related to the user information based at least on the private data.
A server, comprising:
the second receiving module is used for receiving a permission request sent by a user side, wherein the permission request comprises user information of a user using the encryption lock and distributor information of a client side;
the generating module is used for generating a lock setting permission based on the user information and the distributor information, and sending the lock setting permission to the client so as to write the lock setting permission into a distributor lock through the client;
and the feedback module is used for receiving a locking request sent by the client based on the locking permission, feeding back private data generated based on the user information to the client based on the locking request, and writing the private data into the encryption lock through the client so that the encryption lock can execute operation related to the user information based on at least the private data.
A computer-readable storage medium having stored therein computer-executable instructions that, when executed, implement a dongle setting method as described above.
According to the encryption lock setting method, a distributor can set the semi-finished encryption lock based on the lock setting permission issued by a manufacturer, so that the finished encryption lock with higher security is formed, a feasible encryption lock distribution mode is provided for the distributor, the distributor is guaranteed to distribute in an authorized range, and due to the fact that private data are generated by a server and sent to a client, only writing operation is executed through the client, data security of users using the encryption lock manufacturer and the encryption lock can be guaranteed, and higher security is achieved. In addition, by adopting the implementation mode, the encryption lock manufacturer does not need to deploy a part of production subsystems for secondarily setting the semi-finished encryption lock to a distributor, so that the safety of the production system of the encryption lock manufacturer is effectively ensured, the permission of the distributor is limited, and the operation flow of the secondary setting of the distributor is simplified.
Drawings
FIG. 1 is a flowchart of an embodiment of a dongle setting method according to an embodiment of the present application;
FIG. 2 is a flowchart of another embodiment of a dongle setting method according to an embodiment of the present application;
FIG. 3 is a flowchart of another embodiment of a dongle setting method according to an embodiment of the present application;
fig. 4 is a block diagram of a client according to an embodiment of the present application;
fig. 5 is a block diagram of a server according to an embodiment of the present application.
Detailed Description
Various aspects and features of the present application are described herein with reference to the drawings.
It will be understood that various modifications may be made to the embodiments of the present application. Accordingly, the foregoing description should not be construed as limiting, but merely as exemplifications of embodiments. Those skilled in the art will envision other modifications within the scope and spirit of the application.
The accompanying drawings, which are incorporated in and constitute a part of the specification, illustrate embodiments of the application and, together with a general description of the application given above and the detailed description of the embodiments given below, serve to explain the principles of the application.
These and other characteristics of the present application will become apparent from the following description of preferred forms of embodiment, given as non-limiting examples, with reference to the attached drawings.
It is also to be understood that although the present application has been described with reference to some specific examples, those skilled in the art are able to ascertain many other equivalents to the practice of the present application.
The above and other aspects, features and advantages of the present application will become more apparent in view of the following detailed description when taken in conjunction with the accompanying drawings.
Specific embodiments of the present application are described hereinafter with reference to the accompanying drawings; however, it is to be understood that the disclosed embodiments are merely exemplary of the application, which can be embodied in various forms. Well-known and/or repeated functions and constructions are not described in detail to avoid obscuring the application of unnecessary or unnecessary detail. Therefore, specific structural and functional details disclosed herein are not to be interpreted as limiting, but merely as a basis for the claims and as a representative basis for teaching one skilled in the art to variously employ the present application in virtually any appropriately detailed structure.
The specification may use the phrases "in one embodiment," "in another embodiment," "in yet another embodiment," or "in other embodiments," which may each refer to one or more of the same or different embodiments in accordance with the application.
A dongle is a type of encryption device that is generally used to provide protection for software and data from unauthorized use. Specifically, the encryption lock may include a control lock and a user lock, where the control lock is an identification of a software developer, is used to encrypt and decrypt software or data, and is also used to issue an authorization permission to the user lock or issue a user lock upgrade file, etc.; the user lock is an identification of a software user, and is used for being plugged into the electronic equipment to decrypt software or data so as to legally use the decrypted software or data. The encryption lock described in the present application may include a control lock and a user lock, and accordingly, the user of the encryption lock may include a software developer and a user of software or data.
The embodiment of the application provides an encryption lock setting method which is applied to a client used by a distributor. The distributor acquires the encryption lock from the manufacturer or the developer of the encryption lock, and sells or distributes the encryption lock to the user (mainly the software developer, and possibly the client of the software developer, namely the software user and the like) of the encryption lock through a distribution channel. The client may be a fixed terminal formed by a fixed electronic device such as a desktop computer, or a mobile terminal formed by a mobile electronic device such as a notebook computer, a smart phone, and a tablet computer. The client can interactively cooperate with the server used by the manufacturer of the encryption lock to complete the setting of the encryption lock so as to form the encryption lock with the private data of the user inside, thereby providing a feasible encryption lock distribution mode for the manufacturer and distributor of the encryption lock.
Referring to fig. 1, a method for setting a dongle according to an embodiment of the present application specifically includes the following steps:
s101, receiving a lock setting permission sent by a server, and writing the lock setting permission into a distributor lock.
The distributor lock is an encryption lock held by the distributor, serves as an identity of the distributor, is used for being connected with the client and is matched with the client to set the encryption lock acquired or purchased by the user. The distributor lock is issued to the distributor by the manufacturer of the dongle. Specifically, the distributor can send a registration request for becoming the distributor to the server through the client, the registration request can include distributor information, and after the distributor is approved by the manufacturer, the distributor information can be placed into the distributor lock through the server and the distributor lock is issued to the distributor. During the distribution and sale process of the distributor, a request for obtaining the encryption lock can be sent to the server side through the client side, and the manufacturer issues the encryption lock of the semi-finished product without the private data of the user to the distributor based on the request.
The lock permit is used to permit the distributor to set the dongle to form a dongle containing private data for use by the user. The lock setting permission may contain user information of a user who uses the encryption lock, and of course, the lock setting permission may also contain distributor information of a distributor who is a subject to be permitted. For example, the user information of the user may uniquely identify one user, for example, may be a unique ID of a software developer.
In one case, an update request for requesting an update of the locking permission may be sent by the client to the server to trigger the server to send the locking permission. For example, after the distributor lock is connected with the client, the client may send an update request to the server in response to an operation of the distributor, the update request may include distributor information of the distributor, and the server may acquire a lock setting permission based on the distributor information and feed back the lock setting permission to the client. And then, writing the acquired lock setting permission into the distributor lock by the client so that the distributor lock has the right to set the encryption lock.
The client can also respond to the connection operation of the distributor lock and the client and automatically send an updating request to the server, so that the acquisition of the lock setting permission can be automatically completed and the lock setting permission can be written into the distributor lock without active operation of the distributor every time the distributor connects the distributor lock and the client.
In another case, the locking license may also be actively sent to the client by the server, for example, after the server generates the locking license, the locking license may be actively sent to the client based on distributor information in the locking license, and when the distributor lock is connected with the client, the locking license is written into the distributor lock. Or the server side can actively send a notice to the client side after the lock setting permission is generated so as to prompt the distributor to connect the distributor lock with the client side and send an updating request, so that the updating operation of the lock setting permission is completed.
The lock setting permission can be created in various ways, for example, in one case, the lock setting permission can be generated based on an update request, for example, the update request can include distributor information and user information of a user, and after receiving the update request, the server can generate the lock setting permission based on the update request and feed the lock setting permission back to the client.
In another case, the locking license may be generated by the service end based on a license request sent by the user end of the user. For example, the user can send a license request for buying the encryption lock from the distributor to the server through the user side, the license request can contain the user information of the user and the distributor information of the distributor, and the server generates the lock setting license after receiving the license request. Therefore, the controllability of the distribution channel can be further improved, the data safety of the user is guaranteed, and illegal acquisition of the locking permission by the distributor assuming the user information of the user is avoided.
S102, sending a lock setting request to the server side based on the lock setting permission in the distributor lock, and receiving private data fed back by the server side based on the lock setting request; wherein the private data is generated based on the user information.
When the user acquires the encryption lock from the distributor, the distributor can connect the distributor lock with the client, and the client can check the setting lock permission in the distributor lock. In specific implementation, a distributor is usually associated with a plurality of users, a plurality of lock setting permissions can be simultaneously arranged in a distributor lock, and corresponding lock setting permissions can be selected according to different users. And then, sending a locking request to the server side through the client side based on the selected locking permission.
The lock setting request may include user information of the user and distributor information of the distributor. After receiving the lock setting request, the server may invoke the pre-generated private data based on the lock setting request. For example, before generating the lock setting permission, the user may first send a request for becoming the user to the server through the user side, where the request may include user information of the user, and the server may generate and store corresponding private data based on the user information when registering the user account based on the user information. And when the locking permission sent by the client is received, the stored private data is called and fed back to the client. Of course, the private data can also be generated in real time based on the user information in the lock setting request and fed back to the client.
S103, writing the private data into the encryption lock so that the encryption lock can execute the operation related to the user information at least based on the private data.
In the setting process, the encryption lock to be set can be connected with the client, so that the client can write the private data into the encryption lock after acquiring the private data, and the encryption lock becomes a finished product encryption lock.
In particular, private data may include data such as the use of a user's independent private key, certificate, and encryption and decryption keys. The operation related to the user information may include: the user of the encryption lock encrypts, authorizes or decrypts the data and the like. For example, when the encryption lock is a control lock, the user may perform encryption and decryption operations on software or data based on private data in the control lock. For example, a software developer may compress the developed software based on the control lock, so that the original program code exists in the disk file in an encrypted form, and a user using the software can run the software only by obtaining a use right, decrypting and restoring the original program code during the use process. Of course, this is merely one example of encrypting software based on a control lock through which various encryption or decryption operations may be performed on software or data in a particular implementation. The control lock can also be used for issuing license authorization to the user lock, and the user using the software can decrypt and restore the encrypted original program code or data only based on the user lock so as to ensure that the user using the software uses the software or the data legally.
According to the encryption lock setting method, after the client receives the lock setting permission sent by the server, the lock setting permission can be written into a distributor lock connected with the client, so that the distributor lock obtains the permission for setting the semi-finished encryption lock, then, a lock setting request can be sent to the server based on the lock setting permission, and after the private data fed back by the server based on the lock setting request is obtained, the private data can be written into the semi-finished encryption lock, so that the finished encryption lock with the private data is formed. The method enables the distributor to set the encryption lock of the semi-finished product based on the lock setting permission issued by the manufacturer, thereby forming the finished encryption lock with higher security, not only providing a feasible encryption lock distribution mode for the distributor, but also ensuring that the distributor distributes in an authorized range. In addition, by adopting the implementation mode, the encryption lock manufacturer does not need to deploy a part of production subsystems for secondarily setting the semi-finished encryption lock to a distributor, so that the safety of the production system of the encryption lock manufacturer is effectively ensured, the permission of the distributor is limited, and the operation flow of the secondary setting of the distributor is simplified.
In some embodiments, as shown in FIG. 2, the dongle may be pre-loaded with vendor critical data, and the critical data is configured to be non-deletable and non-modifiable. That is, when the manufacturer produces the semi-finished dongle, the key data is already fixed in the dongle, and after the distributor writes the private data of the user into the dongle, the key data and the private data may together form a complete encryption and decryption system. The critical data may include data such as the vendor's independent private key, certificate, and encryption and decryption keys. The key data can be data with strong privacy, and in order to avoid the leakage of the part of data through the client of the distributor and threaten the data security of the manufacturer, the key data can be preset in the encryption lock and configured to be undeletable and modifiable. Therefore, on the basis of meeting the requirement of the distributor for distribution behaviors, the leakage of key data can be avoided, and the data safety and the commercial benefits of manufacturers are effectively guaranteed.
In some embodiments, the encryption lock may further have a first encryption and decryption module preset therein, and the receiving of the private data fed back by the server based on the lock setting request includes:
receiving a first encrypted data packet fed back by the server based on the user information; wherein the first encrypted data packet contains the private data;
correspondingly, the writing the private data into the encryption lock includes:
and writing the first encrypted data packet into the encryption lock, and analyzing the first encrypted data packet through the first encryption and decryption module to obtain the private data.
The first encryption and decryption module can be used as a part of key data and is preset in the encryption lock when a manufacturer produces the encryption lock, and the first encryption and decryption module is used for carrying out decryption operation on data sent by the server or carrying out encryption operation on data sent to the server. The first encryption and decryption module is preset in the encryption lock, so that the encryption lock can carry out encryption communication with the server side, and data leakage can be avoided.
The encryption lock setting method is specifically applied to the encryption lock setting method, and can be configured in such a way that the client receives the private data which is encrypted by the server to generate a first encrypted data packet, writes the first data packet into the encryption lock by the client, and obtains the private data after the first encrypted data packet is analyzed by a first encryption and decryption module in the encryption lock. Because a manufacturer usually does not configure the first encryption and decryption module in the client and distributor locks, the client and distributor locks only forward the first encrypted data packet in the process of setting the encryption locks, and cannot acquire the data content in the first encrypted data packet, the data security of distribution behaviors can be further improved, and the data security of the manufacturer and the data security of users can be effectively guaranteed.
In some embodiments, a second encryption and decryption module is preset in the distributor lock, and the receiving a lock setting permission sent by the server writes the lock setting permission into the distributor lock includes:
receiving a second encrypted data packet sent by the server; wherein the second encrypted data packet contains the lock setting permission;
and writing the second encrypted data packet into the distributor lock, and analyzing the second encrypted data packet through the second encryption and decryption module to obtain the lock setting permission.
The second encryption and decryption lock block is used for carrying out decryption operation on data sent by the server or carrying out encryption operation on the data sent by the server, and the distributor lock can carry out encryption communication with the server by presetting the second encryption and decryption module in the distributor lock.
Specifically, the client side receiving server side writes the second encrypted data packet into the distributor lock based on the second encrypted data packet generated by the encryption operation on the lock setting permission, and analyzes the second encrypted data packet through a second encryption decryption module in the distributor lock so as to write the lock setting permission into the distributor lock, so that the lock setting permission can be ensured not to be leaked in the sending process, and thus, the data security can be further improved.
In a preferred embodiment, the method further comprises:
sending a registration request to the server based on distributor information associated with the client to cause the server to write the second encryption and decryption module into the distributor lock based on the distributor information.
That is, when the distributor applies for registration as a distributor, the manufacturer writes the second encryption/decryption module into the distributor lock through the service end, so that the second encryption/decryption module can be prevented from being written into the distributor lock in a network transmission manner, and then data leakage of the second encryption/decryption module is prevented, thereby ensuring the security of the encrypted communication link between the distributor lock and the service end. When the encryption and decryption module is implemented, the second encryption and decryption module can also be configured to be unmodified and deleted.
In some embodiments, the lock setting permission comprises a number of permissions, the method further comprising:
acquiring the execution times of the sending operation of the locking request sent to the server;
and when the execution times reaches the permission times, forbidding the sending operation of the locking request.
That is, the lock setting permission includes not only distributor information of a distributor as a permission target and user information of a usage user of the dongle but also the number of permissions for allowing the distributor to set the number of the dongle for a specific usage user.
Specifically, the number of purchased locks may be set in a permission request sent by the user through the user side, so that the server side may set the permission number based on the number of purchased locks. When the configuration client sends the lock setting request to the server, the configuration client counts the sending operation of the lock setting request and writes the execution times into the distributor lock. Before sending a lock setting request to a server, a client can call the number of permission for setting lock permission and the number of execution times corresponding to the lock setting permission from a distributor lock, judge whether the number of execution times reaches the number of permission times, and if the number of execution times does not reach the number of permission times, execute the sending operation of sending the lock setting request to the server so as to obtain private data from the server and write the private data into an encryption lock to complete the setting of the encryption lock; if the permission number is reached, the transmission operation of the lock setting request is prohibited. Therefore, the number of the encryption locks set by the distributor for a specific user can be controlled, and the situation that the data security of the user is threatened due to the fact that the distributor sets the encryption locks special for the specific user privately is avoided under the condition that the lock purchasing requirement of the user is met.
In some embodiments, the method further comprises:
and receiving a revocation instruction sent by the server, and writing the revocation instruction into the distributor lock so as to revoke the lock setting permission written into the distributor lock.
Specifically, when a user decides to replace a distributor or the actual number of purchased locks is less than the number of times of permission, in order to ensure the data security of the user and avoid the distributor having the right to continue to set an encryption lock with private data, a revocation request can be sent to a server through a user side, the revocation request can include user information and distributor information, after the server receives the revocation request, the corresponding permission for setting the lock can be determined based on the user information and the distributor information, and when the permission for setting the lock is judged to be still valid, a revocation instruction can be sent to a corresponding client based on the distributor information. After the client receives the revocation instruction sent by the server, if the distributor lock is determined to be connected with the client, the revocation instruction is written into the distributor lock so as to revoke the lock setting permission written into the distributor lock, and therefore the distributor lock no longer has the right of setting the encryption lock special for the user.
Referring to fig. 3, an embodiment of the present application further provides a method for setting an encryption lock, which is applied to a server used by an encryption lock manufacturer, and includes:
s201, receiving a permission request sent by a user side, wherein the permission request comprises user information of a user using the encryption lock and distributor information of a client side;
s202, generating a lock setting permission based on the user information and the distributor information, and sending the lock setting permission to the client so as to write the lock setting permission into a distributor lock through the client;
s203, receiving a locking request sent by the client based on the locking permission, feeding back private data generated based on the user information to the client based on the locking request, and writing the private data into the encryption lock through the client so that the encryption lock can execute operation related to the user information based on the private data.
In some embodiments, a first encryption and decryption module is preset in the encryption lock; the generating of private data based on the user information is fed back to the client based on the lock setting request so as to write the private data into the encryption lock through the client, and the generating of private data comprises the following steps:
obtaining the private data generated based on the user information based on the locking request;
encrypting the private data to generate the first encrypted data;
and sending the first encrypted data to the client, so that the first encrypted data is written into the encryption lock through the client, and the first encrypted data packet is analyzed through the first encryption and decryption module to obtain the private data.
In some embodiments, a second encryption and decryption module is preset in the distributor lock; the sending the lock setting permission to the client to write the lock setting permission into a distributor lock through the client comprises:
encrypting the lock setting permission to generate a second encrypted data packet;
and sending the second encrypted data packet to the client, writing the second encrypted data packet into the distributor lock through the client, and analyzing the second encrypted data packet through the second encryption and decryption module to obtain the lock setting permission.
In some embodiments, the method further comprises:
and receiving a registration request containing the distributor information sent by the client, and writing the distributor information and the second encryption and decryption module in a distributor lock.
In some embodiments, the method further comprises:
and sending a revocation instruction to the client, and writing the revocation instruction into the distributor lock through the client so as to revoke the lock setting permission written into the distributor lock.
Referring to fig. 4, an embodiment of the present application further provides a client, which includes:
a first receiving module 11, configured to receive a lock setting permission sent by a server, and write the lock setting permission into a distributor lock, where the lock setting permission includes user information of a user using the encryption lock;
a first sending module 12, configured to send a lock setting request to the server based on the lock setting permission in the distributor lock, and receive private data fed back by the server based on the lock setting request; wherein the private data is generated based on the user information;
a first writing module 13, configured to write the private data into the dongle, so that the dongle can perform an operation related to the user information based on the private data.
In some embodiments, a first encryption and decryption module is preset in the encryption lock, and the sending module is specifically configured to:
receiving a first encrypted data packet fed back by the server based on the user information; wherein the first encrypted data packet contains the private data;
correspondingly, the write module is specifically configured to:
and writing the first encrypted data packet into the encryption lock, and analyzing the first encrypted data packet through the first encryption and decryption module to obtain the private data.
In some embodiments, a second encryption/decryption module is preset in the distributor lock, and the first receiving module 11 is specifically configured to:
receiving a second encrypted data packet sent by the server; wherein the second encrypted data packet contains the lock setting permission;
and writing the second encrypted data packet into the distributor lock, and analyzing the second encrypted data packet through the second encryption and decryption module to obtain the lock setting permission.
In some embodiments, the client further comprises:
a second sending module, configured to send a registration request to the server based on distributor information associated with the client, so that the server writes the second encryption and decryption module into the distributor lock based on the distributor information.
In some embodiments, the lock setting permission includes a permission number, and the client further includes an obtaining module, where the obtaining module is specifically configured to:
acquiring the execution times of the sending operation of the locking request sent to the server;
and when the execution times reaches the permission times, forbidding the sending operation of the locking request.
In some embodiments, the locking license is generated for the server based on a received license request, wherein the license request includes the user information and distributor information associated with the client.
In some embodiments, the client further comprises:
and the second writing module is used for receiving a revocation instruction sent by the server and writing the revocation instruction into the distributor lock so as to revoke the lock setting permission written into the distributor lock.
Referring to fig. 5, an embodiment of the present application further provides a server, which includes:
a second receiving module 21, configured to receive a license request sent by a user side, where the license request includes user information of a user using the dongle and distributor information of a client;
a generating module 22, configured to generate a lock setting permission based on the user information and the distributor information, and send the lock setting permission to the client, so that the lock setting permission is written into a distributor lock through the client;
a feedback module 23, configured to receive a lock setting request sent by the client based on the lock setting permission, and feedback, to the client, generation of private data based on the user information based on the lock setting request, so as to write the private data into the dongle through the client, so that the dongle can perform an operation related to the user information based on the private data.
In some embodiments, a first encryption and decryption module is preset in the encryption lock; the feedback module 23 is specifically configured to:
obtaining the private data generated based on the user information based on the locking request;
encrypting the private data to generate the first encrypted data;
and sending the first encrypted data to the client, so that the first encrypted data is written into the encryption lock through the client, and the first encrypted data packet is analyzed through the first encryption and decryption module to obtain the private data.
In some embodiments, a second encryption and decryption module is preset in the distributor lock; the generating module 22 is specifically configured to:
encrypting the lock setting permission to generate a second encrypted data packet;
and sending the second encrypted data packet to the client, writing the second encrypted data packet into the distributor lock through the client, and analyzing the second encrypted data packet through the second encryption and decryption module to obtain the lock setting permission.
In some embodiments, the server further comprises:
and the third writing module is used for receiving a registration request containing the distributor information sent by the client, and writing the distributor information and the second encryption and decryption module in a distributor lock.
In some embodiments, the server further comprises:
and the third sending module is used for sending a revocation instruction to the client, and writing the revocation instruction into the distributor lock through the client so as to revoke the lock setting permission written into the distributor lock.
The embodiment of the present application further provides a computer-readable storage medium, in which computer-executable instructions are stored, and when the computer-executable instructions in the computer-readable storage medium are executed, the method for setting an encryption lock according to any of the above embodiments is implemented.
The above embodiments are only exemplary embodiments of the present application, and are not intended to limit the present application, and the protection scope of the present application is defined by the claims. Various modifications and equivalents may be made by those skilled in the art within the spirit and scope of the present application and such modifications and equivalents should also be considered to be within the scope of the present application.

Claims (10)

1. A method for setting an encryption lock is applied to a client and comprises the following steps:
receiving a lock setting permission sent by a server, and writing the lock setting permission into a distributor lock, wherein the lock setting permission contains user information of a user using the encryption lock;
sending a lock setting request to the server based on the lock setting permission in the distributor lock, and receiving private data fed back by the server based on the lock setting request; wherein the private data is generated based on the user information;
writing the private data to the dongle to enable the dongle to perform operations related to the user information based at least on the private data;
the method for receiving the private data fed back by the server based on the lock setting request includes:
receiving a first encrypted data packet fed back by the server based on the user information; wherein the first encrypted data packet contains the private data;
correspondingly, the writing the private data into the encryption lock includes:
and writing the first encrypted data packet into the encryption lock, and analyzing the first encrypted data packet through the first encryption and decryption module to obtain the private data.
2. The encryption lock setting method according to claim 1, wherein a second encryption/decryption module is preset in the distributor lock, and the receiving of the lock setting permission sent by the server writes the lock setting permission into the distributor lock includes:
receiving a second encrypted data packet sent by the server; wherein the second encrypted data packet contains the lock setting permission;
and writing the second encrypted data packet into the distributor lock, and analyzing the second encrypted data packet through the second encryption and decryption module to obtain the lock setting permission.
3. The dongle setting method according to claim 2, wherein the method further comprises:
sending a registration request to the server based on distributor information associated with the client to cause the server to write the second encryption and decryption module into the distributor lock based on the distributor information.
4. The dongle setting method according to claim 1, wherein the set permission includes a number of permissions, the method further comprising:
acquiring the execution times of the sending operation of the locking request sent to the server;
and when the execution times reaches the permission times, forbidding the sending operation of the locking request.
5. The dongle setting method according to claim 1, wherein the locking license is generated for the server based on a received license request, wherein the license request contains the user information and distributor information associated with the client.
6. The dongle setting method according to claim 1, further comprising:
and receiving a revocation instruction sent by the server, and writing the revocation instruction into the distributor lock so as to revoke the lock setting permission written into the distributor lock.
7. A method for setting an encryption lock is applied to a server and comprises the following steps:
receiving a permission request sent by a user side, wherein the permission request comprises user information of a user using the encryption lock and distributor information of the client side;
generating a lock setting permission based on the user information and the distributor information, and sending the lock setting permission to the client so as to write the lock setting permission into a distributor lock through the client;
receiving a locking request sent by the client based on the locking permission, feeding back private data generated based on the user information to the client based on the locking request, and writing the private data into the encryption lock through the client so that the encryption lock can execute operation related to the user information based on at least the private data;
wherein, a first encryption and decryption module is preset in the encryption lock; the generating of private data based on the user information is fed back to the client based on the lock setting request so as to write the private data into the encryption lock through the client, and the generating of private data comprises the following steps:
obtaining the private data generated based on the user information based on the locking request;
encrypting the private data to generate a first encrypted data packet;
and sending the first encrypted data packet to the client, writing the first encrypted data packet into the encryption lock through the client, and analyzing the first encrypted data packet through the first encryption and decryption module to obtain the private data.
8. A client, comprising:
the system comprises a first receiving module, a second receiving module and a locking module, wherein the first receiving module is used for receiving a locking permission sent by a server and writing the locking permission into a distributor lock, and the locking permission contains user information of a user using an encryption lock;
the first sending module is used for sending a lock setting request to the server side based on the lock setting permission in the distributor lock and receiving private data fed back by the server side based on the lock setting request; wherein the private data is generated based on the user information;
a first writing module for writing the private data into the dongle to enable the dongle to perform operations related to the user information based at least on the private data;
the encryption lock is preset with a first encryption and decryption module, and the sending module is specifically configured to:
receiving a first encrypted data packet fed back by the server based on the user information; wherein the first encrypted data packet contains the private data;
correspondingly, the write module is specifically configured to:
and writing the first encrypted data packet into the encryption lock, and analyzing the first encrypted data packet through the first encryption and decryption module to obtain the private data.
9. A server, comprising:
the second receiving module is used for receiving a permission request sent by a user side, wherein the permission request comprises user information of a user using the encryption lock and distributor information of a client side;
the generating module is used for generating a lock setting permission based on the user information and the distributor information, and sending the lock setting permission to the client so as to write the lock setting permission into a distributor lock through the client;
a feedback module, configured to receive a lock setting request sent by the client based on the lock setting permission, and feedback, to the client, generation of private data based on the user information based on the lock setting request, so as to write the private data into the encryption lock through the client, so that the encryption lock can perform an operation related to the user information based on at least the private data;
wherein, a first encryption and decryption module is preset in the encryption lock; the feedback module is specifically configured to:
obtaining the private data generated based on the user information based on the locking request;
encrypting the private data to generate a first encrypted data packet;
and sending the first encrypted data packet to the client, writing the first encrypted data packet into the encryption lock through the client, and analyzing the first encrypted data packet through the first encryption and decryption module to obtain the private data.
10. A computer-readable storage medium having computer-executable instructions stored therein, wherein the method of any one of claims 1-6 is implemented when the computer-executable instructions in the computer-readable storage medium are executed, or the method of claim 7 is implemented.
CN202011328387.5A 2020-11-24 2020-11-24 Encryption lock setting method, client and server Active CN112329045B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011328387.5A CN112329045B (en) 2020-11-24 2020-11-24 Encryption lock setting method, client and server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011328387.5A CN112329045B (en) 2020-11-24 2020-11-24 Encryption lock setting method, client and server

Publications (2)

Publication Number Publication Date
CN112329045A CN112329045A (en) 2021-02-05
CN112329045B true CN112329045B (en) 2021-09-14

Family

ID=74322279

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011328387.5A Active CN112329045B (en) 2020-11-24 2020-11-24 Encryption lock setting method, client and server

Country Status (1)

Country Link
CN (1) CN112329045B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6169976B1 (en) * 1998-07-02 2001-01-02 Encommerce, Inc. Method and apparatus for regulating the use of licensed products
CN1819512A (en) * 2006-03-17 2006-08-16 北京飞天诚信科技有限公司 Information safety protecting method and protector based on network software
CN109885989A (en) * 2018-12-29 2019-06-14 航天信息股份有限公司 A kind of method and system carrying out user authority management based on encryption lock
CN110032831A (en) * 2018-01-11 2019-07-19 上海有云信息技术有限公司 The generation method of software certificate, apparatus and system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120124388A1 (en) * 2010-11-14 2012-05-17 Disa Digitalsafety Pte Ltd Electronic-device theft-deterring systems

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6169976B1 (en) * 1998-07-02 2001-01-02 Encommerce, Inc. Method and apparatus for regulating the use of licensed products
CN1819512A (en) * 2006-03-17 2006-08-16 北京飞天诚信科技有限公司 Information safety protecting method and protector based on network software
CN110032831A (en) * 2018-01-11 2019-07-19 上海有云信息技术有限公司 The generation method of software certificate, apparatus and system
CN109885989A (en) * 2018-12-29 2019-06-14 航天信息股份有限公司 A kind of method and system carrying out user authority management based on encryption lock

Also Published As

Publication number Publication date
CN112329045A (en) 2021-02-05

Similar Documents

Publication Publication Date Title
US7313828B2 (en) Method and apparatus for protecting software against unauthorized use
US6684198B1 (en) Program data distribution via open network
US9305173B2 (en) Portable authorization device for authorizing use of protected information and associated method
US8181266B2 (en) Method for moving a rights object between devices and a method and device for using a content object based on the moving method and device
CN103154956B (en) For the method and apparatus of downloading digital copyright management module
US7877604B2 (en) Proof of execution using random function
CN103597489A (en) Data custodian and curation system
US20070024316A1 (en) Circuit personalization
US11544354B2 (en) System for secure provisioning and enforcement of system-on-chip (SOC) features
JP4541901B2 (en) Portable authority granting device and related method for authorizing use of protected information
NZ545669A (en) Portable storage device and method of managing files in the portable storage device
JPH07123086A (en) Literary work communication control system using ic card
US20040255136A1 (en) Method and device for protecting information against unauthorised use
KR100802110B1 (en) Apparatus and method for distribute digital contents
CN112329045B (en) Encryption lock setting method, client and server
JP4454280B2 (en) License authentication method and license authentication system
JP2003158513A (en) Ic card, its writing method and apparatus, and ic card system
CN112287305B (en) Data processing method, user lock and server
CN110674514B (en) Hard disk grading method, device and system
CN107682147B (en) Security management method and system for smart card chip operating system file
US20050055313A1 (en) Method for distributing software
JP7170588B2 (en) Data processing method and data processing system
CN114221769B (en) Method and device for controlling software authorization permission based on container
WO2018017019A1 (en) Personal security device and method
Abbadi Digital asset protection in personal private networks

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP01 Change in the name or title of a patent holder
CP01 Change in the name or title of a patent holder

Address after: 100193 5th floor 510, No. 5 Building, East Yard, No. 10 Wangdong Road, Northwest Haidian District, Beijing

Patentee after: Beijing Shendun Technology Co.,Ltd.

Address before: 100193 5th floor 510, No. 5 Building, East Yard, No. 10 Wangdong Road, Northwest Haidian District, Beijing

Patentee before: BEIJING SENSESHIELD TECHNOLOGY Co.,Ltd.