CN112565281B - Information processing method, server and system of service key - Google Patents
Information processing method, server and system of service key Download PDFInfo
- Publication number
- CN112565281B CN112565281B CN202011449128.8A CN202011449128A CN112565281B CN 112565281 B CN112565281 B CN 112565281B CN 202011449128 A CN202011449128 A CN 202011449128A CN 112565281 B CN112565281 B CN 112565281B
- Authority
- CN
- China
- Prior art keywords
- information
- key
- client
- service key
- license
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Storage Device Security (AREA)
Abstract
The application discloses an information processing method, a server and a system of a service key, wherein the method is applied to the server and comprises the following steps: acquiring first request information sent by a first client, wherein the first request information is used for requesting a server to process data to be processed by using a stored service key, and the first request information comprises at least one of the following information: user information, personal key information and service key identification in the first client; obtaining license information corresponding to the service key based on the first request information, wherein the license information comprises at least one license term aiming at using the service key; and under the condition that the permission information is determined to meet the first preset condition, calling the service key to process the data to be processed, and generating a corresponding processing result. The method can effectively prevent the service key from being leaked or illegally used, so that a user can flexibly use the service key and simultaneously ensure the safety of the service key.
Description
Technical Field
The present application relates to the field of information security, and in particular, to an information processing method, a server and a system for a service key.
Background
In the field of information security, a user needs to use a service key to process a target task, such as performing digital signature or data decryption and the like by using the service key. However, at present, once the service key is sent to a specific handler, the service key usage cannot be effectively controlled. For example, a handler sometimes needs to handle a service on behalf of a company, and then needs to obtain a corresponding service key. The company can no longer effectively control the service key after the service key is given to the processor, which includes: the handler can also use the service key that the original authority belongs to the company without restriction during the service processing, and the company cannot recover the service key after the handler completes the service. Therefore, the way of using the service key can create a great safety hazard.
Disclosure of Invention
The embodiment of the application aims to provide an information processing method, a server and a system of a service key, wherein the method can effectively prevent the service key from being leaked or illegally used, so that a user can flexibly use the service key and simultaneously ensure the safety of the service key.
In order to solve the technical problem, the embodiment of the application adopts the following technical scheme: an information processing method of a service key is applied to a server and comprises the following steps:
acquiring first request information sent by a first client, wherein the first request information is used for requesting a server to process data to be processed by using a stored service key, and the first request information comprises at least one of the following information: user information, personal key information and service key identification in the first client;
obtaining license information corresponding to the service key based on the first request information, wherein the license information comprises at least one license term for using the service key;
and under the condition that the permission information is determined to meet a first preset condition, calling the service key to process the data to be processed, and generating a corresponding processing result.
Optionally, the invoking the service key to process the to-be-processed data when it is determined that the license information meets a first preset condition includes:
acquiring a license signature of the license information;
in a case where the license signature is valid, determining whether the license information is valid based on the license signature, wherein the first preset condition includes a condition that the license information is valid.
Optionally, the invoking the service key to process the to-be-processed data when it is determined that the license information meets a first preset condition includes:
acquiring first use information using the service key in the license terms, and acquiring second use information using the service key in the first request information;
determining whether the first-use information is consistent with the second-use information, wherein the first preset condition includes a condition that the first-use information is consistent with the second-use information.
Optionally, the obtaining of the license information corresponding to the service key based on the first request information specifically includes:
and acquiring license information corresponding to the service key based on at least one of the user information, the personal key information and the service key identifier in the first client.
Optionally, the method further includes an operation of obtaining the service key, where the operation includes:
acquiring second request information sent by a second client, wherein the second request information comprises user information and/or client key information in the second client, and the client key information comprises a public key of a personal key in the second client and/or an identifier of the personal key;
generating a corresponding service key based on the second request information;
and binding the user information and/or the client key information with the generated service key.
Optionally, the method further includes an operation of obtaining the service key, where the operation includes:
receiving the service key directly imported by external equipment or imported by a second client;
acquiring user information and/or client key information in a second client sent by the second client, wherein the client key information comprises a public key of a personal key in the second client and/or an identifier of the personal key;
and binding the user information and/or the client key information with the acquired service key.
Optionally, the method further includes receiving license information sent by the second client and subjected to the license signature, where the license information further includes information of an authorized person and/or personal key information of the authorized person.
Optionally, the method further includes receiving the to-be-processed data sent by the first client, where the to-be-processed data is signed based on a personal key.
Optionally, the method further comprises:
encrypting the processing result based on a public key of the individual key;
and sending the encrypted processing result to the first client so that the first client decrypts the processing result through a private key of the personal key.
Optionally, wherein the license terms include at least one of: license validation time, license expiration time, number of license uses, and usage information.
The embodiment of the present application further provides an information processing method for a service key, which is applied to a first client and includes:
sending first request information to a server to enable the server to acquire permission information corresponding to a service key based on the first request information, wherein the first request information is used for requesting the server to process to-be-processed data by using the stored service key; the first request information includes at least one of: user information, personal key information and service key identification in the first client; the license information includes at least one license term for using the service key;
and receiving a processing result sent by the server, wherein the processing result is a result generated by calling the service key to process the data to be processed when the server determines that the permission information meets a first preset condition.
An embodiment of the present application further provides a server, including:
a first acquisition module configured to: acquiring first request information sent by a first client, wherein the first request information is used for requesting a server to process data to be processed by using a stored service key, and the first request information comprises at least one of the following information: user information, personal key information and service key identification in the first client;
a second acquisition module configured to: obtaining license information corresponding to the service key based on the first request information, wherein the license information comprises at least one license term for using the service key;
a processing module configured to: and under the condition that the permission information is determined to meet a first preset condition, calling the service key to process the data to be processed, and generating a corresponding processing result.
An embodiment of the present application further provides an information processing system, including the server described above, and further including at least one first client described above.
An embodiment of the present application further provides a computer-readable storage medium, where instructions are stored in the computer-readable storage medium, and when the instructions are executed on a computer, the following steps are implemented:
acquiring first request information sent by a first client, wherein the first request information is used for requesting a server to process data to be processed by using a stored service key, and the first request information comprises at least one of the following information: user information, personal key information and service key identification in the first client;
obtaining license information corresponding to the service key based on the first request information, wherein the license information comprises at least one license term for using the service key;
and under the condition that the permission information is determined to meet a first preset condition, calling the service key to process the data to be processed, and generating a corresponding processing result.
The beneficial effects of the embodiment of the application are that: in the information processing method, the service end can host the service key, so that the service key is prevented from being leaked or illegally used. When the service key is used, the request information sent by the client corresponding to the user can be analyzed and judged to determine whether the request information conforms to the license terms set by the service key owner, so that the user can flexibly use the service key and the safety of the service key is ensured.
Drawings
Fig. 1 is a flowchart illustrating an application of an information processing method for a service key to a server according to an embodiment of the present application;
FIG. 2 is a flowchart of one embodiment of step S3 of FIG. 1 according to an embodiment of the present application;
FIG. 3 is a flowchart illustrating another embodiment of step S3 in FIG. 1 according to an embodiment of the present application;
fig. 4 is a flowchart illustrating that the method for processing service key information according to the embodiment of the present application is applied to a first client;
fig. 5 is a block diagram of a server according to an embodiment of the present application.
Detailed Description
Various aspects and features of the present application are described herein with reference to the drawings.
It will be understood that various modifications may be made to the embodiments of the present application. Accordingly, the foregoing description should not be construed as limiting, but merely as exemplifications of embodiments. Those skilled in the art will envision other modifications within the scope and spirit of the application.
The accompanying drawings, which are incorporated in and constitute a part of the specification, illustrate embodiments of the application and, together with a general description of the application given above and the detailed description of the embodiments given below, serve to explain the principles of the application.
These and other characteristics of the present application will become apparent from the following description of preferred forms of embodiment, given as non-limiting examples, with reference to the attached drawings.
It is also to be understood that although the present application has been described with reference to some specific examples, those skilled in the art are able to ascertain many other equivalents to the practice of the present application.
The above and other aspects, features and advantages of the present application will become more apparent in view of the following detailed description when taken in conjunction with the accompanying drawings.
Specific embodiments of the present application are described hereinafter with reference to the accompanying drawings; however, it is to be understood that the disclosed embodiments are merely exemplary of the application, which can be embodied in various forms. Well-known and/or repeated functions and constructions are not described in detail to avoid obscuring the application of unnecessary or unnecessary detail. Therefore, specific structural and functional details disclosed herein are not to be interpreted as limiting, but merely as a basis for the claims and as a representative basis for teaching one skilled in the art to variously employ the present application in virtually any appropriately detailed structure.
The specification may use the phrases "in one embodiment," "in another embodiment," "in yet another embodiment," or "in other embodiments," which may each refer to one or more of the same or different embodiments in accordance with the application.
The information processing method for the service key is applied to the server, the server can be a server or other electronic equipment with functions similar to those of the server, and the method can use the server to host the service key. The server side can be connected with at least one client side and conducts data interaction. In this embodiment, the first client sends first request information to the server, where the first request information is used to request the server to process the to-be-processed data by using the stored service key. The service key is stored on the server for being called at any time, and it should be noted that the service key of the present application is not handed to the client but is kept by the server, so as to ensure the security of the service key. Of course, the service key may also be sent to the server by the first client having the authority or other clients (such as the client where the owner of the service key is located) in advance, so that the service key is stored on the server for use when used. After receiving the first request message, the server may obtain license information corresponding to the service key based on the first request message, including obtaining license information based on the user information, the personal key information, and/or the service key identifier of the user using the service key in the first request message. The server can start the obtaining action when the license information is used, and the license information can be provided to the server by the client or can be obtained from the memory by the server instantly. And under the condition that the license information and/or the service key accord with the first preset condition, if the license information is valid, the license information is not logically contradicted with the first request information, the content represented by the first request information is consistent with the use of the service key, and the like, the service key is called to process the data to be processed, and a processing result is obtained.
In the information processing method, the service end can host the service key, so that the service key is prevented from being leaked or illegally used. When the service key is used, the service end can analyze and judge the request information sent by the client corresponding to the user so as to determine whether the request information accords with the license terms set by the owner of the service key, so that the user can flexibly use the service key and the safety of the service key is ensured.
In order to better understand the technical solutions, the technical solutions of the present invention are described in detail below with reference to the drawings and specific embodiments, and it should be understood that the specific features in the embodiments and examples of the present invention are detailed descriptions of the technical solutions of the present invention, and are not limitations of the technical solutions of the present invention, and the technical features in the embodiments and examples of the present invention may be combined with each other without conflict.
Fig. 1 is a flowchart illustrating an application of the service key information processing method to a server according to an embodiment of the present application. The information processing method of the embodiment of the application can be applied to a server, including a server or other electronic devices with service functions, as shown in fig. 1, and includes the following steps:
s1, acquiring first request information sent by a first client, where the first request information is used to request a server to process pending data using a stored service key, and the first request information includes at least one of the following information: and the user information, the personal key information and the service key identification in the first client.
The service end can be connected with one or more client ends, and a user of the service key or an owner of the service key corresponds to the corresponding client end. Of course, the owner of the service key may also be the user of the service key, and is not limited herein. In this embodiment, the first client may be a client corresponding to a user of the service key. The first client sends first request information to the server to request the server to process the data to be processed by using the stored service key. The first request information includes at least one of: user information, personal key information and service key identification in the first client. Wherein, the user information can be the related information of the user of the service key; the personal key information may be a personal key possessed by the user, such as a public key of the personal key and/or an ID of the personal key; the service key identifier may be related information provided by the user with the service key requested by the user, such as an ID of the service key requested to be used.
S2, obtaining the license information corresponding to the service key based on the first request information, wherein the license information includes at least one license term for using the service key.
The server receives the first request message, and can acquire the license information corresponding to the service key according to at least one feature message contained in the first request message. For example, corresponding license information is obtained according to the user information of the user, the personal key information and the service key identifier, and the license information may be pre-stored by the server or may be obtained by the server from the client. The license information includes at least one license term for using the service key. The license terms may be specific content licensed by the owner of the business key. Of course, if the same service key corresponds to different first clients, the license terms may not be the same. This makes the service key have different use modes for different users, and the use mode is flexible. And the license terms characterize the specific manner of use of the service key. Such as license effective time, license expiration time, license use times, usage information, etc., thereby ensuring that the service key cannot be used illegally while ensuring that the user uses the service key.
And S3, under the condition that the permission information is determined to meet the first preset condition, calling the service key to process the data to be processed, and generating a corresponding processing result.
The server needs to analyze and judge the license information to ensure that the license information is valid and that the license information also needs to be adapted to the function of the user and the service key expressed by the first request information. In this embodiment, the license information needs to be analyzed and judged to determine that the license information meets the first preset condition, and the server may invoke the service key to process the data to be processed to generate a corresponding processing result if the license information meets the first preset condition, and the server may also send the processing result to the first client, thereby meeting the usage requirement of the user of the service key. In addition, the specific content of the first preset condition may be set according to actual use requirements, for example, the specific content of the service key and the security level of the service key by the service end may be set.
In an embodiment of the present application, the invoking the service key to process the to-be-processed data when it is determined that the license information meets the first preset condition, as shown in fig. 2, includes the following steps:
s31, obtaining a license signature of the license information;
s32, determining whether the license information is valid based on the license signature in case that the license signature is valid, wherein the first preset condition includes a condition that the license information is valid.
Specifically, the license signature may be a signature possessed by the owner of the service key, thereby ensuring that the owner of the service key agrees to license the service key and also ensuring the validity and validity of the license information. Having a public key that verifies whether the license signature is valid may verify whether the signature is valid based on the owner of the service key. And the owner's public key may be provided by the second client to which the owner corresponds. If the license signature is valid, it may be verified whether the license information is valid based on the license signature. The first preset condition includes a condition that the license information is valid, that is, the license information may be valid on the premise that the license information meets the first preset condition. Of course, the first preset condition may also include other conditions.
In an embodiment of the present application, the invoking the service key to process the to-be-processed data when it is determined that the license information meets the first preset condition, as shown in fig. 3, includes the following steps:
s33, acquiring first use information of the service key in the license terms and acquiring second use information of the service key in the first request information;
s34, determining whether the first use information is consistent with the second use information, wherein the first preset condition includes a condition that the first use information is consistent with the second use information.
Specifically, in this embodiment, on one hand, under the condition that it is determined that the permission information meets the first preset condition, the service key is called to process the data to be processed; on the other hand, under the condition that the permission information and/or the service key are determined to meet the first preset condition, the service key is called to process the data to be processed. In the first aspect, the license term has first use information for using the service key, and the first request information also has second use information for using the service key, such as encryption, signature, and the like. The first usage information may be a sub-condition of the first preset condition if the first usage information is consistent with the second usage information. That is, if the first-use information and the second-use information are required to be consistent when the service key is started to be called, if the license service key in the license terms is signed for use and the purpose of the service key requested in the first request information is also signed for use, the first-use information and the second-use information can be considered to be consistent. For another aspect, the service key itself has third purpose information, such as encryption, decryption, signature verification, mac calculation, etc. When the first use information, the second use information, and the third use information are all identical, it may be considered that the sub-condition of the first preset condition is satisfied. For example, a first client corresponding to a user initiates a "signature" request, and a server checks whether the license usage of a service key includes a "signature" function, if so, the service key is considered to be "signed", otherwise, if the service key does not have the signature function, and the first request information requests to use the service key for signature, the service key is considered to be unable to satisfy a first preset condition.
In an embodiment of the present application, the obtaining of the license information corresponding to the service key based on the first request information specifically includes:
and acquiring license information corresponding to the service key based on at least one of the user information, the personal key information and the service key identifier in the first client.
Specifically, the first client may be a client corresponding to a user requesting to use the service key, and the user information may be related information of the user of the service key; the individual key information may be an individual key possessed by the user, such as a public key of the individual key and/or an ID of the individual key. The server may obtain the license information based on the user information, the personal key information, and/or the service key identification.
In an embodiment of the present application, the method further includes an operation of generating the service key, including:
acquiring second request information sent by a second client, wherein the second request information comprises user information and/or client key information in the second client, and the client key information comprises a public key of a personal key in the second client and/or an identifier of the personal key;
generating a corresponding service key based on the second request information;
and binding the user information and/or the client key information with the generated service key.
Specifically, the second client may be a client corresponding to the owner of the service key, and the second client may generate all the service keys at the server. For example, the owner of the company may be the owner of the service key, so that it may generate the service key owned by the second client at the server. The generating operation includes: and the second client sends second request information to the server, wherein the second request information comprises the information related to the authorization intention of the owner of the service key and also comprises user information and/or client key information of the second client corresponding to the owner. The client key information includes a public key of the personal key of the second client and/or an identification of the personal key, such as a personal key ID, and a corresponding service key may be generated according to the user information related to the owner, the public key of the personal key and/or the identification of the personal key, and according to the authorization intention of the owner. In this embodiment, the user information and/or the client key information may be bound with the generated service key, for example, the service key, the user information, and the client information are packaged into a data packet, and the data packet is calculated to have a key check code, which may be a digital signature, an HMAC, a CMAC, or the like. Binding the user information and/or client key information with the generated service key may associate the service key with information of its owner.
In an embodiment, since the owner of the service key may also be a user of the service key, in a case that the owner needs to use the service key, the second client needs to send the first request message to the server to request the server to invoke the service key to process the preprocessed data, in which case the second client corresponding to the owner of the service key is equal to the first client.
In an embodiment of the present application, the method further includes an operation of obtaining the service key, where the operation includes:
receiving the service key directly imported by external equipment or imported by a second client;
acquiring user information and/or client key information in a second client sent by the second client, wherein the client key information comprises a public key of a personal key in the second client and/or an identifier of the personal key;
and binding the user information and/or the client key information with the acquired service key.
Specifically, the method for the server to obtain the service key is not limited to self-generation, and can also be obtained by other methods. In this embodiment, the service key may be imported by an external device (such as a mobile phone shield or a device of another service organization), and the importing mode may be that the external device is directly connected to the server, so as to perform an importing operation, so that the server obtains and stores the service key. Or the external device sends the service key to the second client, namely the client corresponding to the owner of the service key, and the second client sends the service key to the server so that the server acquires and stores the service key. In addition, the second client sends user information and/or client key information associated with the owner to the server, wherein the client key information comprises a public key of a personal key in the second client and/or an identification of the personal key, such as a personal key ID. It should be noted that, when sending the service key, the user information and/or the client key information, the second client may send them separately, or may send the service key, the user information and/or the client key information to the server at the same time, and the sending method is not limited herein. After receiving the user information and/or the client key information, the server may bind the user information and/or the client key information with the obtained service key, and may associate the service key with the information of its owner.
In an embodiment of the application, the method further includes receiving license information which is sent by the second client and is subject to the license signature, where the license information further includes information of an authorized person and/or personal key information of the authorized person.
Specifically, the license signature is a personal key signature of the second client corresponding to the owner of the service key. And the license information includes the authorized person information and/or the authorized person personal key information. Therefore, when the server side obtains the license information, the server side can analyze the information of the person to be authorized and/or the personal key information of the person to be authorized in the license information, and further judge whether the license information is matched with the first request information sent by the first client side, for example, if the user information of the user contained in the first request information is consistent with the information of the person to be authorized in the license information, the server side can obtain the corresponding license information.
In one embodiment of the application, the method further includes receiving the to-be-processed data sent by the first client, wherein the to-be-processed data is signed based on a personal key.
Specifically, the to-be-processed data in this embodiment may be that the first client sends the to-be-processed data to the server while sending the first request information to the server, and the to-be-processed data may be that the first client signs the to-be-processed data with a personal key related to a user, so that it is ensured that the to-be-processed data is not modified in the process of being transmitted to the server, and the security of the to-be-processed data is increased.
In one embodiment of the present application, the method further comprises the steps of:
encrypting the processing result based on a public key of the individual key;
and sending the encrypted processing result to the first client so that the first client decrypts the processing result through a private key of the personal key.
Specifically, the server side processes the data to be processed by using the service key to obtain a corresponding processing result, and the server side can feed back the processing result to the first client side, so that the use requirement of a user of the service key is met. The server side can encrypt the processing result when sending the processing result, thereby ensuring the security of the processing result in the transmission process. For example, the server encrypts the processing result using the personal public key corresponding to the first client, and after receiving the processing result, the first client may decrypt the processing result using the personal private key corresponding to the first client, thereby obtaining specific processing data.
An embodiment of the present application further provides an information processing method for a service key, which is applied to a first client, and as shown in fig. 4, the method includes the following steps:
s4, sending first request information to a server, so that the server obtains permission information corresponding to a service key based on the first request information, where the first request information is used to request the server to process to-be-processed data using the stored service key; the first request information includes at least one of: user information, personal key information and service key identification in the first client; the license information includes at least one license term for using the service key.
Specifically, the server may be connected to one or more clients, and a user of the service key or an owner of the service key corresponds to each client. Of course, the owner of the service key may also be the user of the service key, and is not limited herein. In this embodiment, the first client may be a client corresponding to a user of the service key. The first client sends first request information to the server to request the server to process the data to be processed by using the stored service key. The first request information includes at least one of: user information, personal key information and service key identification in the first client. Wherein, the user information can be the related information of the user of the service key; the personal key information may be a personal key possessed by the user, such as a public key of the personal key and/or an ID of the personal key; the service key identifier may be related information provided by the user with the service key requested by the user, such as an ID of the service key requested to be used.
The first client sends the first request information to the server, and the server can obtain the license information corresponding to the service key according to at least one piece of feature information contained in the first request information. For example, corresponding license information is obtained according to the user information of the user, the personal key information and the service key identifier, and the license information may be pre-stored by the server or may be obtained by the server from the client. The license information includes at least one license term for using the service key. The license terms may be specific content licensed by the owner of the business key. Of course, if the same service key corresponds to different first clients, the license terms may not be the same. This makes the service key have different use modes for different users, and the use mode is flexible. And the license terms characterize the specific manner of use of the service key. Such as license effective time, license expiration time, license use times, usage information, etc., thereby ensuring that the service key cannot be used illegally while ensuring that the user uses the service key.
And S5, receiving a processing result sent by the server, wherein the processing result is a result generated by the server invoking the service key to process the data to be processed under the condition that the permission information is determined to meet a first preset condition.
The server needs to analyze and judge the license information to ensure that the license information is valid and that the license information also needs to be adapted to the function of the user and the service key expressed by the first request information. In this embodiment, the license information needs to be analyzed and judged to determine that the license information meets the first preset condition, and the server may invoke the service key to process the data to be processed to generate a corresponding processing result if the license information meets the first preset condition, and the server may also send the processing result to the first client, thereby meeting the usage requirement of the user of the service key. In addition, the specific content of the first preset condition may be set according to actual use requirements, for example, the specific content of the service key and the security level of the service key by the service end may be set.
An embodiment of the present application further provides a server, where the server may be a server or other electronic devices with functions similar to that of the server, as shown in fig. 5, including:
a first acquisition module configured to: acquiring first request information sent by a first client, wherein the first request information is used for requesting a server to process data to be processed by using a stored service key, and the first request information comprises at least one of the following information: and the user information, the personal key information and the service key identification in the first client.
A second acquisition module configured to: obtaining license information corresponding to the service key based on the first request information, wherein the license information comprises at least one license term for using the service key;
a processing module configured to: and under the condition that the permission information is determined to meet a first preset condition, calling the service key to process the data to be processed, and generating a corresponding processing result.
Specifically, the server may be connected to one or more clients, and the user of the service key or the owner of the service key may correspond to the corresponding client. Of course, the owner of the service key may also be the user of the service key, and is not limited herein. In this embodiment, the first client may be a client corresponding to a user of the service key. The first client sends first request information to the server, and the first acquisition module acquires the first request information sent by the first client. The first request message is used for requesting the server side to process the data to be processed by using the stored service key for the first client side. The first request information includes at least one of: user information, personal key information and service key identification in the first client. Wherein, the user information can be the related information of the user of the service key; the personal key information may be a personal key possessed by the user, such as a public key of the personal key and/or an ID of the personal key; the service key identifier may be related information provided by the user with the service key requested by the user, such as an ID of the service key requested to be used.
The second obtaining module receives the first request message, and can obtain the license information corresponding to the service key according to at least one feature message contained in the first request message. For example, corresponding license information is obtained according to the user information of the user, the personal key information and the service key identifier, and the license information may be pre-stored by the server or may be obtained by the server from the client. The license information includes at least one license term for using the service key. The license terms may be specific content licensed by the owner of the business key. Of course, if the same service key corresponds to different first clients, the license terms may not be the same. This makes the service key have different use modes for different users, and the use mode is flexible. And the license terms characterize the specific manner of use of the service key. Such as license effective time, license expiration time, license use times, usage information, etc., thereby ensuring that the service key cannot be used illegally while ensuring that the user uses the service key.
The processing module needs to analyze and determine the license information to ensure that the license information is valid and that the license information also needs to be adapted to the function of the user and the service key expressed by the first request information. In this embodiment, the processing module needs to analyze and judge the license information to determine that the license information meets the first preset condition, and the server may invoke the service key to process the data to be processed to generate a corresponding processing result if the license information meets the first preset condition, and the server may also send the processing result to the first client, thereby meeting the usage requirement of the user of the service key. In addition, the specific content of the first preset condition may be set according to actual use requirements, for example, the specific content of the service key and the security level of the service key by the service end may be set.
In one embodiment of the present application, the processing module is further configured to:
acquiring a license signature of the license information;
in a case where the license signature is valid, determining whether the license information is valid based on the license signature, wherein the first preset condition includes a condition that the license information is valid.
In one embodiment of the present application, the processing module is further configured to:
acquiring first use information using the service key in the license terms, and acquiring second use information using the service key in the first request information;
determining whether the first-use information is consistent with the second-use information, wherein the first preset condition includes a condition that the first-use information is consistent with the second-use information.
In one embodiment of the present application, the second obtaining module is further configured to:
and acquiring license information corresponding to the service key based on at least one of the user information, the personal key information and the service key identifier in the first client.
In an embodiment of the present application, the server further includes a generation module, where the generation module is configured to:
acquiring second request information sent by a second client, wherein the second request information comprises user information and/or client key information in the second client, and the client key information comprises a public key of a personal key in the second client and/or an identifier of the personal key;
generating a corresponding service key based on the second request information;
and binding the user information and/or the client key information with the generated service key.
In an embodiment of the present application, the server further includes a generation module, where the generation module is configured to:
receiving the service key directly imported by external equipment or imported by a second client;
acquiring user information and/or client key information in a second client sent by the second client, wherein the client key information comprises a public key of a personal key in the second client and/or an identifier of the personal key;
and binding the user information and/or the client key information with the acquired service key.
In one embodiment of the present application, the second obtaining module is further configured to:
and receiving the license information which is sent by the second client and is subjected to the license signature, wherein the license information further comprises information of the person to be authorized and/or personal key information of the person to be authorized.
In one embodiment of the present application, the first obtaining module is further configured to:
and receiving the to-be-processed data sent by the first client, wherein the to-be-processed data is signed based on a personal key.
In one embodiment of the present application, the processing module is further configured to:
encrypting the processing result based on a public key of the individual key;
and sending the encrypted processing result to the first client so that the first client decrypts the processing result through a private key of the personal key.
In one embodiment of the present application, wherein the license terms include at least one of: license validation time, license expiration time, number of license uses, and usage information.
An embodiment of the present application further provides an information processing system, including the server described above, and further including at least one first client described above. Of course the system may also comprise a second client. The first client may be a client corresponding to a service key user, and the second client may be a client corresponding to an owner of the service key.
An embodiment of the present application further provides a computer-readable storage medium, where instructions are stored in the computer-readable storage medium, and when the instructions are executed on a computer, the following steps are implemented:
acquiring first request information sent by a first client, wherein the first request information is used for requesting a server to process data to be processed by using a stored service key, and the first request information comprises at least one of the following information: user information, personal key information and service key identification in the first client;
obtaining license information corresponding to the service key based on the first request information, wherein the license information comprises at least one license term for using the service key;
and under the condition that the permission information is determined to meet a first preset condition, calling the service key to process the data to be processed, and generating a corresponding processing result.
Specifically, the server may be connected to one or more clients, and a user of the service key or an owner of the service key corresponds to each client. Of course, the owner of the service key may also be the user of the service key, and is not limited herein. In this embodiment, the first client may be a client corresponding to a user of the service key. The first client sends first request information to the server to request the server to process the data to be processed by using the stored service key. The first request information includes at least one of: user information, personal key information and service key identification in the first client. Wherein, the user information can be the related information of the user of the service key; the personal key information may be a personal key possessed by the user, such as a public key of the personal key and/or an ID of the personal key; the service key identifier may be related information provided by the user with the service key requested by the user, such as an ID of the service key requested to be used.
The server receives the first request message, and can acquire the license information corresponding to the service key according to at least one feature message contained in the first request message. For example, corresponding license information is obtained according to the user information of the user, the personal key information and the service key identifier, and the license information may be pre-stored by the server or may be obtained by the server from the client. The license information includes at least one license term for using the service key. The license terms may be specific content licensed by the owner of the business key. Of course, if the same service key corresponds to different first clients, the license terms may not be the same. This makes the service key have different use modes for different users, and the use mode is flexible. And the license terms characterize the specific manner of use of the service key. Such as license effective time, license expiration time, license use times, usage information, etc., thereby ensuring that the service key cannot be used illegally while ensuring that the user uses the service key.
The server needs to analyze and judge the license information to ensure that the license information is valid and that the license information also needs to be adapted to the function of the user and the service key expressed by the first request information. In this embodiment, the license information needs to be analyzed and judged to determine that the license information meets the first preset condition, and the server may invoke the service key to process the data to be processed to generate a corresponding processing result if the license information meets the first preset condition, and the server may also send the processing result to the first client, thereby meeting the usage requirement of the user of the service key. In addition, the specific content of the first preset condition may be set according to actual use requirements, for example, the specific content of the service key and the security level of the service key by the service end may be set.
The above embodiments are only exemplary embodiments of the present application, and are not intended to limit the present application, and the protection scope of the present application is defined by the claims. Various modifications and equivalents may be made by those skilled in the art within the spirit and scope of the present application and such modifications and equivalents should also be considered to be within the scope of the present application.
Claims (13)
1. An information processing method of a service key is applied to a server, and comprises the following steps:
acquiring first request information sent by a first client, wherein the first request information is used for requesting a server to process data to be processed by using a stored service key, and the first request information comprises at least one of the following information: user information, personal key information and service key identification in the first client;
obtaining license information corresponding to the service key based on the first request information, wherein the license information comprises at least one license term for using the service key;
under the condition that the permission information is determined to meet a first preset condition, calling the service key to process the data to be processed to generate a corresponding processing result; wherein the content of the first and second substances,
the method further includes an operation of obtaining the service key, including:
acquiring second request information sent by a second client, wherein the second request information comprises user information and/or client key information in the second client, and the client key information comprises a public key of a personal key in the second client and/or an identifier of the personal key;
generating a corresponding service key based on the second request information;
and binding the user information and/or the client key information with the generated service key.
2. The method according to claim 1, wherein the invoking the service key to process the to-be-processed data in the case that it is determined that the license information meets a first preset condition includes:
acquiring a license signature of the license information;
in a case where the license signature is valid, determining whether the license information is valid based on the license signature, wherein the first preset condition includes a condition that the license information is valid.
3. The method according to claim 1, wherein the invoking the service key to process the to-be-processed data in the case that it is determined that the license information meets a first preset condition includes:
acquiring first use information using the service key in the license terms, and acquiring second use information using the service key in the first request information;
determining whether the first-use information is consistent with the second-use information, wherein the first preset condition includes a condition that the first-use information is consistent with the second-use information.
4. The method according to claim 1, wherein the obtaining of the license information corresponding to the service key based on the first request information specifically includes:
and acquiring license information corresponding to the service key based on at least one of the user information, the personal key information and the service key identifier in the first client.
5. The method of claim 1, further comprising the operation of obtaining the service key, comprising:
receiving the service key directly imported by external equipment or imported by a second client;
acquiring user information and/or client key information in a second client sent by the second client, wherein the client key information comprises a public key of a personal key in the second client and/or an identifier of the personal key;
and binding the user information and/or the client key information with the acquired service key.
6. The method according to claim 1, further comprising receiving license information which is sent by the second client and is subject to license signature, wherein the license information further comprises authorized person information and/or authorized person personal key information.
7. The method of claim 1, further comprising receiving the pending data sent by the first client, wherein the pending data is signed based on a personal key.
8. The method of claim 1, further comprising:
encrypting the processing result based on a public key of the individual key;
and sending the encrypted processing result to the first client so that the first client decrypts the processing result through a private key of the personal key.
9. The method of claim 1, wherein the licensing terms comprise at least one of: license validation time, license expiration time, number of license uses, and usage information.
10. An information processing method of a service key is applied to a first client, and comprises the following steps:
sending first request information to a server to enable the server to acquire permission information corresponding to a service key based on the first request information, wherein the first request information is used for requesting the server to process to-be-processed data by using the stored service key; the first request information includes at least one of: user information, personal key information and service key identification in the first client; the license information includes at least one license term for using the service key;
receiving a processing result sent by the server, wherein the processing result is a result generated by the server calling the service key to process the data to be processed under the condition that the permission information is determined to meet a first preset condition; the server obtains the license information corresponding to the service key based on the first request information, and the license information includes:
acquiring second request information sent by a second client, wherein the second request information comprises user information and/or client key information in the second client, and the client key information comprises a public key of a personal key in the second client and/or an identifier of the personal key;
generating a corresponding service key based on the second request information;
and binding the user information and/or the client key information with the generated service key.
11. A server, comprising:
a first acquisition module configured to: acquiring first request information sent by a first client, wherein the first request information is used for requesting a server to process data to be processed by using a stored service key, and the first request information comprises at least one of the following information: user information, personal key information and service key identification in the first client;
a second acquisition module configured to: obtaining license information corresponding to the service key based on the first request information, wherein the license information comprises at least one license term for using the service key;
a processing module configured to: under the condition that the permission information is determined to meet a first preset condition, calling the service key to process the data to be processed to generate a corresponding processing result; wherein the first obtaining module is further configured to obtain the service key, including:
acquiring second request information sent by a second client, wherein the second request information comprises user information and/or client key information in the second client, and the client key information comprises a public key of a personal key in the second client and/or an identifier of the personal key;
generating a corresponding service key based on the second request information;
and binding the user information and/or the client key information with the generated service key.
12. An information processing system comprising a server according to any one of claims 1 to 9, and further comprising at least one first client according to any one of claims 1 to 9.
13. A computer-readable storage medium having stored therein instructions that, when executed on a computer, perform the steps of:
acquiring first request information sent by a first client, wherein the first request information is used for requesting a server to process data to be processed by using a stored service key, and the first request information comprises at least one of the following information: user information, personal key information and service key identification in the first client;
obtaining license information corresponding to the service key based on the first request information, wherein the license information comprises at least one license term for using the service key;
under the condition that the permission information is determined to meet a first preset condition, calling the service key to process the data to be processed to generate a corresponding processing result; wherein, the step further comprises the operation of obtaining the service key, which comprises the following steps:
acquiring second request information sent by a second client, wherein the second request information comprises user information and/or client key information in the second client, and the client key information comprises a public key of a personal key in the second client and/or an identifier of the personal key;
generating a corresponding service key based on the second request information;
and binding the user information and/or the client key information with the generated service key.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011449128.8A CN112565281B (en) | 2020-12-09 | 2020-12-09 | Information processing method, server and system of service key |
| PCT/CN2021/136418 WO2022121940A1 (en) | 2020-12-09 | 2021-12-08 | Information processing method for service key, and serving end and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011449128.8A CN112565281B (en) | 2020-12-09 | 2020-12-09 | Information processing method, server and system of service key |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112565281A CN112565281A (en) | 2021-03-26 |
| CN112565281B true CN112565281B (en) | 2021-09-17 |
Family
ID=75061601
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011449128.8A Active CN112565281B (en) | 2020-12-09 | 2020-12-09 | Information processing method, server and system of service key |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112565281B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2022121940A1 (en) * | 2020-12-09 | 2022-06-16 | 北京深思数盾科技股份有限公司 | Information processing method for service key, and serving end and system |
| CN114553510B (en) * | 2022-02-14 | 2022-11-04 | 重庆长安汽车股份有限公司 | Service key distribution system, method and readable storage medium |
| CN115935318B (en) * | 2022-12-27 | 2024-02-13 | 北京深盾科技股份有限公司 | Information processing method, device, server, client and storage medium |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101141246A (en) * | 2006-09-05 | 2008-03-12 | 华为技术有限公司 | Service key obtaining method and subscription management server |
| CN101166259A (en) * | 2006-10-16 | 2008-04-23 | 华为技术有限公司 | Mobile phone TV service protection method, system, mobile phone TV server and terminal |
| CN102111765A (en) * | 2009-12-28 | 2011-06-29 | 中国移动通信集团公司 | Method and device for processing service key |
| JP5908296B2 (en) * | 2012-02-06 | 2016-04-26 | シャープ株式会社 | Information terminal device, information terminal system, information terminal control method, and program |
| CN107204848A (en) * | 2017-07-25 | 2017-09-26 | 北京深思数盾科技股份有限公司 | A kind of method for managing key data and the device for managing key data |
| CN111245597A (en) * | 2020-01-17 | 2020-06-05 | 众安信息技术服务有限公司 | Key management method, system and equipment |
| CN111327637A (en) * | 2020-03-10 | 2020-06-23 | 时时同云科技(成都)有限责任公司 | Service key management method and system |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7421083B2 (en) * | 2001-04-05 | 2008-09-02 | General Instrument Corporation | System for seamlessly updating service keys with automatic recovery |
| KR101341047B1 (en) * | 2010-08-24 | 2013-12-11 | 한국전자통신연구원 | Downloadable Conditional Access and Method of Using Conditional Access Image |
-
2020
- 2020-12-09 CN CN202011449128.8A patent/CN112565281B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101141246A (en) * | 2006-09-05 | 2008-03-12 | 华为技术有限公司 | Service key obtaining method and subscription management server |
| CN101166259A (en) * | 2006-10-16 | 2008-04-23 | 华为技术有限公司 | Mobile phone TV service protection method, system, mobile phone TV server and terminal |
| CN102111765A (en) * | 2009-12-28 | 2011-06-29 | 中国移动通信集团公司 | Method and device for processing service key |
| JP5908296B2 (en) * | 2012-02-06 | 2016-04-26 | シャープ株式会社 | Information terminal device, information terminal system, information terminal control method, and program |
| CN107204848A (en) * | 2017-07-25 | 2017-09-26 | 北京深思数盾科技股份有限公司 | A kind of method for managing key data and the device for managing key data |
| CN111245597A (en) * | 2020-01-17 | 2020-06-05 | 众安信息技术服务有限公司 | Key management method, system and equipment |
| CN111327637A (en) * | 2020-03-10 | 2020-06-23 | 时时同云科技(成都)有限责任公司 | Service key management method and system |
Non-Patent Citations (2)
| Title |
|---|
| "IPTV中选择性DRM的应用研究";臧雪芹;《中国优秀硕士学位论文全文数据库-信息科技辑》;20091115;全文 * |
| "The Simplified and Secure Conditional Access for Interactive TV Service in Converged Network";Cheng Yang;《2009 International Conference on Management and Service Science》;20091030;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112565281A (en) | 2021-03-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112565281B (en) | Information processing method, server and system of service key | |
| CN110519309B (en) | Data transmission method, device, terminal, server and storage medium | |
| CN112187724B (en) | Access control method, device, gateway, client and security token service | |
| CN110995757B (en) | Encryption device, encryption system, and data encryption method | |
| CN110719173B (en) | Information processing method and device | |
| WO2020173332A1 (en) | Trusted execution environment-based application activation method and apparatus | |
| CN107733636B (en) | Authentication method and authentication system | |
| CN112861089B (en) | Authorization authentication method, resource server, resource user, equipment and medium | |
| KR102137122B1 (en) | Security check method, device, terminal and server | |
| CN109981665B (en) | Resource providing method and device, and resource access method, device and system | |
| CN112632593B (en) | Data storage method, data processing method, device and storage medium | |
| CN113221128B (en) | Account and password storage method and registration management system | |
| CN109684129B (en) | Data backup recovery method, storage medium, encryption machine, client and server | |
| EP2414983B1 (en) | Secure Data System | |
| WO2014026462A1 (en) | Digital rights management method | |
| CN113114668A (en) | Information transmission method, mobile terminal, storage medium and electronic equipment | |
| CN112733200B (en) | Information processing method, encryption machine and information processing system of service key | |
| CN112671534B (en) | Service key management method, service terminal and system based on biological characteristics | |
| JP2005197912A (en) | Method and program for information disclosure control and tamper resistant instrument | |
| CN109889344B (en) | Terminal, data transmission method, and computer-readable storage medium | |
| CN114329541A (en) | Data encryption method, device, equipment and storage medium | |
| CN110598469A (en) | Information processing method and device and computer storage medium | |
| CN106992978B (en) | Network security management method and server | |
| CN110807210B (en) | Information processing method, platform, system and computer storage medium | |
| CN108429621B (en) | Identity verification method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 100193 5th floor 510, No. 5 Building, East Yard, No. 10 Wangdong Road, Northwest Haidian District, Beijing Patentee after: Beijing Shendun Technology Co.,Ltd. Address before: 100193 5th floor 510, No. 5 Building, East Yard, No. 10 Wangdong Road, Northwest Haidian District, Beijing Patentee before: BEIJING SENSESHIELD TECHNOLOGY Co.,Ltd. |
|
| CP01 | Change in the name or title of a patent holder |