CN113779512A - Method, device, terminal and storage medium for authorization management based on encryption - Google Patents

Method, device, terminal and storage medium for authorization management based on encryption Download PDF

Info

Publication number
CN113779512A
CN113779512A CN202111078429.9A CN202111078429A CN113779512A CN 113779512 A CN113779512 A CN 113779512A CN 202111078429 A CN202111078429 A CN 202111078429A CN 113779512 A CN113779512 A CN 113779512A
Authority
CN
China
Prior art keywords
firmware
hardware
identifier
digital signature
decryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111078429.9A
Other languages
Chinese (zh)
Inventor
欧阳运升
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
KINCO AUTOMATION (SHANGHAI) Ltd
Original Assignee
KINCO AUTOMATION (SHANGHAI) Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by KINCO AUTOMATION (SHANGHAI) Ltd filed Critical KINCO AUTOMATION (SHANGHAI) Ltd
Priority to CN202111078429.9A priority Critical patent/CN113779512A/en
Publication of CN113779512A publication Critical patent/CN113779512A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/101Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities
    • G06F21/1011Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities to devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Technology Law (AREA)
  • Multimedia (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the invention discloses a method, a device, a terminal and a storage medium for authorization management based on encryption, wherein the method comprises the following steps: if an operation request corresponding to the firmware is received, acquiring an identifier and a digital signature of the hardware to be operated currently of the requested firmware; obtaining a decryption key from the firmware; the decryption key is used for decrypting the digital signature in the authorized hardware; decrypting the digital signature through the decryption key to obtain a decryption result; if the decryption result does not include the identifier, determining that the current hardware to be operated is not authorized hardware, and discarding the operation request; and if the decryption result comprises the identifier, confirming that the current hardware to be operated is authorized hardware, and executing the operation request. The authorized hardware is managed through the secret key, and the identifier is matched only after the digital signature of the authorized hardware is decrypted, so that the operation of other unauthorized hardware on the firmware is avoided, and the firmware leakage is effectively avoided.

Description

Method, device, terminal and storage medium for authorization management based on encryption
Technical Field
The present invention relates to the field of authorization management technologies, and in particular, to a method, an apparatus, a terminal, and a storage medium for authorization management based on encryption.
Background
Hardware such as a Human Machine Interface (HMI) and a Programmable Logic Controller (PLC) are commonly adopted in industrial equipment at present, and HMI and PLC manufacturers provide hardware and simultaneously provide user hardware, software for customer engineering writing and downloading tool software. Before leaving factory, firmware supporting basic operation of the hardware, including various starting programs, system programs, peripheral drivers and the like, is burned in the hardware. In such a background, a project file developed by a user using programming software of a certain manufacturer can be downloaded to any hardware of the manufacturer without any protection. The software of the bottom layer, communication and the like is modified for different customers to distinguish.
Therefore, the existing method cannot prevent illegal software from downloading, so that dangerous situations such as easy data tampering and the like occur, and particularly, more and more devices can access the Internet in the age of the Internet of things; in addition, it is also unavoidable that the compiled project files are downloaded to illegal hardware, and once a confidential project file leaks, the compiled project file can be downloaded to any device of the same brand for use, which causes loss. And the software for modifying the bottom layer for each client is complex in work, not suitable for maintenance and easy to be confused.
Disclosure of Invention
In view of the above, the present invention provides a method, an apparatus, a terminal and a storage medium for authorization management based on encryption, so as to solve the problems in the prior art.
Specifically, the present invention proposes the following specific examples:
the embodiment of the invention provides a method for authorization management based on encryption, which comprises the following steps:
if an operation request corresponding to the firmware is received, acquiring an identifier and a digital signature of the hardware to be operated currently of the requested firmware;
obtaining a decryption key from the firmware; the decryption key is used for decrypting the digital signature in the authorized hardware;
decrypting the digital signature through the decryption key to obtain a decryption result;
if the decryption result does not include the identifier, determining that the current hardware to be operated is not authorized hardware, and discarding the operation request;
and if the decryption result comprises the identifier, confirming that the current hardware to be operated is authorized hardware, and executing the operation request.
In a specific embodiment, the method further comprises the following steps:
acquiring an identifier of authorized hardware;
encrypting the identifier based on a preset encryption key to generate a digital signature;
burning the digital signature into the authorized hardware.
In a specific embodiment, the method further comprises:
setting paired encryption keys and decryption keys aiming at different authorized hardware sets; different sets of authorized hardware correspond to different encryption keys.
In a specific embodiment, the firmware comprises a download firmware and a functional firmware which are matched with each other; the same decryption key is set in the matched download firmware and the function firmware;
if an operation request corresponding to the firmware is received, acquiring an identifier and a digital signature of the hardware of the requested firmware to be currently operated, including:
if the request of downloading the functional firmware is received through the downloading firmware, acquiring the identifier and the digital signature of the hardware to be operated currently of the functional firmware through the downloading firmware;
the obtaining a decryption key from the firmware includes:
and acquiring a decryption key from the downloaded firmware.
In a particular embodiment, the firmware includes functional firmware;
if an operation request corresponding to the firmware is received, acquiring an identifier and a digital signature of the hardware of the requested firmware to be currently operated, including:
if a request for operating the functional firmware is received, acquiring an identifier and a digital signature of the hardware to be operated by the functional firmware through a starting program of the functional firmware;
the obtaining a decryption key from the firmware includes:
a decryption key is obtained from the functional firmware.
In a specific embodiment, the identifier is a unique identifier of a processor in the hardware.
The embodiment of the invention also provides a device for authorization management based on encryption, which comprises:
the first acquisition module is used for acquiring the identifier and the digital signature of the hardware to be operated currently of the requested firmware if an operation request corresponding to the firmware is received;
a second obtaining module, configured to obtain a decryption key from the firmware; the decryption key is used for decrypting the digital signature in the authorized hardware;
the decryption module is used for decrypting the digital signature through the decryption key to obtain a decryption result;
the pause module is used for confirming that the current hardware to be operated is not authorized hardware and discarding the operation request if the decryption result does not comprise the identifier;
and the execution module is used for confirming that the current hardware to be operated is authorized hardware and executing the operation request if the decryption result comprises the identifier.
In a specific embodiment, the apparatus further comprises:
the setting module is used for acquiring the identifier of the authorized hardware; encrypting the identifier based on a preset encryption key to generate a digital signature; burning the digital signature into the authorized hardware.
The embodiment of the invention also provides a terminal, which comprises a memory and a processor, wherein the memory stores a computer program, and the processor runs the computer program to enable the processor to execute the method for authorization management based on encryption.
The embodiment of the invention also provides a storage medium, wherein a computer program is stored on the storage medium, and when being executed by a processor, the computer program realizes the method for authorization management based on encryption.
Therefore, the embodiment of the invention provides a method, a device, a terminal and a storage medium for authorization management based on encryption, wherein the method comprises the following steps: if an operation request corresponding to the firmware is received, acquiring an identifier and a digital signature of the hardware to be operated currently of the requested firmware; obtaining a decryption key from the firmware; the decryption key is used for decrypting the digital signature in the authorized hardware; decrypting the digital signature through the decryption key to obtain a decryption result; if the decryption result does not include the identifier, determining that the current hardware to be operated is not authorized hardware, and discarding the operation request; and if the decryption result comprises the identifier, confirming that the current hardware to be operated is authorized hardware, and executing the operation request. In the scheme, authorized hardware is managed through the secret key, and the identifier is matched only after the digital signature of the authorized hardware is decrypted, so that the operation of other unauthorized hardware on the firmware is avoided, and the leakage of the firmware is effectively avoided.
Drawings
In order to more clearly illustrate the technical solution of the present invention, the drawings required to be used in the embodiments will be briefly described below, and it should be understood that the following drawings only illustrate some embodiments of the present invention, and therefore should not be considered as limiting the scope of the present invention. Like components are numbered similarly in the various figures.
Fig. 1 is a flowchart illustrating a method for authorization management based on encryption according to an embodiment of the present invention;
fig. 2 is a schematic specific flowchart illustrating the generation of a digital signature in a method for authorization management based on encryption according to an embodiment of the present invention;
fig. 3 is a schematic diagram illustrating another specific flow chart of generating a digital signature in a method for authorization management based on encryption according to an embodiment of the present invention;
fig. 4 is a schematic structural framework diagram of an apparatus for authorization management based on encryption according to an embodiment of the present invention;
fig. 5 is a schematic diagram illustrating another structural framework of an apparatus for authorization management based on encryption according to an embodiment of the present invention;
fig. 6 is a schematic diagram of another structural framework of an apparatus for authorization management based on encryption according to an embodiment of the present invention.
Illustration of the drawings:
201-a first acquisition module; 202-a second obtaining module; 203-a decryption module; 204-a suspension module; 205-an execution module; 206-a setup module; 207-key module.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments.
The components of embodiments of the present invention generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations. Thus, the following detailed description of the embodiments of the present invention, presented in the figures, is not intended to limit the scope of the invention, as claimed, but is merely representative of selected embodiments of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present invention without making any creative effort, shall fall within the protection scope of the present invention.
Hereinafter, the terms "including", "having", and their derivatives, which may be used in various embodiments of the present invention, are only intended to indicate specific features, numbers, steps, operations, elements, components, or combinations of the foregoing, and should not be construed as first excluding the existence of, or adding to, one or more other features, numbers, steps, operations, elements, components, or combinations of the foregoing.
Furthermore, the terms "first," "second," "third," and the like are used solely to distinguish one from another and are not to be construed as indicating or implying relative importance.
Unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which various embodiments of the present invention belong. The terms (such as those defined in commonly used dictionaries) should be interpreted as having a meaning that is consistent with their contextual meaning in the relevant art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein in various embodiments of the present invention.
Example 1
The embodiment 1 of the invention discloses a method for authorization management based on encryption, which comprises the following steps as shown in figure 1:
step S101, if an operation request corresponding to firmware is received, acquiring an identifier and a digital signature of hardware to be operated currently of the requested firmware;
specifically, in the present solution, a key pair is set for authorized hardware in advance, specifically, the key pair includes an encryption key and a decryption key, the authorized hardware is distinguished through the key pair, and the specific authorized hardware may be one authorized hardware or a cluster formed by a plurality of authorized hardware.
Wherein, the identification is a unique identification number of a processor in hardware. Specifically, the identifier may be a hardware UID (Unique identification number).
Specifically, firstly, aiming at different authorized hardware sets, a paired encryption key and decryption key are set; different sets of authorized hardware correspond to different encryption keys. In addition, the encryption key may correspond to a preset encryption algorithm, and the decryption key corresponds to a preset decryption algorithm, so that the encryption is performed by combining the encryption algorithm with the encryption key, and the decryption operation is performed by combining the decryption algorithm with the decryption key.
Then, acquiring an identifier of authorized hardware; encrypting the identifier based on a preset encryption key to generate a digital signature; burning the digital signature into the authorized hardware.
Specifically, for example, the key pair is generated according to different clients, and includes a key a and a key B, respectively, where the key a is responsible for encryption and the key B is responsible for decryption.
In an actual application scenario, a USB cable or a network cable is plugged into hardware such as an HMI, and a serial port cable is connected to a PC (personal computer) on which upper computer tool software is installed and then powered on.
Referring to fig. 2 and 3, after the tool software on the factory upper computer or the user upper computer sends a command for reading the hardware UID, the tool software encrypts the UID according to the secret key a to form a digital signature. The upper computer tool software burns the generated digital signature into a FLASH memory or an EEPROM (Electrically Erasable Programmable read only memory), so that the hardware becomes the hardware with the specific digital signature.
Further, the UID of the hardware can be read by upper computer software through USB, ethernet, serial port or the like based on CPU hardware (Unique identification number), and a digital signature is generated by combining an encryption algorithm and stored in hardware FLASH or EEPROM such as HMI or PLC, and specifically, the process can be completed in a hardware manufacturing factory (as shown in fig. 2) or can be completed by a user independently (as shown in fig. 3).
Step S102, acquiring a decryption key from the firmware; the decryption key is used for decrypting the digital signature in the authorized hardware;
specifically, in an embodiment, the "acquiring a decryption key from the firmware" in step S102 includes: and acquiring a decryption key from the downloaded firmware.
In yet another embodiment, the "obtaining a decryption key from the firmware" in step S102 includes: a decryption key is obtained from the functional firmware.
Step S103, decrypting the digital signature through the decryption key to obtain a decryption result;
step S104, if the decryption result does not include the identifier, determining that the current hardware to be operated is not authorized hardware, and discarding the operation request;
step S105, if the decryption result includes the identifier, determining that the current hardware to be operated is authorized hardware, and executing the operation request.
Further, the firmware comprises a download firmware and a functional firmware which are matched with each other; the same decryption key is set in the matched download firmware and the function firmware;
therefore, the step S101 of acquiring the identifier and the digital signature of the hardware, where the hardware is currently to be executed, of the requested firmware if the operation request corresponding to the firmware is received includes:
if the request of downloading the functional firmware is received through the downloading firmware, acquiring the identifier and the digital signature of the hardware to be operated currently of the functional firmware through the downloading firmware;
specifically, still taking the above example as an example, the key B is embedded into the engineering compilation file (i.e., firmware) in the development software such as configuration in advance. Therefore, when function estimation in the firmware needs to be downloaded, the downloading tool can be obtained first, then the UID and the digital signature in the hardware are read through the downloading tool, and the text is generated by decrypting through the secret key B according to a certain algorithm. And comparing the text generated by decryption with the UID, if the result is correct (the UID in the text obtained by decryption is consistent with the UID directly read, namely the hardware is authorized hardware), executing downloading operation, and if the result is wrong (the result is incorrect (the UID in the text obtained by decryption is not consistent with the UID directly read, namely the hardware is not authorized hardware), executing no operation.
In addition, specifically, if the digital signature of the hardware is not read, the digital signature of the hardware is considered to be null, and a decryption result obtained after decryption is also null, so that the comparison cannot be correct finally.
Further, the firmware includes functional firmware;
the step S101 of acquiring the identifier and the digital signature of the hardware to be currently operated in the requested firmware if the operation request corresponding to the firmware is received includes:
if a request for operating the functional firmware is received, acquiring an identifier and a digital signature of the hardware to be operated by the functional firmware through a starting program of the functional firmware;
here, when the hardware is powered on to run. The UID is read by a boot program in an engineering file (i.e., firmware, possibly obtained by copying) in the hardware. And the starting program decrypts the digital signature in the hardware through a certain algorithm according to the key B in the engineering file to produce a text. And comparing the text generated by decryption with the UID, if the text is correct, continuing to execute the user engineering, and if the text is wrong, stopping executing.
Therefore, the user files of different users can be conveniently associated and bound with the specific hardware in the scheme, the phenomenon that the user files are downloaded into illegal hardware due to loss of the user files is avoided, and the phenomenon that unauthorized engineering files are downloaded into the hardware to be executed illegally is also avoided. The key A and the key B are used separately, and the confidentiality is good. In addition, the digital signature produced by combining the key and the hardware UID has good confidentiality. The key and the decryption algorithm are stored in the production burning tool software, so that the production operation is convenient. The secret key is stored in the configuration programming software, the fixed decryption algorithm is stored in the user program downloading tool software, the encryption, decryption and downloading decisions of the whole user engineering file are transparent to the user, the use difficulty of the user is reduced, and the possibility of human errors is eliminated.
Example 2
For further explanation of the present invention, embodiment 2 of the present invention further discloses an apparatus for authorization management based on encryption, as shown in fig. 4, including:
a first obtaining module 201, configured to obtain, if an operation request corresponding to a firmware is received, an identifier and a digital signature of a hardware of the requested firmware, where the hardware is currently to be run;
a second obtaining module 202, configured to obtain a decryption key from the firmware; the decryption key is used for decrypting the digital signature in the authorized hardware;
the decryption module 203 is configured to decrypt the digital signature through the decryption key to obtain a decryption result;
an abort module 204, configured to determine that the current hardware to be run is not authorized hardware if the decryption result does not include the identifier, and discard the operation request;
an executing module 205, configured to determine that the current hardware to be run is authorized hardware if the decryption result includes the identifier, and execute the operation request.
In a specific embodiment, as shown in fig. 5, the method further includes:
a setting module 206, configured to obtain an identifier of authorized hardware; encrypting the identifier based on a preset encryption key to generate a digital signature; burning the digital signature into the authorized hardware.
In a specific embodiment, as shown in fig. 6, the method further includes: a key module 207, configured to set paired encryption keys and decryption keys for different authorized hardware sets; different sets of authorized hardware correspond to different encryption keys.
In a specific embodiment, the firmware comprises a download firmware and a functional firmware which are matched with each other; the same decryption key is set in the matched download firmware and the function firmware;
the first obtaining module 201 is configured to:
if the request of downloading the functional firmware is received through the downloading firmware, acquiring the identifier and the digital signature of the hardware to be operated currently of the functional firmware through the downloading firmware;
the second obtaining module 202 is configured to:
and acquiring a decryption key from the downloaded firmware.
In a particular embodiment, the firmware includes functional firmware;
the first obtaining module 201 is configured to:
if a request for operating the functional firmware is received, acquiring an identifier and a digital signature of the hardware to be operated by the functional firmware through a starting program of the functional firmware;
the second obtaining module 202 is configured to:
a decryption key is obtained from the functional firmware.
In a specific embodiment, the identifier is a unique identifier of a processor in the hardware.
Example 3
Embodiment 3 of the present invention further discloses a terminal, which includes a memory and a processor, where the memory stores a computer program, and the processor runs the computer program to enable the processor to execute the method for authorization management based on encryption as described in embodiment 1.
Example 4
The embodiment 4 of the present invention further discloses a storage medium, wherein a computer program is stored on the storage medium, and when being executed by a processor, the computer program implements the method for authorization management based on encryption as described in the embodiment 1.
Therefore, the embodiment of the invention provides a method, a device, a terminal and a storage medium for authorization management based on encryption, wherein the method comprises the following steps: if an operation request corresponding to the firmware is received, acquiring an identifier and a digital signature of the hardware to be operated currently of the requested firmware; obtaining a decryption key from the firmware; the decryption key is used for decrypting the digital signature in the authorized hardware; decrypting the digital signature through the decryption key to obtain a decryption result; if the decryption result does not include the identifier, determining that the current hardware to be operated is not authorized hardware, and discarding the operation request; and if the decryption result comprises the identifier, confirming that the current hardware to be operated is authorized hardware, and executing the operation request. In the scheme, authorized hardware is managed through the secret key, and the identifier is matched only after the digital signature of the authorized hardware is decrypted, so that the operation of other unauthorized hardware on the firmware is avoided, and the leakage of the firmware is effectively avoided.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method can be implemented in other ways. The apparatus embodiments described above are merely illustrative and, for example, the flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, each functional module or unit in each embodiment of the present invention may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention or a part of the technical solution that contributes to the prior art in essence can be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a smart phone, a personal computer, a server, or a network device, etc.) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention.

Claims (10)

1. A method for authorization management based on encryption, comprising:
if an operation request corresponding to the firmware is received, acquiring an identifier and a digital signature of the hardware to be operated currently of the requested firmware;
obtaining a decryption key from the firmware; the decryption key is used for decrypting the digital signature in the authorized hardware;
decrypting the digital signature through the decryption key to obtain a decryption result;
if the decryption result does not include the identifier, determining that the current hardware to be operated is not authorized hardware, and discarding the operation request;
and if the decryption result comprises the identifier, confirming that the current hardware to be operated is authorized hardware, and executing the operation request.
2. The method of claim 1, further comprising:
acquiring an identifier of authorized hardware;
encrypting the identifier based on a preset encryption key to generate a digital signature;
burning the digital signature into the authorized hardware.
3. The method of claim 2, further comprising:
setting paired encryption keys and decryption keys aiming at different authorized hardware sets; different sets of authorized hardware correspond to different encryption keys.
4. The method of claim 1, wherein the firmware comprises a downloaded firmware and a functional firmware that match each other; the same decryption key is set in the matched download firmware and the function firmware;
if an operation request corresponding to the firmware is received, acquiring an identifier and a digital signature of the hardware of the requested firmware to be currently operated, including:
if a request for downloading the functional firmware through the downloading firmware is received, acquiring an identifier and a digital signature of hardware to be operated currently by the functional firmware through the downloading firmware;
the obtaining a decryption key from the firmware includes:
and acquiring a decryption key from the downloaded firmware.
5. The method of claim 4,
if an operation request corresponding to the firmware is received, acquiring an identifier and a digital signature of the hardware of the requested firmware to be currently operated, including:
if a request for operating the functional firmware is received, acquiring an identifier and a digital signature of the hardware to be operated by the functional firmware through a starting program of the functional firmware;
the obtaining a decryption key from the firmware includes:
a decryption key is obtained from the functional firmware.
6. The method of claim 1, wherein the identification is a unique identification number of a processor in hardware.
7. An apparatus for authorization management based on encryption, comprising:
the first acquisition module is used for acquiring the identifier and the digital signature of the hardware to be operated currently of the requested firmware if an operation request corresponding to the firmware is received;
a second obtaining module, configured to obtain a decryption key from the firmware; the decryption key is used for decrypting the digital signature in the authorized hardware;
the decryption module is used for decrypting the digital signature through the decryption key to obtain a decryption result;
the pause module is used for confirming that the current hardware to be operated is not authorized hardware and discarding the operation request if the decryption result does not comprise the identifier;
and the execution module is used for confirming that the current hardware to be operated is authorized hardware and executing the operation request if the decryption result comprises the identifier.
8. The apparatus of claim 7, further comprising:
the setting module is used for acquiring the identifier of the authorized hardware; encrypting the identifier based on a preset encryption key to generate a digital signature; burning the digital signature into the authorized hardware.
9. A terminal, characterized in that it comprises a memory storing a computer program and a processor running the computer program to make the processor execute the method for encryption based authorization management according to any of claims 1-6.
10. A storage medium, having stored thereon a computer program which, when executed by a processor, implements a method for encryption-based authorization management according to any of claims 1-6.
CN202111078429.9A 2021-09-15 2021-09-15 Method, device, terminal and storage medium for authorization management based on encryption Pending CN113779512A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111078429.9A CN113779512A (en) 2021-09-15 2021-09-15 Method, device, terminal and storage medium for authorization management based on encryption

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111078429.9A CN113779512A (en) 2021-09-15 2021-09-15 Method, device, terminal and storage medium for authorization management based on encryption

Publications (1)

Publication Number Publication Date
CN113779512A true CN113779512A (en) 2021-12-10

Family

ID=78843981

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111078429.9A Pending CN113779512A (en) 2021-09-15 2021-09-15 Method, device, terminal and storage medium for authorization management based on encryption

Country Status (1)

Country Link
CN (1) CN113779512A (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101084482A (en) * 2004-09-17 2007-12-05 英华达股份有限公司 Electronic software distribution method and system using a digital rights management method based on hardware identification
CN102663325A (en) * 2012-03-12 2012-09-12 苏州阔地网络科技有限公司 A method and system for binding of software and hardware
CN110365484A (en) * 2015-03-17 2019-10-22 阿里巴巴集团控股有限公司 A kind of data processing method of equipment certification, apparatus and system
US20200328902A1 (en) * 2017-09-07 2020-10-15 China Iwncomm Co., Ltd. Digital credential management method and device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101084482A (en) * 2004-09-17 2007-12-05 英华达股份有限公司 Electronic software distribution method and system using a digital rights management method based on hardware identification
CN102663325A (en) * 2012-03-12 2012-09-12 苏州阔地网络科技有限公司 A method and system for binding of software and hardware
CN110365484A (en) * 2015-03-17 2019-10-22 阿里巴巴集团控股有限公司 A kind of data processing method of equipment certification, apparatus and system
US20200328902A1 (en) * 2017-09-07 2020-10-15 China Iwncomm Co., Ltd. Digital credential management method and device

Similar Documents

Publication Publication Date Title
CN111404682B (en) Android environment key segmentation processing method and device
CN110968844A (en) Software authorization method in off-line state, server and readable storage medium
CN105450620A (en) Information processing method and device
CN101523399A (en) Methods and systems for modifying an integrity measurement based on user athentication
US9684783B2 (en) Self-authentication device and method
CN103946856A (en) Encryption and decryption process method, apparatus and device
CN100447772C (en) Programmable logic controller peripheral device
CN104486355A (en) Method and device for preventing malicious manipulation of codes
CN111596938A (en) Embedded equipment firmware safety upgrading method, system, terminal and storage medium
JP2009253783A (en) Mobile terminal, data protection method and program for data protection
CN115314253A (en) Data processing method, device, system, equipment and working machine
CN103186728A (en) Encryption and decryption devices and methods thereof
CN110704814B (en) Anti-copy method and device, and storage medium
KR20190112959A (en) Operating method for machine learning model using encrypted data and apparatus based on machine learning model
FR3007168A1 (en) MECHANISM FOR VERIFYING THE AUTHENTICITY OF A PRODUCT
CN103703718A (en) System and method for obfuscating initiation values of cryptography protocol
CN113779512A (en) Method, device, terminal and storage medium for authorization management based on encryption
CN116644485A (en) Anti-counterfeiting authentication method and device for server memory, electronic equipment and storage medium
CN104933367A (en) Information processing method and electronic device
CN107682147B (en) Security management method and system for smart card chip operating system file
CN112948838A (en) Chip encryption starting method, navigation chip and receiver thereof
CN111783069A (en) Operation method and device of rental equipment and equipment
CN108882217A (en) A kind of method and its bluetooth equipment of batch write-in Bluetooth MAC address
CN113067701B (en) Method and device for updating binding relationship
CN112395596B (en) Android system-based anti-cutting machine application installation method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination