CN114021091A - Authorization method and device based on encryption lock, electronic device and storage medium - Google Patents
Authorization method and device based on encryption lock, electronic device and storage medium Download PDFInfo
- Publication number
- CN114021091A CN114021091A CN202111232859.1A CN202111232859A CN114021091A CN 114021091 A CN114021091 A CN 114021091A CN 202111232859 A CN202111232859 A CN 202111232859A CN 114021091 A CN114021091 A CN 114021091A
- Authority
- CN
- China
- Prior art keywords
- authorized
- authorization
- equipment
- encryption
- current
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Abstract
The application relates to an authorization method, an authorization device, an electronic device and a storage medium based on an encryption lock, wherein the method comprises the following steps: acquiring the current authorized equipment number in the encryption lock by using a preset secret key; and when the device is in factory setting, authorizing the device to be authorized according to the current authorized device number and the current identity information of the device to be authorized to obtain and store first authorization encryption information so as to finish the authorization of the authorized device. By the method and the device, the problem that cost is increased due to the fact that a special encryption lock needs to be equipped for each device in the related technology is solved; the authorization of the corresponding number of devices to be authorized is completed by using the current number of authorized devices in the encryption lock, so that the production cost is reduced.
Description
Technical Field
The present application relates to the field of computer technologies, and in particular, to an authorization method and apparatus based on a dongle, an electronic apparatus, and a storage medium.
Background
Many software applications currently involve comparing core algorithms and intellectual property, and there exists an authorizing software or software library (packaged API) to an authorized party, who produces a device based on the authorized software or software library (packaged API), and finally markets the device. Therefore, software protection is required, and the software protection is generally divided into soft encryption and hard encryption, and the hard encryption is commonly called as an encryption lock. The enciphered lock is one intelligent software protecting tool for software developer, and includes one hardware installed in parallel port or USB port of computer, and one set of interface software and tool software suitable for various languages.
At present, an authorization method based on an encryption lock is that an authorizer specifies a secret key by himself, authorization information is written into the encryption lock by using an encryption algorithm carried by the encryption lock, then the encryption lock and software provided by authorization are sent to an authorized party, and each device of the authorized party needs to be authorized and verified with a corresponding special encryption lock when running. Then how many devices are authorized to be used, and how many encryption locks need to be provided, resulting in increased cost.
Aiming at the problem that the cost is increased due to the fact that a special encryption lock needs to be equipped for each device in the related art, no effective solution is provided at present.
Disclosure of Invention
The embodiment provides an authorization method, an authorization device, an electronic device and a storage medium based on an encryption lock, so as to solve the problem that in the related art, a special encryption lock needs to be equipped for each device, which causes cost increase.
In a first aspect, in this embodiment, a method for authorization based on a dongle is provided, including:
acquiring the current authorized equipment number in the encryption lock by using a preset secret key;
and when the device is in factory setting, authorizing the device to be authorized according to the current authorized device number and the current identity information of the device to be authorized to obtain and store first authorization encryption information so as to finish the authorization of the authorized device.
In some embodiments, the provided encryption lock-based authorization method further includes:
when the device to be authorized is operated, judging whether the first authorization encryption information exists in the device to be authorized;
if the first authorization encryption information exists in the equipment to be authorized, verifying the first authorization encryption information based on the current identity information of the equipment to be authorized so as to determine the authorized state of the equipment to be authorized;
and if the equipment to be authorized does not have the first authorization encryption information, determining that the authorization state of the equipment to be authorized is an unauthorized state.
In some embodiments, the verifying the first authorization encryption information based on the current identity information of the device to be authorized to determine the authorized status of the device to be authorized includes:
generating second authorization encryption information based on the current identity information of the equipment to be authorized by using an encryption algorithm;
comparing and verifying the second authorization encryption information and the first authorization encryption information;
if the second authorization encryption information is consistent with the first authorization encryption information, the authentication is passed, so that the authorization state of the device to be authorized is determined to be an authorized state;
if the second authorization encryption information is inconsistent with the first authorization encryption information, the verification is not passed so as to determine that the authorization state of the device to be authorized is an unauthorized state.
In some embodiments, the provided encryption lock-based authorization method further includes:
obtaining the authorization code and the number of the configured devices of the encryption lock, and changing the current number of the authorized devices in the encryption lock according to the authorization code and the number of the configured devices.
In some embodiments, the provided encryption lock-based authorization method further includes, after obtaining and storing the first authorization encryption information:
and changing the current authorized equipment number in the encryption lock according to the number of the equipment to be authorized.
In some embodiments, in factory setting, authorizing the device to be authorized according to the current authorized device number and the current identity information of the device to be authorized to obtain and store first authorization encryption information so as to complete authorization of the authorized device, includes:
judging whether the current authorized equipment number is available or not during factory setting;
when the number of available current authorized devices is available, generating first authorized encrypted information based on the current identity information of the device to be authorized by using an encryption algorithm;
and storing the first authorization encryption information into a specific storage area of the device to be authorized so as to finish the authorization of the authorized device.
In some embodiments, the provided encryption lock-based authorization method, after obtaining the current number of authorized devices in the encryption lock by using the preset key, further includes:
and when the device leaves the factory, authorizing the sub-equipment to be authorized according to the current authorized equipment number and the current identity information of the sub-equipment to be authorized through the main equipment connected with the sub-equipment to be authorized in a networking mode to obtain third authorization encryption information and store the third authorization encryption information so as to finish the authorization of the authorized sub-equipment.
In a second aspect, in this embodiment, there is provided an encryption lock-based authorization apparatus, including: the system comprises an acquisition module and a first authorization module;
the acquisition module is used for acquiring the current authorized equipment number in the encryption lock by using a preset secret key;
and the first authorization module is used for authorizing the equipment to be authorized according to the current authorized equipment number and the current identity information of the equipment to be authorized when the equipment leaves factory settings, obtaining and storing first authorization encryption information, so as to finish authorization of the authorized equipment.
In a third aspect, in this embodiment, there is provided an electronic apparatus, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor implements the dongle-based authorization method according to the first aspect when executing the computer program.
In a fourth aspect, in the present embodiment, there is provided a storage medium having stored thereon a computer program which, when executed by a processor, implements the dongle-based authorization method of the first aspect described above.
Compared with the related art, the authorization method, the authorization device, the electronic device and the storage medium based on the encryption lock provided in the embodiment obtain the current number of authorized devices in the encryption lock by using the preset key; when the device is delivered from a factory, authorizing the device to be authorized according to the current authorized device number and the current identity information of the device to be authorized to obtain and store first authorization encryption information so as to finish the authorization of the authorized device; the problem that the cost is increased due to the fact that a special encryption lock needs to be arranged for each device in the related technology is solved; the authorization of the corresponding number of devices to be authorized is completed by using the current number of authorized devices in the encryption lock, so that the production cost is reduced.
The details of one or more embodiments of the application are set forth in the accompanying drawings and the description below to provide a more thorough understanding of the application.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
fig. 1 is a block diagram of a hardware structure of a terminal device according to an encryption lock-based authorization method provided in an embodiment of the present application;
FIG. 2 is a flowchart of an encryption lock-based authorization method according to an embodiment of the present application;
FIG. 3 is a flowchart of step S220 in FIG. 2;
FIG. 4 is a schematic flow chart illustrating a process for remotely changing the number of authorized devices currently in the dongle according to an embodiment of the present application;
FIG. 5 is a flowchart illustrating a method for authorization based on a dongle according to an embodiment of the present application;
fig. 6 is a schematic flow chart of sub-device authorization provided in an embodiment of the present application;
fig. 7 is a block diagram illustrating a structure of an authorization apparatus based on a dongle according to an embodiment of the present application.
In the figure: 210. an acquisition module; 220. a first authorization module.
Detailed Description
For a clearer understanding of the objects, aspects and advantages of the present application, reference is made to the following description and accompanying drawings.
Unless defined otherwise, technical or scientific terms used herein shall have the same general meaning as commonly understood by one of ordinary skill in the art to which this application belongs. The use of the terms "a" and "an" and "the" and similar referents in the context of this application do not denote a limitation of quantity, either in the singular or the plural. The terms "comprises," "comprising," "has," "having," and any variations thereof, as referred to in this application, are intended to cover non-exclusive inclusions; for example, a process, method, and system, article, or apparatus that comprises a list of steps or modules (elements) is not limited to the listed steps or modules, but may include other steps or modules (elements) not listed or inherent to such process, method, article, or apparatus. Reference throughout this application to "connected," "coupled," and the like is not limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect. Reference to "a plurality" in this application means two or more. "and/or" describes an association relationship of associated objects, meaning that three relationships may exist, for example, "A and/or B" may mean: a exists alone, A and B exist simultaneously, and B exists alone. In general, the character "/" indicates a relationship in which the objects associated before and after are an "or". The terms "first," "second," "third," and the like in this application are used for distinguishing between similar items and not necessarily for describing a particular sequential or chronological order.
The method embodiments provided in the present embodiment may be executed in a terminal, a computer, or a similar computing device. For example, the method is executed on a terminal, and fig. 1 is a block diagram of a hardware structure of the terminal according to the authorization method based on the dongle in this embodiment. As shown in fig. 1, the terminal may include one or more processors 102 (only one shown in fig. 1) and a memory 104 for storing data, wherein the processor 102 may include, but is not limited to, a processing device such as a microprocessor MCU or a programmable logic device FPGA. The terminal may also include a USB interface 106 for communication functions and an input-output device 108. It will be understood by those of ordinary skill in the art that the structure shown in fig. 1 is merely an illustration and is not intended to limit the structure of the terminal described above. For example, the terminal may also include more or fewer components than shown in FIG. 1, or have a different configuration than shown in FIG. 1.
The memory 104 may be used to store computer programs, for example, software programs and modules of application software, such as a computer program corresponding to the dongle-based authorization method in the present embodiment, and the processor 102 executes various functional applications and data processing by running the computer programs stored in the memory 104, so as to implement the above-mentioned methods. The memory 104 may include high speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the memory 104 may further include memory located remotely from the processor 102, which may be connected to the terminal over a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The USB interface 106 is used to receive or transmit data via a USB connection.
In this embodiment, an encryption lock-based authorization method is provided, and fig. 2 is a flowchart of the encryption lock-based authorization method of this embodiment, as shown in fig. 2, the flowchart includes the following steps:
step S210, obtaining the current authorized equipment number in the encryption lock by using a preset secret key;
step S220, in factory setting, authorizing the device to be authorized according to the current number of authorized devices and the current identity information of the device to be authorized, obtaining and storing the first authorization encryption information, so as to complete authorization of the authorized device.
It should be noted that the device to be authorized refers to a device installed with software of an authorizer; the current number of authorized devices in the dongle refers to the number of devices that remain in the current dongle that can be authorized. Such as: if the number of the current authorized devices is 10, the encryption lock can also authorize 10 devices. If the number of the current authorized devices is 99, the encryption lock can also authorize 99 devices. It should be noted that if the current authorized device number is 0, which indicates that there is no available current authorized device number, no subsequent authorization will be performed. The current number of authorized devices may be purchased by the authorized party and provided by the authorized party. Such as: at the first purchase, the authorized party directly provides the encryption lock and the number of authorized devices pre-configured in the encryption lock.
Due to the own encryption algorithm of the encryption lock, the corresponding key is required to obtain the current authorized device number from the encryption lock. The encryption algorithm is not limited, and may be an encryption algorithm such as AES or SHA.
In this embodiment, factory setting refers to a stage in which the device is completely installed with software of an authorized party. The device to be authorized may be installed again before being shipped out of a factory and sold, and the software of the authorized party is not installed in the device after being sold. The current identity information of the device to be authorized refers to the identity information of the device to be authorized when authorization is to be obtained, such as: the identity information may be based on unique serial numbers of various devices on the cpu, MAC, etc. device. In order to prevent cracking, a string of complex identity information may be obtained by performing different sequential overlapping based on unique serial numbers of various devices on the devices such as cpu, MAC, and the like (for example, 6 bytes of cpu information and 6 bytes of MAC address, 24 bytes of data obtained by performing cpu + MAC + cpu is used as the identity information of the device to be authorized, or 36 bytes of data obtained by cpu + MAC + other device ID (12 bytes) + cpu + MAC is used as the identity information of the device to be authorized), and then a preset encryption algorithm (SHA or AES) is used to generate and store the first authorization encryption information, so that authorization of the device to be authorized can be completed at this time. Because the existing encryption locks are connected through USB, the equipment to be authorized is required to be provided with a USB interface; the encryption lock is connected to the equipment to be authorized through the UBS interface only in the authorization stage, and the encryption lock can be removed after the authorization is finished, so that the authorization of the corresponding quantity of equipment to be authorized can be completed by using the current authorization equipment in one encryption lock, and the production cost is further reduced.
Through the steps, the authorization of the corresponding number of devices to be authorized can be completed by utilizing the current number of authorized devices in one encryption lock; the problem that the cost is increased due to the fact that a special encryption lock needs to be equipped for each device in the related art is solved.
The existing authorization mode also comprises license file authorization and network authorization. Among them, license file authorization is the most widely used method. The cost is lowest, the use limitation condition is less, and the software does not even need to be checked in a networking mode. But the license file authorization mode is easy to crack, and the most simple is to forge the license file. In the cooperation scheme for providing the core software, since the equipment is manufactured in the hands of the authorized party, the authorized party can copy the valid license in a large batch, and as long as the production and use environments are in the local area network environment, the authorized party finally loses the capability of controlling the equipment completely. Network authorization is divided into two categories: local area network authorization; and authorizing the wide area network. However, the same is true in nature, namely, the program queries a remote server to see if its machine is authorized. The authorization lib will generate an ID to the current device (information accompanying the hardware to generate this ID). The ID is registered at the remote authorization server, which is required to verify the ID during normal use. But if the device operating environment is a lan environment without an authorization server, authorization cannot be achieved.
Compared with the two authorization modes, the method can strictly control the number of the authorized devices in a local area network environment without an authorization server, and meets the requirement of providing core software and running a business mode of charging according to actual use.
In one embodiment, on the basis of the embodiment of fig. 2, the following steps are further included;
step S230, when the device to be authorized is operated, whether first authorization encryption information exists in the device to be authorized is judged;
step S240, if the device to be authorized has the first authorization encryption information, the first authorization encryption information is verified based on the current identity information of the device to be authorized so as to determine the authorized state of the device to be authorized;
step S250, if the device to be authorized does not have the first authorization encryption information, determining that the authorization state of the device to be authorized is an unauthorized state.
Specifically, the above step may be after step S220, or before step S210.
If the situation after step S220 is that the first authorization encryption information is already stored in the device to be authorized through step S210 and step S220, when the device to be authorized is operated, the first authorization encryption information stored in the device to be authorized is obtained to determine whether the device to be authorized has the first authorization encryption information; if the first authorization encryption information stored in the device to be authorized can be obtained, the device to be authorized has the first authorization encryption information. And then verifying the first authorization encryption information based on the current identity information of the equipment to be authorized so as to determine the authorized state of the equipment to be authorized. If the first authorization encryption information stored in the device to be authorized is not obtained, the device to be authorized does not have the first authorization encryption information, and then the authorization state of the device to be authorized can be determined to be an unauthorized state. In this embodiment, the authentication process of the device may be performed in an off-line state without the dongle. When the device to be authorized is operated offline, the first authorization encryption information in the device to be authorized is verified based on the current identity information of the device to be authorized so as to judge whether the device to be authorized is authorized, and the user can use the device to be authorized only by using the encryption lock during authorization.
Before step S210, it is the case that there is no authorized device to be authorized, and the first authorization encryption information is not stored in the device to be authorized. By executing the steps S230 to S250, if the first authorization encryption information stored in the device to be authorized is not obtained, and the device to be authorized does not have the first authorization encryption information, it may be determined that the authorization status of the device to be authorized is the unauthorized status. At this time, whether the device to be authorized is connected with the encryption lock can be continuously judged, if yes, the steps S210 and S220 can be continuously executed, so that the authorization of the device to be authorized is completed. In other embodiments, the dongle may also be connected to the device to be authorized through wireless communication, which is not limited to this.
In one embodiment, the step S240 of verifying the first authorization encryption information based on the current identity information of the device to be authorized to determine the authorized status of the device to be authorized includes the following steps;
generating second authorization encryption information based on the current identity information of the equipment to be authorized by using an encryption algorithm;
comparing and verifying the second authorization encryption information and the first authorization encryption information;
if the second authorization encryption information is consistent with the first authorization encryption information, the verification is passed so as to determine that the authorization state of the equipment to be authorized is an authorized state;
if the second authorization encryption information is inconsistent with the first authorization encryption information, the verification is not passed so as to determine that the authorization state of the device to be authorized is an unauthorized state.
Specifically, when the device runs, the first authorization encryption information needs to be verified, that is, the current identity information (unique serial numbers of various devices on the device such as cpu, MAC and the like) of the device to be authorized is read, the second authorization encryption information is generated according to a preset encryption algorithm, then the first authorization encryption information during encryption lock authorization is read for matching, and if the matching is consistent, the device is considered to be an authorized device; the first authorization encryption information and the second authorization encryption information are obtained according to the current identity information of the equipment, and cannot be verified on other equipment, so that the authorization self-verification function of the equipment is realized. In order to prevent cracking, a string of complex identity information (for example, 6 bytes of cpu information and 6 bytes of MAC address are obtained by performing different sequential overlapping based on unique serial numbers of various devices on the devices such as cpu, MAC and the like, and cpu + MAC + cpu obtains 24 bytes of data as the identity information of the device to be authorized, or cpu + MAC + other device ID (12 bytes) + cpu + MAC obtains 36 bytes of data as the identity information of the device to be authorized), and then a preset encryption algorithm (SHA or AES) is used to generate second authorization encryption information. The encryption algorithm may be an encryption algorithm such as AES, SHA, etc., and is not limited.
The second authorization encryption information is different from the first authorization encryption information in that: the generated time nodes are different; the first authorization encryption information is generated at the time of factory setting; the second authorization encryption information is generated when the device to be authorized is operated, and it can be considered that the device needs to generate the second authorization encryption information to verify the first authorization encryption information each time the device is operated. Due to the uniqueness of the identity information of the device to be authorized, if the second authorization encryption information is consistent with the first authorization encryption information, the verification is passed, and the device to be authorized is authorized. If the second authorization encryption information is inconsistent with the first authorization encryption information, the verification is not passed, and the device to be authorized is not authorized; or the hardware of the device to be authorized is replaced after the device to be authorized is authorized, which may also result in the verification being invalid. Both of these situations require re-authorization.
In one embodiment, after the first authorization encryption information is obtained and stored, the following steps are further included;
and changing the current authorized equipment number in the encryption lock according to the number of the equipment to be authorized, and storing the changed current authorized equipment number by the encryption lock. The authorization is generally a factory single machine authorization, and at this time, the number of current authorized devices in the encryption lock can be changed by subtracting one. If the number of the devices to be authorized is multiple, the number of the current authorized devices in the encryption lock is changed by a corresponding number subtraction according to the number of the devices to be authorized.
In one embodiment, as shown in fig. 3, step S220 includes the following steps;
judging whether the available current authorized equipment number exists or not during factory setting;
when the number of available current authorized devices is available, generating first authorized encrypted information based on the current identity information of the device to be authorized by using an encryption algorithm;
and storing the first authorization encryption information into a specific storage area of the device to be authorized to complete the authorization of the authorized device.
Specifically, the basis for judging whether the available current authorized device number is 0 may be whether the current authorized device number is 0; if the current authorized equipment number is 0; then the number of available current authorized devices is considered; if the current authorized equipment number is not 0; then the current number of authorized devices available is deemed to be available. The encryption algorithm in step S220 may also be an encryption algorithm such as AES or SHA. In the present application, the same encryption algorithm may be used, and different encryption algorithms may also be used, for example: the encryption algorithm involved in step S240 is AES; the encryption algorithm involved in step S220 is SHA, which can further improve security. First authorization encryption information is generated by using a preset encryption algorithm based on current identity information (unique serial numbers of various devices on the equipment such as a cpu and an MAC) of the equipment to be authorized, and then the first authorization encryption information is stored in a specific storage area of the equipment to be authorized. The specific storage area refers to an area that cannot be restored by factory settings, such as: the specific storage area refers to a C-disc specific folder.
In one embodiment, in order to realize remote management and facilitate the use of the user, if the authorized party needs to purchase the authorized devices again in the using process of the encryption lock, the following steps can be included;
and obtaining the authorization code and the configuration equipment number of the encryption lock, and changing the current authorization equipment number in the encryption lock according to the authorization code and the configuration equipment number.
Specifically, the authorization code can be executed only once, and after the execution, the number of the configuration devices is changed to the current number of the authorization devices in the encryption lock, and the authorization code is changed to the encryption lock. FIG. 4 is a schematic flow chart illustrating a process of remotely changing the number of authorized devices currently in the dongle; including an authorizer PC, an authorized PC, and a dongle. The number of authorized devices and the authorization code are preset in the encryption lock. The authorized party PC is connected with the encryption lock through a USB, the number of authorized devices and the authorization codes in the encryption lock are read through key decryption, and the number of authorized devices and the authorization codes are displayed through running of state software preset by the encryption lock; when an authorized party purchases a new authorized device number (configuration device number), the device number and the authorization code in the encryption lock are provided. The authorized party PC is connected with the authorized party PC through a network, and the encryption lock authorization change software is manufactured according to the authorization code, the current authorization equipment number and the newly purchased configuration equipment number; and providing the new encryption lock authorization change software to the authorized party PC. The authorized party PC runs the encryption lock authorization change software to display the new authorization equipment number and the new authorization code, and decrypts and modifies the authorization equipment number and the new authorization code in the encryption lock by using the secret key; and then replying the new authorization equipment number and the authorization code of the encryption lock of the authorization party. And the authorizing party PC confirms that the encryption lock in the authorized party successfully updates the number of the authorizing devices.
The present embodiment is described and illustrated below by means of preferred embodiments.
Fig. 5 is a flowchart illustrating the authorization method based on the dongle according to the preferred embodiment.
When the device is set before factory, the device to be authorized needs to be connected with the encryption lock through a USB for authorization, and the number of authorized devices is preset in the encryption lock. The specific process of single device authorization is as follows: reading first authorization encryption information in a device to be authorized; judging whether first authorization encryption information exists or not; if the first authorization encryption information is read, reading the current identity information, and generating second encryption information by using (AES or SHA); verifying whether the authorization encryption information is consistent; if the device authorization is consistent with the device authorization, displaying the device authorization; if the first authorization encryption information is inconsistent or not read, displaying that the equipment is not authorized; judging whether a USB encryption lock is connected or not; if the USB encryption lock is not connected, the equipment stops running the software to be authorized; if the USB encryption lock is connected, the software to be authorized in the equipment to be authorized uses the secret key to read the number of authorized equipment in the encryption lock; judging whether the number of available authorized devices exists; if no available authorization equipment number exists, displaying that the equipment with the encryption lock authorization equipment number of 0 stops running the software to be authorized; if the number of the available authorized devices is available, reading the current identity information, generating and storing first authorized encryption information by using a secret key (AES or SHA), storing the first authorized encryption information in a specific storage area of the device to be authorized, and simultaneously subtracting 1 from the number of the authorized devices in the encryption lock by using the secret key, thereby completing the encryption lock authorization process. Therefore, the method has the characteristics of low cost and simplicity in operation, the uniqueness of the authorization data is ensured based on the encryption verification of the identity information of the equipment, and the scheme is low in price, safe and convenient to popularize.
In one embodiment, after step S210, the method further includes:
and when the device leaves the factory, authorizing the to-be-authorized sub-device through the main device connected with the to-be-authorized sub-device in a networking mode according to the current authorized device number and the current identity information of the to-be-authorized sub-device to obtain third authorization encryption information and store the third authorization encryption information so as to finish authorization of the to-be-authorized sub-device.
Specifically, this embodiment may also be performed after step S220; step S210 is relatively a master device; in some application scenarios, it may further include that the authorizing party provides the master device, the authorizing software produces the sub-devices for the authorized party, and the final operating environment is formed by networking the master sub-devices together. At this time, the USB interface of the slave device produced by the authorized party is not limited, and only the master device needs to have the USB interface.
When the device leaves factory, the main device needs to be connected with the encryption lock through a USB, the sub-device authorizes through the main device, and the number of authorized devices is preset in the encryption lock. As shown in fig. 6, the specific process of the child device authorization is as follows:
the main device inquires the third authorization encryption information to the sub-device through the network, and the sub-device verifies the third authorization encryption information to respond to the authorization state, so that the inquiry of the authorization condition of the sub-device is completed; if the sub-equipment is authorized, displaying that the sub-equipment is authorized; if the sub-equipment is not authorized, displaying that the sub-equipment is not authorized; decrypting the identity information of the sub-equipment by using the key (the main equipment inquires the identity information to the sub-equipment through a network, and the sub-equipment encrypts the identity information by using the key to respond to the encrypted sub-equipment identity information); in the sub-equipment, checking the third authorization encryption information, and if the third authorization encryption information is authorized, normally networking; if not, automatically verifying again after preset time (15 minutes) and judging whether the authorization is available; if the software is not authorized, disconnecting the networking and stopping running the software to be authorized; and if the authorization is successful, normally networking. The software to be authorized in the main equipment uses the secret key to decrypt and read the number of authorized equipment in the encryption lock; judging whether the number of available authorized devices exists; if no available authorization equipment number exists, displaying that the equipment with the encryption lock authorization equipment number of 0 stops running the software to be authorized; if the number of the available authorized devices is available, reading the current identity information, and generating third authorized encryption information by using a secret key (AES or SHA); the third authorized encryption information is sent to the corresponding sub-equipment to be stored, the third authorized encryption information is stored in a specific storage area of the sub-equipment (cannot be reset by factory reset), and meanwhile the number of authorized equipment in the encryption lock is reduced by 1 by using a secret key; and the identification is authorized in the sub-equipment without re-verification so as to normally establish the network. Thus, the encryption lock authorization process is completed. The identification can represent an authorization state, and whether the inquiry is authorized can be realized by inquiring the authorization state. The encryption lock is used as a controller, the identity information of the equipment is encrypted (AES or SHA and the like) to obtain authorized encryption information, and the authorized encryption information is used as verification information for self-verification authorization of the equipment, so that the effective operation quantity of the remote authorization control equipment is realized.
It should be noted that the steps illustrated in the above-described flow diagrams or in the flow diagrams of the figures may be performed in a computer system, such as a set of computer-executable instructions, and that, although a logical order is illustrated in the flow diagrams, in some cases, the steps illustrated or described may be performed in an order different than here.
In this embodiment, an authorization apparatus based on an encryption lock is further provided, and the apparatus is used to implement the foregoing embodiments and preferred embodiments, which have already been described and are not described again. The terms "module," "unit," "subunit," and the like as used below may implement a combination of software and/or hardware for a predetermined function. Although the means described in the embodiments below are preferably implemented in software, an implementation in hardware, or a combination of software and hardware is also possible and contemplated.
Fig. 7 is a block diagram of the structure of the authorization apparatus based on the dongle according to the embodiment, and as shown in fig. 7, the apparatus includes: an acquisition module 210 and a first authorization module 220;
an obtaining module 210, configured to obtain, by using a preset key, a current authorized device number in an encryption lock;
the first authorization module 220 is configured to, in factory setting, authorize the device to be authorized according to the current number of authorized devices and the current identity information of the device to be authorized, obtain first authorization encryption information, and store the first authorization encryption information, so as to complete authorization of the authorized device.
By the device, the problem of cost increase caused by the fact that a special encryption lock needs to be equipped for each device in the related technology is solved; the authorization of the corresponding number of devices to be authorized is completed by using the current number of authorized devices in the encryption lock, so that the production cost is reduced.
In one embodiment, on the basis of fig. 7, a verification module is further included;
the verification module is used for judging whether the equipment to be authorized has the first authorization encryption information or not when the equipment to be authorized operates;
if the first authorization encryption information exists in the equipment to be authorized, verifying the first authorization encryption information based on the current identity information of the equipment to be authorized so as to determine the authorized state of the equipment to be authorized;
and if the equipment to be authorized does not have the first authorization encryption information, determining that the authorization state of the equipment to be authorized is an unauthorized state.
In one embodiment, the verification module is further configured to generate second authorization encryption information based on the current identity information of the device to be authorized by using an encryption algorithm;
comparing and verifying the second authorization encryption information and the first authorization encryption information;
if the second authorization encryption information is consistent with the first authorization encryption information, the authentication is passed, so that the authorization state of the device to be authorized is determined to be an authorized state;
if the second authorization encryption information is inconsistent with the first authorization encryption information, the verification is not passed so as to determine that the authorization state of the device to be authorized is an unauthorized state.
In one embodiment, on the basis of fig. 7, a change module is further included;
the changing module is further configured to obtain an authorization code and a number of configured devices of the encryption lock, and change the current number of authorized devices in the encryption lock according to the authorization code and the number of configured devices.
In one embodiment, on the basis of fig. 7, after the first authorization encryption information is obtained and stored, a change module is further included;
and the changing module is used for changing the number of the current authorized devices in the encryption lock according to the number of the devices to be authorized.
In one embodiment, the first authorization module 220 is further configured to determine whether the current authorization device number is available in factory setting;
when the number of available current authorized devices is available, generating first authorized encrypted information based on the current identity information of the device to be authorized by using an encryption algorithm;
and storing the first authorization encryption information into a specific storage area of the device to be authorized so as to finish the authorization of the authorized device.
In one embodiment, on the basis of fig. 7, after the current authorized device number in the dongle is obtained by using the preset key, a second authorization module is further provided;
and the second authorization module is used for authorizing the sub-equipment to be authorized according to the current authorization equipment number and the current identity information of the sub-equipment to be authorized through the main equipment connected with the sub-equipment to be authorized in a networking mode during factory setting, so as to obtain and store third authorization encryption information, and thus, authorization of the authorized sub-equipment is completed.
The above modules may be functional modules or program modules, and may be implemented by software or hardware. For a module implemented by hardware, the modules may be located in the same processor; or the modules can be respectively positioned in different processors in any combination.
There is also provided in this embodiment an electronic device comprising a memory having a computer program stored therein and a processor arranged to run the computer program to perform the steps of any of the above method embodiments.
Optionally, the electronic apparatus may further include a transmission device and an input/output device, wherein the transmission device is connected to the processor, and the input/output device is connected to the processor.
Optionally, in this embodiment, the processor may be configured to execute the following steps by a computer program:
s1, acquiring the current authorized equipment number in the encryption lock by using the preset key;
s2, when the device is factory set, authorizing the device to be authorized according to the current number of the authorized devices and the current identity information of the device to be authorized, obtaining and storing the first authorization encryption information, so as to complete the authorization of the authorized device.
It should be noted that, for specific examples in this embodiment, reference may be made to the examples described in the foregoing embodiments and optional implementations, and details are not described again in this embodiment.
In addition, in combination with the authorization method based on the encryption lock provided in the foregoing embodiment, a storage medium may also be provided in this embodiment. The storage medium having stored thereon a computer program; the computer program, when executed by a processor, implements any of the above embodiments of the dongle-based authorization method.
It should be understood that the specific embodiments described herein are merely illustrative of this application and are not intended to be limiting. All other embodiments, which can be derived by a person skilled in the art from the examples provided herein without any inventive step, shall fall within the scope of protection of the present application.
It is obvious that the drawings are only examples or embodiments of the present application, and it is obvious to those skilled in the art that the present application can be applied to other similar cases according to the drawings without creative efforts. Moreover, it should be appreciated that in the development of any such actual implementation, as in any engineering or design project, numerous implementation-specific decisions must be made to achieve the developers' specific goals, such as compliance with system-related and business-related constraints, which may vary from one implementation to another.
The term "embodiment" is used herein to mean that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the present application. The appearances of such phrases in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is to be expressly or implicitly understood by one of ordinary skill in the art that the embodiments described in this application may be combined with other embodiments without conflict.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the patent protection. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present application shall be subject to the appended claims.
Claims (10)
1. An authorization method based on a encryption lock is characterized by comprising the following steps:
acquiring the current authorized equipment number in the encryption lock by using a preset secret key;
and when the device is in factory setting, authorizing the device to be authorized according to the current authorized device number and the current identity information of the device to be authorized to obtain and store first authorization encryption information so as to finish the authorization of the authorized device.
2. The dongle-based authorization method of claim 1, further comprising:
when the device to be authorized is operated, judging whether the first authorization encryption information exists in the device to be authorized;
if the first authorization encryption information exists in the equipment to be authorized, verifying the first authorization encryption information based on the current identity information of the equipment to be authorized so as to determine the authorized state of the equipment to be authorized;
and if the equipment to be authorized does not have the first authorization encryption information, determining that the authorization state of the equipment to be authorized is an unauthorized state.
3. The dongle-based authorization method according to claim 2, wherein the verifying the first authorization encryption information based on the current identity information of the device to be authorized to determine the authorized status of the device to be authorized comprises:
generating second authorization encryption information based on the current identity information of the equipment to be authorized by using an encryption algorithm;
comparing and verifying the second authorization encryption information and the first authorization encryption information;
if the second authorization encryption information is consistent with the first authorization encryption information, the authentication is passed, so that the authorization state of the device to be authorized is determined to be an authorized state;
if the second authorization encryption information is inconsistent with the first authorization encryption information, the verification is not passed so as to determine that the authorization state of the device to be authorized is an unauthorized state.
4. The dongle-based authorization method of claim 1, further comprising:
obtaining the authorization code and the number of the configured devices of the encryption lock, and changing the current number of the authorized devices in the encryption lock according to the authorization code and the number of the configured devices.
5. The dongle-based authorization method of claim 1, further comprising, after obtaining and storing the first authorization encryption information:
and changing the current authorized equipment number in the encryption lock according to the number of the equipment to be authorized.
6. The encryption lock-based authorization method according to any one of claims 1 to 5, wherein the authorizing the device to be authorized according to the current authorized device number and the current identity information of the device to be authorized at factory setting to obtain and store the first authorization encryption information so as to complete the authorization of the authorized device comprises:
judging whether the current authorized equipment number is available or not during factory setting;
when the number of available current authorized devices is available, generating first authorized encrypted information based on the current identity information of the device to be authorized by using an encryption algorithm;
and storing the first authorization encryption information into a specific storage area of the device to be authorized so as to finish the authorization of the authorized device.
7. The dongle-based authorization method according to claim 6, further comprising, after obtaining the current number of authorized devices in the dongle by using the preset key:
and when the device leaves the factory, authorizing the sub-equipment to be authorized according to the current authorized equipment number and the current identity information of the sub-equipment to be authorized through the main equipment connected with the sub-equipment to be authorized in a networking mode to obtain third authorization encryption information and store the third authorization encryption information so as to finish the authorization of the authorized sub-equipment.
8. An authorization device based on a dongle, comprising: the system comprises an acquisition module and a first authorization module;
the acquisition module is used for acquiring the current authorized equipment number in the encryption lock by using a preset secret key;
and the first authorization module is used for authorizing the equipment to be authorized according to the current authorized equipment number and the current identity information of the equipment to be authorized when the equipment leaves factory settings, obtaining and storing first authorization encryption information, so as to finish authorization of the authorized equipment.
9. An electronic apparatus comprising a memory and a processor, wherein the memory has stored therein a computer program, and the processor is arranged to run the computer program to perform the dongle-based authorization method of any of claims 1 to 7.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the dongle-based authorization method of any of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111232859.1A CN114021091A (en) | 2021-10-22 | 2021-10-22 | Authorization method and device based on encryption lock, electronic device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111232859.1A CN114021091A (en) | 2021-10-22 | 2021-10-22 | Authorization method and device based on encryption lock, electronic device and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114021091A true CN114021091A (en) | 2022-02-08 |
Family
ID=80057137
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111232859.1A Pending CN114021091A (en) | 2021-10-22 | 2021-10-22 | Authorization method and device based on encryption lock, electronic device and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114021091A (en) |
-
2021
- 2021-10-22 CN CN202111232859.1A patent/CN114021091A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103218571B (en) | System and method for temporary secure boot of an electronic device | |
| CN108494740B (en) | Token generation and verification method, intelligent terminal and server | |
| TW201732669A (en) | Controlled secure code authentication | |
| CN107743067B (en) | Method, system, terminal and storage medium for issuing digital certificate | |
| US10361864B2 (en) | Enabling a secure OEM platform feature in a computing environment | |
| TW201802719A (en) | Message authentication with secure code verification | |
| CN112182550A (en) | Authorization method, authorization system, activation device and computing equipment for application program | |
| CN108541324A (en) | A kind of unlocking method of electronic lock device, client and its electronic lock device | |
| CN111917773A (en) | Service data processing method and device and server | |
| TWI598764B (en) | Content protection via online servers and code execution in a secure operating system | |
| CN111131300B (en) | Communication method, terminal and server | |
| JP2014531659A (en) | System and method for user authentication | |
| CN108712246B (en) | Intelligent household equipment and system and visitor password acquisition method | |
| CN111159656A (en) | Method, device, equipment and storage medium for preventing software from being used without authorization | |
| US20160277182A1 (en) | Communication system and master apparatus | |
| CN109508529B (en) | Method for realizing safety starting verification of payment terminal | |
| CN107133499B (en) | Software copyright protection method, client, server and system | |
| CN107968764B (en) | Authentication method and device | |
| WO2024027301A1 (en) | Encryption method for automobile diagnosis software | |
| US9177123B1 (en) | Detecting illegitimate code generators | |
| CN114021091A (en) | Authorization method and device based on encryption lock, electronic device and storage medium | |
| CN108390892B (en) | Control method and device for security access of remote storage system | |
| CN112287305B (en) | Data processing method, user lock and server | |
| CN114697113A (en) | Hardware accelerator card-based multi-party privacy calculation method, device and system | |
| CN114117400A (en) | Registration method, verification method, client device, sending card and display screen |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |