CN114297613A - Control authority obtaining method and device based on time type encryption lock - Google Patents

Control authority obtaining method and device based on time type encryption lock Download PDF

Info

Publication number
CN114297613A
CN114297613A CN202111657564.9A CN202111657564A CN114297613A CN 114297613 A CN114297613 A CN 114297613A CN 202111657564 A CN202111657564 A CN 202111657564A CN 114297613 A CN114297613 A CN 114297613A
Authority
CN
China
Prior art keywords
encryption lock
result
software
encryption
random number
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111657564.9A
Other languages
Chinese (zh)
Inventor
陆舟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Feitian Technologies Co Ltd
Original Assignee
Feitian Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Feitian Technologies Co Ltd filed Critical Feitian Technologies Co Ltd
Priority to CN202111657564.9A priority Critical patent/CN114297613A/en
Publication of CN114297613A publication Critical patent/CN114297613A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The present application relates to the field of information security technologies, and in particular, to a method and an apparatus for acquiring control authority based on a time-based encryption lock. The method comprises the following steps: determining whether an encryption lock in the application program is successfully unlocked; when the encryption lock is successfully opened, indicating the encryption lock to call a built-in first processing program to obtain a second random number; encrypting the obtained second random number according to a preset public key to obtain a corresponding public key encryption result; according to the public key encryption result, the encryption lock is instructed to call a built-in second processing program to carry out authority verification processing, and a corresponding verification result is obtained; and when the verification result is that the authority authentication is passed, obtaining the control authority aiming at the application program based on the verification result. Through the introduction of the encryption lock, before the control authority of the application program is obtained, verification processing based on the encryption lock is required to be performed, the application program can be effectively prevented from being pirated and used after being extracted, and the effectiveness of application program copyright control is further improved.

Description

Control authority obtaining method and device based on time type encryption lock
Technical Field
The present application relates to the field of information security technologies, and in particular, to a method and an apparatus for acquiring control authority based on a time-based encryption lock.
Background
In the prior art, for some application programs, anyone has the authority to perform corresponding control operation on the application program, however, in order to avoid the problem that anyone can control the application program at will, the problem can be solved by adding an authority control instruction to the application program, so that if the application program is controlled, only the corresponding authority control instruction passes verification, and the security is improved. However, although the manner of adding the authority control instruction can avoid the control of anyone on the application program, the method is simple and easy to crack; therefore, how to implement the authority control on the application program more safely becomes a technical problem which needs to be solved at present.
Disclosure of Invention
The application provides a control authority obtaining method and device based on a time type encryption lock, so that authority control over an application program can be achieved more safely.
In a first aspect, an embodiment of the present invention provides a method for obtaining control authority based on a time-based encryption lock, where an application program is developed by a software issuer who commits a software developer, the software issuer obtains an encryption lock from an encryption lock provider and initializes the encryption lock, the software developer integrates the initialized encryption lock into the application program, and after the software issuer issues the application program and a user downloads the application program using loader software, the method includes:
the loader software determining whether a dongle in the application program was successfully unlocked;
when the encryption lock is successfully opened, the loader software instructs the encryption lock to call a built-in first processing program to obtain a second random number;
the loader software encrypts the acquired second random number according to a preset public key to obtain a corresponding public key encryption result;
the loader software instructs the encryption lock to call a built-in second processing program to carry out authority verification processing according to the public key encryption result to obtain a corresponding verification result;
when the verification result is that the authority authentication is passed, the loader software obtains the control authority aiming at the application program based on the verification result;
the first and second handlers are written into the dongle by the software issuer upon initialization of the dongle.
In a second aspect, an embodiment of the present invention provides a device for obtaining control authority based on a time-based encryption lock, which is applied to an application program embedded with an encryption lock, and includes:
the first determining module is used for determining whether an encryption lock in the application program is successfully unlocked;
the instruction acquisition module is used for instructing the encryption lock to call a built-in first processing program to acquire a second random number when the encryption lock is successfully opened;
the encryption module is used for encrypting the acquired second random number according to a preset public key to obtain a corresponding public key encryption result;
the indication verification module is used for indicating the encryption lock to call a built-in second processing program to carry out authority verification processing according to the public key encryption result to obtain a corresponding verification result;
and the permission obtaining module is used for obtaining the control permission aiming at the application program based on the verification result when the verification result is that permission authentication passes.
In a third aspect, an embodiment of the present invention provides an electronic device, including: a processor and a memory;
the memory is used for storing operation instructions;
the processor is used for executing the control authority obtaining method based on the time-based encryption lock by calling the operation instruction.
In a fourth aspect, an embodiment of the present invention provides a computer-readable storage medium, which is used for storing computer instructions, and when the computer instructions are executed on a computer, the computer is enabled to execute the above-mentioned method for acquiring control authority based on a time-based encryption lock.
By means of the technical scheme, the technical scheme provided by the application at least has the following advantages:
according to the application, through the introduction of the encryption lock, the right control is performed on loader software and an application program by using the encryption lock respectively, so that before the control right of the application program is obtained, verification processing based on the encryption lock is required to be performed, the application program can be effectively prevented from being pirated and used after being extracted, and the effectiveness of application program copyright control is further improved.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the embodiments of the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
fig. 1 is a schematic flowchart of a method for acquiring control authority based on a time-based encryption lock according to the present application;
fig. 2 is a schematic processing flow diagram of a possible implementation manner of a control authority obtaining method based on a time-based encryption lock according to the present application;
fig. 3 is a schematic flowchart illustrating an embodiment of a method for acquiring control authority based on a time-based encryption lock according to the present application;
fig. 4 is a schematic structural diagram of a control authority acquiring apparatus based on a time-based encryption lock according to the present application;
fig. 5 is a schematic structural diagram of an electronic device according to the method for acquiring control authority based on a time-based encryption lock provided by the present application.
Detailed Description
The present application provides a method and an apparatus for acquiring control authority based on a time-based encryption lock, and the following describes in detail embodiments of the present application with reference to the accompanying drawings.
Reference will now be made in detail to the embodiments of the present application, examples of which are illustrated in the accompanying drawings, wherein like reference numerals refer to the same or similar elements or elements having the same or similar functions throughout. The embodiments described below with reference to the drawings are exemplary only for the purpose of explaining the present application and are not to be construed as limiting the present application.
As used herein, the singular forms "a", "an", "the" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. It will be understood that when an element is referred to as being "connected" or "coupled" to another element, it can be directly connected or coupled to the other element or intervening elements may also be present. Further, "connected" or "coupled" as used herein may include wirelessly connected or wirelessly coupled. As used herein, the term "and/or" includes all or any element and all combinations of one or more of the associated listed items.
It will be understood by those within the art that, unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the prior art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.
To make the objects, technical solutions and advantages of the present application more clear, embodiments of the present application will be described in further detail below with reference to the accompanying drawings. The following several specific embodiments may be combined with each other, and details of the same or similar concepts or processes may not be repeated in some embodiments.
As shown in fig. 1, for the flowchart of the method for acquiring control authority based on a time-based encryption lock provided by the present application, an application is developed by a software issuer who commits a software developer, the software issuer obtains the encryption lock from an encryption lock provider and initializes the encryption lock, the software developer integrates the initialized encryption lock into the application, and after the software issuer issues the application and a user downloads the application using loader software, the method of the present embodiment includes:
step S101, loader software determines whether an encryption lock in an application program is successfully opened;
step S102, when the encryption lock is successfully unlocked, loader software indicates the encryption lock to call a built-in first processing program to obtain a second random number;
step S103, the loader software encrypts a second random number returned by the encryption lock according to a preset public key to obtain a corresponding public key encryption result;
step S104, the loader software instructs the encryption lock to call a built-in second processing program to carry out authority verification processing according to the public key encryption result to obtain a corresponding verification result;
step S105, the loader software receives the verification result returned by the encryption lock; and obtaining the control authority of the application program when the verification result is that the authority verification passes.
In the application, through the introduction of the encryption lock, a guarantee based on the verification processing of the encryption lock is added for the control authority acquisition of the application program, meanwhile, the SM2 key pair and the SM4 symmetric key are used for encryption and decryption operation, mutual universality among different encryption locks is avoided, different application programs correspondingly use different encryption locks, and the safety of the application program is improved.
Based on the technical solution provided by the present application, the following explains the technical solution in detail, as shown in fig. 2, a specific processing flow of a possible implementation manner of the method for obtaining control authority based on a time-based encryption lock provided by the present application is provided.
For the application, a software issuer prepares to issue a piece of software (application program), the software issuer needs to develop the software according to the requirements of the software issuer, in order to increase the security of the software and the requirements on authority control, a security barrier, namely an encryption lock, is added in the software, the software issuer purchases the encryption lock from an encryption lock provider, and then the encryption lock is integrated into the software to be issued through the software issuer (the software to be issued needs to be used together with the encryption lock).
For a software developer, developing software according to the requirements of the software issuer, integrating an encryption lock into the software, and performing corresponding joint debugging with an encryption lock provider in order to match the requirements of the software issuer on authority control;
for the encryption lock provider, the solution (loader software) for providing the encryption lock, the initialization tool and the authority control can be coordinated with the software developer and the encryption lock, the initialization tool and the loader software are sold to the software issuer;
it is the end user of the software to the user of the software.
For the application, in order to better implement the technical scheme, the encryption lock provider also provides loader software and an initialization tool, the software storage path to be issued is integrated into the loader software, and the loader software is used for implementing the technical scheme of the application.
In the technical scheme of the application, before the software to be issued is used formally, an initialization tool is used for initializing the encryption lock, and after the initialization, the encryption lock is integrated into the software to be issued (namely, the encryption lock is used together with the software to be issued), and after the software is issued by a software issuer, a user can download the issued software by using loader software.
Specifically, a software issuer uses an initialization tool to initialize an encryption lock, that is, the initialization tool for the encryption lock is started first, the initialization tool generates a key pair and a first random number, a private key in the key pair generated by the initialization tool is used to perform file path selection corresponding to the private key, the private key is written into a file package according to the file path of the private key in a configured file package, the first random number is written into a first data file of the file package, a key file is created in the file package at the same time for storing specific byte data (first random number) of the first random number, and expiration time for effectively using the encryption lock and a first processing program and a second processing program used when the application program is downloaded are also required to be configured in the file package; and after the configuration of the file package is finished, selecting a file package path, and performing initialization processing on the encryption lock by using the configured file package so that the configuration in the file package is stored in the encryption lock.
Before issuing the software to be issued, the software issuer needs to encrypt the software to be issued in advance, that is, encrypt specific byte data of the software to be issued by using the key file configured in the file package.
For the present application, in one possible implementation manner, after the software issuer initializes the dongle using the initialization tool, the loader software controls the processing flow of the authority of the application program based on the initialized dongle, and the processing of the foregoing step S101 specifically includes the processing of the following step S201.
Step S201, the loader software is started, whether the encryption lock is successfully opened or not is determined, if yes, the step S202 is executed, and if not, the process is ended.
In one possible implementation, the loader software attempts to activate the dongle in the application and determines whether the dongle was successfully unlocked, and if so, performs step S202, otherwise, the process ends.
For the present application, in one possible implementation, the processing of step S102 specifically includes the processing of step S202 to step S203 described below.
In step S202, the loader software instructs the dongle to generate a second random number.
In one possible implementation, the loader software instructs the dongle to invoke a built-in first handler that generates a second random number and returns it through the dongle, and the loader software receives the second random number returned by the dongle.
The first handler is written by the software issuer at the time of encryption lock initialization, in which a 128-byte long first random number is preset. The length of the first random number matches (is the same as or an integer multiple of) the key length of the block encryption algorithm used by the first processing procedure, for example, the length of the first random number is 128 bytes. Further, the software issuer uses different first random numbers for different software issuers to distinguish the respective first processing programs.
The method for generating the second random number by calling the built-in first processing program by the loader software by indicating the encryption lock specifically comprises the following steps: the loader software instructs the encryption lock to call a built-in first processing program, the first processing program uses a random number generator in the encryption lock to generate a random number with the same number of bits as the first random number and caches the random number, performs bitwise XOR operation on the first random number and the generated random number, returns an XOR result as a second random number to the loader software, and caches the second random number.
In step S203, the loader software receives the second random number returned by the dongle.
For the present application, in one possible implementation, the aforementioned processing of step S103 specifically includes the processing of step S204 described below.
And step S204, the loader software encrypts the second random number by using a preset public key to obtain a public key encryption result.
In a possible implementation manner, after receiving a second random number sent by an encryption lock, loader software encrypts the second random number according to a public key in a preset key pair to obtain a corresponding public key encryption result; the public key is a public key in a key pair generated by a software issuer by using an initialization tool when the encryption lock is initialized, and is written into a loader software source code by a encryption lock provider when loader software is developed.
Further, the key pair written by the software issuer is generated by an initialization tool controlled by the software issuer.
For the present application, in one possible implementation, the aforementioned processing of step S104 specifically includes the processing of step S205 described below.
In step S205, the loader software instructs the encryption lock to call the built-in second handler to perform the authority verification process according to the encryption result of the public key, and if the authority verification is passed, step S206 is executed.
In a possible implementation manner, after obtaining the public key encryption result, the loader software instructs the encryption lock to call a built-in second processing program, and the encryption lock inputs the public key encryption result as input data into the second processing program for authority verification processing, that is, the second processing program decrypts the public key encryption result by using a preset private key in the encryption lock, and performs an exclusive-or operation on the decryption result by using a preset first random number to obtain an exclusive-or operation result; and comparing the result of the XOR operation with the current cached random number, if the result of the XOR operation is consistent with the current cached random number, the permission verification is passed, otherwise, the permission verification is not passed.
And after the verification of the loader software authority is completed, clearing the random number cached at present.
Optionally, when the second processing program is called by the encryption lock, the encryption lock checks whether the current time exceeds the expiration time of the valid use of the pre-configured encryption lock according to a built-in timer, if so, the valid use period of the encryption lock is up, and a failure notification message is directly returned to the loader software.
For the present application, in one possible implementation, the aforementioned processing of step S105 specifically includes the processing of step S206 described below.
And S206, the loader software reads the ciphertext of the application program, instructs the encryption lock to call a built-in first processing program to decrypt the ciphertext of the application program, loads the application program which is decrypted successfully into the memory, runs the application program, and ends.
The cipher text of the application program is obtained by encrypting the application program by using the initialized encryption lock before the software is released. Specifically, a first processing program in the encryption lock is called to encrypt the application program, namely the first processing program uses a built-in first random number as a secret key, and encrypts the application program by using the encryption function of the encryption lock to obtain a ciphertext of the application program;
alternatively, the encryption of the application program may be the encryption of the entire content (binary code) of the application program, or may be the encryption of part of the core content (e.g., data located in a specific area of the binary code) of the application program.
When the application program runs, the encryption lock is required to carry out authority verification, namely, the encryption lock checks whether the current time exceeds the valid use expiration time of the encryption lock configured in advance according to a built-in timer, and if the current time exceeds the valid use expiration time, the encryption lock returns a notification message that the authority verification fails; otherwise, the encryption lock returns a notification message that the authority verification is passed. If the application program receives the notification message that the limited verification passes, the application program normally runs; otherwise, the operation is stopped.
Based on the technical solution provided by the present application, the following explains the technical solution in detail, as shown in fig. 3, which is a processing flow chart of a specific embodiment of a method for obtaining control authority based on a time-based encryption lock provided by the present application.
In step S301, the software issuer starts the initialization tool to generate the SM2 key pair and the 128-byte long first random number.
Specifically, the software issuer first performs an initialization process for the dongle, and to this end starts an initialization tool that generates an SM2 key pair and a 128 byte long first random number.
In step S302, the software issuer writes the SM2 private key of the SM2 key pair and the 128-byte long first random number into the configured bundle.
Specifically, the software issuer performs file path selection corresponding to the SM2 private key according to the SM2 private key in the SM2 key pair generated by the initialization tool, writes the SM2 private key into the configured file package according to the file path of the SM2 private key, and also writes the aforementioned 128-byte-long first random number into the first data file of the file package. In the configured file package, an SM4 key file for storing the first 16 bytes of data of the 128-byte-long first random number, the expiration time of valid use of the encryption lock, and a first handler (random number handler) and a second handler (right control program) used when the application program is upgraded are also created, thereby completing the configuration of the encryption-locked file package.
Step S303, the software issuer carries out initialization processing of the encryption lock according to the configured file package.
Specifically, a blank encryption lock is inserted into the initialization tool, and the blank encryption lock is initialized according to the configured file package path.
In step S304, the software issuer sends the dongle to the software issuer.
Specifically, the software issuer sends the initialized encryption lock to the software issuer.
In step S305, the software developer integrates the dongle into the application to be issued.
In step S306, the software issuer encrypts the first 64 bytes of data of the application using the SM4 key file in the package.
Specifically, after integrating the encryption lock into the application to be issued, the software issuer encrypts the first 64 bytes of data of the application using the first 16 bytes of data of the first random number in the file package.
In step S307, the software issuer issues the encrypted application to be issued.
Step S308, the loader software downloads the encrypted application program to be issued.
Specifically, after the software issuer issues the encrypted application to be issued, the start-up processing of the application may be implemented by loader software.
In step S309, the loader software determines to unlock the encryption lock in the application.
In one possible implementation, the loader software first opens the dongle in the application program in preparation for starting the application program, and determines whether the dongle is successfully opened, and if so, performs step S310.
In step S310, the loader software instructs the encryption lock to call a built-in random number processing program.
In one possible implementation, the loader software instructs the dongle to invoke a random number handler in the dongle such that the random number handler generates a 128 byte long second random number, the dongle writes the 128 byte long second random number to the second data file and writes the 128 byte long second random number to the input output buffer, and then returns the 128 byte long second random number to the loader software.
In step S311, the loader software receives the second random number with 128 bytes length returned by the dongle.
In step S312, the loader software encrypts the 128-byte long second random number to obtain the SM2 public key encryption result.
In one possible implementation, the loader software encrypts the 128-byte long second random number according to the SM2 public key in the SM2 key pair generated by the initialization process, resulting in the corresponding SM2 public key encryption result.
In step S313, the loader software instructs the dongle to invoke the built-in authority control program according to the SM2 public key encryption result.
In one possible implementation, the loader software instructs the dongle to invoke a built-in entitlement control program based on the SM2 public key encryption result, into which the dongle enters the SM2 public key encryption result as input data.
In step S314, the dongle determines whether the current time is less than the expiration time of valid use of the preconfigured dongle, and if so, performs step S315.
Specifically, the encryption lock acquires the current time and determines whether the current time is less than the expiration time of the effective use of the previously configured encryption lock; and when the current time is determined to be less than the previously configured expiration time, executing the step S315, otherwise, directly returning a failure notification message to the loader software.
In step S315, the dongle decrypts the SM2 public key encryption result to obtain a 128-byte-long third random number.
Specifically, the dongle decrypts the SM2 public key encryption result according to the pre-stored SM2 private key, resulting in a 128-byte long third random number.
In step S316, the dongle performs an xor operation on the 128-byte long third random number and the stored 128-byte long first random number to obtain a first operation result.
Specifically, the encryption lock reads a 128-byte-long first random number stored in the first data file, and performs an exclusive or operation according to the 128-byte-long first random number and the 128-byte-long third random number to obtain a first operation result.
In step S317, the dongle performs an exclusive or operation according to the stored 128-byte long first random number and the 128-byte long second random number to obtain a second operation result.
Specifically, the dongle reads the second data file again to obtain a 128-byte-long second random number, and performs an exclusive or operation on the 128-byte-long second random number according to the 128-byte-long first random number and the 128-byte-long second random number to obtain a second operation result.
Optionally, the sequence of step S316 and step S317 may be interchanged;
step S318, the encryption lock compares the first operation result with the second operation result to obtain a corresponding xor operation result.
Further, the encryption lock compares the first operation result with the second operation result to obtain a corresponding exclusive-or operation result.
In step S319, the dongle determines whether the result of the exclusive-or operation is equal to the result of the exclusive-or operation, and if so, performs step S320.
Specifically, the dongle determines whether the xor operation result is equal to the xor operation result, and when the xor operation result is equal to the xor operation result, the dongle determines that the verification is successful, and executes step S320, otherwise, the dongle directly returns a failure notification message to the loader software.
Step S320, the encryption lock sends a notification message that the verification result is successful to the loader software.
In step S321, the loader software obtains the control authority of the application program based on the successful verification result.
In step S322, the loader software decrypts the first 64 bytes of data of the application based on the obtained control authority.
In one possible implementation, after the loader software obtains the control authority of the application program, the SM4 algorithm is called to decrypt the first 64 bytes of data of the application program by using the first 16 bytes of data of the first random number with the length of 128 bytes in the SM4 key file stored in the dongle, so as to obtain the corresponding decryption result.
And step S323, the loader software triggers and starts the application program according to the decryption result.
In one possible implementation, when the application program exits, the method further includes:
in step S324, the loader software encrypts the decryption result based on the exit of the application.
In one possible implementation, when the loader software receives the notification message of the exit of the application program, the SM4 algorithm may be further invoked to encrypt the aforementioned decryption result by using the first 16 bytes of data of the 128-byte-long first random number in the SM4 key file stored in the dongle, so as to obtain the encrypted first 64 bytes of data of the application program.
In the application, through the introduction of the encryption lock, a guarantee based on the verification processing of the encryption lock is added for the control authority acquisition of the application program, meanwhile, the SM2 key pair and the SM4 symmetric key are used for encryption and decryption operation, mutual universality among different encryption locks is avoided, different application programs correspondingly use different encryption locks, and the safety of the application program is improved.
Based on the technical solution of the method for acquiring control authority provided by the present application, the present application correspondingly provides a device for acquiring control authority based on a time-based encryption lock, wherein an application program is developed by a software issuer who entrusts a software issuer, the software issuer obtains an encryption lock from an encryption lock provider and initializes the encryption lock, the software issuer integrates the initialized encryption lock into the application program, and after the software issuer issues the application program and a user downloads the application program using loader software, as shown in fig. 4, the device 40 for acquiring control authority based on a time-based encryption lock of the present application includes:
a first determining module 401, configured to determine whether an encryption lock in an application is successfully unlocked;
an indication obtaining module 402, configured to, when the encryption lock is successfully unlocked, indicate the encryption lock to call a built-in first processing program to obtain a second random number;
the encryption module 403 is configured to encrypt the obtained second random number according to a preset public key to obtain a corresponding public key encryption result;
the indication verification module 404 is configured to indicate the encryption lock to call a built-in second processing program to perform permission verification processing according to the public key encryption result, so as to obtain a corresponding verification result;
and the permission obtaining module 405 is configured to obtain a control permission for the application program based on the verification result when the verification result is that the permission authentication passes.
In one possible implementation, the instruction obtaining module 402 is specifically configured to, when the encryption lock is successfully unlocked, instruct the encryption lock to invoke a built-in first processing program, where the first processing program generates a second random number and returns the second random number through the encryption lock; and receiving the second random number returned by the encryption lock.
In one possible implementation, the indication verifying module 404 is specifically configured to instruct the dongle to invoke a built-in second handler, and when the second handler is invoked by the dongle, the dongle obtains the current time according to a built-in timer and determines whether the current time is less than an expiration time of valid use of the preconfigured dongle; when the current time is less than the pre-configured expiration time, the verification module 404 is indicated, and the verification module is further configured to perform an exclusive-or operation based on the public key encryption result to obtain an exclusive-or operation result; and when the XOR operation result meets the preset condition, determining that the authority verification of the public key encryption result is successful, and obtaining a corresponding verification result.
Further, the instructing module 404 performs an exclusive or operation based on the public key encryption result to obtain an exclusive or operation result, including: reading the first data file to obtain a first random number stored in the first data file; decrypting the encrypted result of the public key according to a preset private key corresponding to the public key to obtain a third random number; performing XOR operation according to the first random number and the third random number to obtain a first operation result; reading the second data file to obtain a second random number stored in the second data file; performing XOR operation according to the first random number and the second random number to obtain a second operation result; and comparing the first operation result with the second operation result to obtain a corresponding XOR operation result.
In one possible implementation manner, after obtaining the control authority for the application program based on the verification result, the apparatus of this embodiment further includes:
the starting module is used for triggering and starting the application program based on the obtained control authority;
and the waiting receiving module is used for waiting for receiving the notification message of the exit of the application program.
In a possible implementation manner, the starting module is specifically configured to invoke a first algorithm to decrypt specific byte data of the application program based on the obtained control authority, so as to obtain a corresponding decryption result; and triggering and starting the application program according to the decryption result.
In one possible implementation, the apparatus of this embodiment may further include:
and the calling decryption module is used for calling a first algorithm to encrypt a decryption result after the waiting receiving module receives the notification message of the exit of the application program, so as to obtain encrypted specific byte data.
In the application, through the introduction of the encryption lock, a guarantee based on the verification processing of the encryption lock is added for the control authority acquisition of the application program, meanwhile, the SM2 key pair and the SM4 symmetric key are used for encryption and decryption operation, mutual universality among different encryption locks is avoided, different application programs correspondingly use different encryption locks, and the safety of the application program is improved.
Referring now to FIG. 5, shown is a schematic diagram of an electronic device 500 suitable for use in implementing embodiments of the present application. The electronic device may include, but is not limited to, a mobile terminal such as a mobile phone, a notebook computer, a digital broadcast receiver, a PDA (personal digital assistant), a PAD (tablet), a PMP (portable multimedia player), a vehicle-mounted terminal (e.g., a car navigation terminal), etc., and a stationary terminal such as a digital TV, a desktop computer, etc. The electronic device shown in fig. 5 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present application.
As shown in fig. 5, electronic device 500 may include a processing means (e.g., central processing unit, graphics processor, etc.) 501 that may perform various appropriate actions and processes in accordance with a program stored in a Read Only Memory (ROM)502 or a program loaded from a storage means 508 into a Random Access Memory (RAM) 503. In the RAM 503, various programs and data necessary for the operation of the electronic apparatus 500 are also stored. The processing device 501, the ROM 502, and the RAM 503 are connected to each other through a bus 504. An input/output (I/O) interface 505 is also connected to bus 504.
Generally, the following devices may be connected to the I/O interface 505: input devices 506 including, for example, a touch screen, touch pad, keyboard, mouse, camera, microphone, accelerometer, gyroscope, etc.; output devices 507 including, for example, a Liquid Crystal Display (LCD), speakers, vibrators, and the like; storage devices 508 including, for example, magnetic tape, hard disk, etc.; and a communication device 509. The communication means 509 may allow the electronic device 500 to communicate with other devices wirelessly or by wire to exchange data. While fig. 5 illustrates an electronic device 500 having various means, it is to be understood that not all illustrated means are required to be implemented or provided. More or fewer devices may alternatively be implemented or provided.
In particular, according to embodiments of the application, the processes described above with reference to the flow diagrams may be implemented as computer software programs. For example, embodiments of the present application include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method illustrated by the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network via the communication means 509, or installed from the storage means 508, or installed from the ROM 502. The computer program performs the above-described functions defined in the methods of the embodiments of the present application when executed by the processing device 501.
It should be noted that the computer readable medium mentioned above in the present application may be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present application, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In this application, however, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: electrical wires, optical cables, RF (radio frequency), etc., or any suitable combination of the foregoing.
The computer readable medium may be embodied in the electronic device; or may exist separately without being assembled into the electronic device.
The computer readable medium carries one or more programs which, when executed by the electronic device, cause the electronic device to: acquiring at least two internet protocol addresses; sending a node evaluation request comprising the at least two internet protocol addresses to node evaluation equipment, wherein the node evaluation equipment is arranged in the node evaluation equipment, and selects and returns the internet protocol addresses from the at least two internet protocol addresses; receiving an internet protocol address returned by the node evaluation equipment; built-in, the obtained internet protocol address indicates an edge node in the content delivery network.
Alternatively, the computer readable medium carries one or more programs which, when executed by the electronic device, cause the electronic device to: receiving a node evaluation request comprising at least two internet protocol addresses; selecting an internet protocol address from the at least two internet protocol addresses; returning the selected internet protocol address; built-in, the received internet protocol address indicates an edge node in the content distribution network.
Computer program code for carrying out operations for aspects of the present application may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units described in the embodiments of the present application may be implemented by software or hardware. Built-in, the name of a unit does not in some cases constitute a limitation of the unit itself, e.g. the first retrieving unit may also be described as a "unit for retrieving at least two internet protocol addresses".
The above description is only a preferred embodiment of the application and is illustrative of the principles of the technology employed. It will be appreciated by those skilled in the art that the scope of the disclosure herein is not limited to the particular combination of features described above, but also encompasses other arrangements formed by any combination of the above features or their equivalents without departing from the spirit of the disclosure. For example, the above features may be replaced with (but not limited to) features having similar functions disclosed in the present application.
The electronic device provided by the application is applicable to any embodiment of the application program starting method, and details are not repeated herein.
According to the application, through the introduction of the encryption lock, the right control is performed on loader software and an application program by using the encryption lock respectively, so that before the control right of the application program is obtained, verification processing based on the encryption lock is required to be performed, the application program can be effectively prevented from being pirated and used after being extracted, and the effectiveness of application program copyright control is further improved.
The present application provides a computer-readable storage medium storing a computer program that causes a computer to execute an application startup method shown in the above-described embodiments.
The computer-readable storage medium provided in the present application is applicable to any embodiment of the bluetooth device connection method, and is not described herein again.
In the application, through the introduction of the encryption lock, a guarantee based on the verification processing of the encryption lock is added for the control authority acquisition of the application program, meanwhile, the SM2 key pair and the SM4 symmetric key are used for encryption and decryption operation, mutual universality among different encryption locks is avoided, different application programs correspondingly use different encryption locks, and the safety of the application program is improved.
It will be understood by those within the art that each block of the block diagrams and/or flowchart illustrations, and combinations of blocks in the block diagrams and/or flowchart illustrations, can be implemented by computer program instructions. Those skilled in the art will appreciate that the computer program instructions may be implemented by a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, implement the aspects specified in the block or blocks of the block diagrams and/or flowchart illustrations disclosed herein.
Built-in, each module of the device of the application can be integrated into a whole, also can separate the deployment. The modules can be combined into one module, and can also be further split into a plurality of sub-modules.
Those skilled in the art will appreciate that the drawings are merely schematic representations of one preferred embodiment and that the blocks or flow diagrams in the drawings are not necessarily required to practice the present application.
Those skilled in the art will appreciate that the modules in the devices in the embodiments may be distributed in the devices in the embodiments according to the description of the embodiments, and may be correspondingly changed in one or more devices different from the embodiments. The modules of the above embodiments may be combined into one module, or further split into multiple sub-modules.
The above application serial numbers are for descriptive purposes only and do not represent the merits of the embodiments.
The disclosure of the present application is only a few specific embodiments, but the present application is not limited to these, and any variations that can be made by those skilled in the art are intended to fall within the scope of the present application.

Claims (10)

1. A control authority acquisition method based on a time-based encryption lock, characterized in that an application is developed by a software issuer who entrusts a software developer, the software issuer obtains an encryption lock from an encryption lock provider and initializes the encryption lock, the software developer integrates the initialized encryption lock into the application, after the software issuer issues the application and a user downloads the application using loader software, the method comprises:
the loader software determining whether a dongle in the application program was successfully unlocked;
when the encryption lock is successfully opened, the loader software instructs the encryption lock to call a built-in first processing program to obtain a second random number;
the loader software encrypts the acquired second random number according to a preset public key to obtain a corresponding public key encryption result;
the loader software instructs the encryption lock to call a built-in second processing program to carry out authority verification processing according to the public key encryption result to obtain a corresponding verification result;
when the verification result is that the authority authentication is passed, the loader software obtains the control authority aiming at the application program based on the verification result;
the first and second handlers are written into the dongle by the software issuer upon initialization of the dongle.
2. The method of claim 1, wherein the loader software instructing the dongle call to obtain a second random number comprises:
the loader software instructs the encryption lock to call a built-in first processing program, and the first processing program generates a second random number and returns the second random number through the encryption lock;
and the loader software receives the second random number returned by the encryption lock.
3. The method of claim 1, wherein the loader software instructs the dongle to invoke a built-in second handler for performing the authorization verification process according to the public key encryption result to obtain a corresponding verification result, comprising:
the loader software instructs the encryption lock to call a built-in second processing program, and when the second processing program is called by the encryption lock, the encryption lock acquires the current time according to a built-in timer;
the encryption lock determines whether the current time is less than the expiration time of the effective use of the pre-configured encryption lock;
when the current time is less than the expiration time of the valid use of a pre-configured encryption lock, the loader software performs exclusive OR operation based on the public key encryption result to obtain an exclusive OR operation result;
and when the XOR operation result meets a preset condition, the loader software determines that the authority verification of the public key encryption result is successful, and a corresponding verification result is obtained.
4. The method of claim 3, wherein the loader software performs an XOR operation based on the public key encryption result to obtain an XOR operation result, comprising:
the loader software reads a first data file to obtain a first random number stored in the first data file;
the loader software decrypts the encrypted result of the public key according to a preset private key corresponding to the public key to obtain a third random number;
the loader software carries out XOR operation according to the first random number and the third random number to obtain a first operation result;
the loader software reads a second data file to obtain a second random number stored in the second data file;
the loader software carries out XOR operation according to the first random number and the obtained second random number to obtain a second operation result;
and the loader software compares the first operation result with the second operation result to obtain a corresponding exclusive OR operation result.
5. The method of claim 1, wherein after obtaining the control authority for the application based on the verification result, further comprising:
the loader software triggers and starts the application program based on the obtained control authority;
the loader software waits to receive a notification message that the application program is exited.
6. The method of claim 5, wherein the loader software triggers launching of the application based on the obtained control permissions, comprising:
the loader software calls a first algorithm to decrypt specific byte data of the application program based on the obtained control authority to obtain a corresponding decryption result;
and the loader software triggers and starts the application program according to the decryption result.
7. The method of claim 6, further comprising:
and after the loader software receives the notification message of the exit of the application program, the loader software calls the first algorithm to encrypt the decryption result to obtain encrypted specific byte data.
8. A control authority obtaining device based on a time type encryption lock, which is applied to an application program embedded with the encryption lock, is characterized in that the device comprises:
the first determining module is used for determining whether an encryption lock in the application program is successfully unlocked;
the instruction acquisition module is used for instructing the encryption lock to call a built-in first processing program to acquire a second random number when the encryption lock is successfully opened;
the encryption module is used for encrypting the acquired second random number according to a preset public key to obtain a corresponding public key encryption result;
the indication verification module is used for indicating the encryption lock to call a built-in second processing program to carry out authority verification processing according to the public key encryption result to obtain a corresponding verification result;
and the permission obtaining module is used for obtaining the control permission aiming at the application program based on the verification result when the verification result is that permission authentication passes.
9. An electronic device, comprising: a processor and a memory;
the memory is used for storing operation instructions;
the processor is used for executing the control authority obtaining method based on the time-based encryption lock of any one of the above claims 1 to 7 by calling the operation instruction.
10. A computer-readable storage medium for storing computer instructions which, when executed on a computer, cause the computer to perform a method for acquiring control right based on a time-based encryption lock according to any one of claims 1 to 7.
CN202111657564.9A 2021-12-30 2021-12-30 Control authority obtaining method and device based on time type encryption lock Pending CN114297613A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111657564.9A CN114297613A (en) 2021-12-30 2021-12-30 Control authority obtaining method and device based on time type encryption lock

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111657564.9A CN114297613A (en) 2021-12-30 2021-12-30 Control authority obtaining method and device based on time type encryption lock

Publications (1)

Publication Number Publication Date
CN114297613A true CN114297613A (en) 2022-04-08

Family

ID=80972871

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111657564.9A Pending CN114297613A (en) 2021-12-30 2021-12-30 Control authority obtaining method and device based on time type encryption lock

Country Status (1)

Country Link
CN (1) CN114297613A (en)

Similar Documents

Publication Publication Date Title
EP2615856B1 (en) Information distribution method, information distribution system and in-vehicle terminal
JP6190188B2 (en) Information distribution system and server, in-vehicle terminal, communication terminal used therefor
US8966653B2 (en) Method and apparatus for provisioning a mobile application
US7930537B2 (en) Architecture for encrypted application installation
CN111656345B (en) Software module enabling encryption in container files
CN106936588B (en) Hosting method, device and system of hardware control lock
CN107870793B (en) Method and device for loading SO file in application program
CN101103348A (en) Method and device for consuming rights objects having inheritance structure
CN113378119B (en) Software authorization method, device, equipment and storage medium
CN103248495A (en) In-app paying method, server, client side and system
JP2007249507A (en) Information leakage prevention method, information leakage prevention system and information terminal
WO2004070587A1 (en) Architecture for encrypted application installation
CN113282951B (en) Application program security verification method, device and equipment
JP5781678B1 (en) Electronic data utilization system, portable terminal device, and method in electronic data utilization system
CN111130805B (en) Secure transmission method, electronic device, and computer-readable storage medium
CN116502189A (en) Software authorization method, system, device and storage medium
CN114297613A (en) Control authority obtaining method and device based on time type encryption lock
US20100241863A1 (en) Device for reproducing digital content, secure electronic entity, system comprising said elements and method for reproducing digital content
CN114816495A (en) OTA (over the air) upgrading method and device, electronic equipment and readable storage medium
CN113961931A (en) Adb tool using method and device and electronic equipment
CN113836538A (en) Data model processing method, device, server and storage medium
CN113505364B (en) Password protection method, electronic device and computer-readable storage medium
CN113660100B (en) Method, system and electronic equipment for generating soft token seed
CN117376035B (en) Vehicle data transmission method, system, equipment and storage medium
KR100730708B1 (en) Architecture for encrypted applicationn installation

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination