CN114817956A - USB communication object verification method, system, device and storage medium - Google Patents

USB communication object verification method, system, device and storage medium Download PDF

Info

Publication number
CN114817956A
CN114817956A CN202210408071.XA CN202210408071A CN114817956A CN 114817956 A CN114817956 A CN 114817956A CN 202210408071 A CN202210408071 A CN 202210408071A CN 114817956 A CN114817956 A CN 114817956A
Authority
CN
China
Prior art keywords
communication object
result
instruction
random number
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210408071.XA
Other languages
Chinese (zh)
Inventor
欧阳焜
王伟
余显杨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Allwinner Technology Co Ltd
Original Assignee
Allwinner Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Allwinner Technology Co Ltd filed Critical Allwinner Technology Co Ltd
Priority to CN202210408071.XA priority Critical patent/CN114817956A/en
Publication of CN114817956A publication Critical patent/CN114817956A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Signal Processing (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a USB communication object verification method, a system, a device and a storage medium. The method comprises the following steps: generating a random number and a first instruction according to the first request; the communication object encrypts the random number according to the first instruction and the first secret key to generate first data; decrypting the first data through a second key to generate second data; generating a verification result according to the second data and the random number; and processing the second instruction according to the verification result. The communication object is verified before the control command issued by the communication object is processed, so that the safety of the equipment is improved; the flexibility is improved because the instruction content issued by the communication object does not need to be subjected to targeted limitation; the communication object is verified in a mode of generating the random number, encrypting the random number through the communication object and decrypting the random number ciphertext through the equipment end, extra hardware is not needed to be introduced, the cost is reduced, the random numbers generated in each verification process are inconsistent, and the safety of the equipment is further improved.

Description

USB communication object verification method, system, device and storage medium
Technical Field
The present application relates to the field of USB communication technologies, and in particular, to a method, a system, an apparatus, and a storage medium for USB communication object authentication.
Background
Developers use the USB tool to issue commands to the device that can query the device for information, control the state of the device, or download new firmware into the device. For example, in the actual production process, a USB communication function is added to the BOOT ROM of the chip, so that the chip can communicate with the BOOT ROM of the chip through a USB port to complete the firmware burning operation. In order to improve the security of USB communication, SoC manufacturers generally design a proprietary USB communication protocol to complete the above-mentioned development and debugging operations, and provide a complementary USB tool. However, an attacker can perform packet capture analysis through the USB analyzer, crack the private USB communication protocol, and provide the USB communication protocol to any third party, thereby developing a corresponding USB cracking tool to control the device to accomplish various illegal purposes, such as reading sensitive information stored in the device and downloading malicious codes into the device, which threatens the device and information stored in the device, and greatly destroys the security of the device.
At present, in order to prevent a malicious third party from using a self-developed USB tool to steal information stored in a device and even download a tampered firmware into the device to completely modify the behavior of the device, on one hand, the method in the industry generally performs a corresponding check on a command before the command such as data read/write and program operation is executed, so as to limit the effect of the command. For example, the range in which data can be actually read and written is limited for data read and write commands; and aiming at the program operation command, performing security verification on the program before the program is operated. Obviously, although the method of performing targeted check before command execution can achieve a certain protection effect, the method has many types of commands such as data read/write and program operation, and is difficult to perform thorough check on the commands. On the other hand, the industry generally limits the USB tools, and eliminates the USB tools developed by malicious third parties by verifying the validity of the USB tools. However, the conventional USB tool restriction method needs to introduce an additional verification chip, which increases the hardware cost of the device.
Disclosure of Invention
The present invention aims to solve at least to some extent one of the technical problems existing in the prior art.
Therefore, an object of the embodiments of the present invention is to provide a method, a system, a device, and a storage medium for verifying a USB communication object, so as to verify the USB communication object without introducing an additional verification chip, thereby reducing hardware cost and improving security.
In order to achieve the technical purpose, the technical scheme adopted by the embodiment of the invention comprises the following steps:
in a first aspect, an embodiment of the present invention provides a method for verifying a USB communication object, including the following steps:
generating a random number and a first instruction according to a first request, wherein the first request is a connection request sent by the communication object;
after the communication object receives the random number and the first instruction, encrypting the random number according to the first instruction and a first key to generate first data;
decrypting the first data through a second key to generate second data;
generating a verification result according to the second data and the random number;
and processing a second instruction according to the verification result, wherein the second instruction is a control instruction sent by the communication object.
According to the USB communication object verification method provided by the embodiment of the invention, the communication object is verified before the control instruction issued by the communication object is processed, so that the safety of equipment is improved, the information stored in the equipment is protected, and the behavior of the equipment is prevented from being tampered; by directly verifying the communication object, the instruction content issued by the communication object does not need to be subjected to targeted limitation, so that the flexibility is improved; the communication object is verified in a mode of generating the random number, encrypting the random number through the communication object and decrypting the random number ciphertext through the equipment end, extra hardware is not needed to be introduced, the cost is reduced, the random numbers generated in each verification process are inconsistent, and the safety of the equipment is further improved.
In addition, the USB communication object authentication method according to the above embodiment of the present invention may further have the following additional technical features:
further, in the method for authenticating a USB communication object according to the embodiment of the present invention, before the step of encrypting the random number according to the first instruction and generating the first data, the method further includes:
acquiring a second request;
and sending the random number and the first instruction to the communication object according to the second request.
Further, in one embodiment of the present invention, the verification result includes a first result and a second result;
the generating a verification result according to the second data and the random number comprises:
judging whether the second data is consistent with the random number;
if so, generating the first result, wherein the first result is that the verification is passed;
and if not, generating the second result, wherein the second result is that the verification is not passed.
Further, in an embodiment of the present invention, the processing the second instruction according to the verification result includes:
if the verification result is a first result, executing the second instruction;
and if the verification result is a second result, rejecting the second instruction.
In a second aspect, an embodiment of the present invention provides a USB communication object verification system, including:
the random number generation module is used for generating a random number and a first instruction according to the first request;
the decryption module is used for decrypting the first data through a second key to generate second data;
the verification module is used for generating a verification result according to the second data and the random number;
and the instruction processing module is used for processing a second instruction according to the verification result.
Further, in an embodiment of the present invention, the USB communication object authentication system further includes:
the acquisition module is used for acquiring a second request;
and the sending module is used for sending the random number and the first instruction to the communication object according to the second request.
Further, in one embodiment of the present invention, the verification result includes a first result and a second result;
the authentication module includes:
the judging module is used for judging whether the second data is consistent with the random number or not;
the verification result generation module is used for generating the first result if the first result is positive; and if not, generating the second result.
Further, in one embodiment of the present invention, the instruction processing module includes:
the instruction execution module is used for executing the second instruction if the verification result is the first result;
and the instruction rejection module is used for rejecting the second instruction if the verification result is a second result.
In a third aspect, an embodiment of the present invention provides a USB communication object verification apparatus, including:
at least one processor;
at least one memory for storing at least one program;
when the at least one program is executed by the at least one processor, the at least one program causes the at least one processor to implement the USB communication object authentication method.
In a fourth aspect, an embodiment of the present invention provides a storage medium, in which a processor-executable program is stored, and the processor-executable program is used for implementing the USB communication object authentication method when being executed by a processor.
Advantages and benefits of the present invention will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the present application:
the embodiment of the invention verifies the communication object before processing the control command issued by the communication object, thereby improving the safety of the equipment, protecting the information stored in the equipment and preventing the behavior of the equipment from being tampered; by directly verifying the communication object, the instruction content issued by the communication object does not need to be subjected to targeted limitation, so that the flexibility is improved; the communication object is verified in a mode of generating the random number, encrypting the random number through the communication object and decrypting the random number ciphertext through the equipment end, extra hardware is not needed to be introduced, the cost is reduced, the random numbers generated in each verification process are inconsistent, and the safety of the equipment is further improved.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the following description is made on the drawings of the embodiments of the present application or the related technical solutions in the prior art, and it should be understood that the drawings in the following description are only for convenience and clarity of describing some embodiments in the technical solutions of the present application, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without creative efforts.
FIG. 1 is a flow chart illustrating a USB communication object authentication method according to an embodiment of the present invention;
FIG. 2 is a schematic structural diagram of a USB communication object authentication system according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a USB communication object authentication apparatus according to an embodiment of the present invention.
Detailed Description
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are exemplary only for the purpose of explaining the present application and are not to be construed as limiting the present application. The step numbers in the following embodiments are provided only for convenience of illustration, the order between the steps is not limited at all, and the execution order of each step in the embodiments can be adapted according to the understanding of those skilled in the art.
The terms "first," "second," "third," and "fourth," etc. in the description and claims of the invention and in the accompanying drawings are used for distinguishing between different objects and not for describing a particular order. Furthermore, the terms "include" and "have," as well as any variations thereof, are intended to cover non-exclusive inclusions. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those steps or elements listed, but may alternatively include other steps or elements not listed, or inherent to such process, method, article, or apparatus.
Reference in the specification to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the invention. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is explicitly and implicitly understood by one skilled in the art that the embodiments described herein can be combined with other embodiments.
Developers use the USB tool to issue commands to the device that can query the device for information, control the state of the device, or download new firmware into the device. For example, in the actual production process, a USB communication function is added to the BOOT ROM of the chip, so that the chip can communicate with the BOOT ROM through the USB port to complete the firmware burning operation. In order to improve the security of USB communication, SoC manufacturers generally design a proprietary USB communication protocol to complete the above-mentioned development and debugging operations, and provide a complementary USB tool. However, an attacker can perform packet capture analysis through the USB analyzer, crack the private USB communication protocol, and provide the USB communication protocol to any third party, thereby developing a corresponding USB cracking tool to control the device to accomplish various illegal purposes, such as reading sensitive information stored in the device and downloading malicious codes into the device, which threatens the device and information stored in the device, and greatly destroys the security of the device.
At present, in order to prevent a malicious third party from using a self-developed USB tool to steal information stored in a device and even download a tampered firmware into the device to completely modify the behavior of the device, on one hand, the method in the industry generally performs a corresponding check on a command before the command such as data read/write and program operation is executed, so as to limit the effect of the command. For example, the range in which data can be actually read and written is limited for data read and write commands; and aiming at the program operation command, performing security verification on the program before the program is operated. Obviously, although the method of performing targeted check before command execution can achieve a certain protection effect, the method has many types of commands such as data read/write and program operation, and is difficult to perform thorough check on the commands. On the other hand, the industry generally limits the USB tools, and eliminates the USB tools developed by malicious third parties by verifying the validity of the USB tools. However, the conventional USB tool restriction method needs to introduce an additional verification chip, which increases the hardware cost of the device.
Therefore, the invention provides a USB communication object verification method and a system, which are different from the traditional USB communication object verification method and have the problems of poor flexibility and safety or need to introduce additional hardware; by directly verifying the communication object, the instruction content issued by the communication object does not need to be subjected to targeted limitation, so that the flexibility is improved; the communication object is verified in a mode of generating the random number, encrypting the random number through the communication object and decrypting the random number ciphertext through the equipment end, extra hardware is not needed to be introduced, the cost is reduced, the random numbers generated in each verification process are inconsistent, and the safety of the equipment is further improved.
A USB communication object authentication method and system according to an embodiment of the present invention will be described in detail below with reference to the accompanying drawings, and first, a USB communication object authentication method according to an embodiment of the present invention will be described with reference to the accompanying drawings.
Referring to fig. 1, an embodiment of the present invention provides a USB communication object verification method, where the USB communication object verification method in the embodiment of the present invention may be applied to a terminal, a server, or software running in the terminal or the server. The terminal may be, but is not limited to, a tablet computer, a notebook computer, a desktop computer, and the like. The server may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server providing basic cloud computing services such as a cloud service, a cloud database, cloud computing, a cloud function, cloud storage, a network service, cloud communication, middleware service, a domain name service, a security service, a Content Delivery Network (CDN), a big data and artificial intelligence platform, and the like. The USB communication object verification method in the embodiment of the invention mainly comprises the following steps:
s101, generating a random number and a first instruction according to a first request;
wherein the first request is a connection request sent by the communication object.
Specifically, the communication object sends a connection request to the device, and the device generates authentication information including a random number and a first instruction for authenticating the communication object after receiving the connection request. It can be understood that the random number has the characteristic of randomness, the random number generated in the process of authenticating the communication object every time has randomness, and the communication object is difficult to authenticate by copying and retransmitting the generated communication data, so that the reliability of the authentication of the communication object is improved, and the safety of the device is improved.
S102, after the communication object receives the random number and the first instruction, encrypting the random number according to the first instruction and a first key to generate first data;
in one embodiment of the present invention, the first key is a private key of an RSA encryption algorithm in a legitimate communication object (a communication object associated with a device). It can be understood that if the communication object is a USB tool developed by a third party, the private key cannot be held, and the encrypted ciphertext generated by encrypting the random number is different.
Specifically, after receiving the random number and the first instruction, the communication object encrypts the random number according to the first instruction and a first key to generate an encrypted ciphertext, that is, the first data.
In the embodiment of the present invention, before step S102, the following steps are further included:
(1) acquiring a second request;
(2) and sending the random number and the first instruction to the communication object according to the second request.
Specifically, the communication object sends a second request to the device, and acquires the random number and the first instruction generated by the device.
S103, decrypting the first data through a second key to generate second data;
in combination with step S102, the second secret key is a public key corresponding to a private key in a legitimate communication object (a communication object matching with the device). It is understood that the first data generated by the legitimate communication object (communication object associated with the device) after encrypting the random number by the first key generates the second data under decryption by the second key, and the second data is consistent with the random number generated in step S101.
Specifically, in one embodiment of the present invention, the key pair of the RSA encryption algorithm is either fixed at the time of device production or burned into the device during development.
S104, generating a verification result according to the second data and the random number;
wherein the verification result comprises a first result and a second result.
S104 may be further divided into the following steps S1041-S1043:
step S1041, judging whether the second data is consistent with the random number;
specifically, according to steps S102 to S103, if the communication object is legal (communication object associated with the device), that is, if the communication object holds a private key paired with the second key (public key), the random number is encrypted by the first key at the communication object, and the second data obtained by decrypting the random number by the second key at the device side matches the random number generated in step S101. .
Step S1042, if yes, generating the first result, wherein the first result is that the verification is passed;
specifically, as shown in step S1041, if the second data matches the random number, the communication object passes the authentication.
And step S1043, if not, generating the second result, wherein the second result is that the verification is not passed.
Specifically, according to step S1041, if the second data is not consistent with the random number, the communication object authentication is not passed.
And S105, processing a second instruction according to the verification result.
Wherein the second instruction is a control instruction sent by the communication object.
S105 may be further divided into the following steps S1051-S1052:
step S1051, if the verification result is the first result, executing the second instruction;
specifically, if the communication object passes the verification, the device executes the control instruction sent by the communication object.
Step S1052, if the verification result is the second result, rejecting the second instruction.
Specifically, if the communication object fails to be verified, the device refuses to execute the control instruction sent by the communication object.
In summary, in the USB communication object verification method according to the embodiment of the present invention, the communication object is verified before the control instruction issued by the communication object is processed, so that the security of the device is improved, the information stored in the device is protected, and the behavior of the device is prevented from being tampered; by directly verifying the communication object, the instruction content issued by the communication object does not need to be subjected to targeted limitation, so that the flexibility is improved; the communication object is verified by generating the random number, encrypting the random number through the communication object and decrypting the random number ciphertext through the equipment end, no additional hardware is required to be introduced, the cost is reduced, the random numbers generated in each verification process are inconsistent, and the safety of the equipment is further improved.
Next, a USB communication object authentication system proposed according to an embodiment of the present application is described with reference to the drawings.
Fig. 2 is a schematic structural diagram of a USB communication object authentication system according to an embodiment of the present application.
The system specifically comprises:
a random number generation module 201, configured to generate a random number and a first instruction according to the first request;
a decryption module 202, configured to decrypt the first data through a second key to generate second data;
the verification module 203 is configured to generate a verification result according to the second data and the random number;
and the instruction processing module 204 is configured to process the second instruction according to the verification result.
As an optional implementation manner, the USB communication object authentication system further includes:
the acquisition module is used for acquiring a second request;
and the sending module is used for sending the random number and the first instruction to the communication object according to the second request.
As an optional implementation, the verification result includes a first result and a second result;
the authentication module includes:
the judging module is used for judging whether the second data is consistent with the random number or not;
the verification result generation module is used for generating the first result if the first result is positive; and if not, generating the second result.
As an optional implementation, the instruction processing module includes:
the instruction execution module is used for executing the second instruction if the verification result is the first result;
and the instruction rejection module is used for rejecting the second instruction if the verification result is a second result.
It can be seen that the contents in the foregoing method embodiments are all applicable to this system embodiment, the functions specifically implemented by this system embodiment are the same as those in the foregoing method embodiment, and the advantageous effects achieved by this system embodiment are also the same as those achieved by the foregoing method embodiment.
Referring to fig. 3, an embodiment of the present application provides a USB communication object authentication apparatus, including:
at least one processor 301;
at least one memory 302 for storing at least one program;
when executed by the at least one processor 301, the at least one program causes the at least one processor 301 to implement the method for USB communication object authentication.
Similarly, the contents of the method embodiments are all applicable to the apparatus embodiments, the functions specifically implemented by the apparatus embodiments are the same as the method embodiments, and the beneficial effects achieved by the apparatus embodiments are also the same as the beneficial effects achieved by the method embodiments.
In alternative embodiments, the functions/acts noted in the block diagrams may occur out of the order noted in the operational illustrations. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality/acts involved. Furthermore, the embodiments presented and described in the flowcharts of the present application are provided by way of example in order to provide a more thorough understanding of the technology. The disclosed methods are not limited to the operations and logic flows presented herein. Alternative embodiments are contemplated in which the order of various operations is changed and in which sub-operations described as part of larger operations are performed independently.
Furthermore, although the present application is described in the context of functional modules, it should be understood that, unless otherwise stated to the contrary, one or more of the functions and/or features may be integrated in a single physical device and/or software module, or one or more functions and/or features may be implemented in separate physical devices or software modules. It will also be appreciated that a detailed discussion regarding the actual implementation of each module is not necessary for an understanding of the present application. Rather, the actual implementation of the various functional modules in the apparatus disclosed herein will be understood within the ordinary skill of an engineer, given the nature, function, and internal relationship of the modules. Accordingly, those skilled in the art can, using ordinary skill, practice the present application as set forth in the claims without undue experimentation. It is also to be understood that the specific concepts disclosed are merely illustrative of and not intended to limit the scope of the application, which is defined by the appended claims and their full scope of equivalents.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium, which includes programs for enabling a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The logic and/or steps represented in the flowcharts or otherwise described herein, such as an ordered listing of executable programs that can be considered for implementing logical functions, can be embodied in any computer-readable medium for use by or in connection with a program execution system, apparatus, or device, such as a computer-based system, processor-containing system, or other system that can fetch the programs from the program execution system, apparatus, or device and execute the programs. For the purposes of this description, a "computer-readable medium" can be any means that can contain, store, communicate, propagate, or transport the program for use by or in connection with the program execution system, apparatus, or device.
More specific examples (a non-exhaustive list) of the computer-readable medium would include the following: an electrical connection (electronic device) having one or more wires, a portable computer diskette (magnetic device), a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber device, and a portable compact disc read-only memory (CDROM). Additionally, the computer-readable medium could even be paper or another suitable medium upon which the program is printed, as the program can be electronically captured, via for instance optical scanning of the paper or other medium, then compiled, interpreted or otherwise processed in a suitable manner if necessary, and then stored in a computer memory.
It should be understood that portions of the present application may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in memory and executed by a suitable program execution system. For example, if implemented in hardware, as in another embodiment, any one or combination of the following techniques, which are known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.
In the foregoing description of the specification, reference to the description of "one embodiment/example," "another embodiment/example," or "certain embodiments/examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the application. In this specification, schematic representations of the above terms do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
While embodiments of the present application have been shown and described, it will be understood by those of ordinary skill in the art that: numerous changes, modifications, substitutions and alterations can be made to the embodiments without departing from the principles and spirit of the application, the scope of which is defined by the claims and their equivalents.
While the present application has been described with reference to the preferred embodiments, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.

Claims (10)

1. A USB communication object verification method is characterized by comprising the following steps:
generating a random number and a first instruction according to a first request, wherein the first request is a connection request sent by the communication object;
after the communication object receives the random number and the first instruction, encrypting the random number according to the first instruction and a first key to generate first data;
decrypting the first data through a second key to generate second data;
generating a verification result according to the second data and the random number;
and processing a second instruction according to the verification result, wherein the second instruction is a control instruction sent by the communication object.
2. The method for authenticating the USB communication object according to claim 1, wherein before the step of encrypting the random number according to the first command to generate the first data, the method further comprises:
acquiring a second request;
and sending the random number and the first instruction to the communication object according to the second request.
3. The method according to claim 1, wherein the authentication result comprises a first result and a second result;
the generating a verification result according to the second data and the random number comprises:
judging whether the second data is consistent with the random number;
if so, generating the first result, wherein the first result is that the verification is passed;
if not, generating the second result, wherein the second result is that the verification is not passed.
4. The method according to claim 3, wherein said processing the second command according to the verification result comprises:
if the verification result is a first result, executing the second instruction;
and if the verification result is a second result, rejecting the second instruction.
5. A USB communication object authentication system, comprising:
the random number generation module is used for generating a random number and a first instruction according to the first request;
the decryption module is used for decrypting the first data through a second key to generate second data;
the verification module is used for generating a verification result according to the second data and the random number;
and the instruction processing module is used for processing a second instruction according to the verification result.
6. The USB communication object authentication system of claim 5, further comprising:
the acquisition module is used for acquiring a second request;
and the sending module is used for sending the random number and the first instruction to the communication object according to the second request.
7. The method according to claim 5, wherein the authentication result comprises a first result and a second result;
the authentication module includes:
the judging module is used for judging whether the second data is consistent with the random number or not;
the verification result generation module is used for generating the first result if the first result is positive; and if not, generating the second result.
8. The USB communication object authentication method according to claim 7, wherein the instruction processing module comprises:
the instruction execution module is used for executing the second instruction if the verification result is the first result;
and the instruction rejection module is used for rejecting the second instruction if the verification result is a second result.
9. A USB communication object authentication apparatus, comprising:
at least one processor;
at least one memory for storing at least one program;
when executed by the at least one processor, cause the at least one processor to implement a USB communication object authentication method as claimed in any one of claims 1 to 4.
10. A storage medium having stored therein a program executable by a processor, characterized in that: the processor executable program when executed by a processor is for implementing a USB communication object authentication method as claimed in any one of claims 1 to 4.
CN202210408071.XA 2022-04-19 2022-04-19 USB communication object verification method, system, device and storage medium Pending CN114817956A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210408071.XA CN114817956A (en) 2022-04-19 2022-04-19 USB communication object verification method, system, device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210408071.XA CN114817956A (en) 2022-04-19 2022-04-19 USB communication object verification method, system, device and storage medium

Publications (1)

Publication Number Publication Date
CN114817956A true CN114817956A (en) 2022-07-29

Family

ID=82505308

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210408071.XA Pending CN114817956A (en) 2022-04-19 2022-04-19 USB communication object verification method, system, device and storage medium

Country Status (1)

Country Link
CN (1) CN114817956A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115544578A (en) * 2022-11-24 2022-12-30 苏州浪潮智能科技有限公司 Solid state disk reading and writing method and device, electronic equipment and readable storage medium

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115544578A (en) * 2022-11-24 2022-12-30 苏州浪潮智能科技有限公司 Solid state disk reading and writing method and device, electronic equipment and readable storage medium

Similar Documents

Publication Publication Date Title
US10797868B2 (en) Shared secret establishment
CN110519309B (en) Data transmission method, device, terminal, server and storage medium
US7346780B2 (en) Integrity ordainment and ascertainment of computer-executable instructions
US10616197B2 (en) Message authentication with secure code verification
US8171306B2 (en) Universal secure token for obfuscation and tamper resistance
US7779478B2 (en) System and method for distributed module authentication
CN111404696B (en) Collaborative signature method, security service middleware, related platform and system
CN109412812B (en) Data security processing system, method, device and storage medium
CN110795126A (en) Firmware safety upgrading system
CN113268715A (en) Software encryption method, device, equipment and storage medium
CN103269271A (en) Method and system for back-upping private key in electronic signature token
JP6387908B2 (en) Authentication system
KR100561497B1 (en) Software secure authenticated channel
CN110765470A (en) Method and device for realizing safety keyboard, computer equipment and storage medium
CN102196317A (en) Set-top box protection method and set-top box
KR20070059891A (en) Application authentication security system and method thereof
CN114817956A (en) USB communication object verification method, system, device and storage medium
WO2024027301A1 (en) Encryption method for automobile diagnosis software
CN112613033A (en) Method and device for safely calling executable file
CN116881936A (en) Trusted computing method and related equipment
CN115766192A (en) UKEY-based offline security authentication method, device, equipment and medium
CN114553557B (en) Key calling method, device, computer equipment and storage medium
CN115357948A (en) Hardware anti-copying encryption method and device based on TEE and encryption chip
KR20150072007A (en) Method for accessing temper-proof device and apparatus enabling of the method
CN111046440B (en) Tamper verification method and system for secure area content

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination