CN115221492A - Authentication method and device based on hardware key, electronic equipment and storage medium - Google Patents
Authentication method and device based on hardware key, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN115221492A CN115221492A CN202211140927.6A CN202211140927A CN115221492A CN 115221492 A CN115221492 A CN 115221492A CN 202211140927 A CN202211140927 A CN 202211140927A CN 115221492 A CN115221492 A CN 115221492A
- Authority
- CN
- China
- Prior art keywords
- level information
- key
- hardware
- module
- authenticated
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2153—Using hardware token as a secondary aspect
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The application discloses an authentication method, an authentication device, electronic equipment and a storage medium based on a hardware secret key, wherein the authentication method based on the hardware secret key comprises the following steps: when a hardware key to be authenticated and a starting module of equipment to be started are in a connection state, key level information of the hardware key to be authenticated is read through the starting module, wherein the key level information comprises more than one level value; judging whether preset level information in the starting module is consistent with the secret key level information or not, wherein the preset level information comprises more than one level value; and if the preset level information in the starting module is consistent with the key level information, setting the authentication state of the hardware key to be authenticated as authenticated. The technical problem that industrial equipment encryption mode security is low has been solved in this application.
Description
Technical Field
The present application relates to the field of device encryption, and in particular, to an authentication method and apparatus based on a hardware key, an electronic device, and a storage medium.
Background
With the continuous development of modern industry, more and more advanced industrial equipment is applied to production activities, wherein some industrial equipment needs to be encrypted for standard management due to secret-related or safety problems; at present, encryption of security devices mainly adopts encryption modes on a software level, such as passwords, fingerprint encryption, face recognition and the like, the encryption modes generally edit an encryption program through a computer and write the encryption program, secret key data and the like into a chip so as to encrypt devices or data, the application cost of software encryption is low, the application range is wide, but the software encryption is easy to crack by cold start attack, brute force cracking, password guessing, data recovery and the like, and the security of the devices is low.
Disclosure of Invention
The present application mainly aims to provide an authentication method, an authentication device, an electronic device, and a storage medium based on a hardware key, and aims to solve the technical problem of low security of an encryption mode of an industrial device.
In order to achieve the above object, the present application provides an authentication method based on a hardware key, where the authentication method based on the hardware key includes:
when a hardware key to be authenticated and a starting module of equipment to be started are in a connection state, key level information of the hardware key to be authenticated is read through the starting module, wherein the key level information comprises more than one level value;
judging whether preset level information in the starting module is consistent with the secret key level information or not, wherein the preset level information comprises more than one level value;
and if the preset level information in the starting module is consistent with the key level information, setting the authentication state of the hardware key to be authenticated as authenticated.
Optionally, before the step of reading, by the boot module, the key level information of the hardware key when the hardware key to be authenticated and the boot module of the device to be booted are in a connected state, the method further includes:
storing the preset level information to the starting module through a key filling rod, wherein the key filling rod is used for storing at least one group of preset level information;
and storing the preset level information into a hardware secret key corresponding to the equipment to be started through the secret key filling rod.
Optionally, the to-be-started device includes a hardware key matching interface, and when the to-be-authenticated hardware key is in a connection state with a start module of the to-be-started device, the step of reading, by the start module, key level information of the hardware key includes:
connecting the hardware secret key to be authenticated with a starting module of the equipment to be started through the hardware secret key matching interface;
and reading each level value in the key level information through the starting module.
Optionally, the device to be booted includes a boot program transmission interface, and after the step of setting the authentication state of the hardware key to be authenticated as authenticated, the method further includes:
receiving a starting program corresponding to the equipment to be started through the starting program transmission interface;
and starting the equipment to be started according to the starting program so as to execute the starting action of the equipment to be started.
Optionally, the step of determining whether the preset level information in the boot module is consistent with the key level information includes:
judging whether the level bit number of the preset level information is consistent with the bit number of the secret key level information;
if not, judging that the preset level information in the starting module is inconsistent with the secret key level information;
if so, judging whether the preset level information in the starting module is consistent with the key level information or not according to each level value in the preset level information and each level value in the key level information.
Optionally, the step of determining whether the preset level information in the boot module is consistent with the key level information according to each level value in the preset level information and each level value in the key level information includes:
judging whether each level value in the preset level information is consistent with each level value corresponding to the secret key level information or not;
if the preset level information in the starting module is inconsistent with the key level information, judging that the preset level information in the starting module is inconsistent with the key level information
And if the key level information is consistent with the preset level information, judging that the preset level information in the starting module is consistent with the key level information.
Optionally, after the step of determining whether the preset level information in the boot module is consistent with the key level information, the method further includes:
and if the preset level information in the starting module is inconsistent with the key level information, setting the authentication state of the hardware key to be authenticated as authentication failure.
The present application further provides an authentication apparatus based on a hardware key, where the authentication apparatus based on a hardware key is applied to an authentication device based on a hardware key, and the authentication apparatus based on a hardware key includes:
the device comprises a reading module, a starting module and a judging module, wherein the reading module is used for reading the key level information of the hardware key to be authenticated through the starting module when the hardware key to be authenticated and the starting module of the equipment to be started are in a connection state, and the key level information comprises more than one level value;
the detection module is used for judging whether preset level information in the starting module is consistent with the secret key level information or not, wherein the preset level information comprises more than one level value;
and the authentication module is used for setting the authentication state of the hardware secret key to be authenticated as authentication passing if the preset level information in the starting module is consistent with the secret key level information.
Optionally, the reading module is further configured to:
storing the preset level information to the starting module through a secret key filling rod, wherein the secret key filling rod is used for storing at least one group of preset level information;
and storing the preset level information into a hardware secret key corresponding to the equipment to be started through the secret key filling rod.
Optionally, the reading module is further configured to:
connecting the hardware secret key to be authenticated with a starting module of the equipment to be started through the hardware secret key matching interface;
and reading each level value in the key level information through the starting module.
Optionally, the authentication module is further configured to:
receiving a starting program corresponding to the equipment to be started through the starting program transmission interface;
and starting the equipment to be started according to the starting program so as to execute the starting action of the equipment to be started.
Optionally, the detection module is further configured to:
judging whether the level bit number of the preset level information is consistent with the bit number of the secret key level information;
if not, judging that the preset level information in the starting module is inconsistent with the secret key level information;
and if so, judging whether the preset level information in the starting module is consistent with the key level information according to each level value in the preset level information and each level value in the key level information.
Optionally, the detection module is further configured to:
judging whether each level value in the preset level information is consistent with each corresponding level value in the secret key level information;
if the preset level information in the startup module is inconsistent with the key level information, judging that the preset level information in the startup module is inconsistent with the key level information
And if the key level information is consistent with the preset level information in the starting module, judging that the preset level information in the starting module is consistent with the key level information.
Optionally, the detection module is further configured to:
and if the preset level information in the starting module is inconsistent with the key level information, setting the authentication state of the hardware key to be authenticated as authentication failure.
The present application further provides an electronic device, which is an entity device, the electronic device including: a memory, a processor, and a program of the hardware key based authentication method stored on the memory and executable on the processor, wherein the program of the hardware key based authentication method, when executed by the processor, may implement the steps of the hardware key based authentication method as described above.
The present application also provides a computer-readable storage medium having stored thereon a program for implementing a hardware-key-based authentication method, which when executed by a processor implements the steps of the hardware-key-based authentication method as described above.
The present application also provides a computer program product comprising a computer program which, when executed by a processor, performs the steps of the hardware key based authentication method as described above.
The method comprises the steps of firstly reading key level information of a hardware key to be authenticated through a starting module when the hardware key to be authenticated and the starting module of the equipment to be started are in a connection state, judging whether preset level information in the starting module is consistent with the key level information or not, wherein the preset level information comprises more than one level value, if the preset level information in the starting module is consistent with the key level information, setting the authentication state of the hardware key to be authenticated as authentication pass.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present application and together with the description, serve to explain the principles of the application.
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly described below, and it is obvious for those skilled in the art to obtain other drawings without inventive exercise.
FIG. 1 is a flowchart illustrating a first embodiment of a hardware key-based authentication method according to the present application;
FIG. 2 is a schematic diagram illustrating a hardware component of a first embodiment of a hardware key-based authentication method according to the present application;
FIG. 3 is a schematic diagram illustrating a hardware key-based authentication apparatus according to the present invention;
fig. 4 is a schematic device structure diagram of a hardware operating environment related to the authentication method based on the hardware key in the embodiment of the present application.
The implementation of the objectives, functional features, and advantages of the present application will be further described with reference to the accompanying drawings.
Detailed Description
In order to make the aforementioned objects, features and advantages of the present application more comprehensible, embodiments accompanying figures are described in detail below. It is to be understood that the embodiments described are only a few embodiments of the present application and not all embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the present application without any creative effort belong to the protection scope of the present application.
Example one
At present, encryption of security devices mainly adopts encryption modes on a software level, such as passwords, fingerprint encryption, face recognition and the like, the encryption modes generally edit an encryption program through a computer and write the encryption program, secret key data and the like into a chip so as to encrypt devices or data, the application cost of software encryption is low, the application range is wide, but the software encryption is easy to crack by cold start attack, brute force cracking, password guessing, data recovery and the like, and the security of the devices is low.
In a first embodiment of the authentication method based on the hardware key, referring to fig. 1, the authentication method based on the hardware key includes:
step S10, when a hardware secret key to be authenticated and a starting module of equipment to be started are in a connection state, key level information of the hardware secret key to be authenticated is read through the starting module, wherein the key level information comprises more than one level value;
step S20, judging whether preset level information in the starting module is consistent with the secret key level information or not, wherein the preset level information comprises more than one level value;
step S30, if the preset level information in the startup module is consistent with the key level information, setting the authentication state of the hardware key to be authenticated as authenticated.
In this embodiment, it should be noted that the key level information includes a multi-bit level value, the level value is a level signal, that is, 0 or 1, and the more the number of bits, the higher the security of the key level information is, the less the possibility of being hacked is, as an preferable example, the number of level bits may be 128 bits, so that the combination of the key level has 2 128-th possible powers, and the security of the key level information and the device to be started is well ensured.
As an example, steps S10 to S30 include: detecting the connection state of the equipment to be started and the secret key to be authenticated; when detecting that the hardware key to be authenticated and a starting module of the equipment to be started are in a connection state, receiving key level information transmitted by the key to be authenticated through a hardware key matching interface of the equipment to be started, wherein the key level information comprises more than one level value; comparing the level values corresponding to the bits in the key level information with the level values corresponding to the bits in the starting module; if the level value corresponding to each bit in the key level information is inconsistent with the level value corresponding to each bit in the starting module, setting the authentication state of the hardware key to be authenticated as authentication failure; and if the level value corresponding to each bit in the key level information is consistent with the level value corresponding to each bit in the starting module, setting the authentication state of the hardware key to be authenticated as authenticated.
Before the step of reading, by the boot module, the key level information of the hardware key when the hardware key to be authenticated and the boot module of the device to be booted are in a connected state, the method further includes:
step A10, storing the preset level information to the starting module through a secret key filling rod, wherein the secret key filling rod is used for storing at least one group of preset level information;
step a20, the preset level information is stored in the hardware key corresponding to the device to be started through the key filling rod.
In this embodiment, the key filling bar is configured to store preset level information, that is, to store each set of level value information having multiple bits; the preset level information in the key filling rod can be obtained in a random generation mode, and the preset level information input by a user can also be obtained through a visual interface.
Preferably, the preset level information is randomly generated according to the level digits through the key filling rod by receiving the level digits corresponding to the preset level information input by a user through a visual interface.
As an example, steps a10 to a20 include: transmitting built-in preset level information to a starting module of the equipment to be started through a secret key filling rod so as to be compared with secret key level information in the hardware secret key to be authenticated, and thus, authenticating the hardware secret key; and transmitting the preset level information to a hardware secret key corresponding to the equipment to be started through the secret key filling rod so as to be compared with the preset level information stored in the equipment to be started, so as to finish the authentication of the hardware secret key.
Referring to fig. 2, the device to be started includes a hardware key matching interface, and when the hardware key to be authenticated and a start module of the device to be started are in a connected state, the step of reading key level information of the hardware key by the start module includes:
step S11, connecting the hardware secret key to be authenticated with a starting module of the equipment to be started through the hardware secret key matching interface;
and step S12, reading each level value in the key level information through the starting module.
In this embodiment, the key level information includes a level digit and a level value of each bit, and the level value may be high or low, i.e., 1 or 0.
As an example, steps S11 to S12 include: establishing an information transmission channel between the hardware secret key to be authenticated and a starting module of the equipment to be started through the hardware secret key matching interface so as to complete the connection between the hardware secret key to be authenticated and the starting module; and reading a level digit and each level value in the key level information through the hardware key matching interface, and transmitting the level digit and each level value to the starting module so as to compare the level digit and each level value with the starting module according to preset level information.
After the step of setting the authentication state of the hardware key to be authenticated as authenticated, the method further includes:
step B10, receiving a starting program corresponding to the equipment to be started through the starting program transmission interface;
and step B20, starting the equipment to be started according to the starting program so as to execute the starting action of the equipment to be started.
In this embodiment, it should be noted that the device to be started includes a starting program transmission interface, which is used to receive a starting program corresponding to the device to be started.
As an example, steps B10 to B20 include: detecting the connection condition of the transmission interface of the starting program; when detecting that connection with a starting program storage device is established, receiving a starting program stored by the starting program storage device through the starting program transmission interface, wherein the starting program is a starting program corresponding to the device to be started; and starting the equipment to be started according to the starting program so as to execute the starting action of the equipment to be started.
Wherein the step of judging whether the preset level information in the startup module is consistent with the key level information comprises:
step S21, judging whether the level bit number of the preset level information is consistent with the bit number of the secret key level information;
step S22, if not, judging that the preset level information in the starting module is inconsistent with the secret key level information;
step S23, if yes, determining whether the preset level information in the startup module is consistent with the key level information according to each level value in the preset level information and each level value in the key level information.
In this embodiment, the preset level information and the key level information may include a level bit number and level information included in each level bit, that is, whether each level bit includes a high level signal or a low level signal, and may be represented as 0 or 1.
As one example, steps S21 to S23 include: detecting the level digits of the preset level information and the digits of the secret key level information to obtain a preset level information level digit and a secret key level information digit; comparing the preset level information level digit with the secret key level information digit, and if the preset level information level digit is inconsistent with the secret key level information digit, judging that the preset level information in the starting module is inconsistent with the secret key level information; if the preset level information level bit number is consistent with the secret key level information bit number, comparing level signals corresponding to the level bits respectively, and judging whether the preset level information in the starting module is consistent with the secret key level information.
Wherein the step of judging whether the preset level information in the startup module is consistent with the key level information according to each level value in the preset level information and each level value in the key level information comprises:
step S24, judging whether each level value in the preset level information is consistent with each level value corresponding to the secret key level information;
step S25, if the preset level information in the starting module is inconsistent with the key level information, judging that the preset level information in the starting module is inconsistent with the key level information;
step S26, if the level information is consistent, determining that the preset level information in the startup module is consistent with the key level information.
As an example, steps S24 to S26 include: setting a first bit level value in the preset level information and a first bit level value in the secret key level information as current level values respectively; comparing the preset level information with the current level value in the secret key level information; if the key level information is inconsistent with the preset level information in the starting module, judging that the preset level information in the starting module is inconsistent with the key level information; if the current level value is consistent with the current level value, setting the next level value of the current level value as the current level value, and returning to the execution step: comparing the preset level information with the current level value in the secret key level information until all the level values are compared; and if the preset level information is consistent with the level values corresponding to the same bits in the key level information, judging that the preset level information in the starting module is consistent with the key level information.
After the step of determining whether the preset level information in the boot module is consistent with the key level information, the method further includes:
and step C10, if the preset level information in the starting module is inconsistent with the key level information, setting the authentication state of the hardware key to be authenticated as authentication failure.
As an example, step C10 includes: and when the preset level information in the starting module is detected to be inconsistent with the key level information, setting the authentication state of the hardware key to be authenticated as authentication failure, and pushing the authentication failure to the user in a visual mode to prompt the user to re-input the hardware key.
The embodiment of the application provides an authentication method based on a hardware secret key, and the authentication method comprises the steps that when a hardware secret key to be authenticated and a starting module of equipment to be started are in a connection state, secret key level information of the hardware secret key to be authenticated is read through the starting module, whether preset level information in the starting module is consistent with the secret key level information or not is judged, wherein the preset level information comprises more than one level value, if the preset level information in the starting module is consistent with the secret key level information, the authentication state of the hardware secret key to be authenticated is set to be authenticated, the secret key information is stored in the hardware secret key in a level information mode, a carrier of the hardware secret key is set to be a level, the hardware secret key is easy to store and repair, the hardware secret key has an irreplaceable characteristic compared with a software-level encryption method, the security of the secret key information can be improved through increasing the level number of the level information, the possibility of being decrypted is reduced, and the technical problem that the encryption mode of the industrial equipment is low in security is solved.
Example two
An embodiment of the present application further provides an authentication apparatus based on a hardware key, where the authentication apparatus based on a hardware key is applied to an authentication device based on a hardware key, and referring to fig. 3, the authentication apparatus based on a hardware key includes:
the device comprises a reading module, a starting module and a judging module, wherein the reading module is used for reading the key level information of the hardware key to be authenticated through the starting module when the hardware key to be authenticated and the starting module of the equipment to be started are in a connection state, and the key level information comprises more than one level value;
the detection module is used for judging whether preset level information in the starting module is consistent with the secret key level information or not, wherein the preset level information comprises more than one level value;
and the authentication module is used for setting the authentication state of the hardware secret key to be authenticated as authentication passing if the preset level information in the starting module is consistent with the secret key level information.
Optionally, the reading module is further configured to:
storing the preset level information to the starting module through a key filling rod, wherein the key filling rod is used for storing at least one group of preset level information;
and storing the preset level information into a hardware secret key corresponding to the equipment to be started through the secret key filling rod.
Optionally, the reading module is further configured to:
connecting the hardware secret key to be authenticated with a starting module of the equipment to be started through the hardware secret key matching interface;
and reading each level value in the key level information through the starting module.
Optionally, the authentication module is further configured to:
receiving a starting program corresponding to the equipment to be started through the starting program transmission interface;
and starting the equipment to be started according to the starting program so as to execute the starting action of the equipment to be started.
Optionally, the detection module is further configured to:
judging whether the level bit number of the preset level information is consistent with the bit number of the secret key level information;
if not, judging that the preset level information in the starting module is inconsistent with the secret key level information;
if so, judging whether the preset level information in the starting module is consistent with the key level information or not according to each level value in the preset level information and each level value in the key level information.
Optionally, the detection module is further configured to:
judging whether each level value in the preset level information is consistent with each level value corresponding to the secret key level information or not;
if the key level information is inconsistent with the preset level information in the starting module, judging that the preset level information in the starting module is inconsistent with the key level information;
and if the key level information is consistent with the preset level information in the starting module, judging that the preset level information in the starting module is consistent with the key level information.
Optionally, the detection module is further configured to:
and if the preset level information in the starting module is inconsistent with the key level information, setting the authentication state of the hardware key to be authenticated as authentication failure.
The authentication device based on the hardware secret key provided by the application adopts the authentication method based on the hardware secret key in the embodiment, so that the technical problem of low security of an encryption mode of industrial equipment is solved. Compared with the prior art, the beneficial effects of the authentication device based on the hardware key provided in the embodiment of the present application are the same as the beneficial effects of the authentication method based on the hardware key provided in the above embodiment, and other technical features of the authentication device based on the hardware key are the same as those disclosed in the method of the previous embodiment, which are not described herein again.
EXAMPLE III
An embodiment of the present application provides an electronic device, and the electronic device includes: at least one processor; and a memory communicatively coupled to the at least one processor; the memory stores instructions executable by the at least one processor, and the instructions are executable by the at least one processor to enable the at least one processor to perform the hardware key based authentication method of the first embodiment.
Referring now to FIG. 4, shown is a schematic diagram of an electronic device suitable for use in implementing embodiments of the present disclosure. The electronic devices in the embodiments of the present disclosure may include, but are not limited to, mobile terminals such as mobile phones, notebook computers, digital broadcast receivers, PDAs (personal digital assistants), PADs (tablet computers), PMPs (portable multimedia players), in-vehicle terminals (e.g., car navigation terminals), and the like, and fixed terminals such as digital TVs, desktop computers, and the like. The electronic device shown in fig. 4 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present disclosure.
As shown in fig. 4, the electronic device may include a processing means (e.g., a central processing unit, a graphic processor, etc.) that can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) or a program loaded from a storage means into a Random Access Memory (RAM). In the RAM, various programs and data necessary for the operation of the electronic apparatus are also stored. The processing device, the ROM, and the RAM are connected to each other through a bus. An input/output (I/O) interface is also connected to the bus.
Generally, the following systems may be connected to the I/O interface: input devices including, for example, touch screens, touch pads, keyboards, mice, image sensors, microphones, accelerometers, gyroscopes, and the like; output devices including, for example, liquid Crystal Displays (LCDs), speakers, vibrators, and the like; storage devices including, for example, magnetic tape, hard disk, and the like; and a communication device. The communication means may allow the electronic device to communicate wirelessly or by wire with other devices to exchange data. While the figures illustrate an electronic device with various systems, it is to be understood that not all illustrated systems are required to be implemented or provided. More or fewer systems may alternatively be implemented or provided.
In particular, the processes described above with reference to the flow diagrams may be implemented as computer software programs, according to embodiments of the present disclosure. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer-readable medium, the computer program comprising program code for performing the method illustrated by the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network via the communication means, or installed from a storage means, or installed from a ROM. The computer program, when executed by a processing device, performs the above-described functions defined in the methods of the embodiments of the present disclosure.
The electronic device provided by the application adopts the authentication method based on the hardware secret key in the embodiment, so that the technical problem that the security of an encryption mode of industrial equipment is low is solved. Compared with the prior art, the beneficial effects of the electronic device provided by the embodiment of the present application are the same as the beneficial effects of the hardware key-based authentication method provided by the first embodiment, and other technical features of the electronic device are the same as those disclosed in the method of the previous embodiment, which are not described herein again.
It should be understood that portions of the present disclosure may be implemented in hardware, software, firmware, or a combination thereof. In the foregoing description of embodiments, the particular features, structures, materials, or characteristics may be combined in any suitable manner in any one or more embodiments or examples.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Example four
The present embodiment provides a computer-readable storage medium having stored thereon computer-readable program instructions for performing the method for hardware-key-based authentication in the first embodiment.
The computer readable storage medium provided by the embodiments of the present application may be, for example, a usb disk, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, or device, or a combination of any of the above. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present embodiment, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, or device. Program code embodied on a computer readable storage medium may be transmitted using any appropriate medium, including but not limited to: electrical wires, optical cables, RF (radio frequency), etc., or any suitable combination of the foregoing.
The computer-readable storage medium may be embodied in an electronic device; or may be present alone without being incorporated into the electronic device.
The computer-readable storage medium carries one or more programs which, when executed by an electronic device, cause the electronic device to: when a hardware key to be authenticated and a starting module of equipment to be started are in a connection state, key level information of the hardware key to be authenticated is read through the starting module, wherein the key level information comprises more than one level value; judging whether preset level information in the starting module is consistent with the secret key level information or not, wherein the preset level information comprises more than one level value; and if the preset level information in the starting module is consistent with the key level information, setting the authentication state of the hardware key to be authenticated as authenticated.
Computer program code for carrying out operations for aspects of the present disclosure may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, smalltalk, C + +, and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The modules described in the embodiments of the present disclosure may be implemented by software or hardware. Wherein the names of the modules do not in some cases constitute a limitation of the unit itself.
The computer-readable storage medium stores computer-readable program instructions for executing the hardware key-based authentication method, and solves the technical problem of low security of an encryption mode of industrial equipment. Compared with the prior art, the beneficial effects of the computer-readable storage medium provided by the embodiment of the present application are the same as the beneficial effects of the authentication method based on the hardware key provided by the above embodiment, and are not described herein again.
EXAMPLE five
The present application also provides a computer program product comprising a computer program which, when executed by a processor, performs the steps of the hardware key based authentication method as described above.
The computer program product provided by the application solves the technical problem that the encryption mode security of the industrial equipment is low. Compared with the prior art, the beneficial effects of the computer program product provided by the embodiment of the present application are the same as the beneficial effects of the hardware key-based authentication method provided by the above embodiment, and are not described herein again.
The above description is only a preferred embodiment of the present application, and not intended to limit the scope of the present application, and all modifications of equivalent structures and equivalent processes, which are made by the contents of the specification and the drawings, or which are directly or indirectly applied to other related technical fields, are included in the scope of the present application.
Claims (10)
1. An authentication method based on a hardware key, the authentication method based on the hardware key comprising:
when a hardware key to be authenticated and a starting module of equipment to be started are in a connection state, key level information of the hardware key to be authenticated is read through the starting module, wherein the key level information comprises more than one level value;
judging whether preset level information in the starting module is consistent with the secret key level information or not, wherein the preset level information comprises more than one level value;
and if the preset level information in the starting module is consistent with the key level information, setting the authentication state of the hardware key to be authenticated as authenticated.
2. The hardware key-based authentication method according to claim 1, wherein before the step of reading, by the boot module, key level information of the hardware key when the hardware key to be authenticated is in a connected state with the boot module of the device to be booted, the method further comprises:
storing the preset level information to the starting module through a key filling rod, wherein the key filling rod is used for storing at least one group of preset level information;
and storing the preset level information into a hardware secret key corresponding to the equipment to be started through the secret key filling rod.
3. The hardware key-based authentication method according to claim 1, wherein the device to be started includes a hardware key matching interface, and the step of reading, by the start module, the key level information of the hardware key when the hardware key to be authenticated and the start module of the device to be started are in a connected state includes:
connecting the hardware secret key to be authenticated with a starting module of the equipment to be started through the hardware secret key matching interface;
and reading each level value in the key level information through the starting module.
4. The hardware key-based authentication method according to claim 2, wherein the device to be booted includes a boot program transmission interface, and after the step of setting the authentication state of the hardware key to be authenticated as authenticated, the method further includes:
receiving a starting program corresponding to the equipment to be started through the starting program transmission interface;
and starting the equipment to be started according to the starting program so as to execute the starting action of the equipment to be started.
5. The hardware key based authentication method of claim 1, wherein the step of determining whether the preset level information in the boot module is consistent with the key level information comprises:
judging whether the level bit number of the preset level information is consistent with the bit number of the secret key level information;
if not, judging that the preset level information in the starting module is inconsistent with the secret key level information;
and if so, judging whether the preset level information in the starting module is consistent with the key level information according to each level value in the preset level information and each level value in the key level information.
6. The hardware key-based authentication method according to claim 5, wherein the step of determining whether the preset level information in the boot block is consistent with the key level information according to each level value in the preset level information and each level value in the key level information comprises:
judging whether each level value in the preset level information is consistent with each level value corresponding to the secret key level information or not;
if the key level information is inconsistent with the preset level information in the starting module, judging that the preset level information in the starting module is inconsistent with the key level information;
and if the key level information is consistent with the preset level information, judging that the preset level information in the starting module is consistent with the key level information.
7. The hardware key-based authentication method of claim 1, wherein after the step of determining whether the preset level information in the boot module is consistent with the key level information, further comprising:
and if the preset level information in the starting module is inconsistent with the key level information, setting the authentication state of the hardware key to be authenticated as authentication failure.
8. An authentication apparatus based on a hardware key, the authentication apparatus based on the hardware key comprising:
the device comprises a reading module, a starting module and a judging module, wherein the reading module is used for reading the key level information of the hardware key to be authenticated through the starting module when the hardware key to be authenticated and the starting module of the equipment to be started are in a connection state, and the key level information comprises more than one level value;
the detection module is used for judging whether preset level information in the starting module is consistent with the secret key level information or not, wherein the preset level information comprises more than one level value;
and the authentication module is used for setting the authentication state of the hardware secret key to be authenticated as authenticated if the preset level information in the starting module is consistent with the secret key level information.
9. An electronic device, characterized in that the electronic device comprises:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein, the first and the second end of the pipe are connected with each other,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the steps of the hardware key based authentication method of any one of claims 1 to 7.
10. A computer-readable storage medium, wherein a program for implementing a hardware-key-based authentication method is stored on the computer-readable storage medium, and the program for implementing the hardware-key-based authentication method is executed by a processor to implement the steps of the hardware-key-based authentication method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211140927.6A CN115221492B (en) | 2022-09-20 | 2022-09-20 | Authentication method and device based on hardware key, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211140927.6A CN115221492B (en) | 2022-09-20 | 2022-09-20 | Authentication method and device based on hardware key, electronic equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115221492A true CN115221492A (en) | 2022-10-21 |
| CN115221492B CN115221492B (en) | 2023-01-03 |
Family
ID=83617372
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211140927.6A Active CN115221492B (en) | 2022-09-20 | 2022-09-20 | Authentication method and device based on hardware key, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115221492B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7197647B1 (en) * | 2002-09-30 | 2007-03-27 | Carnegie Mellon University | Method of securing programmable logic configuration data |
| CN106161146A (en) * | 2016-08-24 | 2016-11-23 | 上海斐讯数据通信技术有限公司 | A kind of route system antitheft startup method and device, router |
| WO2018000509A1 (en) * | 2016-06-29 | 2018-01-04 | 宇龙计算机通信科技(深圳)有限公司 | Safe operation method, operation device, and terminal |
| CN210515298U (en) * | 2019-08-06 | 2020-05-12 | 深圳市金泰克半导体有限公司 | Encryption device and mobile memory |
-
2022
- 2022-09-20 CN CN202211140927.6A patent/CN115221492B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7197647B1 (en) * | 2002-09-30 | 2007-03-27 | Carnegie Mellon University | Method of securing programmable logic configuration data |
| WO2018000509A1 (en) * | 2016-06-29 | 2018-01-04 | 宇龙计算机通信科技(深圳)有限公司 | Safe operation method, operation device, and terminal |
| CN106161146A (en) * | 2016-08-24 | 2016-11-23 | 上海斐讯数据通信技术有限公司 | A kind of route system antitheft startup method and device, router |
| CN210515298U (en) * | 2019-08-06 | 2020-05-12 | 深圳市金泰克半导体有限公司 | Encryption device and mobile memory |
Non-Patent Citations (1)
| Title |
|---|
| 徐欣 等: "基于Ukey和LiveOS的加密硬盘安全认证方案", 《杭州电子科技大学学报(自然科学版)》 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115221492B (en) | 2023-01-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP1517244B1 (en) | Information storage device, memory access control system and method, and computer program | |
| US9762396B2 (en) | Device theft protection associating a device identifier and a user identifier | |
| US20130031631A1 (en) | Detection of unauthorized device access or modifications | |
| JP2010505160A (en) | Persistent security system and persistent security method | |
| US20100138918A1 (en) | Keyboard Security Status Check Module and Method | |
| KR102180529B1 (en) | Application access control method and electronic device implementing the same | |
| CN111245811A (en) | Information encryption method and device and electronic equipment | |
| CN111045743B (en) | Operating system safe starting method, management method, device and equipment | |
| CN114629639A (en) | Key management method and device based on trusted execution environment and electronic equipment | |
| CN114880011A (en) | OTA (over the air) upgrading method and device, electronic equipment and readable storage medium | |
| CN113282951B (en) | Application program security verification method, device and equipment | |
| CN116738503B (en) | Collaborative encryption method for hardware system and operating system and electronic equipment | |
| CN110545542A (en) | Main control key downloading method and device based on asymmetric encryption algorithm and computer equipment | |
| CN114979048B (en) | Identity verification method, system, electronic device and medium based on instant messaging | |
| CN115221492B (en) | Authentication method and device based on hardware key, electronic equipment and storage medium | |
| KR20190033930A (en) | Electronic device for encrypting security information and method for controlling thereof | |
| KR102657388B1 (en) | Electronic device for selecting key used for encryption based on an information quantity of data to be encrypted and method for the same | |
| CN111818376A (en) | Password setting method, smart television, electronic equipment and readable storage medium | |
| CN116502189A (en) | Software authorization method, system, device and storage medium | |
| CN115525930A (en) | Information transfer method, device and related equipment | |
| US20230409339A1 (en) | Muscle/memory wire lock of device component(s) | |
| CN110602700A (en) | Seed key processing method and device and electronic equipment | |
| CN114816495A (en) | OTA (over the air) upgrading method and device, electronic equipment and readable storage medium | |
| CN115438374A (en) | Data reading method, device, equipment, system and medium in storage equipment | |
| KR20210024070A (en) | Safe operation method and system of stored data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |