CN117077174A - Target object authorization method and device, electronic equipment and storage medium - Google Patents

Target object authorization method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN117077174A
CN117077174A CN202311100695.6A CN202311100695A CN117077174A CN 117077174 A CN117077174 A CN 117077174A CN 202311100695 A CN202311100695 A CN 202311100695A CN 117077174 A CN117077174 A CN 117077174A
Authority
CN
China
Prior art keywords
authorization
information
level
target object
authorization information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311100695.6A
Other languages
Chinese (zh)
Inventor
王鑫
周宏斌
赵海春
张炯明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Yuanxin Information Technology Group Co ltd
Original Assignee
Yuanxin Information Technology Group Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Yuanxin Information Technology Group Co ltd filed Critical Yuanxin Information Technology Group Co ltd
Priority to CN202311100695.6A priority Critical patent/CN117077174A/en
Publication of CN117077174A publication Critical patent/CN117077174A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Abstract

The embodiment of the application provides a target object authorization method, a target object authorization device, electronic equipment and a storage medium, and relates to the technical field of computers. The method comprises the following steps: acquiring authorization information about at least two levels of a target object; sequentially encrypting the authorization information of at least two levels based on the level relation between the target object and at least one father level of the target object to obtain encryption information; and sending the encryption information to the target terminal so that the target terminal decrypts the encryption information to obtain the authorization information, and authorizing the target object through the authorization information. According to the type of the target object, the authorization information of the target object is divided into a plurality of layers, the authorization information of each layer is sequentially encrypted, the terminal equipment sequentially decrypts the encrypted authorization information to obtain the corresponding authorization information of the target object, the accurate authorization from the system to the application is realized, and the accuracy degree of authorization management and control is improved.

Description

Target object authorization method and device, electronic equipment and storage medium
Technical Field
The present application relates to the field of computer technologies, and in particular, to a method, an apparatus, an electronic device, and a storage medium for target object authorization.
Background
Currently, terminal devices (such as mobile phones, computers, etc.) have become a popular tool for people. The identities of different users are different, and the authority of each user's terminal device for the same target object (such as an operating system, an application program, etc.) in the terminal device may also be different (such as that a part of terminal devices can access a certain target object, and other terminal devices cannot access, etc.), so that the authority of different terminal devices needs to be controlled.
In the prior art, only the most basic authorization control of the operating systems of different terminal devices (whether the operating systems can be used or not) can be realized, and as long as the terminal devices have the authorization of the operating systems, all modules and application programs in the operating systems can be accessed and modified, and the like, the authorization of a certain module or a certain application program in the operating systems can not be accurately realized, and the current service requirements can not be better met.
Disclosure of Invention
The application aims to at least solve one of the technical defects, and the technical scheme provided by the embodiment of the application is as follows:
in a first aspect, an embodiment of the present application provides a method for authorizing a target object, including:
Acquiring authorization information about at least two levels of a target object; the authorization information of at least two levels comprises the authorization information of the target object and the authorization information of at least one father level of the target object;
sequentially encrypting the authorization information of at least two levels based on the level relation between the target object and at least one father level of the target object to obtain encryption information;
and sending the encryption information to the target terminal so that the target terminal decrypts the encryption information to obtain the authorization information, and authorizing the target object through the authorization information.
In an alternative embodiment of the application, the highest level parent level of the target object comprises the system level;
based on the hierarchical relationship between the target object and at least one father level of the target object, encrypting the authorization information of at least two levels in turn to obtain encrypted information, which specifically comprises:
forwarding the authorization configuration information to an authorization server, and generating a private key by the authorization server according to the authorization configuration information;
signing the authorization information of the system according to the private key to obtain first authorization information;
sequentially encrypting the authorization information of the child hierarchy of the system hierarchy based on the hierarchy relation from the parent hierarchy to the child hierarchy to obtain at least one second authorization information;
Encryption information is generated based on the first authorization information and the at least one second authorization information.
In an optional embodiment of the present application, encrypting the authorization information of the sub-hierarchy of the system hierarchy sequentially to obtain at least one second authorization information specifically includes:
for the first sub-level, acquiring a first key according to the first authorization information and a preset key derivation function, and encrypting the authorization information of the first sub-level according to the first key; the first sub-level is a sub-level immediately adjacent to the system level;
for each second sub-level, acquiring a second key according to second authorization information of a father level directly adjacent to the second sub-level and a preset key derivation function, and encrypting the authorization information of the second sub-level according to the second key; the second sub-hierarchy includes sub-hierarchies that are not immediately adjacent to the system hierarchy.
In a second aspect, an embodiment of the present application provides a method for authorizing a target object, including:
receiving encryption information sent by preset authorization equipment; the encryption information is obtained by sequentially encrypting the authorization information of at least two levels based on the level relation between the target object and at least one father level of the target object after the preset authorization equipment acquires the authorization information of at least two levels of the target object; the authorization information of at least two levels comprises the authorization information of the target object and the authorization information of at least one father level of the target object;
Decrypting the encrypted information to obtain the authorization information so as to authorize the target object through the authorization information.
In an alternative embodiment of the application, the highest level parent level of the target object comprises the system level; the encryption information comprises first authorization information obtained after the authorization information of the system is signed and at least one second authorization information obtained after the authorization information of the sub-level of the system level is encrypted;
decrypting the encrypted information specifically includes:
receiving a public key generated by an authorization server according to authorization configuration information; the authorization configuration information is sent to the authorization server by the mirror image server;
signing the first authorization information according to the public key to obtain a signing verification result;
if the signature verification result is passed, for the first sub-level, acquiring a first key according to the first authorization information and a preset key derivation function, and decrypting the second authorization information of the first sub-level according to the first key; the first sub-level is a sub-level immediately adjacent to the system level;
for each second sub-level, acquiring a second key according to second authorization information of a father level directly adjacent to the second sub-level and a preset key derivation function, and decrypting the second authorization information of the second sub-level according to the second key; the second sub-hierarchy includes sub-hierarchies that are not immediately adjacent to the system hierarchy.
In an alternative embodiment of the present application, the method may further specifically include:
after the target object completes authorization for the first time, storing the encryption information and the identification information of the target terminal into a preset authorization partition, calculating a corresponding first verification code according to the encryption information and the identification information, and storing the first verification code into a preset sandbox;
when the method is started each time, if the encryption information and the identification information of the target object are stored in the preset authorization partition, calculating a second verification code according to the encryption information and the identification information stored in the preset authorization partition in real time;
and comparing the second verification code with the first verification code stored in the preset sandbox, and decrypting the encrypted information to obtain authorization information if the comparison result is the same, so as to authorize the target object through the authorization information.
In a third aspect, an embodiment of the present application provides a target object authorization apparatus, including:
the authorization information acquisition module is used for acquiring authorization information about at least two levels of the target object; the authorization information of at least two levels comprises the authorization information of the target object and the authorization information of at least one father level of the target object;
the encryption information acquisition module is used for sequentially encrypting the authorization information of at least two levels based on the level relation between the target object and at least one father level of the target object to obtain encryption information;
And the target object authorization module is used for sending the encryption information to the target terminal so that the target terminal decrypts the encryption information to obtain authorization information, and authorizing the target object through the authorization information.
In an alternative embodiment of the application, the highest level parent level of the target object comprises the system level;
the encryption information acquisition module is specifically used for:
forwarding the authorization configuration information to an authorization server, and generating a private key by the authorization server according to the authorization configuration information;
signing the authorization information of the system according to the private key to obtain first authorization information;
sequentially encrypting the authorization information of the child hierarchy of the system hierarchy based on the hierarchy relation from the parent hierarchy to the child hierarchy to obtain at least one second authorization information;
encryption information is generated based on the first authorization information and the at least one second authorization information.
In an alternative embodiment of the present application, the encryption information acquisition module is further configured to:
for the first sub-level, acquiring a first key according to the first authorization information and a preset key derivation function, and encrypting the authorization information of the first sub-level according to the first key; the first sub-level is a sub-level immediately adjacent to the system level;
For each second sub-level, acquiring a second key according to second authorization information of a father level directly adjacent to the second sub-level and a preset key derivation function, and encrypting the authorization information of the second sub-level according to the second key; the second sub-hierarchy includes sub-hierarchies that are not immediately adjacent to the system hierarchy.
In a fourth aspect, an embodiment of the present application provides a target object authorization apparatus, including:
the encryption information receiving module is used for receiving encryption information sent by preset authorization equipment; the encryption information is obtained by sequentially encrypting the authorization information of at least two levels based on the level relation between the target object and at least one father level of the target object after the preset authorization equipment acquires the authorization information of at least two levels of the target object; the authorization information of at least two levels comprises the authorization information of the target object and the authorization information of at least one father level of the target object;
and the authorization information decryption module is used for decrypting the encrypted information to obtain the authorization information so as to authorize the target object through the authorization information.
In an alternative embodiment of the application, the highest level parent level of the target object comprises the system level; the encryption information comprises first authorization information obtained after the authorization information of the system is signed and at least one second authorization information obtained after the authorization information of the sub-level of the system level is encrypted;
The authorization information decryption module is specifically configured to:
receiving a public key generated by an authorization server according to authorization configuration information; the authorization configuration information is sent to the authorization server by the mirror image server;
signing the first authorization information according to the public key to obtain a signing verification result;
if the signature verification result is passed, for the first sub-level, acquiring a first key according to the first authorization information and a preset key derivation function, and decrypting the second authorization information of the first sub-level according to the first key; the first sub-level is a sub-level immediately adjacent to the system level;
for each second sub-level, acquiring a second key according to second authorization information of a father level directly adjacent to the second sub-level and a preset key derivation function, and decrypting the second authorization information of the second sub-level according to the second key; the second sub-hierarchy includes sub-hierarchies that are not immediately adjacent to the system hierarchy.
In an optional embodiment of the present application, the apparatus further includes an authorization information checking module, specifically configured to:
after the target object completes authorization for the first time, storing the encryption information and the identification information of the target terminal into a preset authorization partition, calculating a corresponding first verification code according to the encryption information and the identification information, and storing the first verification code into a preset sandbox;
When the method is started each time, if the encryption information and the identification information of the target object are stored in the preset authorization partition, calculating a second verification code according to the encryption information and the identification information stored in the preset authorization partition in real time;
and comparing the second verification code with the first verification code stored in the preset sandbox, and decrypting the encrypted information to obtain authorization information if the comparison result is the same, so as to authorize the target object through the authorization information.
In a fifth aspect, an embodiment of the present application provides an electronic device including a memory, a processor, and a computer program stored on the memory;
the processor executes a computer program to implement the method provided in the first aspect embodiment or any alternative embodiment of the first aspect.
In a sixth aspect, embodiments of the present application provide a computer readable storage medium having a computer program stored thereon, which when executed by a processor implements the method provided in the embodiment of the first aspect or any of the alternative embodiments of the first aspect.
The technical scheme provided by the embodiment of the application has the beneficial effects that:
according to the type of the target object, the authorization information of the target object is divided into a plurality of layers, the authorization information of each layer is sequentially encrypted, the terminal equipment sequentially decrypts the encrypted authorization information to obtain the corresponding authorization information of the target object, the accurate authorization from the system to the application is realized, and the accuracy degree of authorization management and control is improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings that are required to be used in the description of the embodiments of the present application will be briefly described below.
Fig. 1 is a flow chart of a target object authorization method according to an embodiment of the present application;
FIG. 2 is a schematic diagram of an authorization information transfer process in an example of an embodiment of the application;
FIG. 3 is a schematic diagram of an authorization information encryption process in one example of an embodiment of the application;
fig. 4 is a flow chart of a target object authorization method according to an embodiment of the present application;
FIG. 5 is a schematic flow chart of verifying authorization information in an example of an embodiment of the application;
fig. 6 is a block diagram of a target object authorization device according to an embodiment of the present application;
fig. 7 is a block diagram of a target object authorization device according to an embodiment of the present application;
fig. 8 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
Embodiments of the present application are described below with reference to the drawings in the present application. It should be understood that the embodiments described below with reference to the drawings are exemplary descriptions for explaining the technical solutions of the embodiments of the present application, and the technical solutions of the embodiments of the present application are not limited.
As used herein, the singular forms "a", "an", "the" and "the" are intended to include the plural forms as well, unless expressly stated otherwise, as understood by those skilled in the art. It will be further understood that the terms "comprises" and "comprising," when used in this specification, specify the presence of stated features, information, data, steps, operations, elements, and/or components, but do not preclude the presence or addition of other features, information, data, steps, operations, elements, components, and/or groups thereof, all of which may be included in the present specification. It will be understood that when an element is referred to as being "connected" or "coupled" to another element, it can be directly connected or coupled to the other element or intervening elements may be present. Further, "connected" or "coupled" as used herein may include wirelessly connected or wirelessly coupled. The term "and/or" as used herein indicates that at least one of the items defined by the term, e.g., "a and/or B" may be implemented as "a", or as "B", or as "a and B".
For the purpose of making the objects, technical solutions and advantages of the present application more apparent, the embodiments of the present application will be described in further detail with reference to the accompanying drawings.
The technical solutions of the embodiments of the present application and technical effects produced by the technical solutions of the present application are described below by describing several exemplary embodiments. It should be noted that the following embodiments may be referred to, or combined with each other, and the description will not be repeated for the same terms, similar features, similar implementation steps, and the like in different embodiments.
The concept of "hierarchy" in the embodiments of the present application will be described first. In the embodiment of the application, the target object can be any one of three levels of an operating system, a module of the operating system and an application program, wherein the arrangement sequence among the levels can be that the operating system is used as the highest level, the module level is next, and the application program level is next. Where the operating system level is the highest level, it may be the parent of all other levels, and the module level may be the parent of the level of all applications contained by the module. On the premise of not causing ambiguity, the operating system can be simply called a system, and the application program can be simply called an application.
Fig. 1 is a schematic flow chart of a target object authorization method provided in an embodiment of the present application, where an authorized execution body may be a preset authorization device, for example, a USB Key (abbreviated as Ukey, which is a hardware device with a USB interface, and a single chip microcomputer or a smart card chip is built in the hardware device and has a certain storage space). Ukey is used hereinafter to refer to the authorizing device. As shown in fig. 1, the method may include:
step S101, obtaining authorization information about at least two levels of a target object; the at least two levels of authorization information include authorization information for the target object and authorization information for at least one parent level of the target object.
The target object may be a certain module in the system, or may be a certain application in the module, which is not limited herein. The target terminal may store the mirror image information of the target object in advance, but the mirror image information of the target object is not authorized, and is usually in an unusable state, and the target object can be used only after authorization. The authorization information may be stored in the Ukey, and includes information related to the present authorization, such as authorization deadline, authorization module name, maximum authorization number, etc.
Specifically, when the target object in the target terminal needs to be authorized, at least two levels (such as a system level and at least one module or application level) of the target object are determined, and the Ukey acquires authorization information of all levels. Illustratively, the authorization information of the system level may include unique identification information of the target terminal, authorization time information, and the like; the authorization information of the module level may include unique identification information of the target terminal, authorization time information, module name information, etc.; the authorization information of the application hierarchy may include a unique ID (Identity Document, identity number), authorization time information, module name information, application name information, and the like.
Step S102, based on the hierarchical relationship between the target object and at least one father level of the target object, the authorization information of at least two levels is encrypted in turn, and the encrypted information is obtained.
Wherein the hierarchical relationship characterizes parent-child hierarchical relationships between the hierarchy of the target object and its parent-child hierarchies.
Specifically, after the Ukey obtains the authorization information, the encryption sequence of the authorization information of each level is determined according to the parent-child level relation among all levels. Specifically, the encryption sequence may be that the authorization information of the system level is encrypted first, then the authorization information of the module level is encrypted, and finally the authorization information of the application level is encrypted; and encrypting the authorization information of each level in turn according to the sequence to obtain the encrypted information.
Step S103, the encrypted information is sent to the target terminal, so that the target terminal decrypts the encrypted information to obtain authorization information, and the target object is authorized through the authorization information.
Specifically, after the Ukey encrypts the authorization information, the Ukey sends the encrypted information to the target terminal, the target terminal can decrypt the encrypted information after receiving the encrypted information, and the decrypted authorization information can authorize the target object.
According to the scheme provided by the application, the authorization information of the target object is divided into a plurality of layers according to the type of the target object, the authorization information of each layer is sequentially encrypted, the terminal equipment sequentially decrypts the encrypted authorization information to obtain the corresponding authorization information of the target object, the accurate authorization from the system to the application is realized, and the refinement degree of authorization management and control is improved.
In an alternative embodiment of the application, the highest level parent level of the target object comprises the system level.
Based on the hierarchical relationship between the target object and at least one father level of the target object, encrypting the authorization information of at least two levels in turn to obtain encrypted information, which specifically comprises:
transmitting the authorization configuration information to an authorization server, and generating a private key by the authorization server according to the authorization configuration information;
signing the authorization information of the system according to the private key to obtain first authorization information;
sequentially encrypting the authorization information of the child hierarchy of the system hierarchy based on the hierarchy relation from the parent hierarchy to the child hierarchy to obtain at least one second authorization information;
encryption information is generated based on the first authorization information and the at least one second authorization information.
As shown in fig. 2, the device related to authorization in the embodiment of the present application includes an authorization server, an initialization tool, and a mirror server. The private key may be generated by an authorization server, which may generate the private key and the corresponding public key through an RSA (RSA encryption) algorithm. The first authorization information may be obtained by encrypting the authorization information at the system level. The second authorization information may be obtained by encrypting the authorization information of the non-system level.
Specifically, as shown in fig. 2, in the embodiment of the present application, the mirror server stores in advance a mirror version of the target object that is identical to a mirror version stored on the target terminal (the mirror version stored on the target terminal may be downloaded from the mirror server), the mirror server will first send authorization configuration information related to authorization in all the stored mirror versions to the authorization server, and the authorization server will generate corresponding public and private keys according to each set of authorization configuration information, for example, generate the public and private keys by using RSA algorithm. When the target object needs to be authorized, the initialization tool can acquire a corresponding private key from the authorization server according to the mirror version stored in the target terminal and acquire the authorization information of the current authorization. The authorization server also sends the public key corresponding to the private key to the mirror image server, and the mirror image server sends the received public key to the target terminal. The initialization tool stores the obtained private key and the authorization information together into Ukey, the Ukey signs the authorization information of the system level according to the private key to obtain signed first authorization information, the authorization information of each non-system level (such as a module level and an application level) is sequentially encrypted based on father-son level relation among the levels to obtain second authorization information of each level, and finally the Ukey integrates the first authorization information and all the second authorization information to generate encrypted information.
In an optional embodiment of the present application, encrypting the authorization information of the sub-hierarchy of the system hierarchy sequentially to obtain at least one second authorization information specifically includes:
for the first sub-level, acquiring a first key according to the first authorization information and a preset key derivation function, and encrypting the authorization information of the first sub-level according to the first key; the first sub-level is a sub-level immediately adjacent to the system level;
for each second sub-level, acquiring a second key according to second authorization information of a father level directly adjacent to the second sub-level and a preset key derivation function, and encrypting the authorization information of the second sub-level according to the second key; the second sub-hierarchy includes sub-hierarchies that are not immediately adjacent to the system hierarchy.
Wherein the first sub-level may be a level immediately adjacent to the system level, i.e. the first level below the system level. The second sub-hierarchy may be a hierarchy that is not immediately adjacent to the system hierarchy, i.e., other than the first hierarchy below the system hierarchy.
Specifically, as shown in fig. 3, the Ukey may sign the authorization information of the system level based on the private key according to the authorization information of the system level and the private key to obtain the corresponding first authorization information. Then sequentially encrypting the first sub-level and all other authorization information of the second sub-level, specifically, for the first sub-level, generating a corresponding first key according to the first authorization information and a preset key derivative function, and then encrypting the authorization information of the first sub-level based on the first key to obtain the second authorization information of the first sub-level; for each other second sub-level, a corresponding second key is generated according to the second authorization information of the directly adjacent parent level and the preset key derivation function, and then the authorization information of the second sub-level is encrypted based on the second key to obtain the second authorization information of the second sub-level.
Optionally, after the authorization information of all levels is encrypted, the Ukey may store all the encrypted authorization information (i.e. encrypted information) into a preset storage space.
Fig. 4 is a schematic flow chart of a method for authorizing a target object according to an embodiment of the present application, where an authorized execution body may be a target terminal, as shown in fig. 4, and the method may include:
step S201, receiving encryption information sent by preset authorization equipment; the encryption information is obtained by sequentially encrypting the authorization information of at least two levels based on the level relation between the target object and at least one father level of the target object after the preset authorization equipment acquires the authorization information of at least two levels of the target object; the at least two levels of authorization information include authorization information for the target object and authorization information for at least one parent level of the target object.
The target object may be a certain module in the system, or may be a certain application in the module, which is not limited herein. The authorization information may be stored in the Ukey, and includes information related to the present authorization, such as authorization deadline, authorization module name, maximum authorization number, etc. The hierarchical relationship characterizes parent-child hierarchical relationships between the hierarchy of the target object and its parent-child hierarchies.
Specifically, when the target object in the target terminal needs to be authorized, at least two levels (such as a system level and at least one module or application level) related to the target object may be determined, and the Ukey acquires authorization information of all levels. Illustratively, the authorization information of the system level may include unique identification information of the target terminal, authorization time information, and the like; the authorization information of the module level may include unique identification information of the target terminal, authorization time information, module name information, etc.; the authorization information of the application hierarchy may include a unique ID, authorization time information, module name information, application name information, etc.; the authorization information of the application hierarchy may include a unique ID, authorization time information, module name information, application name information, and the like. After the Ukey acquires the authorization information, determining the encryption sequence of the authorization information of each level according to the parent-child level relation among all levels. Specifically, the encryption sequence may be that the authorization information of the system level is encrypted first, then the authorization information of the module level is encrypted, and finally the authorization information of the application level is encrypted; and encrypting the authorization information of each level in turn according to the sequence to obtain the encrypted information, and transmitting the encrypted information to the target terminal.
Step S202, decrypting the encrypted information to obtain the authorization information so as to authorize the target object through the authorization information.
Specifically, the target terminal may decrypt the encrypted information after receiving the encrypted information, and then authorize the target object according to the decrypted authorization information.
According to the scheme provided by the application, the authorization information of the target object is divided into a plurality of layers according to the type of the target object, the authorization information of each layer is sequentially encrypted, the terminal equipment sequentially decrypts the encrypted authorization information to obtain the corresponding authorization information of the target object, the accurate authorization from the system to the application is realized, and the refinement degree of authorization management and control is improved.
In an alternative embodiment of the application, the highest level parent level of the target object comprises the system level; the encryption information comprises first authorization information obtained after the authorization information of the system is signed and at least one second authorization information obtained after the authorization information of the sub-level of the system level is encrypted;
decrypting the encrypted information specifically includes:
receiving a public key generated by an authorization server according to authorization configuration information; the authorization configuration information is sent to the authorization server by the mirror image server;
Signing the first authorization information according to the public key to obtain a signing verification result;
if the signature verification result is passed, for the first sub-level, acquiring a first key according to the first authorization information and a preset key derivation function, and decrypting the second authorization information of the first sub-level according to the first key; the first sub-level is a sub-level immediately adjacent to the system level;
for each second sub-level, acquiring a second key according to second authorization information of a father level directly adjacent to the second sub-level and a preset key derivation function, and decrypting the second authorization information of the second sub-level according to the second key; the second sub-hierarchy includes sub-hierarchies that are not immediately adjacent to the system hierarchy.
As shown in fig. 2, the device related to authorization in the embodiment of the present application includes an authorization server, an initialization tool, and a mirror server. The private key may be generated by an authorization server, which may generate the private key and the corresponding public key by an RSA algorithm or the like. The first authorization information may be obtained by encrypting authorization information of a system level, and the second authorization information may be obtained by encrypting authorization information of a non-system level. The first sub-level may be a level immediately adjacent to the system level, i.e., the first level below the system level; the second sub-hierarchy may be a hierarchy that is not immediately adjacent to the system hierarchy, i.e., other than the first hierarchy below the system hierarchy.
Specifically, as shown in fig. 2, in the embodiment of the present application, the mirror server stores in advance the mirror version of the target object that is the same as the stored target object on the target terminal, and the mirror server will first send the authorization configuration information related to the authorization in all the stored mirror versions to the authorization server, and the authorization server will generate the corresponding public and private keys according to each mirror information, for example, generate the public and private keys by using the RSA algorithm. When the target object needs to be authorized, the initialization tool can acquire a corresponding private key from the authorization server according to the mirror version stored in the target terminal and acquire the authorization information of the current authorization. The authorization server also sends the public key corresponding to the private key to the mirror image server, and the mirror image server sends the received public key to the target terminal. After receiving the public key, the target terminal firstly carries out signature verification on first authorization information in encryption information sent by the Ukey according to the public key, and obtains a signature verification result, and if the signature verification result is not passed, the target terminal does not carry out subsequent decryption process; and if the signature verification result is passed, sequentially decrypting the authorization information of each level according to the parent-child level relation among the levels. Specifically, the first key may be obtained according to the first authorization information and a preset key derivation function, and then the second authorization information of the first sub-level is decrypted according to the first key to obtain the authorization information of the first sub-level, where the authorization information is the authorization information before the second authorization information is encrypted. And then decrypting the authorization information of the other second sub-levels in turn according to the parent-child level relation among the levels, specifically, for each second sub-level, acquiring a second key according to the second authorization information of the directly adjacent parent level of the second sub-level and a preset key derivation function, and decrypting the second authorization information of the second sub-level according to the second key.
In an alternative embodiment of the present application, the method may further specifically include:
after the target object completes authorization for the first time, storing the encryption information and the identification information of the target terminal into a preset authorization partition, calculating a corresponding first verification code according to the encryption information and the identification information, and storing the first verification code into a preset sandbox;
when the target terminal is started each time, if the encryption information and the identification information of the target object are stored in the preset authorization partition, calculating a second verification code according to the encryption information and the identification information stored in the preset authorization partition in real time;
and comparing the second verification code with the first verification code stored in the preset sandbox, and decrypting the encrypted information to obtain authorization information if the comparison result is the same, so as to authorize the target object through the authorization information.
Wherein the identification information of the target terminal may be an ID of the target terminal device. Illustratively, the verification code may employ an MD5 (Message Digest Algorithm ) code, where the MD5 code is a value calculated by a widely used cryptographic hash function. The preset sandbox is used for storing the verification code obtained through calculation.
Specifically, after the target object completes the authorization for the first time, the target terminal stores the encryption information in the current authorization and the identification information in the current authorization into a preset authorization partition, calculates a corresponding first verification code according to the encryption information and the identification information in the current authorization, and then stores the first verification code into a preset sandbox for recording the current authorization.
Optionally, as shown in fig. 5, each time the target terminal is restarted, it is firstly queried whether the authorization information (i.e. encryption information) of the target object is stored in the preset authorization partition, and if not, monitoring of the preset authorization partition is maintained; if the first verification code is the same as the second verification code, the encryption information can be directly decrypted to obtain the authorization information, and the target object is authorized through the authorization information; if the comparison results are different, the encrypted information is not decrypted, and an unauthorized mode is entered.
It should be noted that, since the authorization information and the identification information stored in the preset authorization partition after the first authorization is completed may be tampered later, the first verification code when the authorization is completed may be calculated, and when the subsequent target terminal is started again, if the calculated second verification code is necessarily different from the first verification code, the information of the target terminal may be tampered, and in an unsafe state, the encryption information currently stored in the preset authorization partition is not decrypted.
Fig. 6 is a block diagram of a target object authorization device according to an embodiment of the present application, and as shown in fig. 6, the target object authorization device 600 may include: an authorization information acquisition module 601, an encryption information acquisition module 602, and a target object authorization module 603, wherein,
the authorization information acquisition module 601 is configured to acquire authorization information about at least two levels of a target object; the authorization information of at least two levels comprises the authorization information of the target object and the authorization information of at least one father level of the target object;
the encryption information acquisition module 602 is configured to encrypt the authorization information of at least two levels in sequence based on a hierarchical relationship between the target object and at least one parent level of the target object, so as to obtain encryption information;
the target object authorization module 603 is configured to send the encrypted information to the target terminal, so that the target terminal decrypts the encrypted information to obtain authorization information, and authorizes the target object through the authorization information.
According to the scheme provided by the application, the authorization information of the target object is divided into a plurality of layers according to the type of the target object, the authorization information of each layer is sequentially encrypted, the terminal equipment sequentially decrypts the encrypted authorization information to obtain the corresponding authorization information of the target object, the accurate authorization from the system to the application is realized, and the refinement degree of authorization management and control is improved.
In an alternative embodiment of the application, the highest level parent level of the target object comprises the system level;
the encryption information acquisition module is specifically used for:
forwarding the authorization configuration information to an authorization server, and generating a private key by the authorization server according to the authorization configuration information;
signing the authorization information of the system according to the private key to obtain first authorization information;
sequentially encrypting the authorization information of the child hierarchy of the system hierarchy based on the hierarchy relation from the parent hierarchy to the child hierarchy to obtain at least one second authorization information;
encryption information is generated based on the first authorization information and the at least one second authorization information.
In an alternative embodiment of the present application, the encryption information acquisition module is further configured to:
for the first sub-level, acquiring a first key according to the first authorization information and a preset key derivation function, and encrypting the authorization information of the first sub-level according to the first key; the first sub-level is a sub-level immediately adjacent to the system level;
for each second sub-level, acquiring a second key according to second authorization information of a father level directly adjacent to the second sub-level and a preset key derivation function, and encrypting the authorization information of the second sub-level according to the second key; the second sub-hierarchy includes sub-hierarchies that are not immediately adjacent to the system hierarchy.
Fig. 7 is a block diagram of a target object authorization device according to an embodiment of the present application, and as shown in fig. 7, the target object authorization device 700 may include: an encryption information receiving module 701, an authorization information decrypting module 702, wherein,
the encryption information receiving module 701 is configured to receive encryption information sent by a preset authorization device; the encryption information is obtained by sequentially encrypting the authorization information of at least two levels based on the level relation between the target object and at least one father level of the target object after the preset authorization equipment acquires the authorization information of at least two levels of the target object; the authorization information of at least two levels comprises the authorization information of the target object and the authorization information of at least one father level of the target object;
the authorization information decryption module 702 is configured to decrypt the encrypted information to obtain authorization information, so as to authorize the target object through the authorization information.
According to the scheme provided by the application, the authorization information of the target object is divided into a plurality of layers according to the type of the target object, the authorization information of each layer is sequentially encrypted, the terminal equipment sequentially decrypts the encrypted authorization information to obtain the corresponding authorization information of the target object, the accurate authorization from the system to the application is realized, and the refinement degree of authorization management and control is improved.
In an alternative embodiment of the application, the highest level parent level of the target object comprises the system level; the encryption information comprises first authorization information obtained after the authorization information of the system is signed and at least one second authorization information obtained after the authorization information of the sub-level of the system level is encrypted;
the authorization information decryption module is specifically configured to:
receiving a public key generated by an authorization server according to authorization configuration information; the authorization configuration information is sent to the authorization server by the mirror image server;
signing the first authorization information according to the public key to obtain a signing verification result;
if the signature verification result is passed, for the first sub-level, acquiring a first key according to the first authorization information and a preset key derivation function, and decrypting the second authorization information of the first sub-level according to the first key; the first sub-level is a sub-level immediately adjacent to the system level;
for each second sub-level, acquiring a second key according to second authorization information of a father level directly adjacent to the second sub-level and a preset key derivation function, and decrypting the second authorization information of the second sub-level according to the second key; the second sub-hierarchy includes sub-hierarchies that are not immediately adjacent to the system hierarchy.
In an optional embodiment of the present application, the apparatus further includes an authorization information checking module, specifically configured to:
after the target object completes authorization for the first time, storing the encryption information and the identification information of the target terminal into a preset authorization partition, calculating a corresponding first verification code according to the encryption information and the identification information, and storing the first verification code into a preset sandbox;
when the method is started each time, if the encryption information and the identification information of the target object are stored in the preset authorization partition, calculating a second verification code according to the encryption information and the identification information stored in the preset authorization partition in real time;
and comparing the second verification code with the first verification code stored in the preset sandbox, and decrypting the encrypted information to obtain authorization information if the comparison result is the same, so as to authorize the target object through the authorization information.
Referring now to fig. 8, there is shown a schematic diagram of an electronic device (e.g., a terminal device or server performing the method of fig. 1 or 4) 800 suitable for use in implementing an embodiment of the present application. The electronic device in the embodiment of the present application may include, but is not limited to, a mobile terminal such as a mobile phone, a notebook computer, a digital broadcast receiver, a PDA (personal digital assistant), a PAD (tablet computer), a PMP (portable multimedia player), a car-mounted terminal (e.g., car navigation terminal), a wearable device, etc., and a fixed terminal such as a digital TV, a desktop computer, etc. The electronic device shown in fig. 8 is only an example and should not be construed as limiting the functionality and scope of use of the embodiments of the application.
An electronic device includes: the memory is used for storing programs for executing the methods according to the method embodiments; the processor is configured to execute a program stored in the memory. Herein, the processor may be referred to as a processing device 801, which is described below, and the memory may include at least one of a Read Only Memory (ROM) 802, a Random Access Memory (RAM) 803, and a storage device 808, which are described below, in detail:
as shown in fig. 8, the electronic device 800 may include a processing means (e.g., a central processor, a graphics processor, etc.) 801, which may perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 802 or a program loaded from a storage means 808 into a Random Access Memory (RAM) 803. In the RAM803, various programs and data required for the operation of the electronic device 800 are also stored. The processing device 801, the ROM 802, and the RAM803 are connected to each other by a bus 804. An input/output (I/O) interface 805 is also connected to the bus 804.
In general, the following devices may be connected to the I/O interface 805: input devices 806 including, for example, a touch screen, touchpad, keyboard, mouse, camera, microphone, accelerometer, gyroscope, and the like; an output device 807 including, for example, a Liquid Crystal Display (LCD), speakers, vibrators, etc.; storage 808 including, for example, magnetic tape, hard disk, etc.; communication means 809. The communication means 809 may allow the electronic device 800 to communicate wirelessly or by wire with other devices to exchange data. While fig. 8 shows an electronic device having various means, it is to be understood that not all of the illustrated means are required to be implemented or provided. More or fewer devices may be implemented or provided instead.
In particular, according to embodiments of the present application, the processes described above with reference to flowcharts may be implemented as computer software programs. For example, embodiments of the present application include a computer program product comprising a computer program embodied on a non-transitory computer readable medium, the computer program comprising program code for performing the method shown in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network via communication device 809, or installed from storage device 808, or installed from ROM 802. When being executed by the processing means 801, performs the above-described functions defined in the method of an embodiment of the application.
The computer readable storage medium of the present application may be a computer readable signal medium or a computer readable storage medium, or any combination of the two. The computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples of the computer-readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present application, however, the computer-readable signal medium may include a data signal propagated in baseband or as part of a carrier wave, with the computer-readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: electrical wires, fiber optic cables, RF (radio frequency), and the like, or any suitable combination of the foregoing.
In some implementations, the clients, servers may communicate using any currently known or future developed network protocol, such as HTTP (HyperText Transfer Protocol ), and may be interconnected with any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include a local area network ("LAN"), a wide area network ("WAN"), the internet (e.g., the internet), and peer-to-peer networks (e.g., ad hoc peer-to-peer networks), as well as any currently known or future developed networks.
The computer readable medium may be contained in the electronic device; or may exist alone without being incorporated into the electronic device.
The computer readable medium carries one or more programs which, when executed by the electronic device, cause the electronic device to:
acquiring authorization information about at least two levels of a target object; the authorization information of at least two levels comprises the authorization information of the target object and the authorization information of at least one father level of the target object; sequentially encrypting the authorization information of at least two levels based on the level relation between the target object and at least one father level of the target object to obtain encryption information; and sending the encryption information to the target terminal so that the target terminal decrypts the encryption information to obtain the authorization information, and authorizing the target object through the authorization information.
Or alternatively, the first and second heat exchangers may be,
receiving encryption information sent by preset authorization equipment; the encryption information is obtained by sequentially encrypting the authorization information of at least two levels based on the level relation between the target object and at least one father level of the target object after the preset authorization equipment acquires the authorization information of at least two levels of the target object; the authorization information of at least two levels comprises the authorization information of the target object and the authorization information of at least one father level of the target object; decrypting the encrypted information to obtain the authorization information so as to authorize the target object through the authorization information.
Computer program code for carrying out operations of the present application may be written in one or more programming languages, including, but not limited to, an object oriented programming language such as Java, smalltalk, C ++ and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computer (for example, through the Internet using an Internet service provider).
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The modules or units involved in the embodiments of the present application may be implemented in software or in hardware. Where the name of the module or unit does not constitute a limitation of the unit itself in some cases, for example, the first constraint acquisition module may also be described as "a module that acquires the first constraint".
The functions described above herein may be performed, at least in part, by one or more hardware logic components. For example, without limitation, exemplary types of hardware logic components that may be used include: a Field Programmable Gate Array (FPGA), an Application Specific Integrated Circuit (ASIC), an Application Specific Standard Product (ASSP), a system on a chip (SOC), a Complex Programmable Logic Device (CPLD), and the like.
In the context of the present application, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. The machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
It should be understood that, although the steps in the flowcharts of the figures are shown in order as indicated by the arrows, these steps are not necessarily performed in order as indicated by the arrows. The steps are not strictly limited in order and may be performed in other orders, unless explicitly stated herein. Moreover, at least some of the steps in the flowcharts of the figures may include a plurality of sub-steps or stages that are not necessarily performed at the same time, but may be performed at different times, the order of their execution not necessarily being sequential, but may be performed in turn or alternately with other steps or at least a portion of the other steps or stages.
The foregoing is only a partial embodiment of the present invention, and it should be noted that it will be apparent to those skilled in the art that modifications and adaptations can be made without departing from the principles of the present invention, and such modifications and adaptations are intended to be comprehended within the scope of the present invention.

Claims (10)

1. A method for authorizing a target object, comprising:
acquiring authorization information about at least two levels of a target object; the at least two levels of authorization information include authorization information of the target object and authorization information of at least one parent level of the target object;
Encrypting the authorization information of at least two levels in sequence based on the level relation between the target object and at least one father level of the target object to obtain encrypted information;
and sending the encryption information to the target terminal so that the target terminal decrypts the encryption information to obtain the authorization information, and authorizing the target object through the authorization information.
2. The method of claim 1, wherein the highest level parent level of the target object comprises a system level;
the encrypting the authorization information of at least two levels in turn based on the hierarchical relationship between the target object and at least one parent level of the target object to obtain encrypted information includes:
transmitting the authorization configuration information to an authorization server, wherein the authorization server generates a private key according to the authorization configuration information;
signing the authorization information of the system according to the private key to obtain first authorization information;
sequentially encrypting the authorization information of the child level of the system level based on the level relation from the parent level to the child level to obtain at least one second authorization information;
The encryption information is generated based on the first authorization information and at least one second authorization information.
3. The method according to claim 2, wherein the sequentially encrypting the authorization information of the sub-levels of the system level to obtain at least one second authorization information includes:
for a first sub-level, acquiring a first key according to the first authorization information and a preset key derivation function, and encrypting the authorization information of the first sub-level according to the first key; the first sub-level is a sub-level directly adjacent to the system level;
for each second sub-level, acquiring a second key according to second authorization information of a father level directly adjacent to the second sub-level and the preset key derivation function, and encrypting the authorization information of the second sub-level according to the second key; the second sub-hierarchy includes sub-hierarchies that are not immediately adjacent to the system hierarchy.
4. A method for authorizing a target object, comprising:
receiving encryption information sent by the preset authorization equipment; the encryption information is obtained by sequentially encrypting the authorization information of at least two levels based on the level relation between the target object and at least one father level of the target object after the preset authorization equipment acquires the authorization information of at least two levels of the target object; the at least two levels of authorization information include authorization information of the target object and authorization information of at least one parent level of the target object;
Decrypting the encrypted information to obtain the authorization information so as to authorize the target object through the authorization information.
5. The method of claim 4, wherein the highest level parent level of the target object comprises a system level; the encryption information comprises first authorization information obtained after the authorization information of the system is signed and at least one second authorization information obtained after the authorization information of the sub-level of the system level is encrypted;
the decrypting the encrypted information includes:
receiving a public key generated by an authorization server according to authorization configuration information; wherein the authorization configuration information is sent to the authorization server by a mirror server;
signing verification is carried out on the first authorization information according to the public key, and a signing verification result is obtained;
if the signature verification result is passed, for a first sub-level, acquiring a first key according to the first authorization information and a preset key derivation function, and decrypting second authorization information of the first sub-level according to the first key; the first sub-level is a directly adjacent sub-level to the system level;
for each second sub-level, obtaining a second key according to second authorization information of a father level directly adjacent to the second sub-level and the preset key derivation function, and decrypting the second authorization information of the second sub-level according to the second key; the second sub-hierarchy includes sub-hierarchies that are not immediately adjacent to the system hierarchy.
6. The method as recited in claim 4, wherein the method further comprises:
after the target object completes authorization for the first time, storing the encryption information and the identification information of the target terminal into a preset authorization partition, calculating a corresponding first verification code according to the encryption information and the identification information, and storing the first verification code into a preset sandbox;
when the method is started each time, if the encryption information and the identification information of the target object are stored in the preset authorization partition, calculating a second verification code according to the encryption information and the identification information stored in the preset authorization partition in real time;
and comparing the second verification code with a first verification code stored in a preset sandbox, and decrypting the encrypted information to obtain the authorization information if the comparison result is the same, so as to authorize the target object through the authorization information.
7. A target object authorization device, comprising:
the authorization information acquisition module is used for acquiring authorization information about at least two levels of the target object; the at least two levels of authorization information include authorization information of the target object and authorization information of at least one parent level of the target object;
The encryption information acquisition module is used for sequentially encrypting the authorization information of at least two levels based on the level relation between the target object and at least one father level of the target object to obtain encryption information;
and the target object authorization module is used for sending the encryption information to the target terminal so that the target terminal decrypts the encryption information to obtain the authorization information, and authorizing the target object through the authorization information.
8. A target object authorization device, comprising:
the encryption information receiving module is used for receiving encryption information sent by the preset authorization equipment; the encryption information is obtained by sequentially encrypting the authorization information of at least two levels based on the level relation between the target object and at least one father level of the target object after the preset authorization equipment acquires the authorization information of at least two levels of the target object; the at least two levels of authorization information include authorization information of the target object and authorization information of at least one parent level of the target object;
and the authorization information decryption module is used for decrypting the encrypted information to obtain the authorization information so as to authorize the target object through the authorization information.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory, characterized in that the processor executes the computer program to carry out the steps of the method according to any one of claims 1-6.
10. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method according to any of claims 1-6.
CN202311100695.6A 2023-08-29 2023-08-29 Target object authorization method and device, electronic equipment and storage medium Pending CN117077174A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311100695.6A CN117077174A (en) 2023-08-29 2023-08-29 Target object authorization method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311100695.6A CN117077174A (en) 2023-08-29 2023-08-29 Target object authorization method and device, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
CN117077174A true CN117077174A (en) 2023-11-17

Family

ID=88711431

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311100695.6A Pending CN117077174A (en) 2023-08-29 2023-08-29 Target object authorization method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN117077174A (en)

Similar Documents

Publication Publication Date Title
CN110611657A (en) File stream processing method, device and system based on block chain
CN108923925B (en) Data storage method and device applied to block chain
CN112073433B (en) SSL certificate updating method and device, electronic equipment and storage medium
CN111245811A (en) Information encryption method and device and electronic equipment
CN111030827A (en) Information interaction method and device, electronic equipment and storage medium
CN110705985B (en) Method and apparatus for storing information
CN110737905B (en) Data authorization method, data authorization device and computer storage medium
CN110545542B (en) Main control key downloading method and device based on asymmetric encryption algorithm and computer equipment
CN111178874A (en) Transaction method and system based on block chain cold wallet
CN111010283B (en) Method and apparatus for generating information
CN112329044A (en) Information acquisition method and device, electronic equipment and computer readable medium
CN117061105A (en) Data processing method and device, readable medium and electronic equipment
CN116502189A (en) Software authorization method, system, device and storage medium
CN115296807B (en) Key generation method, device and equipment for preventing industrial control network viruses
CN114499893B (en) Bidding file encryption and evidence storage method and system based on block chain
CN110602075A (en) File stream processing method, device and system for encryption access control
CN117077174A (en) Target object authorization method and device, electronic equipment and storage medium
CN113961931A (en) Adb tool using method and device and electronic equipment
CN110492998B (en) Method for encrypting and decrypting data
CN115378743B (en) Information encryption transmission method, device, equipment and medium
CN111314320B (en) Communication method, terminal, server and system based on HTTP
CN113138739B (en) Screen projection method, system, device, electronic equipment and storage medium
CN116095671B (en) Resource sharing method based on meta universe and related equipment thereof
CN116561820B (en) Trusted data processing method and related device
CN115174260B (en) Data verification method, device, computer, storage medium and program product

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination