CN117614639A - Method and system for encryption and authorization of flat panel detector according to needs - Google Patents
Method and system for encryption and authorization of flat panel detector according to needs Download PDFInfo
- Publication number
- CN117614639A CN117614639A CN202311289221.0A CN202311289221A CN117614639A CN 117614639 A CN117614639 A CN 117614639A CN 202311289221 A CN202311289221 A CN 202311289221A CN 117614639 A CN117614639 A CN 117614639A
- Authority
- CN
- China
- Prior art keywords
- flat panel
- panel detector
- encryption
- key
- authorization file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000013475 authorization Methods 0.000 title claims abstract description 251
- 238000000034 method Methods 0.000 title claims abstract description 53
- 238000013507 mapping Methods 0.000 claims description 8
- 230000006870 function Effects 0.000 description 17
- 230000006854 communication Effects 0.000 description 7
- 239000000306 component Substances 0.000 description 4
- 238000011161 development Methods 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 238000004590 computer program Methods 0.000 description 3
- 238000010276 construction Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 238000010367 cloning Methods 0.000 description 2
- 238000012937 correction Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 239000007787 solid Substances 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 239000008358 core component Substances 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Abstract
The invention provides a flat panel detector on-demand encryption authorization method and a system, comprising the following steps: the flat panel detector acquires and stores a second encryption authorization file, and when a program to be authorized is required to be used, the second encryption authorization file and identification information are sent to the upper computer, so that the upper computer decrypts the second encryption authorization file based on a first key and a second key, program permission is opened to the flat panel detector, the upper computer performs third encryption on the identification information and authorization code acquired after decryption based on the second key, and the third encryption authorization file is sent to the flat panel detector; the flat panel detector receives the third encrypted authorization file and decrypts the third encrypted authorization file based on the second key to open corresponding hardware rights to the flat panel detector. The on-demand encryption authorization method and system for the flat panel detector can improve the security of on-demand authorization of the flat panel detector and effectively prevent the embedded program of the flat panel detector from being cloned and stolen.
Description
Technical Field
The application belongs to the technical field of digital x-ray flat panel detectors, and particularly relates to a method and a system for encryption and authorization of a flat panel detector according to requirements.
Background
The flat panel detector is a core component of the digital X-ray image system, and along with the development of the digital X-ray image system and related technologies, the application field of the flat panel detector is continuously expanded, so that a new high growth stage is entered. The function requirements of users on the flat panel detector are different from each other in different application fields, but in order to reduce the development cost and shorten the development period, the development mode adopted generally is to embed the same set of program in the flat panel detector with the same model to be compatible with all the function requirements, so that the functional redundancy is increased, and the stability of the equipment is easily reduced; and price difference strategy cannot be executed for basic functions and advanced functions for the flat panel detector of the same model, or authorization protection is performed for different functions. In order to solve the problems, manufacturers put forward an on-demand authorization method for developing the flat panel detector, but the current on-demand authorization method for the flat panel detector only designs a corresponding authorization method aiming at different functions of the flat panel detector, and does not consider the problems that authorization information is easy to crack and is easy to steal and crack when the flat panel detector is communicated with an upper computer, so that the safety of a flat panel detector software system cannot be effectively ensured, and huge economic losses are brought to manufacturers of the flat panel detector.
Therefore, on the premise of ensuring the stability of the equipment, the improvement of the security of the flat panel detector according to the requirement for authorization so as to effectively prevent the economic loss caused by cloning piracy is a problem to be solved in the present day.
Disclosure of Invention
In view of the above-mentioned drawbacks of the prior art, an object of the present application is to provide a method and a system for on-demand encryption and authorization of a flat panel detector, which are used for solving the problem that in the prior art, security is not high when on-demand authorization protection is performed on an embedded program of the flat panel detector, and huge economic loss caused by cloning and pirating of the embedded program cannot be effectively controlled.
In order to achieve the above and other related objects, the present invention provides a method for encryption and authorization of a flat panel detector as required, which is applied to a flat panel detector end, wherein the flat panel detector is connected with an upper computer, and is preset with a decryption module and a mapping relation between identification information and authorization code stored in the flat panel detector and authorization information, and the upper computer is preset with an encryption and decryption module and a mapping relation between a program to be authorized and authorization code stored in the upper computer and the authorization information, and the method comprises the following steps:
acquiring and storing a second encryption authorization file; the second encryption authorization file is constructed based on the first encryption authorization file;
when a program to be authorized is required to be used, the second encryption authorization file and the identification information stored by the flat panel detector are sent to an upper computer, so that the upper computer obtains a first key and a second key stored by a first security terminal, decrypts the second encryption authorization file based on the second encryption authorization file, the first key, the second key and the identification information stored by the flat panel detector, opens corresponding program authorities to the flat panel detector, and enables the upper computer to perform third encryption on the identification information and the authorization code of the flat panel detector obtained after decryption based on the second key, so as to obtain a third encryption authorization file, and sends the third encryption authorization file to the flat panel detector;
the control chip of the flat panel detector receives the third encryption authorization file and acquires a second secret key stored by a second secret terminal; and the flat panel detector decrypts the third encryption authorization file based on the third encryption authorization file, the second key and the identification information stored by the flat panel detector so as to open corresponding hardware rights to the flat panel detector.
In an embodiment of the present invention, the method for constructing the second encrypted authorization file includes:
the identification information and the authorization code of the flat panel detector are used as an authorization file;
setting a first key, and carrying out first encryption on the authorization file by adopting a first encryption algorithm based on the first key so as to obtain a first encrypted authorization file;
setting a second key, and carrying out second encryption on the first encrypted authorization file by adopting a second encryption algorithm based on the second key so as to obtain a second encrypted authorization file.
In an embodiment of the invention, the first encryption algorithm and the second encryption algorithm are symmetric encryption algorithms.
In an embodiment of the present invention, the key stored in advance in the second security terminal is the same as the key when the upper computer encrypts the identification information and the authorization code of the flat panel detector.
In an embodiment of the invention, the first key is different from the second key.
In an embodiment of the present invention, the name of the second encrypted authorization file includes identification information of the flat panel detector, and when the method performs saving the second encrypted authorization file to the flat panel detector, the method further includes:
and acquiring the identification information stored by the flat panel detector, detecting whether the identification information stored by the flat panel detector is consistent with the identification information of the flat panel detector contained in the second encrypted authorization file name, and if so, writing and storing the second encrypted authorization file into the flat panel detector.
In another embodiment of the present invention, the first secret terminal stores a first key, a second key and a third key in advance, the second secret terminal stores a third key in advance, and the method includes, when executing the flat panel detector to request to use a program to be authorized:
the second encryption authorization file and the identification information stored by the flat panel detector are sent to an upper computer, so that the upper computer obtains a first key, a second key and a third key stored by a first security terminal, and decrypts the second encryption authorization file based on the second encryption authorization file, the first key, the second key and the identification information stored by the flat panel detector, so as to open corresponding program rights to the flat panel detector; the upper computer carries out fourth encryption on the identification information and the authorization code of the flat panel detector, which are obtained after decryption, by adopting a third encryption algorithm based on the third secret key so as to obtain a fourth encrypted authorization file, and the third encrypted authorization file is sent to the flat panel detector;
the control chip of the flat panel detector receives the third encryption authorization file and acquires a third secret key stored by the second secret terminal; and the flat panel detector decrypts the third encryption authorization file based on the third encryption authorization file, the third key and the identification information stored by the flat panel detector so as to open corresponding hardware rights to the flat panel detector.
In another embodiment of the present invention, the third encryption algorithm is a symmetric encryption algorithm.
In an embodiment of the present invention, the secret key stored in the first secret terminal is only transmitted to the upper computer; the key stored by the second secret terminal is only transmitted to the flat panel detector.
Correspondingly, the invention provides a flat panel detector on-demand encryption authorization system, which is characterized by comprising:
the second encryption authorization file acquisition module is used for enabling the flat panel detector to acquire and store the second encryption authorization file;
the program authorization module is used for sending the second encryption authorization file and the identification information stored by the flat panel detector to an upper computer when the flat panel detector requests to use a program to be authorized, so that the upper computer obtains a first secret key and a second secret key stored by a first secret end, and decrypts the second encryption authorization file based on the second encryption authorization file, the first secret key, the second secret key and the identification information stored by the flat panel detector to open corresponding program rights to the flat panel detector; the upper computer carries out third encryption on the identification information and the authorization code of the flat panel detector, which are obtained after decryption, by adopting a second encryption algorithm based on the second secret key so as to obtain a third encrypted authorization file, and the third encrypted authorization file is sent to the flat panel detector;
the hardware authorization module is used for enabling the control chip of the flat panel detector to receive the third encryption authorization file and acquiring a second secret key stored by a second secret terminal; and the flat panel detector decrypts the third encryption authorization file based on the third encryption authorization file, the second key and the identification information stored by the flat panel detector so as to open corresponding hardware rights to the flat panel detector.
As described above, the on-demand encryption and authorization method and system for flat panel detector have the following beneficial effects:
the security of the authorization file is improved by encrypting the authorization file for a plurality of times; meanwhile, the encryption and decryption module is preset in the upper computer, the first secret key and the second secret key are stored in advance in the first secret end, the decryption module is preset in the flat panel detector, and the second secret key is stored in advance in the second secret end, so that only the encrypted ciphertext of the authorization file is transmitted in the communication process of the flat panel detector and the upper computer, the secret key is not required to be transmitted at the same time, the safety of the authorization file in the communication process is ensured, the embedded program of the flat panel detector is effectively prevented from being cloned and stolen, and the economic loss of flat panel detector manufacturers is avoided.
Drawings
Fig. 1 is a schematic flow chart of an embodiment of the encryption-on-demand authorization method for flat panel detector provided in the first aspect of the present application.
Fig. 2 is a schematic flow chart of an embodiment of the encryption on demand authorization method for flat panel detector provided in the second aspect of the present application.
Fig. 3 is a schematic flow chart of an embodiment of the encryption on demand authorization method for flat panel detector provided in the third aspect of the present application.
Fig. 4 is a schematic block diagram of an embodiment of the on-demand encryption authorization system for flat panel detector provided in the present application.
Fig. 5 is a schematic block diagram of another embodiment of the on-demand encryption authorization system for flat panel detector provided in the present application.
Description of the reference numerals
S2 to S6 steps
301. Second encryption authorization file acquisition module
302. Program authorization module
303. Hardware authorization module
304. Second encryption authorization file construction module
Detailed Description
Other advantages and effects of the present application will become apparent to those skilled in the art from the present disclosure, when the following description of the embodiments is taken in conjunction with the accompanying drawings. The present application may be embodied or carried out in other specific embodiments, and the details of the present application may be modified or changed from various points of view and applications without departing from the spirit of the present application. It should be noted that the following embodiments and features in the embodiments may be combined with each other without conflict.
It should be noted that, the illustrations provided in the following embodiments merely illustrate the basic concepts of the application by way of illustration, and only the components related to the application are shown in the drawings and are not drawn according to the number, shape and size of the components in actual implementation, and the form, number and proportion of the components in actual implementation may be arbitrarily changed, and the layout of the components may be more complex.
Interpretation of the terms:
the upper computer: the computer or the singlechip can directly send the operation instruction;
symmetric encryption algorithm: an encryption algorithm using the same key for encryption and decryption;
sequence number: namely the identity card number of the equipment is the unique identification code of the equipment;
SDK: software Development Kit, a software development kit, which is a kit provided by a third party service provider for realizing a certain function of product software, and is used for developing an upper computer in communication with a hardware system;
and (3) FPGA: field-Programmable Gate Array, field programmable gate array, is a chip that can be programmed to perform a variety of custom functions.
The following embodiment of the application provides a method for encrypting and authorizing a flat panel detector according to needs, and the security of an authorization file is improved by encrypting the authorization file for a plurality of times; meanwhile, an encryption and decryption module is preset in the upper computer, and a decryption module is preset in the flat panel detector and identification information of the flat panel detector is stored in advance, so that only encrypted ciphertext of the authorization file is transmitted in the communication process of the flat panel detector and the upper computer, and a secret key is not required to be transmitted at the same time, the security of the authorization file in the communication process is ensured, the embedded program of the flat panel detector is effectively prevented from being cloned and stolen, and economic losses of flat panel detector manufacturers are avoided.
Referring to fig. 1, a flow chart of an embodiment of the encryption-on-demand authorization method for flat panel detector according to the first aspect of the present invention is shown.
As shown in fig. 1, in this embodiment, the encryption-on-demand authorization method for a flat panel detector provided by the present invention is applied to a flat panel detector end, where the flat panel detector is connected to an upper computer, and a decryption module and a mapping relationship between identification information and authorization code stored in the flat panel detector and authorization information are preset, and the upper computer is preset with an encryption-decryption module and a mapping relationship between a program to be authorized and authorization code and authorization information stored in the upper computer, and includes the following steps:
s2, acquiring and storing a second encryption authorization file; the second encryption authorization file is constructed based on the first encryption authorization file;
wherein the decryption key of the second encrypted authorization file comprises a first key and a second key;
the content of the second encrypted authorization file contains identification information and authorization codes of the flat panel detector.
The authorization code is defined according to an authorization model required by the flat panel detector; the authorization mode includes: a function authorization mode, a validity period authorization mode, and a usage number authorization mode.
Specifically, when the authorization mode is a function authorization mode, authorization code definition is performed on each function, and authorization code definition is also performed on enabling/disabling of each function. When the authorization mode is a valid period authorization mode, a timing module capable of configuring starting time and reading current time at any time is preset in the flat panel detector, and authorization coding definition is carried out for the valid period duration. When the authorization mode is a use number authorization mode, a configurable starting number of times is preset in the flat panel detector, a counting module of the used number of times can be read at any time, and authorization coding definition is carried out for the total number of times which can be used.
Step S4, when a program to be authorized is required to be used, the second encryption authorization file and the identification information stored by the flat panel detector are sent to an upper computer, so that the upper computer obtains a first secret key and a second secret key stored by a first secret end, decrypts the second encryption authorization file based on the second encryption authorization file, the first secret key, the second secret key and the identification information stored by the flat panel detector, opens corresponding program authorities to the flat panel detector, and enables the upper computer to perform third encryption on the identification information and the authorization code of the flat panel detector obtained after decryption based on the second secret key, so as to obtain a third encryption authorization file, and sends the third encryption authorization file to the flat panel detector;
the first secret end stores a first secret key and a second secret key which are in a read-only state.
Optionally, the first security terminal is a secure computer device or a storage device.
Specifically, when the flat panel detector requests to use a program to be authorized, the second encrypted authorization file and the identification information stored by the flat panel detector are sent to the upper computer, so that the upper computer receives the second encrypted authorization file and the identification information stored by the flat panel detector, and obtains a first secret key and a second secret key of a first secret end; the upper computer decrypts the second encrypted authorization file through the encryption and decryption module based on the first key and the second key in the first key information to obtain identification information and authorization codes of the flat panel detector; the upper computer detects whether the identification information stored by the flat panel detector is consistent with the identification information of the flat panel detector obtained after decryption, if yes, the upper computer determines related authorization information of an authorization mode required by the flat panel detector based on the authorization code and a mapping relation between the authorization code and the authorization information stored in advance, and opens corresponding program authorities to the flat panel detector through an SDK preset in the upper computer; and enabling the upper computer to carry out third encryption on the identification information and the authorization code of the flat panel detector obtained after decryption by adopting a second encryption algorithm through the encryption and decryption module so as to obtain a third encrypted authorization file, and sending the third encrypted authorization file to the flat panel detector.
Wherein, the program authority includes: one or more of the rights of acquisition mode, template soft correction, image scaling and cutting functions, automatic exposure dose control functions, original image opening and the like.
S6, the control chip of the flat panel detector receives the third encryption authorization file and acquires a second secret key stored by a second secret terminal; and the flat panel detector decrypts the third encryption authorization file based on the third encryption authorization file, the second key and the identification information stored by the flat panel detector so as to open corresponding hardware rights to the flat panel detector.
Wherein, the second secret key stored by the second secret terminal is in a read-only state;
optionally, the second secret terminal is a secure computer device or a storage device.
Specifically, the control chip of the flat panel detector receives the third encryption authorization file and acquires second key information of the second secret terminal; the control chip adopts a second secret key in the second secret information to decrypt the third encrypted authorization file through the decryption module to obtain the identification information and the authorization code of the flat panel detector contained in the third encrypted authorization file; the control chip detects whether the identification information stored by the flat panel detector is consistent with the identification information of the flat panel detector obtained after decryption, if so, the control chip determines related authorization information of an authorization mode required by the flat panel detector based on the authorization code and a pre-stored mapping relation between the authorization code and the authorization information, and opens corresponding hardware permission to the flat panel detector through the control chip.
The control chip is a chip for controlling each hardware in the flat panel detector to execute corresponding operation based on a programming program; illustratively, the control chip is an FPGA chip.
The hardware authority includes: template storage, template hard correction, image scaling and clipping functions, automatic exposure dose control functions and the like.
Optionally, before executing step S2, the method further includes:
s1, constructing a second encryption authorization file;
specifically, the construction method of the second encrypted authorization file includes:
s11, taking the identification information and the authorization code of the flat panel detector as an authorization file;
step S12, setting a first secret key, and carrying out first encryption on the authorization file by adopting a first encryption algorithm based on the first secret key so as to obtain a first encrypted authorization file;
wherein the first encryption algorithm is a symmetric encryption algorithm; illustratively, the first encryption algorithm is an AES encryption algorithm.
The first encryption means that for each authorization mode, a first encryption algorithm is adopted to calculate an encryption file for the authorization file based on a first secret key, and the encryption file is uniquely bound with the flat panel detector so as to ensure that one authorization file can only be applied to one flat panel detector.
Step S13, setting a second secret key, and carrying out second encryption on the first encrypted authorization file by adopting a second encryption algorithm based on the second secret key so as to obtain a second encrypted authorization file;
the second encryption means that for the first encryption authorized file, an encrypted file is calculated by adopting the second encryption algorithm based on the second secret key;
according to the on-demand encryption authorization method in the embodiment, the security of the authorization file is improved by encrypting the authorization file for multiple times; meanwhile, the encryption and decryption module is preset on the upper computer, the first secret key and the second secret key are stored at the first secret end, the decryption module is preset on the flat panel detector, and the second secret key is stored at the second secret end, so that only the encrypted ciphertext of the authorization file is transmitted in the communication process of the flat panel detector and the upper computer, the secret key is not required to be transmitted at the same time, the safety of the authorization file in the communication process is ensured, the embedded program of the flat panel detector is effectively prevented from being cloned and stolen, and the economic loss of flat panel detector manufacturers is avoided.
Referring to fig. 2, a flow chart of an embodiment of the encryption-on-demand authorization method for flat panel detector according to the second aspect of the present invention is shown.
As shown in fig. 2, in this embodiment, the on-demand encryption authorization method for a flat panel detector provided by the present invention is different from the method shown in fig. 1 in that the name of the second encryption authorization file includes identification information of the flat panel detector, and when executing step S2, the method further includes:
and acquiring the identification information stored by the flat panel detector, detecting whether the identification information stored by the flat panel detector is consistent with the identification information of the flat panel detector contained in the second encrypted authorization file name, and if so, writing and storing the second encrypted authorization file into the flat panel detector.
In the on-demand encryption authorization method in this embodiment, before the second encryption authorization file is written into and stored in the flat panel detector, whether the identification information stored in the flat panel detector is consistent with the identification information of the flat panel detector contained in the authorization file name is detected in advance, so that the consistency of the second encryption authorization file written into the flat panel detector and the flat panel detector is ensured, the second encryption authorization file stored in the current flat panel detector is prevented from being copied by other flat panel detectors, and the security of on-demand authorization of the flat panel detector is further enhanced.
Referring to fig. 3, a flow chart of an embodiment of the encryption-on-demand authorization method for flat panel detector according to the third aspect of the present invention is shown.
As shown in fig. 3, in this embodiment, the on-demand encryption and authorization method for a flat panel detector provided by the present invention is different from the method shown in fig. 1 in that the first secret end stores a first key, a second key and a third key in advance, the second secret end stores a third key in advance, and when executing step S4, the upper computer performs third encryption on the identification information and authorization code of the flat panel detector obtained after decryption by using a third encryption algorithm based on the third key, so as to obtain a third encrypted authorization file; when executing step S6, the control chip of the flat panel detector receives the third encrypted authorization file and obtains a third key of the second secret terminal; and the flat panel detector decrypts the third encryption authorization file based on the third encryption authorization file, the third key and the identification information stored by the flat panel detector so as to open corresponding hardware rights to the flat panel detector.
The first secret end stores a first secret key, a second secret key and a third secret key, and the second secret end stores a third secret key which is in a read-only state;
the third encryption algorithm is a symmetric encryption algorithm; illustratively, the third encryption algorithm is an AES algorithm.
According to the on-demand encryption authorization method in the embodiment, a first key, a second key and a third key are stored in the upper computer in advance, and the third key is stored in the flat panel detector in advance; and the second encryption authorization file is decrypted only based on the first key and the second key, and the third key stored by the flat panel detector cannot decrypt the second encryption authorization file, so that the security of opening corresponding hardware rights to the flat panel detector by the control chip of the flat panel detector is improved.
It should be noted that, the identification information of the flat panel detector in the present application refers to information that is bound to the flat panel detector and uniquely identifies the flat panel detector; illustratively, the identification information of the flat panel detector is a serial number of the flat panel detector.
As shown in fig. 4, in this embodiment, the present invention provides a flat panel detector on-demand encryption authorization system, which includes:
a second encrypted authorization file acquiring module 301, configured to enable the flat panel detector to acquire and store the second encrypted authorization file;
the program authorization module 302 is configured to send, when the flat panel detector requests to use a program to be authorized, the second encrypted authorization file and identification information stored by the flat panel detector to an upper computer, so that the upper computer obtains a first key and a second key stored by a first security end, and based on the second encrypted authorization file, the first key, the second key and the identification information stored by the flat panel detector, decrypt the second encrypted authorization file to open corresponding program rights to the flat panel detector; the upper computer carries out third encryption on the identification information and the authorization code of the flat panel detector, which are obtained after decryption, by adopting a second encryption algorithm based on the second secret key so as to obtain a third encrypted authorization file, and the third encrypted authorization file is sent to the flat panel detector;
the hardware authorization module 303 is configured to enable a control chip of the flat panel detector to receive the third encrypted authorization file and obtain a second key stored in a second secret terminal; and the flat panel detector decrypts the third encryption authorization file based on the third encryption authorization file, the second key and the identification information stored by the flat panel detector so as to open corresponding hardware rights to the flat panel detector.
As shown in fig. 5, in this embodiment, the on-demand encryption authorization system of the flat panel detector of the present invention further includes:
and a second encrypted authorization file construction module 304, configured to construct the second encrypted authorization file based on the identification information and the authorization code of the flat panel detector.
Embodiments of the present application also provide a computer-readable storage medium. Those of ordinary skill in the art will appreciate that all or part of the steps in the method implementing the above embodiments may be implemented by a program to instruct a processor, where the program may be stored in a computer readable storage medium, where the storage medium is a non-transitory (non-transitory) medium, such as a random access memory, a read only memory, a flash memory, a hard disk, a solid state disk, a magnetic tape (magnetic tape), a floppy disk (floppy disk), an optical disk (optical disk), and any combination thereof. The storage media may be any available media that can be accessed by a computer or a data storage device such as a server, data center, or the like that contains an integration of one or more available media. The usable medium may be a magnetic medium (e.g., a floppy disk, a hard disk, a magnetic tape), an optical medium (e.g., a digital video disc (digital video disc, DVD)), or a semiconductor medium (e.g., a Solid State Disk (SSD)), or the like.
Embodiments of the present application may also provide a computer program product comprising one or more computer instructions. When the computer instructions are loaded and executed on a computing device, the processes or functions described in accordance with the embodiments of the present application are produced in whole or in part. The computer instructions may be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be transmitted from one website, computer, or data center to another website, computer, or data center by a wired (e.g., coaxial cable, fiber optic, digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.).
The computer program product is executed by a computer, which performs the method according to the preceding method embodiment. The computer program product may be a software installation package, which may be downloaded and executed on a computer in case the aforementioned method is required.
The descriptions of the processes or structures corresponding to the drawings have emphasis, and the descriptions of other processes or structures may be referred to for the parts of a certain process or structure that are not described in detail.
The foregoing embodiments are merely illustrative of the principles of the present application and their effectiveness, and are not intended to limit the application. Modifications and variations may be made to the above-described embodiments by those of ordinary skill in the art without departing from the spirit and scope of the present application. Accordingly, it is intended that all equivalent modifications and variations which may be accomplished by persons skilled in the art without departing from the spirit and technical spirit of the disclosure be covered by the claims of this application.
Claims (10)
1. The on-demand encryption and authorization method for the flat panel detector is applied to a flat panel detector end, the flat panel detector is connected with an upper computer, a decryption module and a mapping relation between authorization codes and authorization information stored in the flat panel detector are preset, and the upper computer is preset with the encryption and decryption module and the mapping relation between programs to be authorized and the authorization information stored in the upper computer, and the method is characterized by comprising the following steps:
acquiring and storing a second encryption authorization file; the second encryption authorization file is constructed based on the first encryption authorization file;
when a program to be authorized is required to be used, the second encryption authorization file and the identification information stored by the flat panel detector are sent to an upper computer, so that the upper computer obtains a first secret key and a second secret key stored by a first secret end, and the upper computer decrypts the second encryption authorization file based on the second encryption authorization file, the first secret key, the second secret key and the identification information stored by the flat panel detector, so that corresponding program rights are opened to the flat panel detector; the upper computer carries out third encryption on the identification information and the authorization code of the flat panel detector, which are obtained after decryption, by adopting a second encryption algorithm based on the second secret key so as to obtain a third encrypted authorization file, and the third encrypted authorization file is sent to the flat panel detector;
the control chip of the flat panel detector receives the third encryption authorization file and acquires a second secret key stored by a second secret terminal; and the flat panel detector decrypts the third encryption authorization file based on the third encryption authorization file, the second key and the identification information stored by the flat panel detector so as to open corresponding hardware rights to the flat panel detector.
2. The method according to claim 1, wherein the second encrypted authorization file is constructed in a manner that includes:
the identification information and the authorization code of the flat panel detector are used as an authorization file;
setting a first key, and carrying out first encryption on the authorization file by adopting a first encryption algorithm based on the first key so as to obtain a first encrypted authorization file;
setting a second key, and carrying out second encryption on the first encrypted authorization file by adopting a second encryption algorithm based on the second key so as to obtain a second encrypted authorization file.
3. The method of claim 2, wherein the first encryption algorithm and the second encryption algorithm are both symmetric encryption algorithms.
4. The method of claim 1, wherein the key pre-stored in the second security side is the same as the key when the host computer encrypts the identification information and the authorization code of the flat panel detector.
5. The method of claim 1, wherein the first key is different from the second key.
6. The method of claim 1, wherein the name of the second encrypted authorization file includes identification information of the flat panel detector, and wherein the method, when performing saving the second encrypted authorization file to the flat panel detector, further comprises:
and acquiring the identification information stored by the flat panel detector, detecting whether the identification information stored by the flat panel detector is consistent with the identification information of the flat panel detector contained in the second encrypted authorization file name, and if so, writing and storing the second encrypted authorization file into the flat panel detector.
7. The method of claim 1, wherein the first secure side has a first key, a second key, and a third key stored therein, and wherein the second secure side has a third key stored therein, and wherein the method, when executing the flat panel detector, comprises:
the second encryption authorization file and the identification information stored by the flat panel detector are sent to an upper computer, so that the upper computer obtains a first key, a second key and a third key stored by a first security terminal, and decrypts the second encryption authorization file based on the second encryption authorization file, the first key, the second key and the identification information stored by the flat panel detector, so as to open corresponding program rights to the flat panel detector; the upper computer carries out fourth encryption on the identification information and the authorization code of the flat panel detector, which are obtained after decryption, by adopting a third encryption algorithm based on the third secret key so as to obtain a fourth encrypted authorization file, and the third encrypted authorization file is sent to the flat panel detector;
the control chip of the flat panel detector receives the third encryption authorization file and acquires a third secret key stored by the second secret terminal; and the flat panel detector decrypts the third encryption authorization file based on the third encryption authorization file, the third key and the identification information stored by the flat panel detector so as to open corresponding hardware rights to the flat panel detector.
8. The method of claim 7, wherein the third encryption algorithm is a symmetric encryption algorithm.
9. The method of claim 1, wherein the key stored by the first secure side is transmitted only to the host computer; the key stored by the second secret terminal is only transmitted to the flat panel detector.
10. A flat panel detector on-demand encryption authorization system, the system comprising:
the second encryption authorization file acquisition module is used for enabling the flat panel detector to acquire and store the second encryption authorization file;
the program authorization module is used for sending the second encryption authorization file and the identification information stored by the flat panel detector to an upper computer when the flat panel detector requests to use a program to be authorized, so that the upper computer obtains a first secret key and a second secret key stored by a first secret end, and decrypts the second encryption authorization file based on the second encryption authorization file, the first secret key, the second secret key and the identification information stored by the flat panel detector to open corresponding program rights to the flat panel detector; the upper computer carries out third encryption on the identification information and the authorization code of the flat panel detector, which are obtained after decryption, by adopting a second encryption algorithm based on the second secret key so as to obtain a third encrypted authorization file, and the third encrypted authorization file is sent to the flat panel detector;
the hardware authorization module is used for enabling the control chip of the flat panel detector to receive the third encryption authorization file and acquiring a second secret key stored by a second secret terminal; and the flat panel detector decrypts the third encryption authorization file based on the third encryption authorization file, the second key and the identification information stored by the flat panel detector so as to open corresponding hardware rights to the flat panel detector.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202311289221.0A CN117614639A (en) | 2023-10-08 | 2023-10-08 | Method and system for encryption and authorization of flat panel detector according to needs |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202311289221.0A CN117614639A (en) | 2023-10-08 | 2023-10-08 | Method and system for encryption and authorization of flat panel detector according to needs |
Publications (1)
Publication Number | Publication Date |
---|---|
CN117614639A true CN117614639A (en) | 2024-02-27 |
Family
ID=89954889
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202311289221.0A Pending CN117614639A (en) | 2023-10-08 | 2023-10-08 | Method and system for encryption and authorization of flat panel detector according to needs |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN117614639A (en) |
-
2023
- 2023-10-08 CN CN202311289221.0A patent/CN117614639A/en active Pending
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9954826B2 (en) | Scalable and secure key management for cryptographic data processing | |
CN1914849B (en) | Trusted mobile platform architecture | |
US8572372B2 (en) | Method for selectively enabling access to file systems of mobile terminals | |
US6684198B1 (en) | Program data distribution via open network | |
US8826037B2 (en) | Method for decrypting an encrypted instruction and system thereof | |
US20080025503A1 (en) | Security method using self-generated encryption key, and security apparatus using the same | |
US11943491B2 (en) | Content protection | |
CN102347834A (en) | Trusted mobile platform architecture | |
CA2560574A1 (en) | Digital rights management structure, portable storage device, and contents management method using the portable storage device | |
CN110324358B (en) | Video data management and control authentication method, module, equipment and platform | |
CN109936546B (en) | Data encryption storage method and device and computing equipment | |
US7603566B2 (en) | Authenticated process switching on a microprocessor | |
CN104506504A (en) | Security mechanism and security device for confidential information of card-free terminal | |
US11544354B2 (en) | System for secure provisioning and enforcement of system-on-chip (SOC) features | |
EP3787219A1 (en) | Key processing method and device | |
WO2015154469A1 (en) | Database operation method and device | |
CN112241633B (en) | Bidirectional authentication implementation method and system for non-contact smart card | |
CN110300289B (en) | Video safety management system and method | |
JP2016515778A (en) | Application encryption processing method, apparatus and terminal | |
KR101711024B1 (en) | Method for accessing temper-proof device and apparatus enabling of the method | |
CN117614639A (en) | Method and system for encryption and authorization of flat panel detector according to needs | |
US20100241863A1 (en) | Device for reproducing digital content, secure electronic entity, system comprising said elements and method for reproducing digital content | |
CN103699853A (en) | Smart SD (secure digital memory card) and control system and control method thereof | |
KR101249343B1 (en) | Method for protection of a digital rights file | |
CN112804195A (en) | Data security storage method and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |