CN118250685A - Key management method and system applied to electronic equipment - Google Patents
Key management method and system applied to electronic equipment Download PDFInfo
- Publication number
- CN118250685A CN118250685A CN202410684714.2A CN202410684714A CN118250685A CN 118250685 A CN118250685 A CN 118250685A CN 202410684714 A CN202410684714 A CN 202410684714A CN 118250685 A CN118250685 A CN 118250685A
- Authority
- CN
- China
- Prior art keywords
- key
- unique code
- electronic equipment
- electronic device
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000007726 management method Methods 0.000 title claims abstract description 35
- 238000012795 verification Methods 0.000 claims description 39
- 230000006870 function Effects 0.000 claims description 23
- 238000000034 method Methods 0.000 claims description 10
- 238000004590 computer program Methods 0.000 claims description 7
- 230000008859 change Effects 0.000 claims description 5
- 230000009467 reduction Effects 0.000 claims description 5
- 238000006243 chemical reaction Methods 0.000 claims description 3
- 238000010586 diagram Methods 0.000 description 5
- 238000003491 array Methods 0.000 description 2
- 239000000463 material Substances 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- TVZRAEYQIKYCPH-UHFFFAOYSA-N 3-(trimethylsilyl)propane-1-sulfonic acid Chemical compound C[Si](C)(C)CCCS(O)(=O)=O TVZRAEYQIKYCPH-UHFFFAOYSA-N 0.000 description 1
- 101100217298 Mus musculus Aspm gene Proteins 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
- 230000007704 transition Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
- H04W12/0433—Key management protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3249—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/069—Authentication using certificates or pre-shared keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/69—Identity-dependent
- H04W12/72—Subscriber identity
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention belongs to the technical field of key management, and provides a key management method and a key management system applied to electronic equipment.
Description
Technical Field
The invention belongs to the technical field of key management, and particularly relates to a key management method and system applied to electronic equipment.
Background
A key is a code or password used to encrypt and decrypt data. In cryptography, a key is typically a string of unique bits or characters that is used as an input to an algorithm to encrypt or decrypt data.
It should be noted that in order to limit the use of certain specific functions in an electronic device, the device needs to be authenticated to ensure that the device has permission to use the specific functions. Since some electronic devices do not have input capabilities, this results in an inability to authenticate and authenticate by entering a User Name (username) and a Password (Password).
Disclosure of Invention
Based on this, the embodiment of the invention provides a key management method and a key management system applied to electronic equipment, which aim to safely access specific functions of the electronic equipment when the electronic equipment does not have input capability.
A first aspect of an embodiment of the present invention provides a key management method applied to an electronic device, where the key management method is applied to a scenario having a server and an electronic device, where the electronic device includes a plurality of chips, and the server and the electronic device store respective private keys and public keys of an opposite party, and the method includes:
Acquiring a unique code of the electronic equipment, controlling the electronic equipment to sign the unique code by using a private key, and sending the signed unique code to a server;
Acquiring the signed unique code through a server, and verifying the signed unique code by using a public key of the electronic equipment;
after the verification is passed, controlling the server to convert the unique code into a license key according to a preset password generation rule;
the control server signs the license key by using the private key and sends the signed license key to the electronic equipment;
Acquiring the signed license key through the electronic equipment, and verifying the signed license key by using the public key of the server;
After passing the verification, storing the license key into a specific area of the electronic equipment;
and when the specific function is required to be accessed, verifying the license key stored in the specific area of the electronic equipment, and opening or closing the access of the specific function according to the verification result.
Further, the step of controlling the server to convert the unique code into the license key according to the preset password generation rule after the verification is passed includes:
the unique code is obtained, and hash operation is carried out on the unique code to obtain a first hash value;
determining the position of the number in the first hash value according to the first hash value, and counting the number of the positions;
Splitting chip information corresponding to a specific area of the electronic equipment according to the position number, determining a position corresponding to the unique code according to the position, and inserting the split chip information into the position corresponding to the unique code to obtain a combined target code;
And carrying out hash operation on the target code to obtain a second hash value, and determining the second hash value as the license key.
Further, the step of determining the position of the number in the first hash value according to the first hash value and counting the number of positions includes:
Dividing the first hash value into a plurality of segments according to the preset character number, sequentially searching numbers by each segment according to the left-to-right sequence, and determining the positions of the corresponding numbers;
judging whether each segment has continuous numbers according to the positions of the corresponding numbers;
if yes, defining continuous numbers as a number group, and determining the position corresponding to the first number in the number group as the position of the number group;
And counting the positions of the individual digits of all the segments in the first hash value and the number of the positions of the digit groups, and determining the number as the position number.
Further, the step of splitting the chip information corresponding to the specific area of the electronic device according to the number of positions, determining the position corresponding to the unique code according to the position, inserting the split chip information into the position corresponding to the unique code, and obtaining the combined target code includes:
According to the position number, splitting the chip codes corresponding to the specific area of the electronic equipment in equal parts to obtain each sub-code;
determining the position corresponding to the unique code according to the position of the individual number in each section and the position of the number group;
And sequentially inserting each split sub code into a position corresponding to the unique code to obtain the combined target code.
Further, the step of storing the license key in the specific area of the electronic device after the verification is passed includes:
and controlling the specific area stored by the permission key to change according to a preset rule, wherein the specific area of the electronic equipment is the specific area of a chip in the electronic equipment.
Further, the step of controlling the specific area of the license key storage to change according to a preset rule includes:
Acquiring the power consumption variation of each chip in a preset time in real time, and determining the chip with reduced power consumption according to the power consumption variation;
Judging whether the chip with reduced power consumption is unique;
If not, the chip with the largest power consumption reduction is determined as the target chip, and the specific area of the target chip is used for storing the permission key.
A second aspect of an embodiment of the present invention provides a key management system applied to an electronic device, where the electronic device includes a plurality of chips, and the server and the electronic device store respective private keys and public keys of each other, where the system includes:
the first signature module is used for acquiring the unique code of the electronic equipment, controlling the electronic equipment to sign the unique code by using a private key, and sending the signed unique code to the server;
the first verification module is used for acquiring the signed unique code through the server and verifying the signed unique code by using the public key of the electronic equipment;
the conversion module is used for controlling the server to convert the unique code into a permission secret key according to a preset password generation rule after the verification is passed;
The second signature module is used for controlling the server to sign the license key by using the private key and sending the signed license key to the electronic equipment;
The second verification module is used for acquiring the signed license key through the electronic equipment and verifying the signed license key by using the public key of the server;
the storage module is used for storing the license key to a specific area of the electronic equipment after the verification is passed;
and the third verification module is used for verifying the license key stored in the specific area of the electronic equipment when the specific function is required to be accessed, and opening or closing the access of the specific function according to the verification result.
A third aspect of an embodiment of the present invention provides a computer-readable storage medium comprising:
The readable storage medium stores one or more programs which when executed by a processor implement the key management method of the first aspect applied to an electronic device.
A fourth aspect of an embodiment of the present invention provides an electronic device, including a memory and a processor, wherein:
The memory is used for storing a computer program;
The processor is configured to implement the key management method of the first aspect applied to the electronic device when executing the computer program stored on the memory.
The embodiment of the invention provides a key management method and a key management system applied to electronic equipment, wherein the method controls the electronic equipment to sign the unique code by using a private key by acquiring the unique code of the electronic equipment, and sends the signed unique code to a server; acquiring the signed unique code through a server, and verifying the signed unique code by using a public key of the electronic equipment; after the verification is passed, controlling the server to convert the unique code into a license key according to a preset password generation rule; the control server signs the license key by using the private key and sends the signed license key to the electronic equipment; acquiring the signed license key through the electronic equipment, and verifying the signed license key by using the public key of the server; after passing the verification, storing the license key in a specific area of the electronic equipment; when the specific function is required to be accessed, the license key stored in the specific area of the electronic equipment is verified, and the access of the specific function is opened or closed according to the verification result, so that the purpose of safely accessing the specific function of the electronic equipment is realized when the electronic equipment does not have the input capability.
Drawings
Fig. 1 is a flowchart of an implementation of a key management method applied to an electronic device according to a first embodiment of the present invention;
Fig. 2 is a schematic structural diagram of a key management system applied to an electronic device according to a second embodiment of the present invention;
Fig. 3 is a block diagram of an electronic device according to a third embodiment of the present invention.
The following detailed description will be further described with reference to the above-described drawings.
Detailed Description
In order that the invention may be readily understood, a more complete description of the invention will be rendered by reference to the appended drawings. Several embodiments of the invention are presented in the figures. This invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete.
It will be understood that when an element is referred to as being "mounted" on another element, it can be directly on the other element or intervening elements may also be present. When an element is referred to as being "connected" to another element, it can be directly connected to the other element or intervening elements may also be present. The terms "vertical," "horizontal," "left," "right," and the like are used herein for illustrative purposes only.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. The terminology used herein in the description of the invention is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. The term "and/or" as used herein includes any and all combinations of one or more of the associated listed items.
Example 1
Referring to fig. 1, fig. 1 shows a flowchart of an implementation of a key management method applied to an electronic device according to an embodiment of the present invention, where the method is applied to a scenario having a server and an electronic device, the electronic device includes a plurality of chips, the server and the electronic device store respective private keys and public keys of each other, and specifically, the plurality of chips in the electronic device each include a storage space for a license key, and the method specifically includes steps S01 to S07.
And step S01, obtaining the unique code of the electronic equipment, controlling the electronic equipment to sign the unique code by using a private key, and sending the signed unique code to the server.
The electronic device may be understood as a terminal, and the unique code of the electronic device may be UID (Unique Identifier), or may be a MAC Address (MEDIA ACCESS Control Address), or other numbers with uniqueness. In this embodiment, the unique code is a MAC address, for example, 09:2F:20:3A:5C:8D.
In addition, the signature is to encrypt certain information by using a private key so as to prove the authenticity and the integrity of the information. In this embodiment, the adopted signature mode is one of a Rabin signature, a DSS signature and an RSA signature, which will not be described in detail later.
It will be appreciated that the private key is a key that appears in pairs with the public key and should be kept secret. For decrypting data encrypted by the public key and generating a digital signature. In the context of digital signatures, the private key is used to generate a signature, while the public key is used to verify a signature.
Step S02, the unique code after signature is obtained through the server, and the unique code after signature is verified by using the public key of the electronic equipment.
And S03, after the verification is passed, controlling the server to convert the unique code into a license key according to a preset password generation rule.
Specifically, a unique code is obtained, and a hash operation is performed on the unique code to obtain a first hash value, wherein the hash operation algorithm comprises MD2, MD4, MD5, SHA1, SHA256, SHA384, SHA512, SHA3-224, SHA3-256, SHA3-384, SHA3-512 algorithms, and the exemplary content format of the input of the hash operation is String, the character set is UTF-8, and the MAC address is obtained by adopting the MD2 hash algorithm: hash operation is carried out on 09:2F:20:3A:5C:8D, and a calculated result is 56304388cdc6dc7c99935da12254e553;
according to the first hash value, determining the position of the number in the first hash value, and counting the position number, wherein the method specifically comprises the following steps:
According to the preset number of characters, the first hash value is divided into a plurality of segments, each segment searches for numbers in sequence from left to right, and positions of corresponding numbers are determined, and if the preset number of characters is 10, the first hash value 56304388cdc6dc7c99935da12254e553 is divided into the first segments: 56304388cd, second section: c6dc7c9993, third section: 5da12254e5, fourth paragraph: 53, 4 segments in total, wherein in the first segment, the positions of the numbers are 1 st, 2 nd, 3 rd, 4 th, 5 th, 6 th, 7 th and 8 th, the 9 th is "c", the 10 th is "d", and in the same way, in the second segment, the positions of the numbers are 2 nd, 5 th, 7 th, 8 th, 9 th and 10 th, the 1 st is "c", the 3 rd is "d", the 4 th is "c", and the 6 th is "c";
It can be appreciated that in the above example, the positions where the digits exist in the first segment are 1 st, 2 nd, 3 rd, 4 th, 5 th, 6 th, 7 th, 8 th, and 8 th digits, the positions where the digits exist in the second segment are 7 th, 8 th, 9 th, and 10 th digits, and the positions where the digits exist in the first segment are determined as "56304388" as continuous digits;
If it is determined that there are consecutive digits in each segment, defining the consecutive digits as a digit group, and determining a position corresponding to a first digit in the digit group as a position of the digit group, where it can be understood that the position of the digit group "56304388" is determined as 1, and the position of the digit group "9993" is determined as 7;
Counting the positions of the individual digits of all segments in the first hash value and the number of the positions of the digit groups, and determining the number as the number of the positions, wherein it can be understood that the first segment in the first hash value has one digit group and the position is 5, the second segment in the first hash value has two individual digits and one digit group and the positions are 2, 5 and 9 respectively, the third segment in the first hash value has two individual digits and one digit group and the positions are 1, 4 and 10 respectively, the fourth segment in the first hash value has one digit group and the position is 1, and then the final number of the positions is 1+3+3+1, namely the number of the positions is 8;
splitting chip information corresponding to a specific area of the electronic equipment according to the number of the positions, determining a position corresponding to the unique code according to the positions, and inserting the split chip information into the position corresponding to the unique code to obtain a combined target code, wherein the method specifically comprises the following steps of:
Dividing chip codes corresponding to a specific area of the electronic equipment into equal parts according to the number of positions to obtain each sub-code, wherein the chip codes are exemplified by STM32F042K4T6, and dividing the STM32F042K4T6 into 8 parts according to the number of positions, such as 'ST', 'M3', '2F', '04', '2K', '4', 'T', '6';
According to the positions of the individual numbers in each section and the positions of the number groups, the positions corresponding to the unique codes are determined, and it can be understood that the positions corresponding to the unique codes are 5 th, 2 nd, 5 th, 9 th, 1, 4, 10 and 1, specifically, taking 09:2f:20:3a:5c:8d as an example, the character corresponding to the 5 th bit of the unique code is "F", the character corresponding to the 2 nd bit of the unique code is "9", and the character corresponding to the 9 th bit of the unique code is ": ", and so on;
The split subcodes are sequentially inserted into positions corresponding to the unique codes to obtain combined target codes, and it is to be noted that after the corresponding characters are inserted into the positions corresponding to the unique codes, and after the first determined characters are still inserted when the same positions need to be inserted for multiple times, the characters corresponding to the 5 th position of the unique codes are inserted into the "ST", namely 09:2FST:20:3A:5C:8D, the characters corresponding to the 2 nd position of the unique codes are inserted into the "M3", namely 09M3:2FST:20:3A:5C:8D, the characters corresponding to the 5 th position of the unique codes are inserted into the "2F", namely 09M3:2F2FST:20:3A:5C:8D, and the final target code is the final FST 9M 3:2F42T:20:043 TA:5C:8D;
and carrying out hash operation on the target code to obtain a second hash value, and determining the second hash value as a permission key.
In step S04, the control server signs the license key with the private key, and sends the signed license key to the electronic device.
Step S05, the signed license key is obtained through the electronic equipment, and the signed license key is verified by using the public key of the server.
Step S06, when the verification is passed, storing the license key in a specific area of the electronic device.
In this embodiment, the specific area of the control license key storage is changed according to a preset rule, where the specific area of the electronic device is a specific area of a chip in the electronic device. It should be noted that, since the specific area in which the license key is stored is changed, the generated license key is also changed, and the confidentiality is better. In addition, the license key can be placed in a specific area of each chip by being electrically connected with each chip of the electronic device through one controller.
Specifically, the step of controlling the specific area in which the license key is stored to change according to a preset rule includes:
The power consumption variation of each chip in the preset time is obtained in real time, the chip with reduced power consumption is determined according to the power consumption variation, it can be understood that the power consumption changes along with the utilization rate of the chip, and the utilization degree of the chip in a period of time can be reflected according to the power consumption variation;
Judging whether the chip with reduced power consumption is unique;
if not, the chip with the largest power consumption reduction is determined as the target chip, and the specific area of the target chip is used for storing the permission key, namely, the chip with low utilization degree is determined as the target chip.
Step S07, when the specific function needs to be accessed, verifying the license key stored in the specific area of the electronic device, and opening or closing the access of the specific function according to the verification result.
In summary, in the key management method applied to the electronic device in the embodiment of the invention, the method controls the electronic device to sign the unique code by using the private key by acquiring the unique code of the electronic device, and sends the signed unique code to the server; acquiring the signed unique code through a server, and verifying the signed unique code by using a public key of the electronic equipment; after the verification is passed, controlling the server to convert the unique code into a license key according to a preset password generation rule; the control server signs the license key by using the private key and sends the signed license key to the electronic equipment; acquiring the signed license key through the electronic equipment, and verifying the signed license key by using the public key of the server; after passing the verification, storing the license key in a specific area of the electronic equipment; when the specific function is required to be accessed, the license key stored in the specific area of the electronic equipment is verified, and the access of the specific function is opened or closed according to the verification result, so that the purpose of safely accessing the specific function of the electronic equipment is realized when the electronic equipment does not have the input capability.
Example two
Referring to fig. 2, fig. 2 is a schematic structural diagram of a key management system applied to an electronic device, where the system is applied to a scenario with a server and the electronic device, the electronic device includes a plurality of chips, the server and the electronic device store respective private keys and public keys of the other party, and the key management system 200 applied to the electronic device includes: a first signing module 21, a first verification module 22, a transformation module 23, a second signing module 24, a second verification module 25, a storage module 26 and a third verification module 27, wherein:
a first signing module 21, configured to obtain a unique code of the electronic device, control the electronic device to sign the unique code using a private key, and send the signed unique code to a server;
A first verification module 22, configured to obtain the signed unique code through the server, and verify the signed unique code using the public key of the electronic device;
A conversion module 23, configured to control, on the server, to convert the unique code into a license key according to a preset password generation rule after the verification is passed;
A second signing module 24, configured to control the server to sign the license key using the private key, and send the signed license key to the electronic device;
A second verification module 25, configured to obtain the signed license key through the electronic device, and verify the signed license key using the public key of the server;
a storage module 26, configured to store the license key in a specific area of the electronic device after the verification is passed;
And a third verification module 27, configured to verify the license key stored in the specific area of the electronic device when the specific function needs to be accessed, and open or close the access of the specific function according to the verification result.
Further, in other embodiments of the present invention, the transition module 23 includes:
The first operation unit is used for acquiring the unique code, and carrying out hash operation on the unique code to obtain a first hash value;
the first position determining unit is used for determining the position of the number in the first hash value according to the first hash value and counting the number of the positions;
the splitting unit is used for splitting the chip information corresponding to the specific area of the electronic equipment according to the position number, determining the position corresponding to the unique code according to the position, and inserting the split chip information into the position corresponding to the unique code to obtain the combined target code;
and the second operation unit is used for carrying out hash operation on the target code to obtain a second hash value, and determining the second hash value as the permission key.
Further, in other embodiments of the present invention, the first location determining unit includes:
the searching subunit is used for dividing the first hash value into a plurality of segments according to the preset character number, sequentially searching the numbers according to the sequence from left to right of each segment, and determining the positions of the corresponding numbers;
A judging subunit, configured to judge whether each segment has a continuous number according to the position of the corresponding number;
the first determining subunit is used for defining the continuous numbers as a number group when judging that the continuous numbers exist in each segment, and determining the position corresponding to the first number in the number group as the position of the number group;
and the second determining subunit is used for counting the positions of the individual digits of all the segments in the first hash value and the number of the positions of the digit groups, and determining the number as the position number.
Further, in other embodiments of the present invention, the splitting unit includes:
The splitting subunit is used for splitting the chip codes corresponding to the specific area of the electronic equipment in equal parts according to the position number to obtain each sub code;
A third determining subunit, configured to determine a position corresponding to the unique code according to the position of the individual number in each segment and the position of the number group;
and the inserting subunit is used for sequentially inserting each split subcode into a position corresponding to the unique code to obtain the combined target code.
Further, in other embodiments of the present invention, the key management system 200 applied to an electronic device further includes:
The control module is used for controlling the specific area stored by the permission key to change according to a preset rule, wherein the specific area of the electronic equipment is a specific area of a chip in the electronic equipment.
Further, in other embodiments of the present invention, the control module includes:
The acquisition module is used for acquiring the power consumption variation of each chip in the preset time in real time, and determining the chip with reduced power consumption according to the power consumption variation;
the judging module is used for judging whether the chip with reduced power consumption is unique;
and the target chip determining module is used for determining the chip with the largest power consumption reduction as the target chip when judging that the chips with the largest power consumption reduction are not unique, and the specific area of the target chip is used for storing the permission key.
Example III
In another aspect, referring to fig. 3, a block diagram of an electronic device according to a third embodiment of the present invention is provided, including a memory 20, a processor 10, and a computer program 30 stored in the memory and capable of running on the processor, where the processor 10 implements the key management method applied to the electronic device as described above when executing the computer program 30.
The processor 10 may be, among other things, a central processing unit (Central Processing Unit, CPU), a controller, a microcontroller, a microprocessor or other data processing chip in some embodiments for running program code or processing data stored in the memory 20, e.g. executing an access restriction program or the like.
The memory 20 includes at least one type of readable storage medium including flash memory, a hard disk, a multimedia card, a card memory (e.g., SD or DX memory, etc.), a magnetic memory, a magnetic disk, an optical disk, etc. The memory 20 may in some embodiments be an internal storage unit of the electronic device, such as a hard disk of the electronic device. The memory 20 may also be an external storage device of the electronic device in other embodiments, such as a plug-in hard disk provided on the electronic device, a smart memory card (SMART MEDIA CARD, SMC), a Secure Digital (SD) card, a flash memory card (FLASH CARD), etc. Further, the memory 20 may also include both internal storage units and external storage devices of the electronic device. The memory 20 may be used not only for storing application software of an electronic device and various types of data, but also for temporarily storing data that has been output or is to be output.
It should be noted that the structure shown in fig. 3 does not constitute a limitation of the electronic device, and in other embodiments the electronic device may comprise fewer or more components than shown, or may combine certain components, or may have a different arrangement of components.
The embodiment of the invention also provides a computer readable storage medium, on which a computer program is stored, which when executed by a processor implements the key management method applied to an electronic device as described above.
Those of skill in the art will appreciate that the logic and/or steps represented in the flow diagrams or otherwise described herein, e.g., a ordered listing of executable instructions for implementing logical functions, can be embodied in any computer-readable medium for use by or in connection with an instruction execution system, apparatus, or device, such as a computer-based system, processor-containing system, or other system that can fetch the instructions from the instruction execution system, apparatus, or device and execute the instructions. For the purposes of this description, a "computer-readable medium" can be any means that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device.
More specific examples (a non-exhaustive list) of the computer-readable medium would include the following: an electrical connection (electrical device) having one or more wires, a portable computer diskette (magnetic device), a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber device, and a portable compact disc read-only memory (CDROM). Additionally, the computer-readable medium may even be paper or other suitable medium upon which the program is printed, as the program may be electronically captured, via, for instance, optical scanning of the paper or other medium, then compiled, interpreted or otherwise processed in a suitable manner, if necessary, and then stored in a computer memory.
It is to be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above-described embodiments, the various steps or methods may be implemented in software or firmware stored in a memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, may be implemented using any one or combination of the following techniques, as is well known in the art: discrete logic circuits having logic gates for implementing logic functions on data states, application specific integrated circuits having suitable combinational logic gates, programmable Gate Arrays (PGAs), field Programmable Gate Arrays (FPGAs), and the like.
In the description of the present specification, a description referring to terms "one embodiment," "some embodiments," "examples," "specific examples," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the present invention. In this specification, schematic representations of the above terms do not necessarily refer to the same embodiments or examples. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
The foregoing examples illustrate only a few embodiments of the invention, which are described in detail and are not to be construed as limiting the scope of the invention. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the invention, which are all within the scope of the invention. Accordingly, the scope of protection of the present invention is to be determined by the appended claims.
Claims (8)
1. A key management method applied to an electronic device, wherein the key management method is applied to a scene with a server and the electronic device, the electronic device comprises a plurality of chips, and the server and the electronic device store respective private keys and public keys of the other party, and the method comprises the following steps:
Acquiring a unique code of the electronic equipment, controlling the electronic equipment to sign the unique code by using a private key, and sending the signed unique code to a server;
Acquiring the signed unique code through a server, and verifying the signed unique code by using a public key of the electronic equipment;
after the verification is passed, controlling the server to convert the unique code into a license key according to a preset password generation rule;
the control server signs the license key by using the private key and sends the signed license key to the electronic equipment;
Acquiring the signed license key through the electronic equipment, and verifying the signed license key by using the public key of the server;
After passing the verification, storing the license key into a specific area of the electronic equipment;
When the specific function is required to be accessed, verifying the license key stored in the specific area of the electronic equipment, and opening or closing the access of the specific function according to the verification result;
When the verification is passed, controlling the server to convert the unique code into a license key according to a preset password generation rule, wherein the step of converting the unique code into the license key comprises the following steps of:
the unique code is obtained, and hash operation is carried out on the unique code to obtain a first hash value;
determining the position of the number in the first hash value according to the first hash value, and counting the number of the positions;
Splitting chip information corresponding to a specific area of the electronic equipment according to the position number, determining a position corresponding to the unique code according to the position, and inserting the split chip information into the position corresponding to the unique code to obtain a combined target code;
And carrying out hash operation on the target code to obtain a second hash value, and determining the second hash value as the license key.
2. The key management method for an electronic device according to claim 1, wherein the step of determining, based on the first hash value, a location where a number in the first hash value is located, and counting the number of locations includes:
Dividing the first hash value into a plurality of segments according to the preset character number, sequentially searching numbers by each segment according to the left-to-right sequence, and determining the positions of the corresponding numbers;
judging whether each segment has continuous numbers according to the positions of the corresponding numbers;
if yes, defining continuous numbers as a number group, and determining the position corresponding to the first number in the number group as the position of the number group;
And counting the positions of the individual digits of all the segments in the first hash value and the number of the positions of the digit groups, and determining the number as the position number.
3. The key management method for electronic equipment according to claim 2, wherein the steps of splitting chip information corresponding to a specific area of the electronic equipment according to the number of positions, determining a position corresponding to the unique code according to the positions, inserting the split chip information into the position corresponding to the unique code, and obtaining the combined target code include:
According to the position number, splitting the chip codes corresponding to the specific area of the electronic equipment in equal parts to obtain each sub-code;
determining the position corresponding to the unique code according to the position of the individual number in each section and the position of the number group;
And sequentially inserting each split sub code into a position corresponding to the unique code to obtain the combined target code.
4. A key management method applied to an electronic device according to claim 3, wherein the step of storing the license key to a specific area of the electronic device after the authentication is passed comprises:
and controlling the specific area stored by the permission key to change according to a preset rule, wherein the specific area of the electronic equipment is the specific area of a chip in the electronic equipment.
5. The key management method for an electronic device as defined in claim 4, wherein the step of controlling the specific area in which the license key is stored to be changed according to a preset rule comprises:
Acquiring the power consumption variation of each chip in a preset time in real time, and determining the chip with reduced power consumption according to the power consumption variation;
Judging whether the chip with reduced power consumption is unique;
If not, the chip with the largest power consumption reduction is determined as the target chip, and the specific area of the target chip is used for storing the permission key.
6. A key management system applied to an electronic device, for implementing a key management method applied to an electronic device according to any one of claims 1-5, applied to a scenario having a server and an electronic device, where the electronic device includes a plurality of chips, and the server and the electronic device store respective private keys and public keys of each other, the system comprising:
the first signature module is used for acquiring the unique code of the electronic equipment, controlling the electronic equipment to sign the unique code by using a private key, and sending the signed unique code to the server;
the first verification module is used for acquiring the signed unique code through the server and verifying the signed unique code by using the public key of the electronic equipment;
the conversion module is used for controlling the server to convert the unique code into a permission secret key according to a preset password generation rule after the verification is passed;
The second signature module is used for controlling the server to sign the license key by using the private key and sending the signed license key to the electronic equipment;
The second verification module is used for acquiring the signed license key through the electronic equipment and verifying the signed license key by using the public key of the server;
the storage module is used for storing the license key to a specific area of the electronic equipment after the verification is passed;
and the third verification module is used for verifying the license key stored in the specific area of the electronic equipment when the specific function is required to be accessed, and opening or closing the access of the specific function according to the verification result.
7. A computer-readable storage medium, comprising:
The readable storage medium stores one or more programs which, when executed by a processor, implement the key management method applied to an electronic device as claimed in any one of claims 1-5.
8. An electronic device comprising a memory and a processor, wherein:
The memory is used for storing a computer program;
The processor is configured to implement the key management method applied to an electronic device according to any one of claims 1 to 5 when executing the computer program stored on the memory.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410684714.2A CN118250685B (en) | 2024-05-30 | 2024-05-30 | Key management method and system applied to electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410684714.2A CN118250685B (en) | 2024-05-30 | 2024-05-30 | Key management method and system applied to electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN118250685A true CN118250685A (en) | 2024-06-25 |
| CN118250685B CN118250685B (en) | 2024-08-02 |
Family
ID=91555055
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410684714.2A Active CN118250685B (en) | 2024-05-30 | 2024-05-30 | Key management method and system applied to electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN118250685B (en) |
Citations (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2009129329A (en) * | 2007-11-27 | 2009-06-11 | Felica Networks Inc | Service providing system, service providing server, and information terminal device |
| US20120317661A1 (en) * | 2011-06-13 | 2012-12-13 | Takahiro Yamaguchi | Terminal device, server device, content recording control system, recording method, and recording permission control method |
| WO2017118436A1 (en) * | 2016-01-08 | 2017-07-13 | 腾讯科技(深圳)有限公司 | Key storing method, key managing method and device |
| CN107408192A (en) * | 2015-03-27 | 2017-11-28 | 英特尔公司 | Protect memory |
| CN108390759A (en) * | 2018-03-21 | 2018-08-10 | 平安普惠企业管理有限公司 | Code encryption, decryption method, device, computer equipment and storage medium |
| CN108650210A (en) * | 2018-03-14 | 2018-10-12 | 深圳市中易通安全芯科技有限公司 | A kind of Verification System and method |
| JP2020072307A (en) * | 2018-10-29 | 2020-05-07 | 合同会社玉木栄三郎事務所 | Secret key management system in distributed network and secret key management method |
| US20200210596A1 (en) * | 2018-12-31 | 2020-07-02 | Micron Technology, Inc. | Systems for providing access to protected memory |
| CN111726249A (en) * | 2020-06-02 | 2020-09-29 | 中盈优创资讯科技有限公司 | Configuration file processing method and device of network equipment |
| CN114616797A (en) * | 2020-08-23 | 2022-06-10 | 谷歌有限责任公司 | Processing requests to control information stored at multiple servers |
| WO2022226819A1 (en) * | 2021-04-28 | 2022-11-03 | 华为技术有限公司 | Key processing method and apparatus |
| WO2022253706A1 (en) * | 2021-06-02 | 2022-12-08 | Nordic Semiconductor Asa | Device identity keys |
| WO2023240866A1 (en) * | 2022-06-16 | 2023-12-21 | 北京智芯半导体科技有限公司 | Cipher card and root key protection method therefor, and computer readable storage medium |
| CN117492636A (en) * | 2022-07-25 | 2024-02-02 | 荣耀终端有限公司 | Data storage method and electronic equipment |
| CN117668933A (en) * | 2022-08-30 | 2024-03-08 | 荣耀终端有限公司 | Data storage method and electronic equipment |
| CN117692900A (en) * | 2023-12-08 | 2024-03-12 | 汉朔科技股份有限公司 | Equipment verification method, device, equipment and medium based on security chip |
-
2024
- 2024-05-30 CN CN202410684714.2A patent/CN118250685B/en active Active
Patent Citations (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2009129329A (en) * | 2007-11-27 | 2009-06-11 | Felica Networks Inc | Service providing system, service providing server, and information terminal device |
| US20120317661A1 (en) * | 2011-06-13 | 2012-12-13 | Takahiro Yamaguchi | Terminal device, server device, content recording control system, recording method, and recording permission control method |
| CN107408192A (en) * | 2015-03-27 | 2017-11-28 | 英特尔公司 | Protect memory |
| WO2017118436A1 (en) * | 2016-01-08 | 2017-07-13 | 腾讯科技(深圳)有限公司 | Key storing method, key managing method and device |
| CN108650210A (en) * | 2018-03-14 | 2018-10-12 | 深圳市中易通安全芯科技有限公司 | A kind of Verification System and method |
| CN108390759A (en) * | 2018-03-21 | 2018-08-10 | 平安普惠企业管理有限公司 | Code encryption, decryption method, device, computer equipment and storage medium |
| JP2020072307A (en) * | 2018-10-29 | 2020-05-07 | 合同会社玉木栄三郎事務所 | Secret key management system in distributed network and secret key management method |
| US20200210596A1 (en) * | 2018-12-31 | 2020-07-02 | Micron Technology, Inc. | Systems for providing access to protected memory |
| CN111726249A (en) * | 2020-06-02 | 2020-09-29 | 中盈优创资讯科技有限公司 | Configuration file processing method and device of network equipment |
| CN114616797A (en) * | 2020-08-23 | 2022-06-10 | 谷歌有限责任公司 | Processing requests to control information stored at multiple servers |
| WO2022226819A1 (en) * | 2021-04-28 | 2022-11-03 | 华为技术有限公司 | Key processing method and apparatus |
| WO2022253706A1 (en) * | 2021-06-02 | 2022-12-08 | Nordic Semiconductor Asa | Device identity keys |
| WO2023240866A1 (en) * | 2022-06-16 | 2023-12-21 | 北京智芯半导体科技有限公司 | Cipher card and root key protection method therefor, and computer readable storage medium |
| CN117492636A (en) * | 2022-07-25 | 2024-02-02 | 荣耀终端有限公司 | Data storage method and electronic equipment |
| CN117668933A (en) * | 2022-08-30 | 2024-03-08 | 荣耀终端有限公司 | Data storage method and electronic equipment |
| CN117692900A (en) * | 2023-12-08 | 2024-03-12 | 汉朔科技股份有限公司 | Equipment verification method, device, equipment and medium based on security chip |
Non-Patent Citations (3)
| Title |
|---|
| RUI GUO等: "A lightweight verifiable outsourced decryption of attribute-based encryption scheme for blockchain-enabled wireless body area network in fog computing", 《INTERNATIONAL JOURNAL OF DISTRIBUTED SENSOR NETWORKS》, 29 February 2020 (2020-02-29) * |
| 张君君;侯晓磊;: "传感器网络多路虚假数据分层过滤方法仿真", 计算机仿真, no. 02, 15 February 2020 (2020-02-15) * |
| 张恩;金刚刚;: "基于同态加密和Bloom过滤器的云外包多方隐私集合比较协议", 计算机应用, no. 08, 19 April 2018 (2018-04-19) * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN118250685B (en) | 2024-08-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP1695169B1 (en) | Method and apparatus for incremental code signing | |
| US9740849B2 (en) | Registration and authentication of computing devices using a digital skeleton key | |
| US8171306B2 (en) | Universal secure token for obfuscation and tamper resistance | |
| CN107770159B (en) | Vehicle accident data recording method and related device and readable storage medium | |
| US11227037B2 (en) | Computer system, verification method of confidential information, and computer | |
| KR20040007769A (en) | Method for an integrated protection system of data distributed processing in computer networks and system for carrying out said method | |
| US20080072066A1 (en) | Method and apparatus for authenticating applications to secure services | |
| US20140223192A1 (en) | Method for protecting the integrity of a fixed-length data structure | |
| KR101739203B1 (en) | Password-based user authentication method using one-time private key-based digital signature and homomorphic encryption | |
| CN110598429B (en) | Data encryption storage and reading method, terminal equipment and storage medium | |
| US8407248B2 (en) | System and method for authentication using a shared table and sorting exponentiation | |
| CN114238874A (en) | Digital signature verification method and device, computer equipment and storage medium | |
| CN111125456B (en) | Virtual bit password comparison method, system and intelligent lock | |
| US20100281260A1 (en) | Hash function based on polymorphic code | |
| CN112866987A (en) | Networking verification method, equipment and computer readable storage medium | |
| CN118250685B (en) | Key management method and system applied to electronic equipment | |
| CN111327429A (en) | Terminal starting processing method and device | |
| CN111949996A (en) | Generation method, encryption method, system, device and medium of security private key | |
| CN117251839A (en) | Electronic fidelity method, system, computer and readable storage medium | |
| US9203607B2 (en) | Keyless challenge and response system | |
| CN111177784A (en) | Security protection method and device for file system and storage medium | |
| CN115113815B (en) | Chip processing system, method, device and storage medium | |
| CN113508380A (en) | Method for terminal entity authentication | |
| WO2023212838A1 (en) | Fast signature generation and verification | |
| CN114726516B (en) | Encryption method for fusing card number and password, terminal equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |