[go: up one dir, main page]

CN106156548B - Authentication method and device for program encryption - Google Patents

Authentication method and device for program encryption Download PDF

Info

Publication number
CN106156548B
CN106156548B CN201510169562.3A CN201510169562A CN106156548B CN 106156548 B CN106156548 B CN 106156548B CN 201510169562 A CN201510169562 A CN 201510169562A CN 106156548 B CN106156548 B CN 106156548B
Authority
CN
China
Prior art keywords
authentication
data
parameters
certification
response
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510169562.3A
Other languages
Chinese (zh)
Other versions
CN106156548A (en
Inventor
刘宁
陈仙超
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Hikvision Digital Technology Co Ltd
Original Assignee
Hangzhou Hikvision Digital Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Hikvision Digital Technology Co Ltd filed Critical Hangzhou Hikvision Digital Technology Co Ltd
Priority to CN201510169562.3A priority Critical patent/CN106156548B/en
Publication of CN106156548A publication Critical patent/CN106156548A/en
Application granted granted Critical
Publication of CN106156548B publication Critical patent/CN106156548B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a kind of authentication methods and device for program encryption.Wherein, to include: primary processor send certification request to monitoring unit to the authentication method for being used for program encryption, wherein the parameters for authentication generated in certification request comprising primary processor;Primary processor receives the authentication response that monitoring unit is sent according to predetermined communication format, wherein the response parameter that monitoring unit generates is included at least in authentication response;And primary processor judges whether response parameter and parameters for authentication have preset corresponding relationship, when response parameter and parameters for authentication have preset corresponding relationship, certification passes through, and when response parameter and parameters for authentication do not have preset corresponding relationship, certification does not pass through.The present invention solves the problems, such as poor for the authentication method safety of program encryption in the prior art.

Description

Authentication method and device for program encryption
Technical field
The present invention relates to system security controls field, in particular to a kind of authentication method for program encryption and Device.
Background technique
In order to realize the anti-piracy of product, program encryption mechanism to be often added in embedded system.It is past in the prior art Realize program encryption toward using addition encryption chip in embedded systems, however, increase encryption chip will increase it is additional Cost, and manufacturer, the use of encryption chip are provided since encryption chip safety is totally dependent on encryption chip Person lacks the control to encryption chip safety.So it is most of for the secret function in most of embedded system by Monitoring unit in embedded system is completed, and Fig. 1 is shown as the hardware connection block diagram of encryption system in the prior art, as shown in Figure 1, Monitoring unit controls the power module powered to primary processor, and monitoring unit initiates to authenticate to primary processor, and according to main process task The information that device returns judges whether certification passes through, and monitoring unit sends the finger that certification passes through to primary processor if certification passes through It enables, if certification, not if, monitoring unit cuts off the power supply powered to primary processor.Monitoring unit initiates certification in the prior art And the specific method for judging whether certification passes through is, generates random number by monitoring unit first, and the random number is added through first Certification request is generated after close algorithm for encryption is sent to primary processor;Primary processor receives certification request and calculates according to the first encryption The corresponding decipherment algorithm of method obtains random number, and again generates the random number that decryption obtains after the encryption of the second Encryption Algorithm Authentication response is sent to monitoring unit;Monitoring unit receives authentication response and calculates according to decryption corresponding with the second Encryption Algorithm Method obtains random number, and monitoring unit judges whether the random number of decryption acquisition and the random number oneself generated are identical, and then judges Whether certification passes through.
Whether however, in system shown in FIG. 1, monitoring unit initiates encrypted authentication request, and judge certification by determining Determine the operating status of system.If bootlegger has intercepted and captured the certification request that monitoring unit is initiated to primary processor, and voluntarily to master Processor sends data flow identical with the data flow intercepted and captured, and final simulation monitoring unit sends certification to primary processor and passes through Instruction, primary processor just will be considered that certification passes through and continues normally to execute, and the certification permission of such monitoring unit performs practically no function.
For the problem for the authentication method safety difference for being used for program encryption in the prior art, not yet propose at present effective Solution.
Summary of the invention
The main purpose of the present invention is to provide a kind of authentication methods and device for program encryption, to solve existing skill Problem in art for the authentication method safety difference of program encryption.
To achieve the goals above, according to an aspect of an embodiment of the present invention, it provides a kind of for program encryption Authentication method.Authentication method according to the present invention for program encryption includes: that primary processor is asked to monitoring unit transmission certification It asks, wherein the parameters for authentication generated in certification request comprising primary processor;Primary processor receives monitoring unit according to predetermined communication The authentication response that format is sent, wherein the response parameter that monitoring unit generates is included at least in authentication response;And main process task Device judges whether response parameter and parameters for authentication have preset corresponding relationship, when response parameter and parameters for authentication have it is preset Certification passes through when corresponding relationship, and when response parameter and parameters for authentication do not have preset corresponding relationship, certification does not pass through.
To achieve the goals above, according to another aspect of an embodiment of the present invention, it provides a kind of for program encryption Authentication device.Authentication device according to the present invention for program encryption includes: sending module, for recognizing to monitoring unit transmission Card request, wherein the parameters for authentication generated in certification request comprising primary processor;Receiving module is pressed for receiving monitoring unit The authentication response sent according to predetermined communication format, wherein the response parameter that monitoring unit generates is included at least in authentication response; And judgment module when response parameter and is recognized for judging whether response parameter and parameters for authentication have preset corresponding relationship There is card parameter certification when preset corresponding relationship to pass through, when response parameter and parameters for authentication do not have preset corresponding relationship Certification does not pass through.
To achieve the goals above, according to another aspect of an embodiment of the present invention, it provides a kind of for program encryption Authentication device.Authentication device according to the present invention for program encryption includes: receiving module, is sent for receiving primary processor The certification request come, wherein the parameters for authentication generated in certification request comprising primary processor;Read module, for reading certification Parameters for authentication in request;Computing module, for the parameters for authentication read to be obtained response parameter according to the algorithm of agreement;With And sending module, for sending the authentication response comprising response parameter to primary processor according to predetermined format.
According to inventive embodiments, parameters for authentication is generated by primary processor, and judge whether certification passes through by primary processor, It solves the problems, such as that the authentication method for being used for program encryption in the prior art is insecure, has reached and bootlegger is effectively prevent to simulate prison The effect that control unit instructs and primary processor is forced to work on.
Detailed description of the invention
The attached drawing constituted part of this application is used to provide further understanding of the present invention, schematic reality of the invention It applies example and its explanation is used to explain the present invention, do not constitute improper limitations of the present invention.In the accompanying drawings:
Fig. 1 is the hardware connection block diagram of encryption system in the prior art;
Fig. 2 is the flow chart of according to embodiments of the present invention one authentication method for program encryption;
Fig. 3 is a kind of according to embodiments of the present invention one timing diagram optionally with the authentication method in program encryption;
Fig. 4 is the according to embodiments of the present invention one another timing diagram optionally with the authentication method in program encryption;
Fig. 5 be according to embodiments of the present invention one another optionally with the authentication method in program encryption timing diagram;
Fig. 6 be according to embodiments of the present invention one another optionally with the authentication method in program encryption timing diagram;
Fig. 7 is the schematic diagram of according to embodiments of the present invention two authentication device for program encryption;And
Fig. 8 be according to embodiments of the present invention two another for program encryption authentication device schematic diagram.
Specific embodiment
It should be noted that in the absence of conflict, the features in the embodiments and the embodiments of the present application can phase Mutually combination.The present invention will be described in detail below with reference to the accompanying drawings and embodiments.
In order to enable those skilled in the art to better understand the solution of the present invention, below in conjunction in the embodiment of the present invention Attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is only The embodiment of a part of the invention, instead of all the embodiments.Based on the embodiments of the present invention, ordinary skill people The model that the present invention protects all should belong in member's every other embodiment obtained without making creative work It encloses.
It should be noted that description and claims of this specification and term " first " in above-mentioned attached drawing, " Two " etc. be to be used to distinguish similar objects, without being used to describe a particular order or precedence order.It should be understood that using in this way Data be interchangeable under appropriate circumstances, so as to the embodiment of the present invention described herein.In addition, term " includes " and " tool Have " and their any deformation, it is intended that cover it is non-exclusive include, for example, containing a series of steps or units Process, method, system, product or equipment those of are not necessarily limited to be clearly listed step or unit, but may include without clear Other step or units listing to Chu or intrinsic for these process, methods, product or equipment.
Embodiment one
The embodiment of the present invention one provides a kind of authentication method for program encryption.
Fig. 2 is the flow chart of according to embodiments of the present invention one authentication method for program encryption.As shown in Fig. 2, should Authentication method for program encryption comprises the following steps that
Step S102, primary processor send certification request to monitoring unit, wherein raw comprising primary processor in certification request At parameters for authentication;
Step S104, primary processor receive the authentication response that monitoring unit is sent according to predetermined communication format, wherein recognize The response parameter that monitoring unit generates is included at least in card response;And
Step S106, primary processor judge whether response parameter and parameters for authentication have preset corresponding relationship, work as response There is certification when preset corresponding relationship to pass through for parameter and parameters for authentication, when response parameter and parameters for authentication do not have it is preset right Certification does not pass through when should be related to.
To sum up, S102 to step S106 through the above steps, compared with the existing technology in generated by monitoring unit it is random It counts, parameters for authentication is generated by primary processor in the scheme of the embodiment of the present application one, reduces the requirement to monitoring unit complexity; In addition, determining whether certification is legal by monitoring unit in compared with the existing technology, the scheme of the embodiment of the present application one is by completing system The primary processor for major function of uniting determines whether certification is legal, can prevent from authenticating in illegal situation, and bootlegger simulates legal finger The case where enabling, primary processor is forced to work on, more enhances encipherment scheme reliability.
Preferably, in the embodiment of the present invention, the primary processor can be used in embedded system, and embedded system is one Kind dedicated computer system can be used for controlling, monitor or auxiliary operation machine and equipment.Primary processor optionally uses The high-performance processor of the cores such as ARM/MIPS, and aforementioned processor is needed since procedure quantity is larger using the base outside processor In the memory (using NAND Flash inside EMMC) of Flash, for storing program.
Preferably, in the embodiment of the present invention, the monitoring unit or Systems Monitoring Unit are mainly used for monitoring master It is smaller to be typically due to workload for processor operating condition, and uses single-chip microcontroller etc. as monitoring unit.Single-chip microcontroller, i.e. microcontroller Device is a kind of IC chip, is using very large scale integration technology the central processing with data-handling capacity Device CPU, random access memory ram, read only memory ROM, it is a variety of I/O mouthfuls and interrupt system, the functions such as timer/counter (can Can further include the circuits such as display driver circuit, pulse-width modulation circuit, analog multiplexer, A/D converter) it is integrated into one block of silicon The small and perfect microcomputer system that on piece is constituted.There is current many single-chip microcontrollers itself programmed hardware to encrypt function Can, after being set as encryption, program is difficult to be read out.
Fig. 3 is a kind of according to embodiments of the present invention one timing diagram optionally with the authentication method in program encryption, more Specifically, Fig. 3 is the timing diagram of the authentication method shown in Fig. 2 for program encryption;As shown in figure 3, this is used for program encryption Authentication method comprise the following steps that
Step S102, primary processor send certification request to monitoring unit, wherein raw comprising primary processor in certification request At parameters for authentication;Specifically primary processor generates parameters for authentication, and according to the communication format set in advance with monitoring unit, will recognize The Information encapsulations such as parameter, request authentication information, data packet head and data packet check information are demonstrate,proved into data packet, certification is generated and asks It asks, and the certification request is sent to monitoring unit.Preferably, the parameters for authentication is all different when every subsystem is run, In the case that parameters for authentication does not have repeatability, bootlegger's intercepted data will be avoided, simulate the pirate row generated in turn For.
Step S104, primary processor receive the authentication response that monitoring unit is sent according to predetermined communication format, wherein recognize The response parameter that monitoring unit generates is included at least in card response;Specifically, primary processor receives monitoring unit according to predetermined logical The authentication response that letter format is sent, extracts the response parameter in authentication response.
Step S106, primary processor judge whether response parameter and parameters for authentication have preset corresponding relationship, work as response There is certification when preset corresponding relationship to pass through for parameter and parameters for authentication, when response parameter and parameters for authentication do not have it is preset right Certification does not pass through when should be related to.Specifically, primary processor judges between response parameter and parameters for authentication with the presence or absence of the calculation of agreement Method relationship, it is preferable that for primary processor according to the algorithm arranged with monitoring unit, the parameters for authentication that primary processor is generated carries out phase The operation answered generates certificate parameter, and then primary processor judge whether certificate parameter consistent with response parameter, response parameter with Certification passes through under certificate parameter unanimous circumstances;It authenticates in the case where response parameter and inconsistent certificate parameter and does not pass through.Its In, the algorithm of primary processor and monitoring unit agreement can be preset algorithm, or from preset algorithm group The algorithm chosen according to ad hoc rules, and the ad hoc rules can with primary processor send parameters for authentication or it is aftermentioned plus Close parameter is corresponding, in this way, the parameters for authentication or encryption parameter that send the algorithm of the agreement with primary processor generate Random variation, further improves the reliability of authentication method.
Preferably, the certification knot of the step S106 in the authentication method provided in an embodiment of the present invention for program encryption Fruit can be used for encrypting embedded system, for example, the authentication result can be used for embedded system such as function restriction, The subsequent processings such as system reboot, program erasing.Therefore, the authentication method provided according to embodiments of the present invention, even if extend out Program data in flash storage is easy to be completely read out, it is being stored in monitoring unit, with host-processor program phase Matched program is also unable to get, and pirate system also can not work normally.The present invention is for existing with monitoring unit Embedded system is realized above-mentioned authentication method by primary processor and monitoring unit, is realized whole in the case where not increasing hardware The encryption of a system program, saves encryption chip, solves since the encryption method of encryption chip is given birth to by encryption chip completely Produce the problem that manufacturer realizes and possible cryptographic security is unpredictable.
Preferably, before above-mentioned steps S104, according to embodiments of the present invention one method further include:
Step S103: monitoring unit sends authentication response to primary processor according to predetermined communication format, wherein step S103 Further include:
Step S202: monitoring unit receives the certification request that primary processor is sent, and reads the certification in certification request Parameter;Wherein, the parameters for authentication generated in certification request comprising primary processor;Specifically, monitoring unit receives primary processor After the data packet of the certification request of generation, preferably first whether identification data packet be legal data packet, be certification request number According to packet etc.;Further, parameters for authentication is extracted from the certification request received.
Step S204: the parameters for authentication read is obtained response parameter according to the algorithm of agreement by monitoring unit;Optionally, Monitoring unit and the algorithm of primary processor agreement can be fixed algorithm, or from preset algorithm group according to The algorithm that specific selection rule is elected, which can be corresponding with the parameter of operation is participated in.
Step S206: monitoring unit sends the authentication response comprising response parameter to primary processor according to predetermined format.Tool Body, response parameter and response message are packaged by monitoring unit according to the communication format appointed with primary processor, are sent To primary processor.
Can generate according to the monitoring unit that above-mentioned steps S202 to step S206 is executed may monitored unit judgement To authenticate the response parameter passed through, since bootlegger can not know the algorithm or selection algorithm of primary processor and monitoring unit agreement Ad hoc rules also can not be from even if bootlegger decrypted the communication format of primary processor and monitoring unit agreement in form Essentially generating can make primary processor authenticate the response parameter passed through, in this way, increasing the reliability of system.
Fig. 4 is the according to embodiments of the present invention one another timing diagram optionally with the authentication method in program encryption, With method shown in Fig. 3 there are the identical step in part, the step different from method shown in Fig. 3 is highlighted below, such as Fig. 4 institute Show,
The authentication method for being used for program encryption comprises the following steps that
Step S102, primary processor send certification request to monitoring unit, wherein raw comprising primary processor in certification request At parameters for authentication;Comprising for the authentication data in specified certification numerical tabular in the parameters for authentication that specifically primary processor generates Mark data, the random code that when mark data generates at random, which is pre-stored within the storage of primary processor In device, several authentication datas are previously stored in the certification numerical tabular.In the data stored in certification numerical tabular shown in Fig. 4 Holding is only schematical explanation, does not constitute the restriction to certificate scheme of the embodiment of the present invention.
Step S104, primary processor receive the authentication response that monitoring unit is sent according to predetermined communication format, wherein recognize The response parameter that monitoring unit generates is included at least in card response;Specifically, primary processor receives monitoring unit according to predetermined logical The authentication response that letter format is sent, extracts the response parameter in authentication response.
Step S106, primary processor judge whether response parameter and parameters for authentication have preset corresponding relationship, work as response There is certification when preset corresponding relationship to pass through for parameter and parameters for authentication, when response parameter and parameters for authentication do not have it is preset right Certification does not pass through when should be related to.Specifically, primary processor judges whether response parameter and parameters for authentication have in above-mentioned steps S106 Having the step of preset corresponding relationship includes: step S602: primary processor judges to identify number in response parameter and certification numerical tabular Whether there is preset corresponding relationship according to specified authentication data,
Wherein, step S602: primary processor judges response parameter and authenticates the specified certification number of numerical tabular identification data According to whether there is the step of preset corresponding relationship to include:
Step S6022: the specified authentication data of mark data is read from certification numerical tabular;
Step S6024: the authentication data that the mark data read is specified is obtained into the first verifying according to the algorithm of agreement Data;Optionally, primary processor and the algorithm of monitoring unit agreement can be fixed algorithm, or from preset According to the algorithm that specifically selection rule is elected in algorithm group, which can be with the parameter phase of participation operation Corresponding, herein, when containing mark data in the data that primary processor is sent to monitoring unit, which can be used for Selection algorithm, for example, algorithm can carry out complementation by mark data and natural number N, according to 0~N-1 of remainder, comprising Corresponding algorithm is selected in the algorithm group of N number of algorithm.
Step S6026: comparing first verification data and whether response parameter is consistent, when first verification data and response parameter When consistent, determine that response parameter and parameters for authentication have preset corresponding relationship;When first verification data is different with response parameter When cause, determine that response parameter and parameters for authentication do not have preset corresponding relationship.
In conclusion the above method is recognized every time by hiding a certification numerical tabular in the memory at primary processor end Card only can be at random using a data in the numerical tabular, therefore, even if bootlegger gets the detailed of encipherment scheme of the invention Thin process can not also carry out piracy if numerical tabular can not be obtained.
Preferably, above-mentioned steps S6022: the step of authentication data that mark data is specified is read from certification numerical tabular is wrapped It includes:
Step S60222: the computation rule of agreement is obtained;For example, can be using the side for taking the remainder or taking the remainder plus table look-up Formula, as long as in short, computation rule can by the numerical value of mark data and certification numerical tabular in storage location establish corresponding relationship, Ensure that the numerical value of different mark datas has the storage location in a clearly corresponding certification numerical tabular.
Step S60224: the calculated result that mark data is obtained according to the computation rule of agreement is obtained, wherein the calculating knot Storage location of the fruit for the data in specified certification numerical tabular;
Step S60226: the authentication data stored in the specified storage location of calculated result is read.
By the above method, the possible value range of mark data of primary processor generation is expanded, and passes through both sides The mode of agreement computation rule in advance, increases bootlegger and cracks difficulty, further improve the safety of system.
Preferably, before above-mentioned steps S104, according to embodiments of the present invention one method further include:
Step S103: monitoring unit sends authentication response to primary processor according to predetermined communication format, wherein step S103 Further include:
Step S202: monitoring unit receives the certification request that primary processor is sent, and reads the certification in certification request Parameter;Wherein, the mark data of primary processor generation is contained in certification request.
Step S204: the parameters for authentication read is obtained response parameter according to the algorithm of agreement by monitoring unit;Optionally, Monitoring unit is sent by the authentication data that mark data is specified or by the specified authentication data of mark data and by primary processor Other parameters for authentication come obtain response parameter according to the algorithm arranged with primary processor.Optionally, monitoring unit and main process task The algorithm of device agreement can be fixed algorithm, or according to specific selection rule choosing from preset algorithm group Algorithm out, which can be corresponding with the parameter of operation is participated in.
Step S206: monitoring unit sends the authentication response comprising response parameter to primary processor according to predetermined format.Tool Body, response parameter and response message are packaged by monitoring unit according to the communication format appointed with primary processor, are sent To primary processor.
Can generate according to the monitoring unit that above-mentioned steps S202 to step S206 is executed may monitored unit judgement To authenticate the response parameter passed through, since bootlegger can not know the algorithm or selection algorithm of primary processor and monitoring unit agreement Ad hoc rules also can not be from even if bootlegger decrypted the communication format of primary processor and monitoring unit agreement in form Essentially generating can make primary processor authenticate the response parameter passed through, in this way, increasing the reliability of system.
Specifically, above-mentioned steps S204 further include:
Step S402: the specified authentication data of mark data is read from certification numerical tabular, wherein certification numerical tabular is preparatory It is stored in the memory of monitoring unit,
Step S404: replacing the mark data in parameters for authentication with the authentication data that the mark data read is specified, with And
Step S406: parameters for authentication is obtained into response parameter according to the algorithm of agreement.
Monitoring unit according to above-mentioned steps S402 to step S406, read authentication data and by authentication data and other by leading The parameters for authentication that processor is sent has obtained response parameter together, according to the algorithm arranged with primary processor.
Fig. 5 be according to embodiments of the present invention one another optionally with the authentication method in program encryption timing diagram, With method shown in Fig. 3 and Fig. 4 there are the identical step in part, highlight below different from method shown in Fig. 3 and Fig. 4 in Fig. 5 The step of, as shown in figure 5,
The authentication method for being used for program encryption comprises the following steps that
Step S102, primary processor send certification request to monitoring unit, wherein raw comprising primary processor in certification request At parameters for authentication;Specifically, comprising for the certification number in specified certification numerical tabular in the parameters for authentication that primary processor generates According to mark data, and be used to indicate the notification data of the validity of authentication response.The notification data is for notifying that monitoring is single How long certification numerical value is being returned to primary processor after section by member.The notification data is random code, and the form of notification data is not Restriction, primary processor and monitoring unit have arranged the corresponding relationship of notification data Yu specific time span in advance, optionally, specifically Time span unit is second, millisecond or minute etc..
Step S104, primary processor receive the authentication response that monitoring unit is sent according to predetermined communication format, wherein recognize The response parameter that monitoring unit generates is included at least in card response;Specifically, primary processor receives monitoring unit according to predetermined logical The authentication response that letter format is sent, extracts the response parameter in authentication response.
Step S106, primary processor judge whether response parameter and parameters for authentication have preset corresponding relationship, work as response There is certification when preset corresponding relationship to pass through for parameter and parameters for authentication, when response parameter and parameters for authentication do not have it is preset right Certification does not pass through when should be related to.Specifically, primary processor judges whether response parameter and parameters for authentication have in above-mentioned steps S106 Having the step of preset corresponding relationship includes: step S604: primary processor judges to identify number in response parameter and certification numerical tabular According to specified authentication data or and authenticate whether the specified authentication data of numerical tabular identification data and notification data have Preset corresponding relationship,
Wherein, above-mentioned steps S604 can be considered including step S604a: primary processor judges response parameter and certification numerical tabular Whether identification data specified data has preset corresponding relationship and step S604b: primary processor judges response parameter Whether there is preset corresponding relationship with certification numerical tabular identification data specified data and notification data.
Preferably, step S604a includes:
Step S6042: reading the specified authentication data of mark data from certification numerical tabular,
Step S6044: the authentication data that mark data is specified is obtained second according to the algorithm arranged with primary processor and is tested Data are demonstrate,proved, and
Step S6046: comparing the second verify data and whether response parameter is consistent, when the second verify data and response parameter When consistent, determine that response parameter and parameters for authentication have preset corresponding relationship;When the second verify data and response parameter are different When cause, determine that response parameter and parameters for authentication do not have preset corresponding relationship.
Preferably, step S604b includes:
Step S6043: reading the specified authentication data of mark data from certification numerical tabular,
Step S6045: authentication data and notification data that mark data is specified are obtained second according to the algorithm of agreement Verify data, and
Step S6047: comparing the second verify data and whether response parameter is consistent, when the second verify data and response parameter When consistent, determine that response parameter and parameters for authentication have preset corresponding relationship;When the second verify data and response parameter are different When cause, determine that response parameter and parameters for authentication do not have preset corresponding relationship.
Preferably, in above-mentioned steps S6044 and/or above-mentioned steps S6045, the algorithm of agreement can be preset Algorithm, or the algorithm chosen from preset algorithm group according to ad hoc rules.If from preset algorithm Selection algorithm in group, then the selection of algorithm can pass through letter by any one in two parameters or two parameters together Single operation generates corresponding selection rule.For example, algorithm can carry out complementation by mark data and natural number N, according to 0~N-1 of remainder selects corresponding algorithm in the algorithm group comprising N number of algorithm.For above-mentioned steps S6044, only identifying In the case that data participate in operation, the operation that for example power, evolution are similar may include in algorithm group.For above-mentioned steps S6045, in the case where two parameters participate in operation, may include in algorithm group for example add, subtract, multiplication and division, power, evolution, With or non-, exclusive or etc. operation.Similarly, algorithm can also be selected by notification data, or pass through mark data It is selected with notification data.
Preferably, on the basis of above scheme, in step S106: primary processor judges response parameter and parameters for authentication is It is no have preset corresponding relationship before, method further include:
Step S105: judge the validity of authentication response received, wherein step S105: judging the certification received The step of validity of response includes:
Step S1052: obtaining effective period of time corresponding with notification data,
Step S1054: whether the time point that judgement receives authentication response is located in effective period of time, and
Step S1056: when being located in effective period of time at the time point for receiving authentication response, determine that authentication response has Effect determines that authentication response is invalid when being not in effective period of time at the time point for receiving authentication response.
It can be seen that on the basis of the above method hides a certification numerical tabular in the memory at primary processor end, also By generating random notification data by primary processor, for constraining the effective period of time of monitoring unit return authentication response, only There is the authentication response being located in the corresponding effective period of time of notification data that can be just identified as effective authentication response by primary processor. In this way, increasing the cost that cracks of bootlegger, significantly more efficient anti-locking system is cracked.In addition, notification data can also be used to join With the operation of response parameter or certificate parameter, thereby increases and it is possible to which the selection for influencing whether last algorithm further increases and cracks difficulty Degree.
Preferably, before above-mentioned steps S104, according to embodiments of the present invention one method further include:
Step S103: monitoring unit sends authentication response to primary processor according to predetermined communication format, wherein step S103 Further include:
Step S202: monitoring unit receives the certification request that primary processor is sent, and reads the certification in certification request Parameter;Wherein, the mark data and notification data of primary processor generation are contained in certification request.
Step S204: the parameters for authentication read is obtained response parameter according to the algorithm of agreement by monitoring unit;Optionally, Monitoring unit by mark data specify authentication data or by mark data specify authentication data and notification data or Recognize by the specified authentication data of mark data and other parameters for authentication sent by main process task or by what mark data was specified Card data and notification data and other parameters for authentication sent by main process task are generated and are rung according to the algorithm arranged with primary processor Answer parameter.
Optionally, in above-mentioned steps S204, the algorithm of monitoring unit and primary processor agreement can be fixed algorithm, Or the algorithm elected from preset algorithm group according to specific selection rule, which can With corresponding with the parameter of operation is participated in.If the selection algorithm from preset algorithm group, then the selection of algorithm can be with Pass through simple operation together by any one or two parameters in two parameters, it is regular to generate corresponding selection.For example, Algorithm can carry out complementation by mark data and natural number N, according to 0~N-1 of remainder, in the algorithm comprising N number of algorithm Corresponding algorithm is selected in group.In the case where monitoring unit and primary processor agreement only have mark data to participate in operation, algorithm It may include the operation that for example power, evolution are similar in group.In monitoring unit and primary processor agreement mark data and notice number In the case where being involved in operation, may include in algorithm group for example add, subtract, multiplication and division, power, evolution, with or non-, exclusive or Etc. operation.Similarly, algorithm can also be selected by notification data, or be carried out by mark data and notification data Selection.
Step S206: monitoring unit sends the authentication response comprising response parameter to primary processor according to predetermined format.Tool Body, response parameter and response message are packaged by monitoring unit according to the communication format appointed with primary processor, are sent To primary processor.
Preferably, above-mentioned steps S204 further include:
Step S402: the specified authentication data of mark data is read from certification numerical tabular, wherein certification numerical tabular is preparatory It is stored in the memory of monitoring unit,
Step S404: replacing the mark data in parameters for authentication with the authentication data that the mark data read is specified, with And
Step S406: parameters for authentication is obtained into response parameter according to the algorithm of agreement.Specifically, step S404 generation will be passed through Parameters for authentication after replacing, i.e., the authentication data specified mark data or the authentication data and notice of specifying mark data Data or the parameters for authentication for sending the specified authentication data of mark data and notification data by primary processor with other, are pressed According to the algorithm arranged with primary processor, response parameter is obtained.
In conclusion monitoring unit according to above-mentioned steps S402 to step S406, reads authentication data and by authentication data Together with other parameters for authentication, response parameter has been obtained according to the algorithm of agreement.
Preferably, in the case where monitoring unit receives the notification data that primary processor is sent, before step S206, Monitoring unit also executes the following steps:
Step S205: according to the rule arranged with primary processor, the corresponding effective period of time of notification data is obtained, wherein The form of notification data does not limit, and primary processor and monitoring unit have arranged notification data pass corresponding with specific time span System, optionally, the unit of specific time span are second, millisecond or minute etc..Also, in the effective period of time that notification data is specified Interior, monitoring unit executes step S206.
The monitoring unit executed according to above-mentioned steps S202 to step S206 can be in effective period of time to main process task Device, which sends authentication response and generates possible monitored unit, is judged as the response parameter that certification passes through, since bootlegger can not obtain The algorithm of primary processor and monitoring unit agreement or the ad hoc rules of selection algorithm are known, even if bootlegger decrypted master in form The communication format of processor and monitoring unit agreement also can not can make primary processor authenticate the response passed through from essentially generating Parameter;Even if bootlegger has attempted correct response parameter by chance, if not within the period of notification data agreement It sends authentication response to primary processor and can not also authenticate and pass through.In this way, the reliability of system has obtained further guarantee.
Optionally, on the basis of the scheme shown in above-mentioned Fig. 3, Fig. 4, Fig. 5, in step S102: primary processor is single to monitoring Before member sends the certification request of the parameters for authentication generated containing primary processor, according to embodiments of the present invention one adds for program Close authentication method further include: step S101: primary processor sends the encryption parameter being randomly generated to monitoring unit.Below by needle The method for adding above-mentioned steps S101 to scheme shown in Fig. 3, Fig. 4, Fig. 5 is explained respectively:
Wherein, scheme shown in Fig. 3 add above-mentioned steps S101 method in, primary processor also execute as follows with Fig. 3 institute Show the different step of scheme:
In step S106: primary processor judges whether response parameter and parameters for authentication have the step of preset corresponding relationship It include: primary processor according to the algorithm arranged with monitoring unit, the parameters for authentication that primary processor is generated or by parameters for authentication Carry out corresponding operation with encryption parameter and generate certificate parameter, then primary processor judge certificate parameter and response parameter whether one It causes, authenticates and pass through under response parameter and certificate parameter unanimous circumstances;In the inconsistent situation of response parameter and certificate parameter Lower certification does not pass through.Wherein, primary processor and the algorithm of monitoring unit agreement can be preset algorithm, or from preparatory The algorithm chosen in the algorithm group of setting according to ad hoc rules.If the selection algorithm from preset algorithm group, that The selection of algorithm can be passed through simple operation together by any one in two parameters or two parameters, generate correspondence Selection rule.It is highly preferred that primary processor is used for from preset algorithm group to the encryption parameter that monitoring unit is sent Selection algorithm.
Wherein, scheme shown in Fig. 3 is added in the method for above-mentioned steps S101, step S103: monitoring unit is according to predetermined Communication format include thes steps that different from scheme shown in Fig. 3 as follows into primary processor transmission authentication response:
In step S204, monitoring unit is also by the parameters for authentication read or by the parameters for authentication read and encryption Parameter obtains response parameter according to the algorithm of agreement.If the selection algorithm from preset algorithm group, then the choosing of algorithm Simple operation can be passed through together by any one in two parameters or two parameters by selecting, and generate corresponding selection rule. It is highly preferred that primary processor is used for the selection algorithm from preset algorithm group to the encryption parameter that monitoring unit is sent.
Wherein, scheme shown in Fig. 4 add above-mentioned steps S101 method in, primary processor also execute as follows with Fig. 4 institute Show the different step of scheme:
In step S106: primary processor judges whether response parameter and parameters for authentication have the step of preset corresponding relationship Include: step S606: primary processor judges whether response parameter and parameters for authentication and encryption parameter have preset corresponding pass System, wherein step S606 further include:
Step S6062: the specified authentication data of mark data is read from certification numerical tabular;
Step S6064: the authentication data that the mark data read is specified, or the mark data read is specified Authentication data and encryption parameter according to the algorithm of agreement obtain third verify data;If the algorithm being due up is from presetting Algorithm group in the algorithm that selects, then the selection of algorithm can be by any one in two parameters or two parameters one It rises and passes through simple operation, generate corresponding selection rule.It is highly preferred that the encryption parameter that primary processor is sent to monitoring unit is used In the selection algorithm from preset algorithm group.
Step S6066: comparing third verify data and whether response parameter is consistent, when third verify data and response parameter When consistent, determine that response parameter and parameters for authentication have preset corresponding relationship;When third verify data and response parameter are different When cause, determine that response parameter and parameters for authentication do not have preset corresponding relationship.
Wherein, scheme shown in Fig. 4 is added in the method for above-mentioned steps S101, step S103: monitoring unit is according to predetermined Communication format include thes steps that different from scheme shown in Fig. 4 as follows into primary processor transmission authentication response:
In step S204, monitoring unit is also by the mark data read or by the mark data read and encryption Parameter obtains response parameter according to the algorithm of agreement.If the selection algorithm from preset algorithm group, then the choosing of algorithm Simple operation can be passed through together by any one in two parameters or two parameters by selecting, and generate corresponding selection rule. It is highly preferred that primary processor is used for the selection algorithm from preset algorithm group to the encryption parameter that monitoring unit is sent.
Wherein, as shown in fig. 6, adding the method timing diagram of above-mentioned steps S101, in Fig. 6, main place for scheme shown in Fig. 5 Reason device also executes steps different from scheme shown in Fig. 5 as follows:
In step S106: primary processor judges whether response parameter and parameters for authentication have the step of preset corresponding relationship Include: step S608: primary processor judges at least one in response parameter and mark data and notification data and encryption parameter three It is a whether to there is preset corresponding relationship, wherein step S608 further include:
Step S6082: the specified authentication data of mark data is read from certification numerical tabular;
Step S6084: the authentication data that the mark data read is specified is obtained into the 4th verifying according to the algorithm of agreement Data;Or the authentication data and encryption parameter that the mark data read is specified are obtained into the 4th verifying according to the algorithm of agreement Data;Or the authentication data and encryption parameter and notification data that the mark data read is specified are obtained according to the algorithm of agreement To the 4th verify data;It is highly preferred that the encryption parameter that primary processor is sent to monitoring unit is used for from preset algorithm Selection algorithm in group.
Step S6086: comparing the 4th verify data and whether response parameter is consistent, when the 4th verify data and response parameter When consistent, determine that response parameter and parameters for authentication have preset corresponding relationship;When the 4th verify data and response parameter are different When cause, determine that response parameter and parameters for authentication do not have preset corresponding relationship.
It wherein, is the method timing diagram that scheme shown in Fig. 5 adds above-mentioned steps S101 shown in Fig. 6, in Fig. 6, step S103: monitoring unit according to predetermined communication format to primary processor send authentication response in further include as follows with scheme shown in Fig. 5 Different steps:
In step S204, the mark data specified data that monitoring unit will also be read, or the mark that will be read Know data specified data and encryption parameter, or by the mark data specified data and encryption parameter that read and notifies number Response parameter is obtained according to according to the algorithm of agreement.
Embodiment two
The embodiment of the present invention two additionally provides a kind of authentication device for program encryption.It should be noted that of the invention The authentication device for program encryption of embodiment two, which can be used for executing, to be added provided by the embodiment of the present invention one for program The authentication method for program encryption of close authentication method, the embodiment of the present invention one can also be with through the embodiment of the present invention two institutes The authentication device for program encryption provided executes.
Fig. 7 is the schematic diagram of according to embodiments of the present invention two authentication device for program encryption.As shown in fig. 7, root Include: according to the authentication device for program encryption of the embodiment of the present invention
Sending module 10, for sending certification request to monitoring unit, wherein generated in certification request comprising primary processor Parameters for authentication;
Receiving module 20, the authentication response sent for receiving monitoring unit according to predetermined communication format, wherein certification The response parameter that monitoring unit generates is included at least in response;And
Judgment module 30, for judging whether response parameter and parameters for authentication have preset corresponding relationship, when response is joined There is several and parameters for authentication certification when preset corresponding relationship to pass through, when response parameter and parameters for authentication do not have preset correspondence Certification does not pass through when relationship.
Preferably, when the mark number that the parameters for authentication that primary processor generates includes for the data in specified certification numerical tabular According to when, judgment module 30 includes:
First reading unit 301, for reading the specified authentication data of mark data from certification numerical tabular;
First computing unit 303, the authentication data for specifying the mark data read are obtained according to the algorithm of agreement To first verification data;And
First comparing unit 305, it is whether consistent with response parameter for comparing first verification data, work as first verification data When consistent with response parameter, determine that response parameter and parameters for authentication have preset corresponding relationship;When first verification data and sound When answering parameter inconsistent, determine that response parameter and parameters for authentication do not have preset corresponding relationship;
Wherein, certification numerical tabular is pre-stored in the memory of primary processor.
Preferably, when the mark number that the parameters for authentication that primary processor generates includes for the data in specified certification numerical tabular According to, and when being used to indicate the notification data of validity of authentication response, judgment module 30 includes:
Second reading unit 311: for reading the specified authentication data of mark data from certification numerical tabular,
Second computing unit 313: the authentication data for specifying mark data, or the certification that mark data is specified Data and notification data obtain the second verify data according to the algorithm of agreement, and
Second comparing unit 315: it is whether consistent for comparing the second verify data and response parameter, when the second verify data When consistent with response parameter, determine that response parameter and parameters for authentication have preset corresponding relationship;When the second verify data and sound When answering parameter inconsistent, determine that response parameter and parameters for authentication do not have preset corresponding relationship.
Preferably, when the parameters for authentication that primary processor generates includes being used to indicate the notification data of the validity of authentication response When, before judgment module 30, this is used for the authentication device of program encryption further include:
Validity authentication module 25, wherein validity authentication module 25 further include:
Acquiring unit 251: for obtaining effective period of time corresponding with notification data,
Judging unit 253: for judging whether the time point for receiving authentication response is located in effective period of time, and
Judging unit 255: for when being located in effective period of time at the time point for receiving authentication response, determining that certification is rung Should be effective, when being not in effective period of time at the time point for receiving authentication response, determine that authentication response is invalid.
Preferably, the authentication device for being used for program encryption further include: pre- sending module 05, for being sent to monitoring unit The encryption parameter being randomly generated.In the case where device includes pre- sending module 05, judgment module 30 includes:
Third reading unit 321: for reading the specified authentication data of mark data from certification numerical tabular,
Third computing unit 323: for by parameters for authentication, or by parameters for authentication and encryption parameter according to the calculation of agreement Method obtains third verify data, wherein and parameters for authentication includes the mark data for the authentication data in specified certification numerical tabular, And/or it is used to indicate the notification data of the validity of authentication response.
Third comparing unit 325: it is whether consistent with response parameter for comparing third verify data, when third verify data When consistent with response parameter, determine that response parameter and parameters for authentication have preset corresponding relationship;When third verify data and sound When answering parameter inconsistent, determine that response parameter and parameters for authentication do not have preset corresponding relationship.
Fig. 8 be according to embodiments of the present invention two another for program encryption authentication device schematic diagram.Such as Fig. 8 institute Show, the authentication device according to an embodiment of the present invention for program encryption includes:
Receiving module 60, the certification request sent for receiving primary processor, wherein include main process task in certification request The parameters for authentication that device generates;
Read module 70, for reading the parameters for authentication in certification request;
Computing module 80, for the parameters for authentication read to be obtained response parameter according to the algorithm of agreement;And
Sending module 90, for sending the authentication response comprising response parameter to primary processor according to predetermined format.
Preferably, when read module is from the mark extracted in parameters for authentication for the authentication data in specified certification numerical tabular When knowing data, computing module 80 includes:
4th reading unit 801, for reading the specified authentication data of mark data from certification numerical tabular, wherein recognize Card numerical tabular is pre-stored in the memory of monitoring unit,
4th computing unit 803, the authentication data for specifying the mark data read replace in parameters for authentication Mark data, and parameters for authentication is obtained into relevant parameter according to the algorithm of agreement.Optionally, when read module is from parameters for authentication When extracting the mark data for the authentication data in specified certification numerical tabular, the 4th computing unit specifies mark data Authentication data obtains response parameter according to the algorithm arranged with primary processor.Optionally, the certification that mark data can be also specified Data have obtained response parameter together with other parameters for authentication, according to the algorithm of agreement.Optionally, monitoring unit and primary processor The algorithm of agreement can be fixed algorithm, or select from preset algorithm group according to specific selection rule The algorithm come, which can be corresponding with the parameter of operation is participated in.
Preferably, when read module is from the mark extracted in parameters for authentication for the authentication data in specified certification numerical tabular When knowing data and being used to indicate the notification data of the validity of authentication response or extract in specified certification numerical tabular Authentication data mark data and encryption parameter when or extract for the authentication data in specified certification numerical tabular Mark data and when being used to indicate the notification data and encryption parameter of validity of authentication response, computing module 80 includes:
5th reading unit 811, for reading the specified authentication data of mark data from certification numerical tabular, wherein recognize Card numerical tabular is pre-stored in the memory of monitoring unit,
5th computing unit 813, the authentication data for specifying the mark data read replace in parameters for authentication Mark data, and parameters for authentication is obtained into relevant parameter according to the algorithm of agreement.Optionally, when extracting use from parameters for authentication The mark data of authentication data in specified certification numerical tabular and the notification data for the validity for being used to indicate authentication response When, for by mark data specify authentication data or by mark data specify authentication data and notification data according to master The algorithm of processor agreement, obtains response parameter.
Optionally, when from the mark data extracted in parameters for authentication for the authentication data in specified certification numerical tabular with And when encryption parameter, authentication data or the authentication data for specifying mark data and encryption for specifying mark data are joined Number obtains response parameter according to the algorithm arranged with primary processor.
Optionally, when from the mark data extracted in parameters for authentication for the authentication data in specified certification numerical tabular with Certification number and when being used to indicate the notification data and encryption parameter of the validity of authentication response, for specifying mark data According to or by the specified authentication data of mark data and notification data or the authentication data and encryption of specifying mark data Parameter or the authentication data for specifying mark data and notification data and encryption parameter together, are arranged according to primary processor Algorithm, obtain response parameter.
Optionally, monitoring unit and the algorithm of primary processor agreement can be fixed algorithm, or set from advance According to the algorithm that specifically selection rule is elected in fixed algorithm group, which can be with the ginseng of participation operation Number is corresponding.
Preferably, the notification data for being used to indicate the validity of authentication response is extracted from parameters for authentication when read module When, before sending module 90, the device further include:
Control module 85, for obtaining the corresponding effective period of time of notification data according to the rule arranged with primary processor, And it controls sending module 90 and sends recognizing comprising response parameter to primary processor in the effective period of time that notification data is specified Card response.
It should be noted that for the various method embodiments described above, for simple description, therefore, it is stated as a series of Combination of actions, but those skilled in the art should understand that, the present invention is not limited by the sequence of acts described because According to the present invention, some steps may be performed in other sequences or simultaneously.Secondly, those skilled in the art should also know It knows, the embodiments described in the specification are all preferred embodiments, and related actions and modules is not necessarily of the invention It is necessary.
In the above-described embodiments, it all emphasizes particularly on different fields to the description of each embodiment, there is no the portion being described in detail in some embodiment Point, reference can be made to the related descriptions of other embodiments.
In several embodiments provided herein, it should be understood that disclosed device, it can be by another way It realizes.For example, the apparatus embodiments described above are merely exemplary, such as the division of the unit, it is only a kind of Logical function partition, there may be another division manner in actual implementation, such as multiple units or components can combine or can To be integrated into another system, or some features can be ignored or not executed.Another point, shown or discussed is mutual Coupling, direct-coupling or communication connection can be through some interfaces, the indirect coupling or communication connection of device or unit, It can be electrical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme 's.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list Member both can take the form of hardware realization, can also realize in the form of software functional units.
If the integrated unit is realized in the form of SFU software functional unit and sells or use as independent product When, it can store in a computer readable storage medium.Based on this understanding, technical solution of the present invention is substantially The all or part of the part that contributes to existing technology or the technical solution can be in the form of software products in other words It embodies, which is stored in a storage medium, including some instructions are used so that a computer Equipment (can be personal computer, mobile terminal, server or network equipment etc.) executes side described in each embodiment of the present invention The all or part of the steps of method.And storage medium above-mentioned include: USB flash disk, read-only memory (ROM, Read-Only Memory), Random access memory (RAM, Random Access Memory), mobile hard disk, magnetic or disk etc. are various to be can store The medium of program code.
The foregoing is only a preferred embodiment of the present invention, is not intended to restrict the invention, for the skill of this field For art personnel, the invention may be variously modified and varied.All within the spirits and principles of the present invention, made any to repair Change, equivalent replacement, improvement etc., should all be included in the protection scope of the present invention.

Claims (16)

1. a kind of authentication method for program encryption characterized by comprising
Primary processor sends certification request to monitoring unit, wherein generates in the certification request comprising the primary processor Parameters for authentication;
The primary processor receives the authentication response that the monitoring unit is sent according to predetermined communication format, wherein described to recognize The response parameter that the monitoring unit generates is included at least in card response;And
The primary processor judges whether the response parameter and the parameters for authentication have preset corresponding relationship, when the sound Answer parameter and the parameters for authentication that there is certification when preset corresponding relationship to pass through, when the response parameter and the parameters for authentication Certification does not pass through when without preset corresponding relationship;
Wherein, the parameters for authentication that the primary processor generates also includes at least: being used to indicate the validity of the authentication response Notification data, the notification data are random code.
2. the method according to claim 1, wherein the parameters for authentication that the primary processor generates includes at least: For the mark data of the authentication data in specified certification numerical tabular, the mark data is random code, the certification numerical tabular It is pre-stored in the memory of the primary processor.
3. according to the method described in claim 2, it is characterized in that, the primary processor judges the response parameter and described recognizes It includes: that the primary processor judges the response parameter and the certification that whether card parameter, which has the step of preset corresponding relationship, Whether the specified authentication data of mark data described in numerical tabular has preset corresponding relationship,
Wherein, the primary processor judges mark data specified data described in the response parameter and the certification numerical tabular Whether there is the step of preset corresponding relationship to include:
The specified authentication data of the mark data is read from the certification numerical tabular;
The identification data that the mark data read is specified are obtained into first verification data according to the algorithm of agreement;And
It is whether consistent with the response parameter to compare the first verification data, when the first verification data and the response are joined When number is consistent, determine that the response parameter and the parameters for authentication have preset corresponding relationship;When the first verification data When inconsistent with the response parameter, determine that the response parameter and the parameters for authentication do not have preset corresponding relationship.
4. according to the method described in claim 3, referring to it is characterized in that, reading the mark data from the certification numerical tabular The step of fixed authentication data includes:
Obtain the computation rule of agreement;
Obtain the calculated result that the mark data is obtained according to the computation rule of agreement, wherein the calculated result is for referring to The storage location of authentication data in the fixed certification numerical tabular;And
Read the authentication data stored in the specified storage location of the calculated result.
5. according to the method described in claim 2, it is characterized in that, the primary processor judges the response parameter and described recognizes It includes: that the primary processor judges the response parameter and the certification that whether card parameter, which has the step of preset corresponding relationship, The authentication data or recognize with what mark data described in the certification numerical tabular was specified that mark data described in numerical tabular is specified Whether card data and the notification data have preset corresponding relationship,
Wherein, the primary processor judges the specified certification of mark data described in the response parameter and the certification numerical tabular Whether data or the authentication data specified with mark data described in the certification numerical tabular and the notification data have The step of preset corresponding relationship includes:
The specified authentication data of the mark data is read from the certification numerical tabular,
The authentication data that the mark data is specified or the authentication data and the notice of specifying the mark data Data obtain the second verify data according to the algorithm of agreement, and
It is whether consistent with the response parameter to compare second verify data, when second verify data and the response are joined When number is consistent, determine that the response parameter and the parameters for authentication have preset corresponding relationship;When second verify data When inconsistent with the response parameter, determine that the response parameter and the parameters for authentication do not have preset corresponding relationship.
6. method according to claim 2 or 5, which is characterized in that the primary processor judge the response parameter and Before whether the parameters for authentication has preset corresponding relationship, the method also includes: judge that the certification received is rung The validity answered,
Wherein, the step of judging the validity of the authentication response received include:
Effective period of time corresponding with the notification data is obtained,
Whether the time point that judgement receives the authentication response is located in the effective period of time, and
When being located in the effective period of time at the time point for receiving the authentication response, determine that the authentication response is effective, When being not in the effective period of time at the time point for receiving the authentication response, determine that the authentication response is invalid.
7. according to the method described in claim 2, containing the main place it is characterized in that, sending in primary processor to monitoring unit Before the certification request for managing the parameters for authentication that device generates, the method also includes:
The primary processor sends the encryption parameter being randomly generated to the monitoring unit.
8. the method according to the description of claim 7 is characterized in that the primary processor judges the response parameter and described recognizes Whether card parameter there is the step of preset corresponding relationship to include:
The specified authentication data of the mark data is read from the certification numerical tabular;
The authentication data that the mark data read is specified, or the certification that the mark data read is specified Data and the encryption parameter obtain third verify data according to the algorithm of agreement;
It is whether consistent with the response parameter to compare the third verify data, when the third verify data and the response are joined When number is consistent, determine that the response parameter and the parameters for authentication have preset corresponding relationship;When the third verify data When inconsistent with the response parameter, determine that the response parameter and the parameters for authentication do not have preset corresponding relationship.
9. according to the method described in claim 2, containing the main place it is characterized in that, sending in primary processor to monitoring unit Before the certification request for managing the parameters for authentication that device generates, the method also includes:
The primary processor sends the encryption parameter being randomly generated to the monitoring unit.
10. according to the method described in claim 9, it is characterized in that, the primary processor judges the response parameter and described Whether parameters for authentication there is the step of preset corresponding relationship to include:
The specified authentication data of the mark data is read from the certification numerical tabular;
The authentication data that the mark data read is specified, or the certification that the mark data read is specified Data and the encryption parameter, or authentication data and the encryption parameter that the mark data read is specified and institute It states notification data and obtains the 4th verify data according to the algorithm of agreement;
It compares the 4th verify data and whether the response parameter is consistent, when the 4th verify data and the response are joined When number is consistent, determine that the response parameter and the parameters for authentication have preset corresponding relationship;When the 4th verify data When inconsistent with the response parameter, determine that the response parameter and the parameters for authentication do not have preset corresponding relationship.
11. the method according to claim 1, wherein the primary processor receive the monitoring unit according to Before the authentication response that predetermined communication format is sent, the method also includes: the monitoring unit is according to predetermined communication format Authentication response is sent to the primary processor, wherein the monitoring unit is sent out according to predetermined communication format to the primary processor The step of sending authentication response include:
Monitoring unit receives the certification request that primary processor is sent, and reads the parameters for authentication in the certification request;Wherein, The parameters for authentication generated in the certification request comprising the primary processor;
The parameters for authentication read is obtained response parameter according to the algorithm of agreement by the monitoring unit;And
The monitoring unit sends the authentication response comprising the response parameter to the primary processor according to predetermined format.
12. according to the method for claim 11, which is characterized in that the monitoring unit is extracted from the parameters for authentication When mark data for the authentication data in specified certification numerical tabular, the parameters for authentication that the monitoring unit will be read The step of response parameter obtained according to the algorithm of agreement includes:
The specified authentication data of the mark data is read from the certification numerical tabular, wherein the certification numerical tabular is preparatory It is stored in the memory of the monitoring unit,
The mark data in the parameters for authentication is replaced with the authentication data that the mark data read is specified, and
The parameters for authentication is obtained into response parameter according to the algorithm of agreement.
13. a kind of authentication device for program encryption characterized by comprising
Sending module, for sending certification request to monitoring unit, wherein generated in the certification request comprising primary processor Parameters for authentication;
Receiving module, the authentication response sent for receiving the monitoring unit according to predetermined communication format, wherein described to recognize The response parameter that the monitoring unit generates is included at least in card response;And
Judgment module, for judging whether the response parameter and the parameters for authentication have preset corresponding relationship, when described There is certification when preset corresponding relationship to pass through for response parameter and the parameters for authentication, when the response parameter and the certification are joined Certification does not pass through when number does not have preset corresponding relationship;
Wherein, the parameters for authentication that the primary processor generates also includes at least: being used to indicate the validity of the authentication response Notification data, the notification data are random code.
14. device according to claim 13, which is characterized in that when the parameters for authentication that the primary processor generates includes using When the mark data of the authentication data in specified certification numerical tabular, the judgment module includes:
Reading unit, for reading the specified authentication data of the mark data from the certification numerical tabular;
Computing unit, the authentication data for specifying the mark data read obtain first according to the algorithm of agreement and test Demonstrate,prove data;And
Comparing unit, it is whether consistent with the response parameter for comparing the first verification data, when the first verifying number According to it is consistent with the response parameter when, determine that the response parameter and the parameters for authentication have preset corresponding relationship;Work as institute When stating first verification data and the inconsistent response parameter, it is default to determine that the response parameter and the parameters for authentication do not have Corresponding relationship;
Wherein, the certification numerical tabular is pre-stored in the memory of the primary processor.
15. a kind of authentication device for program encryption characterized by comprising
Receiving module, the certification request sent for receiving primary processor, wherein include the main place in the certification request Manage the parameters for authentication that device generates;
Read module, for reading the parameters for authentication in the certification request;
Computing module, for the parameters for authentication read to be obtained response parameter according to the algorithm of agreement;And
Sending module, for sending the authentication response comprising the response parameter to the primary processor according to predetermined format;
Wherein, the parameters for authentication that the primary processor generates also includes at least: being used to indicate the validity of the authentication response Notification data, the notification data are random code.
16. device according to claim 15, which is characterized in that when read module extracts use from the parameters for authentication When the mark data of the authentication data in specified certification numerical tabular, the computing module includes:
Reading unit, for reading the specified authentication data of the mark data from the certification numerical tabular, wherein described to recognize Card numerical tabular is pre-stored in the memory of monitoring unit;
Computing unit, the authentication data for specifying the mark data read replace the mark in the parameters for authentication Data, and the parameters for authentication is obtained into relevant parameter according to the algorithm of agreement.
CN201510169562.3A 2015-04-10 2015-04-10 Authentication method and device for program encryption Active CN106156548B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510169562.3A CN106156548B (en) 2015-04-10 2015-04-10 Authentication method and device for program encryption

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510169562.3A CN106156548B (en) 2015-04-10 2015-04-10 Authentication method and device for program encryption

Publications (2)

Publication Number Publication Date
CN106156548A CN106156548A (en) 2016-11-23
CN106156548B true CN106156548B (en) 2019-01-08

Family

ID=57335743

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510169562.3A Active CN106156548B (en) 2015-04-10 2015-04-10 Authentication method and device for program encryption

Country Status (1)

Country Link
CN (1) CN106156548B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107566125A (en) * 2017-09-01 2018-01-09 捷德(中国)信息科技有限公司 The safety certifying method that a kind of more algorithms combine
CN108429820A (en) * 2018-05-23 2018-08-21 深圳远征技术有限公司 A kind of communication means of internet of things application layer, system and terminal device
CN113742707B (en) * 2021-09-08 2023-12-08 深圳市精锋医疗科技股份有限公司 Authentication method, authentication device, and surgical robot

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1822540A (en) * 2005-02-01 2006-08-23 株式会社Ntt都科摩 Authentication vector generation device and method, subscriber authentication module and method, wireless communication system and computing method
CN101079703A (en) * 2006-05-23 2007-11-28 北京握奇数据系统有限公司 System and method for user ID card authentication via Internet
CN101175324A (en) * 2004-08-29 2008-05-07 华为技术有限公司 Safety guaranteeing method of user card
US20110072121A1 (en) * 2005-12-19 2011-03-24 Nippon Telegraph And Telephone Corporation Terminal Identification Method, Authentication Method, Authentication System, Server, Terminal, Wireless Base Station, Program, and Recording Medium
CN103368735A (en) * 2012-04-06 2013-10-23 中兴通讯股份有限公司 Authentication method, device and system of accessing application into intelligent card

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101175324A (en) * 2004-08-29 2008-05-07 华为技术有限公司 Safety guaranteeing method of user card
CN1822540A (en) * 2005-02-01 2006-08-23 株式会社Ntt都科摩 Authentication vector generation device and method, subscriber authentication module and method, wireless communication system and computing method
US20110072121A1 (en) * 2005-12-19 2011-03-24 Nippon Telegraph And Telephone Corporation Terminal Identification Method, Authentication Method, Authentication System, Server, Terminal, Wireless Base Station, Program, and Recording Medium
CN101079703A (en) * 2006-05-23 2007-11-28 北京握奇数据系统有限公司 System and method for user ID card authentication via Internet
CN103368735A (en) * 2012-04-06 2013-10-23 中兴通讯股份有限公司 Authentication method, device and system of accessing application into intelligent card

Also Published As

Publication number Publication date
CN106156548A (en) 2016-11-23

Similar Documents

Publication Publication Date Title
CN104756123B (en) Method and system for smart card chip personalization
TWI707244B (en) Block chain cross-chain authentication method, system, server and readable storage medium
CN110674475B (en) Authorization control method and device and trusted computing terminal
EP3480718A1 (en) System and method for facilitating authentication via a shortrange wireless token
CN110138744A (en) Replace method, apparatus, system, computer equipment and the storage medium of communicating number
EP3067875A1 (en) Multi-frequencies puf based electronic circuit, authentication system, and authentication method
CN108540457A (en) A kind of safety equipment and its biological identification control method and device
CN106156548B (en) Authentication method and device for program encryption
US10382417B2 (en) Secure protocol for chip authentication
CN110198296A (en) Method for authenticating and device, storage medium and electronic device
CN109460639A (en) A kind of license authentication control method, device, terminal and storage medium
CN110995720B (en) Encryption method, device, host terminal and encryption chip
CN109167662A (en) A kind of seed generation method and its equipment
CN104838387A (en) Chip verification
CN117473508A (en) Writing method, device and system for vehicle configuration words
CN104573493B (en) A kind of method for protecting software and system
CN113704780A (en) Model-driven-based power distribution network user side information adaptive encryption method
CN108681890A (en) Processing method, processing equipment and the processing system of private information
CN108667784A (en) The system and method for internet identity card checking information protection
CN110880965A (en) Outgoing electronic document encryption method, system, terminal and storage medium
CN110932853B (en) Key management device and key management method based on trusted module
CN105631291B (en) A kind of fingerprint authentication method and electronic equipment
CN108696530A (en) A kind of online encryption data safety evaluation method and device
CN108171438A (en) Experimental facilities long-distance management system and method based on IC card and mobile phone mobile terminal
CN107690789A (en) The method being authenticated using local factor pair authenticating device communication with least one certificate server

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant