CN101833629B - Software area authorization encryption method and implementing device therefor - Google Patents
Software area authorization encryption method and implementing device therefor Download PDFInfo
- Publication number
- CN101833629B CN101833629B CN2009100258510A CN200910025851A CN101833629B CN 101833629 B CN101833629 B CN 101833629B CN 2009100258510 A CN2009100258510 A CN 2009100258510A CN 200910025851 A CN200910025851 A CN 200910025851A CN 101833629 B CN101833629 B CN 101833629B
- Authority
- CN
- China
- Prior art keywords
- encryption
- software
- encrypted
- encryption device
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Storage Device Security (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention discloses a software area authorization encryption method, which comprises the following steps of: extracting machine fingerprint of a computer, encrypting the fingerprint to form a registration code, and sending registration data and the registration code to a registration center; after checking the registration data by using the registration center, performing encryption key initialization on an authorization encryption device; connecting the authorization encryption device with a computer with encrypted software; encrypting data information to be transmitted by using the authorization encryption device, and sending an encrypted message to the computer regularly; and finally, receiving the data sent by the authorization encryption device regularly by using the computer, decrypting the data by using a key, and judging whether the current area and time are within the limited range, if so, normally running the encrypted software, otherwise, exiting the encrypted software. The authorization encryption device comprises a GPS receiving chip, an embedded controller, and an E2PROM. The method can realize the area authorization of the software.
Description
Technical field
The present invention relates to a kind of software encryption technique and implement device thereof, particularly a kind of encryption method and implement device thereof that is used for software area authorization.
Background technology
The encryption method of software is varied, can be divided into hardware encryption method that relies on hardware and the soft encryption method that does not rely on hardware according to method for protecting software.The hardware encryption method is that enciphered message is solidificated on the hardware, and as software security dog, software is when each the startup, and the corresponding information on the first detection hardware is if by detecting, then start software systems, otherwise can not normally start software systems.The soft encryption sharpest edges are extremely low encryption cost, do not rely on special hardware to realize encryption with software approach to software, guarantee that by in software, inserting encrypting module software is not illegally used, mainly contain close Stop watch method, software self checking method, key floppy disc method, now commonly used is etc. needs just can use to software developer's licensing the licence method of software after user software installs.The hardware encryption technology is along with encryption hardware exceeds the zone and can also continue to use; Software cryptography be owing to can't judge exceeding of zone, also can continue to use exceeding the zone.So above-mentioned soft encryption and hardware encryption technology are not subjected to the restriction of region,, just can use anywhere without restriction as long as have corresponding information.
Need some software in the zone of appointment, to use now, this zone might be bigger as a city, also might be smaller as a plant area or office, if the usable range of software has surpassed this zone then should use, we are referred to as software area authorization.But adopt existing encryption technology can't realize area authorization.
Summary of the invention
The object of the present invention is to provide a kind of software area authorization encryption method and implement device thereof.
The technical solution that realizes the object of the invention is: a kind of software area authorization encryption method may further comprise the steps: the machine fingerprint of step 1, extraction computing machine, and the machine fingerprint comprises the hard disk sequence number of computing machine and the physical address of network interface card;
Step 2, above-mentioned machine fingerprint is encrypted, formed registration code, and materials for registration (information such as software user's title, address, contact method, service time) and registration code are sent to registration center;
After step 3, registration center examine materials for registration, utilize registration code to carry out the encryption key initialization to authorizing encryption device;
Step 4, will authorize encryption device to be connected with computing machine in the step 1;
Step 5, mandate encryption device are encrypted the data message that will transmit by the encryption key of step 3, and ciphertext are regularly mail to computing machine; Wherein, the data message of transmission comprises GPS location, time data, default use regional extent, time bar, the concrete steps of encrypting are: step 5.1, mandate encryption device receive gps satellite signal by antenna, processing through the GPS receiving chip, regularly form location and time data, output GGA GPS locating information, the inside comprises location and time data; Step 5.2, embedded controller are from E
2Take out encryption key among the PROM, location, time data, default use regional extent and time bar are encrypted;
Step 6, computing machine regularly receive the data of authorizing encryption device to send, the key that forms with this machine machine fingerprint is decrypted data, and judge current zone and time whether in restricted portion, if encrypted software normally move, otherwise encrypted software withdraws from; Wherein, authorize encryption device to comprise GPS receiving chip, embedded controller, E
2PROM; The GPS receiving chip receives gps satellite signal by antenna and this signal is handled, and the signal that will handle is transferred to embedded controller afterwards, and embedded controller is from E
2Take out encryption key among the PROM signal that will transmit is encrypted, the information after will encrypting then mails to the computing machine that encrypted software is housed.
Mandate encryption device based on above-mentioned software area authorization encryption method comprises GPS receiving chip, embedded controller, E
2PROM (programmable storage); The GPS receiving chip receives gps satellite signal by antenna and this signal is handled, and the signal that will handle is transferred to embedded controller afterwards, and embedded controller is from E
2Take out encryption key among the PROM signal that will transmit is encrypted, the information after will encrypting then mails to the computing machine that encrypted software is housed.
The present invention compared with prior art, its remarkable advantage is the area authorization that can realize software, make its can only appointment the zone in the use, surpassed and should then can't use in the zone; Even the hardware unit that connects with computing machine is illegally accessed or utilizes other technologies to simulate the identical information of transmission, connect the uniqueness of computer machine fingerprint owing to presetting, software also can't use, and has played good encryption effect.
Description of drawings
Fig. 1 is the process flow diagram of software area authorization encryption method of the present invention.
Fig. 2 is a mandate encryption device hardware structure diagram of the present invention.
Embodiment
Below in conjunction with accompanying drawing the present invention is described in further detail.
A kind of software area authorization encryption method of the present invention may further comprise the steps:
The machine fingerprint of step 1, extraction computing machine, the machine fingerprint comprises the hard disk sequence number of computing machine and the physical address of network interface card; Extracting the machine fingerprint of computing machine realizes by the Windows interface function, (the Windows interface function as seen: Ju Binshan etc., utilize computer fingerprint to realize software cryptography principle and method, University Of Qingdao's journal (natural science edition), 2005 (9): 63-66) be specially and may further comprise the steps:
Step 1.1, utilize GetVolumeInformation (obtaining hard disk label information) function to obtain the parameter information (sequence number of hard disk) of hard disk;
Step 1.2, utilize NetApi32.DLL (network interface dynamic link library) function to obtain the physical address of network interface card;
Step 2, above-mentioned machine fingerprint is encrypted, formed registration code, and materials for registration and registration code are sent to registration center; Materials for registration comprises information such as software user's title, address, contact method, service time.The machine fingerprint encrypted utilizes IDEA (International Data Encryption Algorithm) algorithm to realize, specifically may further comprise the steps:
Step 2.1, the physical address of the network interface card of the hard disk sequence number of 4 bytes in the step 1.1 and 6 bytes in the step 1.2 is combined into 10 bytes the machine fingerprint expressly;
Step 2.2, according to adding fixed byte, the machine fingerprint that the machine fingerprint of 10 bytes expressly is varied to 16 bytes expressly to be 8 multiple, makes things convenient for the calculating of algorithm;
Step 2.3, with 128 secret keys the machine fingerprint of 16 bytes expressly is encrypted to the registration code of 16 bytes;
After step 3, registration center examine registration code, utilize registration code to carry out the encryption key initialization to authorizing encryption device; Utilize registration code to realize by IDEA (International Data EncryptionAlgorithm) algorithm to authorizing encryption device to carry out the encryption key initialization, be specially with 128 secret key and encrypt once more, form 128 mandate encryption device data transmission encryption keys.
Step 4, will authorize encryption device to be connected with computing machine in the step 1;
Step 5, mandate encryption device are encrypted the data message that will transmit by the encryption key of step 3, and ciphertext are regularly mail to computing machine;
The data message that transmits comprises GPS location, time data, default use regional extent, time bar, and the concrete steps of encryption are:
Step 5.1, mandate encryption device receive gps satellite signal by antenna, processing through the GPS receiving chip, regularly form location and time data, output GGA (Global Positioning System Fix Data) GPS locating information, the inside comprises location and time data, and separates mutually with comma;
Step 5.2, embedded controller are from E
2Take out encryption key among the PROM, location, time data, default use regional extent and time bar are encrypted;
Step 6, computing machine regularly receive the data of authorizing encryption device to send, the key that forms with this machine machine fingerprint is decrypted data, and judge current zone and time whether in restricted portion, if encrypted software normally move, otherwise encrypted software withdraws from.
Mandate encryption device based on above-mentioned software area authorization encryption method comprises GPS receiving chip, embedded controller, E
2PROM (programmable storage), the GPS receiving chip receives gps satellite signal by antenna and this signal is handled, and the signal that will handle is transferred to embedded controller afterwards, and embedded controller is from E
2Take out encryption key among the PROM signal that will transmit is encrypted, the information after will encrypting then mails to the computing machine that encrypted software is housed.Authorize encryption device to adopt the USB power supply of computing machine, do not need external power supply or battery.
The present invention is described further below in conjunction with embodiment:
With a notebook computer is example, and its NIC address is that 6 bytes, 16 systems are counted 00-16-D3-AF-57-7D, and the hard disk sequence number is A06A-0D27.Add 6 fixed byte FF, form the machine fingerprint plaintext of 16 bytes: A0-6A-0D-27-00-16-D3-AF-57-7D-FF-FF-FF-FF-FF-FF.Use the IDEA algorithm, machine fingerprint plain text encryption is become 16 byte registration code: 4C-B8-97-25-D6-6D-C7-1B-0D-E4-FB-D9-5B-CD-0B-0B with 128 secret keys 1 (be assumed to be 16 systems and count 31-32-33-34-35-36-37-38-31-32-33-34-35-36-37-38).Registration code is reused the IDEA algorithm, with 128 secret keys 2 (be assumed to be 16 systems and count 38-37-36-35-34-33-32-31-31-32-33-34-35-36-37-38), encrypted result is: 53-E2-89-62-00-86-0C-12-35-6D-B8-DE-F5-1F-1C-EA, the ASCII character of therefrom getting 5E86080136BDF11E is for authorizing 128 bit encryption keys of encryption device.The data message of transmission comprises GPS location, time data, default use regional extent and time bar, be assumed to be 4250.5589-14718.5084-092204-4250.5589-14718.5084-10-04, represent real-time latitude-real-time longitude-real-time time-setting latitude center-setting longitude center-preset range-Preset Time respectively, wherein set the subscriber computer position that the longitude and latitude center refers to, scope can be used within 10 meters of 10 expressions, and 04 expression does not allow above 4 months accumulated running time.It is as follows to authorize encryption device with encryption key it to be encrypted to 16 system ciphertexts: A7-0F-ED-F4-96-6A-C8-BF-BA-2D-8A-73-07-22-75-25-00-3E-F3-18-5F-32-89-2D-4D-BB-50-52-61-A4-A3-63-F9-0F-28-85-5C-8F-36-2A-85-A9-65-60-64-EF-A2-D5, transmit then.Computing machine receives the above-mentioned ciphertext of authorizing encryption device to send, and 5E86080136BDF11E is decrypted data with key, and calculates the back and judge current zone and time in restricted portion, and software normally moves.
Claims (5)
1. a software area authorization encryption method is characterized in that, may further comprise the steps:
The machine fingerprint of step 1, extraction computing machine, the machine fingerprint comprises the hard disk sequence number of computing machine and the physical address of network interface card;
Step 2, above-mentioned machine fingerprint is encrypted, formed registration code, and materials for registration and registration code are sent to registration center;
After step 3, registration center examine materials for registration, utilize registration code to carry out the encryption key initialization to authorizing encryption device;
Step 4, will authorize encryption device to be connected with computing machine in the step 1;
Step 5, mandate encryption device are encrypted the data message that will transmit by the encryption key of step 3, and ciphertext are regularly mail to computing machine; Wherein, the data message of transmission comprises GPS location, time data, default use regional extent, time bar, the concrete steps of encrypting are: step 5.1, mandate encryption device receive gps satellite signal by antenna, processing through the GPS receiving chip, regularly form location and time data, output GGA GPS locating information, the inside comprises location and time data; Step 5.2, embedded controller are from E
2Take out encryption key among the PROM, location, time data, default use regional extent and time bar are encrypted;
Step 6, computing machine regularly receive the data of authorizing encryption device to send, the key that forms with this machine machine fingerprint is decrypted data, and judge current zone and time whether in restricted portion, if encrypted software normally move, otherwise encrypted software withdraws from; Wherein, authorize encryption device to comprise GPS receiving chip, embedded controller, E
2PROM; The GPS receiving chip receives gps satellite signal by antenna and this signal is handled, and the signal that will handle is transferred to embedded controller afterwards, and embedded controller is from E
2Take out encryption key among the PROM signal that will transmit is encrypted, the information after will encrypting then mails to the computing machine that encrypted software is housed.
2. software area authorization encryption method according to claim 1 is characterized in that, extracts the machine fingerprint of computing machine in the step 1 and realizes by the Windows interface function, is specially may further comprise the steps:
Step 1.1, utilize the GetVolumeInformation function to obtain the sequence number of hard disk;
Step 1.2, utilize the NetApi32.DLL function to obtain the physical address of network interface card.
3. software area authorization encryption method according to claim 2 is characterized in that, in the step 2 the machine fingerprint is encrypted and utilizes the IDEA algorithm to realize, specifically may further comprise the steps:
Step 2.1, the physical address of the network interface card of the hard disk sequence number of 4 bytes in the step 1.1 and 6 bytes in the step 1.2 is combined into 10 bytes the machine fingerprint expressly;
Step 2.2, according to adding fixed byte, the machine fingerprint that the machine fingerprint of 10 bytes expressly is varied to 16 bytes is expressly;
Step 2.3, with 128 secret keys the machine fingerprint of 16 bytes expressly is encrypted to the registration code of 16 bytes.
4. software area authorization encryption method according to claim 1, it is characterized in that, utilize registration code to realize by the IDEA algorithm in the step 3 to authorizing encryption device to carry out the encryption key initialization, be specially with 128 secret key and encrypt once more, form 128 mandate encryption device data transmission encryption keys.
5. software area authorization encryption method according to claim 1 is characterized in that, step 6 pair data are decrypted and are specially: the secret key with 128 is decrypted ciphertext, forms original plaintext.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100258510A CN101833629B (en) | 2009-03-11 | 2009-03-11 | Software area authorization encryption method and implementing device therefor |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100258510A CN101833629B (en) | 2009-03-11 | 2009-03-11 | Software area authorization encryption method and implementing device therefor |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101833629A CN101833629A (en) | 2010-09-15 |
| CN101833629B true CN101833629B (en) | 2011-10-26 |
Family
ID=42717696
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009100258510A Expired - Fee Related CN101833629B (en) | 2009-03-11 | 2009-03-11 | Software area authorization encryption method and implementing device therefor |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101833629B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103259652B (en) * | 2012-05-07 | 2015-12-16 | 中国交通通信信息中心 | A kind of information decryption method based on timeliness parameter |
| CN103259646B (en) * | 2012-05-07 | 2015-11-18 | 中国交通通信信息中心 | A kind of information decryption method based on satellite navigation system |
| CN104819097A (en) * | 2015-04-03 | 2015-08-05 | 北京天诚同创电气有限公司 | Protection method and device for programmable controller program of wind generating set |
| CN107749837A (en) * | 2017-09-26 | 2018-03-02 | 甘肃万维信息技术有限责任公司 | A kind of E-Government Resource Security guard system and its method |
| CN109388940B (en) * | 2018-09-20 | 2020-12-01 | 斑马网络技术有限公司 | Vehicle machine system access method and device, server and engineering U disk |
| CN113572600B (en) * | 2020-12-31 | 2024-03-01 | 广东国腾量子科技有限公司 | Quantum key safe storage system |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1786867A (en) * | 2005-09-22 | 2006-06-14 | 深圳市江波龙电子有限公司 | Method for ciphering and diciphering of file, safety managing storage apparatus and system method thereof |
-
2009
- 2009-03-11 CN CN2009100258510A patent/CN101833629B/en not_active Expired - Fee Related
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1786867A (en) * | 2005-09-22 | 2006-06-14 | 深圳市江波龙电子有限公司 | Method for ciphering and diciphering of file, safety managing storage apparatus and system method thereof |
Non-Patent Citations (1)
| Title |
|---|
| JP特开2001-118333A 2001.04.27 |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101833629A (en) | 2010-09-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| GB2538052B (en) | Encoder, decoder, encryption system, encryption key wallet and method | |
| CN101262599B (en) | Method and system for data processing | |
| CN101833629B (en) | Software area authorization encryption method and implementing device therefor | |
| HK1095452A1 (en) | A method of encrypting and transferring data between a sender and a receiver using a network | |
| CN103235906A (en) | Method and device for encrypting and decrypting application program | |
| US20160323100A1 (en) | Key generation device, terminal device, and data signature and encryption method | |
| CN102882683A (en) | Synchronizable RFID (radio-frequency identification) security authentication method | |
| CN103731266B (en) | Method and system for authenticating electronic certificate | |
| CN111970114B (en) | File encryption method, system, server and storage medium | |
| CN101394280B (en) | Mobile terminal and data service message protecting method | |
| TW200622623A (en) | Memory information protection system, semiconductor memory and method of protecting memory information | |
| KR101541165B1 (en) | Mobile message encryption method, computer readable recording medium recording program performing the method and download server storing the method | |
| US20170316217A1 (en) | Multi-factor authentication based content management | |
| CN104936172A (en) | Beidou positioning data transmission encryption system | |
| CN102750479A (en) | Method and system for layered software copyright protection | |
| KR20080099631A (en) | Method for using contents with a mobile card, host device, and mobile card | |
| KR102585405B1 (en) | Data security apparatus | |
| KR20100114321A (en) | Digital content transaction-breakdown the method thereof | |
| CN104683355A (en) | Anti-repudiation dynamic password generating method and dynamic password verification system | |
| CN103731828B (en) | A kind of terminal unit and method for electronic certificate authentication | |
| US10057054B2 (en) | Method and system for remotely keyed encrypting/decrypting data with prior checking a token | |
| CN102647277A (en) | Password protection method based on position information | |
| CN203289647U (en) | Handheld audio communication equipment for electronic certificate authentication | |
| CN106210240B (en) | A kind of encryption and decryption method and system based on intelligent terminal gyroscope | |
| CN107707357A (en) | Using secondary packing detection method, storage medium, electronic equipment and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20111026 Termination date: 20130311 |