CN102902927A

CN102902927A - Method and system for modifying password of encryption lock

Info

Publication number: CN102902927A
Application number: CN2012103374661A
Authority: CN
Inventors: 陆舟; 于华章
Original assignee: Feitian Technologies Co Ltd
Current assignee: Feitian Technologies Co Ltd
Priority date: 2012-09-12
Filing date: 2012-09-12
Publication date: 2013-01-30
Anticipated expiration: 2032-09-12
Also published as: CN102902927B

Abstract

The invention discloses a method and a system for modifying a password of an encryption lock. The method comprises the steps that: when the user trigger information is received, a host judges whether an authorized lock and an operation lock are connected with the host, if so, the host transmits the modification information to the authorized lock, otherwise, the operation is ended; the authorized lock receives the modification information and obtains a new password; the authorized lock processes the new password and transmits the processing result and the new password to the host; the host generates a verification instruction according to the processing result and the new password and transmits the verification instruction to the operation lock; the operation lock analyzes and verifies the received verification instruction, if verification instruction is verified to be qualified, the internally stored password is replaced by the analyzed new password, the modification success information returns to the host, and the operation is ended; otherwise the failure information returns to the host, and the operation is ended. According to the technical scheme, an agent or a developer can modify the password of the operation lock by utilizing the authorized lock, namely the password is modified under the control of a manufacturer, malicious modification is avoided, and the modification process is safe and controllable.

Description

A kind of method and system of revising the encryption lock password

Technical field

The present invention relates to the encryption lock field, relate in particular to a kind of method and system of revising the encryption lock password.

Background technology

Encryption lock is the security product that a kind of software and hardware that is inserted on the computing machine combines, be connected work with main frame by communication interface (USB interface or parallel interface etc.), encryption lock utilizes the cryptographic algorithm of storage inside that the data in the main frame are encrypted, the user only has with corresponding encryption lock and just can check after to the data deciphering after encrypting, and has improved the security of user data.

General encryption lock can arrange an initial password when dispatching from the factory, commission merchant or developer can be revised as initial password the password that oneself is approved, but modification process is not subjected to manufacturer's control, for preventing commission merchant or developer to the malicious modification of initial password, be badly in need of proposing a kind of technical scheme that is subjected to the modification encryption lock password of production firm's control.

Summary of the invention

The present invention makes amendment for the initial password that solves encryption lock in the prior art and is not subjected to the defective of production firm's control, and a kind of method and system of revising the encryption lock password are provided.

A kind of method of revising the encryption lock password provided by the invention comprises:

Steps A: when main frame receives user's trigger message, having judged whether that license lock is connected with it with operable lock, is execution in step B then, otherwise finishes;

Step B: described main frame sends to license lock with modification information;

Step C: described license lock receives described modification information, according to described modification information acquisition new password;

Step D: described license lock is processed described new password, and result and described new password are sent to described main frame;

Step e: described main frame receives described result and described new password, generates the checking instruction according to described result and described new password, and sends it to operable lock;

Step F: described operable lock receives after the described checking instruction its parsing, and analysis result is verified, by execution in step G then, by then give as described in main frame does not return failure information such as checking such as checking, finishes;

Step G: described operable lock is replaced the password of storage inside with resolving the new password that obtains, and returns the information of being successfully modified to main frame, finishes.

Wherein, described step D and step e replace with:

Step D ': described license lock is processed described new password;

Step e ': described license lock generates the checking instruction according to described result and described new password, and sends it to described operable lock by main frame.

Wherein, comprise between described steps A and the step B: described main frame obtains cipher list from described license lock, and with its output;

The selection information of described host waits user's input, and judge in Preset Time, whether to receive selection information, be then to continue, otherwise output error message finish;

Described step B is specially: described main frame sends to described license lock with the new password that the user in the described selection information chooses;

Accordingly, step C replaces with: described license lock receives the new password that described user chooses.

Wherein, described main frame obtains cipher list and specifically comprises from described license lock:

Step s1: described main frame obtains the operable lock sign from described operable lock, and searches corresponding authority according to described operable lock sign, as finds then execution in step s2, otherwise the output error information finishes;

Step s2: described main frame sends to described license lock with described authority;

Step s3: described license lock receives described authority and with self private key it is decrypted, such as successful decryption execution in step s4 then; As Decryption failures then as described in license lock to as described in main frame return Decryption failures information, finish;

Step s4: the cipher list that described license lock obtains deciphering sends to described main frame.

Described main frame obtains the operable lock sign from described operable lock, and sends it to described license lock;

Described license lock receives described operable lock sign, and searches corresponding cipher list according to described operable lock sign, as find then with as described in cipher list send to as described in main frame, as do not find then and return miscue information to main frame, finish.

Described license lock receives described operable lock sign, judges whether described operable lock sign conforms to the cipher list of described storage inside, is then to continue, otherwise returns error message to main frame, finishes.

Wherein, comprise between described steps A and the step B: the selection information of user's input is waited in the tabulation of described main frame output sequence number, and judges whether receive selection information in Preset Time, be then to continue, otherwise output error message finishes;

Described step B is specially: described main frame sends to described license lock with the sequence number that the user in the described selection information chooses;

Described step C is specially: described license lock receives the sequence number that described user chooses, and the serial number gencration new password of choosing according to described user.

Wherein, also comprise between described steps A and the step B: described main frame forms cipher list and output according to the serial number gencration new password in the described sequence number tabulation;

Described sequence number tabulation for described main frame storage inside or from described license lock, obtain.

Wherein, comprise between described steps A and the step B: described main frame output dialog box, wait for that the user inputs sequence number, and judge the sequence number that in Preset Time, whether receives user's input, be then to continue, otherwise output error message finish;

Described step B is specially: described main frame sends to described license lock with the sequence number of described user's input;

Described step C is specially: described license lock receives the sequence number of described user input, and according to the serial number gencration new password of described user's input.

Wherein, comprise between described steps A and the step B: described main frame obtains sequence number tabulation and output from described license lock, waits for the selection information of user's input, and whether judgement receives selection information in Preset Time, be then to continue, otherwise output error message finish;

Described step C is specially: described license lock receives the sequence number that described user chooses, and obtains corresponding new password in the cipher list of storing internally according to the sequence number that described user chooses.

Wherein, described step D also comprises: described license lock sends to main frame with the operable lock initial password of storage inside;

Step e is specially: described main frame receives described operable lock initial password, result and new password, generates the checking instruction according to described operable lock initial password, result and new password, and sends it to described operable lock;

Also comprise in the described step F:

Whether the operable lock initial password that described operable lock judgement parsing obtains is identical with the password of storage inside, is then to continue, otherwise gives described main frame return message, finishes.

Wherein, step e ' in generate the checking instruction and be specially: described license lock generates the checking instruction according to operable lock initial password, result and the new password of storage inside, and sends it to described operable lock;

In described step F, also comprise:

Wherein, described license lock is processed described new password and is specially: described license lock uses self private key that described new password is signed, and will sign result and described new password send to described main frame;

Described step F is specially: described operable lock receives after the described checking instruction its parsing, use the license lock PKI of storage inside that analysis result is verified,, by main frame return message as described in then giving, finish such as checking by execution in step G then such as checking.

Wherein, in the described step F analysis result verified specifically and comprises:

Step F 11: described operable lock is decrypted the signature result that parsing obtains with the license lock PKI of storage inside, such as successful decryption execution in step F12 then, otherwise gives described main frame return message, finishes;

Step F 12: described operable lock is used and is preset digest algorithm the new password that parsing obtains is calculated, and judges whether result of calculation is consistent with decrypted result, is execution in step G then, otherwise to described main frame return message, end.

Wherein, described license lock is processed described new password and is specially: described license lock uses the operable lock PKI of storage inside that described new password is encrypted, and encrypted result and described new password are sent to described main frame;

Described step F is specially: described operable lock receives after the described checking instruction its parsing, use self private key of storage inside that the encrypted result that parsing obtains is decrypted, judge then such as successful decryption whether decrypted result is consistent with the new password that parsing obtains, execution in step G then, otherwise give described main frame return message, finish; Main frame return message as described in then giving such as Decryption failures finishes.

Wherein, also comprise between described steps A and step B: described main frame sends to described operable lock and obtains instruction, obtains the random number in the described operable lock;

Described step B is specially: described main frame will revise information and described random number sends to described license lock;

Described step D is specially: described license lock is processed described new password and random number, and result and described new password are sent to described main frame.

Wherein, also comprise before at described step D ': described main frame obtains random number and sends it to described license lock from described operable lock;

Described step D ' is specially: described license lock is processed described new password and random number.

Wherein, described license lock is processed described new password and random number, is specially:

Described license lock uses self private key that described new password and random number are signed, and will sign result and described new password send to described main frame.

Wherein, described step F specifically comprises:

Step F 21: described operable lock is decrypted the signature result that parsing obtains with the license lock PKI of storage inside, such as successful decryption execution in step F22 then, otherwise gives described main frame return message, finishes;

Step F 22: described operable lock is used and is preset new password that digest algorithm obtains parsing and the random number of storage inside is calculated, and judges whether result of calculation is consistent with decrypted result, is execution in step G then, otherwise to described main frame return message, end.

Wherein, described license lock is processed specifically described new password and random number and comprised: described license lock uses the operable lock PKI of storage inside that described new password and random number are encrypted;

Step F specifically comprises: described operable lock receives after the described checking instruction its parsing, use the license lock PKI of storage inside that the encrypted result that parsing obtains is decrypted, whether the random number of then judging the random number that obtains of deciphering and storage inside such as successful decryption is consistent, with or judge whether the new password that new password that deciphering obtains and parsing obtain is consistent, execution in step G then, otherwise give described main frame return message, finish; Main frame return message as described in then giving such as Decryption failures finishes.

Wherein, comprise before the described step e: described main frame obtains the operable lock coding from described operable lock;

Described generation checking instruction is specially: described main frame generates the checking instruction according to described operable lock coding, result and described new password;

Described step F specifically comprises:

Described operable lock is resolved it after receiving described checking instruction, and whether the operable lock coding that the judgement parsing obtains is consistent with the operable lock coding of storage inside, is then to continue, otherwise gives described main frame return message, end;

Whether described operable lock checking analysis result is correct, is then to continue, otherwise gives described main frame return message, finishes.

Wherein, described step e ' also comprise before: described main frame obtains the operable lock coding and sends it to described license lock from described operable lock;

Described generation checking instruction is specially: generate the checking instruction according to described operable lock coding, described result and described new password;

Described step F specifically comprises:

Described operable lock is resolved it after receiving described checking instruction, and judges whether with the operable lock coding of storage inside conform to, be then to continue, otherwise give described main frame return message if resolving the operable lock coding that obtains, finish;

Wherein, in described step F, also comprise:

Described operable lock judges whether the data on the relevant position are identical in the password of resolving in the new password that obtains data and storage inside on the ad-hoc location, are then to continue, otherwise give described main frame return message, end.A kind of system of revising the encryption lock password provided by the invention comprises: license lock, main frame and operable lock, and wherein, described main frame comprises:

The first receiver module for the trigger message that receives the user, also is used for receiving the data of described license lock and operable lock transmission;

The first judge module is used for having judged whether that license lock is connected with described main frame with operable lock;

The first sending module is used for sending data to described license lock and described operable lock;

The first generation module is used for generating the checking instruction;

Described license lock comprises:

The second receiver module is used for receiving the data that described the first sending module sends;

The first acquisition module is used for the modification information acquisition new password that receives according to described the second receiver module;

Processing module is used for described new password is processed;

The second sending module is used for to described the first receiver module transmission processing result and new password;

Described operable lock comprises:

The 3rd receiver module is used for receiving the described checking instruction that described the first sending module sends;

Parsing module is used for described checking instruction is resolved;

Authentication module is used for that described parsing module is resolved the result who obtains and verifies;

Replacement module: be used for resolving the new password that obtains with described parsing module and replace the password of described operable lock storage inside;

The 3rd sending module is used for sending information to described the first receiver module.

Wherein, described the first generation instruction is included in the described license lock.

Wherein, described main frame also comprises:

The second acquisition module is used for obtaining cipher list from described license lock;

Output module is used for exporting described cipher list;

The second judge module is used for judging the selection information that whether receives in Preset Time;

Described the first sending module is used for the password of choosing of described selection information is sent to described license lock.

Wherein, described the second acquisition module specifically is used for obtaining the operable lock sign from described license lock, searches corresponding authority according to described operable lock sign;

The described authority that described the first sending module also is used for finding sends to described license lock;

Described license lock also comprises: deciphering module, be used for described authority is decrypted, and successful decryption obtains cipher list.

Wherein, described main frame also comprises the 3rd acquisition module, is used for obtaining the operable lock sign from described operable lock;

Described the first sending module also is used for described operable lock sign is sent to described license lock;

Described license lock also comprises: search module, be used for searching corresponding cipher list according to described operable lock sign.

Described license lock also comprises: the 3rd judge module is used for judging whether described operable lock sign conforms to the cipher list of described storage inside.

Wherein, described main frame also comprises output module and the 3rd judge module,

Described output module: be used for the tabulation of output sequence number;

Described the 3rd judge module: be used for judging the selection information that in Preset Time, whether receives;

Described the first sending module also sends to described license lock for the sequence number that the user with described selection information chooses;

Described the first acquisition module is specifically for the serial number gencration new password of choosing according to described user.

Described output module: be used for the output dialog box;

Described the 3rd judge module: be used for judging the sequence number that in Preset Time, whether receives user's input;

Described the first sending module also is used for the sequence number of described user's input is sent to described license lock;

Described the first acquisition module specifically is used for the serial number gencration new password according to described user's input.

Wherein, described main frame also comprises and obtains output module and the 3rd judge module,

The described output module that obtains: be used for obtaining sequence number tabulation and output from described license lock;

Described the second acquisition module specifically is used for obtaining corresponding new password according to the cipher list that the sequence number that described user chooses is stored internally.

Wherein, described the second sending module also is used for the operable lock initial password of described license lock storage inside is sent to described main frame;

Described the first generation module specifically is used for generating the checking instruction according to described operable lock initial password, result and new password;

Described authentication module comprises: authentication unit is used for that described parsing module is resolved the new password that obtains and verifies;

The first judging unit is for judging whether the operable lock initial password that described parsing module parsing obtains is identical with the password of storage inside.

Wherein, described the first generation module specifically is used for generating the checking instruction according to the operable lock initial password of storage inside, described result and new password;

Wherein, described processing module specifically is used for using self private key of described license lock that described new password is signed;

Described authentication module comprises:

Decryption unit is used for the license lock PKI of described operable lock storage inside the signature result that parsing obtains being decrypted;

Calculate judging unit, preset digest algorithm for use the new password that parsing obtains is calculated, and judge whether result of calculation is consistent with the decrypted result that described decryption unit successful decryption obtains.

Wherein, described processing module specifically is used for using the operable lock PKI of described license lock storage inside that described new password is encrypted;

Described authentication module comprises:

Decryption unit is used for self private key of described operable lock storage inside the encrypted result that parsing obtains being decrypted;

Judging unit is for judging whether the new password that described parsing module parsing obtains is consistent with the decrypted result that described decryption unit successful decryption obtains.

Wherein, described main frame also comprises the 5th acquisition module, is used for obtaining the operable lock coding from described operable lock;

Described the first generation module specifically is used for generating the checking instruction according to described operable lock coding, result and described new password;

Described authentication module comprises:

Judging unit is used for judging whether the operable lock coding that described parsing module parsing obtains encodes consistent with the operable lock of described operable lock storage inside;

Authentication unit is used for that described parsing module is resolved the new password that obtains and verifies.

Wherein, described main frame also comprises the 5th acquisition module, and the user obtains the operable lock coding from described operable lock;

Described the first sending module also is used for described operable lock coding is sent to described license lock;

Described authentication module comprises:

Wherein, described operable lock also comprises: the 4th judge module is used for judging whether described parsing module is resolved in the password of data and storage inside on the new password ad-hoc location that obtains the data on the relevant position identical.

The present invention compared with prior art has the following advantages:

By technical scheme of the present invention, commission merchant or developer can utilize license lock to come the password of operable lock is made amendment, and namely realize under manufacturer's control, prevent malicious modification, and modification process safety is controlled.

Description of drawings

A kind of method flow diagram of revising the encryption lock password that Fig. 1 provides for the embodiment of the invention one;

A kind of method flow diagram of revising the encryption lock password that Fig. 2 provides for the embodiment of the invention two;

A kind of method flow diagram of revising the encryption lock password that Fig. 3 provides for the embodiment of the invention three;

A kind of method flow diagram of revising the encryption lock password that Fig. 4 provides for the embodiment of the invention four;

A kind of system block diagram of revising the encryption lock password that Fig. 5 provides for the embodiment of the invention five.

Embodiment

Below in conjunction with the accompanying drawing in the embodiment of the invention, the technical scheme in the embodiment of the invention is clearly and completely described, obviously, described embodiment only is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that obtains under the creative work prerequisite.

Embodiment one

The embodiment of the invention one provides a kind of method of revising the encryption lock password, as shown in Figure 1, comprising:

Steps A: when main frame receives user's trigger message, having judged whether that license lock is connected with it with operable lock, is execution in step B then, otherwise finishes.

Step B: main frame sends to license lock with modification information;

Modification information in the present embodiment is new password or sequence number.

Between steps A and step B, also can comprise in the present embodiment:

Step a1: described main frame obtains cipher list from described license lock, and with its output;

Step a2: the selection information of described host waits user's input, and judge in Preset Time, whether to receive selection information, be then to continue, otherwise output error message finish;

The new password that comprises user selection in the selection information in the present embodiment;

Wherein, when the authority that obtains through encryption when cipher list is stored in the main frame, and a plurality of authorities are arranged in main frame, then step a1 specifically comprises:

Step a11: described main frame obtains the operable lock sign from described operable lock, and searches corresponding authority according to described operable lock sign, as finds then execution in step a12, otherwise the output error information finishes;

Step a12: the described authority of described main frame sends to described license lock;

Step a13: described license lock receives described authority and with self private key it is decrypted, such as successful decryption execution in step a14 then; As Decryption failures then license lock return Decryption failures information to main frame, finish;

Step a14: the cipher list that described license lock obtains deciphering sends to described main frame.

When only having an authority in main frame, then whether step a1 decision operation lock sign is corresponding with authority, is then to continue, otherwise output error message finishes; Perhaps direct execution in step a2.

Wherein, when storing a plurality of coded lock tabulation in the operable lock, then step a1 specifically comprises:

Step a1-1: main frame obtains the operable lock sign from operable lock, and sends it to license lock;

Step a1-2: license lock receives the operable lock sign, and searches corresponding cipher list according to the operable lock sign, as finds then the cipher list that finds is sent to main frame, as does not find then output error information, finishes.

Wherein, when only storing a coded lock tabulation in the operable lock, then step a1 specifically comprises:

Step a1-1 ': main frame obtains the operable lock sign from operable lock, and sends it to license lock;

Step a1-2 ': license lock receives the operable lock sign, and whether decision operation lock mark conforms to the cipher list of storage inside, is then the cipher list of storage inside to be sent to main frame, otherwise returns error message to main frame, end.

In the present embodiment, when modification information is sequence number, comprise between steps A and step B: the selection information of user's input is waited in the tabulation of main frame output sequence number, and whether judgement receives selection information in Preset Time, be then to continue, otherwise output error message finish; Selection information comprises the sequence number that the user chooses.Sequence number tabulation is in the main frame pre-stored or obtain from operable lock; Can also comprise between steps A and step B: main frame forms cipher list and output according to the serial number gencration new password in the sequence number tabulation, makes the user can see intuitively the new password of generation;

Or, when modification information is sequence number, between steps A and step B, comprise: main frame output dialog box, wait for that the user inputs sequence number, and judge the sequence number that in Preset Time, whether receives user's input, be then to continue, otherwise output error message finish.

Step C: license lock receives modification information, according to revising the information acquisition new password;

Concrete, in the present embodiment, tabulation acquires from license lock such as sequence number, also stores cipher list in the license lock simultaneously, when modification information is sequence number, then be specially according to revising the information acquisition new password: in cipher list, obtain corresponding new password according to the sequence number of choosing; As authorize in the institute and do not have cipher list, store preset algorithm, when modification information is sequence number, then be specially according to revising the information acquisition new password: generate new password according to the sequence number of choosing according to preset algorithm.Tabulation is pre-stored in the main frame such as sequence number, when then modification information is sequence number, then be specially according to revising the information acquisition new password: generate new password according to the sequence number of choosing according to preset algorithm, as find and then obtain new password, as do not find then and return miscue information to main frame, finish.

Preset algorithm in the present embodiment is identical with preset algorithm in the main frame.

As when revising information for the sequence number of user input, then be specially according to revising the information acquisition new password: according to the serial number gencration new password of input.

Step D: license lock is processed new password, and result and new password are sent to main frame.

Processing in the present embodiment comprises: use self private key of storage inside to sign or use the PKI of the operable lock of storage inside to be encrypted.

For improving processing safety, also other data and new password can be processed together in the present embodiment; Can from operable lock, obtain and send to for main frame the random number of mandate such as other data;

Step e: main frame reception ﹠ disposal result and described new password generate the checking instruction according to result and new password, and send it to operable lock.

Can only revise the initial password that single job is locked for the control license lock, then license lock also sends to main frame with the operable lock initial password of storage inside among the step D, and main frame generates the checking instruction according to operable lock initial password, result and new password in the step e.

Checking instruction in the present embodiment also can generate at the license lock end, and then step D and step e replace with:

Step D ': license lock is processed new password;

Step e ': license lock generates the checking instruction according to result and new password, and sends it to operable lock by main frame;

For the control license lock can only be revised the initial password of single job lock, step e ' in license lock generate the checking instruction according to operable lock initial password, result and the new password of storage inside.

Step F: operable lock receives after the described checking instruction its parsing, and analysis result is verified, by execution in step G then, by then give as described in main frame does not return failure information such as checking such as checking, finishes.

In the present embodiment, can only revise the initial password of single job lock when license lock, when comprising the operable lock initial password in the checking instruction, also comprise in the step F: whether the operable lock initial password that operable lock judgement parsing obtains is identical with the password of storage inside, then to continue, otherwise give described main frame return message, finish.This step can also can be carried out after checking before the checking analysis result.

In the present embodiment, signature operation such as the processing procedure among the step D, then analysis result is verified that the license lock PKI that is specially with storage inside verifies analysis result, the realization proof procedure is specially: the license lock PKI with storage inside is decrypted the signature result in the analysis result first, successful decryption then calculates the new password that parsing obtains according to default digest algorithm, judge that whether result of calculation is consistent with decrypted result, is then to be proved to be successful, otherwise verifies unsuccessful; Also comprise random number such as the raw data of signing among the step D, then in operable lock, according to preset algorithm the random number of the new password in the analysis result and storage is calculated.

In the present embodiment, cryptographic operation such as the processing procedure among the step D, then analysis result is verified that implementation procedure is specially: operable lock uses self private key of storage inside that the encrypted result that parsing obtains is decrypted, whether the random number of then judging the random number that obtains and storage inside such as successful decryption is consistent, with or judge whether the new password that new password that deciphering obtains and parsing obtain is consistent, be then to continue, otherwise give described main frame return message, finish; Main frame return message as described in then giving such as Decryption failures finishes.As only having new password in the decrypted result, whether the new password that then only needs the judgement deciphering to obtain is consistent with the new password that parsing obtains.

Step G: operable lock is replaced the password of storage inside with new password, and returns the information of being successfully modified to main frame, finishes.

In the present embodiment, improve the security of retouching operation lock cipher, also comprise before the password of storing in the operable lock of making amendment: whether operable lock judge to be resolved in the new password that obtains in the password of data and storage inside on the ad-hoc location data on the relevant position identical, then to continue, otherwise give the main frame return message, finish.

The checking instruction of the generation in the present embodiment can also comprise the operable lock coding, obtains from operable lock before generating the checking instruction; Also comprise before the password of then storing in the operable lock of making amendment: whether whether the operable lock coding that obtains is resolved in the operable lock judgement consistent with the operable lock coding of storage inside, is then to continue, otherwise gives described main frame return message, end.

Embodiment two

The embodiment of the invention two provides a kind of method of revising the encryption lock password, as shown in Figure 2, comprising:

Step 100: when main frame receives user's trigger message, having judged whether that license lock is connected with it with operable lock, is execution in step 101 then, otherwise finishes;

In the present embodiment, main frame is distinguished operable lock and license lock by distinct interface; When operable lock and license lock are lock of the same race, can also identify to distinguish by other, such as user ID, UID, the particular data file in the lock or specific executable program etc.;

Concrete, trigger message generates when starting tool software for the user;

Step 101: main frame sends to operable lock and obtains instruction;

Step 102: the operable lock sign that receives when obtaining instruction storage inside when operable lock sends to main frame;

Concrete, the operable lock sign comprises in the present embodiment: the type of encryption lock and/or the sales territory of encryption lock coding and/or encoded agent etc.;

Step 103: main frame receives the operable lock sign and identifies the generated query instruction and send it to license lock according to operable lock;

Step 104: when license lock receives query statement, therefrom search cipher list according to the sign of the operable lock in the query statement, as find then execution in step 105, as do not find then and return miscue information to main frame, finish;

Cipher list in the present embodiment comprises Customer ID, customer name, password etc., can also comprise sequence number;

Cipher list in the present embodiment also can generate when license lock receives query statement, then in step 103 main frame according to operable lock sign and/or commission merchant's information and/or the instruction of customer information generated query and send it to license lock; Corresponding step 104 replaces with: when license lock receives query statement, according to the operable lock in query statement sign and/or commission merchant's information and/or customer information generating cipher and be stored in cipher list; Accordingly, license lock sends to main frame with the cipher list that generates in the step 105;

Concrete, the operation mark in this enforcement is 2E3AB, corresponding cipher list is as follows:

Family ID	Customer name	Password
			001	Zhang San	DB08DAE0DAD0221A
002	Li Si	B9D7EAF156274EC3
			003	The king five	71CC1E7906AB7864

Step 105: license lock sends to main frame with the cipher list that finds;

Cipher list in the present embodiment is specially: Customer ID, operable lock VID, operable lock PID etc.;

In the present embodiment, can only control the password of generic operation lock such as a license lock and revise, then license lock directly sends to main frame with the cipher list of storage inside when receiving query statement;

Step 106: main frame receives cipher list and with its output, waits for user's input selection information;

In the present embodiment, after the tabulation of main frame output password, the user can therefrom choose a password;

Step 107: main frame judges whether to receive user's selection information in Preset Time, be execution in step 108 then, otherwise the output error information finishes;

Selection information in the present embodiment comprises the new password of choosing;

Step 108: main frame sends to license lock with the new password of choosing;

Step 109: license lock receives the new password of choosing and with the private key of storage inside it is signed;

In the present embodiment, license lock utilizes first built-in digest algorithm that the new password of choosing is calculated digest value, with private key digest value is encrypted and generates the signature result;

In the present embodiment, the new password of choosing that license lock receives is specially: DB08DAE0DAD0221A, the private key of its storage inside is E2DA18E639D717FAE161F8A7428A6A662CE4D55921B84D31291CF718 1C439E20B5AA816A92231D14BB119B323E6F3B049EA6C7766FE17F23 C54FFE139F1938AE08C9CFE9E61436DAA61EA15B02140596C98338C8 F23CFF7F4EEC4E0E268038F8A651E213242F1851B2A8FC0EA80E027B 940ABC55D91C41A69C7BEF1C860ADD3B, corresponding PKI is 42440351FD435FB5E17084FA16EDE7F6C0D6779BF9C5A486DFC39E4A 64B73BD1C23F745E7521DCB4D990630D623F8BB5E5C24231CEACC83E E2BC6333C81DCDF83BB9C4F1C6768581B0273580C77794E1C23D6272 C7D717A1FB26E60122A7261F4B7F5BD606EEEFC3E607B39CC1959533 FE5B58697893396C509AC885E72BE8C1, then carries out signature process in the step 109 and is specially:

(1) first the new password DB08DAE0DAD0221A that chooses is done the MD5 computing and obtain cryptographic hash: 70E4C803ABABD8C9E1E70066016AD325;

(2) cryptographic Hash is carried out after PKCS1 fills using RSA encrypted private key in lock to obtain signed data: 7F2C1A289D2556F059525D139992F146DA9BD9A013C6DB35734A5863 469B3BEC00B27FCB781710899B240A46FEC53B97F487C761ADE7BF12 EEDAC9DE8FA28A73B471F76C136A3B6B2C3CD095FA9A548229AF92A5 22086424487E9221B221B9D1CA5A3A774E1F5BB87274C2F25EF8B18E 927B84475F7A5DF3868A1CF09A3D5290;

In the present embodiment, as also comprising sequence number in the cipher list, then step 108 and step 109 are replaceable is:

Step 108 ': main frame sends to license lock with sequence number corresponding to new password of choosing;

Step 109 ': the license lock Receive sequence number, and in cipher list, obtain the corresponding new password of choosing according to sequence number, use the private key of storage inside that the new password of choosing that obtains is signed;

License lock can also be carried out other operations to the new password of choosing in the present embodiment, and as encrypting, the specific implementation process describes in detail in embodiment four;

Step 110: the license lock result that will sign sends to main frame;

Step 111: main frame receives the signature result, generates the checking instruction and sends it to operable lock with the new password of choosing according to the signature result;

Checking instruction in the present embodiment also can generate in license lock, and then step 110 and step 111 replace with step 110 ' and step 111 ';

Step 110 ': license lock is according to signature result and the new password generation checking instruction of choosing and send to main frame;

Step 111 ': the instruction of main frame Receipt Validation also sends to operable lock;

Step 112: the instruction of operable lock Receipt Validation is also resolved the new password that obtains signing the result and choose to it, the new password that uses the PKI of storage inside and choose verifies that to the signature result pass through such as checking, then execution in step 113, such as authentication failed, then execution in step 115;

Concrete, in the present embodiment, the PKI of operable lock use storage inside is verified the signature result and is comprised:

Step 112-1: operable lock uses the PKI of storage inside that the signature result is decrypted, such as successful decryption execution in step 112-2 then, such as Decryption failures execution in step 115 then;

Be 42440351FD435FB5E17084FA16EDE7F6C0D6779BF9C5A486DFC39E4A 64B73BD1C23F745E7521DCB4D990630D623F8BB5E5C24231CEACC83E E2BC6333C81DCDF83BB9C4F1C6768581B0273580C77794E1C23D6272 C7D717A1FB26E60122A7261F4B7F5BD606EEEFC3E607B39CC1959533 FE5B58697893396C509AC885E72BE8C1, then successful decryption such as the PKI of storing in the operable lock;

Step 112-2: operable lock is carried out digest algorithm to the new password of choosing and is obtained digest value, judges whether decrypted result is consistent with digest value, is execution in step 113 then, otherwise execution in step 115;

Step 113: operable lock is replaced the operable lock password of storage inside with the new password of choosing;

Step 114: operable lock is returned the information of being proved to be successful to main frame, finishes;

Step 115: operable lock is returned authentication failed message to main frame, finishes.

As only having one group of cipher list in the license lock in the present embodiment, when comprising the operable lock sign in the query statement, then step 104 replaces with step 105: license lock judges whether the operable lock sign in the query statement conforms to the cipher list of its storage inside, then cipher list to be sent to main frame, otherwise return miscue information to main frame, finish;

Judging in the present embodiment whether operable lock sign in the query statement conforms to the cipher list of its storage inside is specially: whether the sign of judging cipher list is consistent with the sign of operable lock, is then to conform to, otherwise do not conform to;

When not comprising the operable lock sign in the query statement, then step 104 and step 105 replace with: license lock receives query statement and judges whether inside stores cipher list, be then the cipher list of storing to be sent to main frame, otherwise return miscue information to main frame, finish.

Cipher list in the present embodiment also can store in the main frame, and use authority lock key is encrypted the generation authority to cipher list in advance, and then the step 102-105 in the present embodiment replaces with the following step:

Step 102 ': main frame obtains the operable lock sign from operable lock, and searches corresponding authority according to the operable lock sign, as finds then execution in step 103 ', otherwise the output error information finishes;

Step 103 ': main frame sends to license lock with the authority that finds;

Step 104 ': license lock receives authority and with self key it is decrypted, such as successful decryption execution in step 105 ' then; As Decryption failures then license lock return Decryption failures information to main frame, finish;

Self key in the present embodiment can be symmetric key or unsymmetrical key; Such as license lock the authority successful decryption is then obtained cipher list;

Step 105 ': license lock sends to main frame with cipher list.

Only have portion such as the authority in the main frame, and do not comprise the operable lock sign in the query statement, then step 101-step 105 replaces with:

Step s1: main frame judges whether to store authority, is execution in step s2 then, otherwise the output error information finishes;

Step s2: main frame sends to license lock with authority;

Step s3: license lock receives authority and with self key it is decrypted, such as successful decryption execution in step s4 then; As Decryption failures then license lock return Decryption failures information to main frame, finish;

Step s4: license lock sends to main frame with cipher list.

For preventing resetting, main frame can also obtain the first random number from operable lock in step 102; This first random number can be that operable lock generates in advance or generate when receiving the instruction that main frame issues; Then correspondingly replace with at step 108, step 109, step 112-2:

Step 108 ": main frame sends to license lock together with new password and the first random number of choosing;

Step 109 ": license lock receives new password and the first random number choose, and with the private key of storage inside it is signed and to generate the result that signs;

Step 112-2 ": operable lock is carried out digest calculations to the new password of choosing with the first inner random number and is obtained digest value, judges whether digest value is identical with encrypted result, is in execution in step 113, otherwise execution in step 115.

When checking instruction when in license lock, generating, then can be in step 110 ' before main frame from operable lock, obtain the first random number and send it to license lock;

Step 110 ' specifically comprise: license lock is according to the first random number, signature result and the new password generation checking instruction of choosing and send to main frame.

Operable lock in the present embodiment writes the PKI of a unsymmetrical key before dispatching from the factory, write corresponding asymmetric privacy keys in the license lock, and the cipher list encrypting storing that will allow the commission merchant to revise is kept in the main frame in license lock or with authority.When the commission merchant needs Modify password, license lock uses the private key of its storage inside to sign the new password of choosing, then by main frame new password and the signature value thereof of choosing sent to operable lock, operable lock uses the PKI in the lock that the new password of choosing and the signature thereof received are verified, if be proved to be successful, just the Coden replacement with storage inside is the new password of choosing.The process of Modify password is carried out under the control of license lock, strengthens production firm to the control of Modify password process, makes modification process safer, prevents the malicious modification of commission merchant and dealer.

Embodiment three

The embodiment of the invention three provides a kind of method of revising the encryption lock password, and in the present embodiment, one can only revise license lock once a kind of initial password of operable lock, and as shown in Figure 3, the method for present embodiment comprises:

Step 200: when main frame receives user's trigger message, having judged whether that license lock is connected with it with operable lock, is execution in step 201 then, otherwise finishes;

In the present embodiment, main frame is distinguished operable lock and license lock by distinct interface; When operable lock and license lock were lock of the same race, main frame can also identify to distinguish by other, such as user ID, UID, and the particular data file in the lock or specific executable program etc.;

Concrete, trigger message generates when starting tool software for the user;

Step 201: main frame sends first to operable lock and obtains instruction;

Step 202: when operable lock receives first when obtaining instruction, operable lock sign and the random number of its storage inside sent to main frame;

Random number in the present embodiment can receive first in operable lock and generate when obtaining instruction, perhaps generates in advance to store;

Step 203: main frame receives operable lock sign and random number, and obtains instruction and send it to operable lock according to operable lock sign generation second;

Step 204: license lock receives second and obtains instruction, and judges whether operable lock sign wherein conforms to the cipher list of its storage inside, is execution in step 205 then, otherwise returns miscue information to main frame, finishes;

Judging in the present embodiment whether operable lock sign in the query statement conforms to the cipher list of its storage inside is specially: whether the sign of judging cipher list is consistent with the sign of operable lock, is then to conform to, otherwise do not conform to; Concrete, the operable lock sign comprises operable lock VID and/or operable lock PID;

Cipher list in the present embodiment comprises the password of sequence number and correspondence etc., can also comprise Customer ID, customer name etc.;

Cipher list in the present embodiment also can receive second in license lock and generate when obtaining instruction, and then main frame generates second according to operable lock sign and/or commission merchant's information and/or customer information and obtains instruction and send it to license lock in step 203; License lock receives second when obtaining instruction in the step 204, obtains operable lock sign in the instruction and/or commission merchant's information and/or customer information according to the tabulation of preset algorithm generating cipher according to second, and the cipher list that generates is sent to main frame;

Concrete, the preset algorithm in the present embodiment is logical add; The cipher list that generates is as shown in the table;

Sequence number	Operable lock VID	Commission merchant's information	Password
				0001	096E	FB56	0104C4
0002	08E2	D4C8	DDAA
				0003	3689	8EAB	C534
0004	04B4	4A59	4F0D

Step 205: license lock sends to main frame with the cipher list of storage inside;

Step 206: main frame receives cipher list and with its output, waits for user's input selection information;

Step 207: main frame judges whether to receive user's selection information in Preset Time, be execution in step 208 then, otherwise the output error information finishes;

Selection information in the present embodiment comprises new password and the corresponding sequence number of choosing;

Step 208: main frame sends to license lock with sequence number and the random number of the new password chosen;

Also but after the step 201, any time before the step 208 obtains from operable lock random number in the present embodiment;

Step 209: license lock receives sequence number and the random number of the new password of choosing, and obtains the corresponding new password of choosing according to sequence number in cipher list, and with the private key of storage inside new password and the random number chosen is signed;

In the present embodiment, license lock utilizes first built-in digest algorithm that the new password of choosing is calculated digest value, with private key digest value is encrypted and generates the signature result; Concrete, the private key of license lock storage inside is E2DA18E639D717FAE161F8A7428A6A662CE4D55921B84D31291CF718 1C439E20B5AA816A92231D14BB119B323E6F3B049EA6C7766FE17F23 C54FFE139F1938AE08C9CFE9E61436DAA61EA15B02140596C98338C8 F23CFF7F4EEC4E0E268038F8A651E213242F1851B2A8FC0EA80E027B 940ABC55D91C41A69C7BEF1C860ADD3B in the present embodiment, and the new password of choosing is: 0104C4; Random number is: 24E20C3E02CB31CA; Signature process is specially:

(1) first password and random number are carried out the MD5 computing and obtain cryptographic hash: 49C319F8D56D8EDF1C94933884D6D734;

(2) cryptographic Hash is signed with after the PKCS1 filling, using the interior private key of lock to be encrypted: 429E8735FA00A99D4B338629FC18FF01666D287708581943D6848703 235F3334F3DFF00DDD304AE7B271F4F4789AF89652ACFAEEED5885B6 564F76D9505AFC31333467DC9FC7566E2784FE757A9B04BCC8852062 7F1AF6CC3B30EE0D70BA83096F568269F313F78CF6E62BA4FB27F466 19F70E91F0E80BDB10C792B1350A5288;

Step 210: will the sign initial password of result, operable lock and license lock management coding of license lock sends to main frame;

Concrete, the management coding in the present embodiment comprises area code and encoded agent; Be encoded to 5A93837 such as management, then 5A93 is area code, and 837 is encoded agent;

But the pre-stored initial password that the operable lock of Modify password is arranged in the license lock in the present embodiment;

Step 211: main frame receives the initial password of sign result, operable lock and authorizes code-locked management coding, generates the checking instruction and sends it to operable lock according to initial password, the mandate code-locked management coding of signature result, operable lock and the new password of choosing;

Checking instruction in the present embodiment also can generate at the license lock end, and then main frame obtains random number and sends to license lock from operable lock before step 209;

Step 212: the instruction of operable lock Receipt Validation is also resolved the initial password of obtain signing result, operable lock, the new password of authorizing code-locked management coding and choosing to it, whether the initial password of decision operation lock and the password of storage inside be consistent, it is execution in step 213 then, otherwise return miscue information to main frame, finish;

Step 213: operable lock is used the PKI of storage inside and the new password chosen is verified the signature result, such as checking by execution in step 214 then, such as authentication failed execution in step 217 then;

In the present embodiment, proof procedure specifically comprises:

Step 213-1: operable lock uses the PKI of storage inside that the signature result is decrypted, such as successful decryption execution in step 213-2 then, such as Decryption failures execution in step 217 then;

Step 213-2: calculate digest value according to default digest algorithm after the new password of choosing that operable lock obtains parsing and the splicing of the random number of storage inside;

Step 213-3: judging whether decrypted result is consistent with digest value, is execution in step 214 then, otherwise execution in step 217;

Step 214: whether operable lock judge authorizes code-locked management coding legal, is execution in step 215 then, otherwise execution in step 217;

In the present embodiment, operation power is judged license lock management legal being specially of whether encoding:

Step 214-1: operable lock judges whether the area code in the license lock management coding is correct, is execution in step 214-2 then, otherwise execution in step 217;

Step 214-2: operable lock judges whether the encoded agent in the license lock management coding is legal, is execution in step 214 then, otherwise execution in step 216;

In the present embodiment, encryption lock such as first agent merchant's (default encoded agent is 01) of only allowing America area (default area code is 01) carries out the modification of initial password to other encryption locks, then operable lock judges whether the license lock administrator password is 01 01, execution in step 215 then, otherwise execution in step 217;

In the present embodiment, the order interchangeable of step 212, step 213 and step 214 can be carried out first any one step, is judged as the judgement that continues next step when being;

Step 215: operable lock is replaced the operable lock password of storage inside with the new password of choosing;

Step 216: operable lock is returned the information of being proved to be successful to main frame, finishes;

Step 217: operable lock is returned authentication failed message to main frame, finishes.

Cipher list in the present embodiment also can store in the main frame, and license lock uses self key that cipher list is encrypted the generation authority in advance, and then the step 202-206 in the present embodiment replaces with the following step:

Step 202 ': main frame obtains the operable lock sign from operable lock, and searches corresponding authority according to the operable lock sign, as finds then execution in step 203 ', otherwise the output error information finishes;

Step 203 ': main frame sends to license lock with the authority that finds;

Step 204 ': license lock receives authority and with self key it is decrypted, as separates then execution in step 205 ' of dense success; Then return Decryption failures information to main frame such as Decryption failures, finish;

Step 205 ': license lock sends to main frame with cipher list.

In the present embodiment, operable lock has increased the participation of random number in the process of checking license lock, prevent that the disabled user is to the playback of operable lock password modification process; And also the legitimacy to license lock is verified before Modify password, improves production firm to the control of operable lock password modification process, the security that has further improved Modify password.

Embodiment four

The embodiment of the invention four provides a kind of method of revising the encryption lock password, as shown in Figure 4, comprising:

Step 301: when main frame receives user's trigger message, having judged whether that license lock is connected with it with operable lock, is execution in step 302 then, otherwise finishes;

Concrete, trigger message generates when starting tool software for the user;

Step 302: main frame output dialog box, wait for that the user inputs sequence number;

Step 303: main frame judges whether to receive the sequence number that the user inputs in Preset Time, is execution in step 304 then; Otherwise the output error information finishes;

Step 302 in the present embodiment and step 303 can also replace with:

Step 302 ': number tabulation of main frame output sequence, wait for user's input selection information;

That list of sequence numbers in the present embodiment can be obtained from license lock for main frame or inner pre-stored;

Step 303 ': main frame judges whether to receive the selection information that the user inputs in Preset Time, be execution in step 304 then, otherwise the output error information finishes;

Selection information in the present embodiment comprises the sequence number that the user chooses;

Step 304: main frame sends to license lock with the sequence number in the selection information;

Step 305: the license lock Receive sequence number, and according to preset algorithm generation new password;

Concrete, in the present embodiment, preset algorithm can be the function that presets, its parameter comprises: area code, encoded agent, operable lock type and sequence number etc.; Wherein commission merchant's numbering can set in advance also and can send to license lock from operable lock after being got access to first by main frame;

Area code	Encoded agent	Sequence number	New password
				010	43471	001	579267759AB
0471	AEE16	002	B0020A888C5
				022	3AE67	003	B7A3363683D
0531	9F55F	004	E15E4ECEFD4

Step 306: license lock uses the operable lock PKI of storage inside that new password and encoded agent are encrypted;

For example, the private key in the present embodiment is: D9DCAB903F7ED10B, use the DES algorithm as follows to the result that above-mentioned new password calculates:

New password	Encoded agent	Encrypted result
			579267759AB	43471	61AB82F395B8124F
B0020A888C5	AEE16	19B6C12CAF28645C
			B7A3363683D	3AE67	6AC509216E2383B1
E15E4ECEFD4	9F55F	13D468CC11A01533

Concrete, the new password in the present embodiment is 579267759AB, corresponding encrypted result in step 306 is 61AB82F395B8124F;

Step 307: license lock sends to main frame with encrypted result and new password;

In the present embodiment, when main frame also stored corresponding preset algorithm, then license lock only sent to main frame with encrypted result in the step 307; Main frame is according to user's input and sequence number and the encoded agent that obtains from operable lock, area code, operable lock type and preset function generation new password;

Step 308: main frame receives encrypted result and new password, and sends to operable lock according to its generation checking instruction;

Checking instruction in the present embodiment also can generate in license lock, and then step 307 and step 308 replace with:

Step 307 ': license lock is just being verified instruction and is being sent it to main frame according to encrypted result and new password life;

Step 308 ': the instruction of main frame Receipt Validation also sends it to operable lock;

Step 309: the instruction of operable lock Receipt Validation is also resolved it and to be obtained encrypted result and new password;

Step 310: operable lock verifies encrypted result, as is proved to be successful then execution in step 311, then returns authentication failed information to main frame such as authentication failed, finishes;

Concrete, in the present embodiment, proof procedure comprises:

Step 310-1: operable lock uses self private key of storage inside that encrypted result is decrypted, and such as successful decryption execution in step 310-2, then returns authentication failed information to main frame such as Decryption failures, finishes;

Step 310-2: operable lock judges that password that deciphering obtains is whether identical with the new password that parsing obtains, and is execution in step 310-3 then, otherwise returns authentication failed information to main frame, finishes;

Step 310-3: operable lock judges whether the encoded agent that deciphering obtains is identical with the encoded agent of storage inside, is execution in step 311 then, otherwise returns authentication failed information to main frame, finishes;

Step 311: operable lock is replaced the password of storage inside with new password;

Step 312: operable lock finishes to main frame return successful information.

Also have other implementations in the present embodiment, identical such as the counterpart data of the password of and storage inside digital when the specific part of the operation new key of verify, be new password with the Coden replacement of storing then, namely also can comprise between step 309 and the step 311:

Whether the specific part data that operable lock the is judged new password whether appropriate section data with the password of storage inside are identical, are then to continue, otherwise return miscue information to main frame, finish; Concrete, the specific part data of new password are first half data or latter half data, perhaps other data segment in the present embodiment.

Embodiment five

The embodiment of the invention five provides a kind of system of revising the encryption lock password, as shown in Figure 5, comprising: main frame 1, license lock 2 and operable lock 3, and wherein, described main frame 1 comprises:

The first receiver module 11 is for the trigger message that receives the user, also with the data that receive license lock 2 and operable lock 3 transmissions;

The first judge module 12 is used for having judged whether that license lock is connected with main frame 1 with operable lock;

The first sending module 13 is used for sending data to license lock and operable lock;

The first generation module 14 is used for generating the checking instruction;

License lock 2 comprises:

The second receiver module 21 is used for receiving the data that the first sending module 13 sends;

The first acquisition module 22 is used for the modification information acquisition new password that receives according to the second receiver module 21;

Processing module 23 is used for new password is processed;

The second sending module 24 is used for to the first receiver module 11 transmission processing result and new passwords;

In the present embodiment, the checking instruction also can generate in license lock 2, and then the generation of first in the main frame 1 instruction is included in the license lock 2;

Operable lock 3 comprises:

The 3rd receiver module 31 is used for receiving the checking instruction that the first sending module 11 sends;

Parsing module 32 is used for the checking instruction is resolved;

Authentication module 33 is used for that parsing module is resolved the result who obtains and verifies;

Replacement module 34: the password that is used for resolving with parsing module the new password replacement operation lock storage inside that obtains;

The 3rd sending module 35 is used for to the first receiver module 11 transmission information;

Information in the present embodiment comprises the information of being proved to be successful and authentication failed information.

The implementation method of the acquisition new password in the present embodiment has following several mode,

(1) the first implementation: main frame 1 also comprises:

The second acquisition module is used for obtaining cipher list from license lock;

Output module is used for the output password tabulation;

The first sending module 13 is used for the password of choosing of selection information is sent to license lock 2.

In the first implementation, cipher list stores in the main frame through encrypting the generation authority, and stores a plurality of authorities in main frame;

The second acquisition module specifically is used for obtaining the operable lock sign from license lock 2, searches corresponding authority according to the operable lock sign;

The first sending module 13 also is used for the authority that finds is sent to license lock 2;

License lock 2 also comprises: deciphering module, be used for authority is decrypted, and successful decryption obtains cipher list;

The cipher list that 24 deciphering of the second sending module obtain sends to main frame 1.

(2) the second implementation: in license lock, store a plurality of cipher list;

Main frame 1 also comprises the 3rd acquisition module, is used for obtaining the operable lock sign from operable lock 3;

The first sending module 13 also is used for the operable lock sign is sent to license lock 2;

License lock 2 also comprises: search module, be used for searching corresponding cipher list according to the operable lock sign.

(3) the third implementation stores a plurality of cipher list in license lock;

License lock 2 also comprises: whether the 3rd judge module is used for decision operation lock sign and conforms to the cipher list of storage inside.

(4) the 4th kinds of implementations, the serial number gencration new password of choosing according to the user;

Main frame 1 also comprises output module and the 3rd judge module,

Output module: be used for the tabulation of output sequence number;

In the present embodiment, the tabulation of this sequence number can be in the main frame pre-stored or main frame obtains from license lock;

The 3rd judge module: be used for judging the selection information that in Preset Time, whether receives;

The first sending module 13 also sends to license lock 2 for the sequence number that the user with selection information chooses;

The first acquisition module 22 concrete serial number gencration new passwords for choosing according to the user.

Intuitively see for the convenience of the user new password, main frame also comprises the generation output module, is used for the serial number gencration new password according to the sequence number tabulation, and all new passwords are formed cipher list output.

(5) the 5th kinds of implementations are according to the serial number gencration new password of user's input;

Main frame 1 also comprises output module and the 3rd judge module,

Output module: be used for the output dialog box;

The 3rd judge module: be used for judging the sequence number that in Preset Time, whether receives user's input;

The first sending module also is used for the sequence number of user's input is sent to license lock 2;

The first acquisition module 22 concrete serial number gencration new passwords that are used for according to user's input.

(6) the 6th kinds of implementations, pre-stored in license lock have new password tabulation and corresponding sequence number to tabulate, and the sequence number of choosing according to the user is again obtained corresponding new password;

Main frame 1 also comprises and obtains output module and the 3rd judge module,

Obtain output module: be used for obtaining sequence number tabulation and output from license lock 2;

License lock 2 also comprises: the 4th acquisition module is used for obtaining corresponding new password according to the cipher list that the sequence number that the user chooses is stored internally.

Present embodiment, as can only revising once the initial password of operable lock, and the specific implementation of checking instruction when host side generates is as follows:

The second sending module 24 also is used for the operable lock initial password of license lock 2 storage inside is sent to main frame 1;

The first generation module 14 is concrete for generate the checking instruction according to operable lock initial password, result and new password;

Authentication module 33 comprises: authentication unit is used for that parsing module 32 is resolved the new password that obtains and verifies; The first judging unit is for judging whether the operable lock initial password that parsing module 32 parsings obtain is identical with the password of storage inside.

Present embodiment, as can only revising once the initial password of operable lock, and the specific implementation of checking instruction when the license lock end generates is as follows:

Operable lock initial password, result and new password that the first generation module specifically is used for according to storage inside generate the checking instruction;

In the present embodiment, the processing procedure to new password in the license lock is comprised following several method:

Self private key that I, processing module 23 be concrete to be used for use authority lock 2 is signed to new password;

Accordingly, authentication module 33 comprises: decryption unit is used for the license lock PKI of operable lock 3 storage inside the signature result that parsing obtains being decrypted; Calculate judging unit, be used for using and preset digest algorithm the new password that parsing obtains is calculated, and judge whether the decrypted result that result of calculation and decryption unit successful decryption obtain is consistent.

II, processing module 23 be concrete to be used for use authority and to lock the operable lock PKI of 2 storage inside new password is encrypted;

Authentication module comprises: decryption unit is used for self private key of operable lock 3 storage inside the encrypted result that parsing obtains being decrypted; Judging unit is for judging whether the new password that parsing module 32 parsings obtain is consistent with the decrypted result that the decryption unit successful decryption obtains.

For strengthening the security of retouching operation lock cipher, can also realize with the following methods;

1. generate in host side in the checking instruction, and include the operable lock coding in the checking instruction, operable lock needs the operable lock coding is verified before Modify password;

Main frame 1 also comprises the 5th acquisition module, is used for obtaining the operable lock coding from operable lock 3;

14 concrete being used for according to operable lock coding, result and new password generation checking instruction of the first generation module in the main frame 1;

Authentication module 33 comprises: judging unit is used for judging whether the operable lock coding that parsing module 32 parsings obtain encodes consistent with the operable lock of operable lock 3 storage inside; Authentication unit is used for that parsing module 32 is resolved the new password that obtains and verifies.

2. generate at the license lock end in the checking instruction, and include the operable lock coding in the checking instruction, operable lock needs the operable lock coding is verified before Modify password;

Main frame 1 also comprises the 5th acquisition module, and the user obtains the operable lock coding from operable lock 3;

The first sending module 13 also is used for the operable lock coding is sent to license lock 2;

The first generation module in the license lock 2 specifically is used for generating the checking instruction according to operable lock coding, result and new password;

Authentication module 33 comprises: judging unit is used for judging whether the operable lock coding that parsing module 32 parsings obtain encodes consistent with the operable lock of operable lock 3 storage inside; Authentication unit is used for that described parsing module is resolved the new password that obtains and verifies.

3. operable lock is before Modify password, legitimacy to password is verified, then operable lock 3 also comprises: the 4th judge module is used for judging whether the data on the relevant position are identical in the password of data and storage inside on the new password ad-hoc location that parsing module 32 parsings obtain.

The above; only for the better embodiment of the present invention, but protection scope of the present invention is not limited to this, anyly is familiar with those skilled in the art in technical scope disclosed by the invention; the variation that can expect easily or replacement all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection domain of claim.

Claims

1. a method of revising the encryption lock password is characterized in that, comprising:

2. the method for claim 1 is characterized in that, described step D and step e replace with:

Step D ': described license lock is processed described new password;

3. method as claimed in claim 1 or 2 is characterized in that, comprise between described steps A and the step B: described main frame obtains cipher list from described license lock, and with its output;

4. method as claimed in claim 3 is characterized in that, described main frame obtains cipher list and specifically comprises from described license lock:

5. method as claimed in claim 3 is characterized in that, described main frame obtains cipher list and specifically comprises from described license lock:

6. method as claimed in claim 3 is characterized in that, described main frame obtains cipher list and specifically comprises from described license lock:

7. method as claimed in claim 1 or 2 is characterized in that, comprises between described steps A and the step B: the selection information of user's input is waited in the tabulation of described main frame output sequence number, and whether judgement receives selection information in Preset Time, be then to continue, otherwise output error message finish;

8. method as claimed in claim 7 is characterized in that, also comprises between described steps A and the step B: described main frame forms cipher list and output according to the serial number gencration new password in the described sequence number tabulation;

9. method as claimed in claim 1 or 2 is characterized in that, comprises between described steps A and the step B: described main frame output dialog box, waiting for that the user inputs sequence number, and judge the sequence number that whether receives user's input in Preset Time, is then to continue, otherwise output error message finishes;

10. method as claimed in claim 1 or 2, it is characterized in that, comprise between described steps A and the step B: described main frame obtains sequence number tabulation and output from described license lock, wait for the selection information of user's input, and whether judgement receives selection information in Preset Time, be then to continue, otherwise output error message finish;

11. the method for claim 1 is characterized in that, described step D also comprises: described license lock sends to main frame with the operable lock initial password of storage inside;

Also comprise in the described step F:

12. method as claimed in claim 2 is characterized in that, step e ' in generate the checking instruction and be specially: described license lock generates the checking instruction according to operable lock initial password, result and the new password of storage inside, and sends it to described operable lock;

In described step F, also comprise:

13. method as claimed in claim 1 or 2, it is characterized in that, described license lock is processed described new password and is specially: described license lock uses self private key that described new password is signed, and will sign result and described new password send to described main frame;

14. method as claimed in claim 13 is characterized in that, in the described step F analysis result is verified specifically to comprise:

15. method as claimed in claim 1 or 2, it is characterized in that, described license lock is processed described new password and is specially: described license lock uses the operable lock PKI of storage inside that described new password is encrypted, and encrypted result and described new password are sent to described main frame;

16. the method for claim 1 is characterized in that, also comprises between described steps A and step B: described main frame sends to described operable lock and obtains instruction, obtains the random number in the described operable lock;

17. method as claimed in claim 2 is characterized in that, also comprises before at described step D ': described main frame obtains random number and sends it to described license lock from described operable lock;

18. such as claim 16 or 17 described methods, it is characterized in that described license lock is processed described new password and random number, is specially:

19. method as claimed in claim 18 is characterized in that, described step F specifically comprises:

20., it is characterized in that described license lock is processed specifically described new password and random number and comprised: described license lock uses the operable lock PKI of storage inside that described new password and random number are encrypted such as claim 16 or 17 described methods;

21. the method for claim 1 is characterized in that, comprises before the described step e: described main frame obtains the operable lock coding from described operable lock;

Described step F specifically comprises:

22. method as claimed in claim 2 is characterized in that, described step e ' also comprise before: described main frame obtains the operable lock coding and sends it to described license lock from described operable lock;

Described step F specifically comprises:

23. method as claimed in claim 1 or 2 is characterized in that, also comprises in described step F:

Described operable lock judges whether the data on the relevant position are identical in the password of resolving in the new password that obtains data and storage inside on the ad-hoc location, are then to continue, otherwise give described main frame return message, end.

24. a system of revising the encryption lock password is characterized in that, comprising: license lock, main frame and operable lock, wherein, described main frame comprises:

The first generation module is used for generating the checking instruction;

Described license lock comprises:

Processing module is used for described new password is processed;

Described operable lock comprises:

Parsing module is used for described checking instruction is resolved;

25. system as claimed in claim 24 is characterized in that, described first generates instruction is included in the described license lock.

26. such as claim 24 or 25 described systems, it is characterized in that described main frame also comprises:

Output module is used for exporting described cipher list;

27. system as claimed in claim 26 is characterized in that, described the second acquisition module specifically is used for obtaining the operable lock sign from described license lock, searches corresponding authority according to described operable lock sign;

28. system as claimed in claim 26 is characterized in that, described main frame also comprises the 3rd acquisition module, is used for obtaining the operable lock sign from described operable lock;

29. system as claimed in claim 26 is characterized in that, described main frame also comprises the 3rd acquisition module, is used for obtaining the operable lock sign from described operable lock;

30., it is characterized in that described main frame also comprises output module and the 3rd judge module such as claim 24 or 25 described systems,

Described output module: be used for the tabulation of output sequence number;

31., it is characterized in that described main frame also comprises output module and the 3rd judge module such as claim 24 or 25 described systems,

Described output module: be used for the output dialog box;

32., it is characterized in that described main frame also comprises and obtain output module and the 3rd judge module such as claim 24 or 25 described systems,

33. system as claimed in claim 24 is characterized in that, described the second sending module also is used for the operable lock initial password of described license lock storage inside is sent to described main frame;

34. system as claimed in claim 25 is characterized in that, described the first generation module specifically is used for generating the checking instruction according to the operable lock initial password of storage inside, described result and new password;

35., it is characterized in that described processing module specifically is used for using self private key of described license lock that described new password is signed such as claim 24 or 25 described systems;

Described authentication module comprises:

36. system as claimed in claim 24 is characterized in that, described processing module specifically is used for using the operable lock PKI of described license lock storage inside that described new password is encrypted;

Described authentication module comprises:

37. system as claimed in claim 24 is characterized in that, described main frame also comprises the 5th acquisition module, is used for obtaining the operable lock coding from described operable lock;

Described authentication module comprises:

38. system as claimed in claim 25 is characterized in that, described main frame also comprises the 5th acquisition module, and the user obtains the operable lock coding from described operable lock;

Described authentication module comprises:

39. such as claim 24 or 25 described systems, it is characterized in that, described operable lock also comprises: the 4th judge module is used for judging whether described parsing module is resolved in the password of data and storage inside on the new password ad-hoc location that obtains the data on the relevant position identical.