CN104504328A - Software attribution verifying method and device - Google Patents
Software attribution verifying method and device Download PDFInfo
- Publication number
- CN104504328A CN104504328A CN201410849848.1A CN201410849848A CN104504328A CN 104504328 A CN104504328 A CN 104504328A CN 201410849848 A CN201410849848 A CN 201410849848A CN 104504328 A CN104504328 A CN 104504328A
- Authority
- CN
- China
- Prior art keywords
- file
- software
- digital digest
- software package
- log
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a software attribution verifying method and device. According to the method and the device, whether a software package of target software comprising a first file and a second file, whether a digital digest of a first list file in the software package of target software is identical to a digital digest of a second list file of a local list file are identical, whether first attribution identification in the software package of the target software and local second attribution identification are identical, and whether attributes of all the target software in the software package of the target software and attributes of all the local target software are identical are verified. The digital digest of the second list file, second attribution identification and attributes of all local target software are from equipment local registration data, so that whether the software package to be installed is attributed to the equipment can be verified, installation or updating can be refused in the condition that the software package to be installed is not attributed to the equipment, and accordingly, the software installation safety is improved.
Description
Technical field
The application relates to electronic information field, particularly relates to verification method and the device of a kind of software ownership.
Background technology
Along with the development of computer technology and electronic information technology, software is installed and is appeared in every field, and for special equipment field, such as field of track traffic, the security of installing for software has very high requirement, to ensure the security that equipment runs.
And at present, be directed to field of track traffic, also there are security breaches in the process that software is installed, such as, the software installed in equipment is not the copyrighted software of this equipment, or, although be the copyrighted software of this equipment, some content in software is tampered, once there is above-mentioned situation, light then cause equipment normally not run, heavy then cause security incident.
Visible, how to improve the security in software installation process, become current problem demanding prompt solution.
Summary of the invention
This application provides verification method and the device of a kind of software ownership, object is the problem solving the security how improved in software installation process.
To achieve these goals, this application provides following technical scheme:
A verification method for software ownership, comprising:
The log-on data of acquisition equipment this locality, at least comprises listing file, ownership certificate file and software document in the log-on data of described equipment this locality;
Detect in the software package of target software and whether comprise the first file and the second file, if, from the software package of described target software, then obtain the digital digest of first row list file, described first file is the file that title is identical with the title of described listing file, and described second file is the file that title is identical with the title of described ownership certificate file;
Judge that whether the digital digest of described first row list file is identical with the digital digest of secondary series list file, if, from the software package of described target software, obtain the first home identity, the digital digest of described secondary series list file is the digital digest of the listing file generated according to described log-on data;
Judge that whether described first home identity is identical with the second local home identity, if, then whether each file destination of comprising of the software package of more described target software is identical with the attribute of each file destination indicated in described log-on data successively, if so, then determine that the software package of described target software is by checking.
Alternatively, whether comprise the first file and the second file in the software package of described detection target software before, also comprise:
Receive the software package of described target software;
The log-on data ciphertext needed for local verification is obtained from this locality;
Use log-on data ciphertext described in the first local secret key decryption, obtain log-on data expressly;
The 4th key of the second key of cipher mode and described listing file, the 3rd key of described ownership certificate file and described software document is obtained from described log-on data plaintext;
According to described cipher mode, use described second key, described 3rd key and the 4th key respectively, parse described listing file, described ownership certificate file and described software document.
Alternatively, the first file whether is comprised in the software package of described detection target software and the second file comprises:
When the equal successful decryption of described listing file, described ownership certificate file and described software document, detect in the software package of target software whether comprise the first file and the second file.
Alternatively, the digital digest obtaining first row list file from the software package of described target software comprises:
Listing file digital digest storing documents name, reference position and length is obtained from the software package of described target software;
According to described listing file digital digest storing documents name, reference position and length, obtain the digital digest of first row list file.
Alternatively, the acquisition process of the digital digest of described secondary series list file comprises:
Local listing file content is obtained from described log-on data;
Utilize described local listing file content, generate secondary series list file digital digest.
Alternatively, describedly judge that whether described first home identity is identical with the second local home identity and comprise:
The digital digest storing documents name of ownership certificate, reference position and length is obtained from the software package of described target software;
According to the digital digest storing documents name of described ownership certificate, reference position and length, obtain the digital digest of the first ownership certificate file;
Local ownership certificate file content is obtained from described log-on data;
According to described this locality ownership certificate file content, generate the digital digest of the second ownership certificate file;
Whether the digital digest that the more described first digital digest and described second belonging to certificate file belongs to certificate file is identical, if, from the software package of described target software, obtain the first home identity, and from described log-on data, obtain the second local home identity;
Whether more described first home identity is identical with the second home identity.
Alternatively, whether each file destination that the software package of described more described target software successively comprises is identical with the attribute of each file destination indicated in described log-on data, if so, then determines that the software package of described target software is comprised by checking:
Whether the first object listed files in the software package of target software described in comparison is identical with the second file destination list in described log-on data, if, the digital digest of each file destination in the digital digest of each file destination then successively in more described first object listed files and described second file destination list, if all identical, then determine that the software package of described target software is by checking.
Alternatively, also comprise:
Do not comprise in software package target software being detected the first file and the second file or, the attribute of each file destination indicated in or described first home identity is different with the second home identity or software package that is described target software comprises each file destination different from secondary series list file digital digest at described first row list file digital digest and described log-on data is different, determine the home authentication failure of described target software.
A demo plant for software ownership, comprising:
First acquisition module, for obtaining the log-on data of equipment this locality, at least comprises listing file, ownership certificate file and software document in the log-on data of described equipment this locality;
Detection module, for detect target software software package in whether comprise the first file and the second file;
Second acquisition module, if the software package for described target software comprises the first file and the second file, from the software package of described target software, then obtain the digital digest of first row list file, described first file is the file that title is identical with the title of described listing file, and described second file is the file that title is identical with the title of described ownership certificate file;
First judge module, whether the digital digest for the digital digest with secondary series list file that judge described first row list file is identical, and the digital digest of described secondary series list file is the digital digest of the listing file generated according to described log-on data;
3rd acquisition module, if identical with the digital digest of secondary series list file for the digital digest of described first row list file, obtains the first home identity from the software package of described target software;
Second judge module, for judging that whether described first home identity is identical with the second local home identity;
Comparison module, if identical with the second home identity for described first home identity, then whether each file destination of comprising of the software package of more described target software is identical with the attribute of each file destination indicated in described log-on data successively, if so, then determine that the software package of described target software is by checking.
Alternatively, also comprise:
Receiver module, for whether comprise the first file and the second file in the software package of described detection target software before, receives the software package of described target software;
Deciphering module, for obtaining the log-on data ciphertext needed for local verification from this locality, and uses log-on data ciphertext described in the first local secret key decryption, obtains log-on data expressly; The 4th key of the second key of cipher mode and described listing file, the 3rd key of described ownership certificate file and described software document is obtained from described log-on data plaintext; According to described cipher mode, use described second key, described 3rd key and the 4th key respectively, parse described listing file, described ownership certificate file and described software document.
Alternatively, described detection module for detect target software software package in whether comprise the first file and the second file comprises:
Described detection module specifically for, when the equal successful decryption of described listing file, described ownership certificate file and described software document, detect target software software package in whether comprise the first file and the second file.
Alternatively, described second acquisition module comprises for the digital digest obtaining first row list file from the software package of described target software:
Described second acquisition module specifically for, listing file digital digest storing documents name, reference position and length is obtained from the software package of described target software, and according to described listing file digital digest storing documents name, reference position and length, obtain the digital digest of first row list file.
Alternatively, also comprise:
4th acquisition module, for obtaining local listing file content from described log-on data, utilizes described local listing file content, generates secondary series list file digital digest.
Alternatively, described second judge module comprises for judging that whether described first home identity is identical with the second local home identity:
Described second judge module specifically for, from the software package of described target software, obtain the ownership digital digest storing documents name of certificate, reference position and length; According to the digital digest storing documents name of described ownership certificate, reference position and length, obtain the digital digest of the first ownership certificate file; Local ownership certificate file content is obtained from described log-on data; According to described this locality ownership certificate file content, generate the digital digest of the second ownership certificate file; Whether the digital digest that the more described first digital digest and described second belonging to certificate file belongs to certificate file is identical, if, from the software package of described target software, obtain the first home identity, and from described log-on data, obtain the second local home identity; Whether more described first home identity is identical with the second home identity.
Alternatively, whether each file destination that the software package that described comparison module is used for more described target software successively comprises is identical with the attribute of each file destination indicated in described log-on data, if so, then determine that the software package of described target software is comprised by checking:
Described comparison module specifically for, whether the first object listed files in the software package of target software described in comparison is identical with the second file destination list in described log-on data, if, the digital digest of each file destination in the digital digest of each file destination then successively in more described first object listed files and described second file destination list, if all identical, then determine that the software package of described target software is by checking.
Alternatively, also comprise:
Determination module, for do not comprise in software package target software being detected the first file and the second file or, the attribute of each file destination indicated in or described first home identity is different with the second home identity or software package that is described target software comprises each file destination different from secondary series list file digital digest at described first row list file digital digest and described log-on data is different, determine the home authentication failure of described target software.
The verification method of the software ownership described in the application and device, the first file and the second file whether will be comprised in the software package of target software, whether the digital digest of the first row list file in the software package of target software is identical with the digital digest of the secondary series list file of local listing file, the result whether attribute of each target software in the software package of and the target software whether identical with the second local home identity of the first home identity in the software package of target software is identical with the attribute of each target software local, as judging that the software package of target software is whether by the foundation of home authentication, because the digital digest of secondary series list file, the attribute of the second home identity and each target software local all comes from the log-on data of equipment this locality, therefore, whether software package to be installed belongs to this equipment to use above-mentioned foundation to verify well, when software package to be installed does not belong to this equipment, then can refuse to install or upgrade, thus improve the security of software package installation.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present application or technical scheme of the prior art, be briefly described to the accompanying drawing used required in embodiment or description of the prior art below, apparently, accompanying drawing in the following describes is only some embodiments of the application, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
The process flow diagram of Fig. 1 a kind of verification method of software ownership disclosed in the embodiment of the present application;
Fig. 2 is the process flow diagram of the verification method of disclosed another software ownership of the embodiment of the present application;
The structural representation of Fig. 3 a kind of checking of software ownership disclosed in the embodiment of the present application.
Embodiment
The verification method of software ownership disclosed in the embodiment of the present application and device, can be applied in the process of equipment installation or update software, in prior art, after equipment receives the installation kit of software, directly install, in the unsafe situation of software, (in such as software, some data is tampered or software is not legal, or software should not be arranged on this equipment, otherwise cause equipment failure), the safe operation of equipment can be endangered, especially more remarkable in special trade (such as track traffic) this harm, and the verification method of software ownership disclosed in the embodiment of the present application and device, its object is just the security improving software installation or upgrade.
Below in conjunction with the accompanying drawing in the embodiment of the present application, be clearly and completely described the technical scheme in the embodiment of the present application, obviously, described embodiment is only some embodiments of the present application, instead of whole embodiments.Based on the embodiment in the application, those of ordinary skill in the art are not making the every other embodiment obtained under creative work prerequisite, all belong to the scope of the application's protection.
The embodiment of the present application discloses the verification method of a kind of software ownership, as shown in Figure 1, comprising:
S101: the log-on data obtaining equipment this locality;
In the present embodiment, the plaintext of the data structure of the log-on data of equipment this locality can be:
1. listing file digital digest storage mode mark, is assumed to be ListFileAbstrStoreFlag;
2. belong to certificate file digital digest storage mode mark, be assumed to be OwnerCertFileAbstrStoreFlag;
3. software document digital digest storage mode mark, is assumed to be SoftFileAbstrStoreFlag;
4. which kind of file listing file digital digest is stored in, is assumed to be ListAbstrStoreFileName
5. belong to certificate file digital digest to be stored in which kind of file, be assumed to be OwnerAbstrStoreFileName;
6. listing file digital digest deposits reference position, is assumed to be ListAbstrStartPosition;
7. belong to certificate file digital digest and deposit reference position, be assumed to be OwnerAbstrStartPositoin;
8. listing file digital digest length, is assumed to be ListAbstrLength;
9. belong to certificate file digital digest length, be assumed to be OwnerAbstrLength;
10. listing file encryption key, is assumed to be Public_Key1;
11. listing file decruption keys, are assumed to be Private_Key1;
12. ownership certificate file encryption keys, are assumed to be Public_Key2;
13. ownership certificate file decruption keys, are assumed to be Private_Key2;
14. software document encryption keys, are assumed to be Public_Key3;
15. software document decruption keys, are assumed to be Private_Key3;
16. listing file names, are assumed to be ListFileName;
17. ownership certificate filenames, are assumed to be OwnerCertFileName;
18. ownership marks, are assumed to be OwnerFlag;
19. encryption and decryption mode marks, are assumed to be EncryptedKind;
20. listing file digital digest unique file name marks, are assumed to be:
ListFileAbstrFileNameFlag; When listing file digital digest separate, stored, this mark works, and is used for the filename of digital digest of recognized list file.
21. ownership certificate file digital digest unique file name marks, are assumed to be:
OwnerCertFileAbstrFileNameFlag; During angelica certificate file digital digest separate, stored, this mark works, and is used for identifying the filename of digital digest of ownership certificate file.
22. software document digital digest unique file name marks, are assumed to be: SoftFileAbstrFileNameFlag; When software document digital digest separate, stored, this mark works, and is used for the digital digest file identified corresponding to some files.
In actual applications, above-mentioned clear data needs cryptographic storage, to improve security.
S102: detect in the software package of target software whether comprise the first file and the second file, if, from the software package of described target software, then obtain the digital digest of first row list file, described first file is the file that title is identical with the title of described listing file, and described second file is the file that title is identical with the title of described ownership certificate file;
In target software described in the present embodiment, in advance according to the data structure of above-mentioned log-on data, carry out belonging to configuration.
S103: judge that whether the digital digest of described first row list file is identical with the digital digest of secondary series list file, if, from the software package of described target software, obtain the first home identity, the digital digest of described secondary series list file is the digital digest of the listing file generated according to described log-on data;
S104: judge that whether described first home identity is identical with the second home identity, if, then whether each file destination of comprising of the software package of more described target software is identical with the attribute of each file destination indicated in described log-on data successively, if so, then determine that the software package of described target software is by checking.
In the present embodiment, use target software software package in the first file and the second file whether complete as foundation, the integrality of installation kit can be ensured, use digital digest as home authentication foundation, can ensure that the file content of software package is not tampered (file content be tampered after, namely digital digest changes); Use home identity as home authentication foundation, can guarantee that the software be arranged on equipment is suitable in this device, visible, method described in the present embodiment, whether verifying software belongs to this equipment from different perspectives, so the security that can improve software installation and upgrade.
The verification method of disclosed another software ownership of the embodiment of the present application, as shown in Figure 2, comprising:
S201: target device receives the software package needing the target software installed or upgrade;
In the present embodiment, software is the comprehensive appellation of program, file, data, and namely software comprises program, file or data mode, and a set of software comprises multiple program file, multiple data file, ownership certificate file, listing file etc.
S202: obtain the log-on data ciphertext needed for local verification from equipment this locality, obtain local file decruption key, use the first local key, deciphering log-on data ciphertext, forms clear data;
S203: obtain cipher mode, listing file decruption key (being assumed to be ListFileKey), ownership certificate file decruption key (being assumed to be OwnerCertFileKey), software document decruption key (being assumed to be SoftFileKey) from log-on data plaintext;
In the present embodiment, cipher mode can be symmetric cryptography or asymmetric encryption, and symmetric cryptography is the cipher mode that PKI is identical with private key, and asymmetric encryption is the PKI cipher mode different with private key.
S204: utilize ListFileKey, OwnerCertFileKey, SoftFileKey decrypted list file, ownership certificate file and software document respectively;
S205: judge listing file, ownership certificate file and software document whether all successful decryption, if so, perform S206, otherwise, feed back this software home authentication failure information;
S206: according to the title of listing file, the title of ownership certificate file, searches in received software package and whether there is the identical file of title, if all existed, then perform S207, otherwise, feed back this software home authentication failure information;
S207: obtain the digital digest storing documents name of listing file, reference position and length from the software package of target software, and according to the digital digest of these data search to first row list file, be assumed to be: ListFile_Abstract0;
S208: according to the listing file name in log-on data, the digital digest of listing file deposits name, reference position and length, belongs to the information such as the digital digest storing documents name of certificate, reference position and length, obtains listing file content from log-on data;
S209: utilize listing file content, generates secondary series list file digital digest, is assumed to be:
ListFile_Abstract;
S210: whether identically compare ListFile_Abstract and ListFile_Abstract0, if so, then performs S211, otherwise, feed back this software home authentication failure information;
S211: obtain the digital digest storing documents name of ownership certificate, reference position and length from the software package of target software, and belong to the digital digest of certificate file according to these data acquisitions first, be assumed to be: OwnerFile_Abstract0;
S212: according to the ownership certificate filename in log-on data, the digital digest of listing file deposits name, reference position and length, the information such as digital digest storing documents name, reference position, length of ownership certificate, finds ownership certificate file content from log-on data;
S213: according to ownership certificate file content, generates the digital digest of the second ownership certificate file, is assumed to be: Owner_Abstract;
S214: whether identically compare Owner_Abstract and Owner_Abstract0, if so, performs S215, otherwise, feed back this software home authentication failure information;
S215: obtain the ownership mark in the first ownership certificate of received data from the software package of described target software, be assumed to be: OwnerFlag_Soft, and from log-on data, obtain the second local ownership mark, be assumed to be: OwnerFlag_local;
S216: whether identically compare OwnerFlag_local and OwnerFlag_Soft, if so, then performs S217, feeds back this software home authentication failure information;
S217: obtain the listed files inventory received from the software package of target software, i.e. first object listed files FileList0, the All Files table listings needing the software of home authentication is obtained from the ListFile listing file log-on data, namely the second file destination list, is assumed to be FileList;
In the present embodiment, in listed files inventory, do not comprise listing file, listing file digital digest cryptograph files, ownership certificate file, ownership certificate number summary cryptograph files.
S218: whether two kinds of listed files FileList0 and FileList are identical in comparison, if identical, then perform S219, otherwise, feed back this software home authentication failure information;
Following steps are the digital digest of each file destination in the digital digest of each file destination successively in more described first object listed files and described second file destination list, if all identical, then determine the specific implementation of the software package of described target software by checking:
S219: set i as 1, from first file;
S220: the digital digest obtaining i-th file from the software package of target software, is assumed to be:
File_Abstract0i;
S221: obtain i-th file content from log-on data, then generates digital digest File_Abstracti by content;
S222: contrast File_Abstract0i and File_Abstracti, if comparison is not identical, then perform this software home authentication failure information of feedback, otherwise, perform S213;
S223: judge whether it is last file, if last file, then perform S224, otherwise i=i+1, be transferred to S220;
S224: feed back this software home authentication successful information.
Method described in the present embodiment, can effectively ensure can not make a mistake in software upgrading or installation process, because can not equipment being caused to shut down because attaching troops to a unit software mistakenly or break down.
The embodiment of the present application also discloses the demo plant of a kind of software ownership, as shown in Figure 3, comprising:
First acquisition module 301, for obtaining the log-on data of equipment this locality, at least comprises listing file, ownership certificate file and software document in the log-on data of described equipment this locality;
Detection module 302, for detect target software software package in whether comprise the first file and the second file;
Second acquisition module 303, if the software package for described target software comprises the first file and the second file, from the software package of described target software, then obtain the digital digest of first row list file, described first file is the file that title is identical with the title of described listing file, and described second file is the file that title is identical with the title of described ownership certificate file;
First judge module 304, whether the digital digest for the digital digest with secondary series list file that judge described first row list file is identical, and the digital digest of described secondary series list file is the digital digest of the listing file generated according to described log-on data;
3rd acquisition module 305, if identical with the digital digest of secondary series list file for the digital digest of described first row list file, obtains the first home identity from the software package of described target software;
Second judge module 306, for judging that whether described first home identity is identical with the second local home identity;
Comparison module 307, if identical with the second home identity for described first home identity, then whether each file destination of comprising of the software package of more described target software is identical with the attribute of each file destination indicated in described log-on data successively, if so, then determine that the software package of described target software is by checking.
Alternatively, can also comprise:
Receiver module 308, for whether comprise the first file and the second file in the software package of described detection target software before, receives the software package of described target software;
Deciphering module 309, for obtaining the log-on data ciphertext needed for local verification from this locality, and uses log-on data ciphertext described in the first local secret key decryption, obtains log-on data expressly; The 4th key of the second key of cipher mode and described listing file, the 3rd key of described ownership certificate file and described software document is obtained from described log-on data plaintext; According to described cipher mode, use described second key, described 3rd key and the 4th key respectively, parse described listing file, described ownership certificate file and described software document.
4th acquisition module 310, for obtaining local listing file content from described log-on data, utilizes described local listing file content, generates the digital digest of secondary series list file.
Determination module 311, for do not comprise in software package target software being detected the first file and the second file or, the attribute of each file destination indicated in or described first home identity is different with the second home identity or software package that is described target software comprises each file destination different from secondary series list file digital digest at described first row list file digital digest and described log-on data is different, determine the home authentication failure of described target software.
Wherein, further, detection module detects the specific implementation whether comprising the first file and the second file in the software package of target software: when the equal successful decryption of described listing file, described ownership certificate file and described software document, detects in the software package of target software whether comprise the first file and the second file.
The specific implementation that second acquisition module obtains the digital digest of first row list file from the software package of described target software can be: from the software package of described target software, obtain listing file digital digest storing documents name, reference position and length, and according to described listing file digital digest storing documents name, reference position and length, obtain the digital digest of first row list file.
Second judge module judges that the specific implementation whether described first home identity is identical with the second local home identity can be: from the software package of described target software, obtain the digital digest storing documents name, reference position and the length that belong to certificate; According to the digital digest storing documents name of described ownership certificate, reference position and length, obtain the digital digest of the first ownership certificate file; Local ownership certificate file content is obtained from described log-on data; According to described this locality ownership certificate file content, generate the digital digest of the second ownership certificate file; Whether the digital digest that the more described first digital digest and described second belonging to certificate file belongs to certificate file is identical, if, from the software package of described target software, obtain the first home identity, and from described log-on data, obtain the second local home identity; Whether more described first home identity is identical with the second home identity.
Whether each file destination that the software package of comparison module more described target software successively comprises is identical with the attribute of each file destination indicated in described log-on data, if, the software package then determining described target software can be for by the specific implementation of checking: whether the first object listed files in the software package of target software described in comparison is identical with the second file destination list in described log-on data, if, the digital digest of each file destination in the digital digest of each file destination then successively in more described first object listed files and described second file destination list, if all identical, then determine that the software package of described target software is by checking.
Device described in the present embodiment, whether verifying software belongs to this equipment from different perspectives, so the security that can improve software installation and upgrade.
If the function described in the embodiment of the present application method using the form of SFU software functional unit realize and as independently production marketing or use time, can be stored in a computing equipment read/write memory medium.Based on such understanding, the part of the part that the embodiment of the present application contributes to prior art or this technical scheme can embody with the form of software product, this software product is stored in a storage medium, comprising some instructions in order to make a computing equipment (can be personal computer, server, mobile computing device or the network equipment etc.) perform all or part of step of method described in each embodiment of the application.And aforesaid storage medium comprises: USB flash disk, portable hard drive, ROM (read-only memory) (ROM, Read-OnlyMemory), random access memory (RAM, Random Access Memory), magnetic disc or CD etc. various can be program code stored medium.
In this instructions, each embodiment adopts the mode of going forward one by one to describe, and what each embodiment stressed is the difference with other embodiment, between each embodiment same or similar part mutually see.
To the above-mentioned explanation of the disclosed embodiments, professional and technical personnel in the field are realized or uses the application.To be apparent for those skilled in the art to the multiple amendment of these embodiments, General Principle as defined herein when not departing from the spirit or scope of the application, can realize in other embodiments.Therefore, the application can not be restricted to these embodiments shown in this article, but will meet the widest scope consistent with principle disclosed herein and features of novelty.
Claims (16)
1. a verification method for software ownership, is characterized in that, comprising:
The log-on data of acquisition equipment this locality, at least comprises listing file, ownership certificate file and software document in the log-on data of described equipment this locality;
Detect in the software package of target software and whether comprise the first file and the second file, if, from the software package of described target software, then obtain the digital digest of first row list file, described first file is the file that title is identical with the title of described listing file, and described second file is the file that title is identical with the title of described ownership certificate file;
Judge that whether the digital digest of described first row list file is identical with the digital digest of secondary series list file, if, from the software package of described target software, obtain the first home identity, the digital digest of described secondary series list file is the digital digest of the listing file generated according to described log-on data;
Judge that whether described first home identity is identical with the second local home identity, if, then whether each file destination of comprising of the software package of more described target software is identical with the attribute of each file destination indicated in described log-on data successively, if so, then determine that the software package of described target software is by checking.
2. method according to claim 1, is characterized in that, before whether comprising the first file and the second file, also comprises in the software package of described detection target software:
Receive the software package of described target software;
The log-on data ciphertext needed for local verification is obtained from this locality;
Use log-on data ciphertext described in the first local secret key decryption, obtain log-on data expressly;
The 4th key of the second key of cipher mode and described listing file, the 3rd key of described ownership certificate file and described software document is obtained from described log-on data plaintext;
According to described cipher mode, use described second key, described 3rd key and the 4th key respectively, parse described listing file, described ownership certificate file and described software document.
3. method according to claim 2, is characterized in that, whether comprises the first file and the second file comprises in the software package of described detection target software:
When the equal successful decryption of described listing file, described ownership certificate file and described software document, detect in the software package of target software whether comprise the first file and the second file.
4. method according to claim 1 and 2, is characterized in that, the digital digest obtaining first row list file from the software package of described target software comprises:
Listing file digital digest storing documents name, reference position and length is obtained from the software package of described target software;
According to described listing file digital digest storing documents name, reference position and length, obtain the digital digest of first row list file.
5. method according to claim 4, is characterized in that, the acquisition process of the digital digest of described secondary series list file comprises:
Local listing file content is obtained from described log-on data;
Utilize described local listing file content, generate the digital digest of secondary series list file.
6. method according to claim 5, is characterized in that, describedly judges that whether described first home identity is identical with the second local home identity and comprises:
The digital digest storing documents name of ownership certificate, reference position and length is obtained from the software package of described target software;
According to the digital digest storing documents name of described ownership certificate, reference position and length, obtain the digital digest of the first ownership certificate file;
Local ownership certificate file content is obtained from described log-on data;
According to described this locality ownership certificate file content, generate the digital digest of the second ownership certificate file;
Whether the digital digest that the more described first digital digest and described second belonging to certificate file belongs to certificate file is identical, if, from the software package of described target software, obtain the first home identity, and from described log-on data, obtain the second local home identity;
Whether more described first home identity is identical with the second home identity.
7. method according to claim 6, it is characterized in that, whether each file destination that the software package of described more described target software successively comprises is identical with the attribute of each file destination indicated in described log-on data, if so, then determine that the software package of described target software is comprised by checking:
Whether the first object listed files in the software package of target software described in comparison is identical with the second file destination list in described log-on data, if, the digital digest of each file destination in the digital digest of each file destination then successively in more described first object listed files and described second file destination list, if all identical, then determine that the software package of described target software is by checking.
8. method according to claim 1, is characterized in that, also comprises:
Do not comprise in software package target software being detected the first file and the second file or, the attribute of each file destination indicated in or described first home identity is different with the second home identity or software package that is described target software comprises each file destination different from secondary series list file digital digest at described first row list file digital digest and described log-on data is different, determine the home authentication failure of described target software.
9. a demo plant for software ownership, is characterized in that, comprising:
First acquisition module, for obtaining the log-on data of equipment this locality, at least comprises listing file, ownership certificate file and software document in the log-on data of described equipment this locality;
Detection module, for detect target software software package in whether comprise the first file and the second file;
Second acquisition module, if the software package for described target software comprises the first file and the second file, from the software package of described target software, then obtain the digital digest of first row list file, described first file is the file that title is identical with the title of described listing file, and described second file is the file that title is identical with the title of described ownership certificate file;
First judge module, whether the digital digest for the digital digest with secondary series list file that judge described first row list file is identical, and the digital digest of described secondary series list file is the digital digest of the listing file generated according to described log-on data;
3rd acquisition module, if identical with the digital digest of secondary series list file for the digital digest of described first row list file, obtains the first home identity from the software package of described target software;
Second judge module, for judging that whether described first home identity is identical with the second local home identity;
Comparison module, if identical with the second home identity for described first home identity, then whether each file destination of comprising of the software package of more described target software is identical with the attribute of each file destination indicated in described log-on data successively, if so, then determine that the software package of described target software is by checking.
10. device according to claim 9, is characterized in that, also comprises:
Receiver module, for whether comprise the first file and the second file in the software package of described detection target software before, receives the software package of described target software;
Deciphering module, for obtaining the log-on data ciphertext needed for local verification from this locality, and uses log-on data ciphertext described in the first local secret key decryption, obtains log-on data expressly; The 4th key of the second key of cipher mode and described listing file, the 3rd key of described ownership certificate file and described software document is obtained from described log-on data plaintext; According to described cipher mode, use described second key, described 3rd key and the 4th key respectively, parse described listing file, described ownership certificate file and described software document.
11. devices according to claim 10, is characterized in that, described detection module for detect target software software package in whether comprise the first file and the second file comprises:
Described detection module specifically for, when the equal successful decryption of described listing file, described ownership certificate file and described software document, detect target software software package in whether comprise the first file and the second file.
12. devices according to claim 9 or 10, is characterized in that, the digital digest that described second acquisition module is used for obtaining first row list file from the software package of described target software comprises:
Described second acquisition module specifically for, listing file digital digest storing documents name, reference position and length is obtained from the software package of described target software, and according to described listing file digital digest storing documents name, reference position and length, obtain the digital digest of first row list file.
13. devices according to claim 12, is characterized in that, also comprise:
4th acquisition module, for obtaining local listing file content from described log-on data, utilizes described local listing file content, generates the digital digest of secondary series list file.
14. devices according to claim 13, is characterized in that, described second judge module comprises for judging that whether described first home identity is identical with the second local home identity:
Described second judge module specifically for, from the software package of described target software, obtain the ownership digital digest storing documents name of certificate, reference position and length; According to the digital digest storing documents name of described ownership certificate, reference position and length, obtain the digital digest of the first ownership certificate file; Local ownership certificate file content is obtained from described log-on data; According to described this locality ownership certificate file content, generate the digital digest of the second ownership certificate file; Whether the digital digest that the more described first digital digest and described second belonging to certificate file belongs to certificate file is identical, if, from the software package of described target software, obtain the first home identity, and from described log-on data, obtain the second local home identity; Whether more described first home identity is identical with the second home identity.
15. devices according to claim 14, it is characterized in that, whether each file destination that the software package that described comparison module is used for more described target software successively comprises is identical with the attribute of each file destination indicated in described log-on data, if so, then determine that the software package of described target software is comprised by checking:
Described comparison module specifically for, whether the first object listed files in the software package of target software described in comparison is identical with the second file destination list in described log-on data, if, the digital digest of each file destination in the digital digest of each file destination then successively in more described first object listed files and described second file destination list, if all identical, then determine that the software package of described target software is by checking.
16. devices according to claim 9, is characterized in that, also comprise:
Determination module, for do not comprise in software package target software being detected the first file and the second file or, the attribute of each file destination indicated in or described first home identity is different with the second home identity or software package that is described target software comprises each file destination different from secondary series list file digital digest at described first row list file digital digest and described log-on data is different, determine the home authentication failure of described target software.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410849848.1A CN104504328B (en) | 2014-12-31 | 2014-12-31 | A kind of verification method and device of software ownership |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410849848.1A CN104504328B (en) | 2014-12-31 | 2014-12-31 | A kind of verification method and device of software ownership |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104504328A true CN104504328A (en) | 2015-04-08 |
| CN104504328B CN104504328B (en) | 2017-12-15 |
Family
ID=52945724
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410849848.1A Active CN104504328B (en) | 2014-12-31 | 2014-12-31 | A kind of verification method and device of software ownership |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104504328B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1479205A (en) * | 2002-08-26 | 2004-03-03 | 王振新 | Method of protecting computer software copyright through hardware identification code |
| WO2008001060A1 (en) * | 2006-06-29 | 2008-01-03 | Symbian Software Limited | Revoking malware in a computing device |
| US7434259B2 (en) * | 2002-10-21 | 2008-10-07 | Microsoft Corporation | Method for prompting a user to install and execute an unauthenticated computer application |
| CN101281461A (en) * | 2007-04-04 | 2008-10-08 | 国际商业机器公司 | Method and device for transfer applying dependent system environment |
| CN104092544A (en) * | 2014-06-26 | 2014-10-08 | 工业和信息化部计算机与微电子发展研究中心(中国软件评测中心) | Service signature method and device compatible with Android application |
-
2014
- 2014-12-31 CN CN201410849848.1A patent/CN104504328B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1479205A (en) * | 2002-08-26 | 2004-03-03 | 王振新 | Method of protecting computer software copyright through hardware identification code |
| US7434259B2 (en) * | 2002-10-21 | 2008-10-07 | Microsoft Corporation | Method for prompting a user to install and execute an unauthenticated computer application |
| WO2008001060A1 (en) * | 2006-06-29 | 2008-01-03 | Symbian Software Limited | Revoking malware in a computing device |
| CN101281461A (en) * | 2007-04-04 | 2008-10-08 | 国际商业机器公司 | Method and device for transfer applying dependent system environment |
| CN104092544A (en) * | 2014-06-26 | 2014-10-08 | 工业和信息化部计算机与微电子发展研究中心(中国软件评测中心) | Service signature method and device compatible with Android application |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104504328B (en) | 2017-12-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102780699B (en) | Protecting method and protecting system for authentication server software copyright | |
| CN103460195B (en) | For the system and method for security software update | |
| KR101754308B1 (en) | Method for management sensitive data of mobile and escrow server for performing the method | |
| US9288054B2 (en) | Method and apparatus for authenticating and managing application using trusted platform module | |
| US20080024268A1 (en) | Component authentication for computer systems | |
| CN103189872A (en) | Secure and efficient content screening in a networked environment | |
| CN106991326A (en) | The upgrade method and its equipment of a kind of equipment firmware | |
| CN104123488A (en) | Method and device for verifying application program | |
| CN102314578A (en) | System and method for realizing software protection | |
| CN101968834A (en) | Encryption method and device for anti-copy plate of electronic product | |
| CN102479297A (en) | Copyright protection method based on public key system and digital watermarking | |
| CN103995723A (en) | IVI system firmware updating method and device based on mobile storage equipment | |
| CN104868998A (en) | System, Device, And Method Of Provisioning Cryptographic Data To Electronic Devices | |
| CN111814132A (en) | Security authentication method and device, security authentication chip and storage medium | |
| CN103400063A (en) | Method and device for executing script file | |
| CN102196317A (en) | Set-top box protection method and set-top box | |
| KR100755006B1 (en) | File identification system in distributed network and Method thereof | |
| CN104636659A (en) | Register data generation method and device | |
| CN103336918B (en) | Electronic hard disk system authorization method and device | |
| KR101630462B1 (en) | Apparatus and Method for Securing a Keyboard | |
| CN101924794A (en) | Internet based method for monitoring total software operation quantity in real time | |
| US8490208B2 (en) | Method and device for detecting if a computer file has been copied and method and device for enabling such detection | |
| CN104504328A (en) | Software attribution verifying method and device | |
| CN103248490A (en) | Method and system for backing-up information in electronic signature token | |
| CN102495811A (en) | Method for generating and validating license and storage equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder |
Address after: The age of 412001 in Hunan Province, Zhuzhou Shifeng District Road No. 169 Patentee after: ZHUZHOU CRRC TIMES ELECTRIC Co.,Ltd. Address before: The age of 412001 in Hunan Province, Zhuzhou Shifeng District Road No. 169 Patentee before: ZHUZH CSR TIMES ELECTRIC Co.,Ltd. |
|
| CP01 | Change in the name or title of a patent holder |