CN107967413A - Software enciphering method and device - Google Patents
Software enciphering method and device Download PDFInfo
- Publication number
- CN107967413A CN107967413A CN201711212277.0A CN201711212277A CN107967413A CN 107967413 A CN107967413 A CN 107967413A CN 201711212277 A CN201711212277 A CN 201711212277A CN 107967413 A CN107967413 A CN 107967413A
- Authority
- CN
- China
- Prior art keywords
- chip
- encryption chip
- encryption
- secret key
- certification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 30
- 238000003860 storage Methods 0.000 claims description 23
- 238000004422 calculation algorithm Methods 0.000 claims description 12
- 238000004590 computer program Methods 0.000 claims description 5
- 238000004364 calculation method Methods 0.000 claims description 2
- 238000005516 engineering process Methods 0.000 abstract description 3
- 238000002864 sequence alignment Methods 0.000 description 6
- 238000005336 cracking Methods 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 230000004888 barrier function Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 125000004122 cyclic group Chemical group 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 235000013399 edible fruits Nutrition 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
- 238000002360 preparation method Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/123—Restricting unauthorised execution of programs by using dedicated hardware, e.g. dongles, smart cards, cryptographic processors, global positioning systems [GPS] devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/101—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities
- G06F21/1011—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities to devices
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Technology Law (AREA)
- Multimedia (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Remote Sensing (AREA)
- Radar, Positioning & Navigation (AREA)
- Storage Device Security (AREA)
Abstract
The present invention relates to encryption technology field, there is provided a kind of software enciphering method and device.The described method includes:Receive the first certification MAC sequences that encryption chip calculates generation;Calculate the second certification MAC sequences of generation;Compare the first certification MAC sequences and whether the second certification MAC sequences are consistent;If consistent, encryption certification success is confirmed.The method and device can effectively ensure the certification of software safety, prevent equipment to be cloned easily.
Description
Technical field
The present invention relates to encryption technology field, and in particular to a kind of software enciphering method and device.
Background technology
With the development of embedded system, the problem of piracy of embedded application software is also increasingly severe.Currently on the market very
Multi-embedding formula products scheme can all crack duplication, and the scheme master chip of being primarily due to does not possess the anti-function of cracking, this
Result in that developer puts into great effort, the new product of financial resources exploitation is replicated by others once listing, in the market can only be with
Price competition, price advantageously, can almost be ignored not the product that last factory replicates because their exploitation is put on the contrary
Meter, this often causes very big loss to manufacturer.Therefore in the prior art, it can not effectively ensure that software safety is recognized
Demonstrate,prove, prevent equipment to be cloned easily.
The content of the invention
In view of this, an embodiment of the present invention provides a kind of software enciphering method and device, can solve in the prior art
Chip cost is high, cracks the problem of difficulty is low and equipment is cloned easily.
The embodiment of the present invention provides a kind of software enciphering method, including:
Receive the first certification MAC sequences that encryption chip calculates generation;
Calculate the second certification MAC sequences of generation;
Compare the first certification MAC sequences and whether the second certification MAC sequences are consistent;
If consistent, encryption certification success is confirmed.
Optionally, before the first certification MAC sequences that master chip receives that encryption chip calculates generation, further include:
Remove the main secret key of encryption chip in encryption chip;
The main secret key of encryption chip and the random number of encryption chip are write into encryption chip so that the encryption chip according to
Encryption chip main secret key, the random number of the encryption chip and the pre-stored data of encryption chip, pass through Secure Hash Algorithm
Calculate the first certification MAC sequences.
Optionally, the second certification MAC sequences of generation are calculated, including:
The main secret key of master chip is set;
The pre-stored data of encryption chip is read, is formed according to the pre-stored data of the encryption chip and the main secret key of master chip
Ordered sequence, passes through once safety hash operations, generating device secret key;
The random number of master chip is set, according to the random number of the master chip, the pre-stored data of encryption chip, master chip master
Secret key and the device secret key, by secondary secure hash computing, generate the second certification MAC sequences.
Optionally, the main secret key of the master chip is consistent with the main secret key of the encryption chip.
Optionally, the pre-stored data of the encryption chip, including:The model of encryption chip and the memory information of encryption chip
And the data of user's storage;
The data of user's storage include encryption information.
The embodiment of the present invention provides a kind of software cryptography device, including:
Receiving module, the first certification MAC sequences of generation are calculated for receiving encryption chip;
First generation module, the second certification MAC sequences are generated for calculating;
Comparison module, it is whether consistent for comparing the first certification MAC sequences and the second certification MAC sequences;If consistent, really
Recognize encryption certification success.
Optionally, the software cryptography device further includes:Second generation module;
Second generation module is used for:Master chip receive encryption chip calculate generation the first certification MAC sequences it
Before, remove the main secret key of encryption chip in encryption chip;The main secret key of encryption chip and encryption chip are write into encryption chip
Random number, so that the encryption chip is according to the pre- of the main secret key of the encryption chip, the random number of encryption chip and encryption chip
Deposit data, the first certification MAC sequences are calculated by Secure Hash Algorithm.
Optionally, the first generation module, is specifically used for:The main secret key of master chip is set;
The pre-stored data of encryption chip is read, is formed according to the pre-stored data of the encryption chip and the main secret key of master chip
Ordered sequence, passes through once safety hash operations, generating device secret key;
The random number of master chip is set, according to the random number of the master chip, the pre-stored data of encryption chip, master chip master
Secret key and the device secret key, by secondary secure hash computing, generate the second certification MAC sequences;
Wherein, the main secret key of the master chip is consistent with the main secret key of the encryption chip.
The embodiment of the present invention provides a kind of computer equipment, including memory, processor and storage are on a memory and can
The computer program run on a processor, it is characterised in that when the processor performs described program, realize any of the above-described soft
The step of part encryption method.
The embodiment of the present invention provides a kind of computer-readable recording medium, and the computer-readable recording medium storage has meter
Calculation machine program, when the computer program is executed by one or more processors, realizes the step of any of the above-described software enciphering method
Suddenly.
Existing beneficial effect is the technical solution that the embodiment of the present invention uses compared with prior art:The embodiment of the present invention
The first certification MAC sequences of generation are calculated by receiving encryption chip, then the second certification MAC sequences of generation are calculated by master chip,
By the first certification MAC sequences and the second certification MAC sequence alignments, if the first certification MAC sequences and the second certification MAC sequence alignments
As a result it is consistent, then encryption certification success is confirmed, since encryption certification needs to aid in carrying out by encryption chip, if copy master chip
Software application to terminal, due to not having encryption chip in terminal, can not be added inside software application
Close certification, software can not normal operation, can effectively ensure the certification of software safety, prevent equipment to be cloned easily.
Brief description of the drawings
To describe the technical solutions in the embodiments of the present invention more clearly, below will be to embodiment or description of the prior art
Needed in attached drawing be briefly described, it should be apparent that, drawings in the following description be only the present invention some
Embodiment, for those of ordinary skill in the art, without having to pay creative labor, can also be according to these
Attached drawing obtains other attached drawings.
Fig. 1 is software enciphering method flow chart provided in an embodiment of the present invention;
Fig. 2 is software cryptography device frame assumption diagram provided in an embodiment of the present invention.
Embodiment
Below in conjunction with the attached drawing in the embodiment of the present invention, the technical solution in the embodiment of the present invention is carried out clear, complete
Site preparation describes, it is clear that described embodiment is part of the embodiment of the present invention, instead of all the embodiments.Based on this hair
Embodiment in bright, the every other implementation that those of ordinary skill in the art are obtained without making creative work
Example, belongs to the scope of protection of the invention.
Referring to Fig. 1, software enciphering method provided in an embodiment of the present invention, including:
Step S101, receives the first certification MAC sequences that encryption chip calculates generation.
The executive agent of method can be master chip in the present embodiment.The master chip is used to store and perform software journey
Sequence.The present invention devises encryption chip, and the encryption chip user aids in master chip to realize encryption, the encryption chip and described
Master chip is electrically connected.One MAC sequence number of generation is calculated in encryption chip, in the present embodiment, the MAC sequences of generation are
The first certification MAC sequences are sent to master chip, master chip and receive encryption chip by the first identification sequences, the encryption chip
Calculate the first certification MAC sequences of generation.
Specifically, before the first certification MAC sequences that master chip receives that encryption chip calculates generation, can also include:
Remove the main secret key of encryption chip in encryption chip;The random of the main secret key of encryption chip and encryption chip is write into encryption chip
Number, so that the encryption chip is according to the pre- of the main secret key of the encryption chip, the random number of the encryption chip and encryption chip
Deposit data, the first certification MAC sequences are calculated by Secure Hash Algorithm.
Wherein, the pre-stored data of the encryption chip, including:The model of encryption chip and the memory information of encryption chip with
And the data of user's storage;The data of user's storage include encryption information.
In the present embodiment, before the first certification MAC sequences that master chip receives that encryption chip calculates generation, encryption chip
Need to calculate and generate the first certification MAC sequences, wherein, each encryption chip carries unique 64 ROM and ID,
And encryption chip provides the data block of 256 user-programmable eeprom array, to store the data that user wants storage, its
In, data block can also store self-defining data, such as store sequence number as product identification, such as storage hardware version number, then count
Product release management and product maintenance can be integrated together with encryption chip according to block.Therefore, encryption chip calculates generation
First certification MAC sequences concretely comprise the following steps:Encryption chip is initialized, the main secret key of encryption chip in encryption chip is clear
Sky, that is, remove the main secret key of encryption chip in encryption chip;Again again into encryption chip write the main secret key of encryption chip, and to
The random number of encryption chip is write in encryption chip, wherein, the random number of encryption chip is sent by master chip, according to encryption
The pre-stored data of the main secret key of chip, the random number of encryption chip and the encryption chip being stored in advance in encryption chip, passes through
Secure Hash Algorithm calculates the first certification MAC sequences, wherein, the pre-stored data of encryption chip can include the type of encryption chip
Number and encryption chip memory information and user storage data, in the present embodiment, the memory information of the encryption chip
Model with encryption chip can be:Unique 64 ROM and ID that encryption chip carries, the data of user's storage
It can include encryption information, encryption information can be that the users such as user's volume of data to be protected or code want to protect
Information.
Step S102, calculates the second certification MAC sequences of generation.
In the present embodiment, after receiving encryption chip and calculating the first certification MAC sequences generated, master chip is also required to calculate
A MAC sequence number is generated, which calculates the second identification sequences of MAC Serial No. of generation.
Specifically, the second certification MAC sequences of generation are calculated, are comprised the following steps that:
Step S201, sets the main secret key of master chip.
Step S202, reads the pre-stored data of encryption chip, according to the pre-stored data of the encryption chip and master chip master
The ordered sequence of secret key composition, passes through once safety hash operations, generating device secret key;
Step S203, sets the random number of master chip, according to the random number of the master chip, the number that prestores of encryption chip
According to, the main secret key of master chip and the device secret key, pass through secondary secure hash computing, generate the second certification MAC sequences.
Wherein, the main secret key of the master chip is consistent with the main secret key of the encryption chip.
In the present embodiment, during master chip calculates the second certification MAC sequences of generation, first in master chip in advance
The main secret key of master chip as the main secret key of the encryption chip is stored, then the number that prestores of encryption chip is read from encryption chip
According to then providing unique 64 ROM, ID and encryption chip in the main secret key of master chip, encryption chip to 256 use
Family may be programmed the data composition ordered sequence that the user stored in the data block of eeprom array wants storage, pass through once safety
Hash operations generating device secret key, wherein, ordered sequence is that can carry out the sequence of secure hash computing, due to device secret key with
ROM and ID in encryption chip is relevant, then the uniqueness of the ROM and ID of encryption chip determine the uniqueness of device secret key.
There is provided further according to unique 64 ROM, ID and encryption chip in the main secret key of master chip, encryption chip
The user stored in the data block of 256 user-programmable eeprom array wants the data stored and the device secret key again
Secondary composition ordered sequence, the second certification MAC sequences are generated by secondary secure hash computing.
Step S103, compares the first certification MAC sequences and whether the second certification MAC sequences are consistent;If consistent, confirm to add
Close certification success.
In the present embodiment, generated according to being calculated in the first certification MAC sequences and master chip that generation is calculated in encryption chip
The second certification MAC sequences, carry out two MAC sequences comparison:If comparison result is consistent, encryption certification success is confirmed, it is soft
Part can be with normal operation;If comparison is inconsistent, software application exits, if wanting to encrypt certification success, needs to count again
Calculate the first certification MAC sequences of generation and the second certification MAC sequences and be compared, only compare unanimously, just can confirm that encryption is recognized
Demonstrate,prove successfully.Therefore, the present invention is encrypted certification when system boot is run, authentification failure, then software application exits, such as
Fruit does not just run without encryption chip, whole system, even if the software application of master chip is copied to terminal, due in terminal
Not encryption chip, can not be by encrypting certification, software refusal operation inside its software application.
Preferably due to which the random number of encryption chip is sent by master chip, and it is used for realization master chip and encryption core
The one-wire buses of piece connection do not have error correcting capability, easily by external disturbance, even if there is cyclic redundancy check code CRC check,
It is also possible to be disturbed error, then the random number for the encryption chip that possible encryption chip receives is sent random with master chip
Number is inconsistent, it is therefore desirable to which encryption chip calculates double probate MAC sequences, i.e., it is secret that encryption chip master is write into encryption chip
Key, according to the main secret key of encryption chip and the pre-stored data for the encryption chip being stored in advance in encryption chip, by once pacifying
Full hash operations, generate the device secret key of encryption chip, and the random number of encryption chip is write into encryption chip, according to encryption
Pre-stored data and the encryption of the main secret key of chip, the random number of encryption chip and the encryption chip being stored in advance in encryption chip
The device secret key of chip, the identification sequences number of first time are calculated by secondary Secure Hash Algorithm, with same method meter
Secondary identification sequences number are calculated, if two times result is identical, by the identification sequences number of the first time or secondary
The first identification sequences of identification sequences conduct, then the second certification MAC that the first identification sequences are calculated with master chip in system
Sequence compares certification, wherein, during master chip calculates the second identification sequences, the random number of the master chip of setting and master
The random number for the encryption chip that chip is sent to encryption chip is consistent, and certification is encrypted after optimization can reach thousands of times and do not go out
It is wrong.
In the present embodiment, software cryptography certification can be applied in Linux system, therefore software cryptography is divided into 3 layers:Hardware
Layer, driving layer, application layer, wherein, encryption chip uses DS28E11.Hardware layer is used for encryption chip internal operation logic:Each
Encryption chip carries unique 64 ROM and ID;The encryption chip provides 256 EEPROM gusts of user-programmables
The data that the data block of row stores to store user to want;Need to write the main secret key of encryption chip in advance in encryption chip, only
It is writable non-readable;The random number that encryption chip is write into encryption chip is write by application layer;Software sends order, encryption
The Secure Hash Algorithm of chip internal storage is calculated using the nonce count of above-mentioned ROM and ID and data block and encryption chip
MAC sequence numbers, are the first certification MAC sequences.
Layer is driven to be used for the communication of the master chip and encryption chip of system:Encryption chip is serial by single contact one-wire
Interface communicates with master chip, it then follows 1-Wire agreements, can greatly simplify circuit design, driving layer is specifically used for encryption
Chip sends order, reads or write the data needed.
Application layer is used in master chip the total logic for encrypting authentication processing, i.e., how to control encryption chip, and be encrypted
Certification:In master chip stores in the application program of software the main secret key of master chip, the data block of master chip and encryption chip in advance
The main secret key of encryption chip of write-in is identical;ROM and ID and data block need to read out from encryption chip;According to master chip master
Secret key, ROM, ID and data chunk into ordered sequence, device secret key is obtained by Secure Hash Algorithm computing, since device is secret
Key ROM unique with encryption chip and ID is associated, then the device secret key obtained is also unique;Further according to ROM, ID, data block,
The random number of the master chip of write-in and device secret key composition ordered sequence, MAC is obtained by Secure Hash Algorithm computing
Sequence number, is the second certification MAC sequences;Read the first certification MAC sequences calculated in encryption chip, and and software
In application program master chip calculate complete the second certification MAC sequences compare, if comparison is identical, confirm encryption certification into
Work(, otherwise certification is not by exiting the program.
In the present embodiment, by calculating the first identification sequences and the second identification sequences, by the first identification sequences and second
Identification sequences are compared, and according to comparison result, confirm whether encryption certification succeeds, and whether software can run, due to encryption
Certification needs to aid in carrying out by encryption chip, if the software application of copy master chip to terminal, due in terminal not
Have encryption chip, therefore certification can not be encrypted inside software application, software can not normal operation, can effectively protect
The certification of barrier software safety, prevent equipment to be cloned easily, and simple with hardware, and cost is low, and it is easy that software is realized,
The advantages that being difficult to crack, is suitably applied the encryption of system-level application.
Referring to Fig. 2, software cryptography device provided in this embodiment, including:Receiving module 201, for receiving encryption chip
Calculate the first certification MAC sequences of generation;First generation module 202, the second certification MAC sequences are generated for calculating;Compare mould
Block 203, it is whether consistent for comparing the first certification MAC sequences and the second certification MAC sequences;If consistent, encryption certification is confirmed
Success.
Software cryptography device in the present embodiment can be used for performing the software enciphering method shown in Fig. 1, it is implemented
Principle may refer to above method embodiment, and details are not described herein again.
Wherein, the receiving module 201 of setting is used to calculate one MAC sequence number of generation in encryption chip, and generation is somebody's turn to do
MAC sequences are the first identification sequences, and the first certification MAC sequences are sent to master chip, master chip and connect by the encryption chip
Receive the first certification MAC sequences that encryption chip calculates generation;First generation module 202 is used to receive encryption chip calculating generation
The first certification MAC sequences after, master chip be also required to calculate generation one MAC sequence number, the master chip calculate generation MAC sequences
Row number is the second identification sequences;Comparison module 203 is used for according to the first certification MAC sequences and master that generation is calculated in encryption chip
The second certification MAC sequences of generation are calculated in chip, carry out the comparison of two MAC sequences:If comparison result is consistent, confirm to add
Close certification success, software can be with normal operation;If comparison is inconsistent, software application exits, if wanting to encrypt certification success,
Then need to recalculate the first certification MAC sequences of generation and the second certification MAC sequences and be compared, only compare consistent,
It can confirm that encryption certification success.Therefore, certification is encrypted when system boot is run by the present invention, and authentification failure, then software should
Exited with program, if without encryption chip, whole system is not just run, even if copying the software application of master chip to eventually
End, can not be by encrypting certification, software refusal operation inside its software application due to not having encryption chip in terminal.
In the present embodiment, by setting receiving module 201, the first generation module 202, comparison module 203, add for receiving
Close chip calculates the first certification MAC sequences of generation, then calculates the second certification MAC sequences of generation by master chip, by the first certification
MAC sequences and the second certification MAC sequence alignments, if the first certification MAC sequences are consistent with the second certification MAC sequence alignment results,
Encryption certification success is then confirmed, since encryption certification needs to aid in carrying out by encryption chip, if the software of copy master chip should
With program to terminal, due to not having encryption chip in terminal, certification can not be encrypted inside software application, it is soft
Part can not normal operation, can effectively ensure the certification of software safety, prevent equipment to be cloned easily.
Further, above-mentioned software cryptography device further includes:Second generation module;Second generation module is used for:
Before the first certification MAC sequences that master chip receives that encryption chip calculates generation, the encryption chip master in encryption chip is removed
Secret key;The main secret key of encryption chip and the random number of encryption chip are write into encryption chip, so that the encryption chip is according to institute
The pre-stored data of the main secret key of encryption chip, the random number of encryption chip and encryption chip is stated, is calculated by Secure Hash Algorithm
First certification MAC sequences.
In the present embodiment, the second generation module is set to be used for the first certification for receiving encryption chip calculating generation in master chip
Before MAC sequences, encryption chip needs to calculate and generates the first certification MAC sequences, wherein, each encryption chip is only with one
One without two 64 ROM and ID, and encryption chip provides the data block of 256 user-programmable eeprom array, to store
User wants the data of storage, wherein, data block can also store self-defining data, such as store sequence number as product identification,
Such as storage hardware version number, then product release management and product maintenance can be integrated together by data block with encryption chip.
Therefore, encryption chip calculates concretely comprising the following steps for the first certification MAC sequences of generation:Encryption chip is initialized, by encryption chip
In the main secret key of encryption chip empty, that is, remove encryption chip in the main secret key of encryption chip;Write again into encryption chip again
Enter the main secret key of encryption chip, and the random number of encryption chip write into encryption chip, wherein, the random number of encryption chip be by
What master chip was sent, it is stored according to the main secret key of encryption chip, the random number of encryption chip and in advance adding in encryption chip
The pre-stored data of close chip, the first certification MAC sequences are calculated by Secure Hash Algorithm, wherein, the number that prestores of encryption chip
According to can include the model of encryption chip and the memory information of encryption chip and user storage data, in the present embodiment,
The memory information of the encryption chip and the model of encryption chip can be:Carry one unique 64 of encryption chip
ROM and ID, the data of user's storage can include encryption information, and encryption information can be user's volume of data to be protected
Or the user such as code information to be protected.
Wherein, the first generation module 202, is specifically used for:The main secret key of master chip is set;Read the number that prestores of encryption chip
According to the ordered sequence formed according to the pre-stored data of the encryption chip and the main secret key of master chip, is hashed by once safety and transported
Calculate, generating device secret key;Set master chip random number, according to the random number of the master chip, encryption chip pre-stored data,
The main secret key of master chip and the device secret key, by secondary secure hash computing, generate the second certification MAC sequences;Wherein,
The main secret key of master chip is consistent with the main secret key of the encryption chip.
In the present embodiment, by setting the first generation module 202, specifically for calculating the second certification of generation in master chip
During MAC sequences, the main secret key of master chip as the main secret key of the encryption chip is stored in advance first in master chip,
The pre-stored data of encryption chip is read from encryption chip again, then by an only nothing in the main secret key of master chip, encryption chip
Two 64 ROM, ID and encryption chip provide the user stored in the data block of 256 user-programmable eeprom array and want
The data composition ordered sequence of storage, by once safety hash operations generating device secret key, wherein, ordered sequence is can be into
The sequence of row secure hash computing, since device secret key and the ROM in encryption chip and ID are relevant, then the ROM of encryption chip
The uniqueness of device secret key is determined with the uniqueness of ID.
There is provided further according to unique 64 ROM, ID and encryption chip in the main secret key of master chip, encryption chip
The user stored in the data block of 256 user-programmable eeprom array wants the data stored and the device secret key again
Secondary composition ordered sequence, the second certification MAC sequences are generated by secondary secure hash computing.
In the present embodiment, by setting the first generation module 202,201 and second generation module of receiving module, for calculating
Going out the first identification sequences, master chip receives the first identification sequences and calculates the second identification sequences, then by setting comparison module
203, for the first identification sequences and the second identification sequences to be compared, according to comparison result, confirm encryption certification whether into
Whether work(, software can run, since encryption certification needs to aid in carrying out by encryption chip, if the software of copy master chip should
With program to terminal, due to not having encryption chip in terminal, certification can not be encrypted inside software application, it is soft
Part can not normal operation, can effectively ensure the certification of software safety, prevent equipment to be cloned easily, and with hard
Part is simple, and cost is low, and software is realized easy, it is difficult to which the advantages that cracking, is suitably applied the encryption of system-level application.
Computer equipment provided by the invention, including memory, processor and storage are on a memory and can be in processor
The computer program of upper operation, when the processor performs described program, it is possible to achieve the step of the above method.
Computer equipment in the present embodiment can be used for performing the software enciphering method shown in Fig. 1, it implements former
Reason may refer to above method embodiment, and details are not described herein again.
Computer-readable recording medium provided by the invention, the computer-readable recording medium storage have computer journey
Sequence, when the computer program is executed by one or more processors, it is possible to achieve the step of the above method.
Computer-readable recording medium in the present embodiment can be used for performing the software enciphering method shown in Fig. 1, it has
Body realization principle may refer to above method embodiment, and details are not described herein again.
The present invention receives the first certification MAC sequences that encryption chip calculates generation by setting software enciphering method and device
Row, then the second certification MAC sequences of generation are calculated by master chip, by the first certification MAC sequences and the second certification MAC sequence alignments,
If the first certification MAC sequences are consistent with the second certification MAC sequence alignment results, encryption certification success is confirmed, since encryption is recognized
Card need by encryption chip aid in carry out, if copy master chip software application arrive terminal, due in terminal do not have
Encryption chip, therefore certification can not be encrypted inside software application, software can not normal operation, can effectively ensure
The certification of software safety, prevent equipment to be cloned easily.
Embodiment described above is merely illustrative of the technical solution of the present invention, rather than its limitations;Although with reference to foregoing reality
Example is applied the present invention is described in detail, it will be understood by those of ordinary skill in the art that:It still can be to foregoing each
Technical solution described in embodiment is modified, or carries out equivalent substitution to which part technical characteristic;And these are changed
Or replace, the essence of appropriate technical solution is departed from the spirit and scope of various embodiments of the present invention technical solution, should all
Within protection scope of the present invention.
Claims (10)
- A kind of 1. software enciphering method, it is characterised in that including:Receive the first certification MAC sequences that encryption chip calculates generation;Calculate the second certification MAC sequences of generation;Compare the first certification MAC sequences and whether the second certification MAC sequences are consistent;If consistent, encryption certification success is confirmed.
- 2. software enciphering method according to claim 1, it is characterised in that receive encryption chip in master chip and calculate generation The first certification MAC sequences before, further include:Remove the main secret key of encryption chip in encryption chip;The main secret key of encryption chip and the random number of encryption chip are write into encryption chip, so that the encryption chip is according to The main secret key of encryption chip, the random number of the encryption chip and the pre-stored data of encryption chip, are calculated by Secure Hash Algorithm Go out the first certification MAC sequences.
- 3. software enciphering method according to claim 1, it is characterised in that calculate the second certification MAC sequences of generation, bag Include:The main secret key of master chip is set;The pre-stored data of encryption chip is read, is formed according to the pre-stored data of the encryption chip and the main secret key of master chip orderly Sequence, passes through once safety hash operations, generating device secret key;The random number of master chip is set, according to the random number of the master chip, the pre-stored data of encryption chip, the main secret key of master chip And the device secret key, by secondary secure hash computing, generate the second certification MAC sequences.
- 4. software enciphering method according to claim 3, it is characterised in that the main secret key of master chip and the encryption core The main secret key of piece is consistent.
- 5. software enciphering method according to claim 2, it is characterised in that the pre-stored data of the encryption chip, including: The model of encryption chip and the memory information of encryption chip and the data of user's storage;The data of user's storage include encryption information.
- A kind of 6. software cryptography device, it is characterised in that including:Receiving module, the first certification MAC sequences of generation are calculated for receiving encryption chip;First generation module, the second certification MAC sequences are generated for calculating;Comparison module, it is whether consistent for comparing the first certification MAC sequences and the second certification MAC sequences;If consistent, confirm to add Close certification success.
- 7. software cryptography device according to claim 6, it is characterised in that further include:Second generation module;Second generation module is used for:Before the first certification MAC sequences that master chip receives that encryption chip calculates generation, the encryption core in encryption chip is removed The main secret key of piece;The main secret key of encryption chip and the random number of encryption chip are write into encryption chip, so that the encryption chip root According to the pre-stored data of the main secret key of the encryption chip, the random number of encryption chip and encryption chip, pass through Secure Hash Algorithm meter Calculate the first certification MAC sequences.
- 8. software cryptography device according to claim 6, it is characterised in that the first generation module, is specifically used for:Master is set The main secret key of chip;The pre-stored data of encryption chip is read, is formed according to the pre-stored data of the encryption chip and the main secret key of master chip orderly Sequence, passes through once safety hash operations, generating device secret key;The random number of master chip is set, according to the random number of the master chip, the pre-stored data of encryption chip, the main secret key of master chip And the device secret key, by secondary secure hash computing, generate the second certification MAC sequences;Wherein, the main secret key of the master chip is consistent with the main secret key of the encryption chip.
- 9. a kind of computer equipment, including memory, processor and storage are on a memory and the meter that can run on a processor Calculation machine program, it is characterised in that when the processor performs described program, realize such as any one of claim 1 to 5 the method The step of.
- 10. a kind of computer-readable recording medium, it is characterised in that the computer-readable recording medium storage has computer journey Sequence, when the computer program is executed by one or more processors, is realized such as any one of claim 1 to 5 the method Step.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711212277.0A CN107967413A (en) | 2017-11-28 | 2017-11-28 | Software enciphering method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711212277.0A CN107967413A (en) | 2017-11-28 | 2017-11-28 | Software enciphering method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107967413A true CN107967413A (en) | 2018-04-27 |
Family
ID=61997976
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711212277.0A Pending CN107967413A (en) | 2017-11-28 | 2017-11-28 | Software enciphering method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107967413A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111159722A (en) * | 2019-11-06 | 2020-05-15 | 武汉迈威通信股份有限公司 | Encryption method of chip system based on single chip microcomputer and encryption chip system |
| CN112100692A (en) * | 2020-09-18 | 2020-12-18 | 北京国科环宇科技股份有限公司 | Encryption method and encryption device for hardware module |
| CN112398647A (en) * | 2020-11-03 | 2021-02-23 | 武汉先同科技有限公司 | Consumable dynamic encryption method for channel distribution management |
| CN113091224A (en) * | 2021-04-07 | 2021-07-09 | 青岛海信日立空调***有限公司 | Air conditioning device and air conditioning control device |
| CN115398856A (en) * | 2020-04-09 | 2022-11-25 | 国际商业机器公司 | Key attribute verification |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101676925A (en) * | 2008-09-16 | 2010-03-24 | 联想(北京)有限公司 | Computer system and method of setting authentication information in security chip |
| US20120069991A1 (en) * | 2009-05-13 | 2012-03-22 | Nagravision S. A. | Method for authenticating access to a secured chip by test device |
| CN103473592A (en) * | 2013-09-25 | 2013-12-25 | 成都市易恒信科技有限公司 | Tag off-line distinguishing method and device based on CPK system |
| CN104268447A (en) * | 2014-09-25 | 2015-01-07 | 深圳市亚特尔科技有限公司 | Encryption method of embedded software |
| CN104331646A (en) * | 2014-11-27 | 2015-02-04 | 上海斐讯数据通信技术有限公司 | Embedded system encryption method |
| CN104463026A (en) * | 2014-12-08 | 2015-03-25 | 深圳中科讯联科技有限公司 | System and method for hardware anti-copying board |
| CN105512520A (en) * | 2015-12-02 | 2016-04-20 | 厦门雅迅网络股份有限公司 | Anti-cloning vehicle-mounted system and work method thereof |
-
2017
- 2017-11-28 CN CN201711212277.0A patent/CN107967413A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101676925A (en) * | 2008-09-16 | 2010-03-24 | 联想(北京)有限公司 | Computer system and method of setting authentication information in security chip |
| US20120069991A1 (en) * | 2009-05-13 | 2012-03-22 | Nagravision S. A. | Method for authenticating access to a secured chip by test device |
| CN103473592A (en) * | 2013-09-25 | 2013-12-25 | 成都市易恒信科技有限公司 | Tag off-line distinguishing method and device based on CPK system |
| CN104268447A (en) * | 2014-09-25 | 2015-01-07 | 深圳市亚特尔科技有限公司 | Encryption method of embedded software |
| CN104331646A (en) * | 2014-11-27 | 2015-02-04 | 上海斐讯数据通信技术有限公司 | Embedded system encryption method |
| CN104463026A (en) * | 2014-12-08 | 2015-03-25 | 深圳中科讯联科技有限公司 | System and method for hardware anti-copying board |
| CN105512520A (en) * | 2015-12-02 | 2016-04-20 | 厦门雅迅网络股份有限公司 | Anti-cloning vehicle-mounted system and work method thereof |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111159722A (en) * | 2019-11-06 | 2020-05-15 | 武汉迈威通信股份有限公司 | Encryption method of chip system based on single chip microcomputer and encryption chip system |
| CN111159722B (en) * | 2019-11-06 | 2023-05-16 | 武汉迈威通信股份有限公司 | Encryption method of chip system based on single chip microcomputer and encryption chip system |
| CN115398856A (en) * | 2020-04-09 | 2022-11-25 | 国际商业机器公司 | Key attribute verification |
| CN112100692A (en) * | 2020-09-18 | 2020-12-18 | 北京国科环宇科技股份有限公司 | Encryption method and encryption device for hardware module |
| CN112398647A (en) * | 2020-11-03 | 2021-02-23 | 武汉先同科技有限公司 | Consumable dynamic encryption method for channel distribution management |
| CN113091224A (en) * | 2021-04-07 | 2021-07-09 | 青岛海信日立空调***有限公司 | Air conditioning device and air conditioning control device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107967413A (en) | Software enciphering method and device | |
| US11323275B2 (en) | Verification of identity using a secret key | |
| US10430616B2 (en) | Systems and methods for secure processing with embedded cryptographic unit | |
| CN106161402B (en) | Encryption equipment key injected system, method and device based on cloud environment | |
| CN104639516B (en) | Identity identifying method, equipment and system | |
| US8443203B2 (en) | Secure boot method and semiconductor memory system using the method | |
| US9253162B2 (en) | Intelligent card secure communication method | |
| CN102084373B (en) | Backing up digital content that is stored in a secured storage device | |
| KR20210131444A (en) | Identity creation for computing devices using physical copy protection | |
| US9461995B2 (en) | Terminal, network locking and network unlocking method for same, and storage medium | |
| TW202036347A (en) | Method and apparatus for data storage and verification | |
| US11831753B2 (en) | Secure distributed key management system | |
| CN104350503A (en) | Memory device and memory system | |
| CN111476573A (en) | Account data processing method, device, equipment and storage medium | |
| CN109257332A (en) | The creation method and device for the exit passageway that digital cash hardware wallet application updates | |
| CN104868998A (en) | System, Device, And Method Of Provisioning Cryptographic Data To Electronic Devices | |
| CN110659506A (en) | Replay protection of memory based on key refresh | |
| TWI476629B (en) | Data security and security systems and methods | |
| US20090268915A1 (en) | Secure Creation and Management of Device Ownership Keys | |
| US20160277182A1 (en) | Communication system and master apparatus | |
| CN109302286B (en) | Fido equipment key index generation method | |
| CN100550735C (en) | The method of multifunction intelligent key equipment and security control thereof | |
| CN109741050A (en) | Extend method of financial IC card service life and associated method and device | |
| CN105893830B (en) | Student's IC card business management method | |
| CN115174067A (en) | Transaction processing method, blockchain node and blockchain network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180427 |