CN111949949B - Software running method, device and equipment and computer readable storage medium - Google Patents
Software running method, device and equipment and computer readable storage medium Download PDFInfo
- Publication number
- CN111949949B CN111949949B CN202010820087.2A CN202010820087A CN111949949B CN 111949949 B CN111949949 B CN 111949949B CN 202010820087 A CN202010820087 A CN 202010820087A CN 111949949 B CN111949949 B CN 111949949B
- Authority
- CN
- China
- Prior art keywords
- preset
- software
- authorization value
- version number
- ciphertext
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 61
- 238000013475 authorization Methods 0.000 claims abstract description 116
- 230000008569 process Effects 0.000 claims abstract description 18
- 238000004364 calculation method Methods 0.000 claims abstract description 9
- 238000004590 computer program Methods 0.000 claims description 14
- 238000004422 calculation algorithm Methods 0.000 claims description 4
- 230000009286 beneficial effect Effects 0.000 abstract description 6
- 238000012795 verification Methods 0.000 description 9
- 238000010586 diagram Methods 0.000 description 4
- 101000851892 Homo sapiens Tropomyosin beta chain Proteins 0.000 description 2
- 102100036471 Tropomyosin beta chain Human genes 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000001960 triggered effect Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Storage Device Security (AREA)
Abstract
The application discloses a software running method, which comprises the following steps: acquiring a corresponding first version number according to a ciphertext of current software; after a first authorization value is calculated by using a preset calculation script, setting a first version number as an input parameter of a preset judgment command, and judging whether the first version number is greater than or equal to a preset version number stored in an NVRAM (non-volatile random access memory) in advance by using the preset judgment command; if so, decrypting the ciphertext of the current software by using the preset key with the initial key authorization value, and operating an executable program obtained by decryption; if not, updating the first authorization value, calculating an updated key authorization value, and ending the process when determining that the updated key authorization value is different from the initial key authorization value. On the basis of prohibiting running of low-version software, the method relatively reduces consumption of manpower resources and improves safety of software running. The application also discloses a software running device, equipment and a computer readable storage medium, which have the beneficial effects.
Description
Technical Field
The present invention relates to the field of computer software, and in particular, to a software running method, apparatus, device, and computer readable storage medium.
Background
With the rapid development of information technology, the updating speed of computer software is greatly improved. However, computer software is not perfect, and once some important software such as Openssl, Tomcat, etc. is released, hackers can study the vulnerabilities therein to realize attacks. Therefore, software developers need to modify the vulnerabilities exposed by the low-version software, and continuously update the software versions, so as to improve the safety of running the software. Since the high-version software and the low-version software are both executable programs, in practical applications, the low-version software may still be run in the presence of the high-version software, which may cause a safety problem in software running.
In the prior art, generally, a program is manually controlled to run to scan currently running software and obtain a corresponding version number, and a version number comparison operation is manually performed to determine whether the currently running software is a low-version software, and to prohibit the running of the low-version software. The method needs to consume a large amount of human resources, and the condition of missed inspection of the running of the low-version software caused by the error of the comparison result due to manual operation error possibly exists, so that the safety problem of the running of the software is caused.
Therefore, how to relatively reduce the consumption of manpower resources and improve the safety of software operation on the basis of realizing the prohibition of the operation of low-version software is a technical problem which needs to be solved by technical personnel in the field.
Disclosure of Invention
In view of this, the present invention provides a software running method, which can relatively reduce the consumption of human resources and improve the safety of software running on the basis of prohibiting running of low-version software; another object of the present invention is to provide a software running device, a device and a computer readable storage medium, all of which have the above advantages.
In order to solve the above technical problem, the present invention provides a software running method, including:
acquiring a corresponding first version number according to the ciphertext of the current software;
after a first authorization value is calculated by using a preset calculation script, setting the first version number as an input parameter of a preset judgment command, and judging whether the first version number is greater than or equal to a preset version number stored in an NVRAM (non-volatile random access memory) in advance by using the preset judgment command;
if so, decrypting the ciphertext of the current software by using a preset key with an initial key authorization value, and operating an executable program obtained by decryption;
if not, updating the first authorization value, calculating an updated key authorization value, and ending the process when determining that the updated key authorization value is different from the initial key authorization value.
Preferably, the process of calculating the initial key authority value includes:
hash (SN 0 | | |) according to policy1n) Calculating an initial first authorization value;
according to policy ═ Hash (policy1| | | 0)n) And calculating the initial key authorization value.
Preferably, the process of storing the preset version number in the NVRAM in advance includes:
creating an NVRAM (non-volatile random access memory), and setting a preset access password of the NVRAM;
and storing the preset version number under the condition that the received access password input by the user is consistent with the preset access password.
Preferably, after the obtaining the corresponding first version number according to the ciphertext of the current software, the method further includes:
displaying the first version number of the current software.
Preferably, before the decrypting the ciphertext of the current software by using the preset key with the initial key authorization value and running the decrypted software executable program, the method further includes:
and carrying out identity verification on the user, entering the step of decrypting the ciphertext of the current software by using the preset key with the initial key authorization value and operating the decrypted executable program of the software under the condition that the identity verification is passed.
Preferably, when it is determined that the updated key authority value is different from the initial key authority value, the method further includes:
and sending out corresponding prompt information.
Preferably, the process of obtaining the corresponding first version number according to the ciphertext of the current software specifically includes:
and scanning the ciphertext of the current software according to a preset time period, and acquiring a corresponding first version number according to the ciphertext of the current software.
In order to solve the above technical problem, the present invention further provides a software running apparatus, including:
the acquisition module is used for acquiring a corresponding first version number according to the ciphertext of the current software;
the judging module is used for setting the first version number as the input parameter of a preset judging command after a first authorization value is calculated by using a preset calculation script, and judging whether the first version number is greater than or equal to a preset version number stored in an NVRAM (non-volatile random access memory) in advance by using the preset judging command; if yes, calling a first execution module; if not, calling a second execution module;
the first execution module is used for decrypting the ciphertext of the current software by using a preset key with an initial key authorization value and running an executable program obtained by decryption;
and the second execution module is configured to update the first authorization value, calculate an updated key authorization value, and end the process when it is determined that the updated key authorization value is different from the initial key authorization value.
In order to solve the above technical problem, the present invention further provides a software running device, including:
a memory for storing a computer program;
and the processor is used for realizing the steps of any one of the software running methods when executing the computer program.
In order to solve the above technical problem, the present invention further provides a computer-readable storage medium, wherein a computer program is stored on the computer-readable storage medium, and when being executed by a processor, the computer program implements the steps of any one of the software running methods.
The invention provides a software running method, which is characterized in that after a corresponding first version number is obtained according to a ciphertext of current software, whether the first version number of the current software is larger than or equal to a preset version number stored in an NVRAM in advance is judged, and when the first version number is smaller than the preset version number, a first authorization value is updated, so that the calculated updated key authorization value is different from an initial key authorization value, the ciphertext of the current software cannot be decrypted by using a preset key any more, and a corresponding software executable program cannot be obtained; in addition, the method compares the first version number with the preset version number by using a computer program and controls the software to run, so that the consumption of manpower resources can be reduced, the condition of manual operation errors can be avoided, and the safety of software running is improved.
In order to solve the technical problem, the invention also provides a software running device, equipment and a computer readable storage medium, which have the beneficial effects.
Drawings
In order to more clearly illustrate the embodiments or technical solutions of the present invention, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a flowchart of a software running method according to an embodiment of the present invention;
fig. 2 is a block diagram of a software running apparatus according to an embodiment of the present invention;
fig. 3 is a block diagram of a software operating device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The core of the embodiment of the invention is to provide a software running method, which can relatively reduce the consumption of manpower resources and improve the safety of software running on the basis of realizing the prohibition of running low-version software; another core of the present invention is to provide a software running device, a device and a computer readable storage medium, all having the above beneficial effects.
In order that those skilled in the art will better understand the disclosure, the invention will be described in further detail with reference to the accompanying drawings and specific embodiments.
Fig. 1 is a flowchart of a software running method according to an embodiment of the present invention. As shown in fig. 1, a software running method includes:
s10: acquiring a corresponding first version number according to the ciphertext of the current software;
s20: after a first authorization value is calculated by using a preset calculation script, setting a first version number as an input parameter of a preset judgment command, and judging whether the first version number is greater than or equal to a preset version number stored in an NVRAM (non-volatile random access memory) in advance by using the preset judgment command;
s30: if so, decrypting the ciphertext of the current software by using a preset key with an initial key authorization value, and operating an executable program obtained by decryption;
s40: if not, updating the first authorization value, calculating an updated key authorization value, and ending the process when determining that the updated key authorization value is different from the initial key authorization value.
It should be noted that, in actual operation, software deployment is performed first. The software deployment refers to an operation which needs to be executed when software is installed for the first time, and the preset key and the NVRAM of the TPM2.0 chip which are relied on by the embodiment of the invention can be used once being created, and do not need to be created again in the subsequent process.
Specifically, a cryptographic engine is built in the TPM2.0 chip, which can implement a cryptographic algorithm, and meanwhile, an enhanced authorization mechanism is introduced into the TPM2.0 chip, so that an internal object (for example, a preset key in the TPM2.0 chip) can be authorized to be used in an authorization session manner, and an authorization value in the session (for example, an authorization value of the key) can be changed according to different conditions. The TPM2_ policy nv command of the TPM2.0 chip may determine whether to perform an operation of changing an authorization value in a session according to a preset version number stored in a Non-Volatile Random Access Memory (NVRAM) in the TPM2.0 chip. When the condition is not met, for example, a given value (the first version number of the current software) in the command is smaller than a preset version number stored in the NVRAM, the authorization value in the session is changed, that is, an updated key authorization value is obtained, and when the condition is met, the authorization value in the authorization session does not change.
Specifically, a preset version number is stored in the NVRAM in advance, and the preset version number is generally the latest version number of software; and encrypting the executable file of the current software by using the preset key to obtain a corresponding ciphertext. In actual operation, firstly, a corresponding first version number, namely the version number of the current software, is obtained according to the ciphertext of the current software; then, a first authorization value is calculated by utilizing a preset calculation script; and then setting the first version number as the entry parameter of a preset judgment command, and judging whether the first version number is greater than or equal to a preset version number stored in an NVRAM (non-volatile random access memory) in advance by using the preset judgment command. If so, the version of the current software is higher than or equal to the software version corresponding to the preset version number, so that the ciphertext of the current software is decrypted by using the preset key with the initial key authorization value to obtain a corresponding executable program, and the decrypted executable program is operated to realize the purpose of operating the current software. If not, updating the first authorization value, and calculating an updated key authorization value according to the first authorization value, wherein the updated key authorization value is different from the initial key authorization value due to updating of the key authorization value, so that the ciphertext of the current software cannot be decrypted by using the preset key, and the process is ended.
It should be noted that the preset determination command may specifically be:
args ═ Hash (first version number | | condition | | | custom content);
policynew=Hash(policyold| args | custom content);
wherein args is an intermediate variable obtained according to a preset judgment command; the condition refers to a comparison method, such as greater than, equal to, less than, and the like, and in this embodiment, the condition specifically refers to whether a first version number in the preset judgment command is greater than or equal to a preset version number in the NVRAM; the user-defined content refers to other internal date information set by the user according to actual requirements, and the embodiment does not limit the internal date information; specifically, the Hash represents a digest algorithm, such as SHA-1, SHA-256, etc.; policyoldRefers to the original first authorization value, policy, in the authorization sessionnewRefers to the updated first authorization value; "| |" represents a connection of content, such as "123 | | 456" results in "123456".
After the corresponding first version number is obtained according to the ciphertext of the current software, whether the first version number of the current software is larger than or equal to a preset version number stored in an NVRAM in advance is judged, and when the first version number is smaller than the preset version number, the first authorization value is updated, so that the calculated updated key authorization value is different from the initial key authorization value, the ciphertext of the current software cannot be decrypted by using the preset key, and a corresponding software executable program cannot be obtained; in addition, the method compares the first version number with the preset version number by using a computer program and controls the software to run, so that the consumption of manpower resources can be reduced, the condition of manual operation errors can be avoided, and the safety of software running is improved.
On the basis of the foregoing embodiment, this embodiment further describes and optimizes the technical solution, and specifically, in this embodiment, the process of calculating the initial key authorization value includes:
hash (SN 0 | | |) according to policy1n) Calculating an initial first authorization value;
according to policy ═ Hash (policy1| | | 0)n) An initial key grant value is calculated.
In this embodiment, specifically, by executing the TPM2_ StartAuthSession instruction, an authorization session may be started in the TPM2.0 chip, and subsequently, an authorization value (initial key authorization value) in the session may be obtained or a preset key in the chip may be authorized to be used by using the session. Specifically, the SN number of the computer is first extracted, and the TPM2_ PolicyOR instruction is executed according to policy1 ═ Hash (SN | | 0)n) Computing an initial first authorization value policy 1; once the initial first authorization value policy1 is calculated, it is stored in the session and can be called for use later; executing the TPM2_ PolicyOR instruction again may be based on policy ═ Hash (policy1| | 0)n) Calculating an initial key authorization value policy; executing the TPM2 Create instruction creates the pre-key and sets the authorization value of the pre-key to the initial key authorization value policy.It should be noted that SN represents a Serial Number (SN) of the computer or the server; 0nRepresenting n 0 s, e.g. 032 Represents 32 0 s, and in actual operation, 0 snThe content may be replaced by user-defined content, which is not limited in this embodiment.
Therefore, the initial key authorization value is calculated according to the method of the embodiment, the calculation process is convenient, and the safety is higher.
It should be noted that, in this embodiment, a preset version number is specifically set in the NVRAM in advance; create a pre-key and Hash (SN 0) according to policy1n) Calculating an initial first authorization value; according to policy ═ Hash (policy1| | | 0)n) Calculating an initial key authorization value; after a ciphertext obtained by encrypting an executable file of the current software by using a preset key is obtained, when the current software needs to be operated, firstly, Hash (SN | | | 0) is obtained according to policy1n) Calculating a corresponding first authorization value, then when a first version number is taken as a parameter of a preset judgment instruction TPM2_ StartAuthSession instruction and the first version number is determined to be greater than or equal to a preset version number in NVRAM, determining that a condition is satisfied according to args ═ Hash (self-defined content of the first version number | | | | | | | | condition | |), without updating the first authorization value, and according to policy ═ Hash (policy1| | | | 0)n) And calculating that the key authorization value is the same as the initial key authorization value policy, so that the ciphertext of the current software can be decrypted by using the preset key to obtain a corresponding executable file and run.
When the first version number is smaller than the preset version number in the NVRAM, the condition is determined to be not satisfied according to args (Hash) (the first version number is the condition self-defined content), and therefore the condition is determined according to policynew=Hash(policyold| args | self-defined content) to update the first authorization value, wherein the updated first authorization value is policynewCalculating an updated key authorization value by using the updated first authorization value; and because the updated key authorization value is different from the initial key authorization value, the ciphertext of the current software cannot be decrypted by using the preset key, the current software cannot run, and the process is ended.
After the corresponding first version number is obtained according to the ciphertext of the current software, whether the first version number of the current software is larger than or equal to a preset version number stored in an NVRAM in advance is judged, and when the first version number is smaller than the preset version number, the first authorization value is updated, so that the calculated updated key authorization value is different from the initial key authorization value, the ciphertext of the current software cannot be decrypted by using the preset key, and a corresponding software executable program cannot be obtained; in addition, the method compares the first version number with the preset version number by using a computer program and controls the software to run, so that the consumption of manpower resources can be reduced, the condition of manual operation errors can be avoided, and the safety of software running is improved.
On the basis of the foregoing embodiment, this embodiment further describes and optimizes the technical solution, and specifically, in this embodiment, the process of storing the preset version number in the NVRAM in advance includes:
creating an NVRAM (non-volatile random access memory) and setting a preset access password of the NVRAM;
and storing the preset version number under the condition that the received access password input by the user is consistent with the preset access password.
It should be noted that, by executing the TPM2_ NvDefineSpace instruction, an NVRAM may be created in the TPM chip, and a preset access password of the NVRAM is set when the NVRAM is created, so as to ensure that only a legitimate user may update the software version information therein by inputting an access password consistent with the preset access password, and a malicious attacker cannot modify the software version information therein.
Specifically, in actual operation, after receiving an access password input by a user, determining whether the access password is consistent with a preset access password, if so, executing a TPM2 — NvWrite instruction, and writing software version information including a preset version number of software into the created NVRAM; executing the TPM2_ RsaEncrypt instruction, encrypting the executable file of the software, deleting the plain text of the software, and only keeping the cipher text information.
It should be noted that, in actual operation, in order to ensure the efficiency of encryption and decryption, only one section of file content of the software may be encrypted, instead of all files, according to specific situations.
In addition, in an actual operation, the software version information in the NVRAM may be updated according to an actual requirement, and specifically, the updated software version number may be stored in the NVRAM in a manner of initially storing the preset version number in the NVRAM, that is, the preset version number stored in the NVRAM is updated.
It can be understood that, in the embodiment, the preset version number can be set in the NVRAM only after the verification is passed by using the access password, so that the preset version number can be prevented from being maliciously tampered, the accuracy of setting the preset version number can be guaranteed, and the security of running software can be further guaranteed.
On the basis of the foregoing embodiment, the present embodiment further describes and optimizes the technical solution, and specifically, after acquiring the corresponding first version number according to the ciphertext of the current software, the present embodiment further includes:
the first version number of the current software is displayed.
Specifically, in this embodiment, after the corresponding first version number is obtained according to the ciphertext of the current software, that is, after the first version number of the current software is obtained, the first version number of the current software is displayed by using a preset display device. In this embodiment, specific forms of the display server parameters are not limited, and it should be noted that, in this embodiment, specific types of the display device are also not limited, and may be, for example, a liquid crystal display or a touch screen.
Therefore, the first version number of the current software is further displayed, so that the user can conveniently and intuitively view the version information of the current software, and the use experience of the user is further improved.
On the basis of the foregoing embodiment, this embodiment further describes and optimizes the technical solution, and specifically, before decrypting the ciphertext of the current software using the preset key that is provided with the initial key authorization value and running the decrypted software executable program, this embodiment further includes:
and carrying out identity verification on the user, and entering a step of decrypting the ciphertext of the current software by using the preset key with the initial key authorization value and running the software executable program obtained by decryption under the condition that the identity verification is passed.
Specifically, in this embodiment, before decrypting the ciphertext of the current software by using the preset key with the initial key authorization value and running the decrypted software executable program, the user is authenticated first, and then the following steps of decrypting the ciphertext of the current software by using the preset key with the initial key authorization value and running the decrypted software executable program are performed if the authentication passes, and if the authentication fails, the operation of decrypting the ciphertext of the current software by using the preset key with the initial key authorization value is not performed, or further, corresponding warning information is sent according to the user identity of the user.
It should be noted that, in this embodiment, the manner of performing identity verification on the user may be to require the user to input a corresponding user name and password or biometric information, and determine whether the identity verification on the user passes through verifying whether information matching the user name and the password input by the user or information matching the biometric information of the user exists in the pre-stored authentication information, where a specific manner of performing identity verification on the user is not limited in this embodiment.
Therefore, the safety of the running software can be further improved by further carrying out identity authentication on the user.
On the basis of the foregoing embodiment, this embodiment further describes and optimizes the technical solution, and specifically, when it is determined that the updated key authorization value is different from the initial key authorization value, this embodiment further includes:
and sending out corresponding prompt information.
Specifically, in this embodiment, when it is determined that the updated key authorization value is different from the initial key authorization value, the prompting device is further triggered to send out the corresponding prompt information. It should be noted that the prompting device may specifically be a buzzer and/or an indicator light and/or a display, and the prompting device such as the buzzer, the indicator light, the display, and the like is triggered to send out corresponding prompting information, such as a buzzer sound, a flashing light, characters or images, and the like, so as to intuitively prompt the user about the current verification condition of the data consistency function of the file system, thereby further improving the use experience of the user.
On the basis of the foregoing embodiment, this embodiment further describes and optimizes the technical solution, and specifically, in this embodiment, the process of obtaining the corresponding first version number according to the ciphertext of the current software specifically includes:
and scanning the ciphertext of the current software according to a preset time period, and acquiring a corresponding first version number according to the ciphertext of the current software.
Specifically, in this embodiment, a preset time period is preset, and then a timer is used to trigger a program to scan a ciphertext of the current software according to the preset time period, so as to obtain a first version number of the current software. It should be noted that the preset time period is generally set according to actual operation experience, and this embodiment does not limit this.
By acquiring the corresponding first version number according to the preset time period, whether the current software is the low-version software can be periodically detected and determined, so that the running safety of the software is further guaranteed.
The above detailed description is given for the embodiment of the software running method provided by the present invention, and the present invention further provides a software running apparatus, a device and a computer-readable storage medium corresponding to the method.
Fig. 2 is a structural diagram of a software running apparatus according to an embodiment of the present invention, and as shown in fig. 2, the software running apparatus includes:
the obtaining module 21 is configured to obtain a corresponding first version number according to a ciphertext of current software;
a determining module 22, configured to set the first version number as an entry parameter of a preset determining command after calculating the first authorization value by using a preset calculation script, and determine whether the first version number is greater than or equal to a preset version number pre-stored in the NVRAM by using the preset determining command; if yes, calling the first execution module 23; if not, the second execution module 24 is called;
the first execution module 23 is configured to decrypt a ciphertext of the current software using a preset key with an initial key authorization value, and run an executable program obtained by decryption;
and the second execution module 24 is configured to update the first authorization value, calculate an updated key authorization value, and end the process when it is determined that the updated key authorization value is different from the initial key authorization value.
The software running device provided by the embodiment of the invention has the beneficial effects of the software running method.
As a preferred embodiment, a software running device further includes:
and the display module is used for displaying the first version number of the current software.
As a preferred embodiment, a software running device further includes:
and the identity authentication module is used for performing identity authentication on the user and calling the first execution module under the condition that the identity authentication is passed.
As a preferred embodiment, a software running device further includes:
and the prompt module is used for sending corresponding prompt information when the updated key authorization value is determined to be different from the initial key authorization value.
Fig. 3 is a structural diagram of a software operating device according to an embodiment of the present invention, and as shown in fig. 3, a software operating device includes:
a memory 31 for storing a computer program;
a processor 32 for implementing the steps of the software running method when executing the computer program.
The software running equipment provided by the embodiment of the invention has the beneficial effects of the software running method.
In order to solve the above technical problem, the present invention further provides a computer-readable storage medium, on which a computer program is stored, and the computer program, when executed by a processor, implements the steps of the software running method.
The computer-readable storage medium provided by the embodiment of the invention has the beneficial effects of the software running method.
The software running method, the device, the equipment and the computer readable storage medium provided by the invention are described in detail above. The principles and embodiments of the present invention are explained herein using specific examples, which are set forth only to help understand the method and its core ideas of the present invention. It should be noted that, for those skilled in the art, it is possible to make various improvements and modifications to the present invention without departing from the principle of the present invention, and those improvements and modifications also fall within the scope of the claims of the present invention.
The embodiments are described in a progressive manner in the specification, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device disclosed in the embodiment corresponds to the method disclosed in the embodiment, so that the description is simple, and the relevant points can be referred to the description of the method part.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the technical solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
Claims (10)
1. A method of operating software, comprising:
acquiring a corresponding first version number according to the ciphertext of the current software;
after a first authorization value is calculated by using a preset calculation script, setting the first version number as an input parameter of a preset judgment command, and judging whether the first version number is greater than or equal to a preset version number stored in an NVRAM (non-volatile random access memory) in advance by using the preset judgment command;
if so, decrypting the ciphertext of the current software by using a preset key with an initial key authorization value, and operating an executable program obtained by decryption;
if not, updating the first authorization value, calculating an updated key authorization value, and ending the process when determining that the updated key authorization value is different from the initial key authorization value.
2. The method of claim 1, wherein calculating the initial key authorization value comprises:
according to policy1 = Hash (SN | | | 0)n) Calculating an initial first authorized value, wherein policy1 is the initial first authorized value, and SN is a device serial number;
according to policy = Hash (policy1| | | 0)n) Calculating the initial key authorization value, wherein Policy is the initial key authorization value, and 0nRepresenting n 0 s, and Hash () representing the digest algorithm.
3. The method of claim 1, wherein pre-storing the preset version number in the NVRAM comprises:
creating an NVRAM (non-volatile random access memory), and setting a preset access password of the NVRAM;
and storing the preset version number under the condition that the received access password input by the user is consistent with the preset access password.
4. The method of claim 1, after obtaining the corresponding first version number according to the ciphertext of the current software, further comprising:
displaying the first version number of the current software.
5. The method according to claim 1, further comprising, before the decrypting the ciphertext of the current software using the predetermined key with the initial key authorization value and running the decrypted software executable program:
and authenticating the identity of the user, entering the step of decrypting the ciphertext of the current software by using the preset key with the initial key authorization value under the condition that the identity authentication is passed, and running the software executable program obtained by decryption.
6. The method of claim 1, wherein upon determining that the updated key authorization value is different from the initial key authorization value, further comprising:
and sending out corresponding prompt information.
7. The method according to any one of claims 1 to 6, wherein the process of obtaining the corresponding first version number according to the ciphertext of the current software specifically comprises:
and scanning the ciphertext of the current software according to a preset time period, and acquiring a corresponding first version number according to the ciphertext of the current software.
8. A software running apparatus, comprising:
the acquisition module is used for acquiring a corresponding first version number according to the ciphertext of the current software;
the judging module is used for setting the first version number as the input parameter of a preset judging command after a first authorization value is calculated by using a preset calculation script, and judging whether the first version number is greater than or equal to a preset version number stored in an NVRAM (non-volatile random access memory) in advance by using the preset judging command; if yes, calling a first execution module; if not, calling a second execution module;
the first execution module is used for decrypting the ciphertext of the current software by using a preset key with an initial key authorization value and running an executable program obtained by decryption;
and the second execution module is configured to update the first authorization value, calculate an updated key authorization value, and end the process when it is determined that the updated key authorization value is different from the initial key authorization value.
9. A software running device, comprising:
a memory for storing a computer program;
a processor for implementing the steps of the software execution method of any one of claims 1 to 7 when executing the computer program.
10. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the software execution method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010820087.2A CN111949949B (en) | 2020-08-14 | 2020-08-14 | Software running method, device and equipment and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010820087.2A CN111949949B (en) | 2020-08-14 | 2020-08-14 | Software running method, device and equipment and computer readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111949949A CN111949949A (en) | 2020-11-17 |
| CN111949949B true CN111949949B (en) | 2022-06-17 |
Family
ID=73342354
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010820087.2A Active CN111949949B (en) | 2020-08-14 | 2020-08-14 | Software running method, device and equipment and computer readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111949949B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2018153018A1 (en) * | 2017-02-21 | 2018-08-30 | 蔚来汽车有限公司 | Key update method and system |
| CN110968844A (en) * | 2019-12-02 | 2020-04-07 | 卫盈联信息技术(深圳)有限公司 | Software authorization method in off-line state, server and readable storage medium |
| CN111079128A (en) * | 2019-12-11 | 2020-04-28 | 腾讯科技(深圳)有限公司 | Data processing method and device, electronic equipment and storage medium |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7006997B2 (en) * | 2000-12-05 | 2006-02-28 | Kenta Hori | Method and program for preventing unfair use of software |
-
2020
- 2020-08-14 CN CN202010820087.2A patent/CN111949949B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2018153018A1 (en) * | 2017-02-21 | 2018-08-30 | 蔚来汽车有限公司 | Key update method and system |
| CN110968844A (en) * | 2019-12-02 | 2020-04-07 | 卫盈联信息技术(深圳)有限公司 | Software authorization method in off-line state, server and readable storage medium |
| CN111079128A (en) * | 2019-12-11 | 2020-04-28 | 腾讯科技(深圳)有限公司 | Data processing method and device, electronic equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111949949A (en) | 2020-11-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP2659373B1 (en) | System and method for secure software update | |
| KR20180075513A (en) | Method and apparatus for realizing session identifier synchronization | |
| CN111708991A (en) | Service authorization method, service authorization device, computer equipment and storage medium | |
| US8953805B2 (en) | Authentication information generating system, authentication information generating method, client apparatus, and authentication information generating program for implementing the method | |
| CN113569266B (en) | Host remote monitoring method based on chip level privacy calculation | |
| Böck et al. | Towards more trustable log files for digital forensics by means of “trusted computing” | |
| US10050977B2 (en) | Preventing misuse of code signing certificates | |
| CN110096849A (en) | A kind of License authorization and authentication method, device, equipment and readable storage medium storing program for executing | |
| CN111460410A (en) | Server login method, device and system and computer readable storage medium | |
| CN111193740A (en) | Encryption method, device, decryption method, computer device and storage medium | |
| JP2017011491A (en) | Authentication system | |
| CN112511306A (en) | Safe operation environment construction method based on mixed trust model | |
| CN113726766A (en) | Offline identity authentication method, system and medium | |
| CN111949949B (en) | Software running method, device and equipment and computer readable storage medium | |
| CN113127844A (en) | Variable access method, device, system, equipment and medium | |
| CN108563934B (en) | Fingerprint unlocking method and device | |
| GB2513494A (en) | Data verification | |
| CN116032484A (en) | Method and device for safely starting communication equipment and electronic equipment | |
| CN113297563A (en) | Method and device for accessing privileged resources of system on chip and system on chip | |
| CN112597449B (en) | Software encryption method, device, equipment and storage medium | |
| CN116418541B (en) | Communication method, device and equipment | |
| JP2020150310A (en) | Information processing unit, decryption method of encryption data and electronic apparatus | |
| JP2007258789A (en) | System, method, and program for authenticating agent | |
| Jagannathan et al. | Self-authentication in medical device software: An approach to include cybersecurity in legacy medical devices | |
| CN117640109B (en) | API (application program interface) secure access method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |