CN112287305A

CN112287305A - Data processing method, user lock and server

Info

Publication number: CN112287305A
Application number: CN202011192680.3A
Authority: CN
Inventors: 孙吉平; 李海鹏
Original assignee: Beijing Senseshield Technology Co Ltd
Current assignee: Beijing Senseshield Technology Co Ltd
Priority date: 2020-10-30
Filing date: 2020-10-30
Publication date: 2021-01-29
Anticipated expiration: 2040-10-30
Also published as: CN112287305B

Abstract

The application discloses a data processing method, a user lock and a server, wherein the method is applied to the user lock and comprises the following steps: acquiring a first data packet sent by a server, wherein the first data packet is a data packet generated by the server responding to a first request, the first request is a request generated by utilizing a first control lock, and the first control lock is used for encrypting development data of a first development end and issuing a corresponding permission file; determining a first storage area corresponding to a first control lock in a user lock based on the first data packet, wherein the user lock comprises at least two storage areas; storing the first license file in a first storage area; the first license file is a license file issued to the second development end by the first control lock, so that the second development end can use the development data through the user lock. The method can reduce the number of user locks in the process of developing the development data in multiple levels, so that the whole using process is simple, clear in logic and easy to manage.

Description

Data processing method, user lock and server

Technical Field

The present application relates to the field of software encryption and copyright management, and in particular, to a data processing method, a user lock, and a server.

Background

In the industry of developing and managing development data such as software, a corresponding industry chain is provided, developers in an upstream chain provide development packages or development equipment, and developers in a downstream chain perform secondary development or secondary assembly, even more development and assembly. For example, a first developer develops target software and a second developer needs to develop the target software again based on the original target software to form a final product for sale to consumers. It can be seen that for a complete product, many developers will go through many separate development steps to achieve final formation.

For each layer of developers, whether software or hardware is provided, data protection and copyright management are needed, and own development data is protected from being infringed, and generally in an industry chain, the developers can use an encryption lock (including a control lock and a user lock) to complete encryption and authorization of software or self-development data based on the software.

However, the existing method for using the encryption lock by multiple layers of developers is relatively confused, the developers on each layer use the independent user lock to authorize the developers on the next layer, the developers or the end users on the next layer need to use multiple user locks at the same time to perform development operation and development data protection of themselves based on the software, or normally use the software, so that the use process of the encryption lock is complicated and is difficult to manage.

Disclosure of Invention

The embodiment of the application aims to provide a data processing method, a user lock and a server, wherein the method reduces the number of the user locks used in the process of developing the same software or development data associated with the same software by multiple layers of developers, provides convenience for the developers on each layer, and is also beneficial to protecting self-development data.

In order to solve the technical problem, the embodiment of the application adopts the following technical scheme: a data processing method applied to a user lock, the method comprising:

acquiring a first data packet sent by a server, wherein the first data packet is a data packet generated by the server responding to a first request, the first request is a request generated by utilizing a first control lock, and the first control lock is used for encrypting development data of a first development end and issuing a corresponding license file;

determining a first storage area corresponding to the first control lock in the user lock based on the first data packet, wherein the user lock comprises at least two storage areas, and the at least two storage areas comprise the first storage area;

storing a first license file in the first storage area; the first license file is a license file issued to the second development end by using the first control lock, so that the second development end can use the development data of the first development end through the user lock.

Optionally, the at least two storage areas further include a second storage area corresponding to a second control lock; the second control lock is used for encrypting the development data of the second development end and issuing a corresponding license file; the second storage area is used for storing a second license file, and the second license file is a license file issued to a third issuing source/end user side by using the second control lock, so that the third issuing source/end user side can use the development data of the first issuing source and the development data of the second issuing source through the user lock.

Optionally, determining, based on the first data packet, a first storage area corresponding to the first control lock in the user lock includes:

acquiring a first identifier from the first data packet, wherein the first identifier is used for uniquely identifying the first control lock;

and determining a first storage area corresponding to the first control lock in the user lock based on the first identification.

Optionally, the determining, based on the first identifier, a first storage area corresponding to the first control lock in the user lock includes:

and determining a first storage area corresponding to the first development end based on the first identifier and a preset relation table in the user lock.

Optionally, the first data packet includes an originating certificate; the step of determining a first storage area in the user lock corresponding to the first control lock based on the first data packet comprises:

determining identity information of a corresponding first originating terminal based on the originating terminal certificate;

and under the condition that the identity information meets the requirement, a corresponding first storage area is defined for the first development end in the user lock.

Optionally, after acquiring the first data packet sent by the server, the method further includes:

verifying and signing a first data packet by using a server public key, wherein the first data packet is signed by a server private key corresponding to the server public key;

and if the verification label passes, determining that the identity of the server side is legal.

As an alternative, among others,

the authority of the first control lock for operating the user lock is greater than that of the second control lock; alternatively, the first and second electrodes may be,

the authority of the first control lock for operating the user lock is the same as that of the second control lock.

The embodiment of the application also provides a data processing method, which is applied to a server side and comprises the following steps:

acquiring a first request, wherein the first request is generated by using a first control lock, and the first control lock is used for encrypting development data of a first development end and issuing a corresponding license file;

responding to the first request, and generating a first data packet corresponding to the first request;

sending the first data packet to a user lock associated with the first control lock, such that the user lock determines a first storage area of the user lock corresponding to the first control lock based on the first data packet, thereby storing the first permission file in the first storage area; the user lock comprises at least two storage areas, the at least two storage areas comprise the first storage area, and the first license file is a license file issued to the second development end by using the first control lock, so that the second development end can use the development data of the first development end through the user lock.

Optionally, the sending the first data packet to the user lock associated with the first control lock, so that the user lock determines, based on the first data packet, a first storage area in the user lock corresponding to the first control lock, specifically includes:

sending the first data packet containing a first identifier to a user lock associated with the first control lock, so that the user lock determines a first storage area corresponding to the first control lock in the user lock based on the first identifier; wherein the first identifier is used for uniquely identifying the first control lock.

Optionally, the sending the first data packet to a user lock associated with the first control lock, so that the user lock determines a first storage area in the user lock corresponding to the first control lock based on the first data packet, further includes:

and sending the development end certificate to the user lock so that the user lock determines the identity information of the corresponding first development end based on the development end certificate, and under the condition that the identity information meets the requirement, a corresponding first storage area is defined for the first development end in the user lock.

Optionally, the generating the corresponding first data packet based on the first request includes:

signing the generated first data packet by using a server private key, wherein the server private key corresponds to a server public key;

correspondingly, sending the first data packet to the user lock associated with the first control lock specifically includes: and sending the signed first data packet to a user lock so that the user lock checks the signature of the first data packet by using the server public key to verify the identity of the server.

Optionally, the authority of the first control lock for operating the user lock is greater than that of the second control lock; alternatively, the first and second electrodes may be,

An embodiment of the present application further provides a user lock, which includes a memory and a processor, where the memory stores an executable program, and the processor executes the executable program to perform the following steps:

Optionally, the processor executing the executable program further performs the steps of:

Optionally, the first data packet includes an originating certificate; the processor executing the executable program further performs the steps of:

As an alternative, among others,

The embodiment of the application further provides a server, which comprises a memory and a processor, wherein an executable program is stored in the memory, and the processor executes the executable program to perform the following steps:

sending the first data packet to a user lock associated with the first control lock, so that the user lock determines a first storage area corresponding to the first control lock in the user lock based on the first data packet, and storing a first license file in the first storage area; the user lock comprises at least two storage areas, the at least two storage areas comprise the first storage area, and the first license file is a license file issued to the second development end by using the first control lock, so that the second development end can use the development data of the first development end through the user lock.

Optionally, the first data packet further includes an originating certificate, and the processor executing the executable program further performs the steps of:

and signing the generated first data packet by using a server private key, wherein the server private key corresponds to a server public key, and the user lock can verify the signature of the first data packet by using the server public key so as to verify the identity of the server.

An embodiment of the present application further provides a computer-readable storage medium, in which instructions are stored, and when the instructions are run on a computer, the data processing method as described above is implemented.

The data processing method of the embodiment can reduce the number of the user locks in the multi-level development process, namely, each level of users can use the same user lock and surely have own unique control lock to encrypt and authorize software or self-development data based on the software, and the whole use process is simple, clear in logic and easy to manage.

Drawings

FIG. 1 is a flowchart of a data processing method applied to a user lock according to an embodiment of the present application;

FIG. 2 is a diagram illustrating a correspondence relationship between a storage area in a user lock and a developer according to an embodiment of the present application;

FIG. 3 is a flowchart of one embodiment of step S2 of FIG. 1 according to an embodiment of the present application;

FIG. 4 is a flow chart of one embodiment of a data processing method of an embodiment of the present application;

FIG. 5 is a flowchart illustrating an interaction process between a server and a first originating terminal, a first control lock, and a user lock according to an embodiment of the present application;

FIG. 6 is a flowchart illustrating a process of partitioning a first storage area for a user lock according to an embodiment of the present application by using interaction between a third terminal and a server;

FIG. 7 is a flowchart illustrating an interaction process between the server and the second originating terminal, the second control lock, and the user lock according to an embodiment of the present application;

fig. 8 is a flowchart of a data processing method applied to a server according to an embodiment of the present application;

FIG. 9 is a block diagram of a user lock according to an embodiment of the present application;

fig. 10 is a block diagram of a server according to an embodiment of the present application.

Detailed Description

Various aspects and features of the present application are described herein with reference to the drawings.

It will be understood that various modifications may be made to the embodiments of the present application. Accordingly, the foregoing description should not be construed as limiting, but merely as exemplifications of embodiments. Those skilled in the art will envision other modifications within the scope and spirit of the application.

The accompanying drawings, which are incorporated in and constitute a part of the specification, illustrate embodiments of the application and, together with a general description of the application given above and the detailed description of the embodiments given below, serve to explain the principles of the application.

These and other characteristics of the present application will become apparent from the following description of preferred forms of embodiment, given as non-limiting examples, with reference to the attached drawings.

It should also be understood that, although the present application has been described with reference to some specific examples, a person of skill in the art shall certainly be able to achieve many other equivalent forms of application, having the characteristics as set forth in the claims and hence all coming within the field of protection defined thereby.

The above and other aspects, features and advantages of the present application will become more apparent in view of the following detailed description when taken in conjunction with the accompanying drawings.

Specific embodiments of the present application are described hereinafter with reference to the accompanying drawings; however, it is to be understood that the disclosed embodiments are merely exemplary of the application, which can be embodied in various forms. Well-known and/or repeated functions and constructions are not described in detail to avoid obscuring the application of unnecessary or unnecessary detail. Therefore, specific structural and functional details disclosed herein are not to be interpreted as limiting, but merely as a basis for the claims and as a representative basis for teaching one skilled in the art to variously employ the present application in virtually any appropriately detailed structure.

The specification may use the phrases "in one embodiment," "in another embodiment," "in yet another embodiment," or "in other embodiments," which may each refer to one or more of the same or different embodiments in accordance with the application.

The data processing method of the embodiment of the application relates to a control lock and a user lock, wherein the control lock and the user lock associated with the control lock are both encryption locks, and the control lock and the user lock need to be used in a matched mode. For example, the control lock may be an identification of different software developers, and the control lock is mainly used for functions such as encryption, issuing permission (authorization), and issuing a user lock upgrade file. The user lock is an encryption lock finally issued to the software end user, software encryption and authorization depend on hardware products, and the use right of the software is possessed by the user lock. A user lock cannot be used directly for the association between the control lock and the user lock because the user lock is an empty lock that does not contain any software (or other development data) permission data inside. The permission in the user lock is generated by controlling the lock issuance, the control lock can issue a software license aiming at one user lock, and then the software license is upgraded into the user lock, and the permission is generated formally. Each user lock can be normally used only by setting permission through the control lock, for example, the user lock stores permission information issued by a software developer, and when a software user uses software encrypted by the software developer, the user lock needs to be inserted for decryption.

A data processing method according to an embodiment of the present application, applied to a user lock, is described below with reference to an overall layer, and includes the following steps:

Specifically, the first request is a request generated by using a first control lock, for example, the first user corresponds to a first development end, the first user encrypts development data of the first development end by using the first control lock in order to protect the development data (such as software developed by the first user) from being violated, and issues a corresponding first license file. And sending a first request to the server through the first control lock, and sending a corresponding first data packet by the server in response to the first request so that the user lock can acquire the first data packet. In this embodiment, the user lock includes at least two storage areas, and the control lock corresponding to the user lock may have its own storage area. The first data packet may include correspondence information between a storage area in the user lock and the first control lock, and the first storage area in the user lock corresponding to the first control lock may be determined based on the first data packet. The first data packet may also include information of a first control lock, and after receiving the first data packet, the user lock determines a corresponding first storage area for the first control lock from its unallocated storage space. The user lock may store the first license file in the first storage area upon determining the first storage area. If the second user uses the second development end to perform secondary development on the development data of the first user, for example, the development data is developed again on the basis of the software developed by the first user, the user lock can be acquired, and the software is secondarily developed under the permission of the first permission file. The second user can also have a second control lock of the second user to encrypt and authorize the data developed by the second user, and the second license file issued by the second control lock is stored in a storage area corresponding to the second control lock in the user lock, so that the first control lock does not need to be acquired to issue the license file for the same user, and a new user lock does not need to be purchased again. When the second user delivers the product to a downstream developer or end user, the second user also only needs to deliver one user lock, and does not need to deliver multiple user locks.

By adopting the implementation mode of the embodiment of the application, the corresponding storage areas can be distributed for different control locks in one user lock, the storage areas are independent, each storage area can store the permission file issued by the corresponding control lock, but cannot store the permission files issued by other control locks, so that a plurality of control locks can correspond to one user lock, and therefore, each user can protect the data developed by the user by using the control lock of the user, the use number of the user locks is effectively reduced, convenience is provided for developers at each layer, and the protection of the data developed by the user is facilitated.

Each step in the data processing method of the present application is described in detail below, fig. 1 is a flowchart of a data processing method applied to a user lock according to an embodiment of the present application, and as shown in fig. 1 and combined with fig. 5, the data processing method of the present application, applied to the user lock, includes the following steps:

s1, acquiring a first data packet sent by a server, where the first data packet is a data packet generated by the server in response to a first request, the first request is a request generated by using a first control lock, and the first control lock is used to encrypt development data of a first development end and issue a corresponding license file.

The development data in the embodiment of the present application may be data formed by a developer when developing a product, for example, software code, data required for software operation, and the like. For a developer, the developer may encrypt all data developed by the developer, or may encrypt part of critical data, which is not limited in this application.

The first control lock may be a control lock owned by the first user, and may encrypt development data in a first development end used by the first user and issue a corresponding license file, where the first control lock corresponds to the first development end. The first development end can be a computer, an encryption machine and other equipment used by the first user. The first license file may represent development data developed by the first user, such as usage permissions (authorizations) for software or other data, i.e., other users are permitted to use the development data of the first user, such as redevelopment on software developed by the first user. Before or during development data authorization, the first development end can generate a first request by using the first control lock and send the first request to the server end. The server responds to the first request and sends a first data packet to the user lock, and the user lock acquires the first data packet.

S2, determining a first storage area corresponding to the first control lock in the user lock based on the first data packet, wherein the user lock comprises at least two storage areas, and the at least two storage areas comprise the first storage area.

The user lock includes at least two storage areas, as shown in fig. 2, which include at least the first storage area, such as the second storage area, the third storage area, and so on. In the process of protecting and authorizing development data, a control lock owned by a user at each layer can correspond to a storage area, the storage areas are independent, the stored license files have orderliness, and other license files in other storage areas cannot be influenced in the calling process. For example, the first data packet may have therein association information between the storage area and the control lock, so that the user lock may determine the first storage area corresponding to the first control lock based on the received first data packet.

S3, storing the first license file in the first storage area; the first license file is a license file issued to the second development end by using the first control lock, so that the second development end can use the development data of the first development end through the user lock.

Specifically, the user lock stores the first permission file in the first storage area, and after the second user acquires the user lock from the first user, the second user can acquire the first permission file from the first storage area of the user lock and can acquire the use permission of the development data of the first development end, so that the user lock uses the development data to perform development work of the user and generate development data of the user. Of course, it is also possible to encrypt and authorize the development data itself using a second control lock unique to itself.

The data processing method of the embodiment can reduce the number of the user locks in the multi-level development process, namely, each level of users can use the same user lock but own unique control lock to encrypt and authorize software or self-development data based on the software, and the whole use process is simple, clear in logic and easy to manage.

The mode that a plurality of independent control locks in this application share a user's lock is particularly suitable for using in the thing networking field. In the prior art, a mode that one user can only correspond to one independent control lock can cause that a downstream developer or an end user needs to use a plurality of user locks to continue developing or normally use a product. The internet of things equipment is usually small and exquisite and simple, and a large number of equipment interfaces of the internet of things equipment need to be occupied by adopting the mode, so that the internet of things equipment is extremely heavy, and the hardware redundancy is high. And, this also increases the hardware cost of the internet of things device product. By adopting the method in the embodiment of the application to occupy one equipment interface of the equipment of the Internet of things, the hardware redundancy of the equipment of the Internet of things can be avoided, and the hardware cost of the equipment product of the Internet of things is also reduced.

In one embodiment of the present application, the at least two storage areas further comprise a second storage area corresponding to a second control lock; the second control lock is used for encrypting the development data of the second development end and issuing a corresponding license file; the second storage area is used for storing a second license file, and the second license file is a license file issued to a third issuing source/end user side by using the second control lock, so that the third issuing source/end user side can use the development data of the first issuing source and the development data of the second issuing source through the user lock.

With reference to fig. 7, specifically, after completing the development work of the second user, the second user may encrypt the development data of the second development end by using a second control lock owned by the second user, and issue a corresponding license file. The second license file is a license file issued by the third issuing end/final user end by utilizing the second control lock. The second development end may generate a second request by using the first control lock, send the second request to the server, and the server sends a second data packet to the second development end in response to the second request, where the content in the second data packet may be the same as or different from the content in the first data packet. For example, the second data packet may have therein association information between the storage area and the control lock, and particularly association information of the second control lock and the storage area. The user lock may determine a second storage area of the user lock corresponding to the second control lock based on the second data packet and then store the second permissions file in the second storage area.

In an extension, if the third development end/end user performs development of the third development end/end user based on the development data of the second development end, the user lock can be obtained, the first permission file and the second permission file are obtained, the development process of the layer is started, and the development data of the first development end and the development data of the second development end can be used through the user lock. The development flow is similar to the above steps. Of course, after the data processing method of the present application is developed by the third development end, more development processes can be performed, such as development by the fourth development end and the fifth development end, but the data processing process is similar to the above, and is not described herein again.

In an embodiment of the present application, as shown in fig. 3, determining a first storage area corresponding to the first control lock in the user lock based on the first data packet includes the following steps:

s21, acquiring a first identifier from the first data packet, wherein the first identifier is used for uniquely identifying the first control lock;

specifically, the first identification may be an ID number of the first control lock, which may uniquely identify the first control lock. Since the first control lock corresponds to the first user and the first development end, the first user and the first development end may be identified by using the ID number in some scenarios. Of course, the first identifier may also be a signature or other identification information for uniquely identifying the first control lock.

S22, based on the first identification, determining a first storage area in the user lock corresponding to the first control lock.

The first control lock has an association relation with the storage area, and the user lock can determine the first storage area corresponding to the first control lock based on the first identifier of the first control lock. Since the first identification uniquely identifies the first control lock, determining the first storage area is very accurate. In other layers of development processes, the storage area corresponding to the current control lock may be determined based on the identifier corresponding to the current control lock. Due to the unique function of the identification, disorder of the storage area is avoided, the association relation between each control lock and the corresponding storage area is determined, and users of all layers can use the user lock conveniently.

Specifically, the preset relationship table may be set in an operating system of the user lock, and may be called out when the storage area is determined, that is, after the user lock acquires the first identifier from the first data packet, the preset relationship table is called out, and the first storage area corresponding to the first identifier is searched from the preset relationship table, so as to determine the storage area corresponding to the first user lock, that is, the first storage area corresponding to the first originating end. Of course, the preset relationship table also stores storage areas corresponding to other user locks or development ends, such as information associated with the second development end and the second storage area, information associated with the third development end and the third storage area, and the like.

Alternatively, the user lock may establish a first relationship table, and after determining the correspondence between the identifier of the control lock and the storage area of the user lock, store the correspondence in the first relationship table for use when subsequently storing the first license file. That is, each time the user lock receives any data packet, it needs to first determine which control lock issued the data packet. Then, the user lock operates the storage area corresponding to the control lock according to the first relation table, for example, the first permission file in the data packet is stored in the first storage area corresponding to the first control lock.

Illustratively, the step of storing any received license file (hereinafter referred to as a pending license file) into a corresponding storage area may specifically include:

receiving a license file to be processed;

determining a control lock corresponding to the license file to be processed;

and searching a storage area corresponding to the control lock in the first relation table.

The pending license file may be included in a data packet generated by the server in response to the request for the control lock, and may be sent to the user lock together, or may be sent to the user lock separately after the user lock allocates a corresponding storage area for the control lock, which is not limited in this application. For example, the first license file may or may not be included in the first packet, and different implementations may be adopted in different application scenarios.

In one embodiment of the present application, as shown in fig. 4, the first data packet includes an originating certificate; the step S2 may include the steps of:

s4, determining identity information of the corresponding first originating terminal based on the originating terminal certificate;

and S5, under the condition that the identity information meets the requirement, a corresponding first storage area is defined for the first development end in the user lock.

Specifically, the first control lock is associated with the first development end, and the server sends out a first data packet according to the first request sent by the first control lock, where the first data packet includes an development end certificate, that is, the development end certificate of the first development end associated with the first control lock, and the development end certificate can prove the identity of the first development end, so that the embodiment of the present application determines the identity information of the first development end based on the development end certificate. If the identity information meets the requirement, if the used development end is determined to be the first development end, a corresponding first storage area can be defined for the first development end in the user lock. Otherwise, the delimiting operation can be stopped, or the identity information is fed back in case of error.

In one possible implementation, the user lock may obtain the identity information of the developer and the developer public key from the developer certificate. The user lock may then decrypt the received data encrypted by the developer private key using the developer public key. Or, the user lock may use the public key of the development end to check the received data signed by the private key of the development end. If the decryption is successful or the signature passes, the identity information of the development end is in accordance with the requirement.

In the process of dividing the storage area in the user lock, as shown in fig. 5, a user (such as a developer a) having a first control lock may trigger the first development end to send a first request to the server end by using the first control lock, and then receive a first data packet sent by the server end, and the user lock divides the storage area in the user lock by using the first data packet, and determines a first storage area corresponding to the first control lock. Of course, the division of the storage area in the user lock may be triggered by the manufacturer or the agent of the dongle after determining that the developer a purchases the first control lock and the user lock. As shown in fig. 6, a producer or an agent of the encryption lock divides a first storage area corresponding to the first control lock for the user lock by using interaction between the third terminal and the server, then delivers the first control lock and the user lock to the developer a, generates a first permission file for the user lock by using the first control lock, and stores the first permission file in the first storage area of the user lock by using the user lock.

In addition, the process of dividing the storage area corresponding to the control lock for the user lock may be performed separately or in synchronization with the step of initializing the user lock. The step of initializing the user lock may be performed by the encryption lock manufacturer or an agent. In one embodiment, when the step of initializing the user lock is performed synchronously, the first data packet also carries initialization data, which is not only used for initializing the user lock, but also used for determining a storage area corresponding to the control lock, so that the task of initializing the user lock and the task of dividing the storage area can be completed, and the purpose of completing multiple tasks in one interactive process is achieved.

In an extension, referring to fig. 7, for example, in the process of dividing the storage area corresponding to the second control lock for the user lock, the user (developer B) of the second control lock performs the operation by himself, the developer B may divide the second storage area for the second control lock in advance after obtaining the user lock, or may divide the second storage area for the second control lock after obtaining the second data packet, that is, after the second developer receives the second data packet sent by the server, the developer B determines the second storage area corresponding to the second control lock in the user lock based on the second data packet, and then the second developer may access the development data of the first developer by using the first permission file in the user lock, form the development data of the second developer on the basis of accessing the development data of the first developer, and then the second developer generates the second permission file by using the second control lock, and sending the second permission file to the user lock, and storing the second permission file into a second storage area after the user lock acquires the second permission file.

In an embodiment of the present application, after acquiring the first data packet sent by the server, the method further includes the following steps:

Specifically, the first development end is connected to the server, and may be further connected to another server with multiple purposes in a communication manner, and when the identity of the server communicating with the development end is determined, the first development end may use the server public key and the server private key. The server public key and the server private key appear in pairs, the server private key is stored by the server and can be used for signing the first data packet, and the signed first data packet is sent to the first issuing end. After the user lock acquires the first data packet, the user lock can utilize a pre-obtained public key of the server to check and sign the first data packet, if the check and sign are passed, the identity of the server is determined to be legal, the data in the first data packet is not tampered in the transmission process, and then the first data packet can be used for subsequent work. The identity of the server is judged by utilizing the server public key and the server private key, so that the safety of the first data packet is improved, and the phenomenon of using a wrong data packet is prevented.

In one embodiment of the present application, the authority of the first control lock to operate on the user lock is greater than that of the second control lock; alternatively, the first and second electrodes may be,

Specifically, when the authority of the first control lock for operating the user lock is greater than that of the second control lock, the user on the upper layer owning the first control lock can browse, modify or delete the development data of the user on the lower layer owning the second control lock, which gives greater authority to the upper layer user. And if the authority of the first control lock for operating the user lock is the same as that of the second control lock, the user on the upper layer with the first control lock cannot browse, modify or delete the development data of the user on the lower layer with the second control lock or cannot browse, modify or delete the development data of the users on the upper layer with the first control lock without authorization, and the development data of both sides are protected higher. Of course, the two situations can be set according to different use scenes, and the flexibility of user operation can be increased.

An embodiment of the present application further provides a data processing method, which is applied to a server, as shown in fig. 8 in combination with fig. 5, and the method includes the following steps:

s6, acquiring a first request, where the first request is a request generated by using a first control lock, and the first control lock is used to encrypt the development data of the first development end and issue a corresponding license file.

S7, in response to the first request, generating a first data packet corresponding to the first request.

The user lock comprises at least two storage areas, wherein at least the first storage area, such as a second storage area, a third storage area and the like, is included. In the process of protecting and authorizing development data, a control lock owned by a user at each layer can correspond to a storage area, the storage areas are independent, the stored license files have orderliness, and other license files in other storage areas cannot be influenced in the calling process. The server generates a corresponding first data packet based on the first request, wherein the corresponding first data packet has association information between the storage area and the control lock, so that the user lock can determine the first storage area corresponding to the first control lock based on the received first data packet.

S8, sending the first data packet to a user lock associated with the first control lock, so that the user lock determines a first storage area corresponding to the first control lock in the user lock based on the first data packet, and storing the first license file in the first storage area; the user lock comprises at least two storage areas, the at least two storage areas comprise the first storage area, and the first license file is a license file issued to the second development end by using the first control lock, so that the second development end can use the development data of the first development end through the user lock.

Specifically, after the server sends the first data packet to the user lock associated with the first control lock, the user lock determines a first storage area corresponding to the first control lock, and then stores the first license file in the first storage area, and the second user can perform development work of the second user by using the development data of the second development end based on the first development end. Therefore, the second user can acquire the first license file from the first storage area and can acquire the use license of the development data of the first development end, and the development data is used by the user to carry out development work of the user so as to generate development data of the user. Of course, the second user can also encrypt and authorize the development data of the second user by using the second control lock unique to the second user.

With reference to fig. 7, specifically, after completing the development work of the second user, the second user may encrypt the development data of the second development end by using a second control lock owned by the second user, and issue a corresponding license file. The second license file is a license file issued by the third issuing end/final user end by utilizing the second control lock. The second development end may generate a second request by using the first control lock, send the second request to the server, and the server sends a second data packet to the second development end in response to the second request, where the content in the second data packet may be the same as or different from the content in the first data packet. Illustratively, the second data packet also has therein association information between the storage area and the control lock, and particularly association information of the second control lock and the storage area. The user lock may determine a second storage area of the user lock corresponding to the second control lock based on the second data packet and then store the second permissions file in the second storage area.

In an embodiment of the present application, said sending the first data packet to the user lock associated with the first control lock, so that the user lock determines, based on the first data packet, a first storage area in the user lock corresponding to the first control lock, specifically includes:

The first control lock has an association relationship with the storage area, and after the server sends the first data packet including the first identifier to the user lock associated with the first control lock, the user lock may determine, based on the first identifier of the first control lock, the first storage area corresponding to the first control lock. Since the first identification uniquely identifies the first control lock, determining the first storage area is very accurate. In other layers of development processes, the user lock may also determine the storage area corresponding to the current control lock based on the identifier corresponding to the current control lock. Due to the unique function of the identification, disorder of the storage area is avoided, the association relation between each control lock and the corresponding storage area is determined, and users of all layers can use the user lock conveniently.

In an embodiment of the application, the first data packet further includes a development side certificate, and the sending the first data packet to a user lock associated with the first control lock, so that the user lock determines, based on the first data packet, a first storage area in the user lock corresponding to the first control lock, further includes:

In the process of dividing the storage area in the user lock, as shown in fig. 5, a user (such as a developer a) having a first control lock may trigger the first development end to send a first request to the server end by using the first control lock, and then receive a first data packet sent by the server end, and the user lock divides the storage area in the user lock by using the first data packet, and determines a first storage area corresponding to the first control lock. Of course, the division of the storage area in the user lock may be triggered by the manufacturer or the agent of the dongle after determining that the developer a purchases the first control lock and the user lock. As shown in fig. 6, the producer or the agent of the encryption lock divides a first storage area corresponding to the first control lock for the user lock by using the interaction between the third terminal and the server, then delivers the first control lock and the user lock to the developer a, generates a first permission file for the user lock by using the first control lock, and stores the first permission file in the first storage area of the user lock by the user lock

In an embodiment of the present application, said generating a corresponding first data packet based on the first request includes:

Specifically, the first development end is connected with the server and can also be in communication connection with other servers with multiple purposes, and when the identity of the server in communication with the development end is judged, the server public key and the server private key can be used for performing the judgment. The server public key and the server private key appear in pairs, the server private key is stored by the server and can be used for signing a first data packet, the signed first data packet is sent to the first issuing end, after the user lock acquires the first data packet, the first data packet can be verified and signed by using the server public key obtained in advance, if the verification and signing are passed, the identity of the server is determined to be legal, data in the first data packet are not tampered in the transmission process, and then the first data packet can be used for subsequent work. The identity of the server is judged by utilizing the server public key and the server private key, so that the safety of the first data packet is improved, and the phenomenon of using a wrong data packet is prevented.

The present embodiment further provides a user lock, as shown in fig. 9, including a memory and a processor, where the memory stores an executable program, and the processor executes the executable program to perform the following steps:

Specifically, the development data in the embodiment of the present application may be data formed by a developer when developing a product, such as software code, data required for software to run, and the like. For a developer, the developer may encrypt all data developed by the developer, or may encrypt part of critical data, which is not limited in this application.

The first control lock may be a control lock owned by the first user, and may encrypt development data in a first development end used by the first user and issue a corresponding license file, where the first control lock corresponds to the first development end. The first development end may be a computer, an encryption machine, or the like used by the first user, and the first license file may represent development data developed by the first user, such as a license (authorization) for use of software or other data, that is, a license for use of the development data of the first user by other users, such as development of software developed by the first user. Before or during development data authorization, the first development end can generate a first request by using the first control lock and send the first request to the server end. The server responds to the first request and sends a first data packet to the user lock, and the user lock acquires the first data packet.

The user lock comprises at least two storage areas, wherein at least the first storage area, such as a second storage area, a third storage area and the like, is included. In the process of protecting and authorizing development data, a control lock owned by a user at each layer can correspond to a storage area, the storage areas are independent, the stored license files have orderliness, and other license files in other storage areas cannot be influenced in the calling process. For example, the first data packet may have therein association information between the storage area and the control lock, so that the user lock may determine the first storage area corresponding to the first control lock based on the received first data packet.

After the user lock stores the first permission file in the first storage area, and after the second user obtains the user lock from the first user, the second user can obtain the first permission file from the first storage area of the user lock, so that the use permission of the development data of the first development end can be obtained, the development data is used by the user lock to carry out development work of the user, and development data of the user is generated. Of course, it is also possible to encrypt and authorize the development data itself using a second control lock unique to itself.

In one embodiment of the application, the processor executing the executable program further performs the steps of:

In one embodiment of the present application, the first data packet includes an originating certificate; the processor executing the executable program further performs the steps of:

An embodiment of the present application further provides a server, as shown in fig. 10, including a memory and a processor, where the memory stores an executable program, and the processor executes the executable program to perform the following steps:

Specifically, the first control lock may be a control lock owned by the first user, and may encrypt development data in a first development end used by the first user and issue a corresponding first license file, where the first control lock corresponds to the first development end. The first development end may be a computer, an encryption machine, or the like used by the first user, and the first license file may represent development data developed by the first user, such as a license (authorization) for use of software or other data, so as to license other users to use the development data of the first user, such as redevelopment performed on the software developed by the first user. In the process of carrying out development data authorization, the first control lock can also send a first request to the server side, the server side responds to the first request and sends a first data packet to the user lock, and the user lock acquires the first data packet.

After the server side sends the first data packet to the user lock associated with the first control lock, the user lock determines a first storage area corresponding to the first control lock, then the first permission file is stored in the first storage area, and a second user can utilize a second development end to carry out development work based on the development data of the first development end. Therefore, the second user can acquire the first license file from the first storage area and can acquire the use license of the development data of the first development end, and the development data is used by the user to carry out development work of the user so as to generate development data of the user. Of course, the second user can also encrypt and authorize the development data of the second user by using the second control lock unique to the second user.

In one embodiment of the application, the first data packet further includes an originating certificate, and the processor executing the executable program further performs the steps of:

An embodiment of the present application further provides a computer-readable storage medium, in which instructions are stored, and when the instructions are run on a computer, the data processing method as described above is implemented. The method comprises the implementation of the data processing method applied to the user lock and the data processing method applied to the server.

The method examples described herein may be machine or computer-implemented, at least in part. Some examples may include a computer-readable storage medium or machine-readable medium encoded with instructions operable to configure an electronic device to perform a method as described in the above examples. Implementations of these methods may include software code, such as microcode, assembly language code, higher level language code, and the like. Various software programming techniques may be used to create the various programs or program modules. For example, program segments or program modules may be designed in or by Java, Python, C + +, assembly language, or any known programming language. One or more such software segments or modules may be integrated into a computer system and/or computer-readable medium. Such software code may include computer readable instructions for performing various methods. Such software code may form part of a computer program product or a computer program module. Further, in one example, the code can be tangibly stored on one or more volatile, non-transitory, or non-volatile tangible computer-readable media, e.g., during runtime or at other times. Examples of such tangible computer-readable media may include, but are not limited to, hard disks, removable magnetic disks, removable optical disks (e.g., compact disks and digital video disks), magnetic tape, memory cards or sticks, Random Access Memories (RAMs), Read Only Memories (ROMs), and the like.

The above embodiments are only exemplary embodiments of the present application, and are not intended to limit the present application, and the protection scope of the present application is defined by the claims. Various modifications and equivalents may be made by those skilled in the art within the spirit and scope of the present application and such modifications and equivalents should also be considered to be within the scope of the present application.

Claims

1. A data processing method, applied to a user lock, the method comprising:

2. The method of claim 1, wherein the at least two storage areas further comprise a second storage area corresponding to a second control lock; the second control lock is used for encrypting the development data of the second development end and issuing a corresponding license file; the second storage area is used for storing a second license file, and the second license file is a license file issued to a third issuing source/end user side by using the second control lock, so that the third issuing source/end user side can use the development data of the first issuing source and the development data of the second issuing source through the user lock.

3. The method of claim 1, wherein determining a first storage area of the user lock corresponding to the first control lock based on the first packet comprises:

4. The method of claim 3, wherein determining the first storage area of the user lock corresponding to the first control lock based on the first identifier comprises:

5. The method of claim 1, wherein the first data packet includes an originating certificate;

the step of determining a first storage area in the user lock corresponding to the first control lock based on the first data packet comprises:

6. The method of claim 1, wherein after obtaining the first data packet sent by the server, the method further comprises:

7. The method of claim 2, wherein,

8. A data processing method is applied to a server side, and the method comprises the following steps:

9. The method of claim 8, wherein the at least two storage areas further comprise a second storage area corresponding to a second control lock; the second control lock is used for encrypting the development data of the second development end and issuing a corresponding license file; the second storage area is used for storing a second license file, and the second license file is a license file issued to a third issuing source/end user side by using the second control lock, so that the third issuing source/end user side can use the development data of the first issuing source and the development data of the second issuing source through the user lock.

10. The method of claim 8, wherein sending the first packet to a user lock associated with the first control lock, such that the user lock determines a first storage area of the user lock corresponding to the first control lock based on the first packet, comprises:

11. The method of claim 8, wherein the first data packet further includes a developer certificate, and wherein sending the first data packet to a user lock associated with the first control lock causes the user lock to determine a first storage area of the user lock corresponding to the first control lock based on the first data packet further comprises:

12. The method of claim 8, wherein generating the corresponding first data packet based on the first request comprises:

13. The method of claim 8, wherein the first control lock operates on the user lock more than the second control lock; alternatively, the first and second electrodes may be,

14. A user lock comprising a memory having an executable program stored therein and a processor executing the executable program to perform the steps of:

15. A server, comprising a memory and a processor, wherein the memory stores an executable program, and the processor executes the executable program to perform the following steps:

16. A computer-readable storage medium having stored thereon instructions which, when executed on a computer, implement the method of any one of claims 1-13.