CN112632476A - Algorithm authorization protection method and device, integrated circuit chip and electronic equipment - Google Patents
Algorithm authorization protection method and device, integrated circuit chip and electronic equipment Download PDFInfo
- Publication number
- CN112632476A CN112632476A CN202011614992.9A CN202011614992A CN112632476A CN 112632476 A CN112632476 A CN 112632476A CN 202011614992 A CN202011614992 A CN 202011614992A CN 112632476 A CN112632476 A CN 112632476A
- Authority
- CN
- China
- Prior art keywords
- authorization
- algorithm
- integrated circuit
- circuit chip
- certificate
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000013475 authorization Methods 0.000 title claims abstract description 198
- 238000000034 method Methods 0.000 title claims abstract description 55
- 238000012544 monitoring process Methods 0.000 claims abstract description 16
- 238000012795 verification Methods 0.000 claims description 19
- 238000004590 computer program Methods 0.000 claims description 12
- 238000012545 processing Methods 0.000 claims description 12
- 238000010586 diagram Methods 0.000 description 7
- 230000009286 beneficial effect Effects 0.000 description 5
- 230000006870 function Effects 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 238000001514 detection method Methods 0.000 description 3
- 239000000306 component Substances 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000010076 replication Effects 0.000 description 2
- 239000008358 core component Substances 0.000 description 1
- 238000009795 derivation Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The application relates to an algorithm authorization protection method and device, an integrated circuit chip and electronic equipment. The algorithm authorization protection method provided by the embodiment of the application comprises the following steps: monitoring whether an application program requests to call a core algorithm stored in an integrated circuit chip; if the application program requests to call the core algorithm, obtaining an authorization license certificate stored in the integrated circuit chip, wherein the authorization license certificate is generated after an authorization license issuing center in an algorithm authorization platform performs hash abstraction and digital signature on authorization license information, the authorization license information comprises a first product serial number, and the first product serial number is a product serial number of original electronic equipment corresponding to the integrated circuit chip; verifying the authorization certificate; if the authorization license certificate fails to verify, the application program is prevented from calling the core algorithm. The algorithm authorization protection method and device, the integrated circuit chip and the electronic equipment can prevent the core algorithm from being abused.
Description
Technical Field
The present application relates to the technical field of algorithm protection and authorization management, and in particular, to an algorithm authorization protection method, apparatus, integrated circuit chip and electronic device.
Background
The algorithm is usually a core component of high-precision software, such as a face recognition algorithm, a voice analysis algorithm, a die standard detection algorithm and the like, and a high-difficulty algorithm with high commercial value can be realized in one enterprise, so that the enterprise develops greatly, and only a few professionals can write the algorithm, so that the algorithm also has a very strong intellectual property protection value. However, the algorithm also has the common features of a general software product: the replication cost is low, the replication is easy to diffuse and difficult to manage, algorithm logics are reversed, an algorithm library is abused, algorithm authorization is easy to replicate, and huge economic losses are brought to enterprises and individual developers. Therefore, how to protect the algorithm from being abused becomes a technical problem which is urgently needed to be solved by each large enterprise.
Disclosure of Invention
An object of the present application is to provide an algorithm authorization protection method, apparatus, integrated circuit chip and electronic device, so as to solve the above problems.
In a first aspect, an embodiment of the present application provides an algorithm authorization protection method, including:
monitoring whether an application program requests to call a core algorithm stored in an integrated circuit chip;
if the application program requests to call the core algorithm, obtaining an authorization license certificate stored in the integrated circuit chip, wherein the authorization license certificate is generated after an authorization license issuing center in an algorithm authorization platform performs hash abstraction and digital signature on authorization license information, the authorization license information comprises a first product serial number, and the first product serial number is a product serial number of original electronic equipment corresponding to the integrated circuit chip;
verifying the authorization certificate;
if the authorization license certificate fails to verify, the application program is prevented from calling the core algorithm.
The algorithm authorization protection method provided by the embodiment of the application can monitor whether the application program requests to call the core algorithm stored in the integrated circuit chip, and when monitoring that the application program requests to call the core algorithm, obtaining an authorization license certificate stored in the integrated circuit chip, wherein the authorization license certificate is generated after a license certificate authority included in the algorithm authorization platform performs hash digest and digital signature on authorization license information, the authorization license information includes a first product serial number, the first product serial number is a product serial number of an original electronic device corresponding to the integrated circuit chip, and then, and verifying the authorized license certificate, and preventing the application program from calling the core algorithm if the authorized license certificate fails to be verified, namely allowing the application program to call the core algorithm only if the authorized license certificate passes the verification, thereby preventing the core algorithm from being abused.
With reference to the first aspect, an embodiment of the present application further provides a first optional implementation manner of the first aspect, where before monitoring whether the application program requests to invoke a core algorithm stored in the integrated circuit chip, the algorithm authorization protection method further includes:
obtaining an authorization license certificate;
the authorization credential is stored in a one-time programmable memory internal to the integrated circuit chip.
With reference to the first aspect, an embodiment of the present application further provides a second optional implementation manner of the first aspect, where if it is monitored that an application program requests to call a core algorithm, acquiring an authorization license certificate stored in an integrated circuit chip includes:
and if the application program is monitored to run in the general execution environment built in the integrated circuit chip and the core algorithm is requested to be called, controlling the algorithm protection program to run in the trusted execution environment built in the integrated circuit chip so as to obtain the authorization license certificate stored in the integrated circuit chip.
In the foregoing embodiment, if it is monitored that the application program requests to call the core algorithm, acquiring the authorization certificate stored in the integrated circuit chip includes: and if the application program is monitored to run in the general execution environment built in the integrated circuit chip and the core algorithm is requested to be called, controlling the algorithm protection program to run in the trusted execution environment built in the integrated circuit chip so as to obtain the authorization license certificate stored in the integrated circuit chip. Obviously, the application program runs in a general execution environment built in the integrated circuit chip, and the algorithm protection program runs in a trusted execution environment built in the integrated circuit chip, and the running environments are different, so that the reliability of core algorithm protection can be further improved.
With reference to the second optional implementation manner of the first aspect, an embodiment of the present application further provides a third optional implementation manner of the first aspect, where before monitoring whether the application program requests to invoke a core algorithm stored in an integrated circuit chip, the algorithm authorization protection method further includes:
integrating a software development kit of an algorithm protection program into a core algorithm to generate core algorithm firmware;
the core algorithm firmware is stored in the integrated circuit chip.
With reference to the first aspect, an embodiment of the present application further provides a fourth optional implementation manner of the first aspect, where verifying the authorization certificate includes:
verifying the authorization license certificate through a public key of the algorithm authorization platform, wherein the public key is derived from a first secret key pair generated in advance by an authorization license issuing center;
or sending the authorization license and the second product serial number to the algorithm authorization platform, so that the algorithm authorization platform verifies the authorization license according to the authorization license and the second product serial number, and returns a verification result to the integrated circuit chip, wherein the second product serial number is the product serial number of the electronic device corresponding to the integrated circuit chip at present.
With reference to the first aspect, an embodiment of the present application further provides a fifth optional implementation manner of the first aspect, where after the authorization certificate is verified, the algorithm authorization protection method further includes:
if the authorization license certificate passes the verification, the application program is allowed to call the core algorithm.
In a second aspect, an embodiment of the present application further provides an algorithm authorization protection device, including:
the program calls the monitoring module, whether the monitoring application requests to call the core algorithm stored in the integrated circuit chip;
the first certificate acquisition module is used for acquiring an authorization license certificate stored in the integrated circuit chip if the situation that the application program requests to call the core algorithm is monitored, wherein the authorization license certificate is generated after a Hash abstract and a digital signature are carried out on authorization license information by an authorization license issuing center included in an algorithm authorization platform, the authorization license information comprises a first product serial number, and the first product serial number is a product serial number of original electronic equipment corresponding to the integrated circuit chip;
the certificate verification module is used for verifying the authorization license certificate;
and the first program call control module is used for preventing the application program from calling the core algorithm when the authorization license certificate is not verified.
The algorithm authorization protection device provided in the embodiment of the present application has the same beneficial effects as the above algorithm authorization protection method, and details are not described here.
In a third aspect, an embodiment of the present application further provides an integrated circuit chip, which includes a processing module and a memory, where the memory stores a computer program, and the processing module is configured to execute the computer program to implement the algorithm authorization protection method provided in the first aspect or any optional implementation manner of the first aspect.
The integrated circuit chip provided by the embodiment of the application has the same beneficial effects as the algorithm authorization protection method, and details are not described herein.
In a fourth aspect, an embodiment of the present application further provides an electronic device, including the integrated circuit chip provided in the third aspect.
The electronic device provided by the embodiment of the application has the same beneficial effects as the integrated circuit chip, and the details are not repeated herein.
In a fifth aspect, an embodiment of the present application further provides a computer-readable storage medium, on which a computer program is stored, and when the computer program is executed, the method for protecting authorization of an algorithm provided in the foregoing first aspect or any optional implementation manner of the first aspect is implemented.
The computer-readable storage medium provided in the embodiment of the present application has the same beneficial effects as the above algorithm authorization protection method, and is not described herein again.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments of the present application will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and that those skilled in the art can also obtain other related drawings based on the drawings without inventive efforts.
Fig. 1 is a schematic diagram of a composition structure of an integrated circuit chip according to an embodiment of the present disclosure.
Fig. 2 is a flowchart illustrating steps of an algorithm authorization protection method according to an embodiment of the present disclosure.
Fig. 3 is a schematic structural block diagram of an algorithm authorization protection device according to an embodiment of the present application.
Reference numerals: 100-an integrated circuit chip; 110-a processing module; 120-a memory; 200-algorithm authorization protection device; 210-procedure call monitoring module; 220-a first certificate acquisition module; 230-a certificate verification module; 240-first program calls the control module.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application. Furthermore, it should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures.
Please refer to fig. 1, which is a schematic diagram of a structure of an integrated circuit chip 100 according to an embodiment of the present disclosure. The integrated circuit chip 100 provided by the embodiment of the present application includes a processing module 110 and a memory 120.
The processing module 110 and the memory 120 are electrically connected, directly or indirectly, to enable the transfer or interaction of data. The algorithmic authorization protection means comprise at least one software module which may be stored in the form of software or Firmware (Firmware) in the memory 120. The processing module 110 is used for executing executable modules stored in the memory 120, such as software functional modules and computer programs included in the algorithm authorization protection device, so as to implement the algorithm authorization protection method.
The processing module 110 may execute the computer program upon receiving the execution instruction. The processing module 110 may be a functional module with signal processing capability, and the Memory 120 may be a One Time Programmable (OTP) chip, such as an electrically Programmable fuse (e-fuse) or an electrically Erasable Programmable Read-Only Memory (EEPROM). The memory 120 is used for storing a program, and the processing module 110 executes the program after receiving the execution instruction.
It should be understood that the structure shown in fig. 1 is merely an illustration, and the integrated circuit chip 100 provided in the embodiment of the present application may have fewer or more components than those shown in fig. 1, or have a different configuration than that shown in fig. 1, and furthermore, each component shown in fig. 1 may be implemented by software, hardware, or a combination thereof.
Further, an embodiment of the present application provides an electronic device, which includes the above integrated circuit chip. In this embodiment of the application, the electronic Device may be a terminal Device, such as a computer, a Personal Digital Assistant (PAD), a Mobile Internet Device (MID), and the like, and may also be a server, which is not limited in this embodiment of the application.
Referring to fig. 2, a flow chart of an algorithm authorization protection method according to an embodiment of the present application is shown, and the method is applied to the integrated circuit chip 100 shown in fig. 1. It should be noted that, the algorithm authorization protection method provided in the embodiment of the present application is not limited by the sequence shown in fig. 2 and the following, and the specific flow and steps of the algorithm authorization protection method are described below with reference to fig. 2.
Step S100, monitoring whether the application program requests to call a core algorithm stored in the integrated circuit chip.
In the embodiment of the application, the core algorithm can be a high-difficulty algorithm with higher commercial value, such as a face recognition algorithm, a voice analysis algorithm, a die standard detection algorithm and the like. In addition, in the embodiment of the present application, the core algorithm is pre-stored in the integrated circuit chip, and based on this, the algorithm authorization protection method provided in the embodiment of the present application may further include step S011 and step S012 before step S100 is executed.
Step S011, integrating the software development kit of the algorithm protection program into the core algorithm to generate the core algorithm firmware.
Step S012, storing the core algorithm firmware in the integrated circuit chip.
In actual implementation, a Software Development Kit (SDK) of the algorithm protection program may be integrated in the core algorithm, and then compiled by a Trusted Execution Environment (TEE) compiling tool to generate a core algorithm firmware, and the core algorithm firmware is encrypted by a second key, and finally, the encrypted core algorithm firmware is stored in the integrated circuit chip. The second key pair may be derived by a key derivation algorithm to serve as an encryption key pair for the core algorithm.
Step S200, if it is monitored that the application program requests to call the core algorithm, obtaining an authorization license certificate stored in the integrated circuit chip, wherein the authorization license certificate is generated after a hash abstract and a digital signature are carried out on authorization license information by an authorization license issuing center included in an algorithm authorization platform, the authorization license information includes a first product serial number, and the first product serial number is a product serial number of original electronic equipment corresponding to the integrated circuit chip.
According to step S200, it can be understood that, in the embodiment of the present application, the authorized license needs to be obtained in advance, and the authorized license is stored inside the integrated circuit chip, based on which, it can be understood that the method for protecting the authorization of the algorithm provided in the embodiment of the present application may further include step S021 and step S022 before step S200 is executed.
And step S021, obtaining an authorization license certificate.
Step S022 stores the authorization license certificate in a one-time programmable memory inside the integrated circuit chip.
For an authorized license certificate, it may be generated by:
when a user needs to load a core algorithm to an integrated circuit chip with a TEE, the authorization permission information of original electronic equipment corresponding to the integrated circuit chip is obtained through a production tool and is sent to an authorization permission certificate issuing center included in an algorithm authorization platform. In practical implementation, the authorization permission information of the original electronic device corresponding to the integrated circuit chip may include, but is not limited to, a Serial Number (SN) of the original electronic device, an authorization lifetime, a name of a company to which the original electronic device belongs, and an authorization Number of usage times, where the SN of the original electronic device is the first SN.
The authorization license certificate authority hashes and digitally signs the authorization license information to generate an authorization license certificate.
Based on the above description, in the embodiment of the present application, the integrated circuit chip may obtain the authorized license certificate from the authorized license certificate authority and store the authorized license certificate in the one-time programmable memory inside the integrated circuit chip, for example, OTP and Efuse.
Furthermore, it can be understood that, in order to ensure the execution efficiency and reliability of the algorithm authorization protection method, in the embodiment of the present application, step S021 and step S022 essentially need to be executed before step S100.
For step S200, in actual implementation, when it is monitored that the application program runs in the general execution environment built in the integrated circuit chip and requests to call the core algorithm, the algorithm protection program is controlled to run in the trusted execution environment built in the integrated circuit chip to obtain the authorization license certificate stored in the integrated circuit chip.
Obviously, in the embodiment of the present application, the application program runs in a universal Execution Environment (REE) built in the integrated circuit chip, and the algorithm protection program runs in a TEE built in the integrated circuit chip, which have different running environments, so that mutual isolation between the application program and the algorithm protection program can be realized, thereby further improving the reliability of core algorithm protection.
Step S300, the authorization license certificate is verified.
As for step S300, in this embodiment of the present application, as a first optional implementation manner, the authorization certificate may be verified by a public key of the algorithm authorization platform, where the public key is derived from a first key pair generated in advance by an authorization certificate authority.
Based on the above description, it can be understood that, in the embodiment of the present application, the license authority further needs to generate, in advance, a first secret key pair as a signature secret key of the algorithm authorization platform, where the first secret key pair includes a public key and a private key, where the public key is denoted by PKm, and the private key is denoted by SKm. In this manner, it becomes possible to verify the authorization certificate by the public key of the algorithm authorization platform when step S300 is performed.
As for step S300, in this embodiment of the present application, as a second optional implementation manner, the method may also send the authorization license and the second product serial number to the algorithm authorization platform, so that the algorithm authorization platform verifies the authorization license according to the authorization license and the second product serial number, and returns a verification result to the integrated circuit chip, where the second product serial number is a product serial number of the electronic device corresponding to the integrated circuit chip currently.
It can be understood that, in the embodiment of the present application, the specific way for the algorithm authorization platform to verify the authorization license certificate according to the authorization license certificate and the second SN may be to determine whether the second SN is consistent with the first SN, if the second SN is consistent with the first SN, the verification result is passed, and if the second SN is not consistent with the first SN, the verification result is failed.
In step S400, if the authorization certificate is not verified, the application is prevented from invoking the core algorithm.
Of course, it can be understood that, in the embodiment of the present application, if the authorization certificate is verified, the application program is allowed to call the core algorithm. In addition, when the core algorithm is allowed to be called, the core algorithm is decrypted by the second secret key, and the decrypted core algorithm is executed in the memory of the TEE. Because the memory of the TEE is isolated and protected, all core algorithms cannot be read and leaked by a common user.
Based on the same inventive concept as the algorithm authorization protection method, the embodiment of the present application further provides an algorithm authorization protection device 200. Referring to fig. 3, the algorithm authorization protection device 200 according to the embodiment of the present application includes a procedure call monitoring module 210, a first certificate obtaining module 220, a certificate verifying module 230, and a first procedure call control module 240.
The procedure call detection module 210 monitors whether the application requests a call to a core algorithm stored within the integrated circuit chip.
The first certificate obtaining module 220 is configured to obtain an authorization license certificate stored in the integrated circuit chip if it is monitored that the application program requests to call the core algorithm, where the authorization license certificate is generated after a hash digest and a digital signature are performed on authorization license information by an authorization license certificate authority included in the algorithm authorization platform, the authorization license information includes a first product serial number, and the first product serial number is a product serial number of an original electronic device corresponding to the integrated circuit chip.
A certificate verification module 230 for verifying the authorized license certificate.
The first program calls the control module 240 for preventing the application program from calling the core algorithm when the authorization certificate is not verified.
The algorithm authorization protection device provided by the embodiment of the application can further comprise a second certificate acquisition module and a certificate storage module.
And the second certificate acquisition module is used for acquiring the authorization license certificate.
And the certificate storage module is used for storing the authorization license certificate in a one-time programmable memory inside the integrated circuit chip.
In this embodiment of the application, the first certificate storage module may include a first certificate acquisition unit.
The first certificate acquisition unit is used for controlling the algorithm protection program to operate in a trusted execution environment built in the integrated circuit chip when monitoring that the application program operates in a general execution environment built in the integrated circuit chip and requesting to call the core algorithm so as to acquire the authorization license certificate stored in the integrated circuit chip.
The algorithm authorization protection device provided by the embodiment of the application can further comprise a core algorithm firmware generation module and a core algorithm firmware storage module.
And the core algorithm firmware generation module is used for integrating a software development kit of the algorithm protection program into the core algorithm so as to generate the core algorithm firmware.
And the core algorithm firmware storage module is used for storing the core algorithm firmware into the integrated circuit chip.
In the embodiment of the present application, the certificate verification module 230 may include a first certificate verification unit or a second certificate verification unit.
The first certificate verification unit is used for verifying the authorization license certificate through a public key of the algorithm authorization platform, wherein the public key is derived from a first secret key pair generated in advance by an authorization license issuing center;
and the second certificate verification unit is used for sending the authorization license certificate and the second product serial number to the algorithm authorization platform so that the algorithm authorization platform verifies the authorization license certificate according to the authorization license certificate and the second product serial number, and returns a verification result to the integrated circuit chip, wherein the second product serial number is the product serial number of the electronic equipment corresponding to the integrated circuit chip at present.
The algorithm authorization protection device provided by the embodiment of the application can further comprise a second program call control module.
And the second program calls the control module and is used for allowing the application program to call the core algorithm when the authorization license certificate passes verification.
Since the algorithm authorization protection device 200 provided in the embodiment of the present application is implemented based on the same inventive concept as the algorithm authorization protection, specific descriptions of each software module in the algorithm authorization protection device 200 can be referred to the related descriptions of the corresponding steps in the embodiment of the algorithm authorization protection method, and are not described herein again.
In addition, an embodiment of the present application further provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed, the method for protecting authorization of an algorithm provided in the foregoing method embodiment is implemented.
In summary, the algorithm authorization protection method provided in the embodiment of the present application can monitor whether the application program requests to invoke the core algorithm stored in the integrated circuit chip, and when it is monitored that the application program requests to invoke the core algorithm, obtain the authorization license certificate stored in the integrated circuit chip, where the authorization license certificate is generated after the authorization license information is hashed and digitally signed by the authorization license certificate authority included in the algorithm authorization platform, the authorization license information includes the first product serial number, and the first product serial number is the product serial number of the original electronic device corresponding to the integrated circuit chip, and thereafter, verify the authorization license certificate, and when the authorization license certificate fails to verify, prevent the application program from invoking the core algorithm, that is, only when the authorization license certificate verifies, the application program is allowed to invoke the core algorithm, thereby preventing the core algorithm from being abused.
Further, the algorithm authorization protection device, the integrated circuit chip, the electronic device and the computer readable storage medium provided in the embodiment of the present application have the same beneficial effects as those of the algorithm authorization protection method described above, and are not described herein again.
In the several embodiments provided in the examples of the present application, it should be understood that the disclosed method and apparatus may be implemented in other ways. The apparatus embodiments described above are merely illustrative, and for example, the flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions. In addition, the functional modules in each embodiment of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
Further, the functions may be stored in a computer-readable storage medium if they are implemented in the form of software functional modules and sold or used as independent products. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method described in each embodiment of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a U disk, a removable hard disk, a ROM, a RAM, a magnetic disk, or an optical disk.
It is further noted that, herein, relational terms such as "first," "second," "third," and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.
Claims (10)
1. An algorithm authorization protection method, comprising:
monitoring whether an application program requests to call a core algorithm stored in an integrated circuit chip;
if the application program requests to call the core algorithm, obtaining an authorization license certificate stored in the integrated circuit chip, wherein the authorization license certificate is generated after an authorization license issuing center in an algorithm authorization platform performs hash digest and digital signature on authorization license information, the authorization license information comprises a first product serial number, and the first product serial number is a product serial number of original electronic equipment corresponding to the integrated circuit chip;
verifying the authorization license;
and if the authorization license certificate is not verified, preventing the application program from calling the core algorithm.
2. The algorithm authorization protection method according to claim 1, wherein before the monitoring application requests to invoke a core algorithm stored within the integrated circuit chip, the algorithm authorization protection method further comprises:
acquiring the authorization license certificate;
storing the authorization credential in a one-time programmable memory internal to the integrated circuit chip.
3. The method according to claim 1, wherein the obtaining an authorization license certificate stored in the ic chip if it is monitored that the application requests to invoke the core algorithm comprises:
and if the application program is monitored to run in the general execution environment built in the integrated circuit chip and the core algorithm is requested to be called, controlling an algorithm protection program to run in a trusted execution environment built in the integrated circuit chip so as to obtain the authorization license certificate stored in the integrated circuit chip.
4. The algorithm authorization protection method according to claim 3, wherein before the monitoring application requests to invoke a core algorithm stored within the integrated circuit chip, the algorithm authorization protection method further comprises:
integrating a software development kit for the algorithm protection program in the core algorithm to generate core algorithm firmware;
storing the core algorithm firmware into the integrated circuit chip.
5. The algorithmic authorization protection method of claim 1, wherein the verifying the authorization credential comprises:
verifying the authorization license certificate through a public key of an algorithm authorization platform, wherein the public key is derived from a first secret key pair generated by the authorization license certificate issuing center in advance;
or sending the authorization license certificate and a second product serial number to the algorithm authorization platform, so that the algorithm authorization platform verifies the authorization license certificate according to the authorization license certificate and the second product serial number, and returns a verification result to the integrated circuit chip, wherein the second product serial number is the product serial number of the electronic device corresponding to the integrated circuit chip currently.
6. The algorithm authorization protection method according to claim 1, wherein after the verifying the authorization license certificate, the algorithm authorization protection method further comprises:
and if the authorization license certificate passes verification, allowing the application program to call the core algorithm.
7. An algorithmic authorization protection device, comprising:
the program calls the monitoring module, whether the monitoring application requests to call the core algorithm stored in the integrated circuit chip;
a first certificate acquisition module, configured to acquire an authorization license certificate stored in the integrated circuit chip if it is monitored that the application program requests to call the core algorithm, where the authorization license certificate is generated after a hash digest and a digital signature are performed on authorization license information by an authorization license issuing center included in an algorithm authorization platform, the authorization license information includes a first product serial number, and the first product serial number is a product serial number of an original electronic device corresponding to the integrated circuit chip;
the certificate verification module is used for verifying the authorization license certificate;
and the first program call control module is used for preventing the application program from calling the core algorithm when the authorization license certificate is not verified.
8. An integrated circuit chip comprising a processing module and a memory, the memory having a computer program stored thereon, the processing module being configured to execute the computer program to implement the algorithm authorization protection method according to any of claims 1 to 6.
9. An electronic device comprising the integrated circuit chip of claim 8.
10. A computer-readable storage medium, having stored thereon a computer program which, when executed, implements the algorithm authorization protection method of any of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011614992.9A CN112632476A (en) | 2020-12-31 | 2020-12-31 | Algorithm authorization protection method and device, integrated circuit chip and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011614992.9A CN112632476A (en) | 2020-12-31 | 2020-12-31 | Algorithm authorization protection method and device, integrated circuit chip and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112632476A true CN112632476A (en) | 2021-04-09 |
Family
ID=75287076
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011614992.9A Pending CN112632476A (en) | 2020-12-31 | 2020-12-31 | Algorithm authorization protection method and device, integrated circuit chip and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112632476A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113326480A (en) * | 2021-06-01 | 2021-08-31 | 北京联创新天科技有限公司 | Authorization verification method, device, medium and equipment for application program |
| CN115391750A (en) * | 2022-10-26 | 2022-11-25 | 浙江华东工程数字技术有限公司 | Algorithm authorization method and device, electronic equipment and storage medium |
Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030156719A1 (en) * | 2002-02-05 | 2003-08-21 | Cronce Paul A. | Delivery of a secure software license for a software product and a toolset for creating the sorftware product |
| US20040015962A1 (en) * | 2001-03-23 | 2004-01-22 | International Business Machines Corporation | Method and system for controlling use of software programs |
| US20080072055A1 (en) * | 2006-05-09 | 2008-03-20 | Volkovs Nikolajs | Digital signature scheme based on the division algorithm and the discrete logarithm problem |
| CN101364249A (en) * | 2007-08-06 | 2009-02-11 | 北京中电华大电子设计有限责任公司 | Safety algorithm protection method |
| CN101853349A (en) * | 2010-05-24 | 2010-10-06 | 覃云川 | Digital product license management system |
| CN102035653A (en) * | 2010-11-30 | 2011-04-27 | 中国联合网络通信集团有限公司 | Controllable distributing method and system used in software examining and verifying stage |
| US20110197077A1 (en) * | 2010-02-05 | 2011-08-11 | General Instrument Corporation | Software feature authorization through delegated agents |
| CN104023009A (en) * | 2014-05-26 | 2014-09-03 | 国云科技股份有限公司 | Web system license verification mechansim |
| CN105491062A (en) * | 2015-12-30 | 2016-04-13 | 北京神州绿盟信息安全科技股份有限公司 | Client software protection method and device, and client |
| US20190251232A1 (en) * | 2016-10-24 | 2019-08-15 | Carl M. Clark | Software algorithm security |
| CN110633074A (en) * | 2019-09-19 | 2019-12-31 | 北京猎户星空科技有限公司 | Use control method and device of software development kit |
| CN110737538A (en) * | 2019-10-29 | 2020-01-31 | 曹严清 | algorithm model calling system based on thrift |
| CN111339523A (en) * | 2020-02-21 | 2020-06-26 | 深圳英飞拓智能技术有限公司 | Authorization method and device of embedded device |
| CN111431726A (en) * | 2020-06-11 | 2020-07-17 | 深圳市友杰智新科技有限公司 | Algorithm authorization method, device, computer equipment and storage medium |
-
2020
- 2020-12-31 CN CN202011614992.9A patent/CN112632476A/en active Pending
Patent Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040015962A1 (en) * | 2001-03-23 | 2004-01-22 | International Business Machines Corporation | Method and system for controlling use of software programs |
| US20030156719A1 (en) * | 2002-02-05 | 2003-08-21 | Cronce Paul A. | Delivery of a secure software license for a software product and a toolset for creating the sorftware product |
| US20080072055A1 (en) * | 2006-05-09 | 2008-03-20 | Volkovs Nikolajs | Digital signature scheme based on the division algorithm and the discrete logarithm problem |
| CN101364249A (en) * | 2007-08-06 | 2009-02-11 | 北京中电华大电子设计有限责任公司 | Safety algorithm protection method |
| US20110197077A1 (en) * | 2010-02-05 | 2011-08-11 | General Instrument Corporation | Software feature authorization through delegated agents |
| CN101853349A (en) * | 2010-05-24 | 2010-10-06 | 覃云川 | Digital product license management system |
| CN102035653A (en) * | 2010-11-30 | 2011-04-27 | 中国联合网络通信集团有限公司 | Controllable distributing method and system used in software examining and verifying stage |
| CN104023009A (en) * | 2014-05-26 | 2014-09-03 | 国云科技股份有限公司 | Web system license verification mechansim |
| CN105491062A (en) * | 2015-12-30 | 2016-04-13 | 北京神州绿盟信息安全科技股份有限公司 | Client software protection method and device, and client |
| US20190251232A1 (en) * | 2016-10-24 | 2019-08-15 | Carl M. Clark | Software algorithm security |
| CN110633074A (en) * | 2019-09-19 | 2019-12-31 | 北京猎户星空科技有限公司 | Use control method and device of software development kit |
| CN110737538A (en) * | 2019-10-29 | 2020-01-31 | 曹严清 | algorithm model calling system based on thrift |
| CN111339523A (en) * | 2020-02-21 | 2020-06-26 | 深圳英飞拓智能技术有限公司 | Authorization method and device of embedded device |
| CN111431726A (en) * | 2020-06-11 | 2020-07-17 | 深圳市友杰智新科技有限公司 | Algorithm authorization method, device, computer equipment and storage medium |
Non-Patent Citations (3)
| Title |
|---|
| BLOCKVC: "共识之美:区块链经济的全景与未来", vol. 978, 北京:经济日报出版社, pages: 98 * |
| KNOWTHYSELFCN: "软件授权与加密技术简单原理", pages 7, Retrieved from the Internet <URL:《https://blog.csdn.net/cloudqiu/article/details/102932824》> * |
| 魏永合;舒启林;: "基于权限和任务的工作流授权合理性验证", 计算机集成制造***, no. 07 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113326480A (en) * | 2021-06-01 | 2021-08-31 | 北京联创新天科技有限公司 | Authorization verification method, device, medium and equipment for application program |
| CN113326480B (en) * | 2021-06-01 | 2024-02-20 | 北京联创新天科技有限公司 | Authorization verification method, device, medium and equipment for application program |
| CN115391750A (en) * | 2022-10-26 | 2022-11-25 | 浙江华东工程数字技术有限公司 | Algorithm authorization method and device, electronic equipment and storage medium |
| CN115391750B (en) * | 2022-10-26 | 2023-02-14 | 浙江华东工程数字技术有限公司 | Algorithm authorization method and device, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110414268B (en) | Access control method, device, equipment and storage medium | |
| CN112184222B (en) | Service processing method, device and equipment based on block chain | |
| CN109313690B (en) | Self-contained encrypted boot policy verification | |
| EP2876568B1 (en) | Permission management method and apparatus, and terminal | |
| US10069860B1 (en) | Protection for computing systems from revoked system updates | |
| CN110555293A (en) | Method, apparatus, electronic device and computer readable medium for protecting data | |
| EP3552131B1 (en) | Password security | |
| CN106293691A (en) | Automatic discovery and installation of secure boot credentials | |
| CN106936588B (en) | Hosting method, device and system of hardware control lock | |
| JP2015514269A (en) | Offline authentication with built-in authorization attributes | |
| CN103765429A (en) | Digital signing authority dependent platform secret | |
| CN112800436B (en) | Data authorization method and device and electronic equipment | |
| CN110826091B (en) | File signature method and device, electronic equipment and readable storage medium | |
| CN112632476A (en) | Algorithm authorization protection method and device, integrated circuit chip and electronic equipment | |
| CN111340483A (en) | Data management method based on block chain and related equipment | |
| US10158623B2 (en) | Data theft deterrence | |
| CN110851851B (en) | Authority management method, device and equipment in block chain type account book | |
| CN110232570B (en) | Information supervision method and device | |
| CN115062330B (en) | TPM-based intelligent password key password application interface implementation method | |
| CN111600882A (en) | Block chain-based account password management method and device and electronic equipment | |
| CN108345804B (en) | Storage method and device in trusted computing environment | |
| CN111291001A (en) | Reading method and device of computer file, computer system and storage medium | |
| US11997215B2 (en) | Secret protection during software development life cycle | |
| CN113901498B (en) | Data sharing method, device, equipment and storage medium | |
| CN115114657A (en) | Data protection method, electronic device and computer storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |