[go: up one dir, main page]

CN114817956A - USB communication object verification method, system, device and storage medium - Google Patents

USB communication object verification method, system, device and storage medium Download PDF

Info

Publication number
CN114817956A
CN114817956A CN202210408071.XA CN202210408071A CN114817956A CN 114817956 A CN114817956 A CN 114817956A CN 202210408071 A CN202210408071 A CN 202210408071A CN 114817956 A CN114817956 A CN 114817956A
Authority
CN
China
Prior art keywords
communication object
instruction
result
verification
random number
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210408071.XA
Other languages
Chinese (zh)
Inventor
欧阳焜
王伟
余显杨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Allwinner Technology Co Ltd
Original Assignee
Allwinner Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Allwinner Technology Co Ltd filed Critical Allwinner Technology Co Ltd
Priority to CN202210408071.XA priority Critical patent/CN114817956A/en
Publication of CN114817956A publication Critical patent/CN114817956A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Signal Processing (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Storage Device Security (AREA)

Abstract

本发明公开了一种USB通信对象验证方法、系统、装置及存储介质。所述方法包括:根据第一请求生成随机数和第一指令;通信对象根据第一指令和第一密钥对随机数进行加密生成第一数据;通过第二密钥对第一数据进行解密生成第二数据;根据第二数据和随机数生成验证结果;根据验证结果处理第二指令。本发明通过在处理通信对象下发的控制指令之前对通信对象进行验证,提高了设备的安全性;由于无需对通信对象下发的指令内容进行针对性限制,提升了灵活性;通过生成随机数并通过通信对象加密随机数、设备端解密随机数密文的方式验证通信对象,无需引入额外的硬件,降低了成本,并且每次验证过程中生成的随机数不一致,进一步提高了设备的安全性。

Figure 202210408071

The invention discloses a USB communication object verification method, system, device and storage medium. The method includes: generating a random number and a first instruction according to a first request; a communication object encrypting the random number according to the first instruction and a first key to generate first data; decrypting the first data with a second key to generate second data; generating a verification result according to the second data and the random number; processing the second instruction according to the verification result. The invention improves the security of the device by verifying the communication object before processing the control instruction issued by the communication object; because it does not need to restrict the content of the instruction issued by the communication object, the flexibility is improved; by generating random numbers The communication object is verified by encrypting the random number of the communication object and decrypting the ciphertext of the random number on the device side, without introducing additional hardware, which reduces the cost, and the random numbers generated in each verification process are inconsistent, which further improves the security of the device. .

Figure 202210408071

Description

USB communication object verification method, system, device and storage medium
Technical Field
The present application relates to the field of USB communication technologies, and in particular, to a method, a system, an apparatus, and a storage medium for USB communication object authentication.
Background
Developers use the USB tool to issue commands to the device that can query the device for information, control the state of the device, or download new firmware into the device. For example, in the actual production process, a USB communication function is added to the BOOT ROM of the chip, so that the chip can communicate with the BOOT ROM of the chip through a USB port to complete the firmware burning operation. In order to improve the security of USB communication, SoC manufacturers generally design a proprietary USB communication protocol to complete the above-mentioned development and debugging operations, and provide a complementary USB tool. However, an attacker can perform packet capture analysis through the USB analyzer, crack the private USB communication protocol, and provide the USB communication protocol to any third party, thereby developing a corresponding USB cracking tool to control the device to accomplish various illegal purposes, such as reading sensitive information stored in the device and downloading malicious codes into the device, which threatens the device and information stored in the device, and greatly destroys the security of the device.
At present, in order to prevent a malicious third party from using a self-developed USB tool to steal information stored in a device and even download a tampered firmware into the device to completely modify the behavior of the device, on one hand, the method in the industry generally performs a corresponding check on a command before the command such as data read/write and program operation is executed, so as to limit the effect of the command. For example, the range in which data can be actually read and written is limited for data read and write commands; and aiming at the program operation command, performing security verification on the program before the program is operated. Obviously, although the method of performing targeted check before command execution can achieve a certain protection effect, the method has many types of commands such as data read/write and program operation, and is difficult to perform thorough check on the commands. On the other hand, the industry generally limits the USB tools, and eliminates the USB tools developed by malicious third parties by verifying the validity of the USB tools. However, the conventional USB tool restriction method needs to introduce an additional verification chip, which increases the hardware cost of the device.
Disclosure of Invention
The present invention aims to solve at least to some extent one of the technical problems existing in the prior art.
Therefore, an object of the embodiments of the present invention is to provide a method, a system, a device, and a storage medium for verifying a USB communication object, so as to verify the USB communication object without introducing an additional verification chip, thereby reducing hardware cost and improving security.
In order to achieve the technical purpose, the technical scheme adopted by the embodiment of the invention comprises the following steps:
in a first aspect, an embodiment of the present invention provides a method for verifying a USB communication object, including the following steps:
generating a random number and a first instruction according to a first request, wherein the first request is a connection request sent by the communication object;
after the communication object receives the random number and the first instruction, encrypting the random number according to the first instruction and a first key to generate first data;
decrypting the first data through a second key to generate second data;
generating a verification result according to the second data and the random number;
and processing a second instruction according to the verification result, wherein the second instruction is a control instruction sent by the communication object.
According to the USB communication object verification method provided by the embodiment of the invention, the communication object is verified before the control instruction issued by the communication object is processed, so that the safety of equipment is improved, the information stored in the equipment is protected, and the behavior of the equipment is prevented from being tampered; by directly verifying the communication object, the instruction content issued by the communication object does not need to be subjected to targeted limitation, so that the flexibility is improved; the communication object is verified in a mode of generating the random number, encrypting the random number through the communication object and decrypting the random number ciphertext through the equipment end, extra hardware is not needed to be introduced, the cost is reduced, the random numbers generated in each verification process are inconsistent, and the safety of the equipment is further improved.
In addition, the USB communication object authentication method according to the above embodiment of the present invention may further have the following additional technical features:
further, in the method for authenticating a USB communication object according to the embodiment of the present invention, before the step of encrypting the random number according to the first instruction and generating the first data, the method further includes:
acquiring a second request;
and sending the random number and the first instruction to the communication object according to the second request.
Further, in one embodiment of the present invention, the verification result includes a first result and a second result;
the generating a verification result according to the second data and the random number comprises:
judging whether the second data is consistent with the random number;
if so, generating the first result, wherein the first result is that the verification is passed;
and if not, generating the second result, wherein the second result is that the verification is not passed.
Further, in an embodiment of the present invention, the processing the second instruction according to the verification result includes:
if the verification result is a first result, executing the second instruction;
and if the verification result is a second result, rejecting the second instruction.
In a second aspect, an embodiment of the present invention provides a USB communication object verification system, including:
the random number generation module is used for generating a random number and a first instruction according to the first request;
the decryption module is used for decrypting the first data through a second key to generate second data;
the verification module is used for generating a verification result according to the second data and the random number;
and the instruction processing module is used for processing a second instruction according to the verification result.
Further, in an embodiment of the present invention, the USB communication object authentication system further includes:
the acquisition module is used for acquiring a second request;
and the sending module is used for sending the random number and the first instruction to the communication object according to the second request.
Further, in one embodiment of the present invention, the verification result includes a first result and a second result;
the authentication module includes:
the judging module is used for judging whether the second data is consistent with the random number or not;
the verification result generation module is used for generating the first result if the first result is positive; and if not, generating the second result.
Further, in one embodiment of the present invention, the instruction processing module includes:
the instruction execution module is used for executing the second instruction if the verification result is the first result;
and the instruction rejection module is used for rejecting the second instruction if the verification result is a second result.
In a third aspect, an embodiment of the present invention provides a USB communication object verification apparatus, including:
at least one processor;
at least one memory for storing at least one program;
when the at least one program is executed by the at least one processor, the at least one program causes the at least one processor to implement the USB communication object authentication method.
In a fourth aspect, an embodiment of the present invention provides a storage medium, in which a processor-executable program is stored, and the processor-executable program is used for implementing the USB communication object authentication method when being executed by a processor.
Advantages and benefits of the present invention will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the present application:
the embodiment of the invention verifies the communication object before processing the control command issued by the communication object, thereby improving the safety of the equipment, protecting the information stored in the equipment and preventing the behavior of the equipment from being tampered; by directly verifying the communication object, the instruction content issued by the communication object does not need to be subjected to targeted limitation, so that the flexibility is improved; the communication object is verified in a mode of generating the random number, encrypting the random number through the communication object and decrypting the random number ciphertext through the equipment end, extra hardware is not needed to be introduced, the cost is reduced, the random numbers generated in each verification process are inconsistent, and the safety of the equipment is further improved.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the following description is made on the drawings of the embodiments of the present application or the related technical solutions in the prior art, and it should be understood that the drawings in the following description are only for convenience and clarity of describing some embodiments in the technical solutions of the present application, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without creative efforts.
FIG. 1 is a flow chart illustrating a USB communication object authentication method according to an embodiment of the present invention;
FIG. 2 is a schematic structural diagram of a USB communication object authentication system according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a USB communication object authentication apparatus according to an embodiment of the present invention.
Detailed Description
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are exemplary only for the purpose of explaining the present application and are not to be construed as limiting the present application. The step numbers in the following embodiments are provided only for convenience of illustration, the order between the steps is not limited at all, and the execution order of each step in the embodiments can be adapted according to the understanding of those skilled in the art.
The terms "first," "second," "third," and "fourth," etc. in the description and claims of the invention and in the accompanying drawings are used for distinguishing between different objects and not for describing a particular order. Furthermore, the terms "include" and "have," as well as any variations thereof, are intended to cover non-exclusive inclusions. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those steps or elements listed, but may alternatively include other steps or elements not listed, or inherent to such process, method, article, or apparatus.
Reference in the specification to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the invention. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is explicitly and implicitly understood by one skilled in the art that the embodiments described herein can be combined with other embodiments.
Developers use the USB tool to issue commands to the device that can query the device for information, control the state of the device, or download new firmware into the device. For example, in the actual production process, a USB communication function is added to the BOOT ROM of the chip, so that the chip can communicate with the BOOT ROM through the USB port to complete the firmware burning operation. In order to improve the security of USB communication, SoC manufacturers generally design a proprietary USB communication protocol to complete the above-mentioned development and debugging operations, and provide a complementary USB tool. However, an attacker can perform packet capture analysis through the USB analyzer, crack the private USB communication protocol, and provide the USB communication protocol to any third party, thereby developing a corresponding USB cracking tool to control the device to accomplish various illegal purposes, such as reading sensitive information stored in the device and downloading malicious codes into the device, which threatens the device and information stored in the device, and greatly destroys the security of the device.
At present, in order to prevent a malicious third party from using a self-developed USB tool to steal information stored in a device and even download a tampered firmware into the device to completely modify the behavior of the device, on one hand, the method in the industry generally performs a corresponding check on a command before the command such as data read/write and program operation is executed, so as to limit the effect of the command. For example, the range in which data can be actually read and written is limited for data read and write commands; and aiming at the program operation command, performing security verification on the program before the program is operated. Obviously, although the method of performing targeted check before command execution can achieve a certain protection effect, the method has many types of commands such as data read/write and program operation, and is difficult to perform thorough check on the commands. On the other hand, the industry generally limits the USB tools, and eliminates the USB tools developed by malicious third parties by verifying the validity of the USB tools. However, the conventional USB tool restriction method needs to introduce an additional verification chip, which increases the hardware cost of the device.
Therefore, the invention provides a USB communication object verification method and a system, which are different from the traditional USB communication object verification method and have the problems of poor flexibility and safety or need to introduce additional hardware; by directly verifying the communication object, the instruction content issued by the communication object does not need to be subjected to targeted limitation, so that the flexibility is improved; the communication object is verified in a mode of generating the random number, encrypting the random number through the communication object and decrypting the random number ciphertext through the equipment end, extra hardware is not needed to be introduced, the cost is reduced, the random numbers generated in each verification process are inconsistent, and the safety of the equipment is further improved.
A USB communication object authentication method and system according to an embodiment of the present invention will be described in detail below with reference to the accompanying drawings, and first, a USB communication object authentication method according to an embodiment of the present invention will be described with reference to the accompanying drawings.
Referring to fig. 1, an embodiment of the present invention provides a USB communication object verification method, where the USB communication object verification method in the embodiment of the present invention may be applied to a terminal, a server, or software running in the terminal or the server. The terminal may be, but is not limited to, a tablet computer, a notebook computer, a desktop computer, and the like. The server may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server providing basic cloud computing services such as a cloud service, a cloud database, cloud computing, a cloud function, cloud storage, a network service, cloud communication, middleware service, a domain name service, a security service, a Content Delivery Network (CDN), a big data and artificial intelligence platform, and the like. The USB communication object verification method in the embodiment of the invention mainly comprises the following steps:
s101, generating a random number and a first instruction according to a first request;
wherein the first request is a connection request sent by the communication object.
Specifically, the communication object sends a connection request to the device, and the device generates authentication information including a random number and a first instruction for authenticating the communication object after receiving the connection request. It can be understood that the random number has the characteristic of randomness, the random number generated in the process of authenticating the communication object every time has randomness, and the communication object is difficult to authenticate by copying and retransmitting the generated communication data, so that the reliability of the authentication of the communication object is improved, and the safety of the device is improved.
S102, after the communication object receives the random number and the first instruction, encrypting the random number according to the first instruction and a first key to generate first data;
in one embodiment of the present invention, the first key is a private key of an RSA encryption algorithm in a legitimate communication object (a communication object associated with a device). It can be understood that if the communication object is a USB tool developed by a third party, the private key cannot be held, and the encrypted ciphertext generated by encrypting the random number is different.
Specifically, after receiving the random number and the first instruction, the communication object encrypts the random number according to the first instruction and a first key to generate an encrypted ciphertext, that is, the first data.
In the embodiment of the present invention, before step S102, the following steps are further included:
(1) acquiring a second request;
(2) and sending the random number and the first instruction to the communication object according to the second request.
Specifically, the communication object sends a second request to the device, and acquires the random number and the first instruction generated by the device.
S103, decrypting the first data through a second key to generate second data;
in combination with step S102, the second secret key is a public key corresponding to a private key in a legitimate communication object (a communication object matching with the device). It is understood that the first data generated by the legitimate communication object (communication object associated with the device) after encrypting the random number by the first key generates the second data under decryption by the second key, and the second data is consistent with the random number generated in step S101.
Specifically, in one embodiment of the present invention, the key pair of the RSA encryption algorithm is either fixed at the time of device production or burned into the device during development.
S104, generating a verification result according to the second data and the random number;
wherein the verification result comprises a first result and a second result.
S104 may be further divided into the following steps S1041-S1043:
step S1041, judging whether the second data is consistent with the random number;
specifically, according to steps S102 to S103, if the communication object is legal (communication object associated with the device), that is, if the communication object holds a private key paired with the second key (public key), the random number is encrypted by the first key at the communication object, and the second data obtained by decrypting the random number by the second key at the device side matches the random number generated in step S101. .
Step S1042, if yes, generating the first result, wherein the first result is that the verification is passed;
specifically, as shown in step S1041, if the second data matches the random number, the communication object passes the authentication.
And step S1043, if not, generating the second result, wherein the second result is that the verification is not passed.
Specifically, according to step S1041, if the second data is not consistent with the random number, the communication object authentication is not passed.
And S105, processing a second instruction according to the verification result.
Wherein the second instruction is a control instruction sent by the communication object.
S105 may be further divided into the following steps S1051-S1052:
step S1051, if the verification result is the first result, executing the second instruction;
specifically, if the communication object passes the verification, the device executes the control instruction sent by the communication object.
Step S1052, if the verification result is the second result, rejecting the second instruction.
Specifically, if the communication object fails to be verified, the device refuses to execute the control instruction sent by the communication object.
In summary, in the USB communication object verification method according to the embodiment of the present invention, the communication object is verified before the control instruction issued by the communication object is processed, so that the security of the device is improved, the information stored in the device is protected, and the behavior of the device is prevented from being tampered; by directly verifying the communication object, the instruction content issued by the communication object does not need to be subjected to targeted limitation, so that the flexibility is improved; the communication object is verified by generating the random number, encrypting the random number through the communication object and decrypting the random number ciphertext through the equipment end, no additional hardware is required to be introduced, the cost is reduced, the random numbers generated in each verification process are inconsistent, and the safety of the equipment is further improved.
Next, a USB communication object authentication system proposed according to an embodiment of the present application is described with reference to the drawings.
Fig. 2 is a schematic structural diagram of a USB communication object authentication system according to an embodiment of the present application.
The system specifically comprises:
a random number generation module 201, configured to generate a random number and a first instruction according to the first request;
a decryption module 202, configured to decrypt the first data through a second key to generate second data;
the verification module 203 is configured to generate a verification result according to the second data and the random number;
and the instruction processing module 204 is configured to process the second instruction according to the verification result.
As an optional implementation manner, the USB communication object authentication system further includes:
the acquisition module is used for acquiring a second request;
and the sending module is used for sending the random number and the first instruction to the communication object according to the second request.
As an optional implementation, the verification result includes a first result and a second result;
the authentication module includes:
the judging module is used for judging whether the second data is consistent with the random number or not;
the verification result generation module is used for generating the first result if the first result is positive; and if not, generating the second result.
As an optional implementation, the instruction processing module includes:
the instruction execution module is used for executing the second instruction if the verification result is the first result;
and the instruction rejection module is used for rejecting the second instruction if the verification result is a second result.
It can be seen that the contents in the foregoing method embodiments are all applicable to this system embodiment, the functions specifically implemented by this system embodiment are the same as those in the foregoing method embodiment, and the advantageous effects achieved by this system embodiment are also the same as those achieved by the foregoing method embodiment.
Referring to fig. 3, an embodiment of the present application provides a USB communication object authentication apparatus, including:
at least one processor 301;
at least one memory 302 for storing at least one program;
when executed by the at least one processor 301, the at least one program causes the at least one processor 301 to implement the method for USB communication object authentication.
Similarly, the contents of the method embodiments are all applicable to the apparatus embodiments, the functions specifically implemented by the apparatus embodiments are the same as the method embodiments, and the beneficial effects achieved by the apparatus embodiments are also the same as the beneficial effects achieved by the method embodiments.
In alternative embodiments, the functions/acts noted in the block diagrams may occur out of the order noted in the operational illustrations. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality/acts involved. Furthermore, the embodiments presented and described in the flowcharts of the present application are provided by way of example in order to provide a more thorough understanding of the technology. The disclosed methods are not limited to the operations and logic flows presented herein. Alternative embodiments are contemplated in which the order of various operations is changed and in which sub-operations described as part of larger operations are performed independently.
Furthermore, although the present application is described in the context of functional modules, it should be understood that, unless otherwise stated to the contrary, one or more of the functions and/or features may be integrated in a single physical device and/or software module, or one or more functions and/or features may be implemented in separate physical devices or software modules. It will also be appreciated that a detailed discussion regarding the actual implementation of each module is not necessary for an understanding of the present application. Rather, the actual implementation of the various functional modules in the apparatus disclosed herein will be understood within the ordinary skill of an engineer, given the nature, function, and internal relationship of the modules. Accordingly, those skilled in the art can, using ordinary skill, practice the present application as set forth in the claims without undue experimentation. It is also to be understood that the specific concepts disclosed are merely illustrative of and not intended to limit the scope of the application, which is defined by the appended claims and their full scope of equivalents.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium, which includes programs for enabling a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The logic and/or steps represented in the flowcharts or otherwise described herein, such as an ordered listing of executable programs that can be considered for implementing logical functions, can be embodied in any computer-readable medium for use by or in connection with a program execution system, apparatus, or device, such as a computer-based system, processor-containing system, or other system that can fetch the programs from the program execution system, apparatus, or device and execute the programs. For the purposes of this description, a "computer-readable medium" can be any means that can contain, store, communicate, propagate, or transport the program for use by or in connection with the program execution system, apparatus, or device.
More specific examples (a non-exhaustive list) of the computer-readable medium would include the following: an electrical connection (electronic device) having one or more wires, a portable computer diskette (magnetic device), a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber device, and a portable compact disc read-only memory (CDROM). Additionally, the computer-readable medium could even be paper or another suitable medium upon which the program is printed, as the program can be electronically captured, via for instance optical scanning of the paper or other medium, then compiled, interpreted or otherwise processed in a suitable manner if necessary, and then stored in a computer memory.
It should be understood that portions of the present application may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in memory and executed by a suitable program execution system. For example, if implemented in hardware, as in another embodiment, any one or combination of the following techniques, which are known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.
In the foregoing description of the specification, reference to the description of "one embodiment/example," "another embodiment/example," or "certain embodiments/examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the application. In this specification, schematic representations of the above terms do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
While embodiments of the present application have been shown and described, it will be understood by those of ordinary skill in the art that: numerous changes, modifications, substitutions and alterations can be made to the embodiments without departing from the principles and spirit of the application, the scope of which is defined by the claims and their equivalents.
While the present application has been described with reference to the preferred embodiments, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.

Claims (10)

1.一种USB通信对象验证方法,其特征在于,包括以下步骤:1. a USB communication object verification method, is characterized in that, comprises the following steps: 根据第一请求生成随机数和第一指令,所述第一请求为所述通信对象发送的连接请求;Generate a random number and a first instruction according to a first request, where the first request is a connection request sent by the communication object; 所述通信对象接收到所述随机数和所述第一指令后,根据所述第一指令和第一密钥对所述随机数进行加密,生成第一数据;After receiving the random number and the first instruction, the communication object encrypts the random number according to the first instruction and the first key to generate first data; 通过第二密钥对所述第一数据进行解密,生成第二数据;Decrypt the first data by using the second key to generate second data; 根据所述第二数据和所述随机数生成验证结果;generating a verification result according to the second data and the random number; 根据所述验证结果处理第二指令,所述第二指令为所述通信对象发送的控制指令。Process a second instruction according to the verification result, where the second instruction is a control instruction sent by the communication object. 2.根据权利要求1所述的一种USB通信对象验证方法,其特征在于,在所述根据所述第一指令对所述随机数进行加密,生成第一数据步骤之前,还包括:2. The method for verifying a USB communication object according to claim 1, wherein before the step of encrypting the random number according to the first instruction and generating the first data, the method further comprises: 获取第二请求;Get the second request; 根据所述第二请求将所述随机数和所述第一指令发送至所述通信对象。The random number and the first instruction are sent to the communication object according to the second request. 3.根据权利要求1所述的一种USB通信对象验证方法,其特征在于,所述验证结果包括第一结果和第二结果;3. a kind of USB communication object verification method according to claim 1, is characterized in that, described verification result comprises first result and second result; 所述根据所述第二数据和所述随机数生成验证结果,包括:The generating a verification result according to the second data and the random number includes: 判断所述第二数据与所述随机数是否一致;judging whether the second data is consistent with the random number; 若是,则生成所述第一结果,所述第一结果为验证通过;If so, generate the first result, and the first result is that the verification is passed; 若否,则生成所述第二结果,所述第二结果为验证不通过。If not, the second result is generated, and the second result is that the verification fails. 4.根据权利要求3所述的一种USB通信对象验证方法,其特征在于,所述根据所述验证结果处理第二指令,包括:4. The method for verifying a USB communication object according to claim 3, wherein the processing of the second instruction according to the verification result comprises: 若所述验证结果为第一结果,则执行所述第二指令;If the verification result is the first result, execute the second instruction; 若所述验证结果为第二结果,则拒绝所述第二指令。If the verification result is the second result, the second instruction is rejected. 5.一种USB通信对象验证系统,其特征在于,包括:5. a USB communication object verification system, is characterized in that, comprises: 随机数生成模块,用于根据第一请求生成随机数和第一指令;a random number generation module, configured to generate a random number and a first instruction according to the first request; 解密模块,用于通过第二密钥对所述第一数据进行解密,生成第二数据;a decryption module, configured to decrypt the first data with the second key to generate the second data; 验证模块,用于根据所述第二数据和所述随机数生成验证结果;a verification module, configured to generate a verification result according to the second data and the random number; 指令处理模块,用于根据所述验证结果处理第二指令。An instruction processing module, configured to process the second instruction according to the verification result. 6.根据权利要求5所述的一种USB通信对象验证系统,其特征在于,还包括:6. a kind of USB communication object verification system according to claim 5, is characterized in that, also comprises: 获取模块,用于获取第二请求;an acquisition module for acquiring the second request; 发送模块,用于根据所述第二请求将所述随机数和所述第一指令发送至所述通信对象。A sending module, configured to send the random number and the first instruction to the communication object according to the second request. 7.根据权利要求5所述的一种USB通信对象验证方法,其特征在于,所述验证结果包括第一结果和第二结果;7. A kind of USB communication object verification method according to claim 5, is characterized in that, described verification result comprises first result and second result; 所述验证模块包括:The verification module includes: 判断模块,用于判断所述第二数据与所述随机数是否一致;a judgment module for judging whether the second data is consistent with the random number; 验证结果生成模块,用于若是,则生成所述第一结果;用于若否,则生成所述第二结果。The verification result generating module is used for generating the first result if yes, and generating the second result if not. 8.根据权利要求7所述的一种USB通信对象验证方法,其特征在于,所述指令处理模块包括:8. a kind of USB communication object verification method according to claim 7, is characterized in that, described instruction processing module comprises: 指令执行模块,用于若所述验证结果为第一结果,则执行所述第二指令;an instruction execution module, configured to execute the second instruction if the verification result is the first result; 指令拒绝模块,用于若所述验证结果为第二结果,则拒绝所述第二指令。An instruction rejection module, configured to reject the second instruction if the verification result is the second result. 9.一种USB通信对象验证装置,其特征在于,包括:9. A USB communication object verification device, characterized in that, comprising: 至少一个处理器;at least one processor; 至少一个存储器,用于存储至少一个程序;at least one memory for storing at least one program; 当所述至少一个程序被所述至少一个处理器执行,使得所述至少一个处理器实现如权利要求1-4中任一项所述的一种USB通信对象验证方法。When the at least one program is executed by the at least one processor, the at least one processor implements a USB communication object verification method according to any one of claims 1-4. 10.一种存储介质,其中存储有处理器可执行的程序,其特征在于:所述处理器可执行的程序在由处理器执行时用于实现如权利要求1-4中任一项所述的一种USB通信对象验证方法。10. A storage medium, wherein a program executable by a processor is stored, wherein the program executable by the processor is used to implement the program according to any one of claims 1-4 when executed by the processor A USB communication object verification method.
CN202210408071.XA 2022-04-19 2022-04-19 USB communication object verification method, system, device and storage medium Pending CN114817956A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210408071.XA CN114817956A (en) 2022-04-19 2022-04-19 USB communication object verification method, system, device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210408071.XA CN114817956A (en) 2022-04-19 2022-04-19 USB communication object verification method, system, device and storage medium

Publications (1)

Publication Number Publication Date
CN114817956A true CN114817956A (en) 2022-07-29

Family

ID=82505308

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210408071.XA Pending CN114817956A (en) 2022-04-19 2022-04-19 USB communication object verification method, system, device and storage medium

Country Status (1)

Country Link
CN (1) CN114817956A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115544578A (en) * 2022-11-24 2022-12-30 苏州浪潮智能科技有限公司 Solid state hard disk reading and writing method, device, electronic equipment and readable storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018076365A1 (en) * 2016-10-31 2018-05-03 美的智慧家居科技有限公司 Key negotiation method and device
CN109600223A (en) * 2017-09-30 2019-04-09 腾讯科技(深圳)有限公司 Verification method, Activiation method, device, equipment and storage medium
CN111767532A (en) * 2020-06-12 2020-10-13 上海橙群微电子有限公司 Programmer authentication method and authentication system
CN112153038A (en) * 2020-09-18 2020-12-29 山东英信计算机技术有限公司 A method, device, verification terminal and readable storage medium for secure login
CN114124378A (en) * 2021-11-26 2022-03-01 北京神经元网络技术有限公司 AUTBUS bus-based communication method, system, device and medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018076365A1 (en) * 2016-10-31 2018-05-03 美的智慧家居科技有限公司 Key negotiation method and device
CN109600223A (en) * 2017-09-30 2019-04-09 腾讯科技(深圳)有限公司 Verification method, Activiation method, device, equipment and storage medium
CN111767532A (en) * 2020-06-12 2020-10-13 上海橙群微电子有限公司 Programmer authentication method and authentication system
CN112153038A (en) * 2020-09-18 2020-12-29 山东英信计算机技术有限公司 A method, device, verification terminal and readable storage medium for secure login
CN114124378A (en) * 2021-11-26 2022-03-01 北京神经元网络技术有限公司 AUTBUS bus-based communication method, system, device and medium

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115544578A (en) * 2022-11-24 2022-12-30 苏州浪潮智能科技有限公司 Solid state hard disk reading and writing method, device, electronic equipment and readable storage medium

Similar Documents

Publication Publication Date Title
CN112514321B (en) Shared secret establishment
CN102426640B (en) For the fail-safe software product identifiers of Product Validation and activation
CN101588245B (en) Method of identity authentication, system and memory device thereof
TWI776404B (en) Method of authenticating biological payment device, apparatus, electronic device, and computer-readable medium
CN105260663A (en) Secure storage service system and method based on TrustZone technology
CN101174295A (en) A method and system for offline DRM authentication
CN101112035A (en) File encryption/decryption method, device, program, and computer-readable recording medium storing the program
US20050235150A1 (en) Bi-directionally verifying measurable aspects associated with modules, pre-computing solutions to configuration challenges, and using configuration challenges along with other authentication mechanisms
JP6387908B2 (en) Authentication system
KR20100133373A (en) Simple, non-free peering environment watermarking, authentication and binding
CN113918967B (en) Data transmission method, system, computer equipment, and medium based on security verification
KR100561497B1 (en) Software Security Certification Path
CN113434853A (en) Method for burning firmware to storage device and controller
CN106295257A (en) A kind of authentication method being reinforced software and device
CN114553557B (en) Key calling method, device, computer equipment and storage medium
CN116933293A (en) Multi-platform-oriented multi-encryption software authentication protection method and device
CN112559979A (en) Method for protecting software library authorized use on POS machine through hardware security chip
CN114817956A (en) USB communication object verification method, system, device and storage medium
CN115357948A (en) Hardware anti-copying encryption method and device based on TEE and encryption chip
CN1863038A (en) Method of implementing control and management of applied program in terminal apparatus
CN114331648A (en) Bid file processing method, device, equipment and storage medium
CN114329522A (en) Private key protection method, device, system and storage medium
CN102542698B (en) Safety protective method of electric power mobile payment terminal
CN114938299B (en) Device authorization method and device based on application service interface
CN117892268A (en) A distributed watermark embedding software protection method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20220729