[go: up one dir, main page]

CN118228210A - Software security authentication method, device and storage medium - Google Patents

Software security authentication method, device and storage medium Download PDF

Info

Publication number
CN118228210A
CN118228210A CN202410361555.2A CN202410361555A CN118228210A CN 118228210 A CN118228210 A CN 118228210A CN 202410361555 A CN202410361555 A CN 202410361555A CN 118228210 A CN118228210 A CN 118228210A
Authority
CN
China
Prior art keywords
software
certificate
ciphertext
verified
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202410361555.2A
Other languages
Chinese (zh)
Other versions
CN118228210B (en
Inventor
宋昆鸿
唐盛
李能
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Livefan Information Technology Co ltd
Original Assignee
Livefan Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Livefan Information Technology Co ltd filed Critical Livefan Information Technology Co ltd
Priority to CN202410361555.2A priority Critical patent/CN118228210B/en
Publication of CN118228210A publication Critical patent/CN118228210A/en
Application granted granted Critical
Publication of CN118228210B publication Critical patent/CN118228210B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • G06F21/123Restricting unauthorised execution of programs by using dedicated hardware, e.g. dongles, smart cards, cryptographic processors, global positioning systems [GPS] devices
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Radar, Positioning & Navigation (AREA)
  • Remote Sensing (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to the field of data processing, and discloses a software security authentication method, equipment and a storage medium. The method comprises the following steps: generating a signature certificate when receiving a software registration request; encoding the signed certificate into a certificate string; performing character exchange operation on the certificate character string to obtain ciphertext; backing up the ciphertext to a preset certificate database, and executing file transferring operation on the ciphertext to obtain a certificate file; executing file encryption operation to obtain an encrypted file; sending the software installation request to a developer terminal, and detecting whether a software installation request is received; when receiving a software installation request, reading an encrypted file to be verified; executing a restoring operation on the encrypted file to be verified to obtain a ciphertext to be verified; performing certificate verification operation on the ciphertext to be verified according to the certificate database to obtain a verification result; and responding to the software installation request according to the verification result. In the embodiment of the invention, when the software is installed, the security risks of privacy disclosure and illegal software installation of a developer are reduced.

Description

软件的安全认证方法、设备及存储介质Software security authentication method, device and storage medium

技术领域Technical Field

本发明涉及数据处理领域,尤其涉及一种软件的安全认证方法、设备及存储介质。The present invention relates to the field of data processing, and in particular to a software security authentication method, device and storage medium.

背景技术Background technique

随着各种各样的软件涌现出来,很难分辨出哪些是优质软件,哪些是流氓软件,流氓软件可能会窃取设备中的信息,或者远程控制设备,造成信息安全问题。With the emergence of various software, it is difficult to distinguish which are high-quality software and which are rogue software. Rogue software may steal information from the device or remotely control the device, causing information security problems.

目前采用可信系统识别软件,可信系统主要功能是在系统中增加软件认证功能,让可信系统只能接受可信软件的使用,达到保护设备和信息的目的,但可信系统依赖于信任链(trust chain)和数字证书颁发机构(Certificate Authority)来验证证书,如果开发者的终端被攻击者入侵,证书可能被窃取,导致私钥泄露,从而使得攻击者能够伪装成合法用户进行恶意操作。可见,软件安装时,仍然存在较大的安全风险,需要一种新的技术来解决当前问题。At present, trusted systems are used to identify software. The main function of the trusted system is to add software authentication functions to the system so that the trusted system can only accept the use of trusted software to achieve the purpose of protecting equipment and information. However, the trusted system relies on the trust chain and the digital certificate authority to verify the certificate. If the developer's terminal is hacked by an attacker, the certificate may be stolen, resulting in the leakage of the private key, so that the attacker can pretend to be a legitimate user to perform malicious operations. It can be seen that there are still great security risks when installing software, and a new technology is needed to solve the current problem.

发明内容Summary of the invention

本发明的主要目的在于解决软件安装时,存在较大的风险的技术问题。The main purpose of the present invention is to solve the technical problem of relatively large risks when installing software.

本发明第一方面提供了一种软件的安全认证方法,所述软件的安全认证方法包括:A first aspect of the present invention provides a software security authentication method, the software security authentication method comprising:

接收到软件注册请求时,根据所述软件注册请求携带的软件注册信息,执行证书生成操作,得到签名证书;When receiving a software registration request, executing a certificate generation operation according to the software registration information carried in the software registration request to obtain a signed certificate;

将所述签名证书编码为证书字符串;Encode the signature certificate into a certificate string;

以2个字符长度为互换单位,对所述证书字符串执行字符互换操作,得到密文,其中,所述证书字符串的字符数量为单数时,最后一个字符不参与互换;Taking the length of two characters as the swapping unit, performing a character swapping operation on the certificate character string to obtain a ciphertext, wherein when the number of characters in the certificate character string is odd, the last character does not participate in the swapping;

将所述密文备份至预设的证书数据库,并对所述密文执行转文件操作,得到证书文件;Backing up the ciphertext to a preset certificate database, and performing a file conversion operation on the ciphertext to obtain a certificate file;

对所述证书文件执行文件加密操作,得到加密文件;Performing a file encryption operation on the certificate file to obtain an encrypted file;

将所述加密文件发送至开发者终端,并检测是否接收到软件安装请求;Sending the encrypted file to the developer terminal and detecting whether a software installation request is received;

接收到软件安装请求时,读取所述软件安装请求携带的待验证加密文件;When receiving a software installation request, reading the encrypted file to be verified carried in the software installation request;

对所述待验证加密文件,执行还原操作,得到待验证密文;Performing a restoration operation on the encrypted file to be verified to obtain the ciphertext to be verified;

根据所述证书数据库,对所述待验证密文执行证书验证操作,得到验证结果;According to the certificate database, performing a certificate verification operation on the ciphertext to be verified to obtain a verification result;

根据所述验证结果响应所述软件安装请求。The software installation request is responded to according to the verification result.

可选的,在本发明第一方面的第一种实现方式中,所述根据所述证书数据库,对所述待验证密文执行证书验证操作,得到验证结果的步骤包括:Optionally, in a first implementation manner of the first aspect of the present invention, the step of performing a certificate verification operation on the ciphertext to be verified according to the certificate database to obtain a verification result includes:

在所述证书数据库中,对所述待验证密文执行匹配操作,以判断是否存在所述待验证密文对应的目标密文;In the certificate database, performing a matching operation on the ciphertext to be verified to determine whether there is a target ciphertext corresponding to the ciphertext to be verified;

若所述证书数据库中存在所述目标密文,将软件可信作为验证结果;If the target ciphertext exists in the certificate database, taking the software as credible as the verification result;

若所述证书数据库中不存在所述目标密文,将软件不可信作为验证结果。If the target ciphertext does not exist in the certificate database, the software is regarded as untrustworthy as a verification result.

可选的,在本发明第一方面的第二种实现方式中,所述对所述待验证加密文件,执行还原操作,得到待验证密文的步骤包括:Optionally, in a second implementation of the first aspect of the present invention, the step of performing a restoration operation on the encrypted file to be verified to obtain the ciphertext to be verified includes:

根据预设密码对所述待验证加密文件执行解密操作,得到待验证证书文件;Perform a decryption operation on the encrypted file to be verified according to a preset password to obtain a certificate file to be verified;

提取所述待验证证书文件中预设文本文档记录的字符串,得到待验证密文。The character string recorded in the preset text document in the certificate file to be verified is extracted to obtain the ciphertext to be verified.

可选的,在本发明第一方面的第三种实现方式中,所述根据所述验证结果响应所述软件安装请求的步骤包括:Optionally, in a third implementation of the first aspect of the present invention, the step of responding to the software installation request according to the verification result includes:

当所述验证结果为软件可信时,输出允许安装的提示信息,以响应所述软件安装请求;When the verification result shows that the software is credible, outputting a prompt message allowing installation to respond to the software installation request;

当所述验证结果为软件不可信时,输出预警提示信息,以响应所述软件安装请求。When the verification result shows that the software is untrustworthy, a warning prompt message is output to respond to the software installation request.

可选的,在本发明第一方面的第四种实现方式中,所述根据所述软件注册信息,执行证书生成操作,得到签名证书的步骤之前,所述方法还包括:Optionally, in a fourth implementation of the first aspect of the present invention, before the step of performing a certificate generation operation according to the software registration information to obtain a signature certificate, the method further includes:

检测所述软件注册信息的内部传输状态;Detecting the internal transmission status of the software registration information;

当所述内部传输状态为正在传输中,对软件注册信息执行字符加密操作,得到软件注册信息密文;When the internal transmission state is transmitting, performing a character encryption operation on the software registration information to obtain a ciphertext of the software registration information;

当所述内部传输状态为非传输状态,且软件注册信息被加密为所述软件注册信息密文时,对所述软件注册信息执行字符解密操作。When the internal transmission state is a non-transmission state and the software registration information is encrypted into the software registration information ciphertext, a character decryption operation is performed on the software registration information.

可选的,在本发明第一方面的第五种实现方式中,所述对所述软件注册信息执行字符加密操作的步骤包括:Optionally, in a fifth implementation of the first aspect of the present invention, the step of performing a character encryption operation on the software registration information includes:

将所述软件注册信息编码为信息字符串;Encoding the software registration information into an information string;

将所述信息字符串分割为预设长度的多个子信息字符串,其中,最后一组子信息字符串的字符长度小于所述预设长度时,将最后一组子信息字符串单独分为一组;Dividing the information string into a plurality of sub-information strings of a preset length, wherein when the character length of the last group of sub-information strings is less than the preset length, the last group of sub-information strings is divided into a separate group;

将多个子信息字符串中相邻两组之间的首尾字符交叉互换,得到多个目标子信息字符串,其中,所述子信息字符串的数量为奇数时,最后一组子信息字符串不参与字符互换,所述子信息字符串的数量为偶数且最后一组子信息字符串的字符小于所述预设长度时,最后两组子信息字符串不参与字符互换;Cross-exchange the first and last characters between two adjacent groups of the multiple sub-information character strings to obtain multiple target sub-information character strings, wherein when the number of the sub-information character strings is an odd number, the last group of sub-information character strings does not participate in the character exchange, and when the number of the sub-information character strings is an even number and the characters of the last group of sub-information character strings are less than the preset length, the last two groups of sub-information character strings do not participate in the character exchange;

将多个目标子信息字符串重组,得到软件注册信息密文。Recombine multiple target sub-information character strings to obtain the software registration information ciphertext.

可选的,在本发明第一方面的第六种实现方式中,所述对所述证书文件执行文件加密操作,得到加密文件的步骤包括:Optionally, in a sixth implementation manner of the first aspect of the present invention, the step of performing a file encryption operation on the certificate file to obtain an encrypted file includes:

生成预设位数的随机数;Generate a random number with a preset number of digits;

将所述随机数作为预设密码,对所述证书文件执行文件加密操作,得到加密文件。The random number is used as a preset password, and a file encryption operation is performed on the certificate file to obtain an encrypted file.

可选的,所述将所述加密文件发送至开发者终端,并检测是否接收到软件安装请求的步骤之后,所述方法还包括:Optionally, after the step of sending the encrypted file to the developer terminal and detecting whether a software installation request is received, the method further includes:

检测是否接收到授权终端发起的证书获取请求;Detect whether a certificate acquisition request initiated by an authorized terminal is received;

若检测到所述证书获取请求时,根据所述证书获取请求携带的软件唯一标识符,在所述证书数据库中查询出所述软件唯一标识符对应的待解密密文;If the certificate acquisition request is detected, query the certificate database for the ciphertext to be decrypted corresponding to the software unique identifier carried in the certificate acquisition request;

根据预设的解密算法,将所述待解密密文还原为待输出签名证书;According to a preset decryption algorithm, the ciphertext to be decrypted is restored to a signature certificate to be output;

将所述待输出签名证书发送至所述授权终端,以响应所述证书获取请求。The to-be-output signed certificate is sent to the authorized terminal in response to the certificate acquisition request.

本发明第二方面提供了一种软件的安全认证设备,包括:存储器和至少一个处理器,所述存储器中存储有指令,所述存储器和所述至少一个处理器通过线路互连;所述至少一个处理器调用所述存储器中的所述指令,以使得所述软件的安全认证设备执行上述的软件的安全认证方法。A second aspect of the present invention provides a software security authentication device, comprising: a memory and at least one processor, wherein instructions are stored in the memory, and the memory and the at least one processor are interconnected via lines; the at least one processor calls the instructions in the memory so that the software security authentication device executes the above-mentioned software security authentication method.

本发明的第三方面提供了一种计算机可读存储介质,所述计算机可读存储介质中存储有指令,当其在计算机上运行时,使得计算机执行上述的软件的安全认证方法。A third aspect of the present invention provides a computer-readable storage medium, wherein the computer-readable storage medium stores instructions, which, when executed on a computer, enable the computer to execute the above-mentioned software security authentication method.

在本发明实施例中,软件的安全认证设备通过证书生成、编码、加密等操作,可有效防止签名证书被篡改,提升了软件的整体安全性。采用加密文件发送和验证操作,可有效阻止未经授权的软件安装请求,降低软件被非法传播,保护了软件开发者的合法权益。通过对待验证密文进行证书验证操作,可准确判断证书的有效性,确保软件安装过程中所使用的证书合法可信,进一步提高了软件安装的安全性。在实际应用中,即使加密文件被窃取,窃取者也无法还原出签名证书,因此,还提高了用户隐私的数据安全,本方法进行软件安装时,降低了开发者隐私泄露和非法软件安装的安全风险。In an embodiment of the present invention, the software security authentication device can effectively prevent the signature certificate from being tampered with through operations such as certificate generation, encoding, and encryption, thereby improving the overall security of the software. The use of encrypted file sending and verification operations can effectively prevent unauthorized software installation requests, reduce the illegal dissemination of software, and protect the legitimate rights and interests of software developers. By performing certificate verification operations on the ciphertext to be verified, the validity of the certificate can be accurately judged to ensure that the certificate used in the software installation process is legal and credible, further improving the security of software installation. In actual applications, even if the encrypted file is stolen, the thief cannot restore the signature certificate. Therefore, the data security of user privacy is also improved. When the method is used to install software, the security risks of developer privacy leakage and illegal software installation are reduced.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

图1为本发明实施例中软件的安全认证方法的一个实施例示意图;FIG1 is a schematic diagram of an embodiment of a software security authentication method according to an embodiment of the present invention;

图2为本发明实施例中软件的安全认证方法的105步骤的一个具体实施例示意图;FIG2 is a schematic diagram of a specific embodiment of step 105 of the software security authentication method in an embodiment of the present invention;

图3为本发明实施例中软件的安全认证方法的110步骤之后的一个具体实施例示意图;FIG3 is a schematic diagram of a specific embodiment of the software security authentication method after step 110 in an embodiment of the present invention;

图4为本发明实施例中软件的安全认证方法的114步骤的一个具体实施例示意图;FIG4 is a schematic diagram of a specific embodiment of step 114 of the software security authentication method in an embodiment of the present invention;

图5为本发明实施例中软件的安全认证设备的一个实施例示意图。FIG. 5 is a schematic diagram of an embodiment of a software security authentication device in an embodiment of the present invention.

具体实施方式Detailed ways

本发明实施例提供了一种软件的安全认证方法、设备及存储介质。The embodiments of the present invention provide a software security authentication method, device and storage medium.

下面将参照附图更详细地描述本发明公开的实施例。虽然附图中显示了本发明公开的某些实施例,然而应当理解的是,本发明公开可以通过各种形式来实现,而且不应该被解释为限于这里阐述的实施例,相反提供这些实施例是为了更加透彻和完整地理解本公开。应当理解的是,本发明公开的附图及实施例仅用于示例性作用,并非用于限制本发明公开的保护范围。The embodiments disclosed in the present invention will be described in more detail below with reference to the accompanying drawings. Although certain embodiments disclosed in the present invention are shown in the accompanying drawings, it should be understood that the present invention can be implemented in various forms and should not be construed as being limited to the embodiments described herein, which are instead provided for a more thorough and complete understanding of the present invention. It should be understood that the drawings and embodiments disclosed in the present invention are only for exemplary purposes and are not intended to limit the scope of protection disclosed in the present invention.

在本发明公开的实施例的描述中,术语“包括”及其类似用语应当理解为开放性包含,即“包括但不限于”。术语“基于”应当理解为“至少部分地基于”。术语“一个实施例”或“该实施例”应当理解为“至少一个实施例”。术语“第一”、“第二”等等可以指代不同的或相同的对象。下文还可能包括其他明确的和隐含的定义。In the description of the embodiments disclosed in the present invention, the term "including" and similar terms should be understood as open inclusion, that is, "including but not limited to". The term "based on" should be understood as "based at least in part on". The term "one embodiment" or "the embodiment" should be understood as "at least one embodiment". The terms "first", "second", etc. may refer to different or the same objects. Other explicit and implicit definitions may also be included below.

为便于理解,下面对本发明实施例的具体流程进行描述,请参阅图1,本发明实施例中软件的安全认证方法的一个实施例包括:For ease of understanding, the specific process of the embodiment of the present invention is described below. Please refer to FIG. 1. An embodiment of the software security authentication method in the embodiment of the present invention includes:

101、接收到软件注册请求时,根据所述软件注册请求携带的软件注册信息,执行证书生成操作,得到签名证书;101. When receiving a software registration request, perform a certificate generation operation according to the software registration information carried in the software registration request to obtain a signed certificate;

具体的,软件注册信息包括软件信息以及开发者信息,可信系统会获取软件注册信息中的软件信息和开发者信息,然后根据这些信息生成唯一的签名证书。Specifically, the software registration information includes software information and developer information. The trusted system will obtain the software information and developer information in the software registration information, and then generate a unique signature certificate based on this information.

可选的,软件信息包括但不限于:Optional, software information includes but is not limited to:

软件名称:即要签名的软件的名称。Software Name: The name of the software to be signed.

版本号:软件的版本号,用于标识不同版本之间的差异。Version number: The version number of the software, used to identify the differences between different versions.

发行者:指软件的开发者、发布者或公司名称。Publisher: refers to the developer, publisher or company name of the software.

发布日期:软件发布的日期。Release Date: The date the software was released.

数字指纹:用于验证软件完整性的唯一标识符。Digital fingerprint: A unique identifier used to verify the integrity of software.

可选的,开发者信息包括但不限于:Optional, developer information includes but is not limited to:

公司名称:开发者所属公司的名称。Company Name: The name of the company to which the developer belongs.

部门:开发者所在部门的名称。Department: The name of the department to which the developer belongs.

国家/地区:开发者所在国家或地区的信息。Country/Region: Information about the country or region where the developer is located.

城市:开发者所在城市的信息。City: Information about the city where the developer is located.

联系方式:开发者的联系电话、邮箱等联系方式。Contact information: developer’s phone number, email address, and other contact information.

其他证书信息:如证书有效期限等信息。Other certificate information: such as certificate validity period.

102、将所述签名证书编码为证书字符串;102. Encode the signature certificate into a certificate string;

具体的,将签名证书进行统一Base64处理,得到证书字符串。其中,Base64 是一种用于将二进制数据转换为文本数据的编码方式。在 Base64 编码中,原始的数据经过编码处理后会变成由 A-Z、a-z、0-9、+、/ 这些字符组成的文本字符串。在网络传输中,有些传输协议或系统只支持文本数据的传输,无法直接传输二进制数据,因此需要将二进制数据转换为文本数据进行传输,这时就可以使用 Base64 编码。虽然 Base64 编码并不是加密算法,但由于其将原始数据进行了混淆,使得原始数据不易被直接识别,因此有时也被用于简单的数据“隐藏”目的。Specifically, the signed certificate is processed uniformly with Base64 to obtain a certificate string. Base64 is an encoding method for converting binary data into text data. In Base64 encoding, the original data is encoded and processed into a text string consisting of characters such as A-Z, a-z, 0-9, +, and /. In network transmission, some transmission protocols or systems only support the transmission of text data and cannot directly transmit binary data. Therefore, it is necessary to convert binary data into text data for transmission. In this case, Base64 encoding can be used. Although Base64 encoding is not an encryption algorithm, it confuses the original data, making it difficult to directly identify the original data, so it is sometimes used for simple data "hiding" purposes.

103、以2个字符长度为互换单位,对所述证书字符串执行字符互换操作,得到密文,其中,所述证书字符串的字符数量为单数时,最后一个字符不参与互换;103. Perform a character swap operation on the certificate character string with a length of 2 characters as a swap unit to obtain a ciphertext, wherein when the number of characters in the certificate character string is odd, the last character does not participate in the swap;

具体的,假设证书字符串为“QUFCQkNDREQ=”,将第一位和第二位互换位置,第三位和第四位互换位置,依此类推,得到字符串为:“UQCFkQDNER=Q”。即密文。Specifically, assuming that the certificate string is "QUFCQkNDREQ=", swap the first and second digits, the third and fourth digits, and so on, to obtain the string: "UQCFkQDNER=Q", which is the ciphertext.

104、将所述密文备份至预设的证书数据库,并对所述密文执行转文件操作,得到证书文件;104. Backing up the ciphertext to a preset certificate database, and performing a file conversion operation on the ciphertext to obtain a certificate file;

具体的,证书数据库用于对后续软件安装进行证书认证。Specifically, the certificate database is used to perform certificate authentication for subsequent software installations.

105、对所述证书文件执行文件加密操作,得到加密文件;105. Perform a file encryption operation on the certificate file to obtain an encrypted file;

具体的,对密文进行转文件操作,并且对得到文件设置密码(新建文本,将字符串放进文本,并设置文本为加密文本),得到加密文件。Specifically, the ciphertext is converted to a file, and a password is set for the obtained file (a new text is created, a string is put into the text, and the text is set as encrypted text) to obtain the encrypted file.

具体的,参照图2,图2为本发明实施例中软件的安全认证方法的105步骤的一个具体实施例示意图,105步骤包括以下具体实施方式:Specifically, referring to FIG. 2 , FIG. 2 is a schematic diagram of a specific embodiment of step 105 of the software security authentication method in an embodiment of the present invention, and step 105 includes the following specific implementation methods:

1051、生成预设位数的随机数;1051. Generate a random number with a preset number of digits;

1052、将所述随机数作为预设密码,对所述证书文件执行文件加密操作,得到加密文件。1052. Use the random number as a preset password and perform a file encryption operation on the certificate file to obtain an encrypted file.

在步骤1051-1052中,加密后的证书文件在传输过程中即使遭受攻击也不会泄漏明文信息,提高了传输过程的安全性。In steps 1051-1052, the encrypted certificate file will not leak plain text information even if it is attacked during the transmission process, thereby improving the security of the transmission process.

106、将所述加密文件发送至开发者终端,并检测是否接收到软件安装请求;106. Send the encrypted file to the developer terminal, and detect whether a software installation request is received;

具体的,开发者可基于加密文件还原出签名证书,以对待安装软件进行签名。Specifically, the developer can restore the signature certificate based on the encrypted file to sign the software to be installed.

107、接收到软件安装请求时,读取所述软件安装请求携带的待验证加密文件;107. When receiving a software installation request, reading the encrypted file to be verified carried in the software installation request;

具体的,接收到软件安装请求时,读取所述软件安装请求携带的待验证加密文件。Specifically, when a software installation request is received, the encrypted file to be verified carried in the software installation request is read.

108、对所述待验证加密文件,执行还原操作,得到待验证密文;108. Perform a restoration operation on the encrypted file to be verified to obtain the ciphertext to be verified;

具体的,对待验证加密文件进行解密,得到待验证密文。Specifically, the encrypted file to be verified is decrypted to obtain the ciphertext to be verified.

具体的,108步骤包括以下具体实施方式:Specifically, step 108 includes the following specific implementation methods:

1081、根据预设密码对所述待验证加密文件执行解密操作,得到待验证证书文件;1081. Perform a decryption operation on the encrypted file to be verified according to a preset password to obtain a certificate file to be verified;

1082、提取所述待验证证书文件中预设文本文档记录的字符串,得到待验证密文。1082. Extract the character string recorded in the preset text document in the certificate file to be verified to obtain the ciphertext to be verified.

在步骤1081-1082中,从待验证证书文件中提取字符串作为待验证密文,以用于后续的验证过程,比如与证书数据库中的目标密文进行匹配,以判断软件的可信性。In steps 1081-1082, a character string is extracted from the certificate file to be verified as the ciphertext to be verified for use in a subsequent verification process, such as matching with the target ciphertext in the certificate database to determine the credibility of the software.

109、根据所述证书数据库,对所述待验证密文执行证书验证操作,得到验证结果;109. Perform a certificate verification operation on the ciphertext to be verified according to the certificate database to obtain a verification result;

具体的,在所述证书数据库中,对所述待验证密文执行匹配操作,以判断是否存在所述待验证密文对应的目标密文;若所述证书数据库中存在所述目标密文,将软件可信作为验证结果;若所述证书数据库中不存在所述目标密文,将软件不可信作为验证结果。Specifically, in the certificate database, a matching operation is performed on the ciphertext to be verified to determine whether there is a target ciphertext corresponding to the ciphertext to be verified; if the target ciphertext exists in the certificate database, the software is considered to be credible as a verification result; if the target ciphertext does not exist in the certificate database, the software is considered to be untrustworthy as a verification result.

110、根据所述验证结果响应所述软件安装请求。110. Respond to the software installation request according to the verification result.

具体的,步骤110之后还包括以下具体实施方式:Specifically, step 110 also includes the following specific implementations:

111、当所述验证结果为软件可信时,输出允许安装的提示信息,以响应所述软件安装请求;111. When the verification result shows that the software is credible, output a prompt message allowing installation to respond to the software installation request;

112、当所述验证结果为软件不可信时,输出预警提示信息,以响应所述软件安装请求。112. When the verification result is that the software is untrustworthy, output a warning prompt message to respond to the software installation request.

在步骤111-112中,通过输出不同提示信息,可以有效降低恶意软件或病毒的传播风险,避免安装不可信软件对系统造成损害,提高系统整体的安全性和稳定性。In steps 111-112, by outputting different prompt information, the risk of malware or virus transmission can be effectively reduced, damage to the system caused by installing untrusted software can be avoided, and the overall security and stability of the system can be improved.

具体的,参照图3,图3为本发明实施例中软件的安全认证方法的110步骤之后的一个具体实施例示意图,110步骤之后包括以下具体实施方式:Specifically, referring to FIG. 3 , FIG. 3 is a schematic diagram of a specific embodiment after step 110 of the software security authentication method in an embodiment of the present invention, and the following specific implementation methods are included after step 110:

113、检测所述软件注册信息的内部传输状态;113. Detecting the internal transmission status of the software registration information;

114、当所述内部传输状态为正在传输中,对软件注册信息执行字符加密操作,得到软件注册信息密文;114. When the internal transmission state is transmitting, perform a character encryption operation on the software registration information to obtain a ciphertext of the software registration information;

具体的,参照图4,图4为本发明实施例中软件的安全认证方法的114步骤的一个具体实施例示意图,114步骤还包括以下具体实施方式:Specifically, referring to FIG. 4 , FIG. 4 is a schematic diagram of a specific embodiment of step 114 of the software security authentication method in an embodiment of the present invention, and step 114 also includes the following specific implementation methods:

1141、将所述软件注册信息编码为信息字符串;1141. Encode the software registration information into an information string;

1142、将所述信息字符串分割为预设长度的多个子信息字符串,其中,最后一组子信息字符串的字符长度小于所述预设长度时,将最后一组子信息字符串单独分为一组;1142. Divide the information string into a plurality of sub-information strings of a preset length, wherein when the character length of the last group of sub-information strings is less than the preset length, divide the last group of sub-information strings into a separate group;

1143、将多个子信息字符串中相邻两组之间的首尾字符交叉互换,得到多个目标子信息字符串,其中,所述子信息字符串的数量为奇数时,最后一组子信息字符串不参与字符互换,所述子信息字符串的数量为偶数且最后一组子信息字符串的字符小于所述预设长度时,最后两组子信息字符串不参与字符互换;1143. Cross-exchange the first and last characters between two adjacent groups of the multiple sub-information character strings to obtain multiple target sub-information character strings, wherein when the number of the sub-information character strings is an odd number, the last group of sub-information character strings does not participate in the character exchange, and when the number of the sub-information character strings is an even number and the characters of the last group of sub-information character strings are less than the preset length, the last two groups of sub-information character strings do not participate in the character exchange;

1144、将多个目标子信息字符串重组,得到软件注册信息密文。1144. Reassemble multiple target sub-information character strings to obtain the software registration information ciphertext.

其中,假设软件注册信息进行编码后为“e+i9r+S7tuS/oeaBr++8mjEyMzQ1Nn0=”It is assumed that the software registration information is encoded as "e+i9r+S7tuS/oeaBr++8mjEyMzQ1Nn0="

将字符按照5个字符为一组的方式分开,即:Separate the characters into groups of 5, that is:

“e+i9r”;"e+i9r";

“+S7tu”;"+S7tu";

“S/oea”;"S/oea";

“Br++8”;"Br++8";

“mjEyM”;"mjEyM";

“zQ1Nn”;"zQ1Nn";

“0=”。“0=”.

将相邻的两组字符的首尾字符进行交叉替换(最后一组不足5位的则不用管,组总数为单数的最后一组不用管),即:Replace the first and last characters of two adjacent groups of characters alternately (the last group with less than 5 characters is ignored, and the last group with an odd number of characters is ignored), that is:

“u+i9+”;"u+i9+";

“rS7te”;"rS7te";

“8/oeB”;"8/oeB";

“ar++S”;"ar++S";

“njEyz”;"njEyz";

“MQ1Nm”;"MQ1Nm";

“0=。“0=.

再将数据组合起来就得到软件注册信息密文。Then combine the data to get the ciphertext of software registration information.

当需要使用软件注册信息的时候,只需要将数据按照5个字符一组的方式,然后按照两两一组的方式首尾交叉字符即可。When you need to use software registration information, you only need to arrange the data in groups of 5 characters, and then cross the characters at the beginning and end in groups of two.

在步骤1041-1044中,只要软件注册信息处于传输状态就进行加密,未处于传输状态就进行解密,在不影响数据正常使用的情况下,提高了软件注册信息在内部隐蔽性,例如数据被拦截,软件的安全认证设备无法及时解密,被拦截的数据会定格在加密状态,若是正常停止传输状态,无需用户手动解密。In steps 1041-1044, the software registration information is encrypted as long as it is in the transmission state, and is decrypted when it is not in the transmission state. This improves the internal confidentiality of the software registration information without affecting the normal use of the data. For example, if the data is intercepted, the software's security authentication device cannot decrypt it in time, and the intercepted data will be frozen in the encrypted state. If the transmission state is stopped normally, the user does not need to manually decrypt it.

115、当所述内部传输状态为非传输状态,且软件注册信息被加密为所述软件注册信息密文时,对所述软件注册信息执行字符解密操作。115. When the internal transmission state is a non-transmission state and the software registration information is encrypted into the software registration information ciphertext, perform a character decryption operation on the software registration information.

在步骤113-115中,通过检测和加密传输中的软件注册信息,可以有效防止在传输过程中的数据被恶意窃取或篡改,保障注册信息的机密性和完整性,从而提高数据安全性。In steps 113-115, by detecting and encrypting the software registration information in transmission, it is possible to effectively prevent the data from being maliciously stolen or tampered with during the transmission process, thereby ensuring the confidentiality and integrity of the registration information, thereby improving data security.

可选的,检测是否接收到授权终端发起的证书获取请求;若检测到所述证书获取请求时,根据所述证书获取请求携带的软件唯一标识符,在所述证书数据库中查询出所述软件唯一标识符对应的待解密密文;根据预设的解密算法,将所述待解密密文还原为待输出签名证书;将所述待输出签名证书发送至所述授权终端,以响应所述证书获取请求。其中,通过检测授权终端发起的证书获取请求,系统可以验证请求的合法性,避免未经授权的访问,从而增强系统的安全性。根据证书获取请求携带的软件唯一标识符在证书数据库中查询待解密密文,并经过预设的解密算法还原为待输出签名证书,有效保护了证书数据的机密性,防止敏感信息泄露。Optionally, detect whether a certificate acquisition request initiated by an authorized terminal is received; if the certificate acquisition request is detected, query the certificate database for the ciphertext to be decrypted corresponding to the software unique identifier carried in the certificate acquisition request; restore the ciphertext to be decrypted to a signature certificate to be output according to a preset decryption algorithm; send the signature certificate to be output to the authorized terminal in response to the certificate acquisition request. Among them, by detecting the certificate acquisition request initiated by the authorized terminal, the system can verify the legitimacy of the request and avoid unauthorized access, thereby enhancing the security of the system. The ciphertext to be decrypted is queried in the certificate database according to the software unique identifier carried in the certificate acquisition request, and is restored to the signature certificate to be output through a preset decryption algorithm, which effectively protects the confidentiality of the certificate data and prevents the leakage of sensitive information.

在本发明实施例中,软件的安全认证设备通过证书生成、编码、加密等操作,可有效防止签名证书被篡改,提升了软件的整体安全性。采用加密文件发送和验证操作,可有效阻止未经授权的软件安装请求,降低软件被非法传播,保护了软件开发者的合法权益。通过对待验证密文进行证书验证操作,可准确判断证书的有效性,确保软件安装过程中所使用的证书合法可信,进一步提高了软件安装的安全性。在实际应用中,即使加密文件被窃取,窃取者也无法还原出签名证书,因此,还提高了用户隐私的数据安全,本方法进行软件安装时,降低了开发者隐私泄露和非法软件安装的安全风险。In an embodiment of the present invention, the software security authentication device can effectively prevent the signature certificate from being tampered with through operations such as certificate generation, encoding, and encryption, thereby improving the overall security of the software. The use of encrypted file sending and verification operations can effectively prevent unauthorized software installation requests, reduce the illegal dissemination of software, and protect the legitimate rights and interests of software developers. By performing certificate verification operations on the ciphertext to be verified, the validity of the certificate can be accurately judged to ensure that the certificate used in the software installation process is legal and credible, further improving the security of software installation. In actual applications, even if the encrypted file is stolen, the thief cannot restore the signature certificate. Therefore, the data security of user privacy is also improved. When the method is used to install software, the security risks of developer privacy leakage and illegal software installation are reduced.

图5是本发明实施例提供的一种软件的安全认证设备的结构示意图,该软件的安全认证设备500可因配置或性能不同而产生比较大的差异,可以包括一个或一个以上处理器(central processing units,CPU)510(例如,一个或一个以上处理器)和存储器520,一个或一个以上存储应用程序533或数据532的存储介质530(例如一个或一个以上海量存储设备)。其中,存储器520和存储介质530可以是短暂存储或持久存储。存储在存储介质530的程序可以包括一个或一个以上模块(图示没标出),每个模块可以包括对软件的安全认证设备500中的一系列指令操作。更进一步地,处理器510可以设置为与存储介质530通信,在软件的安全认证设备500上执行存储介质530中的一系列指令操作。FIG5 is a schematic diagram of the structure of a software security authentication device provided by an embodiment of the present invention. The software security authentication device 500 may have relatively large differences due to different configurations or performances, and may include one or more processors (central processing units, CPU) 510 (for example, one or more processors) and a memory 520, and one or more storage media 530 (for example, one or more mass storage devices) storing application programs 533 or data 532. Among them, the memory 520 and the storage medium 530 can be short-term storage or permanent storage. The program stored in the storage medium 530 may include one or more modules (not shown in the figure), and each module may include a series of instruction operations in the software security authentication device 500. Furthermore, the processor 510 can be configured to communicate with the storage medium 530 and execute a series of instruction operations in the storage medium 530 on the software security authentication device 500.

基于软件的安全认证设备500还可以包括一个或一个以上电源540,一个或一个以上有线或无线网络接口550,一个或一个以上输入输出接口560,和/或,一个或一个以上操作系统531,例如Windows Serve,Mac OS X,Unix,Linux,Free BSD等等。本领域技术人员可以理解,图5示出的软件的安全认证设备结构并不构成对基于软件的安全认证设备的限定,可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件布置。The software-based security authentication device 500 may also include one or more power supplies 540, one or more wired or wireless network interfaces 550, one or more input and output interfaces 560, and/or one or more operating systems 531, such as Windows Serve, Mac OS X, Unix, Linux, Free BSD, etc. Those skilled in the art will appreciate that the software security authentication device structure shown in FIG. 5 does not constitute a limitation on the software-based security authentication device, and may include more or fewer components than shown in the figure, or combine certain components, or arrange components differently.

本发明还提供一种计算机可读存储介质,该计算机可读存储介质可以为非易失性计算机可读存储介质,该计算机可读存储介质也可以为易失性计算机可读存储介质,所述计算机可读存储介质中存储有指令,当所述指令在计算机上运行时,使得计算机执行所述软件的安全认证方法的步骤。The present invention also provides a computer-readable storage medium, which may be a non-volatile computer-readable storage medium or a volatile computer-readable storage medium. Instructions are stored in the computer-readable storage medium. When the instructions are executed on a computer, the computer executes the steps of the software security authentication method.

在本公开的上下文中,机器可读介质可以是有形的介质,其可以包含或存储以供指令执行系统、装置或设备使用或与指令执行系统、装置或设备结合地使用的程序。机器可读介质可以是机器可读信号介质或机器可读储存介质。机器可读介质可以包括但不限于电子的、磁性的、光学的、电磁的、红外的、或半导体系统、装置或设备,或者上述内容的任何合适组合。机器可读存储介质的更具体示例会包括基于一个或多个线的电气连接、便携式计算机盘、硬盘、随机存取存储器(RAM)、只读存储器(ROM)、可擦除可编程只读存储器(EPROM或快闪存储器)、光纤、便捷式紧凑盘只读存储器(CD-ROM)、光学储存设备、磁储存设备、或上述内容的任何合适组合。In the context of the present disclosure, a machine-readable medium may be a tangible medium that may contain or store a program for use by or in conjunction with an instruction execution system, device, or equipment. A machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. A machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, device, or equipment, or any suitable combination of the foregoing. A more specific example of a machine-readable storage medium may include an electrical connection based on one or more lines, a portable computer disk, a hard disk, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disk read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.

此外,虽然采用特定次序描绘了各操作,但是这应当理解为要求这样操作以所示出的特定次序或以顺序次序执行,或者要求所有图示的操作应被执行以取得期望的结果。在一定环境下,多任务和并行处理可能是有利的。同样地,虽然在上面论述中包含了若干具体实现细节,但是这些不应当被解释为对本公开的范围的限制。在单独的实施例的上下文中描述的某些特征还可以组合地实现在单个实现中。相反地,在单个实现的上下文中描述的各种特征也可以单独地或以任何合适的子组合的方式实现在多个实现中。In addition, although each operation is described in a specific order, this should be understood as requiring such operation to be performed in the specific order shown or in a sequential order, or requiring that all illustrated operations should be performed to obtain desired results. Under certain circumstances, multitasking and parallel processing may be advantageous. Similarly, although some specific implementation details are included in the above discussion, these should not be interpreted as limiting the scope of the present disclosure. Some features described in the context of a separate embodiment can also be implemented in a single implementation in combination. On the contrary, the various features described in the context of a single implementation can also be implemented in multiple implementations individually or in any suitable sub-combination mode.

尽管已经采用特定于结构特征和/或方法逻辑动作的语言描述了本主题,但是应当理解所附权利要求书中所限定的主题未必局限于上面描述的特定特征或动作。相反,上面所描述的特定特征和动作仅仅是实现权利要求书的示例形式。Although the subject matter has been described in language specific to structural features and/or methodological logical actions, it should be understood that the subject matter defined in the appended claims is not necessarily limited to the specific features or actions described above. On the contrary, the specific features and actions described above are merely example forms of implementing the claims.

Claims (10)

1.一种软件的安全认证方法,其特征在于,所述软件的安全认证方法包括:1. A software security authentication method, characterized in that the software security authentication method comprises: 接收到软件注册请求时,根据所述软件注册请求携带的软件注册信息,执行证书生成操作,得到签名证书;When receiving a software registration request, executing a certificate generation operation according to the software registration information carried in the software registration request to obtain a signed certificate; 将所述签名证书编码为证书字符串;Encode the signature certificate into a certificate string; 以2个字符长度为互换单位,对所述证书字符串执行字符互换操作,得到密文,其中,所述证书字符串的字符数量为单数时,最后一个字符不参与互换;Taking the length of two characters as the swapping unit, performing a character swapping operation on the certificate character string to obtain a ciphertext, wherein when the number of characters in the certificate character string is odd, the last character does not participate in the swapping; 将所述密文备份至预设的证书数据库,并对所述密文执行转文件操作,得到证书文件;Backing up the ciphertext to a preset certificate database, and performing a file conversion operation on the ciphertext to obtain a certificate file; 对所述证书文件执行文件加密操作,得到加密文件;Performing a file encryption operation on the certificate file to obtain an encrypted file; 将所述加密文件发送至开发者终端,并检测是否接收到软件安装请求;Sending the encrypted file to the developer terminal and detecting whether a software installation request is received; 接收到软件安装请求时,读取所述软件安装请求携带的待验证加密文件;When receiving a software installation request, reading the encrypted file to be verified carried in the software installation request; 对所述待验证加密文件,执行还原操作,得到待验证密文;Performing a restoration operation on the encrypted file to be verified to obtain the ciphertext to be verified; 根据所述证书数据库,对所述待验证密文执行证书验证操作,得到验证结果;According to the certificate database, performing a certificate verification operation on the ciphertext to be verified to obtain a verification result; 根据所述验证结果响应所述软件安装请求。The software installation request is responded to according to the verification result. 2.根据权利要求1所述的软件的安全认证方法,其特征在于,所述根据所述证书数据库,对所述待验证密文执行证书验证操作,得到验证结果的步骤包括:2. The software security authentication method according to claim 1, characterized in that the step of performing a certificate verification operation on the ciphertext to be verified according to the certificate database to obtain a verification result comprises: 在所述证书数据库中,对所述待验证密文执行匹配操作,以判断是否存在所述待验证密文对应的目标密文;In the certificate database, performing a matching operation on the ciphertext to be verified to determine whether there is a target ciphertext corresponding to the ciphertext to be verified; 若所述证书数据库中存在所述目标密文,将软件可信作为验证结果;If the target ciphertext exists in the certificate database, taking the software as credible as the verification result; 若所述证书数据库中不存在所述目标密文,将软件不可信作为验证结果。If the target ciphertext does not exist in the certificate database, the software is regarded as untrustworthy as a verification result. 3.根据权利要求1所述的软件的安全认证方法,其特征在于,所述对所述待验证加密文件,执行还原操作,得到待验证密文的步骤包括:3. The software security authentication method according to claim 1, wherein the step of performing a restoration operation on the encrypted file to be verified to obtain the ciphertext to be verified comprises: 根据预设密码对所述待验证加密文件执行解密操作,得到待验证证书文件;Perform a decryption operation on the encrypted file to be verified according to a preset password to obtain a certificate file to be verified; 提取所述待验证证书文件中预设文本文档记录的字符串,得到待验证密文。The character string recorded in the preset text document in the certificate file to be verified is extracted to obtain the ciphertext to be verified. 4.根据权利要求1所述的软件的安全认证方法,其特征在于,所述根据所述验证结果响应所述软件安装请求的步骤包括:4. The software security authentication method according to claim 1, wherein the step of responding to the software installation request according to the verification result comprises: 当所述验证结果为软件可信时,输出允许安装的提示信息,以响应所述软件安装请求;When the verification result shows that the software is credible, outputting a prompt message allowing installation to respond to the software installation request; 当所述验证结果为软件不可信时,输出预警提示信息,以响应所述软件安装请求。When the verification result shows that the software is untrustworthy, a warning prompt message is output to respond to the software installation request. 5.根据权利要求1所述的软件的安全认证方法,其特征在于,所述根据所述软件注册信息,执行证书生成操作,得到签名证书的步骤之前,所述方法还包括:5. The software security authentication method according to claim 1, characterized in that before the step of performing a certificate generation operation according to the software registration information to obtain a signature certificate, the method further comprises: 检测所述软件注册信息的内部传输状态;Detecting the internal transmission status of the software registration information; 当所述内部传输状态为正在传输中,对软件注册信息执行字符加密操作,得到软件注册信息密文;When the internal transmission state is transmitting, performing a character encryption operation on the software registration information to obtain a ciphertext of the software registration information; 当所述内部传输状态为非传输状态,且软件注册信息被加密为所述软件注册信息密文时,对所述软件注册信息执行字符解密操作。When the internal transmission state is a non-transmission state and the software registration information is encrypted into the software registration information ciphertext, a character decryption operation is performed on the software registration information. 6.根据权利要求5所述的软件的安全认证方法,其特征在于,所述对所述软件注册信息执行字符加密操作的步骤包括:6. The software security authentication method according to claim 5, characterized in that the step of performing character encryption operation on the software registration information comprises: 将所述软件注册信息编码为信息字符串;Encoding the software registration information into an information string; 将所述信息字符串分割为预设长度的多个子信息字符串,其中,最后一组子信息字符串的字符长度小于所述预设长度时,将最后一组子信息字符串单独分为一组;Dividing the information string into a plurality of sub-information strings of a preset length, wherein when the character length of the last group of sub-information strings is less than the preset length, the last group of sub-information strings is divided into a separate group; 将多个子信息字符串中相邻两组之间的首尾字符交叉互换,得到多个目标子信息字符串,其中,所述子信息字符串的数量为奇数时,最后一组子信息字符串不参与字符互换,所述子信息字符串的数量为偶数且最后一组子信息字符串的字符小于所述预设长度时,最后两组子信息字符串不参与字符互换;Cross-exchange the first and last characters between two adjacent groups of the multiple sub-information character strings to obtain multiple target sub-information character strings, wherein when the number of the sub-information character strings is an odd number, the last group of sub-information character strings does not participate in the character exchange, and when the number of the sub-information character strings is an even number and the characters of the last group of sub-information character strings are less than the preset length, the last two groups of sub-information character strings do not participate in the character exchange; 将多个目标子信息字符串重组,得到软件注册信息密文。Recombine multiple target sub-information character strings to obtain the software registration information ciphertext. 7.根据权利要求1所述的软件的安全认证方法,其特征在于,所述对所述证书文件执行文件加密操作,得到加密文件的步骤包括:7. The software security authentication method according to claim 1, wherein the step of performing a file encryption operation on the certificate file to obtain an encrypted file comprises: 生成预设位数的随机数;Generate a random number with a preset number of digits; 将所述随机数作为预设密码,对所述证书文件执行文件加密操作,得到加密文件。The random number is used as a preset password, and a file encryption operation is performed on the certificate file to obtain an encrypted file. 8.根据权利要求1所述的软件的安全认证方法,其特征在于,所述将所述加密文件发送至开发者终端,并检测是否接收到软件安装请求的步骤之后,所述方法还包括:8. The software security authentication method according to claim 1, characterized in that after the step of sending the encrypted file to the developer terminal and detecting whether a software installation request is received, the method further comprises: 检测是否接收到授权终端发起的证书获取请求;Detect whether a certificate acquisition request initiated by an authorized terminal is received; 若检测到所述证书获取请求时,根据所述证书获取请求携带的软件唯一标识符,在所述证书数据库中查询出所述软件唯一标识符对应的待解密密文;If the certificate acquisition request is detected, query the certificate database for the ciphertext to be decrypted corresponding to the software unique identifier carried in the certificate acquisition request; 根据预设的解密算法,将所述待解密密文还原为待输出签名证书;According to a preset decryption algorithm, the ciphertext to be decrypted is restored to a signature certificate to be output; 将所述待输出签名证书发送至所述授权终端,以响应所述证书获取请求。The to-be-output signed certificate is sent to the authorized terminal in response to the certificate acquisition request. 9.一种软件的安全认证设备,其特征在于,所述软件的安全认证设备包括:存储器和至少一个处理器,所述存储器中存储有指令,所述存储器和所述至少一个处理器通过线路互连;9. A software security authentication device, characterized in that the software security authentication device comprises: a memory and at least one processor, the memory stores instructions, and the memory and the at least one processor are interconnected through a line; 所述至少一个处理器调用所述存储器中的所述指令,以使得所述软件的安全认证设备执行如权利要求1-8中任一项所述的软件的安全认证方法。The at least one processor calls the instruction in the memory so that the software security authentication device executes the software security authentication method as described in any one of claims 1-8. 10.一种计算机可读存储介质,所述计算机可读存储介质上存储有计算机程序,其特征在于,所述计算机程序被处理器执行时实现如权利要求1-8中任一项所述的软件的安全认证方法。10. A computer-readable storage medium having a computer program stored thereon, wherein when the computer program is executed by a processor, the software security authentication method according to any one of claims 1 to 8 is implemented.
CN202410361555.2A 2024-03-28 2024-03-28 Software security authentication method, device and storage medium Active CN118228210B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410361555.2A CN118228210B (en) 2024-03-28 2024-03-28 Software security authentication method, device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410361555.2A CN118228210B (en) 2024-03-28 2024-03-28 Software security authentication method, device and storage medium

Publications (2)

Publication Number Publication Date
CN118228210A true CN118228210A (en) 2024-06-21
CN118228210B CN118228210B (en) 2025-01-28

Family

ID=91506076

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410361555.2A Active CN118228210B (en) 2024-03-28 2024-03-28 Software security authentication method, device and storage medium

Country Status (1)

Country Link
CN (1) CN118228210B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN118842655A (en) * 2024-09-23 2024-10-25 合肥天帷信息安全技术有限公司 Dynamic authentication method, dynamic authentication device, electronic equipment and storage medium

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103078858A (en) * 2012-12-31 2013-05-01 上海同岩土木工程科技有限公司 Web service and signature certificate-based software trial authorization method
CN103491097A (en) * 2013-09-30 2014-01-01 华中师范大学 Software authorization system based on public key cryptosystem
CN103577206A (en) * 2012-07-27 2014-02-12 北京三星通信技术研究有限公司 Method and device for installing application software
CN104361267A (en) * 2014-11-19 2015-02-18 厦门海迈科技股份有限公司 Software authorization and protection device and method based on asymmetric cryptographic algorithm
CN110008659A (en) * 2019-03-29 2019-07-12 深圳华锐金融技术股份有限公司 Outline management method, apparatus, computer equipment and the storage medium of software license
CN110968844A (en) * 2019-12-02 2020-04-07 卫盈联信息技术(深圳)有限公司 Software authorization method in off-line state, server and readable storage medium
CN112528236A (en) * 2020-12-18 2021-03-19 深圳竹云科技有限公司 Application software authorization method based on virtual machine
CN115080927A (en) * 2022-06-14 2022-09-20 杭州安恒信息技术股份有限公司 Software authorization method, device, system and storage medium

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103577206A (en) * 2012-07-27 2014-02-12 北京三星通信技术研究有限公司 Method and device for installing application software
CN103078858A (en) * 2012-12-31 2013-05-01 上海同岩土木工程科技有限公司 Web service and signature certificate-based software trial authorization method
CN103491097A (en) * 2013-09-30 2014-01-01 华中师范大学 Software authorization system based on public key cryptosystem
CN104361267A (en) * 2014-11-19 2015-02-18 厦门海迈科技股份有限公司 Software authorization and protection device and method based on asymmetric cryptographic algorithm
CN110008659A (en) * 2019-03-29 2019-07-12 深圳华锐金融技术股份有限公司 Outline management method, apparatus, computer equipment and the storage medium of software license
CN110968844A (en) * 2019-12-02 2020-04-07 卫盈联信息技术(深圳)有限公司 Software authorization method in off-line state, server and readable storage medium
CN112528236A (en) * 2020-12-18 2021-03-19 深圳竹云科技有限公司 Application software authorization method based on virtual machine
CN115080927A (en) * 2022-06-14 2022-09-20 杭州安恒信息技术股份有限公司 Software authorization method, device, system and storage medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
仝兆岐主编: "《计算机网络》", 30 June 1995, pages: 167 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN118842655A (en) * 2024-09-23 2024-10-25 合肥天帷信息安全技术有限公司 Dynamic authentication method, dynamic authentication device, electronic equipment and storage medium
CN118842655B (en) * 2024-09-23 2025-01-14 合肥天帷信息安全技术有限公司 Dynamic authentication method, dynamic authentication device, electronic equipment and storage medium

Also Published As

Publication number Publication date
CN118228210B (en) 2025-01-28

Similar Documents

Publication Publication Date Title
CN105260663B (en) A kind of safe storage service system and method based on TrustZone technologies
JP6370722B2 (en) Inclusive verification of platform to data center
JP4664398B2 (en) Incremental code signing method and apparatus
US7953977B2 (en) Security and ticketing system control and management
JP4774049B2 (en) Method and program for secure inter-platform and intra-platform communication
US6986041B2 (en) System and method for remote code integrity in distributed systems
JP2014505943A (en) System and method for tamper resistant boot processing
CN1509546A (en) Platform and method for safely transmitting authorization data
JPH0816104A (en) Method and device for verifying information security with dispersed collator
JP2008507203A (en) Method for transmitting a direct proof private key in a signed group to a device using a distribution CD
CN105099705A (en) A secure communication method and system based on USB protocol
JP4616345B2 (en) A method for directly distributing a certification private key to a device using a distribution CD
US9367700B2 (en) System and method for establishing a shared secret for communication between different security domains
CN110837634B (en) Electronic signature method based on hardware encryption machine
CN112346759A (en) A firmware upgrade method, device and computer-readable storage medium
CN116388992A (en) Remote authentication method and device for distributed TEE application
CN118228210B (en) Software security authentication method, device and storage medium
CN119892522A (en) Load method and electronic equipment for trusted loading of load control terminal program
US7779269B2 (en) Technique for preventing illegal invocation of software programs
US20220166608A1 (en) Method for end entity attestation
CN114942729A (en) Data safety storage and reading method for computer system
CN111831978A (en) A method and device for protecting configuration files
CN114091072A (en) Data processing method and device
CN112613033A (en) Method and device for safely calling executable file
CN114553566B (en) Data encryption method, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant