Hardware authorization method and system

文档序号：153429 发布日期：2021-10-26 浏览：47次中文

阅读说明：本技术 一种硬件的授权方法及系统 (Hardware authorization method and system ) 是由林鹏程陈中林家贵于 2021-09-18 设计创作，主要内容包括：本发明公开了一种硬件的授权方法,包括生产测试步骤和硬件使用步骤：所述生产测试步骤,包括：S11：采集硬件属性信息生成机器码,所述硬件属性信息包含硬件生产日期、硬件序号以及硬件型号信息；S12：将所述机器码发送至服务器进行验证,具体为：服务器将该机器码与其上预存储的待授权机器码列表进行比对,若该机器码在待授权列表中则通过验证；S13：机器码验证通过后,服务器将所述机器码进行加密形成加密字符串,并将加密字符串发送至硬件；S14：硬件将收到的加密字符串存储到硬件的otp存储空间内；本发明的硬件授权方法采用硬件的生产日期、硬件序号以及硬件型号信息作为机器码,可以与生产日期及生产数量挂钩,可以对当前日期的生产数量及进度进行管理。(The invention discloses a hardware authorization method, which comprises the steps of production test and hardware use: the production testing step comprises the following steps: s11: acquiring hardware attribute information to generate a machine code, wherein the hardware attribute information comprises hardware production date, hardware serial number and hardware model information; s12: and sending the machine code to a server for verification, specifically: the server compares the machine code with a pre-stored list of machine codes to be authorized, and if the machine code is in the list to be authorized, the machine code passes verification; s13: after the machine code passes verification, the server encrypts the machine code to form an encrypted character string and sends the encrypted character string to hardware; s14: the hardware stores the received encryption character string in otp storage space of the hardware; the hardware authorization method adopts the production date, the hardware serial number and the hardware model information of the hardware as machine codes, can be hooked with the production date and the production quantity, and can manage the production quantity and the progress of the current date.)

1. A hardware authorization method comprises a production test step and a hardware use step:

the production testing step comprises the following steps:

s11: acquiring hardware attribute information to generate a machine code, wherein the hardware attribute information comprises hardware production date, hardware serial number and hardware model information;

s12: and sending the machine code to a server for verification, specifically: the server compares the machine code with a pre-stored list of machine codes to be authorized, and if the machine code is in the list to be authorized, the machine code passes verification;

s13: after the machine code passes verification, the server encrypts the machine code to form an encrypted character string and sends the encrypted character string to hardware;

s14: the hardware stores the received encryption character string in otp storage space of the hardware;

the hardware using step comprises:

s21: reading the information in the storage space of the hardware otp, decrypting the encrypted string information in the storage space of the hardware otp through software on the hardware, and if the decrypted information is a legal machine code, determining that the hardware is authorized, and allowing the hardware to use the software function on the hardware.

2. An authorization method for a device according to claim 1, wherein the collecting of the hardware attribute information in step S11 generates a machine code, including:

configuring the server to: according to the production plan, making a list of machine codes to be authorized, specifically: extracting the production date, the hardware model and the hardware serial number information of the hardware to be produced, and generating a machine code and a machine code two-dimensional code after combination;

marking the machine code to be authorized and the corresponding two-dimensional code on the corresponding hardware body;

and scanning the machine code two-dimensional code on the hardware body through code scanning equipment to acquire machine code information.

3. The method as claimed in claim 1, wherein the step S21, after reading the information in the storage space of the hardware otp, further includes: if otp there is no content in the storage space, the hardware is determined to fail the production test.

4. A method of hardware authorization as claimed in claim 1, further comprising the step of software upgrade:

s31: sending an upgrade request to a server, wherein the upgrade request comprises the read information in the storage space of the hardware otp;

s32: the server decrypts and restores the machine code information of the hardware after receiving the upgrading request, compares the machine code with a machine code list to be upgraded on the server, and sends a corresponding upgrading software file to the hardware if the machine code needs to be upgraded;

the server is configured to: according to the software information to be upgraded, matching the production date, the hardware model and the hardware serial number information corresponding to the hardware to be upgraded, forming a machine code list to be upgraded according to the coding rules, and configuring a corresponding upgrading software file for the machine code to be upgraded.

5. A hardware authorization method according to claim 4, characterized in that: the encryption information in step S31 further includes the current system time of the hardware, the server decrypts and restores the machine code of the hardware and the current system time of the hardware after receiving the encryption information, compares the current system time of the hardware with the current system time of the server, and ignores the upgrade request if the time difference is greater than the preset value.

6. A hardware authorization system, characterized by: comprises a production test unit and a hardware use authorization unit,

the production test unit includes:

the hardware attribute information comprises hardware production date, hardware serial number and hardware model information;

the machine code verification module is used for sending the machine code to a server for verification, and specifically comprises the following steps: the server compares the machine code with a pre-stored list of machine codes to be authorized, and if the machine code is in the list to be authorized, the machine code passes verification;

the server encryption module is used for encrypting the machine code passing the verification to form an encrypted character string and sending the encrypted character string to hardware;

the hardware machine code receiving module is used for receiving the encrypted character string sent by the server and storing the encrypted character string into otp storage space of the hardware;

the hardware usage authorization unit includes:

and the authorization module is used for reading the information in the storage space of the hardware otp, decrypting the encrypted character string information in the storage space of the hardware otp through software on the hardware, and if the decrypted information is a legal machine code, judging that the hardware is authorized and allowing the hardware to use the software function on the hardware.

7. A hardware authorization system according to claim 6, characterized in that: the system further comprises a software upgrading unit, wherein the software upgrading unit comprises:

the upgrading request module is used for sending an upgrading request to the server, wherein the upgrading request comprises the read information in the storage space of the hardware otp;

the server decryption module is used for decrypting the received upgrade request and analyzing the machine code;

and the upgrading verification module is used for comparing the machine code with a list of machine codes to be upgraded on the server, and if the machine code needs upgrading, sending the corresponding upgrading software file to the hardware.

Technical Field

The invention relates to the technical field of electronic information, in particular to a hardware authorization method.

Background

In order to realize the protection of intellectual property of software on the produced hardware, for example, the software on the produced development board is stolen and used on the development boards produced by other companies, so that customers do not need the development boards provided by us any more, and the customers can use the products by purchasing the products of other manufacturers or competitors, which seriously damages the benefits of enterprises. In order to solve the problem of intellectual property protection of a producer product, a common method is to perform software authorization on a hardware product at present, the common method is to perform offline authorization, a unique identifier of production hardware, generally a Mac address, is subjected to software encryption to generate a machine code, and the machine code is decrypted by software, so that corresponding functions of the software can be used only after verification is successful.

For this scheme, the chip may need to contain unique MAC information, and due to offline authorization, the chip is easily cracked by software of other people, for example, the serial number of Window is easily cracked. In addition, some chips may not contain unique MAC address information, and this scheme is difficult to apply.

The online authorization is safer and can monitor the authorization information of the equipment, but due to condition limitation, most of the authorization still adopts the offline authorization, the specified serial number (machine code) is written into the equipment during production, when the production time and the model of the corresponding serial number need to be searched, the information such as the production time and the batch of the equipment is difficult to obtain simply by inquiring the production serial number, and the information tracing of hardware is difficult.

Disclosure of Invention

In order to solve the technical problems, the technical scheme of the invention is as follows:

a hardware authorization method comprises a production test step and a hardware use step:

the production testing step comprises the following steps:

s13: after the machine code passes verification, the server encrypts the machine code to form an encrypted character string and sends the encrypted character string to hardware;

s14: the hardware stores the received encryption character string in otp storage space of the hardware;

the hardware using step comprises:

Further, the collecting the hardware attribute information in step S11 to generate the machine code includes:

marking the machine code to be authorized and the corresponding two-dimensional code on the corresponding hardware body;

and scanning the machine code two-dimensional code on the hardware body through code scanning equipment to acquire machine code information.

Further, after reading the information in the storage space of the hardware otp in step S21, the method further includes: if otp there is no content in the storage space, the hardware is determined to fail the production test.

Further, the hardware authorization method further includes the software upgrading step:

s31: sending an upgrade request to a server, wherein the upgrade request comprises the read information in the storage space of the hardware otp;

the server is configured to: matching production date, hardware model and hardware serial number information corresponding to the hardware to be upgraded according to the software information to be upgraded, forming a machine code list to be upgraded according to coding rules, and configuring a corresponding upgrade software file for the machine code to be upgraded;

further, the encryption information in step S31 further includes the current system time of the hardware, the server decrypts and restores the machine code of the hardware and the current system time of the hardware after receiving the encryption information, compares the current system time of the hardware with the current system time of the server, and ignores the upgrade request if the time difference is greater than the preset value.

A hardware authorization system comprises a production test unit and a hardware use authorization unit,

the production test unit includes:

the hardware attribute information comprises hardware production date, hardware serial number and hardware model information;

the server encryption module is used for encrypting the machine code passing the verification to form an encrypted character string and sending the encrypted character string to hardware;

the hardware machine code receiving module is used for receiving the encrypted character string sent by the server and storing the encrypted character string into otp storage space of the hardware;

the hardware usage authorization unit includes:

Further, the hardware authorization system further includes a software upgrading unit, where the software upgrading unit includes:

the upgrading request module is used for sending an upgrading request to the server, wherein the upgrading request comprises the read information in the storage space of the hardware otp;

the server decryption module is used for decrypting the received upgrade request and analyzing the machine code;

Compared with the prior art, the invention has the following beneficial effects:

1. hardware attribute information is adopted to code a machine, and the machine can be suitable for equipment without a unique Mac; 2. the hardware authorization method adopts the production date, the hardware serial number and the hardware model information of the hardware as the machine code, can be hooked with the production date and the production quantity to quickly form a machine code list, and is compared with the machine code list for verification in the hardware production test stage, the verification shows that the production is finished, and the production quantity and the progress of the current date can be managed; 3. because the hardware needs to be tested and then writes the encrypted machine code into otp space, when the application software detects that no information exists in otp space, the machine is not tested, whether the hardware is tested or not can be judged quickly, and therefore the problem of missing detection of the hardware can be solved; 4. according to the hardware authorization method, the machine code is encrypted at the server end and then returned to the hardware body in the test stage, and is stored in the hardware opt space, application software at the hardware end only needs to read otp the encrypted machine code in the space and decrypt the encrypted machine code, authorization can be performed if decryption is correct, and if the encrypted machine code in the hardware opt space is incorrect or software cannot decrypt the encrypted information correctly, authorization cannot be passed, so that the problem that the hardware or software is pirated is solved; 5. the two-dimensional code scans the code and realizes the writing-in of OPT, reads simple and easy-to-read serial number, when the equipment goes wrong, can be according to time information and serial number information, model information etc. on the machine code, can directly judge whether be batch problem.

Drawings

FIG. 1 is a flowchart of the steps of the production test of the hardware authorization method of the present invention;

FIG. 2 is a flow chart of the hardware usage steps of the hardware authorization method of the present invention;

fig. 3 is a machine code of the haisi development board according to an embodiment of the present invention.

Detailed Description

The following further describes embodiments of the present invention with reference to the drawings. It should be noted that the description of the embodiments is provided to help understanding of the present invention, but the present invention is not limited thereto. In addition, the technical features involved in the embodiments of the present invention described below may be combined with each other as long as they do not conflict with each other.

A hardware authorization method comprises a production test step and a hardware use step:

the production testing step comprises the following steps:

the acquiring of the hardware attribute information in step S11 to generate the machine code includes:

configuring the server to: according to the production plan, making a list of machine codes to be authorized, specifically: extracting the production date, the hardware model and the hardware serial number information of the hardware to be produced, combining according to a preset rule, and generating a machine code and a machine code two-dimensional code;

marking the machine code to be authorized and the corresponding two-dimensional code on the corresponding hardware body;

and scanning the machine code two-dimensional code on the hardware body through code scanning equipment to acquire machine code information.

According to one embodiment of the invention, when the Haisi HI3559AV100 development board is produced, a machine code is formed by adopting a mode of production date, a board serial number and a board model, and the machine code is printed and pasted on a specified position of an opening board or is marked on the development board through an etching technology. Referring to fig. 3, the machine code of the haisi development board is scanned to 2019120008NLE-AI800, and the 8 th development board produced in 12 months in 2019 can be determined, and the model of the board product is NLE-AI 800.

Specifically, the invention provides an embodiment, a server pre-codes all hardware which is expected to be produced on the same day according to a production plan on the same day according to a sequence number rule, stores the hardware in the server and forms a pre-distribution machine code list, namely a machine code list to be authorized, and simultaneously stores machine code information in the list into a two-dimensional code form; after the hardware is produced, machine code plaintext information and two-dimensional code information are marked at the designated position of the hardware according to the serial number, the plaintext information is convenient for reading out production information, model information and the like of the hardware, and the two-dimensional code information can be conveniently identified and read by code scanning equipment.

After production is completed, hardware testing is carried out, a code scanning gun interface is reserved on the development board, a code scanning gun is connected, and two-dimensional codes on the development board are scanned and read to machine codes.

S12: and sending the machine code to a server for verification, specifically: the server compares the machine code with a pre-stored list of machine codes to be authorized, if the machine code is in the list to be authorized, the machine code passes verification, in one embodiment, the machine code passing verification can be identified as a verified state; indicating that the number on the hardware body is a legitimate machine code for the batch and that the machine code has not been repeatedly verified. Therefore, the authorization condition of hardware can be managed on the server, for example, the authorization quantity can be checked, on the other hand, the tested development board can execute the verification step, and according to the list to be authorized, whether the condition of device missing test exists in the test stage can be checked to prevent the condition of missing test.

S13: after the machine code passes verification, the server encrypts the machine code to form an encrypted character string and sends the encrypted character string to hardware;

s14: the hardware stores the received encryption character string in otp storage space of the hardware;

in the embodiment of the invention, the hardware is a Hai Si development board, the CPU of the development board contains an OTP (one Timer programmable) storage space, and the storage space is characterized in that the storage space is operated by a specific register, and cannot be erased after being written once, namely, the space address can be written once, and the subsequent writing cannot be repeated, but the reading operation can be repeated.

The tested hardware can be put into use, and the hardware using step comprises the following steps:

s21: the information in the storage space of the hardware otp is read, the encrypted character string information in the storage space of the hardware otp is decrypted by software embedded in the hardware, and if the decrypted information is a legal machine code, the hardware is judged to be authorized, and the software function on the hardware is allowed to be used by the hardware.

If otp there is no content in the storage space, the hardware is determined to have not been production tested. Under the condition, if the batch is not tested, the hardware of one batch can be traced back through the machine code on the hardware, so that the subsequent product recall is facilitated.

In an embodiment of the present invention, the software decrypts the encrypted character string, and if the decrypted machine code is information that meets a preset encoding rule, that is, the mode of the production date + the board serial number + the board model in the above embodiment, it is determined that the machine code is a legal machine code, and the software is allowed to run on the hardware.

In the embodiment of the invention, the encryption rule of the machine code by the server side is matched with the decryption rule of the software pair otp space information, so that the device side can restore the machine code plaintext. One way of implementation is as follows: the decryption program is called for the application program in a static library mode, when the algorithm or software of the application program on the development board needs to be used, the decryption program calls the static library to decrypt the information of the opt storage space, and if no information exists in the otp storage space or the stored machine code is not legal, the decrypted code may be a pile of messy codes. This situation indicates that the development board hardware does not match the software on the development board, and may be that the hardware is replaced, not factory-owned, or that the software is not originally installed and cannot be authorized to succeed.

The authorization of the hardware usage steps described above may be performed in an offline state.

The scheme of the invention also comprises a software upgrading step:

s31: sending an upgrade request to a server, wherein the upgrade request comprises the read information in the storage space of the hardware otp, and the server decrypts and restores the machine code information of the hardware after receiving the upgrade request;

s32: comparing the machine code with a list of machine codes to be upgraded on the server, and if the machine code needs to be upgraded, sending a corresponding upgrade software file to hardware;

the scheme of the invention can specify the development board produced in a certain time period or the development board of a specific model produced in a certain time period to carry out batch upgrading. In one embodiment, when software of a certain version needs to be upgraded, production time of an old version needing to be replaced and a targeted development board model are called according to a software version needing to be replaced of the upgraded software, so that machine codes to be upgraded are obtained in batches, and an efficient upgrading scheme is configured for the development board.

The encryption information in step S31 further includes the current system time of the hardware, the server decrypts and restores the machine code of the hardware and the current system time of the hardware after receiving the encryption information, compares the current system time of the hardware with the current system time of the server, and ignores the upgrade request if the time difference is greater than the preset value. Therefore, the risk that the upgrading request is tampered in the communication process can be effectively prevented.

The invention also provides a hardware authorization system, which comprises a production test unit and a hardware use authorization unit,

the production test unit includes:

the hardware attribute information comprises hardware production date, hardware serial number and hardware model information;

the server encryption module is used for encrypting the machine code passing the verification to form an encrypted character string and sending the encrypted character string to hardware;

the hardware machine code receiving module is used for receiving the encrypted character string sent by the server and storing the encrypted character string into otp storage space of the hardware;

the hardware usage authorization unit includes:

Further, the hardware authorization system further includes a software upgrading unit, where the software upgrading unit includes:

the upgrading request module is used for sending an upgrading request to the server, wherein the upgrading request comprises the read information in the storage space of the hardware otp;

the server decryption module is used for decrypting the received upgrade request and analyzing the machine code;

The embodiments of the present invention have been described in detail with reference to the accompanying drawings, but the present invention is not limited to the described embodiments. It will be apparent to those skilled in the art that various changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, and the scope of protection is still within the scope of the invention.

9页详细技术资料下载

上一篇：一种医用注射器针头装配设备

下一篇：基于无监督学习的硬件木马检测系统和信息数据处理方法

Hardware authorization method and system

相关技术

网友询问留言