Board card access verification method and device, electronic equipment and readable storage medium
By generating access ciphertext using board identifier and verification key, the problem of high board access verification cost is solved, achieving security verification while reducing hardware resource requirements.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- CHANGSHA BASILIANG INFORMATION TECH
- Filing Date
- 2022-10-17
- Publication Date
- 2026-07-14
AI Technical Summary
The high verification cost of board access verification in the existing technology is mainly due to the reliance on encryption chips that are not inherent to the board, which increases hardware resources.
By obtaining the target board's verification key, decryption is performed using the board identifier and verification key to generate board access ciphertext, and the consistency of the ciphertext is compared to determine whether access is allowed, thus avoiding dependence on encryption chips.
It reduces the cost of board access verification, improves access security, and reduces the demand for hardware resources.
Smart Images

Figure CN115563602B_ABST
Abstract
Description
Technical Field
[0001] This application relates to the field of data processing technology, and in particular to a board access verification method, apparatus, electronic device, and readable storage medium. Background Technology
[0002] With the continuous development of computer technology, people are paying more and more attention to the security of data during storage or transmission. For example, for hardware control boards (boards), a dedicated encryption chip is usually set on the board. When the host computer needs to access the board to read the board data, the board will perform security verification of the board access based on the algorithm of the encryption chip itself. Since the encryption chip is not the inherent hardware of the board, additional hardware resources are required to protect the security of the board data. Therefore, the current verification cost of board access is high. Summary of the Invention
[0003] The main objective of this application is to provide a board access verification method, apparatus, electronic device, and readable storage medium, aiming to solve the technical problem of high verification cost in the prior art for board access verification.
[0004] To achieve the above objectives, this application provides a board access verification method, the board access verification method comprising:
[0005] Obtain the board verification key corresponding to the target board;
[0006] Based on the target board's board identifier and the board verification key, the target board is decrypted to obtain the board access ciphertext;
[0007] Based on the board access ciphertext and the board verification ciphertext corresponding to the board verification key, determine whether access to the target board is permitted.
[0008] Optionally, the step of determining whether to allow access to the target board based on the board access ciphertext and the board verification ciphertext corresponding to the board verification key includes:
[0009] According to the board ciphertext storage rules, obtain the board verification ciphertext corresponding to the board verification key in the ciphertext storage sub-area of the preset storage area;
[0010] Check whether the board access ciphertext and the board verification ciphertext are consistent;
[0011] If so, then access to the target board is permitted;
[0012] If not, access to the target board is not permitted.
[0013] Optionally, the step of obtaining the board verification key corresponding to the target board includes:
[0014] When an access request from the first host computer to access the target board is detected, the first key storage rule is obtained;
[0015] According to the first key storage rule, the board verification key corresponding to the target board is obtained in the key storage sub-area of the preset storage area.
[0016] Optionally, before the step of obtaining the board verification key corresponding to the target board in the key storage sub-region of the preset storage area according to the first key storage rule, the board access verification method further includes:
[0017] Detect whether the board verification key exists in the preset storage area;
[0018] If not, access to the target board is not permitted.
[0019] Optionally, before the step of obtaining the board verification key corresponding to the target board, the board access verification method further includes:
[0020] Obtain the target board's board identifier and the initial board key sent by the second host computer;
[0021] According to the first key storage rule, the initial key of the board is stored in a preset storage area to obtain the first key storage sub-area for storing the board verification key;
[0022] Based on the board verification key and the board identifier, the target board is encrypted to obtain the board verification ciphertext of the target board;
[0023] According to the board ciphertext storage rules, the board verification ciphertext is stored in other storage sub-areas of the preset storage area besides the first key storage sub-area, to obtain the ciphertext storage sub-area for storing the board verification ciphertext.
[0024] Optionally, the step of storing the board verification ciphertext in a storage sub-region other than the first key storage sub-region in the preset storage area according to the board ciphertext storage rules, to obtain the ciphertext storage sub-region for storing the board verification ciphertext, includes:
[0025] Based on the board identifier, determine the board type of the target board;
[0026] Based on the board type, query the corresponding board encrypted storage rule in the preset board encrypted storage rule library;
[0027] According to the board ciphertext storage rules, the board verification ciphertext is stored in other storage sub-regions of the preset storage area besides the first key storage sub-region, to obtain the ciphertext storage sub-region.
[0028] Optionally, the board access verification method further includes:
[0029] If the target board is found to contain the board verification key, a board interference key is generated.
[0030] According to the second board key storage rule, the board interference key is stored in the preset storage area to obtain the second key storage sub-area for storing the board interference key.
[0031] To achieve the above objectives, this application also provides a board access verification device, the board access verification device comprising:
[0032] The acquisition module is used to obtain the board verification key corresponding to the target board.
[0033] The decryption module is used to decrypt the target board based on the board identifier and the board verification key to obtain the board access ciphertext.
[0034] The determination module is used to determine whether to allow access to the target board based on the board access ciphertext and the board verification ciphertext corresponding to the board verification key.
[0035] Optionally, the determining module is further configured to:
[0036] According to the board ciphertext storage rules, obtain the board verification ciphertext corresponding to the board verification key in the ciphertext storage sub-area of the preset storage area;
[0037] Check whether the board access ciphertext and the board verification ciphertext are consistent;
[0038] If so, then access to the target board is permitted;
[0039] If not, access to the target board is not permitted.
[0040] Optionally, the acquisition module is further configured to:
[0041] When an access request from the first host computer to access the target board is detected, the first key storage rule is obtained;
[0042] According to the first key storage rule, the board verification key corresponding to the target board is obtained in the key storage sub-area of the preset storage area.
[0043] Optionally, the board access verification device is further used for:
[0044] Detect whether the board verification key exists in the preset storage area;
[0045] If not, access to the target board is not permitted.
[0046] Optionally, the board access verification device is further used for:
[0047] Obtain the target board's board identifier and the initial board key sent by the second host computer;
[0048] According to the first key storage rule, the initial key of the board is stored in a preset storage area to obtain the first key storage sub-area for storing the board verification key;
[0049] Based on the board verification key and the board identifier, the target board is encrypted to obtain the board verification ciphertext of the target board;
[0050] According to the board ciphertext storage rules, the board verification ciphertext is stored in other storage sub-areas of the preset storage area besides the first key storage sub-area, to obtain the ciphertext storage sub-area for storing the board verification ciphertext.
[0051] Optionally, the board access verification device is further used for:
[0052] Based on the board identifier, determine the board type of the target board;
[0053] Based on the board type, query the corresponding board encrypted storage rule in the preset board encrypted storage rule library;
[0054] According to the board ciphertext storage rules, the board verification ciphertext is stored in other storage sub-regions of the preset storage area besides the first key storage sub-region, to obtain the ciphertext storage sub-region.
[0055] Optionally, the board access verification device is further used for:
[0056] If the target board is found to contain the board verification key, a board interference key is generated.
[0057] According to the second board key storage rule, the board interference key is stored in the preset storage area to obtain the second key storage sub-area for storing the board interference key.
[0058] This application also provides an electronic device, the electronic device comprising: a memory, a processor, and a program of the board access verification method stored in the memory and executable on the processor, wherein when the program of the board access verification method is executed by the processor, it can implement the steps of the board access verification method as described above.
[0059] This application also provides a computer-readable storage medium storing a program implementing a board access verification method, wherein when the program is executed by a processor, it implements the steps of the board access verification method as described above.
[0060] This application also provides a computer program product, including a computer program that, when executed by a processor, implements the steps of the board access verification method described above.
[0061] This application provides a board access verification method, apparatus, electronic device, and readable storage medium. Specifically, it involves obtaining a board verification key corresponding to a target board; decrypting the target board based on its board identifier and the board verification key to obtain board access ciphertext; and determining whether access to the target board is permitted based on the board access ciphertext and the board verification ciphertext corresponding to the board verification key. In other words, it achieves the goal of determining whether access to the target board is permitted using the board access ciphertext and board verification ciphertext. Since the board access ciphertext and board verification ciphertext do not rely on an encryption chip as a carrier, board access verification can be performed based on the board's existing hardware resources, rather than relying on the encryption chip's own algorithm for security verification. This overcomes the technical drawback of requiring additional hardware resources to protect board data security because the encryption chip is not inherent to the board hardware, thus reducing the verification cost of board access verification. Attached Figure Description
[0062] The accompanying drawings, which are incorporated in and form part of this specification, illustrate embodiments consistent with this application and, together with the description, serve to explain the principles of this application.
[0063] To more clearly illustrate the technical solutions in the embodiments of this application or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, for those skilled in the art, other drawings can be obtained based on these drawings without creative effort.
[0064] Figure 1 This is a flowchart illustrating the first embodiment of the board access verification method of this application;
[0065] Figure 2 This is a flowchart illustrating the second embodiment of the board access verification method of this application;
[0066] Figure 3 This is a schematic diagram of an embodiment of the board access verification device of this application;
[0067] Figure 4This is a schematic diagram of the device structure of the hardware operating environment involved in the board access verification method in this application embodiment.
[0068] The purpose, features, and advantages of this application will be further explained in conjunction with the embodiments and with reference to the accompanying drawings. Detailed Implementation
[0069] To make the above-mentioned objects, features, and advantages of the present invention more apparent and understandable, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present invention, and not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.
[0070] Example 1
[0071] First, it should be understood that an encryption chip is a type of security chip that integrates multiple symmetric and asymmetric algorithms, possesses an extremely high level of security, and can ensure that the keys and information data stored inside cannot be illegally read or tampered with. These chips are typically flash-type, MEC-type, and DSP-type chips. However, they are not inherent hardware of the board. Because they rely on encryption chips, a dedicated encryption chip is placed on the board to ensure the security of board access. However, the security requirements vary in different board access application scenarios. If encryption chips are still used for access security verification, an encryption chip needs to be built into every board, thus increasing the verification cost. Therefore, there is an urgent need for a method to reduce the verification cost of board access.
[0072] This application provides a board access verification method. In the first embodiment of the board access verification method of this application, refer to... Figure 1 The board access verification method includes:
[0073] Step S10: Obtain the board verification key corresponding to the target board;
[0074] Step S20: Decrypt the target board according to the board identifier and the board verification key to obtain the board access ciphertext;
[0075] In this embodiment, it should be noted that the target board is a communication board with a built-in FPGA (Field Programmable Gate Array) program, specifically a laser marking control board or a soldering board, etc. The purpose of performing access security verification on the target board is mainly to prevent the FPGA program from being stolen or the target board from being pirated. Since the board has a socket during manufacturing, it can be inserted into the slot of the computer's main circuit board (motherboard) to control the operation of computer hardware, such as monitors or acquisition cards. Therefore, the access verification of the target board is performed before the target board controls the hardware to perform the corresponding functions. For example, in one feasible approach, the board access verification is performed after the FPGA of the target board is powered on to ensure access security.
[0076] Additionally, it should be noted that the board verification key is a key used to characterize the access security of the target board. Specifically, it can be a random number. The board verification key can be issued by the host computer based on specific instructions, or it can be burned during board manufacturing using a specific burning tool. The board identifier of the target board is a unique identifier that distinguishes the target board from other boards. Specifically, it can be the board ID (Identity Document) value. The board access ciphertext is used to characterize the ciphertext for accessing the target board. The board access ciphertext triggered by the same board powering on at different times, or by different boards powering on at the same time, can be different.
[0077] As an example, steps S10 to S20 include: obtaining the board verification key corresponding to the target board after the target board is powered on; decrypting the target board according to the board identifier of the target board and the board verification key to obtain the board access ciphertext, wherein the algorithm used to decrypt the target board is the same as the algorithm used to encrypt the target board. For example, in one implementable method, assuming C1 is the ciphertext obtained when encrypting the target board and C2 is the board access ciphertext, the encryption operation formula is as follows: C1 = ID ∧ KEY, where ID is the board identifier of the target board and KEY is the board verification key. The ciphertext C1 is obtained by XOR operation of the board identifier of the target board and the board verification key. Therefore, the algorithm used to decrypt the target board is also XOR operation.
[0078] The step of obtaining the board verification key corresponding to the target board includes:
[0079] Step A10: When an access request from the first host computer to access the target board is detected, the first key storage rule is obtained;
[0080] Step A20: According to the first key storage rule, obtain the board verification key corresponding to the target board in the key storage sub-area of the preset storage area.
[0081] In this embodiment, it should be noted that the first host computer is used to represent the computer corresponding to the slot into which the target board's insert is inserted. The access request is used to access the board data of the target board. Specifically, it can be triggered by the user's access operation on the first host computer, or it can be automatically triggered when the user inserts the target board into the running first host computer.
[0082] Additionally, it should be noted that the first key storage rule is used to characterize the storage rule of the board verification key. The first key storage rule can be set by the technicians themselves when manufacturing the target board. The preset storage area is divided by the technicians themselves before performing board access verification and is used to store board access verification data. The board access verification data can specifically be board verification key, board verification ciphertext, and board interference key, etc. The storage capacity of the board verification area can be set by the user, specifically 500KB, 600KB, or 700KB, etc. The key storage sub-area is the storage sub-area of the preset storage area that stores the key. Since the board access verification depends on the board identifier of the target board, even if the board verification key stored in the key storage sub-area is stolen, it will not affect the access security verification of the target board.
[0083] As an example, steps A10 to A20 include: in response to an access request automatically triggered by the user inserting the target board into the first host computer, obtaining a first key storage rule; and reading the board verification key in the encrypted storage sub-area of the preset storage area using the first key storage rule.
[0084] Prior to the step of obtaining the board verification key corresponding to the target board in the key storage sub-region of the preset storage area according to the first key storage rule, the board access verification method further includes:
[0085] Step B10: Detect whether the board verification key exists in the preset storage area;
[0086] Step B20: If not, access to the target board is not allowed.
[0087] In this embodiment, it should be noted that board access verification may be triggered by a technician with management authority due to the need to debug the target board, or it may be triggered when the target board is in an insecure state. For example, when the FPGA program of the target board is copied to another board in its entirety, since the board verification key is stored in the key storage sub-area of the preset storage area, the FPGA will not be able to pass the board access verification normally at this time, and the target board will be in a self-locking state. Therefore, for insecure access verification where only the FPGA program is copied, it can be determined by detecting the board verification key.
[0088] As an example, steps B10 to B20 include: detecting whether the board verification key exists in the key storage sub-area; if the board verification key does not exist in the key storage sub-area, then the first host computer is not allowed to access the target board, and the current state of the target board is switched to the board self-locking state.
[0089] Prior to the step of obtaining the board verification key corresponding to the target board, the board access verification method further includes:
[0090] Step C10: Obtain the target board's board identifier and the initial board key sent by the second host computer;
[0091] Step C20: According to the first key storage rule, the initial key of the board is stored in a preset storage area to obtain the first key storage sub-area for storing the board verification key;
[0092] Step C30: Based on the board verification key and the board identifier, encrypt the target board to obtain the board verification ciphertext of the target board;
[0093] Step C40: According to the board ciphertext storage rules, the board verification ciphertext is stored in other storage sub-areas of the preset storage area besides the first key storage sub-area, to obtain the ciphertext storage sub-area for storing the board verification ciphertext.
[0094] In this embodiment, it should be noted that the second host computer is used to represent the computer that manages the target board, and the initial key of the board is used to represent the key obtained by the target board before it leaves the factory. The initial key of the board can be issued by the second host computer through a special instruction. The special instruction can be triggered by the user's voice or key input operation on the second host computer. Encrypting the target board can ensure the board access verification.
[0095] Additionally, it should be noted that the board verification ciphertext is used to characterize the ciphertext used to verify the target board. For example, in one feasible approach, assuming the board identifier is a board ID value (8 bytes), the board verification ciphertext can be obtained by performing encryption operations based on the board ID value and the board verification key, which can be denoted as byte0, byte1...byte7, where the board verification ciphertext is also 8 bytes.
[0096] Additionally, it should be noted that the key storage sub-region includes a first key storage sub-region. When the initial key of the board is stored in the preset storage region, the sub-region in the preset storage region that stores the initial key of the board is the first key storage sub-region. When the board verification ciphertext is stored in other storage sub-regions in the preset storage region besides the first key storage sub-region, the storage sub-region in the preset storage region that stores the board verification ciphertext is the ciphertext storage sub-region. The size of the ciphertext storage sub-region is determined by the technicians and can be 20 bytes, 25 bytes, or 30 bytes, etc. The board ciphertext storage rule is used to characterize the storage rules of the board verification ciphertext. The encrypted storage rules for the board can be set by the technicians themselves when manufacturing the target board. For example, in one feasible approach, assuming the size of the sub-region of the encrypted storage sub-region is 32 bytes, denoted as E0, E1...E30, E31, and the encrypted verification of the board is 8 bytes, denoted as byte0, byte1...byte7, then the encrypted storage rules for the board can be: byte0 stored in E9, byte1 stored in E12, byte2 stored in E3, byte3 stored in E6, byte4 stored in E19, byte5 stored in E11, byte6 stored in E23, and byte7 stored in E0.
[0097] As an example, steps C10 to C40 include: obtaining the board identifier of the target board and receiving the board initial key sent by the second host computer; storing the board initial key in a preset storage area according to the first key storage rule to obtain a first key storage sub-area storing the board verification key; performing encryption operation on the target board according to the board verification key and the board identifier to obtain the board verification ciphertext of the target board; and storing the board verification ciphertext in other storage sub-areas of the preset storage area other than the first key storage sub-area based on the board ciphertext storage rule to obtain the ciphertext storage sub-area.
[0098] Step S30: Based on the board access ciphertext and the board verification ciphertext corresponding to the board verification key, determine whether access to the target board is allowed.
[0099] As an example, step S30 includes: determining whether access to the target board is allowed by comparing the board access ciphertext with the board verification ciphertext corresponding to the board verification key.
[0100] The step of determining whether to allow access to the target board based on the board access ciphertext and the board verification ciphertext corresponding to the board verification key includes:
[0101] Step D10: According to the board ciphertext storage rules, obtain the board verification ciphertext corresponding to the board verification key in the ciphertext storage sub-area of the preset storage area;
[0102] Step D20: Check whether the board access ciphertext and the board verification ciphertext are consistent;
[0103] Step D30: If yes, then access to the target board is permitted;
[0104] Step D40: If not, access to the target board is not allowed.
[0105] In this embodiment, it should be noted that since the target board has been encrypted through corresponding logical operations before being decrypted, the board verification ciphertext can be read directly from the ciphertext storage sub-area of the preset storage area. By comparing the consistency between the board verification ciphertext and the board access ciphertext, it is determined whether access to the target board is allowed. The board verification ciphertext is obtained by operating on the board verification key.
[0106] As an example, steps D10 to D40 include: reading the board verification ciphertext corresponding to the board verification key in the ciphertext storage sub-area according to the board ciphertext storage rules; detecting whether the board access ciphertext and the board verification ciphertext are consistent; if the board access ciphertext and the board verification ciphertext are consistent, access to the target board is allowed; if the board access ciphertext and the board verification ciphertext are inconsistent, access to the target board is not allowed, and the current state of the target board is switched to the board self-locking state. Since the board verification ciphertext is determined by the board identifier and the board verification key, even if the board FPGA program and the data in the preset storage area are copied, the board access ciphertext and the board verification ciphertext will be inconsistent due to the different board identifiers between the boards, thus failing the access verification. Therefore, the verification cost of board access verification is reduced.
[0107] The board access verification method further includes:
[0108] Step E10: If the target board is found to have the board verification key, then generate the board interference key;
[0109] Step E20: According to the second board key storage rule, the board interference key is stored in the preset storage area to obtain the second key storage sub-area for storing the board interference key.
[0110] In this embodiment, it should be noted that, to improve the security of access verification, a board interference key can be set in the key storage sub-area of the target board. Therefore, the key storage sub-area can be divided into a first key storage sub-area and a second key storage sub-area. The first key storage sub-area is used to store the board verification key, and the second key storage sub-area is used to store the board interference key. The board interference key is used to characterize the interference key when reading the board verification key; specifically, it can be a random number. If the key read after the FPGA powers on is the board interference key, due to the difference between the first key storage rules and the second key storage rules, ... This indicates that the access is insecure, and access to the target board is therefore not allowed. Furthermore, the board interference key is generated when the target board has a board verification key. When the preset storage area needs to store the board verification ciphertext, the board interference key, and the board verification key, according to the non-conflict principle of storage rules, the board verification ciphertext, the board interference key, and the board verification key can be stored in three different storage sub-areas of the preset storage area respectively. After the board verification ciphertext, the board interference key, and the board verification key are stored in these three different storage sub-areas respectively, these three areas are the ciphertext storage sub-area, the second key storage sub-area, and the first key storage sub-area.
[0111] As an example, steps E10 to E20 include: generating a board interference key when storing the initial key of the target board in the first key storage sub-region; and storing the board interference key in the preset storage area according to the second board key storage rule to obtain the second key storage sub-region storing the board interference key.
[0112] This application provides a board access verification method, which involves obtaining a board verification key corresponding to a target board; decrypting the target board based on its board identifier and the board verification key to obtain board access ciphertext; and determining whether access to the target board is permitted based on the board access ciphertext and the board verification ciphertext corresponding to the board verification key. In other words, it achieves the purpose of determining whether access to the target board is permitted using the board access ciphertext and the board verification ciphertext. Since the board access ciphertext and board verification ciphertext do not rely on an encryption chip as a carrier, board access verification can be performed based on the board's existing hardware resources, rather than relying on the encryption chip's own algorithm for security verification. This overcomes the technical drawback of needing to add hardware resources to protect board data security because the encryption chip is not inherent to the board hardware, thus reducing the verification cost of board access verification.
[0113] Example 2
[0114] Furthermore, referring to Figure 2 In another embodiment of this application, content that is the same as or similar to that in Embodiment 1 above can be referred to the above description and will not be repeated hereafter. Based on this, the step of storing the board verification ciphertext in other storage sub-regions of the preset storage area, excluding the first key storage sub-region, according to the board ciphertext storage rules, to obtain the ciphertext storage sub-region for storing the board verification ciphertext includes:
[0115] Step F10: Determine the board type of the target board based on the board identifier;
[0116] Step F20: Based on the board type, query the corresponding board encrypted storage rule in the preset board encrypted storage rule library;
[0117] Step F30: According to the board ciphertext storage rules, store the board verification ciphertext in other storage sub-areas of the preset storage area besides the first key storage sub-area to obtain the ciphertext storage sub-area.
[0118] In this embodiment, it should be noted that if all boards use the same encrypted storage rule, then when the encrypted storage rule is leaked, all boards face the risk of low security in board access verification. If a different encrypted storage rule is set for each board, the cost and difficulty of board management will exceed expectations. Therefore, a compatible approach is needed to ensure that the access verification security of all boards is low, while the cost and difficulty of management are in line with expectations. Since boards can be divided into different types of boards due to different uses or application areas, such as marking boards and soldering boards, a set of encrypted storage rules can be set for different types of boards according to the differences in uses or application areas. For example, assuming there are 500 soldering boards A and 1000 marking boards B, a set of encrypted storage rules can be set for soldering boards A and marking boards B respectively. That is, the encrypted storage rules used by the 500 soldering boards are different from those used by the 1000 marking boards.
[0119] Additionally, it should be noted that the preset board encrypted storage rule base stores multiple sets of board encrypted storage rules. There is a mapping relationship between the target board type and the board encrypted storage rules. For example, board type C corresponds to board encrypted storage rule 1, and board type D corresponds to board encrypted storage rule 2. When the corresponding board encrypted storage rule is found, the board verification ciphertext is stored according to the board encrypted storage rule so that the security of access can be verified by the board verification ciphertext during subsequent board access verification.
[0120] As an example, steps F10 to F30 include: using the board identifier of the target board as an index, querying the board type of the target board in a preset type mapping table, wherein the preset type mapping table stores the mapping relationship between board identifiers and board types, for example, board identifier "0" corresponds to a first type board and board identifier "1" corresponds to a second type board; according to the board type, querying the corresponding board ciphertext storage rule in a preset board ciphertext storage rule base; and according to the board ciphertext storage rule, storing the board verification ciphertext in other storage sub-areas of the preset storage area other than the first key storage sub-area, to obtain the ciphertext storage sub-area.
[0121] This application provides a method for storing encrypted verification data on a circuit board. Specifically, based on the circuit board identifier, the circuit board type of the target circuit board is determined; based on the circuit board type, a corresponding circuit board encrypted text storage rule is queried from a preset circuit board encrypted text storage rule base; and according to the circuit board encrypted text storage rule, the encrypted verification data is stored in a storage sub-area other than the first key storage sub-area within the preset storage area, thus obtaining the encrypted text storage sub-area. Compared to a storage method that uses only the same circuit board encrypted text storage rule to store encrypted verification data on different circuit boards, this application, when storing encrypted verification data, uses the circuit board identifier and circuit board type to match different circuit board encrypted text storage rules for different types of circuit boards, thereby storing the encrypted verification data. This avoids the problem of leakage of circuit board storage rules affecting the encryption security of all types of circuit boards, thus improving the encryption security of the circuit boards with a certain management cost.
[0122] Example 3
[0123] This application also provides a board access verification device, referring to... Figure 3 The board access verification device includes:
[0124] Module 101 is used to obtain the board verification key corresponding to the target board.
[0125] The decryption module 102 is used to decrypt the target board based on the board identifier and the board verification key to obtain the board access ciphertext.
[0126] The determination module 103 is used to determine whether access to the target board is allowed based on the board access ciphertext and the board verification ciphertext corresponding to the board verification key.
[0127] Optionally, the determining module 103 is further configured to:
[0128] According to the board ciphertext storage rules, obtain the board verification ciphertext corresponding to the board verification key in the ciphertext storage sub-area of the preset storage area;
[0129] Check whether the board access ciphertext and the board verification ciphertext are consistent;
[0130] If so, then access to the target board is permitted;
[0131] If not, access to the target board is not permitted.
[0132] Optionally, the acquisition module 101 is further configured to:
[0133] When an access request from the first host computer to access the target board is detected, the first key storage rule is obtained;
[0134] According to the first key storage rule, the board verification key corresponding to the target board is obtained in the key storage sub-area of the preset storage area.
[0135] Optionally, the board access verification device is further used for:
[0136] Detect whether the board verification key exists in the preset storage area;
[0137] If not, access to the target board is not permitted.
[0138] Optionally, the board access verification device is further used for:
[0139] Obtain the target board's board identifier and the initial board key sent by the second host computer;
[0140] According to the first key storage rule, the initial key of the board is stored in a preset storage area to obtain the first key storage sub-area for storing the board verification key;
[0141] Based on the board verification key and the board identifier, the target board is encrypted to obtain the board verification ciphertext of the target board;
[0142] According to the board ciphertext storage rules, the board verification ciphertext is stored in other storage sub-areas of the preset storage area besides the first key storage sub-area, to obtain the ciphertext storage sub-area for storing the board verification ciphertext.
[0143] Optionally, the board access verification device is further used for:
[0144] Based on the board identifier, determine the board type of the target board;
[0145] Based on the board type, query the corresponding board encrypted storage rule in the preset board encrypted storage rule library;
[0146] According to the board ciphertext storage rules, the board verification ciphertext is stored in other storage sub-regions of the preset storage area besides the first key storage sub-region, to obtain the ciphertext storage sub-region.
[0147] Optionally, the board access verification device is further used for:
[0148] If the target board is found to contain the board verification key, a board interference key is generated.
[0149] According to the second board key storage rule, the board interference key is stored in the preset storage area to obtain the second key storage sub-area for storing the board interference key.
[0150] The board access verification device provided by this invention, employing the board access verification method in the above embodiments, solves the technical problem of high verification cost for board access verification. Compared with the prior art, the beneficial effects of the board access verification device provided by this invention are the same as those of the board access verification method provided in the above embodiments, and other technical features in this board access verification device are the same as those disclosed in the methods of the above embodiments, and will not be repeated here.
[0151] Example 4
[0152] This invention provides an electronic device, which includes: at least one processor; and a memory communicatively connected to the at least one processor; wherein the memory stores instructions executable by the at least one processor, which are executed by the at least one processor to enable the at least one processor to perform the board access verification method in Embodiment 1 above.
[0153] The following is for reference. Figure 4 The diagram illustrates a structural schematic of an electronic device suitable for implementing embodiments of the present disclosure. The electronic devices in the embodiments of the present disclosure may include, but are not limited to, mobile terminals such as mobile phones, laptops, digital broadcast receivers, PDAs (personal digital assistants), PADs (tablet computers), PMPs (portable multimedia players), in-vehicle terminals (e.g., in-vehicle navigation terminals), and fixed terminals such as digital TVs and desktop computers. Figure 4 The electronic device shown is merely an example and should not be construed as limiting the functionality and scope of the embodiments disclosed herein.
[0154] like Figure 4 As shown, the electronic device may include a processing unit 1001 (e.g., a central processing unit, a graphics processor, etc.) that can perform various appropriate actions and processes according to a program stored in a read-only memory (ROM) 1002 or a program loaded from a storage device 1003 into a random access memory (RAM) 1004. The RAM 1004 also stores various programs and data required for the operation of the electronic device. The processing unit 1001, ROM 1002, and RAM 1004 are interconnected via a bus 1005. An input / output (I / O) interface 1006 is also connected to the bus.
[0155] Typically, the following systems can be connected to I / O interface 1006: input devices 1007 including, for example, touchscreens, touchpads, keyboards, mice, image sensors, microphones, accelerometers, gyroscopes, etc.; output devices 1008 including, for example, liquid crystal displays (LCDs), speakers, vibrators, etc.; storage devices 1003 including, for example, magnetic tapes, hard disks, etc.; and communication devices 1009. The communication devices allow electronic devices to communicate wirelessly or wiredly with other devices to exchange data. Although electronic devices with various systems are shown in the figures, it should be understood that it is not required to implement or possess all the systems shown. More or fewer systems may be implemented alternatively.
[0156] In particular, according to embodiments of this disclosure, the processes described above with reference to the flowcharts can be implemented as computer software programs. For example, embodiments of this disclosure include a computer program product comprising a computer program carried on a computer-readable medium, the computer program containing program code for performing the methods shown in the flowcharts. In such embodiments, the computer program can be downloaded and installed from a network via communication device 1009, or installed from storage device 1003, or installed from ROM 1002. When the computer program is executed by processing device 1001, it performs the functions defined in the methods of embodiments of this disclosure.
[0157] The electronic device provided by this invention employs the board access verification method in the above embodiments, solving the technical problem of high verification cost for board access verification. Compared with the prior art, the beneficial effects of the electronic device provided by the embodiments of this invention are the same as those of the board access verification method provided in the above embodiments, and other technical features of this electronic device are the same as those disclosed in the methods of the above embodiments, and will not be repeated here.
[0158] It should be understood that various parts of this disclosure can be implemented using hardware, software, firmware, or a combination thereof. In the description of the above embodiments, specific features, structures, materials, or characteristics may be combined in any suitable manner in one or more embodiments or examples.
[0159] The above description is merely a specific embodiment of the present invention, but the scope of protection of the present invention is not limited thereto. Any variations or substitutions that can be easily conceived by those skilled in the art within the technical scope disclosed in the present invention should be included within the scope of protection of the present invention. Therefore, the scope of protection of the present invention should be determined by the scope of the claims.
[0160] Example 5
[0161] This embodiment provides a computer-readable storage medium having computer-readable program instructions stored thereon, which are used to execute the board access verification method in the above embodiment.
[0162] The computer-readable storage medium provided in this embodiment of the invention may be, for example, a USB flash drive, but is not limited to, an electrical, magnetic, optical, electromagnetic, infrared, or semiconductor system, device, or any combination thereof. More specific examples of a computer-readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer disk, a hard disk, random access memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), optical storage device, magnetic storage device, or any suitable combination thereof. In this embodiment, the computer-readable storage medium may be any tangible medium containing or storing a program that can be used by or in conjunction with an instruction execution system, system, or device. The program code contained on the computer-readable storage medium may be transmitted using any suitable medium, including but not limited to: wires, optical cables, RF (radio frequency), etc., or any suitable combination thereof.
[0163] The aforementioned computer-readable storage medium may be included in an electronic device or may exist independently without being assembled into an electronic device.
[0164] The aforementioned computer-readable storage medium carries one or more programs. When the aforementioned one or more programs are executed by an electronic device, the electronic device causes the electronic device to: obtain a board verification key corresponding to a target board; decrypt the target board based on the board identifier of the target board and the board verification key to obtain board access ciphertext; and determine whether access to the target board is permitted based on the board access ciphertext and the board verification ciphertext corresponding to the board verification key.
[0165] Computer program code for performing the operations of this disclosure can be written in one or more programming languages or a combination thereof, including object-oriented programming languages such as Java, Smalltalk, and C++, and conventional procedural programming languages such as the "C" language or similar programming languages. The program code can be executed entirely on the user's computer, partially on the user's computer, as a standalone software package, partially on the user's computer and partially on a remote computer, or entirely on a remote computer or server. In cases involving remote computers, the remote computer can be connected to the user's computer via any type of network—including a local area network (LAN) or a wide area network (WAN)—or can be connected to an external computer (e.g., via the Internet using an Internet service provider).
[0166] The flowcharts and block diagrams in the accompanying drawings illustrate the architecture, functionality, and operation of possible implementations of systems, methods, and computer program products according to various embodiments of the present invention. In this regard, each block in a flowchart or block diagram may represent a module, segment, or portion of code containing one or more executable instructions for implementing a specified logical function. It should also be noted that in some alternative implementations, the functions indicated in the blocks may occur in a different order than those indicated in the drawings. For example, two consecutively indicated blocks may actually be executed substantially in parallel, and they may sometimes be executed in reverse order, depending on the functions involved. It should also be noted that each block in the block diagrams and / or flowcharts, and combinations of blocks in the block diagrams and / or flowcharts, can be implemented using a dedicated hardware-based system that performs the specified function or operation, or using a combination of dedicated hardware and computer instructions.
[0167] The modules described in the embodiments of this disclosure can be implemented in software or hardware. The names of the modules do not necessarily limit the functionality of the unit itself.
[0168] The computer-readable storage medium provided by this invention stores computer-readable program instructions for executing the above-described board access verification method, thus solving the technical problem of high verification cost in board access verification. Compared with the prior art, the beneficial effects of the computer-readable storage medium provided in the embodiments of this invention are the same as the beneficial effects of the board access verification method provided in the above embodiments, and will not be repeated here.
[0169] Example 6
[0170] This application also provides a computer program product, including a computer program that, when executed by a processor, implements the steps of the board access verification method described above.
[0171] The computer program product provided in this application solves the technical problem of high verification cost for board access verification. Compared with the prior art, the beneficial effects of the computer program product provided in the embodiments of this invention are the same as the beneficial effects of the board access verification method provided in the above embodiments, and will not be repeated here.
[0172] The above are merely preferred embodiments of this application and do not limit the patent scope of this application. Any equivalent structural or procedural transformations made using the content of this application's specification and drawings, or direct or indirect applications in other related technical fields, are similarly included within the patent scope of this application.
Claims
1. A method for verifying board access, characterized in that, The board access verification method includes: Obtain the board verification key corresponding to the target board, wherein, before the step of obtaining the board verification key corresponding to the target board, the board access verification method further includes: Obtain the target board's board identifier and the initial board key sent by the second host computer; According to the first key storage rule, the initial key of the board is stored in a preset storage area to obtain the first key storage sub-area for storing the board verification key; Based on the board verification key and the board identifier, the target board is encrypted to obtain the board verification ciphertext of the target board; According to the board ciphertext storage rules, the board verification ciphertext is stored in other storage sub-areas of the preset storage area except for the first key storage sub-area, to obtain the ciphertext storage sub-area for storing the board verification ciphertext; Based on the target board's board identifier and the board verification key, the target board is decrypted to obtain the board access ciphertext; Based on the board access ciphertext and the board verification ciphertext corresponding to the board verification key, determine whether access to the target board is permitted.
2. The board access verification method as described in claim 1, characterized in that, The step of determining whether to allow access to the target board based on the board access ciphertext and the board verification ciphertext corresponding to the board verification key includes: According to the board ciphertext storage rules, obtain the board verification ciphertext corresponding to the board verification key in the ciphertext storage sub-area of the preset storage area; Check whether the board access ciphertext and the board verification ciphertext are consistent; If so, then access to the target board is permitted; If not, access to the target board is not permitted.
3. The board access verification method as described in claim 2, characterized in that, The steps for obtaining the board verification key corresponding to the target board include: When an access request from the first host computer to access the target board is detected, the first key storage rule is obtained; According to the first key storage rule, the board verification key corresponding to the target board is obtained in the key storage sub-area of the preset storage area.
4. The board access verification method as described in claim 3, characterized in that, Before the step of obtaining the board verification key corresponding to the target board in the key storage sub-region of the preset storage area according to the first key storage rule, the board access verification method further includes: Detect whether the board verification key exists in the preset storage area; If not, access to the target board is not permitted.
5. The board access verification method as described in claim 1, characterized in that, The step of storing the board verification ciphertext in a storage sub-region other than the first key storage sub-region in the preset storage area according to the board ciphertext storage rules, to obtain the ciphertext storage sub-region for storing the board verification ciphertext, includes: Based on the board identifier, determine the board type of the target board; Based on the board type, query the corresponding board encrypted storage rule in the preset board encrypted storage rule library; According to the board ciphertext storage rules, the board verification ciphertext is stored in other storage sub-regions of the preset storage area besides the first key storage sub-region, to obtain the ciphertext storage sub-region.
6. The board access verification method as described in claim 1, characterized in that, The board access verification method also includes: If the target board is found to contain the board verification key, a board interference key is generated. According to the second board key storage rule, the board interference key is stored in the preset storage area to obtain the second key storage sub-area for storing the board interference key.
7. A board access verification device, characterized in that, The board access verification device includes: The acquisition module is used to obtain the board verification key corresponding to the target board. The decryption module is used to decrypt the target board based on the board identifier and the board verification key to obtain the board access ciphertext. The determination module is used to determine whether access to the target board is allowed based on the board access ciphertext and the board verification ciphertext corresponding to the board verification key; The board access verification device is also used to: obtain the board identifier of the target board and the initial board key sent by the second host computer; According to the first key storage rule, the initial key of the board is stored in a preset storage area to obtain the first key storage sub-area for storing the board verification key; Based on the board verification key and the board identifier, the target board is encrypted to obtain the board verification ciphertext of the target board; According to the board ciphertext storage rules, the board verification ciphertext is stored in other storage sub-areas of the preset storage area besides the first key storage sub-area, to obtain the ciphertext storage sub-area for storing the board verification ciphertext.
8. An electronic device, characterized in that, The electronic device includes: At least one processor; and, A memory communicatively connected to the at least one processor; wherein, The memory stores instructions that can be executed by the at least one processor, which, when executed by the at least one processor, enables the at least one processor to perform the steps of the board access verification method according to any one of claims 1 to 6.
9. A computer-readable storage medium, characterized in that, The computer-readable storage medium stores a program that implements the board access verification method, the program being executed by a processor to implement the steps of the board access verification method as described in any one of claims 1 to 6.