Authentication method and device, computer device, storage medium and program product

By constructing and encrypting machine code files, and combining this with methods for parsing and decrypting software product data packets, the machine running the dynamic library is authenticated. This solves the problem of illegal distribution of dynamic libraries and ensures the security and confidentiality of the dynamic libraries.

CN122241655APending Publication Date: 2026-06-19DAWNING NETWORK TECH CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
DAWNING NETWORK TECH CO LTD
Filing Date
2024-12-11
Publication Date
2026-06-19

AI Technical Summary

Technical Problem

How to authenticate the machines running dynamic libraries to prevent the unauthorized dissemination of dynamic libraries and ensure the security and confidentiality of software products.

Method used

By constructing the machine code file of the target machine, generating a symmetric key using a pseudo-random number generator, encrypting the machine code, and parsing and decrypting the software product data package on an authorized machine, authentication is performed based on the parsing and decryption results to ensure that the dynamic library only runs on the successfully authenticated target machine.

Benefits of technology

It ensures the security and confidentiality of dynamic libraries, prevents their unauthorized distribution, and guarantees the security and integrity of software products.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122241655A_ABST
    Figure CN122241655A_ABST
Patent Text Reader

Abstract

This application relates to an authentication method, apparatus, computer equipment, storage medium, and program product. The method includes: constructing a machine code file for the target machine based on its basic information; sending the machine code file to an authorized machine; receiving a software product data packet from the authorized machine; and authenticating the target machine's carrying capacity based on the software product data packet to obtain an authentication result. The machine code file is used to instruct the authorized machine to generate the software product data packet based on the machine code file and the target dynamic library. This application provides a method for authenticating machines running dynamic libraries. Through the participation of both the target machine and the authorized machine, it ensures that the dynamic library of the software product can run on the successfully authenticated target machine, preventing the unauthorized dissemination of the dynamic library and thus guaranteeing its security and confidentiality.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application relates to the field of software security technology, and in particular to an authentication method, apparatus, computer equipment, storage medium, and program product. Background Technology

[0002] With the development of technology and the continuous improvement of user demands, software products for various devices are also constantly being updated and iterated. Currently, software products are mostly distributed to corresponding machines in the form of dynamic libraries. To prevent dynamic libraries from being spread illegally and indiscriminately, it is necessary to authenticate the machines that run dynamic libraries. That is, dynamic libraries should only be distributed on machines that have passed the authentication process to ensure the security of software product distribution.

[0003] Therefore, how to authenticate the machines running dynamic libraries has become an important research direction. Summary of the Invention

[0004] Therefore, it is necessary to provide a method, apparatus, computer equipment, storage medium, and program product that can authenticate the carrying capacity of a machine running a dynamic library, addressing the aforementioned technical problems.

[0005] Firstly, this application provides an authentication method applied to a target machine, comprising:

[0006] Based on the basic information of the target machine, construct the machine code file of the target machine;

[0007] The machine code file is sent to the authorized machine; the machine code file is used to instruct the authorized machine to generate a software product data package based on the machine code file and the target dynamic library.

[0008] Receive software product data packets sent by the authorized machine, and authenticate the carrying capacity of the target machine based on the software product data packets to obtain the authentication result.

[0009] This application provides a method for authenticating the machine running a dynamic library. By involving both the target machine and the authorized machine, it ensures that the dynamic library of the software product can run on the successfully authenticated target machine, thereby preventing the unauthorized dissemination of the dynamic library and ensuring its security and confidentiality.

[0010] In one embodiment, constructing the machine code file of the target machine based on the basic information of the target machine includes:

[0011] Based on the basic information of the target machine, construct the first machine code of the target machine;

[0012] The first machine code is encrypted to obtain the machine code file.

[0013] The machine code file acquisition method provided in this application embodiment requires encrypting the machine code when the target machine generates the machine code file to ensure the security and confidentiality of the machine code transmitted to the authorized machine, thereby ensuring the integrity and accuracy of the machine code file received by the authorized machine.

[0014] In one embodiment, the above-described encryption process for the first machine code to obtain a machine code file includes:

[0015] Generate the first symmetric key for the target machine based on the random parameters in the target machine;

[0016] Based on the identification information of the machine code file and the first symmetric key, the first machine code is encrypted to obtain the machine code file.

[0017] The machine code file acquisition method provided in this application embodiment generates a symmetric key using a pseudo-random number generator, calculates a hash value for the key and machine code using a one-way hash function, and encrypts the machine code and hash value using the key, thereby ensuring the confidentiality and integrity of the machine code file and providing a foundation for the integrity of the machine code file received by the authorized machine in the future.

[0018] In one embodiment, the above-mentioned encryption of the first machine code based on the identification information of the machine code file and the first symmetric key to obtain the machine code file includes:

[0019] A one-way hash function is applied to the first machine code and the first symmetric key to obtain the first hash value of the first machine code and the first symmetric key;

[0020] Based on the first symmetric key, the first machine code and the first hash value are encrypted to obtain the encrypted first machine code and the encrypted first hash value.

[0021] The first symmetric key, the identification information, the encrypted first machine code, and the encrypted first hash value are combined to obtain the machine code file.

[0022] The machine code file acquisition method provided in this application embodiment generates a symmetric key using a pseudo-random number generator, calculates a hash value for the key and machine code using a one-way hash function, and encrypts the machine code and hash value using the key, thereby ensuring the confidentiality and integrity of the machine code file and providing a foundation for the integrity of the machine code file received by the authorized machine in the future.

[0023] In one embodiment, the authentication of the target machine's carrying capacity based on the software product data package to obtain the authentication result includes:

[0024] The software product data package is parsed to obtain the target dynamic library and the corresponding license file for the machine code file;

[0025] The authorization file is decrypted to obtain the decrypted information;

[0026] Load the target dynamic library onto the target machine and generate the second machine code;

[0027] The target machine's carrying capacity is authenticated based on the decrypted information and the second machine code, and the authentication result is obtained.

[0028] The authentication method provided in this application embodiment authenticates the target machine by parsing and decrypting the software product data packet, and based on the parsing and decryption results, ensures the security and confidentiality of the software product data packet transmitted by the authorized machine.

[0029] In one embodiment, the above-described decryption process of the authorization file to obtain decrypted information includes:

[0030] The authorization file is decomposed to obtain the third machine code, the second hash value, and the second symmetric key;

[0031] The third machine code, the second hash value, and the second symmetric key are decrypted respectively to obtain the fourth machine code, the third hash value, and the third symmetric key;

[0032] A one-way hash function is performed based on the third symmetric key and the fourth machine code to obtain the fourth hash value.

[0033] The decryption method for the authorization file provided in this application provides a data foundation for subsequent authentication of the target machine based on the decrypted information.

[0034] In one embodiment, the authentication of the target machine's carrying capacity based on the decrypted information and the second machine code, to obtain the authentication result, includes:

[0035] Determine whether the third hash value and the fourth hash value are the same;

[0036] Determine whether the second machine code and the fourth machine code are the same;

[0037] If the third and fourth hash values ​​are the same, and the second and fourth machine codes are the same, the authentication result indicates that the target machine has been successfully authenticated.

[0038] The authentication method provided in this application embodiment authenticates the target machine by parsing and decrypting the software product data packet, and based on the parsing and decryption results, ensures the security and confidentiality of the software product data packet transmitted by the authorized machine.

[0039] Secondly, this application provides an authentication method applied to an authorized machine, including:

[0040] Receive machine code files sent by the target machine and obtain the target dynamic library;

[0041] Generate a software product data package based on the machine code file and the target dynamic library;

[0042] The software product data package is sent to the target machine; the software product data package is used to instruct the target machine to authenticate the target machine's carrying capacity based on the software product data package and obtain the authentication result.

[0043] This application provides a method for authenticating the machine running a dynamic library. By involving both the target machine and the authorized machine, it ensures that the dynamic library of the software product can run on the successfully authenticated target machine, thereby preventing the unauthorized dissemination of the dynamic library and ensuring its security and confidentiality.

[0044] In one embodiment, the process of generating a software product data package based on the machine code file and the target dynamic library includes:

[0045] The machine code file is parsed to obtain the fifth machine code of the target machine;

[0046] The fifth machine code is encrypted to generate an authorization file corresponding to the fifth machine code;

[0047] The target dynamic library and license file are merged to obtain the software product data package.

[0048] The method for obtaining software product data packages provided in this application embodiment obtains an authorization file by encrypting the machine code, and obtains the software product data package based on the dynamic library and the authorization file, providing a data foundation for subsequent authentication of the target machine based on the software product data package.

[0049] In one embodiment, the above-mentioned encryption of the fifth machine code to generate an authorization file corresponding to the fifth machine code includes:

[0050] Generate a third symmetric key for the authorized machine based on random parameters in the authorized machine;

[0051] The third symmetric key and the fifth machine code are encrypted to obtain the third machine code and the second hash value;

[0052] The third symmetric key is encrypted based on the first preset private key to obtain the second symmetric key.

[0053] Perform digital signature processing on the second preset private key and the first preset public key to generate a digital certificate;

[0054] The authorization file is obtained based on the preset authorization file identifier, the third machine code, the second hash value, the second symmetric key, and the digital certificate.

[0055] The authorization file acquisition method provided in this application embodiment obtains the authorization file by encrypting the machine code, providing a data foundation for subsequent authentication of the target machine based on the authorization software.

[0056] In one embodiment, the above-described encryption process of the third symmetric key and the fifth machine code to obtain the third machine code and the second hash value includes:

[0057] The fifth machine code and the third symmetric key are processed by a one-way hash function to obtain the fifth hash value of the fifth machine code and the third symmetric key;

[0058] Based on the third symmetric key, the fifth machine code and the fifth hash value are encrypted to obtain the third machine code and the second hash value.

[0059] The authorization file acquisition method provided in this application embodiment obtains the authorization file by encrypting the machine code, providing a data foundation for subsequent authentication of the target machine based on the authorization software.

[0060] Thirdly, this application also provides an authentication device, comprising:

[0061] The build module is used to construct the machine code file of the target machine based on the basic information of the target machine;

[0062] The sending module is used to send the machine code file to the authorized machine; the machine code file is used to instruct the authorized machine to generate a software product data package based on the machine code file and the target dynamic library;

[0063] The authentication module is used to receive software product data packets sent by authorized machines, and to authenticate the carrying capacity of the target machine based on the software product data packets, and obtain the authentication result.

[0064] Fourthly, this application also provides an authentication device, comprising:

[0065] The receiving module is used to receive machine code files sent by the target machine and to obtain the target dynamic library;

[0066] The generation module is used to generate software product data packages based on machine code files and target dynamic libraries;

[0067] The sending module is used to send the software product data packet to the target machine; the software product data packet is used to instruct the target machine to authenticate the target machine's carrying capacity based on the software product data packet and obtain the authentication result.

[0068] Fifthly, this application also provides a computer device, including a memory and a processor, wherein the memory stores a computer program, and the processor executes the computer program to perform the following steps:

[0069] Based on the basic information of the target machine, construct the machine code file of the target machine;

[0070] The machine code file is sent to the authorized machine; the machine code file is used to instruct the authorized machine to generate a software product data package based on the machine code file and the target dynamic library.

[0071] Receive software product data packets sent by the authorized machine, and authenticate the carrying capacity of the target machine based on the software product data packets to obtain the authentication result.

[0072] Sixthly, this application also provides a computer device, including a memory and a processor, wherein the memory stores a computer program, and the processor executes the computer program to perform the following steps:

[0073] Receive machine code files sent by the target machine and obtain the target dynamic library;

[0074] Generate a software product data package based on the machine code file and the target dynamic library;

[0075] The software product data package is sent to the target machine; the software product data package is used to instruct the target machine to authenticate the target machine's carrying capacity based on the software product data package and obtain the authentication result.

[0076] Seventhly, this application also provides a computer-readable storage medium having a computer program stored thereon, which, when executed by a processor, performs the following steps:

[0077] Based on the basic information of the target machine, construct the machine code file of the target machine;

[0078] The machine code file is sent to the authorized machine; the machine code file is used to instruct the authorized machine to generate a software product data package based on the machine code file and the target dynamic library.

[0079] Receive software product data packets sent by the authorized machine, and authenticate the carrying capacity of the target machine based on the software product data packets to obtain the authentication result.

[0080] Eighthly, this application also provides a computer-readable storage medium having a computer program stored thereon, which, when executed by a processor, performs the following steps:

[0081] Receive machine code files sent by the target machine and obtain the target dynamic library;

[0082] Generate a software product data package based on the machine code file and the target dynamic library;

[0083] The software product data package is sent to the target machine; the software product data package is used to instruct the target machine to authenticate the target machine's carrying capacity based on the software product data package and obtain the authentication result.

[0084] Ninthly, this application also provides a computer program product, including a computer program that, when executed by a processor, performs the following steps:

[0085] Based on the basic information of the target machine, construct the machine code file of the target machine;

[0086] The machine code file is sent to the authorized machine; the machine code file is used to instruct the authorized machine to generate a software product data package based on the machine code file and the target dynamic library.

[0087] Receive software product data packets sent by the authorized machine, and authenticate the carrying capacity of the target machine based on the software product data packets to obtain the authentication result.

[0088] In a tenth aspect, this application also provides a computer program product, including a computer program that, when executed by a processor, performs the following steps:

[0089] Receive machine code files sent by the target machine and obtain the target dynamic library;

[0090] Generate a software product data package based on the machine code file and the target dynamic library;

[0091] The software product data package is sent to the target machine; the software product data package is used to instruct the target machine to authenticate the target machine's carrying capacity based on the software product data package and obtain the authentication result.

[0092] The aforementioned authentication method, apparatus, computer equipment, storage medium, and program product provide a method for authenticating machines running dynamic libraries. By involving both the target machine and the authorized machine, it ensures that the dynamic library of the software product can run on the successfully authenticated target machine, preventing the unauthorized dissemination of the dynamic library and thus guaranteeing the security and confidentiality of the dynamic library. Attached Figure Description

[0093] To more clearly illustrate the technical solutions in the embodiments of this application or related technologies, the drawings used in the description of the embodiments of this application or related technologies will be briefly introduced below. Obviously, the drawings described below are only some embodiments of this application. For those skilled in the art, other related drawings can be obtained based on these drawings without creative effort.

[0094] Figure 1 This is a diagram illustrating the application environment of the authentication method in one embodiment;

[0095] Figure 2 This is a flowchart illustrating the authentication method in one embodiment;

[0096] Figure 3 This is a flowchart illustrating the authentication method in another embodiment;

[0097] Figure 4 This is a flowchart illustrating the authentication method in another embodiment;

[0098] Figure 5 This is a flowchart illustrating the authentication method in another embodiment;

[0099] Figure 6 This is a schematic diagram of a method for generating machine code files in one embodiment;

[0100] Figure 7 This is a flowchart illustrating the authentication method in another embodiment;

[0101] Figure 8 This is a flowchart illustrating the authentication method in another embodiment;

[0102] Figure 9 This is a flowchart illustrating the authentication method in another embodiment;

[0103] Figure 10 This is a flowchart illustrating the authentication method for the target machine in one embodiment;

[0104] Figure 11 This is a flowchart illustrating the authentication method in another embodiment;

[0105] Figure 12 This is a flowchart illustrating the authentication method in another embodiment;

[0106] Figure 13 This is a flowchart illustrating the authentication method in another embodiment;

[0107] Figure 14 This is a flowchart illustrating the authentication method in another embodiment;

[0108] Figure 15 This is a schematic diagram illustrating a method for generating a software product data package in one embodiment;

[0109] Figure 16 This is a flowchart illustrating the authentication method in another embodiment;

[0110] Figure 17 This is a structural block diagram of the authentication device in one embodiment;

[0111] Figure 18 This is a structural block diagram of the authentication device in another embodiment;

[0112] Figure 19 This is an internal structural diagram of a computer device in one embodiment. Detailed Implementation

[0113] To make the objectives, technical solutions, and advantages of this application clearer, the following detailed description is provided in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative and not intended to limit the scope of this application.

[0114] With the development of technology and the continuous improvement of user demands, software products for various devices are also constantly being updated and iterated. Currently, software products are mostly distributed to corresponding machines in the form of dynamic libraries. To prevent dynamic libraries from being spread illegally and indiscriminately, it is necessary to authenticate the machines that run dynamic libraries. That is, dynamic libraries should only be distributed on machines that have passed the authentication process to ensure the security of software product distribution.

[0115] Therefore, how to authenticate machines running dynamic libraries has become an important research direction. This application aims to provide a method for authenticating machines running dynamic libraries.

[0116] Having described the background technology of the authentication method provided in the embodiments of this application, the implementation environment involved in the authentication method provided in the embodiments of this application will be briefly described below. The authentication method provided in the embodiments of this application can be applied to, for example... Figure 1 The application environment shown. See also... Figure 1 This includes a target machine 10 and an authorized machine 20. The authorized machine 20 is the machine where the developers are working on the software product, and the target machine 10 is the machine that will receive the dynamic libraries of the software product. Optionally, after the authorized machine 20 completes the development of the software product, it needs to authenticate the target machine 10 that hosts the dynamic libraries to determine if it has the capability to host them. If the target machine 10 does, the dynamic libraries are published on it; otherwise, they are not. It should be noted that the target machine 10 can be one or multiple. That is, after the authorized machine 20 completes the development of the software product, it can publish the dynamic libraries to one target machine 10 or multiple target machines 10.

[0117] Those skilled in the art will understand that Figure 1The structure shown is merely a block diagram of a portion of the structure related to the present application and does not constitute a limitation on the computer device to which the present application is applied. A specific terminal may include more or fewer components than those shown in the figure, or combine certain components, or have different component arrangements.

[0118] After introducing the application scenarios of the authentication method provided in the embodiments of this application above, the authentication method described in this application will be described in detail below.

[0119] In one embodiment, such as Figure 2 As shown, an authentication method is provided, which can be applied to... Figure 1 Taking target machine 10 as an example, the explanation includes the following steps:

[0120] S201. Based on the basic information of the target machine, construct the machine code file of the target machine.

[0121] The basic information of the target machine includes the CPU identification information, the MAC address of the media access control system, and the identification information of the hard drive.

[0122] In this embodiment of the application, when it is necessary to authenticate the ability of the target machine to host the dynamic library of the software product, the CPU identification information, MAC address and hard disk identification information of the target machine can be determined first, and the CPU identification information, MAC address and hard disk identification information of the target machine can be encrypted to obtain the machine code file of the target machine.

[0123] S202. Send the machine code file to the authorized machine.

[0124] The machine code file is used to instruct the authorized machine to generate a software product data package based on the machine code file and the target dynamic library.

[0125] Among them, the target dynamic library refers to the dynamic library of the software product to be released to the target machine.

[0126] In this embodiment of the application, during the authentication process to determine whether the target machine has the capability to host the dynamic library of the software product, the participation of the software product that has completed its development task in the authorized machine is also required. Therefore, after obtaining the machine code file of the target machine, the machine code file can be sent to the authorized machine so that the authorized machine can generate a software product data package based on the machine code file and the target dynamic library.

[0127] S203. Receive the software product data packet sent by the authorized machine, and authenticate the carrying capacity of the target machine based on the software product data packet to obtain the authentication result.

[0128] In this embodiment of the application, after the authorized machine generates a software product data packet based on the machine code file and the target dynamic library, it can send the software product data packet to the target machine so that the target machine can receive the software product data packet sent by the authorized machine, and after receiving the software product data packet, it can parse the software product data packet to obtain parsing information, and authenticate the carrying capacity of the target machine based on the parsing information to obtain the authentication result.

[0129] The authentication method provided in this application is applied to a target machine. Based on the target machine's basic information, a machine code file for the target machine is constructed. This machine code file is sent to an authorized machine, which receives a software product data package. The method then authenticates the target machine's carrying capacity based on the software product data package, obtaining an authentication result. The machine code file instructs the authorized machine to generate the software product data package based on the machine code file and the target dynamic library. This application provides a method for authenticating machines running dynamic libraries. Through the participation of both the target machine and the authorized machine, it ensures that the dynamic library of the software product can run on the successfully authenticated target machine, preventing the unauthorized dissemination of the dynamic library and thus guaranteeing its security and confidentiality.

[0130] In one embodiment, in Figure 2 Based on the illustrated embodiment, the process of constructing the machine code file of the target machine can be described, such as... Figure 3 As shown, the above S201 "Constructing the machine code file of the target machine based on the basic information of the target machine" includes:

[0131] S301. Based on the basic information of the target machine, construct the first machine code of the target machine.

[0132] In this embodiment of the application, after obtaining the basic information of the target machine as described above, the first machine code of the target machine can be constructed based on the basic information of the target machine. It should be noted that in order to ensure that the dynamic library can only run on the target machine that has been successfully authenticated, the first machine code of the target machine must be obtained. The first machine code must be unique, that is, the first machine code of the target machine A and the first machine code of the target machine B are completely different.

[0133] Optionally, after obtaining the first machine code of the target machine, the first machine code can be encoded in TLV (Type-Length-Value) format to obtain the first machine code in TLV format. This allows the first machine code to be encrypted and a machine code file to be obtained. In this case, the process of "encrypting the first machine code in TLV format to obtain the machine code file" can be executed.

[0134] It should be noted that machine code encoded with TLV is more flexible. Type can distinguish between CPU identification information, MAC address, and hard disk identification information. Length indicates the length of Type, and Value indicates the specific content.

[0135] S302. Encrypt the first machine code to obtain the machine code file.

[0136] In this embodiment of the application, after obtaining the first machine code of the target machine as described above, the first machine code of the target machine can be encrypted to obtain the machine code file of the target machine.

[0137] The machine code file acquisition method provided in this application embodiment requires encrypting the machine code when the target machine generates the machine code file to ensure the security and confidentiality of the machine code transmitted to the authorized machine, thereby ensuring the integrity and accuracy of the machine code file received by the authorized machine.

[0138] In one embodiment, in Figure 2 Based on the illustrated embodiment, the process of obtaining the machine code file can be described, such as... Figure 4 As shown, the above-mentioned S302 "encrypting the first machine code to obtain a machine code file" includes:

[0139] S401. Generate the first symmetric key for the target machine based on the random parameters in the target machine.

[0140] In this embodiment of the application, when encrypting the first machine code, the random parameters in the target machine at the current time can be obtained first, and the random parameters in the target machine at the current time can be input into the pseudo-random number generator for processing to obtain the first symmetric key of the target machine.

[0141] S402. Based on the identification information of the machine code file and the first symmetric key, encrypt the first machine code to obtain the machine code file.

[0142] The machine code file identification information refers to the unique identifier of the machine code file. That is, the file can be identified as a machine code file only when the machine code file identification information exists in the file.

[0143] In this embodiment of the application, after obtaining the first machine code and the first symmetric key, the identification information of the machine code file can also be obtained, and the first machine code can be encrypted according to the identification information of the machine code file and the first symmetric key to obtain the machine code file.

[0144] Optionally, a method for obtaining machine code files is further provided below, see [link to relevant documentation]. Figure 5That is, the above-mentioned S402 "encrypting the first machine code according to the identification information of the machine code file and the first symmetric key to obtain the machine code file" includes:

[0145] S4021. Perform a one-way hash function on the first machine code and the first symmetric key to obtain the first hash value of the first machine code and the first symmetric key.

[0146] In this embodiment of the application, after obtaining the first machine code and the first symmetric key, a one-way hash function can be applied to the first machine code and the first symmetric key to obtain the first hash value corresponding to the first machine code and the first symmetric key.

[0147] S4022. Based on the first symmetric key, encrypt the first machine code and the first hash value to obtain the encrypted first machine code and the encrypted first hash value.

[0148] In this embodiment of the application, after obtaining the first symmetric key, the first machine code, and the first hash value, the first machine code and the first hash value can be encrypted based on the first symmetric key to obtain the encrypted first machine code and the encrypted first hash value.

[0149] S4023. Combine the first symmetric key, the identification information, the encrypted first machine code, and the encrypted first hash value to obtain the machine code file.

[0150] In this embodiment of the application, after obtaining the first symmetric key, the identification information of the machine code file, the encrypted first machine code, and the encrypted first hash value, the first symmetric key, the identification information of the machine code file, the encrypted first machine code, and the encrypted first hash value can be combined to obtain the machine code file.

[0151] The machine code file acquisition method provided in this application embodiment generates a symmetric key using a pseudo-random number generator, calculates a hash value for the key and machine code using a one-way hash function, and encrypts the machine code and hash value using the key, thereby ensuring the confidentiality and integrity of the machine code file and providing a foundation for the integrity of the machine code file received by the authorized machine in the future.

[0152] See Figure 6 It also provides a flowchart for constructing the machine code file of the target machine based on the basic information of the target machine.

[0153] In one embodiment, in Figures 2-5 Based on any of the embodiments shown, the process of obtaining the machine code file can be described, such as... Figure 7 As shown, the above-mentioned S203 "authenticating the target machine's carrying capacity based on the software product data package and obtaining the authentication result" includes:

[0154] S501. Parse the software product data package to obtain the target dynamic library and the license file corresponding to the machine code file.

[0155] The license file corresponding to the machine code file refers to the license file obtained after the authorized machine encrypts and decrypts the machine code file.

[0156] In this embodiment of the application, after obtaining the software product data packet sent by the authorized machine, the software product data packet can be parsed to obtain the target dynamic library, the authorization file generated by the authorization file based on the machine code file, and the public key information in the process of generating the authorization file corresponding to the machine code file can also be obtained.

[0157] S502. Decrypt the authorization file to obtain decryption information.

[0158] The decrypted information includes the fourth hash value, the fourth machine code, and the third hash value.

[0159] In this embodiment of the application, after obtaining the authorization file corresponding to the machine code file, the authorization file can be decomposed and decrypted in sequence to obtain the fourth hash value, the fourth machine code and the third hash value.

[0160] S503. Load the target dynamic library onto the target machine and generate the second machine code.

[0161] In this embodiment of the application, after obtaining the target dynamic library as described above, the target dynamic library can be loaded and run on the target machine to obtain the second machine code of the target machine.

[0162] S504. Authentication of the target machine's carrying capacity is performed based on the decrypted information and the second machine code, and the authentication result is obtained.

[0163] In this embodiment of the application, after obtaining the decryption information and the second machine code, the carrying capacity of the target machine can be authenticated based on the fourth hash value, the fourth machine code, the third hash value, and the second machine code in the decryption information, and the authentication result can be obtained.

[0164] Optionally, it can be determined whether the fourth hash value and the third hash value are the same, whether the second machine code and the fourth machine code are the same, and if the fourth hash value and the third hash value are the same, but the second machine code and the fourth machine code are different, an authentication result indicating that the target machine authentication has failed can be obtained; and if the fourth hash value and the third hash value are different, but the second machine code and the fourth machine code are the same, an authentication result indicating that the target machine authentication has failed can be obtained; and if the fourth hash value and the third hash value are different, but the second machine code and the fourth machine code are different, an authentication result indicating that the target machine authentication has failed can be obtained.

[0165] The authentication method provided in this application embodiment authenticates the target machine by parsing and decrypting the software product data packet, and based on the parsing and decryption results, ensures the security and confidentiality of the software product data packet transmitted by the authorized machine.

[0166] In one embodiment, in Figure 7 Based on the illustrated embodiment, the process of obtaining decrypted information can be described, such as... Figure 8 As shown, the above-mentioned S502 "decrypting the authorization file to obtain decryption information" includes:

[0167] S601. Decompose the authorization file to obtain the third machine code, the second hash value, and the second symmetric key.

[0168] Among them, the third machine code is the encrypted machine code, the second hash value is the encrypted hash value, and the second symmetric key is the symmetric key encrypted based on the private key.

[0169] In this embodiment of the application, after obtaining the authorization file corresponding to the machine code file, the authorization file can be decomposed to obtain the third machine code, the second hash value, and the second symmetric key.

[0170] Optionally, after decomposing the authorization file, a digital certificate may also be included; it should be noted that the second preset private key and the first preset public key in the authorization machine can be digitally signed to generate a digital certificate.

[0171] S602. Decrypt the third machine code, the second hash value, and the second symmetric key respectively to obtain the fourth machine code, the third hash value, and the third symmetric key.

[0172] The fourth machine code is the machine code obtained by decrypting the third machine code, the third hash value is the machine code obtained by decrypting the second hash value, and the third symmetric key is the machine code obtained by decrypting the second symmetric key.

[0173] In this embodiment of the application, after obtaining the third machine code, the second hash value, and the second symmetric key, the third machine code, the second hash value, and the second symmetric key can be decrypted to obtain the fourth machine code, the third hash value, and the third symmetric key.

[0174] Optionally, after obtaining the digital certificate from the above-mentioned decomposition of the authorization file, the data certificate can be verified based on the public key information obtained during the generation of the authorization file corresponding to the machine code file to obtain public key 1. Then, the second symmetric key can be decrypted based on public key 1 to obtain the third symmetric key. Finally, the third machine code and the second hash value can be decrypted based on the third symmetric key to obtain the fourth machine code and the third hash value.

[0175] S603. Perform a one-way hash function operation based on the third symmetric key and the fourth machine code to obtain the fourth hash value.

[0176] In this embodiment of the application, after obtaining the fourth machine code and the third symmetric key, a one-way hash function operation can be performed based on the third symmetric key and the fourth machine code to obtain the fourth hash value.

[0177] The decryption method for the authorization file provided in this application provides a data foundation for subsequent authentication of the target machine based on the decrypted information.

[0178] In one embodiment, in Figure 8 Based on the illustrated embodiment, the process of obtaining the authentication result can be described, such as... Figure 9 As shown, the above-mentioned S503 "authenticates the carrying capacity of the target machine based on the decrypted information and the second machine code, and obtains the authentication result" includes:

[0179] S701. Determine whether the third hash value and the fourth hash value are the same.

[0180] In this embodiment of the application, after obtaining the third hash value and the fourth hash value, it can be determined whether the third hash value and the fourth hash value are the same.

[0181] S702. Determine whether the second machine code and the fourth machine code are the same.

[0182] In this embodiment of the application, after obtaining the second machine code and the fourth machine code value, it can be determined whether the second machine code and the fourth machine code value are the same.

[0183] S703. If the third hash value and the fourth hash value are the same, and the second machine code and the fourth machine code are the same, the authentication result indicates that the target machine has been successfully authenticated.

[0184] In this embodiment of the application, if the third hash value and the fourth hash value are the same, and the second machine code and the fourth machine code are the same, the authentication result indicates that the authentication of the target machine is successful.

[0185] The authentication method provided in this application embodiment authenticates the target machine by parsing and decrypting the software product data packet, and based on the parsing and decryption results, ensures the security and confidentiality of the software product data packet transmitted by the authorized machine.

[0186] See Figure 10 It also provides a flowchart for authenticating a target machine based on a software product data package and obtaining the authentication result.

[0187] In one embodiment, such as Figure 11 As shown, an authentication method is provided, which can be applied to... Figure 1 Taking authorized machine 20 as an example, the following steps are included:

[0188] S801: Receive the machine code file sent by the target machine and obtain the target dynamic library.

[0189] In this embodiment of the application, after the target machine obtains the machine code file, it can send the machine code file to the authorized machine. The authorized machine can receive the machine code file sent by the target machine, and then determine the target dynamic library of the software product to be published to the target machine from the authorized machine.

[0190] S802. Generate a software product data package based on the machine code file and the target dynamic library.

[0191] In this embodiment of the application, after obtaining the machine code file and the target dynamic library, the machine code file can be parsed to obtain a parsed file, and the parsed file can be encrypted to obtain the license file corresponding to the machine code file. Then, based on the license file and the target dynamic library, a software product data package is generated.

[0192] S803: Send the software product data package to the target machine.

[0193] The software product data package is used to instruct the target machine to authenticate its carrying capacity based on the software product data package and obtain the authentication result.

[0194] In this embodiment of the application, after obtaining the software product data packet, the software product data packet can be sent to the target machine.

[0195] The authentication method provided in this application is applied to an authorized machine. It receives a machine code file sent by a target machine and obtains a target dynamic library. Based on the machine code file and the target dynamic library, it generates a software product data package and sends the software product data package to the target machine. The software product data package instructs the target machine to authenticate its carrying capacity based on the software product data package, obtaining the authentication result. This application provides a method for authenticating machines running dynamic libraries. Through the participation of both the target machine and the authorized machine, it ensures that the dynamic library of the software product can run on the successfully authenticated target machine, preventing the unauthorized dissemination of the dynamic library and thus guaranteeing its security and confidentiality.

[0196] In one embodiment, in Figure 11 Based on the illustrated embodiment, the process of obtaining software product data packages can be described, such as... Figure 12 As shown, the above-mentioned S802 "Generate software product data package based on machine code file and target dynamic library" includes:

[0197] S901. Parse the machine code file to obtain the fifth machine code of the target machine.

[0198] In this embodiment of the application, after obtaining the machine code file as described above, the machine code file can be parsed based on the reverse process of machine code encryption provided in the above embodiment to obtain the fifth machine code of the target machine.

[0199] Optionally, after receiving the machine code file, the machine code file can be decomposed to obtain a first symmetric key, the machine code file's identifier information, the encrypted first machine code, and the encrypted first hash value. Then, based on the first symmetric key, the encrypted first machine code and the encrypted first hash value are decrypted to obtain the decrypted first machine code and the decrypted first hash value. Further, a one-way hash function is performed on the first symmetric key and the decrypted first machine code to obtain the hash value after the operation. It is then determined whether the decrypted first hash value and the hash value after the operation are consistent. If they are consistent, the decrypted first machine code is used as the fifth machine code of the target machine. If they are inconsistent, the machine code file needs to be re-parsed.

[0200] S902. Encrypt the fifth machine code to generate the corresponding authorization file.

[0201] In this embodiment of the application, after obtaining the fifth machine code, the fifth machine code can be encrypted to obtain the authorization file corresponding to the fifth machine code.

[0202] S903. Merge the target dynamic library and license file to obtain the software product data package.

[0203] In this embodiment of the application, after obtaining the target dynamic library and the license file as described above, the target dynamic library and the license file can be merged based on the second preset public key to obtain a software product data package.

[0204] The method for obtaining software product data packages provided in this application embodiment obtains an authorization file by encrypting the machine code, and obtains the software product data package based on the dynamic library and the authorization file, providing a data foundation for subsequent authentication of the target machine based on the software product data package.

[0205] In one embodiment, in Figure 12 Based on the illustrated embodiment, the process of obtaining the authorization file can be described, such as... Figure 13 As shown, the above-mentioned S902 "encrypting the fifth machine code and generating an authorization file corresponding to the fifth machine code" includes:

[0206] S1001. Generate the third symmetric key for the authorized machine based on the random parameters in the authorized machine.

[0207] In this embodiment of the application, when encrypting the fifth machine code, the random parameters in the current time of the authorized machine can be obtained first, and the random parameters in the current time of the authorized machine can be input into the pseudo-random number generator for processing to obtain the third symmetric key of the authorized machine.

[0208] S1002. Encrypt the third symmetric key and the fifth machine code to obtain the third machine code and the second hash value.

[0209] The third machine code is the encrypted machine code, and the second hash value is the encrypted hash value.

[0210] In this embodiment of the application, after obtaining the third symmetric key and the fifth machine code, the third symmetric key and the fifth machine code can be encrypted respectively to obtain the third machine code and the second hash value.

[0211] Optionally, after obtaining the fifth machine code, it can be encoded in TLV (Type-Length-Value) format to obtain a TLV format fifth machine code. This allows for subsequent encryption of the fifth machine code. When obtaining the third machine code, the process of "encrypting the TLV format fifth machine code to obtain the third machine code" can be executed.

[0212] Optionally, a method for obtaining the third machine code and the second hash value is also provided, see [link to relevant documentation]. Figure 14 The above-mentioned S1002 "encrypting the third symmetric key and the fifth machine code to obtain the third machine code and the second hash value" includes:

[0213] S1101. Perform a one-way hash function on the fifth machine code and the third symmetric key to obtain the fifth hash value of the fifth machine code and the third symmetric key.

[0214] In this embodiment of the application, after obtaining the fifth machine code and the third symmetric key, a one-way hash function can be applied to the fifth machine code and the third symmetric key to obtain the fifth hash value of the fifth machine code and the third symmetric key.

[0215] S1102. Based on the third symmetric key, encrypt the fifth machine code and the fifth hash value to obtain the third machine code and the second hash value.

[0216] The third machine code is the machine code encrypted with the fifth machine code, and the second hash value is the hash value encrypted with the fifth hash value.

[0217] In this embodiment of the application, after obtaining the third symmetric key, the fifth machine code, and the fifth hash value, the fifth machine code and the fifth hash value can be encrypted based on the third symmetric key to obtain the third machine code and the second hash value.

[0218] This provides a method for obtaining the third machine code and the second hash value.

[0219] S1003. Encrypt the third symmetric key based on the first preset private key to obtain the second symmetric key.

[0220] The first preset private key is generated using a public-key algorithm in the authorized machine. The second symmetric key is a symmetric key encrypted using the third symmetric key.

[0221] In this embodiment, a first preset private key can be generated based on the public key algorithm in the authorized machine, and then the third symmetric key can be encrypted based on the first preset private key to obtain the second symmetric key.

[0222] S1004. Perform digital signature processing on the second preset private key and the first preset public key to generate a digital certificate.

[0223] The second preset private key and the first preset public key are both generated by the public key algorithm in the authorized machine.

[0224] In this embodiment of the application, a second preset private key and a first preset public key can be generated first based on the public key algorithm in the authorized machine, and then the second preset private key and the first preset public key can be digitally signed to generate a digital certificate.

[0225] S1005. Obtain the authorization file based on the preset authorization file identifier, the third machine code, the second hash value, the second symmetric key, and the digital certificate.

[0226] Among them, the preset authorization file identifier refers to the unique identifier of the authorization file. That is, the file can be identified as an authorization file only when the identification information of the authorization file exists in the file.

[0227] In this embodiment of the application, a preset authorization file identifier can be obtained, and an authorization file can be obtained based on the preset authorization file identifier, the third machine code, the second hash value, the second symmetric key, and the digital certificate.

[0228] The authorization file acquisition method provided in this application embodiment obtains the authorization file by encrypting the machine code, providing a data foundation for subsequent authentication of the target machine based on the authorization software.

[0229] See Figure 15 It also provides a flowchart for generating software product data packages based on machine code files and target dynamic libraries.

[0230] In one embodiment, see Figure 16 It also provides an authentication method, including:

[0231] S10. Construct the first machine code of the target machine based on the basic information of the target machine;

[0232] S11. Generate the first symmetric key for the target machine based on the random parameters in the target machine;

[0233] S12. Perform a one-way hash function on the first machine code and the first symmetric key to obtain the first hash value of the first machine code and the first symmetric key;

[0234] S13. Based on the first symmetric key, encrypt the first machine code and the first hash value to obtain the encrypted first machine code and the encrypted first hash value.

[0235] S14. Combine the first symmetric key, the identification information, the encrypted first machine code, and the encrypted first hash value to obtain the machine code file.

[0236] S15. Send the machine code file to the authorized machine;

[0237] S16. Receive the machine code file sent by the target machine and obtain the target dynamic library;

[0238] S17. Parse the machine code file to obtain the fifth machine code of the target machine;

[0239] S18. Generate a third symmetric key for the authorized machine based on the random parameters in the authorized machine;

[0240] S19. Perform a one-way hash function on the fifth machine code and the third symmetric key to obtain the fifth hash value of the fifth machine code and the third symmetric key;

[0241] S20. Based on the third symmetric key, encrypt the fifth machine code and the fifth hash value to obtain the third machine code and the second hash value;

[0242] S21. Encrypt the third symmetric key based on the first preset private key to obtain the second symmetric key;

[0243] S22. Perform digital signature processing on the second preset private key and the first preset public key to generate a digital certificate;

[0244] S23. Obtain the authorization file based on the preset authorization file identifier, the third machine code, the second hash value, the second symmetric key, and the digital certificate;

[0245] S24. Merge the target dynamic library and license file to obtain the software product data package;

[0246] S25. Send the software product data package to the target machine;

[0247] S26. Receive software product data packets sent by the authorized machine;

[0248] S27. Parse the software product data package to obtain the target dynamic library and the license file corresponding to the machine code file;

[0249] S28. Decompose the authorization file to obtain the third machine code, the second hash value, and the second symmetric key;

[0250] S29. Decrypt the third machine code, the second hash value, and the second symmetric key respectively to obtain the fourth machine code, the third hash value, and the third symmetric key;

[0251] S30. Perform a one-way hash function operation based on the third symmetric key and the fourth machine code to obtain the fourth hash value;

[0252] S31. Load the target dynamic library onto the target machine and generate the second machine code;

[0253] S32. Determine whether the third hash value and the fourth hash value are the same;

[0254] S33. Determine whether the second machine code and the fourth machine code are the same;

[0255] S34. If the third hash value and the fourth hash value are the same, and the second machine code and the fourth machine code are the same, the authentication result indicates that the target machine has been successfully authenticated.

[0256] This application provides a method for authenticating the machine running a dynamic library. By involving both the target machine and the authorized machine, it ensures that the dynamic library of the software product can run on the successfully authenticated target machine, thereby preventing the unauthorized dissemination of the dynamic library and ensuring its security and confidentiality.

[0257] It should be understood that although the steps in the flowcharts of the embodiments described above are shown sequentially according to the arrows, these steps are not necessarily executed in the order indicated by the arrows. Unless explicitly stated herein, there is no strict order restriction on the execution of these steps, and they can be executed in other orders. Moreover, at least some steps in the flowcharts of the embodiments described above may include multiple steps or multiple stages. These steps or stages are not necessarily completed at the same time, but can be executed at different times. The execution order of these steps or stages is not necessarily sequential, but can be performed alternately or in turn with other steps or at least some of the steps or stages of other steps.

[0258] Based on the same inventive concept, this application also provides an authentication device for implementing the authentication method described above. The solution provided by this device is similar to the implementation described in the above method; therefore, the specific limitations in one or more authentication device embodiments provided below can be found in the limitations of the authentication method described above, and will not be repeated here.

[0259] In one exemplary embodiment, such as Figure 17 As shown, an authentication device is provided, including: a construction module 10, a sending module 11, and an authentication module 12, wherein:

[0260] Module 10 is used to build the machine code file of the target machine based on the basic information of the target machine.

[0261] The sending module 11 is used to send the machine code file to the authorized machine; the machine code file is used to instruct the authorized machine to generate a software product data package based on the machine code file and the target dynamic library.

[0262] The authentication module 12 is used to receive the software product data packet sent by the authorized machine, and to authenticate the carrying capacity of the target machine based on the software product data packet, and obtain the authentication result.

[0263] In an exemplary embodiment, the above-described construction module 10 includes: a construction unit and a processing unit, wherein:

[0264] The construction unit is specifically used to construct the first machine code of the target machine based on the basic information of the target machine.

[0265] The processing unit is specifically used to encrypt the first machine code to obtain a machine code file.

[0266] In an exemplary embodiment, the processing unit is further configured to generate a first symmetric key for the target machine based on random parameters in the target machine; and to encrypt the first machine code based on the identification information of the machine code file and the first symmetric key to obtain the machine code file.

[0267] In an exemplary embodiment, the above-mentioned processing unit is further configured to perform one-way hash function processing on the first machine code and the first symmetric key to obtain a first hash value of the first machine code and the first symmetric key; encrypt the first machine code and the first hash value according to the first symmetric key to obtain an encrypted first machine code and an encrypted first hash value; and combine the first symmetric key, the identification information, the encrypted first machine code and the encrypted first hash value to obtain a machine code file.

[0268] In an exemplary embodiment, the authentication module 12 includes: a parsing unit, a decryption unit, a generation unit, and an authentication unit, wherein:

[0269] The parsing unit is specifically used to parse the software product data package to obtain the target dynamic library and the license file corresponding to the machine code file;

[0270] The decryption unit is specifically used to decrypt the authorization file to obtain decrypted information;

[0271] The generation unit is specifically used to load the target dynamic library onto the target machine and generate the second machine code.

[0272] The authentication unit is specifically used to authenticate the carrying capacity of the target machine based on the decrypted information and the second machine code, and obtain the authentication result.

[0273] In an exemplary embodiment, the decryption unit is further configured to decompose the authorization file to obtain a third machine code, a second hash value, and a second symmetric key; decrypt the third machine code, the second hash value, and the second symmetric key to obtain a fourth machine code, a third hash value, and a third symmetric key; and perform a one-way hash function operation based on the third symmetric key and the fourth machine code to obtain a fourth hash value.

[0274] In an exemplary embodiment, the authentication unit is further configured to determine whether the third hash value and the fourth hash value are the same; determine whether the second machine code and the fourth machine code are the same; and if the third hash value and the fourth hash value are the same, and the second machine code and the fourth machine code are the same, determine that the authentication result indicates that the target machine has been successfully authenticated.

[0275] In one exemplary embodiment, such as Figure 18 As shown, an authentication device is provided, comprising: a receiving module 20, a generating module 21, and a sending module 22, wherein:

[0276] The receiving module 20 is used to receive the machine code file sent by the target machine and to obtain the target dynamic library;

[0277] The generation module 21 is used to generate a software product data package based on the machine code file and the target dynamic library;

[0278] The sending module 22 is used to send the software product data packet to the target machine; the software product data packet is used to instruct the target machine to authenticate the carrying capacity of the target machine according to the software product data packet and obtain the authentication result.

[0279] In an exemplary embodiment, the generation module 21 includes: a parsing processing unit, an encryption processing unit, and a merging processing unit, wherein:

[0280] The parsing and processing unit is specifically used to parse and process the machine code file to obtain the fifth machine code of the target machine;

[0281] The encryption processing unit is specifically used to encrypt the fifth machine code and generate the authorization file corresponding to the fifth machine code;

[0282] The merging processing unit is specifically used to merge the target dynamic library and license file to obtain the software product data package.

[0283] In an exemplary embodiment, the encryption processing unit is further configured to generate a third symmetric key for the authorization machine based on random parameters in the authorization machine; encrypt the third symmetric key and the fifth machine code to obtain the third machine code and the second hash value; encrypt the third symmetric key based on the first preset private key to obtain the second symmetric key; perform digital signature processing on the second preset private key and the first preset public key to generate a digital certificate; and obtain an authorization file based on the preset authorization file identifier, the third machine code, the second hash value, the second symmetric key, and the digital certificate.

[0284] In an exemplary embodiment, the encryption processing unit is further configured to perform one-way hash function processing on the fifth machine code and the third symmetric key to obtain a fifth hash value of the fifth machine code and the third symmetric key; and to encrypt the fifth machine code and the fifth hash value based on the third symmetric key to obtain a third machine code and a second hash value.

[0285] Each module in the aforementioned authentication device can be implemented entirely or partially through software, hardware, or a combination thereof. These modules can be embedded in the processor of a computer device in hardware form or independent of it, or stored in the memory of the computer device in software form, so that the processor can call and execute the operations corresponding to each module.

[0286] In one exemplary embodiment, a computer device is provided, which may be a server, and its internal structure diagram may be as follows: Figure 19 As shown, this computer device includes a processor, memory, input / output interfaces (I / O), and a communication interface. The processor, memory, and I / O interfaces are connected via a system bus, and the communication interface is also connected to the system bus via the I / O interfaces. The processor provides computational and control capabilities. The memory includes non-volatile storage media and internal memory. The non-volatile storage media stores the operating system, computer programs, and a database. The internal memory provides the environment for the operation of the operating system and computer programs stored in the non-volatile storage media. The database stores machine code data. The I / O interfaces are used for exchanging information between the processor and external devices. The communication interface is used for communication with external terminals via a network connection. When the computer program is executed by the processor, it implements an authentication method.

[0287] Those skilled in the art will understand that Figure 16 The structure shown is merely a block diagram of a portion of the structure related to the present application and does not constitute a limitation on the computer device to which the present application is applied. Specific computer devices may include more or fewer components than those shown in the figure, or combine certain components, or have different component arrangements.

[0288] In one embodiment, a computer device is also provided, including a memory and a processor, wherein the memory stores a computer program, and the processor executes the computer program to implement the steps in the above method embodiments.

[0289] In one embodiment, a computer-readable storage medium is provided having a computer program stored thereon that, when executed by a processor, implements the steps in the above method embodiments.

[0290] In one embodiment, a computer program product is provided, including a computer program that, when executed by a processor, implements the steps in the above method embodiments.

[0291] It should be noted that the user information (including but not limited to user device information, user personal information, etc.) and data (including but not limited to data used for analysis, data stored, data displayed, etc.) involved in this application are all information and data authorized by the user or fully authorized by all parties, and the collection, use and processing of the relevant data must comply with relevant regulations.

[0292] Those skilled in the art will understand that all or part of the processes in the methods of the above embodiments can be implemented by a computer program instructing related hardware. The computer program can be stored in a non-volatile computer-readable storage medium, and when executed, it can include the processes of the embodiments of the above methods. Any references to memory, databases, or other media used in the embodiments provided in this application can include at least one of non-volatile memory and volatile memory. Non-volatile memory can include read-only memory (ROM), magnetic tape, floppy disk, flash memory, optical memory, high-density embedded non-volatile memory, resistive random access memory (ReRAM), magnetic random access memory (MRAM), ferroelectric random access memory (FRAM), phase change memory (PCM), graphene memory, etc. Volatile memory can include random access memory (RAM) or external cache memory, etc. By way of illustration and not limitation, RAM can take many forms, such as Static Random Access Memory (SRAM) or Dynamic Random Access Memory (DRAM). The databases involved in the embodiments provided in this application may include at least one type of relational database and non-relational database. Non-relational databases may include, but are not limited to, blockchain-based distributed databases. The processors involved in the embodiments provided in this application may be general-purpose processors, central processing units, graphics processing units, digital signal processors, programmable logic devices, quantum computing-based data processing logic devices, artificial intelligence (AI) processors, etc., and are not limited to these.

[0293] The technical features of the above embodiments can be combined in any way. For the sake of brevity, not all possible combinations of the technical features in the above embodiments are described. However, as long as there is no contradiction in the combination of these technical features, they should be considered to be within the scope of this application.

[0294] The embodiments described above are merely illustrative of several implementation methods of this application, and while the descriptions are specific and detailed, they should not be construed as limiting the scope of this patent application. It should be noted that those skilled in the art can make various modifications and improvements without departing from the concept of this application, and these all fall within the protection scope of this application. Therefore, the protection scope of this application should be determined by the appended claims.

Claims

1. An authentication method, characterized in that, Applied to a target machine, the method includes: Based on the basic information of the target machine, construct the machine code file of the target machine; The machine code file is sent to the authorized machine; the machine code file is used to instruct the authorized machine to generate a software product data package based on the machine code file and the target dynamic library. The system receives the software product data packet sent by the authorized machine and authenticates the carrying capacity of the target machine based on the software product data packet to obtain the authentication result.

2. The method according to claim 1, characterized in that, The step of constructing the machine code file of the target machine based on the basic information of the target machine includes: Based on the basic information of the target machine, construct the first machine code of the target machine; The first machine code is encrypted to obtain the machine code file.

3. The method according to claim 2, characterized in that, The step of encrypting the first machine code to obtain the machine code file includes: Generate a first symmetric key for the target machine based on the random parameters in the target machine; The first machine code is encrypted using the identification information of the machine code file and the first symmetric key to obtain the machine code file.

4. The method according to claim 3, characterized in that, The step of encrypting the first machine code based on the identifier information of the machine code file and the first symmetric key to obtain the machine code file includes: The first machine code and the first symmetric key are processed by a one-way hash function to obtain the first hash value of the first machine code and the first symmetric key; Based on the first symmetric key, the first machine code and the first hash value are encrypted to obtain the encrypted first machine code and the encrypted first hash value. The first symmetric key, the identification information, the encrypted first machine code, and the encrypted first hash value are combined to obtain the machine code file.

5. The method according to any one of claims 1-4, characterized in that, The step of authenticating the carrying capacity of the target machine based on the software product data package and obtaining the authentication result includes: The software product data package is parsed to obtain the target dynamic library and the license file corresponding to the machine code file; The authorization file is decrypted to obtain decrypted information; The target dynamic library is loaded onto the target machine to generate second machine code; The target machine's carrying capacity is authenticated based on the decrypted information and the second machine code, resulting in the authentication result.

6. The method according to claim 5, characterized in that, The process of decrypting the authorized file to obtain decrypted information includes: The authorization file is decomposed to obtain a third machine code, a second hash value, and a second symmetric key; The third machine code, the second hash value, and the second symmetric key are decrypted respectively to obtain the fourth machine code, the third hash value, and the third symmetric key; A one-way hash function is performed based on the third symmetric key and the fourth machine code to obtain the fourth hash value.

7. The method according to claim 6, characterized in that, The step of authenticating the bearer capability of the target machine based on the decrypted information and the second machine code to obtain the authentication result includes: Determine whether the third hash value and the fourth hash value are the same; Determine whether the second machine code and the fourth machine code are the same; If the third hash value and the fourth hash value are the same, and the second machine code and the fourth machine code are the same, then the authentication result indicates that the authentication of the target machine is successful.

8. An authentication method, characterized in that, Applied to authorized machines, the method includes: Receive machine code files sent by the target machine and obtain the target dynamic library; Based on the machine code file and the target dynamic library, a software product data package is generated; The software product data packet is sent to the target machine; the software product data packet is used to instruct the target machine to authenticate the carrying capacity of the target machine according to the software product data packet, and obtain the authentication result.

9. The method according to claim 8, characterized in that, The step of generating a software product data package based on the machine code file and the target dynamic library includes: The machine code file is parsed to obtain the fifth machine code of the target machine; The fifth machine code is encrypted to generate an authorization file corresponding to the fifth machine code; The target dynamic library and the license file are merged to obtain the software product data package.

10. The method according to claim 9, characterized in that, The step of encrypting the fifth machine code to generate an authorization file corresponding to the fifth machine code includes: Based on the random parameters in the authorized machine, a third symmetric key for the authorized machine is generated; The third symmetric key and the fifth machine code are encrypted to obtain the third machine code and the second hash value; The third symmetric key is encrypted based on the first preset private key to obtain the second symmetric key; Perform digital signature processing on the second preset private key and the first preset public key to generate a digital certificate; The authorization file is obtained based on the preset authorization file identifier, the third machine code, the second hash value, the second symmetric key, and the digital certificate.

11. The method according to claim 10, characterized in that, The encryption process of the third symmetric key and the fifth machine code to obtain the third machine code and the second hash value includes: The fifth machine code and the third symmetric key are processed by a one-way hash function to obtain the fifth hash value of the fifth machine code and the third symmetric key; Based on the third symmetric key, the fifth machine code and the fifth hash value are encrypted to obtain the third machine code and the second hash value.

12. An authentication device, characterized in that, Applied to a target machine, the device includes: The construction module is used to construct the machine code file of the target machine based on the basic information of the target machine; A sending module is used to send the machine code file to an authorized machine; the machine code file is used to instruct the authorized machine to generate a software product data package based on the machine code file and the target dynamic library; The authentication module is used to receive the software product data packet sent by the authorized machine, and to authenticate the carrying capacity of the target machine based on the software product data packet, and obtain the authentication result.

13. A computer device comprising a memory and a processor, wherein the memory stores a computer program, characterized in that, When the processor executes the computer program, it implements the steps of the method according to any one of claims 1 to 11.

14. A computer-readable storage medium having a computer program stored thereon, characterized in that, When the computer program is executed by a processor, it implements the steps of the method according to any one of claims 1 to 11.

15. A computer program product, comprising a computer program, characterized in that, When the computer program is executed by a processor, it implements the steps of the method according to any one of claims 1 to 11.