the key generation module is used for generating a unique pair of private key and public key for the authorized tenant by adopting an asymmetric encryption algorithm, and the public key, the public key and the incidence relation of the public key and the authorized tenant are sent to the verification device;

the signature certificate generation module is used for generating a signature certificate of an authorized tenant by using a private key and an information abstract corresponding to each tenant;

the authentication device includes:

In one embodiment, the authorization apparatus further includes an encryption module, configured to encrypt the signing certificate with an AES256 encryption algorithm after the generating of the signing certificate of each tenant;

the verifying device further comprises a decrypting module, which is used for decrypting the signature certificate of the tenant through a decrypting algorithm before the public key associated with the tenant is used for verifying the signature certificate of the tenant.

The implementation principle and technical effect of the product multi-tenant security trust system provided by the embodiment are similar to those of the method, and are not described herein again.

The following specifically describes a software implementation method of the product multi-tenant security trust method and system of the present invention. The software implementation of the present invention is not limited to development and design languages, and the following provides an implementation manner based on gold (Go language for short).

Software implementation on the product server side:

1. defining an information abstract structure body, and mainly having the following properties: unique Code, authorized user mailbox, total number of authorized users, authorization effective time (as above: can be dynamically expanded)

2. Defining key pair generation method and implementing, according to the development language, selecting mature basic library to call API to implement, according to the Go language can adopt "crypto/ecdsa" and "crypto/encapsulating" (as above: salt value random number can be dynamically added to intensify)

3. Defining and realizing a method for generating a random unique Code, wherein the realization mode comprises the following steps: generating random numbers with specified digits by taking the nanosecond number of the current timestamp as a random seed, and dynamically splicing the random numbers into a specified format, such as: XXXXXX-XXXX-XXXX-XXXXXX

4. A data encryption method under an AES256 algorithm is defined and realized, and main parameters are as follows: original data, encryption key, one implementation: dynamically assembling 32-bit grouping Key (rule self-defining, such as multiple repetition and missing filling) according to the length of the secret Key, then calling API (application programming interface) by means of mature basic library to realize encryption, and the Go language can adopt 'crypt/aes'

5. Defining and realizing a license generation method, wherein the main parameters are as follows: information summary data, tenant encryption key, one implementation: and the binary serialized information digest is reserved, then the defined secret key is called to generate a secret key by the generation method, then a certificate is generated by a hash signature algorithm in ECDSA according to the secret key and the digest information, after the certificate is subjected to Base32 or Base64 encoding, the tenant encryption key is used to call the defined AES256 encryption method to perform secondary encryption, and finally encrypted data are returned.

The software implementation of the product client can be placed in the product source code, and includes:

1. defining and realizing an AES256 decryption method, wherein the main parameters are as follows: encrypt data, decrypt key, one implementation: and generating a final 32-bit block Key corresponding to the dynamic processing mode of the secret Key in the AES256 encryption algorithm, calling the basic library API to decrypt the encrypted data, and returning the decrypted plaintext data.

2. Defining and realizing a license correctness verification method, wherein the main parameters are as follows: license data, an implementation manner, corresponding to the above license encoding method, firstly decrypts the Base32 or Base64 bit, then obtains the public key in the key pair generated in the earlier stage, and verifies the validity of the certificate by using the public key (as above, the basic library has corresponding API)

3. Defining and realizing a license abstract information acquisition method, wherein the main parameters are as follows: the encrypted license data is decrypted by calling the AES256 decryption algorithm to obtain plaintext data, then calling the correctness verification method of the license to verify the correctness, reading summary information by deserializing the verified license, and returning the summary information to the verified license

4. Defining and realizing a license validity verification method, wherein the main parameters are as follows: the encrypted license data is implemented by calling a digest information acquisition method to acquire digest information, and comparing the digest information according to the limiting conditions in the digest information, for example: and judging the validity of the certificate before and after the current time and the authorization valid time, the current number of registered users, the total number of authorized users and the like.

In order to implement the foregoing embodiment, an embodiment of the present invention further provides an electronic device, including: a processor and a memory. Wherein the memory and the processor are electrically connected, directly or indirectly, to enable transmission or interaction of data. The memory stores a computer program, and the computer program can implement the technical solution of any one of the above embodiments of the multi-tenant security trust method when executed by the processor. The processor executes various functional applications and data processing by executing software programs and modules stored in the memory. The processor may be an integrated circuit chip having signal processing capabilities. And the processor executes the program after receiving the execution instruction. Optionally, the software programs and modules within the above-described memory may also include an operating system, which may include various software components and/or drivers for managing system tasks and may communicate with various hardware or software components to provide an operating environment for other software components. The implementation principle and technical effect of the electronic device provided by this embodiment are similar to those of the above method, and are not described herein again.

It will be understood by those skilled in the art that the foregoing is only a preferred embodiment of the present invention, and is not intended to limit the invention, and that any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the scope of the present invention.

Claims

1. A product multi-tenant security credit granting method is characterized by comprising an authorization step and a verification step;

the step of authorizing comprises:

generating a unique pair of private key and public key for an authorized tenant by adopting an asymmetric encryption algorithm, and storing the incidence relation between the public key and the authorized tenant;

the verifying step includes:

2. The method for multi-tenant secure trust of a product of claim 1, wherein a salt is added in the process of generating a unique pair of private key and public key for an authorized tenant by using an asymmetric encryption algorithm.

3. The product multi-tenant secure trust method as claimed in claim 1 or 2, wherein the verifying the signed certificate of the verified tenant comprises:

4. The product multi-tenant security trust method as claimed in any one of claims 1 or 2, characterized in that when the authorization information of the authorized tenant changes, a new information summary is generated for the authorized tenant according to the personal information of the authorized tenant and the changed authorization information;

5. The multi-tenant secure credit granting method of any one of claims 1 or 2,

the step of authorizing comprises: after the signature certificate of the authorized tenant is generated, encrypting the signature certificate by adopting an AES256 encryption algorithm;

6. The product multi-tenant secure credit granting method of claim 1 or 2, wherein the asymmetric encryption algorithm is an elliptic curve digital signature algorithm.

7. A product multi-tenant safety credit granting system is characterized by comprising a credit granting device and a verification device;

the authorization apparatus includes:

the key generation module is used for generating a unique pair of private key and public key for the authorized tenant by adopting an asymmetric encryption algorithm, and the public key are sent to the verification device according to the incidence relation with the authorized tenant;

the authentication apparatus includes:

8. The product multi-tenant security trust system of claim 7,

the authorization device further comprises an encryption module, which is used for encrypting the signature certificate by adopting an AES256 encryption algorithm after the signature certificate of each tenant is generated;

9. The product multi-tenant security trust system of claim 7 or 8, wherein the authorization device is deployed on a product server;

the verification device is deployed on a product client.

10. An electronic device comprising a processor and a memory, wherein,

wherein the processor runs a program corresponding to the executable program code by reading the executable program code stored in the memory for implementing the method of any one of claims 1 to 6.