CN115001749A

Movatterモバイル変換

Info

Publication number: CN115001749A
Application number: CN202210481726.6A
Authority: CN
Inventors: 李新文
Original assignee: ThunderSoft Co Ltd
Current assignee: ThunderSoft Co Ltd
Priority date: 2022-05-05
Filing date: 2022-05-05
Publication date: 2022-09-02
Anticipated expiration: 2042-05-05
Also published as: CN115001749B

Abstract

The application provides a device authorization method, a device and a medium, wherein the method comprises the following steps: reporting first data information including a Mac address, a first random number and an encrypted first target value to a server under the condition that the server passes authentication, wherein the first target value is determined based on the first authentication times; receiving and decrypting encrypted second data information fed back by the server, wherein the second data information is generated based on first authorization information when the server determines that the first authentication times are the same as the second authentication times, detecting whether the second authorization information is the same as the first authorization information according to third data information and the second data information, and the third data information is generated based on the second authorization information; and under the condition that the second authorization information is the same as the first authorization information, determining to acquire the operation authority of the algorithm program, updating the first authentication times, and sending an updating instruction for updating the second authentication times to the server. The method and the device can accurately carry out authorization and authentication on the terminal equipment.

Description

Device authorization method, device and medium

Technical Field

The present application relates to the field of data processing technologies, and in particular, to a method, an apparatus, a device, and a medium for device authorization.

Background

When the algorithm program is deployed on a device, in order to protect the rights of an algorithm developer and prevent the algorithm program from running on an unauthorized device, the device needs to be authorized and authenticated.

Currently, when performing authorization authentication on a device, the following two methods are mainly included:

1. the device is authorized and authenticated through an Identity Document (ID) of the device.

2. The device authorization authentication is carried out by adopting a dongle mode, namely, the dongle similar to a U disk is inserted into the device, the authorization authentication is carried out on the device by the modes of communication between the algorithm program and the dongle and the like, and the aim of preventing the algorithm program from running on unauthorized devices is fulfilled by controlling the number of issued dongles as the algorithm program can only run on the device with the dongle.

For the first authentication method, if the device ID cannot be obtained, the situation that the algorithm program is applied to the unauthorized device in the packed mirror image manner is likely to occur, and at this time, the device cannot be authenticated accurately, which affects the rights and interests of the algorithm developer.

For the second authentication mode, because additional hardware is required, the cost is greatly increased when the number of the devices is large, and the mainstream dongle device in the market can be cracked through hardware cloning or copying and other modes, so that the algorithm program runs on unauthorized devices, and at the moment, accurate authorized authentication cannot be performed on the devices, and the rights and interests of algorithm developers are influenced.

Therefore, in the prior art, the method for performing authorization authentication on the device has the disadvantages that the authorization authentication cannot be accurately performed and the authorization authentication cost is increased.

Disclosure of Invention

The embodiment of the application provides a device authorization method, a device and a medium, which are used for solving the problems that the device cannot be accurately authorized and the authorization cost is increased when the device is authorized and authenticated in the prior art.

In a first aspect, an embodiment of the present application provides an apparatus authorization method, which is applied to a terminal apparatus for deploying an algorithm program, and includes:

reporting first data information to a server under the condition that the server passes authentication, wherein the first data information comprises a media access control (Mac) address of the terminal equipment, a first random number and an encrypted first target value, and the first target value is determined based on the Mac address, the first random number and a first authentication frequency corresponding to the terminal equipment authentication and stored by the terminal equipment;

receiving and decrypting encrypted second data information fed back by the server to obtain the second data information, wherein the second data information is generated based on first authorization information which is stored by the server and is associated with the terminal equipment when the server determines that the first authentication times are the same as the second authentication times, the second authentication times are authentication times which are stored by the server and correspond to the authentication of the terminal equipment, and the server determines whether the first authentication times are the same as the second authentication times based on the first data information;

detecting whether second authorization information is the same as the first authorization information or not according to third data information and the second data information, wherein the third data information is generated based on the second authorization information related to the terminal equipment;

and under the condition that the second authorization information is the same as the first authorization information, determining to acquire the operation authority of the algorithm program, updating the first authentication times, and sending an updating instruction for updating the second authentication times to the server.

In a second aspect, an embodiment of the present application provides an apparatus authorization method, which is applied to a server, and includes:

under the condition that a terminal device authenticates the server and the authentication is passed, receiving first data information reported by the terminal device, wherein the first data information comprises a media access control (Mac) address of the terminal device, a first random number and an encrypted first target value, and the first target value is determined based on the Mac address, the first random number and a first authentication frequency corresponding to the terminal device authentication and stored by the terminal device;

detecting whether the first authentication times are the same as second authentication times stored by the server or not according to the first data information, wherein the second authentication times are authentication times corresponding to the authentication of the terminal equipment and stored by the server;

under the condition that the first authentication times are the same as the second authentication times, second data information is generated based on stored first authorization information associated with the terminal equipment, and the second data information is sent to the terminal equipment after being encrypted;

receiving an update instruction for updating the second authentication times sent by the terminal device and updating the second authentication times under the condition that the terminal device determines that second authorization information is the same as the first authorization information based on third data information and the decrypted second data information;

the third data information is generated based on second authorization information associated with the terminal device, and the terminal device deploying the algorithm program acquires the operation authority of the algorithm program under the condition that the second authorization information is the same as the first authorization information.

In a third aspect, an embodiment of the present application provides an apparatus authorization device, which is applied to a terminal apparatus for deploying an algorithm program, and includes:

a first reporting module, configured to report, to a server, first data information when the server passes authentication, where the first data information includes a media access control Mac address of the terminal device, a first random number, and an encrypted first target value, and the first target value is determined based on the Mac address, the first random number, and a first authentication number corresponding to authentication of the terminal device, where the first authentication number is stored in the terminal device;

a receiving decryption module, configured to receive and decrypt encrypted second data information fed back by the server to obtain the second data information, where the second data information is generated based on first authorization information associated with the terminal device and stored in the server when the server determines that the first authentication frequency is the same as the second authentication frequency, the second authentication frequency is an authentication frequency corresponding to the terminal device and stored in the server, and the server determines whether the first authentication frequency is the same as the second authentication frequency based on the first data information;

the first detection module is used for detecting whether second authorization information is the same as the first authorization information or not according to third data information and the second data information, wherein the third data information is generated based on the second authorization information related to the terminal equipment;

and the first processing module is used for determining and acquiring the operation authority of the algorithm program under the condition that the second authorization information is the same as the first authorization information, updating the first authentication times and sending an updating instruction for updating the second authentication times to the server.

In a fourth aspect, an embodiment of the present application provides an apparatus authorization apparatus, which is applied to a server, and includes:

a first receiving module, configured to receive first data information reported by a terminal device when the terminal device authenticates the server and the authentication passes, where the first data information includes a media access control Mac address of the terminal device, a first random number, and an encrypted first target value, and the first target value is determined based on the Mac address, the first random number, and a first authentication number corresponding to the terminal device authentication and stored in the terminal device;

the second detection module is used for detecting whether the first authentication times are the same as second authentication times stored by the server according to the first data information, wherein the second authentication times are authentication times corresponding to the authentication of the terminal equipment and stored by the server;

a generation and transmission module, configured to generate second data information based on the stored first authorization information associated with the terminal device, encrypt the second data information, and transmit the second data information to the terminal device when the first authentication frequency is the same as the second authentication frequency;

a receiving and updating module, configured to receive, when the terminal device determines that second authorization information is the same as the first authorization information based on third data information and the decrypted second data information, an update instruction for updating the second authentication frequency sent by the terminal device, and update the second authentication frequency;

In a fifth aspect, embodiments of the present application provide a computer device, which includes a processor and a memory, where at least one instruction, at least one program, a set of codes, or a set of instructions is stored in the memory, and the at least one instruction, the at least one program, the set of codes, or the set of instructions is loaded and executed by the processor to implement the method according to the first aspect or the second aspect.

In a sixth aspect, embodiments of the present application provide a computer-readable storage medium having stored therein at least one instruction, at least one program, set of codes, or set of instructions, which is loaded and executed by a processor to implement the method according to the first or second aspect.

In a seventh aspect, the present application provides a computer program product, which when executed, is configured to perform the method of the first aspect or the second aspect.

According to the technical scheme of the embodiment of the application, when the server passes the authentication, the first data information is reported to the server, the server determines that the first authentication frequency stored by the terminal equipment is the same as the second authentication frequency stored by the server based on the first data information, generates the second data information based on the first authorization information, encrypts the second data information and feeds the second data information back to the terminal equipment, the terminal equipment detects whether the first authorization information and the second authorization information are the same according to the second data information and the third data information generated based on the second authorization information, and determines that the authorization authentication of the terminal equipment passes and the terminal equipment obtains the operation authority of the algorithm program and updates the first authentication frequency and sends an updating instruction to the server, so that whether the algorithm program can normally operate on the terminal equipment can be determined based on the authentication frequency and the authorization information, the method and the device realize accurate authorization and authentication of the terminal equipment for deploying the algorithm program, and can save the authorization and authentication cost because hardware does not need to be added.

Furthermore, by encrypting the first target value and the second data information, the data can be prevented from being illegally tampered, the security of the data is ensured, the normal operation of the authorization authentication can be further ensured, and the accurate authorization authentication of the terminal equipment can be ensured.

Drawings

Fig. 1 shows a schematic diagram of a device authorization method at a terminal device side according to an embodiment of the present application;

fig. 2 is a schematic diagram illustrating a device authorization method on a server side according to an embodiment of the present application;

fig. 3 is a schematic diagram illustrating an interaction flow between a server and a terminal device according to an embodiment of the present application;

fig. 4 is a schematic diagram illustrating an apparatus authorization apparatus on a terminal device side according to an embodiment of the present application;

fig. 5 is a schematic diagram illustrating a device authorization apparatus on a server side according to an embodiment of the present application;

fig. 6 is a block diagram of a computer device according to an embodiment of the present application.

Detailed Description

The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some, but not all, of the embodiments of the present application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.

It should be appreciated that reference throughout this specification to "one embodiment" or "an embodiment" means that a particular feature, structure or characteristic described in connection with the embodiment is included in at least one embodiment of the present application. Thus, the appearances of the phrases "in one embodiment" or "in an embodiment" in various places throughout this specification are not necessarily all referring to the same embodiment. Furthermore, the particular features, structures, or characteristics may be combined in any suitable manner in one or more embodiments.

In various embodiments of the present application, it should be understood that the sequence numbers of the following processes do not mean the execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present application.

Aiming at the defects that the authorization authentication cannot be accurately carried out and the authorization authentication cost is high when the authorization authentication is carried out on equipment for deploying the algorithm program in the prior art, the invention provides the equipment authorization method, which determines whether the algorithm program deployed on the terminal equipment can normally run or not by comparing the authentication times of the terminal equipment and a server so as to avoid the condition that the algorithm program is run on unauthorized equipment through a clone mirror image, ensure the rights and interests of an algorithm developer and save the authorization authentication cost.

Referring to fig. 1, a method for authorizing a device provided in an embodiment of the present application is described below, where the method is applied to a terminal device that deploys an algorithm program, and the method includes:

step 101, reporting first data information to a server when the server passes authentication, where the first data information includes a media access control Mac address of the terminal device, a first random number, and an encrypted first target value, and the first target value is determined based on the Mac address, the first random number, and a first authentication number corresponding to authentication of the terminal device, where the first authentication number is stored in the terminal device.

The device authorization method provided by the embodiment of the application comprises the steps that the terminal device authenticates the server, the server authenticates the terminal device under the condition that the authentication is passed so as to realize bidirectional authentication, and the authentication of the server on the terminal device is the authorization authentication of an algorithm program operated on the terminal device.

In the following, description is made for a case where the server authenticates the terminal device, and the terminal device reports, to the server, first data information including a Media Access Control (Mac) address, a first random number, and an encrypted first target value of the terminal device based on communication with the server. The terminal equipment encrypts the first target value after determining the first target value, determines first data information according to the Mac address, the first random number and the encrypted first target value, and reports the first data information to the server. Wherein, by encrypting the first target value, the first target value can be prevented from being tampered so as to ensure the security of the first target value.

102, receiving and decrypting encrypted second data information fed back by the server to obtain the second data information, where the second data information is generated based on first authorization information stored by the server and associated with the terminal device when the server determines that the first authentication frequency is the same as the second authentication frequency, the second authentication frequency is an authentication frequency corresponding to the terminal device authentication and stored by the server, and the server determines whether the first authentication frequency is the same as the second authentication frequency based on the first data information.

After the terminal device reports the first data information to the server, since the first data information includes the encrypted first target value, the first target value is determined based on the Mac address, the first random number, and the first authentication number, it may be detected by the server according to the first data information whether the first authentication number is the same as a second authentication number stored by the server and associated with the current terminal device. For the server, the authentication times corresponding to each terminal device are recorded.

Step 103, detecting whether second authorization information is the same as the first authorization information or not according to third data information and the second data information, wherein the third data information is generated based on the second authorization information associated with the terminal device.

The terminal device may generate third data information based on second authorization information associated with the terminal device, where the second authorization information is an authorization string of the terminal device, and specifically is a device authorization code. The third data information and the second data information are generated based on the same strategy, the generation parameters corresponding to the second data information comprise first authorization information and target parameters, and the generation parameters corresponding to the third data information comprise second authorization information and target parameters. The third data information may be generated in advance, or may be generated after the second data information is acquired.

After the second data information and the third data information are obtained, since the generation parameter corresponding to the second data information includes the first authorization information and the target parameter, and the generation parameter corresponding to the third data information includes the second authorization information and the target parameter, it is possible to detect whether the second authorization information and the first authorization information are the same according to the third data information and the second data information.

And step 104, determining to acquire the operation authority of the algorithm program under the condition that the second authorization information is the same as the first authorization information, updating the first authentication times, and sending an updating instruction for updating the second authentication times to the server.

And under the condition that the second authorization information is the same as the first authorization information, determining that the authorization authentication of the terminal equipment passes, and enabling the terminal equipment to acquire the operation authority of the algorithm program so as to execute the algorithm program. And under the condition that the second authorization information is the same as the first authorization information, the terminal equipment completes one-time authentication, and adds 1 to the first authentication frequency so as to update the first authentication frequency. The terminal device needs to send an update instruction for updating the second authentication frequency to the server, so that the server can add 1 to the second authentication frequency according to the update instruction to update the second authentication frequency.

In the implementation process of the application, when the server passes the authentication, the first data information is reported to the server, the server determines that the first authentication frequency stored in the terminal device is the same as the second authentication frequency stored in the server based on the first data information, generates the second data information based on the first authorization information, encrypts the second data information and feeds the second data information back to the terminal device, the terminal device detects whether the first authorization information and the second authorization information are the same according to the second data information and the third data information generated based on the second authorization information, and determines that the terminal device passes the authorization authentication and the terminal device obtains the operation authority of the algorithm program and updates the first authentication frequency and sends an update instruction to the server, so that whether the algorithm program can normally operate on the terminal device can be determined based on the authentication frequency and the authorization information, and accurate authorization authentication of the terminal device deploying the algorithm program can be realized, and the authorization authentication cost can be saved because hardware does not need to be added.

Furthermore, by encrypting the first target value and the second data information, the data can be prevented from being illegally tampered, the security of the data is ensured, the normal operation of the authorization authentication can be ensured, and the accurate authorization authentication of the terminal device can be ensured.

The following describes a procedure for authenticating a server by a terminal device, and the method further includes: receiving request information which is sent by the server and encrypted by a first private key; decrypting the encrypted request information according to the first public key in the prefabricated certificate; and under the condition of successful decryption, determining that the server passes the authentication, and feeding back response information carrying an authentication passing notification to the server.

The terminal device stores a prefabricated certificate, and the prefabricated certificate at least comprises a first public key, a certificate validity period and a certificate issuer. When the terminal equipment authenticates the server, request information sent by the server and encrypted by the first private key is received, and the request information sent by the server can be an HTTP request or an HTTPS request.

After receiving the request information which is sent by the server and encrypted by the first private key, the encrypted request information is decrypted by using the first public key in the prefabricated certificate, and under the condition of successful decryption, the request information can be obtained, at the moment, the first public key and the first private key are determined to be a public-private key pair, the server passes authentication, and response information carrying authentication passing notification can be fed back to the server. And under the condition that the decryption is unsuccessful, determining that the server fails to pass the authentication, and feeding back response information carrying the authentication failure notice to the server. The response information may be an HTTP response or an HTTPs response. By sending the notification that the authentication is passed or not passed to the server, the server can know the authentication condition of the terminal equipment to the server in time.

In the implementation process, the server authentication can be performed based on the decryption condition by receiving the request information which is sent by the server and encrypted by the first private key, decrypting the request information by using the first public key in the pre-manufactured certificate, determining that the server passes the authentication if the decryption is successful, feeding back the response information carrying the authentication passing notification to the server, determining that the server fails the authentication if the decryption is unsuccessful, feeding back the response information carrying the authentication failing notification to the server, and feeding back the corresponding notification to the server.

Wherein, the step 101 of reporting the first data information to the server includes:

determining the first target value by adopting a first target calculation strategy based on the Mac address, the first random number and the first authentication times;

encrypting the first target value by using a second private key;

and determining the first data information according to the Mac address, the first random number and the encrypted first target value, and reporting the first data information to the server.

When the terminal device reports the first data information to the server, it needs to determine a first target value based on the Mac address, the first random number, and the first authentication frequency by using a first target calculation policy, where the first target calculation policy may be a Secure Hash Algorithm (SHA), such as a SHA128 Algorithm, a SHA256 Algorithm, and a SHA512 Algorithm, in this embodiment, the SHA256 Algorithm is taken as an example for explanation, and the Mac address, the first random number, and the first authentication frequency are calculated by using the SHA256 Algorithm, and the obtained SHA256 value is the first target value.

After the first target value is obtained, the second private key is used for encrypting the first target value, then first data information is determined according to the Mac address, the first random number and the encrypted first target value, and the first data information is reported to the server. It should be noted that, by encrypting the first target value, the first authentication times can be protected, and unauthorized devices are prevented from tampering with the first target value or stealing the first target value.

By generating the first target value based on the first target calculation policy, and determining the first data information based on the Mac address, the first random number, and the encrypted first target value after encrypting the first target value, it is possible to facilitate the server to verify whether the first authentication number is the same as the second authentication number stored by the server based on the first data information.

The second data information is encrypted by a second public key, and a second private key corresponding to the second public key is stored in the terminal equipment;

the receiving and decrypting the encrypted second data information fed back by the server to obtain the second data information includes:

and when second data information encrypted by the second public key is received, decrypting based on the second private key to obtain the second data information.

The server encrypts the second data information by using the second public key, the terminal device stores the second private key corresponding to the second public key, and when the terminal device receives and decrypts the encrypted second data information fed back by the server, the method specifically comprises the following steps: and receiving second data information which is fed back by the server and encrypted by the second public key, and then carrying out decryption processing on the encrypted second data information based on the second private key to obtain the second data information.

The second public key and the second private key are a public and private key pair, and the second public key is reported to the server by the terminal device, specifically: before the terminal device reports the first data information to the server, the method further includes:

reporting the MAC address of the terminal equipment and a second public key corresponding to the terminal equipment to the server, wherein the second public key and the second private key are matched to form a public and private key pair;

the MAC address and the second public key form an association relation, the second public key is used for decryption when the second private key is used for encryption, and the second public key is used for encryption when the second private key is used for decryption.

After the terminal device obtains the public and private key pair (the second public key and the second private key), the second private key is reserved, the second public key is reported to the server, the terminal device also needs to report the MAC address to the server, and the MAC address reported by the terminal device and the second public key form an association relationship. The public and private key pair in this embodiment may be a public and private key pair of a Rivest Shamir Adleman (RSA), that is, the second public key is an RSA public key, the second private key is an RSA private key, or may be a public and private key pair of an ECC elliptic cryptographic algorithm.

The server generates second data information when determining that the first authentication times are the same as the second authentication times stored in the server based on the first data information reported by the terminal device, determines a corresponding second public key based on the MAC address of the terminal device, encrypts the second data information based on the determined second public key, and feeds back the second data information encrypted by the second public key to the terminal device. The terminal device decrypts the encrypted second data information based on the second private key to obtain the second data information, and at this time, the second public key is used for encryption and the second private key is used for decryption.

In the implementation process of the application, after the first data information including the MAC address, the first random number and the first target value encrypted by the second private key is uploaded by reporting the MAC address and the second public key to the server, the server decrypts the first target value based on the second public key to obtain the first target value so as to protect the first target value; after the server generates the second data information, the server can encrypt the second data information based on the second public key and feed the second data information back to the terminal device, and the terminal device decrypts the second data information based on the second private key to obtain the second data information so as to protect the second data information; the data can be prevented from being illegally tampered by encrypting the data, and the safety of the data is ensured.

Step 103, detecting whether the second authorization information is the same as the first authorization information according to the third data information and the second data information, includes:

detecting whether the third data information and the second data information are the same, wherein the second data information is generated according to the Mac address, the first random number and the first authorization information, the third data information is generated according to the Mac address, the first random number and the second authorization information, and the second data information and the third data information both correspond to a second target calculation strategy;

and determining that the second authorization information is the same as the first authorization information when the third data information is the same as the second data information.

After the terminal device obtains the encrypted second data information fed back by the server and decrypts the encrypted second data information, it needs to detect whether the second authorization information is the same as the first authorization information based on the third data information and the second data information.

The second data information is generated by the server by adopting a second target calculation strategy based on the Mac address, the first random number and first authorization information which is stored by the server and is associated with the terminal equipment; and the third data information is generated by the terminal equipment by adopting a second target calculation strategy based on the Mac address, the first random number and second authorization information which is stored by the terminal equipment and is associated with the terminal equipment. The third data information may be generated in advance, or may be generated after the terminal device acquires the second data information. In this embodiment of the present application, the second target calculation policy is an SHA algorithm, such as an SHA128 algorithm, an SHA256 algorithm, and an SHA512 algorithm, in this embodiment, the SHA256 algorithm is taken as an example for explanation, the Mac address, the first random number, and the first authorization information are calculated through the SHA256 algorithm, the obtained SHA256 value is second data information, the Mac address, the first random number, and the second authorization information are calculated through the SHA256 algorithm, and the obtained SHA256 value is third data information.

Since the second data information and the third data information correspond to the same calculation policy, the generation parameters corresponding to the second data information include the first authorization information and the target parameters (Mac address and first random number), and the generation parameters corresponding to the third data information include the second authorization information and the target parameters (Mac address and first random number), it is possible to detect whether the second authorization information and the first authorization information are the same according to the third data information and the second data information. And determining that the second authorization information is the same as the first authorization information under the condition that the third data information is the same as the second data information.

In the implementation process, the terminal device determines whether the first authorization information is the same as the second authorization information by comparing the second data information fed back by the server with the third data information generated by the terminal device, and can check the authorization information in a simple and convenient manner.

Optionally, the algorithm program at least comprises a main program file, an encrypted model file, and at least one library file; when the algorithm program runs and calls the model file, the method further comprises the following steps: decrypting the encrypted model file based on a GPU (graphics processing Unit) to obtain a model output result corresponding to model input information based on the model file; when the algorithm program runs and the main program file calls the target library file, the method further comprises the following steps: and checking the target library file, and allowing the target library file to be normally called under the condition that the checking is passed.

The algorithm program in the embodiment of the application at least comprises a main program file, an encrypted model file and at least one library file. Wherein the model file may be encrypted using Advanced Encryption Standard (AES) to prevent the model file from being used for other projects.

When the algorithm program runs and the model file is called, a Graphic Processing Unit (GPU) decrypts the encrypted model file, after decryption is completed, model input information is processed by the model file, a model output result is obtained, encryption protection is achieved when the model file is not needed to be used, the model file is quickly decrypted based on the GPU when the model file is needed to be used, and the model output result is obtained based on the model file.

Taking the model file corresponding to the detection model for detecting whether the reflective garment is standard or not as an example, the process of determining the model file based on model training and obtaining the model output result based on the model file is briefly described. During model training, pictures of correctly wearing reflective clothes, unnormally wearing reflective clothes and not wearing reflective clothes in a large number of field operations such as construction sites are collected and used as positive and negative samples, and model training is carried out through a yolov5 algorithm to obtain a detection model (corresponding to a model file). Wherein the (You Only Look Once, yolo) algorithm is a deep learning algorithm. The conditions that the reflective clothes are worn correctly, the reflective clothes are worn irregularly and the reflective clothes are not worn can be distinguished through the detection model. When the terminal equipment calls the model file, the model file is used for detecting the image of the construction worker in the construction site so as to identify whether the worker wears the reflective clothes in a standard way.

In the implementation process, the model file is encrypted and protected when not needed, and is quickly decrypted based on the GPU when the model file is needed, so that the model file can be prevented from being used for other projects, and a model output result can be quickly obtained based on the model file; by verifying the target library file, the target library file can be protected.

The above is an apparatus authorization method at a terminal device side in the embodiment of the application, where, when a server passes authentication, the server reports first data information to the server, the server determines, based on the first data information, that a first authentication frequency stored in the terminal device is the same as a second authentication frequency stored in the server, generates second data information based on the first authorization information, encrypts the second data information and feeds the encrypted second data information back to the terminal device, the terminal device detects, according to the second data information and third data information generated based on the second authorization information, whether the first authorization information and the second authorization information are the same, and determines that the terminal device passes the authorization authentication, the terminal device obtains an operation authority of an algorithm program, updates the first authentication frequency, sends an update instruction to the server, and can determine, based on the authentication frequency and the authorization information, whether the algorithm program can normally operate on the terminal device, the method and the device realize accurate authorization and authentication of the terminal equipment for deploying the algorithm program, and can save the cost of the authorization and authentication because hardware does not need to be added.

Furthermore, by encrypting the first target value and the second data information, the data can be prevented from being illegally tampered, the security of the data is ensured, the normal operation of the authorization authentication can be ensured, and the accurate authorization authentication of the terminal equipment can be ensured.

By performing server authentication based on whether decryption is successful, authentication of the server can be quickly achieved; by comparing the second data information with the third data information, whether the first authorization information is the same as the second authorization information is determined, and the authorization information can be checked based on a simple and convenient mode; the model file and the target library file can be protected by encrypting the model file and verifying the target library file.

An embodiment of the present application further provides an apparatus authorization method, applied to a server, as shown in fig. 2, including:

step 201, receiving first data information reported by a terminal device under the condition that the terminal device authenticates the server and the authentication passes, where the first data information includes a media access control Mac address of the terminal device, a first random number, and an encrypted first target value, and the first target value is determined based on the Mac address, the first random number, and a first authentication number corresponding to the terminal device authentication and stored in the terminal device.

According to the device authorization method provided by the embodiment of the application, after the terminal device authenticates the server and the authentication is passed, the server authenticates the terminal device to realize bidirectional authentication, and the authentication of the server on the terminal device is the authorization authentication of the terminal device to run the algorithm program.

The following description is directed to a case where the server authenticates the terminal device, and the server receives, based on communication with the terminal device, first data information including a Mac address, a first random number, and an encrypted first target value of the terminal device, which are reported by the terminal device. The first target value is determined based on the Mac address, the first random number and the first authentication frequency stored by the terminal equipment, the first random number is a value randomly selected by the terminal equipment, the terminal equipment encrypts the first target value after determining the first target value, and the first data information is determined according to the Mac address, the first random number and the encrypted first target value. Wherein, by encrypting the first target value, the first target value can be prevented from being tampered so as to ensure the security of the first target value.

Step 202, detecting whether the first authentication times are the same as second authentication times stored by the server according to the first data information, where the second authentication times are authentication times corresponding to the authentication of the terminal device and stored by the server.

The server records the authentication times corresponding to each terminal device, and since the first target value is determined based on the Mac address, the first random number and the first authentication times, the first data information includes the encrypted first target value, and after receiving the first data information reported by the terminal device, the server can detect whether the first authentication times are the same as the second authentication times stored by the server and associated with the current terminal device according to the first data information.

Step 203, generating second data information based on the stored first authorization information associated with the terminal device, encrypting the second data information, and sending the second data information to the terminal device, when the first authentication frequency is the same as the second authentication frequency.

When the first authentication times are the same as the second authentication times, the server generates second data information, encrypts the second data information and feeds the second data information back to the terminal device, wherein the second data information is generated based on first authorization information which is stored by the server and is associated with the terminal device (current terminal device), and the first authorization information is an authorization character string which is stored by the server and corresponds to the terminal device, and specifically is a device authorization code. And the terminal equipment receives the encrypted second data information fed back by the server and then carries out decryption processing to obtain the second data information. By performing encryption processing on the second data information, the second data information can be prevented from being tampered.

Step 204, receiving an update instruction for updating the second authentication frequency sent by the terminal device and updating the second authentication frequency, when the terminal device determines that the second authorization information is the same as the first authorization information based on the third data information and the decrypted second data information; wherein the third data information is generated based on second authorization information associated with the terminal device.

After the server sends the encrypted second data information to the terminal equipment, the terminal equipment decrypts the encrypted second data information to obtain the second data information, and determines whether the first authorization information and the second authorization information are the same according to the second data information and the third data information. The second authorization information is an authorization character string of the terminal device stored in the terminal device, specifically, a device authorization code. The third data information and the second data information are generated based on the same strategy, the generation parameters corresponding to the second data information comprise the first authorization information and the target parameters, and the generation parameters corresponding to the third data information comprise the second authorization information and the target parameters. The third data information may be generated in advance, or may be generated after the second data information is acquired.

And under the condition that the second authorization information is the same as the first authorization information, determining that the authorization authentication of the terminal equipment for deploying the algorithm program passes, acquiring the operation authority of the algorithm program by the terminal equipment, under the condition that the second authorization information is the same as the first authorization information, finishing one-time authentication by the terminal equipment, adding 1 on the basis of the first authentication frequency to update the first authentication frequency, receiving an update instruction for updating the second authentication frequency, sent by the terminal equipment, by the server, and adding 1 on the basis of the second authentication frequency according to the update instruction to realize updating the second authentication frequency.

In the implementation process of the application, when the server passes the authentication, the first data information reported by the terminal device is received, the first authentication frequency is determined to be the same as the second authentication frequency based on the first data information, the second data information is generated based on the first authorization information and is encrypted and fed back to the terminal device, so that the terminal device detects whether the first authorization information and the second authorization information are the same according to the second data information and the third data information generated based on the second authorization information, when the first authorization information and the second authorization information are the same, the authorization authentication of the terminal device is determined to pass, the first authentication frequency is updated, the update instruction is sent to the server, the server updates the second authentication frequency according to the update instruction, whether the algorithm program can normally run on the terminal device can be determined based on the authentication frequency and the authorization information, and accurate authorization authentication of the terminal device deploying the algorithm program is realized, and the authorization authentication cost can be saved because hardware does not need to be added.

The following describes a procedure for authenticating a server by a terminal device, and the method further includes: sending request information encrypted by a first private key to the terminal equipment; and under the condition that the terminal equipment successfully decrypts the encrypted request information according to the first public key in the pre-manufactured certificate, receiving response information which is fed back by the terminal equipment and carries an authentication passing notice, and determining that the server passes the authentication.

The terminal device stores a prefabricated certificate, wherein the prefabricated certificate at least comprises a first public key, a certificate validity period and a certificate issuer. When the terminal equipment authenticates the server, the server sends request information encrypted by the first private key to the terminal equipment, and the request information can be an HTTP request or an HTTPS request.

After receiving the request information which is sent by the server and encrypted by the first private key, the terminal equipment decrypts the encrypted request information by using the first public key in the prefabricated certificate, and can obtain the request information under the condition of successful decryption, at the moment, the first public key and the first private key are determined to be a public and private key pair, the server passes authentication, and the server receives response information which is fed back by the terminal equipment and carries an authentication passing notice. And under the condition that the decryption is unsuccessful, determining that the server fails to pass the authentication, and receiving response information carrying the authentication failure notice fed back by the terminal equipment by the server. The response information may be an HTTP response or an HTTPs response. By receiving the notice that the authentication is passed or not passed, which is sent by the terminal equipment, the authentication condition can be known in time.

In the implementation process, when the terminal device successfully decrypts the encrypted request information based on the first public key, the server determines that the server passes the authentication, and the server receives the response information carrying the authentication passing notification, and when the terminal device does not successfully decrypt the request information, the server determines that the server fails the authentication, and the server receives the response information carrying the authentication failing notification, so that the server authentication based on the decryption condition can be realized.

Step 202, detecting whether the first authentication times is the same as the second authentication times stored by the server according to the first data information, includes:

determining a second target value by adopting a first target calculation strategy based on the Mac address, the first random number and the second authentication times;

decrypting the encrypted first target value by using a second public key to obtain the first target value;

determining that the first number of authentications is the same as the second number of authentications, in a case where the first target value is the same as the second target value;

the encrypted key corresponding to the encrypted first target value is a second private key, and the second public key corresponds to the second private key.

After the server acquires the first data information, the server determines a second target value by adopting a first target calculation strategy based on the Mac address, the first random number and the second authentication times stored by the server. The server decrypts the encrypted first target value by using the second public key to obtain the first target value. And then comparing the first target value with the second target value, wherein the second target value is determined by adopting a first target calculation strategy based on the Mac address, the first random number and the second authentication frequency, the first target value is determined by adopting the first target calculation strategy based on the Mac address, the first random number and the first authentication frequency, and the first authentication frequency is determined to be the same as the second authentication frequency when the first target value and the second target value are the same.

By determining the second target value, comparing the second target value with the first target value, and determining that the first authentication number is the same as the second authentication number when the second target value is the same, the number of authentications can be checked in a simple manner.

The sending the encrypted second data information to the terminal device includes:

and encrypting the second data information based on a second public key, and sending the encrypted second data information to the terminal equipment.

And when the server generates second data information and encrypts and sends the second data information to the terminal equipment, the server encrypts the second data information through the second public key and sends the encrypted second data information to the terminal equipment, so that the terminal equipment decrypts based on the stored second private key to acquire the second data information.

When the server generates second data information, based on the Mac address, the first random number, and the first authorization information, generating by using a second target calculation policy, specifically: and the server generates second data information by adopting a second target calculation strategy based on the Mac address, the first random number and first authorization information which is stored by the server and is associated with the terminal equipment. The second target calculation policy may be an SHA algorithm, such as an SHA256 algorithm, an SHA128 algorithm, and an SHA512 algorithm, and in the embodiment of the present application, an SHA256 algorithm may be taken as an example for description, that is, a Mac address, a first random number, and first authorization information are calculated through the SHA256 algorithm, and an obtained SHA256 value is second data information. The second target calculation strategy may be the same as or different from the first target calculation strategy, and both of the two strategies belong to an SHA series algorithm, for example, both the first target calculation strategy and the second target calculation strategy are SHA256 algorithms, or the first target calculation strategy is an SHA256 algorithm and the second target calculation strategy is an SHA512 algorithm.

For the above implementation process, before receiving the first data information reported by the terminal device, the method further includes:

receiving the MAC address reported by the terminal equipment and a second public key corresponding to the terminal equipment, wherein the second public key and a second private key are matched to form a public and private key pair;

the MAC address and the second public key form an association relation, when the second private key is used for encryption, the second public key is used for decryption, and when the second private key is used for decryption, the second public key is used for encryption.

The terminal device can obtain a public and private key pair (a second public key and a second private key), the server receives the second public key and the MAC address reported by the terminal device, an association relation between the MAC address and the second public key is established, and the second private key is reserved in the terminal device. The public and private key pair in this embodiment may be an RSA public and private key pair, that is, the second public key is an RSA public key, the second private key is an RSA private key, or may be a public and private key pair of an ECC elliptic cryptosystem.

The server generates second data information when determining that the first authentication times are the same as the second authentication times stored by the server based on the first data information reported by the terminal device, determines a corresponding second public key based on the MAC address of the terminal device, encrypts the second data information according to the second public key, and feeds back the second data information encrypted by the second public key to the terminal device. The terminal device may decrypt the encrypted second data information based on the second private key to obtain the second data information, where the second public key is used for encryption and the second private key is used for decryption.

After the terminal equipment generates the first target value, the first target value is encrypted by using a second private key, and first data information is determined according to the Mac address, the first random number and the encrypted first target value and reported to the server. After the server acquires the first data information, a first target calculation strategy is adopted to determine a second target value based on the Mac address, the first random number and the second authentication times stored by the server, the encrypted first target value is decrypted by using a second public key, and the first target value is acquired, wherein the second public key is used for decryption, and the second private key is used for encryption. The first target value and the second target value are then compared, and when the first target value and the second target value are equal, it is determined that the first authentication number is the same as the second authentication number.

In the process, the second public key can be used for encryption or decryption by receiving the MAC address and the second public key reported by the terminal equipment, and the required data is obtained by decryption while the data security is ensured.

The above is an apparatus authorization method at a server side in the embodiment of the application, where, when a server passes authentication, first data information reported by a terminal device is received, it is determined based on the first data information that a first authentication frequency is the same as a second authentication frequency stored by the server, second data information is generated based on the first authorization information, and is encrypted and fed back to the terminal device, so that the terminal device detects whether the first authorization information and the second authorization information are the same according to the second data information and third data information generated based on the second authorization information, and when the first authorization information and the second authorization information are the same, it is determined that the authorization authentication of the terminal device passes, the first authentication frequency is updated, an update instruction is sent to the server, and the server updates the second authentication frequency according to the update instruction, and can determine whether an algorithm program can normally run on the terminal device based on the authentication frequency and the authorization information, the method and the device realize accurate authorization and authentication of the terminal equipment for deploying the algorithm program, and can save the cost of the authorization and authentication because hardware does not need to be added.

By performing server authentication based on whether decryption is successful, authentication of the server can be quickly achieved; by comparing the first target value and the second target value, and determining that the first authentication number is the same as the second authentication number when the first target value and the second target value are the same, the verification of the authentication number can be performed in a simple manner.

The following describes a process of interacting between a terminal device and a server through an implementation flow, and as shown in fig. 3, the process includes the following steps:

step 301, the server sends the request information encrypted by the first private key to the terminal device.

Step 302, the terminal device decrypts the encrypted request information according to the first public key in the pre-manufactured certificate. And under the condition of successful decryption, determining that the server passes the authentication, and feeding back response information carrying the authentication passing notification to the server, and under the condition of failed decryption, determining that the server fails the authentication, and feeding back response information carrying the authentication failing notification to the server. And in case the decryption is successful,step 303 is continued.

Step 303, the terminal device reports first data information to the server, where the first data information includes a Mac address, a first random number, and an encrypted first target value, and the first target value is determined based on the Mac address, the first random number, and the first authentication number.

And step 304, the server detects whether the first authentication times are the same as the second authentication times stored by the server according to the first data information, and executes step 305 under the condition of the same, otherwise, the authentication of the terminal device is determined to be failed.

And 305, generating second data information by the server based on the stored first authorization information associated with the terminal equipment, encrypting the second data information and then sending the second data information to the terminal equipment.

Step 306, the terminal device decrypts the encrypted second data information to obtain the second data information, detects whether the second authorization information is the same as the first authorization information according to the third data information and the second data information, executesstep 307 under the same condition, otherwise determines that the authentication of the terminal device is not passed. Wherein the third data information is determined based on the second authorization information.

And 307, the terminal equipment determines to acquire the operation authority of the algorithm program, updates the first authentication times and sends an update instruction for updating the second authentication times to the server.

And step 308, the server updates the second authentication times according to the updating indication.

The implementation process introduces the interaction between the terminal equipment and the server, can determine whether the algorithm program in the terminal equipment can normally run or not based on the authentication times and the authorization information, realizes accurate authorization and authentication on the terminal equipment for deploying the algorithm program, and can save the authorization and authentication cost due to no need of adding hardware.

An apparatus authorization device provided in an embodiment of the present application is applied to a terminal apparatus for deploying an algorithm program, and as shown in fig. 4, the apparatus authorization device includes:

afirst reporting module 401, configured to report, to a server, first data information when the server passes authentication, where the first data information includes a Mac address of the terminal device, a first random number, and an encrypted first target value, and the first target value is determined based on the Mac address, the first random number, and a first authentication number corresponding to authentication of the terminal device, where the first authentication number is stored in the terminal device;

a receiving and decryptingmodule 402, configured to receive and decrypt the encrypted second data information fed back by the server to obtain the second data information, where the second data information is generated based on first authorization information that is stored in the server and is associated with the terminal device when the server determines that the first authentication time is the same as the second authentication time, the second authentication time is authentication time corresponding to authentication of the terminal device and stored in the server, and the server determines, based on the first data information, whether the first authentication time is the same as the second authentication time;

a first detectingmodule 403, configured to detect whether second authorization information is the same as the first authorization information according to third data information and the second data information, where the third data information is generated based on the second authorization information associated with the terminal device;

afirst processing module 404, configured to determine to obtain the operation permission of the algorithm program, update the first authentication times, and send an update instruction for updating the second authentication times to the server, where the second authorization information is the same as the first authorization information.

Optionally, the apparatus further comprises:

the second receiving module is used for receiving the request information which is sent by the server and encrypted by the first private key;

the first decryption module is used for decrypting the encrypted request information according to the first public key in the prefabricated certificate;

and the determining feedback module is used for determining that the server passes the authentication under the condition of successful decryption, and feeding back response information carrying the authentication passing notification to the server.

Optionally, the first reporting module includes:

a first determining submodule, configured to determine the first target value by using a first target calculation policy based on the Mac address, the first random number, and the first authentication number;

an encryption submodule, configured to encrypt the first target value using a second private key;

and the determining and reporting submodule is used for determining the first data information according to the Mac address, the first random number and the encrypted first target value and reporting the first data information to the server.

Optionally, the second data information is encrypted by a second public key, and the terminal device stores a second private key corresponding to the second public key;

the receive decryption module is further to:

Optionally, the apparatus further comprises:

a second reporting module, configured to report the MAC address of the terminal device and a second public key corresponding to the terminal device to the server before the first reporting module reports the first data information to the server, where the second public key and the second private key cooperate to form a public-private key pair;

Optionally, the first detection module includes:

the detection submodule is used for detecting whether the third data information and the second data information are the same or not, the second data information is generated according to the Mac address, the first random number and the first authorization information, the third data information is generated according to the Mac address, the first random number and the second authorization information, and the second data information and the third data information both correspond to a second target calculation strategy;

a second determining sub-module, configured to determine that the second authorization information is the same as the first authorization information when the third data information is the same as the second data information.

Optionally, the algorithm program at least comprises a main program file, an encrypted model file and at least one library file; when the algorithm program runs and the model file is called, the device further comprises:

the second decryption module is used for decrypting the encrypted model file based on the GPU so as to obtain a model output result corresponding to the model input information based on the model file;

when the algorithm program runs and the main program file calls the target library file, the device further comprises:

and the second processing module is used for verifying the target library file and allowing the target library file to be normally called under the condition that the verification is passed.

An apparatus authorization device provided in an embodiment of the present application is applied to a server, and as shown in fig. 5, the apparatus authorization device includes:

afirst receiving module 501, configured to receive first data information reported by a terminal device when the terminal device authenticates the server and the authentication passes, where the first data information includes a Mac address of the terminal device, a first random number, and an encrypted first target value, and the first target value is determined based on the Mac address, the first random number, and a first authentication number corresponding to the terminal device authentication and stored in the terminal device;

a second detectingmodule 502, configured to detect whether the first authentication frequency is the same as a second authentication frequency stored by the server according to the first data information, where the second authentication frequency is an authentication frequency corresponding to the authentication of the terminal device and stored by the server;

a generating and sendingmodule 503, configured to generate second data information based on the stored first authorization information associated with the terminal device, encrypt the second data information, and send the second data information to the terminal device when the first authentication number is the same as the second authentication number;

a receiving and updatingmodule 504, configured to receive, when the terminal device determines that second authorization information is the same as the first authorization information based on third data information and the decrypted second data information, an update instruction for updating the second authentication frequency sent by the terminal device, and update the second authentication frequency;

the third data information is generated based on second authorization information associated with the terminal device, and the terminal device deploying the algorithm program acquires the operation permission of the algorithm program under the condition that the second authorization information is the same as the first authorization information.

Optionally, the apparatus further comprises:

the sending module is used for sending the request information encrypted by the first private key to the terminal equipment;

and the third receiving module is used for receiving response information which is fed back by the terminal equipment and carries an authentication passing notice under the condition that the terminal equipment successfully decrypts the encrypted request information according to the first public key in the pre-prepared certificate, and determining that the server passes the authentication.

Optionally, the second detection module includes:

a third determining submodule, configured to determine a second target value by using a first target calculation policy based on the Mac address, the first random number, and the second authentication number;

the obtaining submodule is used for decrypting the encrypted first target value by using a second public key to obtain the first target value;

a fourth determination sub-module configured to determine that the first authentication number of times is the same as the second authentication number of times when the first target value is the same as the second target value;

Optionally, the generating and sending module is further configured to:

Optionally, the apparatus further comprises:

a fourth receiving module, configured to receive the MAC address reported by the terminal device and a second public key corresponding to the terminal device before the first receiving module receives the first data information reported by the terminal device, where the second public key and the second private key cooperate to form a public-private key pair;

Optionally, the generating and sending module is further configured to:

and generating the second data information by adopting a second target calculation strategy based on the Mac address, the first random number and the first authorization information.

For the device embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, refer to the partial description of the method embodiment.

Referring to fig. 6, a block diagram of a computer device according to an embodiment of the present application is shown. The computer device may be used to implement the device authorization method provided in the above embodiments. The computer device may be a terminal device or a server, or other device with data processing and storage capabilities. Specifically, the method comprises the following steps:

thecomputer device 600 includes a Central Processing Unit (CPU)601, asystem memory 604 including a Random Access Memory (RAM)602 and a Read Only Memory (ROM)603, and asystem bus 605 connecting thesystem memory 604 and thecentral processing unit 601. Thecomputer device 600 also includes a basic input/output system (I/O system) 606 for facilitating information transfer between various components within the computer, and amass storage device 607 for storing anoperating system 613,application programs 614, and other program modules 615.

The basic input/output system 606 includes adisplay 608 for displaying information and aninput device 609 such as a mouse, keyboard, etc. for a user to input information. Wherein thedisplay 608 and theinput device 609 are connected to thecentral processing unit 601 through an input output controller 610 connected to thesystem bus 605. The basic input/output system 606 may also include an input/output controller 610 for receiving and processing input from a number of other devices, such as a keyboard, mouse, or electronic stylus. Similarly, input/output controller 610 may also provide output to a display screen, a printer, or other type of output device.

Themass storage device 607 is connected to thecentral processing unit 601 through a mass storage controller (not shown) connected to thesystem bus 605. Themass storage device 607 and its associated computer-readable media provide non-volatile storage for thecomputer device 600. That is, themass storage device 607 may include a computer readable medium (not shown) such as a hard disk or CD-ROM drive.

Without loss of generality, the computer-readable media may comprise computer storage media and communication media. Computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data. Computer storage media includes RAM, ROM, EPROM, EEPROM, flash memory or other solid state memory technology, CD-ROM, DVD, or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices. Of course, those skilled in the art will appreciate that the computer storage media is not limited to the foregoing. Thesystem memory 604 andmass storage device 607 described above may be collectively referred to as memory.

According to various embodiments of the present application, thecomputer device 600 may also operate as a remote computer connected to a network via a network, such as the Internet. That is, thecomputer device 600 may be connected to thenetwork 612 through thenetwork interface unit 611 connected to thesystem bus 605, or may be connected to other types of networks or remote computer systems (not shown) using thenetwork interface unit 611.

The memory also includes one or more programs stored in the memory and configured to be executed by one or more processors. The one or more programs include instructions for performing the device authorization method.

In an example embodiment, there is also provided a computer device comprising a processor and a memory having stored therein at least one instruction, at least one program, set of codes, or set of instructions. The at least one instruction, at least one program, set of codes, or set of instructions is configured to be executed by one or more processors to implement the above-described apparatus authorization method.

In an exemplary embodiment, a computer readable storage medium is also provided, having stored therein at least one instruction, at least one program, set of codes, or set of instructions, which when executed by a processor of a computer device, implements the above-described device authorization method.

Alternatively, the computer-readable storage medium may be a ROM, a RAM, a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like.

In an exemplary embodiment, there is also provided a computer program product for implementing the above-described device authorization method when the computer program product is executed.

It should be understood that reference to "a plurality" herein means two or more. "and/or" describes the association relationship of the associated objects, meaning that there may be three relationships, e.g., a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship.

The above description is only exemplary of the present application and should not be taken as limiting the present application, and any modifications, equivalents, improvements and the like that are made within the spirit and principle of the present application should be included in the protection scope of the present application.

Claims

1. An apparatus authorization method is applied to a terminal apparatus for deploying an algorithm program, and includes:

2. The device authorization method according to claim 1, characterized in that the method further comprises:

receiving request information which is sent by the server and encrypted by a first private key;

decrypting the encrypted request information according to the first public key in the prefabricated certificate;

and under the condition of successful decryption, determining that the server passes the authentication, and feeding back response information carrying an authentication passing notification to the server.

3. The device authorization method according to claim 1, wherein the reporting of the first data information to the server includes:

encrypting the first target value by using a second private key;

4. The device authorization method according to claim 1, characterized in that the second data information is encrypted by a second public key, and the terminal device stores a second private key corresponding to the second public key;

5. The device authorization method according to claim 3 or 4, characterized in that, before reporting the first data information to the server, the method further comprises:

and when the second private key is used for encryption, the second public key is used for decryption, and when the second private key is used for decryption, the second public key is used for encryption.

6. The device authorization method according to claim 1, wherein the detecting whether the second authorization information and the first authorization information are the same according to the third data information and the second data information comprises:

7. The device authorization method according to claim 1, characterized in that the algorithm program comprises at least a main program file, an encrypted model file, and at least one library file;

when the algorithm program runs and calls the model file, the method further comprises the following steps:

decrypting the encrypted model file based on a GPU (graphics processing Unit) to obtain a model output result corresponding to model input information based on the model file;

when the algorithm program runs and the main program file calls the target library file, the method further comprises the following steps:

and checking the target library file, and allowing the target library file to be normally called under the condition that the checking is passed.

8. A device authorization method is applied to a server and comprises the following steps:

receiving first data information reported by a terminal device under the condition that the terminal device authenticates the server and the authentication passes, wherein the first data information comprises a media access control (Mac) address of the terminal device, a first random number and an encrypted first target value, and the first target value is determined based on the Mac address, the first random number and a first authentication frequency corresponding to the terminal device authentication and stored by the terminal device;

receiving an update instruction for updating the second authentication times sent by the terminal equipment and updating the second authentication times under the condition that the terminal equipment determines that the second authorization information is the same as the first authorization information based on third data information and the decrypted second data information;

9. An apparatus authorization device, which is applied to a terminal device for deploying an algorithm program, includes:

a receiving and decrypting module, configured to receive and decrypt the encrypted second data information fed back by the server to obtain the second data information, where the second data information is generated based on first authorization information associated with the terminal device and stored in the server when the server determines that the first authentication number is the same as the second authentication number, the second authentication number is an authentication number corresponding to the terminal device and stored in the server, and the server determines, based on the first data information, whether the first authentication number is the same as the second authentication number;

a first detection module, configured to detect whether second authorization information is the same as the first authorization information according to third data information and the second data information, where the third data information is generated based on second authorization information associated with the terminal device;

10. An apparatus authorization device, applied to a server, includes:

11. A computer device comprising a processor and a memory, the memory having stored therein at least one instruction, at least one program, set of codes, or set of instructions, which is loaded and executed by the processor to implement the method of any one of claims 1 to 7 or claim 8.

12. A computer readable storage medium, having stored therein at least one instruction, at least one program, a set of codes, or a set of instructions, which is loaded and executed by a processor to implement the method according to any one of claims 1 to 7 or claim 8.