CN109902450B - Method for off-line permission issuing management - Google Patents
Method for off-line permission issuing management Download PDFInfo
- Publication number
- CN109902450B CN109902450B CN201910195088.XA CN201910195088A CN109902450B CN 109902450 B CN109902450 B CN 109902450B CN 201910195088 A CN201910195088 A CN 201910195088A CN 109902450 B CN109902450 B CN 109902450B
- Authority
- CN
- China
- Prior art keywords
- product
- manufacturer
- license
- dealer
- permission
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The invention discloses a method for off-line license issuing management, which is characterized in that a manufacturer sells a limited file package to a dealer, the dealer imports the limited file package into a license issuing center, and then a product to be sold is connected to the license issuing center to generate a secondary license import product; after a user purchases a product, the two-dimensional code is scanned to obtain an activation code, and the activation code is led into the product to obtain authorized use of the product. The invention not only saves the process of asking for permission from the manufacturer when the dealer sells the product, but also avoids the uncontrollable restriction of the manufacturer caused by the off-line issuance of the permission by the dealer, and the activation of the product requires the intervention of the manufacturer, so that the restriction information is controlled in the permission authentication center of the manufacturer, thereby avoiding the conditions that the dealer modifies the information of the restriction file, issues the permission infinitely and damages the benefit of the manufacturer.
Description
Technical Field
The invention relates to the technical field of license issuing management, in particular to an offline license issuing management method.
Background
At present, with the rapid development of the science and technology society, the development of a large amount of software has become a commercialization mode. Commercial software requires purchase to be used, and in order to prevent theft of the software, there is a license to which the software has been used as long as the license is purchased. The selling mode of a manufacturer is changed, products are sold by a distributor, but the following conditions exist in the authorized use of the commercial software at present:
after selling the product, the dealer inquires the activation code from the manufacturer, the manufacturer manufactures the activation code and then sends the activation code to the dealer, and then the dealer gives the user; if the license contains hardware factors, such as MAC addresses, etc., although the user can use the license after purchase, the dealer needs to acquire the license and authorize the license one by one after purchase, which is very cumbersome.
The subordinate dealer sells only the product, and the user obtains the license from the manufacturer, and for the sake of business confidentiality, it is assumed that a way in which the user can directly obtain the license at the manufacturer for free is: the user purchases the product on the dealer website, the dealer pushes some necessary information to the manufacturer website, and then the user can obtain the permission by logging in the manufacturer website. This situation requires data synchronization between the dealer and the manufacturer, and thus off-line licensing by the dealer cannot be achieved. Otherwise, secondary dealers may appear to modify the constraint data. The license is issued wirelessly, thereby compromising the benefit of the manufacturer.
In view of the above situation, the present invention provides an off-line license issuing management method, so that the dealer does not need to ask the manufacturer for the license.
Description of the terms:
asymmetric encryption: the encryption and decryption used by the invention is a pair of keys, not the same key; the public key is called as a public key, and the private key is called as a private key; if the data is encrypted by the public key, only private decryption can be used, and if the data is encrypted by the private key, only public decryption can be used.
Symmetric encryption: the data encryption and decryption use the same key encryption mode.
Primary permission: the manufacturer issues a license to the product.
Secondary permission: the dealer issues a license to the product.
Limitation information: the dealer issues the limitation conditions of the number of times of issuing the secondary license, the validity period and the like.
Disclosure of Invention
The invention aims to provide an off-line license issuing management method, which is very complicated in a mode that a secondary dealer is prevented from modifying product limit data of a manufacturer based on an asymmetric encryption mechanism, the dealer needs to inquire an activation code from the manufacturer during selling, the manufacturer manufactures the activation code and then sends the activation code to the dealer, and the dealer transfers the activation code to a client. Therefore, the dealer needs to have an own issuing license tool, the dealer directly issues the license, and the user can use the license after the user is activated.
The restriction package used is carried by the file, it is simple to modify the file content, so the conditions for modifying the restriction are always trusted, and the tool issuing the license to the distributor may not guarantee whether the restriction file is modified by the distributor for various reasons, such as the distributor deploying it on its own intranet. To ensure that the restricted file is not modified, an activation code step and asymmetric encryption techniques are used to maintain the restriction at both the manufacturer and distributor.
After the secondary issuing permission of the dealer is introduced, the product can be used only after being activated in a code scanning mode and the like, and actually, the legality of the issuing permission of the dealer is verified at a manufacturer, then the activation code is generated and finally input into the product, and finally, the customer can obtain the use authorization of the product.
The invention is realized by the following technical scheme: a off-line permission issuing management method, manufacturer sells the restriction file package to the distributor, the distributor imports it into the permission issuing center, then the product to be sold is connected to the permission issuing center, and generates the secondary permission import product; after a user purchases a product, the two-dimensional code is scanned to obtain an activation code, and the activation code is led into the product to obtain authorized use of the product.
Further, in order to better implement the invention, the method specifically comprises the following steps:
step F1: the dealer acquires the issuing permission restriction packet from the manufacturer and provides an encryption password;
step F2: the dealer acquires the issuing permission limiting package and guides the limiting package into the permission issuing center for verification; if the verification is successful, the license can be issued, and if the verification is failed, the transaction is stopped;
step F3: the dealer can sell the product to the customer after signing the license, the customer uses the authorization module to judge the validity of the signing license, if the validity is valid, the customer can successfully use the product; if the code is invalid, the code needs to be activated to the manufacturer in a code scanning mode.
Further, in order to better implement the present invention, the step F1 specifically includes the following steps:
step F11: a dealer initiates a permission request for purchasing signing and issuing permission to a factory selling platform;
step F12: the dealer selects times, time packages or other packages from the manufacturer according to the requirements of different products;
step F13: the distributor transmits the encrypted password to the manufacturer, and obtains the authority of purchasing the issuing permission restriction packet after payment is completed.
Further, in order to better implement the present invention, the step F2 specifically includes the following steps:
step F21: a manufacturer generates a pair of public keys and private keys according to purchase information and an encryption password initiated by a dealer on a selling platform;
step F22: the selling platform of the manufacturer uses the password transmitted by the distributor to encrypt the public key to form an encrypted public key; a manufacturer configures a password at a selling platform, and the selling platform encrypts a private key by using the password to form an encrypted private key;
step F23: the vendor selling platform calculates the signature of the dealer by using an unencrypted public key, an encrypted private key and read-only limiting information through a Hash algorithm; calculating the signature of a manufacturer by using an encrypted public key, an unencrypted private key and read-only limiting information through a Hash algorithm;
step F24: the selling platform of the manufacturer puts the encrypted public key, the encrypted private key, the dealer signature, the manufacturer signature and the read-only limiting information into an issuing permission limiting packet and transmits the issuing permission limiting packet to the dealer through a browser;
step F25: the dealer decrypts the encrypted public key in the signing and issuing permission limitation packet by using the encrypted password transmitted to the manufacturer, if the decryption is successful, the decrypted public key, the encrypted private key and the read-only limitation information are calculated by using the Hash algorithm again, then the dealer signature at the head of the calculation result is verified by using the decrypted public key, and the next step is carried out if the verification is successful; if the verification fails, the transaction task is stopped;
step F26: the dealer imports the issuance permission restriction package into the license issuance center of the dealer.
Further, in order to better implement the present invention, the step F3 specifically includes the following steps:
step F31: the dealer imports the license issued by the license issuing center into the product, or independently transmits the license to the client after the client purchases the product, and the client imports the product;
step F32: the user starts the product after obtaining the product, and an authorization module of the product checks the authenticity of the product license and judges whether the product needs to be activated or not; if activation is not needed, the customer can directly obtain the use right of the product; if the product needs to be activated, the customer scans the two-dimensional code of the product to enter a permission authentication center of a manufacturer;
step F33: the manufacturer license authentication center checks the product license, and if the product license passes the check, the activation code is returned to the client; if the check is not passed, the activation is failed, and the transaction is stopped.
Further, in order to better implement the present invention, step F32 specifically includes the following steps:
step F32-1: the user opens the product, if the dealer does not import the signing and issuing permission in advance, the import permission is prompted on the interface of the product, and the customer imports the product;
step F32-2: after the license is issued and the product is imported, an authorization module of the product checks the authenticity of the license; if the authenticity exists, the next step is carried out; if the transaction is not true, stopping the transaction;
step F32-3: the authorization module judges whether the product needs to be activated or not, and if the product does not need to be activated, the client can directly acquire the use right of the product; if the product needs to be activated, popping up a two-dimensional code on a product interface to prompt a client to scan and activate;
step F32-4: the customer scans the two-dimensional code and then enters a permission authentication center of a manufacturer, and the permission authentication center checks whether the issuing permission of the product is valid; if the activation code is valid, the activation code is returned to the customer, and the customer can obtain the use right of the product after filling the activation code; if the transaction is invalid, the activation code is not returned, the client is prompted that the issuance permission is invalid, and the transaction is stopped.
Further, in order to better implement the present invention, the step F32-4 specifically includes the following steps:
step F32-4-1: the authorization authentication center decrypts an encrypted private key in the information carried by the client after scanning the two-dimensional code by using a password of a manufacturer; the permission authentication center searches the issuing permission limiting packet of the selling platform to the distributor through the read-only limiting information in the issuing permission limiting packet;
step F32-4-2: the license authentication center calculates a hash value by using the decrypted private key, the read-only restriction information carried by the two-dimensional code and the searched encrypted public key in the signing and issuing license restriction packet through a hash algorithm;
step F32-4-3: then, verifying the manufacturer signature carried by the two-dimensional code by using a private key decrypted by the manufacturer in the restriction package; if the signature verification of the manufacturer is successful, the next step is carried out; if the verification fails, stopping the transaction;
step F32-4-4: the authorization authentication center continuously checks whether the information carried by the two-dimensional code meets the activation condition, if so, the activation code is returned to the client, and the client can obtain the use right of the product after filling the activation code; if the activation condition is not met, the activation code is not returned, the client is prompted to have invalid issuance permission, the transaction is stopped, and the client obtains the issuance permission from the dealer again.
Further, in order to better implement the present invention, the activation condition in step F32-4-4 specifically refers to: whether the time for issuing the licenses is expired or the number of issued licenses is exceeded.
Further, in order to better implement the present invention, the information that the two-dimensional code carries to the permission authentication center in the step F32-4-1 includes a manufacturer signature, an encrypted private key, read-only restriction information, and other factors; the other factors include the MAC address, the time the license was issued, the number of licenses issued.
The working principle is as follows:
firstly, a dealer purchases a limiting file on a selling platform of a manufacturer, and the manufacturer transfers the limiting file to the selling platform from a self permission authentication center according to the purchase information requirement of the dealer and sends the limiting file to the dealer; the dealer imports the restriction file into a license issuing center of the dealer, and then imports the issuing secondary license for the sold product; after a customer purchases a product from a dealer, the two-dimensional code on the licensing restriction package is scanned, namely the activation code is obtained, and then the activation code is guided into the product to be authorized for use. The restriction file is hereinafter referred to as issuing a permission restriction package or a restriction package.
Compared with the prior art, the invention has the following advantages and beneficial effects:
the invention not only saves a process of asking for permission from a manufacturer when a dealer sells products, but also avoids uncontrollable restriction of the manufacturer caused by off-line issuance of permission of the dealer, and because the product is activated and the intervention of the manufacturer is needed, the restriction information is controlled in the permission authentication center of the manufacturer, thereby avoiding the conditions that the dealer modifies the information of the restriction file, issues permission infinitely and damages the benefit of the manufacturer.
Drawings
FIG. 1 is a flow chart of the present invention;
fig. 2 is a diagram showing the structure of the issue permission restriction packet according to the present invention.
Detailed Description
The present invention will be described in further detail with reference to examples, but the embodiments of the present invention are not limited thereto.
Example 1:
the invention is realized by the following technical scheme, as shown in fig. 1-2, a method for off-line license issuing management, a manufacturer sells a restriction file package to a distributor, the distributor leads the restriction file package into a license issuing center, and then a product to be sold is connected to the license issuing center to generate a secondary license imported product; after a user purchases a product, the two-dimensional code is scanned to obtain the activation code, and then the activation code is led into the product to obtain the authorized use of the product.
Commercial software is purchased for use, and in order to prevent the software from being stolen, a license is issued and the right to use the software is given only if the license is purchased. At present, after a secondary dealer sells a product, the secondary dealer needs to apply for product license from the manufacturer, and then a client can obtain the license so as to normally use the product, so that the secondary dealer also has the right to issue the license, but a server for issuing the license by the dealer is possibly uncontrollable by the manufacturer. If not solved, it may happen that the secondary dealer modifies the constraint data, issuing the license indefinitely, thereby compromising the benefit of the manufacturer. It should be noted that, through the above improvement, an off-line license issuance management mode is proposed, which prevents the secondary dealer from modifying the limitation data by using an asymmetric encryption mechanism, and the secondary license issued by the customer to the dealer needs to be activated to use the product.
Firstly, a dealer purchases a limiting file on a selling platform of a manufacturer, and the manufacturer transfers the limiting file to the selling platform according to the purchase information requirement of the dealer and sends the limiting file to the dealer; the dealer imports the restriction file into a license issuing center of the dealer, and then conducts import of issuing secondary license on the sold product; after a customer purchases a product from a dealer, the two-dimensional code on the issuing permission restriction package is scanned, the activation code is obtained, and then the activation code is guided into the product to be authorized to use. The restriction file is hereinafter referred to as issuing a permission restriction package or a restriction package.
Other parts of this embodiment are the same as those of the above embodiment, and thus are not described again.
Example 2:
the present embodiment is further optimized based on the above embodiments, as shown in fig. 1 to fig. 2, and specifically includes the following steps:
step F1: the distributor obtains the signing and issuing permission restriction packet from the manufacturer and provides an encryption password;
step F2: the dealer acquires the issuing permission limiting package and guides the limiting package into the permission issuing center for verification; if the verification is successful, the license can be issued, and if the verification is failed, the transaction is stopped;
step F3: the dealer can sell the product to the customer after signing the license, the customer uses the authorization module to judge the validity of the signing license, if the validity is valid, the customer can successfully use the product; if the code is invalid, the code needs to be activated to the manufacturer in a code scanning mode.
It should be noted that, with the above improvement, the issuing permission limitation package mainly includes a manufacturer signature, a distributor signature, a public key encrypted by a distributor, a private key encrypted by a manufacturer, limitation information of some read-only areas, and information of readable and writable areas. When a dealer purchases a restriction package from a manufacturer, the dealer can provide own encrypted password, a restriction package generation tool of the manufacturer can automatically generate a pair of public and private keys, then the public key is encrypted by the password provided by the dealer, and the manufacturer provides a password for encrypting the private key.
And carrying out Hash calculation on the encrypted public key, the unencrypted private key and the limited information of the read-only area, and then encrypting by using the private key of the manufacturer to form a manufacturer signature. And carrying out Hash calculation on the unencrypted public key, the encrypted private key and the limited information of the read-only area, and then encrypting by using the own public key to form a distributor signature.
The limitation information of the read-only area is mainly some limitations given by the manufacturer, such as the number of times the secondary license is allowed to be issued by the dealer, the validity period of issuing the license, and the like. The limited information of the read/write area is mainly the number of times of issuing by the manufacturer, the product which has issued the license, and the like.
The generated public and private keys are encrypted and confused by using a symmetric encryption mechanism, so that a manufacturer does not know the public key held by a distributor, and the distributor does not know the private key held by the manufacturer. Therefore, the confidentiality of the public and private keys is very critical, and the embodiment uses triple DES and other obfuscation algorithms to encrypt the public and private keys again.
By utilizing the characteristic of the asymmetric encryption algorithm and the confidentiality of the key pair, data between a manufacturer and a distributor can be mutually verified, so that the aim of safety is fulfilled, and the problem of falsification caused by offline issuing is solved.
Other parts of this embodiment are the same as those of the above embodiment, and thus are not described again.
Example 3:
in this embodiment, further optimization is performed on the basis of the above embodiment, as shown in fig. 1-2, the step F1 specifically includes the following steps:
step F11: a dealer initiates a permission request for purchasing signing and issuing permission to a factory selling platform;
step F12: the dealer selects a time package, a time package or other packages from the manufacturer according to the requirements of different products;
step F13: the distributor transmits the encrypted password to the manufacturer, and obtains the authority of purchasing the issuing permission restriction packet after payment is completed.
It should be noted that, through the above improvement, when a dealer as a second-level middleman sells a product of a manufacturer, the dealer first needs to initiate an authorization request for issuing an authorization to purchase the product to a selling platform of the manufacturer. The number of times, or other packages that are approved are selected for different products when the purchase request is initiated. And simultaneously, providing an encryption password for the manufacturer to encrypt the public key. After the payment is completed, the dealer can obtain the qualification of purchasing and issuing the license and wait for the manufacturer to authenticate.
Other parts of this embodiment are the same as those of the above embodiment, and thus are not described again.
Example 4:
in this embodiment, further optimization is performed on the basis of the above embodiment, as shown in fig. 1 to fig. 2, the step F2 specifically includes the following steps:
step F21: a manufacturer generates a pair of public keys and private keys according to purchase information and an encryption password initiated by a dealer on a selling platform;
step F22: the selling platform of the manufacturer encrypts the public key by using the password transmitted by the distributor to form an encrypted public key; a manufacturer configures a password at a selling platform, and the selling platform encrypts a private key by using the password to form an encrypted private key;
step F23: the vendor selling platform calculates the signature of the dealer by using an unencrypted public key, an encrypted private key and read-only limiting information through a Hash algorithm; calculating the signature of a manufacturer by using an encrypted public key, an unencrypted private key and read-only limiting information through a Hash algorithm;
step F24: the selling platform of the manufacturer puts the encrypted public key, the encrypted private key, the signature of the distributor, the signature of the manufacturer and the read-only limiting information into an issuing permission limiting packet and transmits the issuing permission limiting packet to the distributor through a browser;
step F25: the dealer decrypts the encrypted public key in the issuing permission limiting packet by using the encrypted password transmitted to the manufacturer, if the decryption is successful, the decrypted public key, the encrypted private key and the read-only limiting information are calculated by using the Hash algorithm again, then the dealer signature at the head of the calculation result is verified by using the decrypted public key, and the next step is carried out if the verification is successful; if the verification fails, the transaction task is stopped;
step F26: the dealer imports the issuance permission restriction package into the license issuance center of the dealer.
It should be noted that, through the above improvement, after receiving the purchase request information of the dealer and the provided encryption password, the vendor's selling platform generates a pair of public key and private key, and the vendor will provide an encryption password at the selling platform, and the encryption password encrypts the private key. The private key is unknown to the distributor and the public key is unknown to the manufacturer.
Thus, the first owned resources are: unencrypted public key, encrypted public key, unencrypted private key, encrypted private key, read-only restriction information. The selling platform calculates the signature of the dealer by using an unencrypted public key, an encrypted private key and read-only limiting information through a Hash algorithm; the manufacturer's signature is computed by a hash algorithm using the unencrypted private key, the encrypted public key, and the read-only restriction information.
In this embodiment, the public key and the private key are encrypted by using the triple DES and the obfuscation algorithm, which are not the key points of protection in this patent and are methods well known to those skilled in the art, and therefore, they are not described in detail.
The selling platform puts the encrypted public key, the encrypted private key, the signature of the dealer, the signature of the manufacturer and the read-only restriction information into an issuing permission restriction packet, the issuing permission restriction packet is transmitted to the dealer through a browser, and the dealer decrypts the encrypted public key in the restriction packet by using the encrypted password provided for the manufacturer. If the decryption fails, the restriction packet received by the dealer is damaged in the network transmission or a false restriction packet is received, and the transaction task is stopped; if the decryption is successful, the signature of the manufacturer can be obtained, and then the distributor leads the issuing permission restriction package into the permission issuing center.
After the dealer successfully guides the issued license restriction packet into the license issuing center, the dealer immediately issues the secondary license right to the client.
Other parts of this embodiment are the same as those of the above embodiment, and thus are not described again.
Example 5:
in this embodiment, further optimization is performed on the basis of the above embodiment, as shown in fig. 1 to fig. 2, the step F3 specifically includes the following steps:
step F31: the dealer imports the license issued in the license issuing center into the product, or individually transmits the license to the customer after the customer purchases the product, and the product is imported by the customer;
step F32: the user starts the product after obtaining the product, and an authorization module of the product checks the authenticity of the product license and judges whether the product needs to be activated or not; if activation is not needed, the customer can directly obtain the use right of the product; if the product needs to be activated, the customer scans the two-dimensional code of the product to enter a permission authentication center of a manufacturer;
step F33: the manufacturer license authentication center checks the product license, and if the product license passes the check, the activation code is returned to the client; if the check fails, the activation fails and the transaction is stopped.
The step F32 specifically includes the steps of:
step F32-1: the user obtains the product and opens the product, if the dealer does not import the signing and issuing permission in advance, the import permission is prompted on the interface of the product, and the client imports the product;
step F32-2: after the license is issued and the product is imported, an authorization module of the product checks the authenticity of the license; if the authenticity is found, the next step is carried out; if the transaction is not true, stopping the transaction;
step F32-3: the authorization module judges whether the product needs to be activated or not, and if the product does not need to be activated, the client can directly acquire the use right of the product; if the product needs to be activated, popping up a two-dimensional code on a product interface to prompt a client to scan and activate;
step F32-4: the customer scans the two-dimensional code and then enters a permission authentication center of a manufacturer, and the permission authentication center checks whether the issuing permission of the product is valid; if the activation code is valid, the activation code is returned to the customer, and the customer can obtain the use right of the product after filling the activation code; if the transaction is invalid, the activation code is not returned, the client is prompted that the issuing permission is invalid, and the transaction is stopped.
The step F32-4 specifically comprises the following steps:
step F32-4-1: the license authentication center decrypts the encrypted private key in the information carried by the client after scanning the two-dimensional code by using the password of the manufacturer; the permission authentication center searches the issuing permission limiting packet of the selling platform to the dealer through the read-only limiting information in the issuing permission limiting packet;
step F32-4-2: the license authentication center calculates a hash value by using the decrypted private key, the read-only restriction information carried by the two-dimensional code and the searched encrypted public key in the signing and issuing license restriction packet through a hash algorithm;
step F32-4-3: then, verifying the manufacturer signature carried by the two-dimensional code by using a private key decrypted by the manufacturer in the restriction package; if the signature verification of the manufacturer is successful, the next step is carried out; if the verification fails, stopping the transaction;
step F32-4-4: the authorization authentication center continuously checks whether the information carried by the two-dimensional code meets the activation condition, if so, the activation code is returned to the client, and the client can obtain the use right of the product after filling the activation code; if the activation condition is not met, the activation code is not returned, the client is prompted to have invalid issuance permission, the transaction is stopped, and the client obtains the issuance permission from the dealer again.
The information carried by the two-dimensional code to the permission authentication center in the step F32-4-1 comprises a manufacturer signature, an encrypted private key, read-only limiting information and other factors; the other factors include MAC address, time to issue a grant, number of grants issued; the activating conditions in the step F32-4-4 specifically refer to: whether the time to issue the licenses is expired, and whether the number of issued licenses is exceeded.
It should be noted that, with the above improvement, the authorization module has the following responsibilities: and judging whether the user is authorized, specifically, judging that the issuance is a multi-level permission according to the input permission issuance. If the license is the primary license, namely the license directly given by the manufacturer, the authorization module verifies whether the primary license is legal or not, if the primary license is legal, the user is authorized, and if the primary license is legal, the user is not authorized. If the license is the secondary license, namely the license given by the distributor, the two-dimensional code is generated at the moment to prompt the user to scan and activate, and the user obtains the activation code and successfully obtains the product use right. The authorization module can calculate and grant the secondary license and the activation code, and then enter a validation step for the license.
The sales platform has the responsibility of: and is responsible for collecting information required for the generation of the restriction package and making the restriction package, and then transmitting the restriction package to the license authentication centers of the dealers and manufacturers.
The responsibility of the license issuing center is: and verifying the legality of the restriction package and issuing secondary permission to the product. The internet has a plurality of places for using the signature, the main function is to prevent the data from being tampered, once the data is changed, the calculated signature is different from the signature calculated before the data is not changed, and the purpose of the distributor signature and the manufacturer signature in the invention is to prevent the data from being changed.
The responsibilities of the licensing authentication center are: verifying the imported limit packet, collecting data in the two-dimensional code, searching the limit packet corresponding to the data in the two-dimensional code, verifying the validity of the two-dimensional code data, checking whether the two-dimensional code data exceeds the limit, and finally generating an activation code and returning the activation code to the user.
Other parts of this embodiment are the same as those of the above embodiment, and thus are not described again.
The above description is only a preferred embodiment of the present invention, and is not intended to limit the present invention in any way, and all simple modifications and equivalent variations of the above embodiments according to the technical spirit of the present invention are included in the scope of the present invention.
Claims (7)
1. A method of offline license issuance management, characterized by: the manufacturer sells the limiting file package to a dealer, the dealer imports the limiting file package into a license issuing center, then a product to be sold is connected to the license issuing center, and a secondary license import product is generated; after a user purchases a product, scanning the two-dimensional code to obtain an activation code, and then introducing the activation code into the product to obtain an authorized product;
step F1: the dealer acquires the issuing permission restriction packet from the manufacturer and provides an encryption password;
step F2: the distributor acquires the issuing permission restriction package and introduces the restriction package into the permission issuing center for verification; if the verification is successful, the license can be issued, and if the verification is failed, the transaction is stopped;
the step F2 specifically includes the steps of:
step F21: a manufacturer generates a pair of public keys and private keys according to purchase information and an encryption password initiated by a dealer on a selling platform;
step F22: the selling platform of the manufacturer encrypts the public key by using the password transmitted by the distributor to form an encrypted public key; the method comprises the steps that a manufacturer configures a password at a selling platform, and the selling platform encrypts a private key by using the password to form an encrypted private key;
step F23: the vendor selling platform calculates the signature of the dealer by using an unencrypted public key, an encrypted private key and read-only limiting information through a Hash algorithm; calculating the signature of a manufacturer by using an encrypted public key, an unencrypted private key and read-only limiting information through a Hash algorithm;
step F24: the selling platform of the manufacturer puts the encrypted public key, the encrypted private key, the dealer signature, the manufacturer signature and the read-only limiting information into an issuing permission limiting packet and transmits the issuing permission limiting packet to the dealer through a browser;
step F25: the dealer decrypts the encrypted public key in the signing and issuing permission limitation packet by using the encrypted password transmitted to the manufacturer, if the decryption is successful, the decrypted public key, the encrypted private key and the read-only limitation information are calculated by using the Hash algorithm again, then the dealer signature at the head of the calculation result is verified by using the decrypted public key, and the next step is carried out if the verification is successful; if the verification fails, stopping the transaction task;
step F26: the dealer imports the issuing permission restriction package into a permission issuing center of the dealer;
step F3: the dealer can sell the product to the customer after signing the license, the customer uses the authorization module to judge the validity of the signing license, if the validity is valid, the customer can successfully use the product; if the code is invalid, the code needs to be activated to the manufacturer in a code scanning mode.
2. The method of claim 1, wherein the method comprises: the step F1 specifically includes the steps of:
step F11: a dealer initiates a permission request for purchasing signing and issuing permission to a factory selling platform;
step F12: the dealer selects times, time packages or other packages from the manufacturer according to the requirements of different products;
step F13: the distributor transmits the encrypted password to the manufacturer, and obtains the authority of purchasing the issuing permission restriction packet after payment is completed.
3. The method of offline license issuance management according to claim 1, wherein: the step F3 specifically includes the steps of:
step F31: the dealer imports the license issued by the license issuing center into the product, or independently transmits the license to the client after the client purchases the product, and the client imports the product;
step F32: the user starts the product after obtaining the product, and an authorization module of the product checks the authenticity of the product license and judges whether the product needs to be activated or not; if the activation is not needed, the customer can directly obtain the use right of the product; if the product needs to be activated, the client scans the two-dimension code of the product to enter a permission authentication center of a manufacturer;
step F33: the manufacturer license authentication center checks the product license, and if the product license passes the check, the activation code is returned to the client; if the check is not passed, the activation is failed, and the transaction is stopped.
4. The method of claim 3, wherein the method comprises: the step F32 specifically includes the steps of:
step F32-1: the user obtains the product and opens the product, if the dealer does not import the signing and issuing permission in advance, the import permission is prompted on the interface of the product, and the client imports the product;
step F32-2: after the license is issued and the product is imported, an authorization module of the product checks the authenticity of the license; if the authenticity exists, the next step is carried out; if the transaction does not have authenticity, stopping the transaction;
step F32-3: the authorization module judges whether the product needs to be activated or not, and if the product does not need to be activated, the client can directly acquire the use right of the product; if the product needs to be activated, popping up a two-dimensional code on a product interface to prompt a client to scan and activate;
step F32-4: the customer scans the two-dimensional code and then enters a permission authentication center of a manufacturer, and the permission authentication center checks whether the issuing permission of the product is valid; if the activation code is valid, the activation code is returned to the customer, and the customer can obtain the use right of the product after filling the activation code; if the transaction is invalid, the activation code is not returned, the client is prompted that the issuance permission is invalid, and the transaction is stopped.
5. The method of claim 4, wherein the method comprises: the step F32-4 specifically comprises the following steps:
step F32-4-1: the license authentication center decrypts the encrypted private key in the information carried by the client after scanning the two-dimensional code by using the password of the manufacturer; the permission authentication center searches the issuing permission limiting packet of the selling platform to the distributor through the read-only limiting information in the issuing permission limiting packet;
step F32-4-2: the license authentication center calculates a hash value by using the decrypted private key, the read-only restriction information carried by the two-dimensional code and the searched encrypted public key in the signing and issuing license restriction packet through a hash algorithm;
step F32-4-3: then, verifying the manufacturer signature carried by the two-dimensional code by using a private key decrypted by the manufacturer in the restriction package; if the signature verification of the manufacturer is successful, the next step is carried out; if the verification fails, stopping the transaction;
step F32-4-4: the authorization authentication center continuously checks whether the information carried by the two-dimensional code meets the activation condition, if so, the activation code is returned to the client, and the client can obtain the use right of the product after filling the activation code; if the activation condition is not met, the activation code is not returned, the client is prompted to have invalid issuance permission, the transaction is stopped, and the client obtains the issuance permission from the dealer again.
6. The method of offline license issuance management according to claim 5, wherein: the activation condition in the step F32-4-4 specifically means: whether the time to issue the licenses is expired, and whether the number of issued licenses is exceeded.
7. The method of offline license issuance management according to claim 5, wherein: the information carried by the two-dimensional code to the permission authentication center in the step F32-4-1 comprises a manufacturer signature, an encrypted private key, read-only limiting information and other factors; the other factors include the MAC address, the time the license was issued, the number of licenses issued.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910195088.XA CN109902450B (en) | 2019-03-14 | 2019-03-14 | Method for off-line permission issuing management |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910195088.XA CN109902450B (en) | 2019-03-14 | 2019-03-14 | Method for off-line permission issuing management |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109902450A CN109902450A (en) | 2019-06-18 |
| CN109902450B true CN109902450B (en) | 2023-01-24 |
Family
ID=66953641
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910195088.XA Active CN109902450B (en) | 2019-03-14 | 2019-03-14 | Method for off-line permission issuing management |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109902450B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110348548A (en) * | 2019-06-20 | 2019-10-18 | 武汉瑞莱保能源技术有限公司 | A kind of transmission method for realizing multi-mass work label point information by planar bar code technology |
| CN111209587B (en) * | 2019-12-24 | 2022-04-22 | 杭州安恒信息技术股份有限公司 | One-key login method based on js browser plug-in |
| CN111581607B (en) * | 2020-05-08 | 2023-08-22 | 深圳市凯迈生物识别技术有限公司 | License activating method |
| CN113282888B (en) * | 2021-04-02 | 2024-02-06 | 北京千方科技股份有限公司 | Offline activation method, system and storage medium of application program |
Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1529856A (en) * | 2000-08-08 | 2004-09-15 | ά | Internet third-pard authentication using electronic ticket |
| CN1832395A (en) * | 2005-03-11 | 2006-09-13 | 微软公司 | Format-agnostic system and method for issuing certificates |
| CN101438528A (en) * | 2004-10-26 | 2009-05-20 | 克斯特无线电公司 | Method, system, and network for selectively controlling the utility a target |
| CN101442404A (en) * | 2008-12-30 | 2009-05-27 | 北京中企开源信息技术有限公司 | Multilevel management system and method for license |
| CN103186723A (en) * | 2011-12-30 | 2013-07-03 | 北京大学 | Digital content security cooperation method and system |
| US8516090B1 (en) * | 2009-07-01 | 2013-08-20 | Riverbed Technology, Inc. | Method and apparatus for distributing licenses |
| CN104221042A (en) * | 2012-03-27 | 2014-12-17 | 锡克拜控股有限公司 | Managing objects in a supply chain using a secure identifier |
| CN106372950A (en) * | 2016-09-21 | 2017-02-01 | 东北大学秦皇岛分校 | Anti-counterfeiting authentication method for e-commerce and online shopping goods |
| CN106789896A (en) * | 2016-11-18 | 2017-05-31 | 汉柏科技有限公司 | The method and system that a kind of mandate to virtual firewall is limited |
| CN106971097A (en) * | 2017-04-13 | 2017-07-21 | 北京深思数盾科技股份有限公司 | Software license method |
| CN107599631A (en) * | 2017-09-14 | 2018-01-19 | 北京赛腾标识系统股份公司 | A kind of spray printing device control system and method |
| CN107682160A (en) * | 2017-10-31 | 2018-02-09 | 美的智慧家居科技有限公司 | The authentication method and device of a kind of production equipment, electronic equipment |
| CN107835162A (en) * | 2017-10-18 | 2018-03-23 | 北京深思数盾科技股份有限公司 | The method that software digital permit server signs and issues software digital permissions |
| CN108833507A (en) * | 2018-05-31 | 2018-11-16 | 长安大学 | A kind of authorization identifying system and method for shared product |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2004206435A (en) * | 2002-12-25 | 2004-07-22 | Victor Co Of Japan Ltd | License management method, and license management system |
| US20050289072A1 (en) * | 2004-06-29 | 2005-12-29 | Vinay Sabharwal | System for automatic, secure and large scale software license management over any computer network |
| US20070198427A1 (en) * | 2006-02-22 | 2007-08-23 | Microsoft Corporation | Computer service licensing management |
| WO2011048126A1 (en) * | 2009-10-21 | 2011-04-28 | Intrinsic Id B.V. | Distribution system and method for distributing digital information |
-
2019
- 2019-03-14 CN CN201910195088.XA patent/CN109902450B/en active Active
Patent Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1529856A (en) * | 2000-08-08 | 2004-09-15 | ά | Internet third-pard authentication using electronic ticket |
| CN101438528A (en) * | 2004-10-26 | 2009-05-20 | 克斯特无线电公司 | Method, system, and network for selectively controlling the utility a target |
| CN1832395A (en) * | 2005-03-11 | 2006-09-13 | 微软公司 | Format-agnostic system and method for issuing certificates |
| CN101442404A (en) * | 2008-12-30 | 2009-05-27 | 北京中企开源信息技术有限公司 | Multilevel management system and method for license |
| US8516090B1 (en) * | 2009-07-01 | 2013-08-20 | Riverbed Technology, Inc. | Method and apparatus for distributing licenses |
| CN103186723A (en) * | 2011-12-30 | 2013-07-03 | 北京大学 | Digital content security cooperation method and system |
| CN104221042A (en) * | 2012-03-27 | 2014-12-17 | 锡克拜控股有限公司 | Managing objects in a supply chain using a secure identifier |
| CN106372950A (en) * | 2016-09-21 | 2017-02-01 | 东北大学秦皇岛分校 | Anti-counterfeiting authentication method for e-commerce and online shopping goods |
| CN106789896A (en) * | 2016-11-18 | 2017-05-31 | 汉柏科技有限公司 | The method and system that a kind of mandate to virtual firewall is limited |
| CN106971097A (en) * | 2017-04-13 | 2017-07-21 | 北京深思数盾科技股份有限公司 | Software license method |
| CN107599631A (en) * | 2017-09-14 | 2018-01-19 | 北京赛腾标识系统股份公司 | A kind of spray printing device control system and method |
| CN107835162A (en) * | 2017-10-18 | 2018-03-23 | 北京深思数盾科技股份有限公司 | The method that software digital permit server signs and issues software digital permissions |
| CN107682160A (en) * | 2017-10-31 | 2018-02-09 | 美的智慧家居科技有限公司 | The authentication method and device of a kind of production equipment, electronic equipment |
| CN108833507A (en) * | 2018-05-31 | 2018-11-16 | 长安大学 | A kind of authorization identifying system and method for shared product |
Non-Patent Citations (2)
| Title |
|---|
| 一种面向软件生命周期的授权保护系统设计与实现;欧阳雪等;《计算机工程与科学》;20130415(第04期);全文 * |
| 广西广电网络销售管理平台;翁毅等;《有线电视技术》;20170315(第03期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109902450A (en) | 2019-06-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109902450B (en) | Method for off-line permission issuing management | |
| US5864620A (en) | Method and system for controlling distribution of software in a multitiered distribution chain | |
| JP4615601B2 (en) | Computer security system and computer security method | |
| US20200014545A1 (en) | Method for Using Cryptography to Protect Deployable Rapid On-Site Manufacturing 3D Printing Systems and Enable a Single Time Printing Protocol | |
| EP2951976B1 (en) | Securing a computing device accessory | |
| US8639915B2 (en) | Apparatus and method for distributing private keys to an entity with minimal secret, unique information | |
| US6219652B1 (en) | Network license authentication | |
| US20050138387A1 (en) | System and method for authorizing software use | |
| CN108768933B (en) | Autonomous supervision digital identity authentication system on block chain platform | |
| WO2018103166A1 (en) | Method and device for downloading key of pos terminal | |
| WO2017063470A1 (en) | Method, device and system for verifying consistency of electronic data and certificate verification platform | |
| CN101243438A (en) | Distributed single sign-on service | |
| CN102957708B (en) | Application encrypting and decrypting method, server and terminal | |
| CN110535807B (en) | Service authentication method, device and medium | |
| WO2018040880A1 (en) | Method and system for granting authority to acquire terminal attack alarm information log | |
| CN108200014B (en) | Method, device and system for accessing server by using intelligent key device | |
| CN106372950B (en) | Anti-counterfeiting authentication method for e-commerce and online shopping commodities | |
| US20090119505A1 (en) | Transaction method and verification method | |
| EP1471405A1 (en) | Method and device for protecting information against unauthorised use | |
| JP3985461B2 (en) | Authentication method, content sending device, content receiving device, authentication system | |
| JP4047691B2 (en) | Article ownership confirmation system, article ownership confirmation method, article ownership confirmation program, and recording medium for the program | |
| CN114298722B (en) | Intelligent equipment warranty processing method, server side and intelligent equipment | |
| JP2004140636A (en) | System, server, and program for sign entrustment of electronic document | |
| KR20090041473A (en) | Authentication server for validating product authenticity using otp electronic tag and method therefor | |
| JP2005215945A (en) | Information processor, storage device for permitting software execution, and software execution method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB03 | Change of inventor or designer information |
Inventor after: Zou Xinjiang Inventor after: Fan Yuan Inventor after: Wu Yongyue Inventor after: Zheng Xuexin Inventor after: Liu Tao Inventor before: Zou Xijiang Inventor before: Fan Yuan Inventor before: Wu Yongyue Inventor before: Zheng Xuexin Inventor before: Liu Tao |
|
| CB03 | Change of inventor or designer information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |