CN113918980A

CN113918980A - Product authorization management method, device, equipment and medium

Info

Publication number: CN113918980A
Application number: CN202111324979.4A
Authority: CN
Inventors: 武金剑; 毛勇岗; 张俊杰; 冯宇波
Original assignee: Beijing Ruian Technology Co Ltd
Current assignee: Beijing Ruian Technology Co Ltd
Priority date: 2021-11-10
Filing date: 2021-11-10
Publication date: 2022-01-11

Abstract

The embodiment of the invention discloses a product authorization management method, a device, equipment and a medium. The method is applied to a first node and comprises the following steps: decrypting the encrypted product by adopting a public key to obtain a target product, and generating first product registration information when the installation operation of the target product is executed; acquiring second product registration information of the target node; encrypting the first product registration information by adopting a public key to determine encrypted registration information, and sending the encrypted registration information to a second node; if the encrypted authorization information sent by the second node is received, decrypting the encrypted authorization information by adopting the public key to obtain the authorization information; and determining a cluster authorization result of the target product in the cluster according to the authorization information and the second product registration information, and sending the cluster authorization result to the second node. By executing the scheme, the product authorization process can be managed and controlled, a user using the product can be traced, and the whole life cycle of the product is efficiently managed.

Description

Product authorization management method, device, equipment and medium

Technical Field

The embodiment of the invention relates to the technical field of big data products, in particular to a product authorization management method, a device, equipment and a medium.

Background

Big data is an important basis of digital economy, contains huge potential value, and provides possibility for exploring objective world new laws and reducing subjective factor influence in strategic decision. The big data platform provides calculation and storage capacity for big data, so that massive static data is enabled to be 'active' and the value of the big data is released.

In the related technology, in the process of selling a big data product, the big data product needs to pass through a plurality of intermediate links to reach the hands of the final user, so that the number of intermediate nodes in the whole process is too large, the manufacturer company does not know when the big data product reaches the hands of the final user, and the problem that the big data product cannot be efficiently and uniformly managed after the product is sold is caused.

Disclosure of Invention

Embodiments of the present invention provide a product authorization management method, apparatus, device, and medium, which can manage and control a product authorization process, trace a user using a product, and efficiently manage the entire life cycle of the product.

In a first aspect, an embodiment of the present invention provides a product authorization management method, where the method is applied to a first node, and includes: if an encrypted product and a public key sent by a second node are received, decrypting the encrypted product by adopting the public key to obtain a target product, and generating first product registration information when the installation operation of the target product is executed; wherein the target product is an installation package;

if the installation operation of the target product on the target node is detected, second product registration information of the target node is obtained; the number of the target nodes is at least one; the first node and each target node are in the same cluster, and each target node is managed through the first node;

encrypting the first product registration information by using the public key to determine encrypted registration information, sending the encrypted registration information to the second node so as to enable the second node to decrypt the encrypted registration information by using a private key to determine first product registration information, generating authorization information according to the first product registration information, encrypting the authorization information by using the private key to obtain encrypted authorization information, and sending the encrypted authorization information to the first node;

if the encrypted authorization information sent by the second node is received, decrypting the encrypted authorization information by adopting the public key to obtain authorization information;

and determining a cluster authorization result of the target product in the cluster according to the authorization information and the second product registration information, and sending the cluster authorization result to the second node so that the second node updates the cluster state according to the cluster authorization result.

In a second aspect, an embodiment of the present invention further provides a product authorization management method, which is executed by a second node, and the method includes: encrypting a target product by using a private key in a key pair to obtain an encrypted product, sending the encrypted product and a public key in the key pair to a first node, generating encrypted registration information by the first node according to the encrypted product and the public key, and sending the encrypted registration information to a second node; the target product is determined according to a ordering request of a user;

if the encrypted registration information sent by the first node is received, decrypting the encrypted registration information by using the private key to obtain first product registration information, and generating authorization information according to the first product registration information;

encrypting the authorization information by using the private key to obtain encrypted authorization information, sending the encrypted authorization information to the first node, determining authorization information by the first node according to the encrypted authorization information and the public key, determining a cluster authorization result of the target product in the cluster according to the authorization information and second product registration information, and sending the cluster authorization result to the second node;

and if the cluster authorization result sent by the first node is received, updating the cluster authorization state according to the cluster authorization result.

In a third aspect, an embodiment of the present invention further provides a product authorization management apparatus, configured at a first node, where the apparatus includes: the first product registration information generation module is used for decrypting the encrypted product by adopting the public key to obtain a target product and generating first product registration information when the installation operation of the target product is executed if the encrypted product and the public key sent by the second node are received; wherein the target product is an installation package;

the second product registration information acquisition module is used for acquiring second product registration information of a target node if the installation operation of the target product on the target node is detected; the number of the target nodes is at least one; the first node and each target node are in the same cluster, and each target node is managed through the first node;

the encrypted registration information determining module is used for encrypting the first product registration information by using the public key to determine encrypted registration information, sending the encrypted registration information to the second node, so that the second node decrypts the encrypted registration information by using a private key to determine first product registration information, generates authorization information according to the first product registration information, encrypts the authorization information by using the private key to obtain encrypted authorization information, and sends the encrypted authorization information to the first node;

the authorization information determining module is used for decrypting the encrypted authorization information by adopting the public key to obtain the authorization information if the encrypted authorization information sent by the second node is received;

and the cluster authorization result determining module is used for determining a cluster authorization result of the target product in the cluster according to the authorization information and the second product registration information, and sending the cluster authorization result to the second node so that the second node updates the cluster state according to the cluster authorization result.

In a fourth aspect, an embodiment of the present invention further provides a product authorization management apparatus, configured at a second node, where the apparatus includes:

the encrypted product determining module is used for encrypting a target product by adopting a private key in a key pair to obtain an encrypted product, sending the encrypted product and a public key in the key pair to a first node, generating encrypted registration information by the first node according to the encrypted product and the public key, and sending the encrypted registration information to a second node; the target product is determined according to a ordering request of a user;

the first product registration information determining module is used for decrypting the encrypted registration information by adopting the private key to obtain first product registration information and generating authorization information according to the first product registration information if the encrypted registration information sent by the first node is received;

the encrypted authorization information determining module is used for encrypting the authorization information by adopting the private key to obtain encrypted authorization information, sending the encrypted authorization information to the first node, determining authorization information by the first node according to the encrypted authorization information and the public key, determining a cluster authorization result of the target product in the cluster according to the authorization information and second product registration information, and sending the cluster authorization result to the second node;

and the cluster authorization state updating module is used for updating the cluster authorization state according to the cluster authorization result if the cluster authorization result sent by the first node is received.

In a fifth aspect, an embodiment of the present invention further provides an electronic device, where the electronic device includes:

one or more processors;

a storage device for storing one or more programs,

when executed by the one or more processors, cause the one or more processors to implement a product authorization management method performed by a first node as in any of the embodiments of the present invention, or a product authorization management method performed by a second node as in any of the embodiments of the present invention.

In a sixth aspect, the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the product authorization management method executed by a first node according to any one of the embodiments of the present invention, or implements the product authorization management method executed by a second node according to any one of the embodiments of the present invention.

According to the technical scheme provided by the embodiment of the invention, when the first node executes, if the encrypted product and the public key sent by the second node are received, the public key is adopted to decrypt the encrypted product to obtain the target product, and first product registration information is generated when the installation operation of the target product is executed; wherein the target product is an installation package; if the installation operation of the target product on the target node is detected, second product registration information of the target node is obtained; the number of the target nodes is at least one; the first node and each target node are in the same cluster, and each target node is managed through the first node; encrypting the first product registration information by using a public key to determine encrypted registration information, sending the encrypted registration information to a second node so as to enable the second node to decrypt the encrypted registration information by using a private key to determine the first product registration information, generating authorization information according to the first product registration information, encrypting the authorization information by using the private key to obtain encrypted authorization information, and sending the encrypted authorization information to the first node; if the encrypted authorization information sent by the second node is received, decrypting the encrypted authorization information by adopting the public key to obtain the authorization information; and determining a cluster authorization result of the target product in the cluster according to the authorization information and the second product registration information, and sending the cluster authorization result to the second node so that the second node updates the cluster state according to the cluster authorization result. By executing the technical scheme provided by the embodiment of the invention, the product authorization process can be managed and controlled, a user using the product can be traced, and the whole life cycle of the product can be efficiently managed.

Drawings

Fig. 1 is a flowchart of a product authorization management method executed by a first node according to an embodiment of the present invention;

fig. 2 is a flowchart of another product authorization management method executed by a first node according to an embodiment of the present invention;

fig. 3 is a flowchart of a product authorization management method executed by a second node according to an embodiment of the present invention;

fig. 4 is a flowchart of another product authorization management method executed by a second node according to an embodiment of the present invention;

fig. 5 is a schematic structural diagram of a product authorization management device configured at a first node according to an embodiment of the present invention;

fig. 6 is a schematic structural diagram of a product authorization management device configured at a second node according to an embodiment of the present invention;

fig. 7 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.

Detailed Description

The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.

Fig. 1 is a flowchart of a product authorization management method executed by a first node according to an embodiment of the present invention, where the method may be executed by a product authorization management apparatus, where the apparatus may be implemented by software and/or hardware, and the apparatus may be configured in an electronic device such as a server. The method is applied to a scene of carrying out authorization management on the big data product. As shown in fig. 1, the technical solution provided by the embodiment of the present invention specifically includes:

s110, if the encrypted product and the public key sent by the second node are received, decrypting the encrypted product by adopting the public key to obtain a target product, and generating first product registration information when the installation operation of the target product is executed.

Wherein the target product is an installation package.

The first node may be a master node of a large data cluster, is a node with the largest management authority in the cluster, and may acquire information of all master nodes and slave nodes in the cluster. The product can be a big data application, and is stored in the optical disc in the form of a software installation package for each node of the big data cluster to use, and each optical disc is provided with a product batch number. The target product is a product which is ordered by the user to the second node through the order request. The target product can be, for example, a big data management platform, and the target product can also be a software communication platform, and the target product can be set according to actual needs. The second node may be a server of a supplier of the big data product. The second node may generate a key pair by using an encryption algorithm, leave a private key of the key pair locally, encrypt the content to be sent to the nodes in the cluster for the first time by using the private key, and send the encrypted content and a public key of the key pair to other nodes, so that the other nodes store the public key. The communication process between the first node and the second node is encrypted. The first node uses the public key to encrypt or decrypt, and the second node uses the private key to decrypt or encrypt. The encrypted product may be a product obtained by the second node encrypting the product using the private key. The first product registration information may be hardware information of all nodes in the cluster, the first product registration information may be software information of software installed on all nodes in the cluster, and the first product registration information may be set according to actual needs. In the scheme, if the encrypted product and the public key sent by the second node are received, the public key can be adopted to decrypt the encrypted product to obtain the target product, and the first product registration information is generated when the first node executes the installation operation of the target product.

And S120, if the installation operation of the target product on the target node is detected, acquiring second product registration information of the target node.

The number of the target nodes is at least one; the first node and each target node are in the same cluster, and each target node is managed through the first node.

Specifically, the target node may be a slave node in the big data cluster, and the target node may receive the encrypted product and the public key sent by the second node, and decrypt the encrypted product using the public key to obtain the target product. The second product registration information may be hardware information of the target node, or software information of software installed on the target node, and the second product registration information may be set according to actual needs. According to the scheme, if the installation operation of the target product on the target node is detected, the second product registration information of the target node can be obtained. The first node manages at least one target node of the cluster where the first node is located.

S130, encrypting the first product registration information by using the public key to determine encrypted registration information, sending the encrypted registration information to the second node so as to enable the second node to decrypt the encrypted registration information by using a private key to determine first product registration information, generating authorization information according to the first product registration information, encrypting the authorization information by using the private key to obtain encrypted authorization information, and sending the encrypted authorization information to the first node.

According to the scheme, the public key sent by the second node can be adopted to encrypt the first product registration information to determine the encrypted registration information, and the encrypted registration information is sent to the second node. The second node may decrypt the encrypted registration information sent by the first node by using a private key to determine first product registration information, generate authorization information according to the first product registration information, encrypt the authorization information by using the private key to obtain encrypted authorization information, and send the encrypted authorization information to the first node. The authorization information may include information such as authorization time of the target product, authorization deadline of the target product, batch code of the target product, and software and hardware information of each node in the cluster. The authorization information may include information for multiple clusters. One part of the authorization information is encrypted by the private key and sent to the first node, and the other part of the authorization information is encrypted by the private key and can be sent to the target node. The authorization information may be information that verifies whether the target product was successfully authorized on the big data cluster.

S140, if the encrypted authorization information sent by the second node is received, the public key is adopted to decrypt the encrypted authorization information to obtain the authorization information.

If the encrypted authorization information sent by the second node is received, the encrypted authorization information can be decrypted by adopting the public key to obtain the authorization information, so that the authorization verification of the target product on the cluster can be performed according to the authorization information.

S150, determining a cluster authorization result of the target product in the cluster according to the authorization information and the second product registration information, and sending the cluster authorization result to the second node so that the second node updates the cluster state according to the cluster authorization result.

Illustratively, the cluster authorization result may be an authorization success or an authorization failure. The cluster authorization result of the target product in the cluster can be determined by comparing the authorization time and the authorization deadline in the authorization information with the actual authorization time of the target product in each node in the cluster in the second product registration information. The cluster authorization result of the target product in the cluster can be determined by comparing the cluster information in the authorization information with the software and hardware information of each node of the second product registration information. The cluster authorization result of the target product in the cluster can be determined by verifying whether the product batch code in the authorization information is consistent with the product registration code in the second product registration information. The cluster authorization result of the target product in the cluster can be determined by verifying whether the number of the authorization nodes in the authorization information is consistent with the number of the target nodes in the second product registration information. According to the scheme, after the cluster authorization result is determined, the cluster authorization result can be fed back to the second node, so that the second node updates the authorization state of the target product in the cluster according to the cluster authorization result, and the whole life cycle of the target product is managed.

Fig. 2 is a flowchart of a product authorization management method executed by a first node according to an embodiment of the present invention, and the embodiment is optimized based on the foregoing embodiment. As shown in fig. 2, the method for managing product authorization in the embodiment of the present invention may include:

s210, if the encrypted product and the public key sent by the second node are received, decrypting the encrypted product by adopting the public key to obtain a target product, and generating first product registration information when the installation operation of the target product is executed.

And S220, if the installation operation of the target product on the target node is detected, acquiring second product registration information of the target node.

In one possible embodiment, optionally, the determining of the second product registration information includes: determining at least one target node installed with a target product; and determining the hardware information of each target node, and using the hardware information of each target node as second product registration information.

Specifically, the scheme can determine at least one target node where the target product is installed. In addition, the scheme can acquire the software information and the hardware information of the target node where the target product is located. The hardware information may be motherboard information, CPU information, and memory information of the target node. The software information may be software information, such as a software name and a software version number, running on the target node corresponding to the motherboard identification number.

Thereby, by determining at least one target node on which the target product is installed; the hardware information of each target node is determined, and the hardware information of each target node is used as second product registration information, so that the node information with the target product can be acquired, and the tracing of a user and the management of the life cycle of the target product can be realized.

S230, encrypting the first product registration information by using the public key to determine encrypted registration information, sending the encrypted registration information to the second node so that the second node decrypts the encrypted registration information by using a private key to determine first product registration information, generating authorization information according to the first product registration information, encrypting the authorization information by using the private key to obtain encrypted authorization information, and sending the encrypted authorization information to the first node.

S240, if the encrypted authorization information sent by the second node is received, the public key is adopted to decrypt the encrypted authorization information to obtain the authorization information.

S250, determining a cluster authorization result of the target product in the cluster according to the authorization information and the second product registration information, and sending the cluster authorization result to the second node so that the second node updates the cluster state according to the cluster authorization result.

The details of the steps are described in the above embodiments.

In another possible embodiment, optionally, determining a cluster authorization result of the target product in the cluster according to the authorization information and the second product registration information includes: acquiring a product batch code in a target product; determining a product registration code according to the second product registration information; and if the product batch code is determined to be the same as the product registration code and the authorization information comprises the product batch code, determining that the target product is successfully authorized.

The target product is bound with the product batch code of the target product, so the scheme can determine the product batch code of the target product according to the target product. The second product registration information includes a product registration code. According to the scheme, if the product batch code is determined to be the same as the product registration code, and the product registration code in the authorization information is determined to be the same as the product batch code, the target product is determined to be successfully authorized.

Therefore, the product batch code in the target product is obtained; determining a product registration code according to the second product registration information; and if the product batch code is identical to the product registration code and the authorization information comprises the product batch code, determining that the target product is successfully authorized. The authorization result of the target product on the cluster can be determined according to the product batch code and the product registration code, the user of the product can be traced, and the life cycle of the product can be managed.

In yet another possible embodiment, optionally, determining a cluster authorization result of the target product in the cluster according to the authorization information and the second product registration information includes: acquiring first encryption authorization time from the authorization information, and acquiring second encryption authorization time from the second product registration information; decrypting the first encryption authorization time and the second encryption authorization time respectively by using the public key to determine first authorization time and second authorization time; and if the second authorization time and the first authorization time meet preset constraint conditions, determining that the target product is successfully authorized.

Specifically, the first encryption authorization time may be time information obtained by encrypting the first authorization time. The first authorization time may be an authorization time and an authorization deadline specified when the target product leaves the factory. For example, if the target product is required to be activated within 5 years from the date of production and can be used for 6 years, it means that the activation time of the target product must be within 5 years, and the interval from the activation date to the current system time does not exceed 6 years. The second encryption authorization time is time information obtained by encrypting the second authorization time. The second authorization time may be the actual activation time of the target product and the time that the target product has been used after it has been activated. The scheme can respectively decrypt the first encryption authorization time and the second encryption authorization time by utilizing the public key to determine the first authorization time and the second authorization time. The preset constraint condition may be that the activation time in the first authorization time is later than the actual activation time in the second authorization time, or the product use time in the first authorization time is longer than the time used by the target product in the second authorization time after being activated, and the preset constraint condition may be set according to actual needs. According to the scheme, if the second authorization time and the first authorization time are determined to meet the preset constraint condition, the target product is determined to be successfully authorized.

Thereby, the first encryption authorization time is obtained from the authorization information, and the second encryption authorization time is obtained from the second product registration information; decrypting the first encryption authorization time and the second encryption authorization time respectively by adopting a public key to determine the first authorization time and the second authorization time; and if the second authorization time and the first authorization time meet the preset constraint condition, determining that the target product is successfully authorized. The method and the device can determine the authorization result of the target product on the cluster according to the theoretical authorization time and the actual authorization time of the product, can trace users of the product, and can manage the life cycle of the product.

In this embodiment, optionally, determining the authorization result of the target product in the cluster according to the authorization information and the second product registration information includes: acquiring target cluster information and hardware information of a target node associated with the target cluster from the authorization information; and if the hardware information of each target node in the target cluster is respectively consistent with the hardware information of each target node in the second product registration information, determining that the authorization of the target product is successful.

Wherein the target cluster may be a cluster in which the target product is installed. The authorization information includes hardware information of each target node in the target cluster, for example, the hardware information of the target node may be motherboard information, CPU information, and memory information of the target node. In addition, the second product registration information includes hardware information of a target node in which the target product is installed. And if the hardware information of each target node in the target cluster is consistent with the hardware information of each target node in the second product registration information, indicating that the target node is a node in the target cluster, and determining that the target product is successfully authorized.

Therefore, the target cluster information and the hardware information of the target node associated with the target cluster are obtained from the authorization information; and if the hardware information of each target node in the target cluster is respectively consistent with the hardware information of each target node in the second product registration information, determining that the authorization of the target product is successful. The authorization result of the target product on the cluster can be determined according to the hardware information of the cluster, the user of the product can be traced, and the life cycle of the product can be managed.

And S260, updating the state information of each target node according to the cluster authorization result.

Wherein the state information may be an installation state of the target product at the target node. If the cluster authorization result is successful authorization, it indicates that all target nodes in the cluster have successfully installed the target product, and the scheme can correspondingly update the state information of the target product on the target nodes, for example, the installation is successful. On the contrary, if the cluster authorization result is that the authorization fails, it indicates that all target nodes in the cluster have not successfully installed the target product, and the scheme can correspondingly update the state information of the target product on the target nodes, for example, the installation fails.

According to the technical scheme provided by the embodiment of the invention, when the first node executes, if the encrypted product and the public key sent by the second node are received, the public key is adopted to decrypt the encrypted product to obtain the target product, and first product registration information is generated when the installation operation of the target product is executed; if the installation operation of the target product on the target node is detected, second product registration information of the target node is obtained; encrypting the first product registration information by using a public key to determine encrypted registration information, sending the encrypted registration information to a second node so as to enable the second node to decrypt the encrypted registration information by using a private key to determine the first product registration information, generating authorization information according to the first product registration information, encrypting the authorization information by using the private key to obtain encrypted authorization information, and sending the encrypted authorization information to the first node; if the encrypted authorization information sent by the second node is received, decrypting the encrypted authorization information by adopting the public key to obtain the authorization information; determining a cluster authorization result of the target product in the cluster according to the authorization information and the second product registration information, and sending the cluster authorization result to the second node so that the second node updates the cluster state according to the cluster authorization result; and updating the state information of each target node according to the cluster authorization result. By executing the technical scheme provided by the embodiment of the invention, the product authorization process can be managed and controlled, a user using the product can be traced, and the whole life cycle of the product can be efficiently managed.

Fig. 3 is a flowchart of a product authorization management method executed by a second node according to an embodiment of the present invention, where the method may be executed by a product authorization management apparatus, where the apparatus may be implemented by software and/or hardware, and the apparatus may be configured in an electronic device such as a server. The method is applied to a scene of carrying out authorization management on the big data product. As shown in fig. 3, the technical solution provided by the embodiment of the present invention specifically includes:

s310, encrypting a target product by using a private key in a key pair to obtain an encrypted product, sending the encrypted product and a public key in the key pair to a first node, generating encrypted registration information by the first node according to the encrypted product and the public key, and sending the encrypted registration information to a second node.

Wherein the target product is determined according to a ordering request of a user.

Specifically, the order placing request may include product information that the user needs to use, such as a product name, a product type, and the like. According to the scheme, the target product can be determined according to the order placing request of the user, the product can be a big data application and is stored in the optical disc in the form of a software installation package for each node of the big data cluster to use, and each optical disc is provided with a product batch number. The target product can be, for example, a big data management platform, and the target product can also be a software communication platform, and the target product can be set according to actual needs. The second node may be a server of a supplier of the big data product. The second node may generate a key pair by using an encryption algorithm, leave a private key of the key pair locally, encrypt the content to be sent to the nodes in the cluster for the first time by using the private key, and send the encrypted content and a public key of the key pair to the receiving party, so that the receiving party stores the public key. The first node may generate encrypted registration information according to the encrypted product and the public key, and send the encrypted registration information to the second node.

S320, if the encrypted registration information sent by the first node is received, the private key is adopted to decrypt the encrypted registration information to obtain first product registration information, and authorization information is generated according to the first product registration information.

Specifically, the second node may decrypt the encrypted registration information sent by the first node by using a private key to determine first product registration information, and generate authorization information according to the first product registration information. The authorization information may include information such as authorization time of the target product, authorization deadline of the target product, batch code of the target product, and software and hardware information of each node in the cluster. The authorization information may also include signature binary information, authorization file ciphertext, public key file, and the like. The authorization information may include information for multiple clusters.

S330, encrypting the authorization information by adopting the private key to obtain encrypted authorization information, sending the encrypted authorization information to the first node, determining authorization information by the first node according to the encrypted authorization information and the public key, determining a cluster authorization result of the target product in the cluster according to the authorization information and second product registration information, and sending the cluster authorization result to the second node.

According to the scheme, the authorization information can be encrypted by adopting a private key to obtain encrypted authorization information, and the encrypted authorization information is sent to the first node. The first node receives the encrypted authorization information sent by the second node, and can decrypt the encrypted authorization information by adopting the public key to obtain the authorization information, so that authorization verification of the target product on the cluster can be performed according to the authorization information and the second product registration information, a cluster authorization result of the target product on the cluster is determined, and the cluster authorization result is sent to the second node. The detailed description of the specific determination process of the cluster authorization result is described in the above embodiments.

S340, if the cluster authorization result sent by the first node is received, updating the cluster authorization state according to the cluster authorization result.

If the cluster authorization result sent by the first node is received, the authorization state of the target product in the cluster can be updated according to the cluster authorization result. For example, if the cluster authorization result is successful, the authorization state of the target product in the cluster is updated to be successful. And if the cluster authorization result is authorization failure, updating the authorization state of the target product in the cluster into authorization failure. Thereby realizing the management of the whole life cycle of the target product.

According to the technical scheme provided by the embodiment of the invention, a target product is encrypted by adopting a private key in a key pair to obtain an encrypted product, the encrypted product and a public key in the key pair are sent to a first node, so that encrypted registration information is generated by the first node according to the encrypted product and the public key and is sent to a second node; the target product is determined according to a ordering request of a user; if the encrypted registration information sent by the first node is received, decrypting the encrypted registration information by adopting a private key to obtain first product registration information, and generating authorization information according to the first product registration information; encrypting the authorization information by using a private key to obtain encrypted authorization information, sending the encrypted authorization information to the first node, determining the authorization information by the first node according to the encrypted authorization information and the public key, determining a cluster authorization result of a target product in a cluster according to the authorization information and second product registration information, and sending the cluster authorization result to the second node; and if the cluster authorization result sent by the first node is received, updating the cluster authorization state according to the cluster authorization result. By executing the technical scheme provided by the embodiment of the invention, the product authorization process can be managed and controlled, a user using the product can be traced, and the whole life cycle of the product can be efficiently managed.

Fig. 4 is a flowchart of a product authorization management method executed by a second node according to an embodiment of the present invention, and the embodiment is optimized based on the foregoing embodiment. As shown in fig. 4, the method for managing product authorization in the embodiment of the present invention may include:

a key pair is generated based on an asymmetric encryption algorithm S410.

Wherein the key pair comprises a private key and a public key.

Illustratively, the present solution may generate a key pair corresponding to the product batch code by using a Java default asymmetric encryption algorithm, the key length being 2048. The key pair comprises a public key and a private key, the private key is left at the second node, and the content to be sent to the nodes in the cluster for the first time is encrypted by the private key and then sent to other nodes together with the public key in the key pair, so that the other nodes store the public key. The privacy information involved in the communication process between the nodes can be protected, and the safety of information transmission is improved.

S420, encrypting the target product by using a private key in a key pair to obtain an encrypted product, and sending the encrypted product and a public key in the key pair to a first node, so that the first node generates encrypted registration information according to the encrypted product and the public key, and sends the encrypted registration information to a second node.

In this embodiment, optionally, encrypting the target product by using a private key in a key pair to obtain an encrypted product includes: and encrypting the target product by using the private key, and encoding the encrypted target product by using Base64 to obtain the encrypted product.

Since the information obtained by encrypting the target product by using the private key is encoded more complicated and has a too long length, the encrypted information is simply encoded by using the BASE64 before transmission to obtain the encrypted product, and then the encrypted product is sent to the first node. Correspondingly, after receiving the encrypted product, the first node firstly decodes the encrypted product by using the BASE64, and then decrypts the decoded information by using the public key to obtain the target product.

Therefore, the target product is encrypted by using a private key, and the encrypted target product is encoded by using Base64 to obtain the encrypted product. Data transmission between nodes can be realized, and errors in transmission contents are avoided.

S430, if the encrypted registration information sent by the first node is received, decrypting the encrypted registration information by using the private key to obtain first product registration information, and generating authorization information according to the first product registration information.

S440, encrypting the authorization information by adopting the private key to obtain encrypted authorization information, sending the encrypted authorization information to the first node, determining authorization information by the first node according to the encrypted authorization information and the public key, determining a cluster authorization result of the target product in the cluster according to the authorization information and second product registration information, and sending the cluster authorization result to the second node.

S450, if the cluster authorization result sent by the first node is received, updating the cluster authorization state according to the cluster authorization result.

The specific description of each step is described in detail in the above embodiments.

According to the technical scheme provided by the embodiment of the invention, a key pair is generated based on an asymmetric encryption algorithm; encrypting the target product by using a private key in the key pair to obtain an encrypted product, sending the encrypted product and a public key in the key pair to the first node, generating encrypted registration information by the first node according to the encrypted product and the public key, and sending the encrypted registration information to the second node; if the encrypted registration information sent by the first node is received, decrypting the encrypted registration information by adopting a private key to obtain first product registration information, and generating authorization information according to the first product registration information; encrypting the authorization information by using a private key to obtain encrypted authorization information, sending the encrypted authorization information to the first node, determining the authorization information by the first node according to the encrypted authorization information and the public key, determining a cluster authorization result of a target product in a cluster according to the authorization information and second product registration information, and sending the cluster authorization result to the second node; and if the cluster authorization result sent by the first node is received, updating the cluster authorization state according to the cluster authorization result. By executing the technical scheme provided by the embodiment of the invention, the product authorization process can be managed and controlled, a user using the product can be traced, and the whole life cycle of the product can be efficiently managed.

Fig. 5 is a schematic structural diagram of a product authorization management apparatus configured at a first node according to an embodiment of the present invention, where the apparatus may be configured in an electronic device such as a server. As shown in fig. 5, the apparatus includes:

a first product registration information generating module 510, configured to, if an encrypted product and a public key sent by a second node are received, decrypt the encrypted product with the public key to obtain a target product, and generate first product registration information when an installation operation of the target product is performed; wherein the target product is an installation package;

a second product registration information obtaining module 520, configured to obtain second product registration information of a target node if an installation operation of the target product on the target node is detected; the number of the target nodes is at least one; the first node and each target node are in the same cluster, and each target node is managed through the first node;

an encrypted registration information determining module 530, configured to encrypt the first product registration information by using the public key to determine encrypted registration information, and send the encrypted registration information to the second node, so that the second node decrypts the encrypted registration information by using a private key to determine first product registration information, generates authorization information according to the first product registration information, encrypts the authorization information by using the private key to obtain encrypted authorization information, and sends the encrypted authorization information to the first node;

an authorization information determining module 540, configured to, if receiving the encrypted authorization information sent by the second node, decrypt the encrypted authorization information by using the public key to obtain authorization information;

the cluster authorization result determining module 550 is configured to determine a cluster authorization result of the target product in the cluster according to the authorization information and the second product registration information, and send the cluster authorization result to the second node, so that the second node updates the cluster state according to the cluster authorization result.

Optionally, the determining process of the second product registration information includes: determining at least one target node installed with a target product; and determining the hardware information of each target node, and using the hardware information of each target node as second product registration information.

Optionally, the cluster authorization result determining module 550 is specifically configured to obtain a product batch code in the target product; determining a product registration code according to the second product registration information; and if the product batch code is determined to be the same as the product registration code and the authorization information comprises the product batch code, determining that the target product is successfully authorized.

Optionally, the cluster authorization result determining module 550 is specifically configured to obtain a first encryption authorization time from the authorization information, and obtain a second encryption authorization time from the second product registration information; decrypting the first encryption authorization time and the second encryption authorization time respectively by using the public key to determine first authorization time and second authorization time; and if the second authorization time and the first authorization time meet preset constraint conditions, determining that the target product is successfully authorized.

Optionally, the apparatus further includes a node status information updating module, configured to update status information of each target node according to the cluster authorization result.

Optionally, the cluster authorization result determining module 550 is specifically configured to obtain target cluster information and hardware information of a target node associated with the target cluster from the authorization information; and if the hardware information of each target node in the target cluster is respectively consistent with the hardware information of each target node in the second product registration information, determining that the authorization of the target product is successful.

The device provided by the above embodiment can execute the product authorization management method executed by the first node provided by any embodiment of the present invention, and has the corresponding functional modules and beneficial effects of the execution method.

Fig. 6 is a schematic structural diagram of a product authorization management apparatus configured at a second node according to an embodiment of the present invention, where the apparatus may be configured in an electronic device such as a server. As shown in fig. 6, the apparatus includes:

the encrypted product determining module 610 is configured to encrypt a target product by using a private key in a key pair to obtain an encrypted product, and send the encrypted product and a public key in the key pair to a first node, so that the first node generates encrypted registration information according to the encrypted product and the public key, and sends the encrypted registration information to the second node; the target product is determined according to a ordering request of a user;

a first product registration information determining module 620, configured to, if encrypted registration information sent by the first node is received, decrypt the encrypted registration information with the private key to obtain first product registration information, and generate authorization information according to the first product registration information;

an encrypted authorization information determining module 630, configured to encrypt the authorization information by using the private key to obtain encrypted authorization information, and send the encrypted authorization information to the first node, so that the first node determines authorization information according to the encrypted authorization information and the public key, determines a cluster authorization result of the target product in the cluster according to the authorization information and second product registration information, and sends the cluster authorization result to the second node;

the cluster authorization state updating module 640 is configured to update the cluster authorization state according to the cluster authorization result if the cluster authorization result sent by the first node is received.

Optionally, the encrypted product determining module 610 is specifically configured to encrypt the target product by using the private key, and encode the encrypted target product by using Base64 to obtain the encrypted product.

Optionally, the apparatus further includes a key pair generation module, configured to generate a key pair based on an asymmetric encryption algorithm before encrypting the target product with a private key of the key pair to obtain an encrypted product; wherein the key pair comprises a private key and a public key.

The device provided by the above embodiment can execute the product authorization management method executed by the second node provided by any embodiment of the present invention, and has the corresponding functional modules and beneficial effects of the execution method.

Fig. 7 is a schematic structural diagram of an electronic device according to an embodiment of the present invention, and as shown in fig. 7, the electronic device includes:

one or more processors 710, one processor 710 being illustrated in FIG. 7;

a memory 720;

the apparatus may further include: an input device 730 and an output device 740.

The processor 710, the memory 720, the input device 730 and the output device 740 of the apparatus may be connected by a bus or other means, for example, in fig. 7.

The memory 720, which is a non-transitory computer-readable storage medium, may be used for storing software programs, computer-executable programs, and modules, such as program instructions/modules corresponding to a method for product authorization management according to an embodiment of the present invention. The processor 710 executes various functional applications and data processing of the computer device by executing the software programs, instructions and modules stored in the memory 720, namely, implementing one of the product authorization management methods executed by the first node of the above method embodiments, namely:

if an encrypted product and a public key sent by a second node are received, decrypting the encrypted product by adopting the public key to obtain a target product, and generating first product registration information when the installation operation of the target product is executed; wherein the target product is an installation package;

Or, implementing a product authorization management method executed by a second node as provided in the embodiment of the present invention, that is:

encrypting a target product by using a private key in a key pair to obtain an encrypted product, sending the encrypted product and a public key in the key pair to a first node, generating encrypted registration information by the first node according to the encrypted product and the public key, and sending the encrypted registration information to a second node; the target product is determined according to a ordering request of a user;

The memory 720 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created according to use of the computer device, and the like. Further, the memory 720 may include high speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, memory 720 may optionally include memory located remotely from processor 710, which may be connected to the terminal device via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.

The input device 730 may be used to receive input numeric or character information and generate key signal inputs related to user settings and function control of the computer apparatus. The output device 740 may include a display device such as a display screen.

An embodiment of the present invention provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements a product authorization management method executed by a first node according to an embodiment of the present invention, that is:

Alternatively, a product authorization management method executed by a second node according to an embodiment of the present invention is implemented, that is:

Any combination of one or more computer-readable media may be employed. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.

A computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.

Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.

Computer program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).

It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.

Claims

1. A product authorization management method performed by a first node, comprising:

2. The method of claim 1, wherein the determining of the second product registration information comprises:

determining at least one target node installed with a target product;

and determining the hardware information of each target node, and using the hardware information of each target node as second product registration information.

3. The method of claim 1, wherein determining a cluster authorization result for the target product at the cluster based on the authorization information and the second product registration information comprises:

acquiring a product batch code in a target product;

determining a product registration code according to the second product registration information;

and if the product batch code is determined to be the same as the product registration code and the authorization information comprises the product batch code, determining that the target product is successfully authorized.

4. The method of claim 1, wherein determining a cluster authorization result for the target product at the cluster based on the authorization information and the second product registration information comprises:

acquiring first encryption authorization time from the authorization information, and acquiring second encryption authorization time from the second product registration information;

decrypting the first encryption authorization time and the second encryption authorization time respectively by using the public key to determine first authorization time and second authorization time;

and if the second authorization time and the first authorization time meet preset constraint conditions, determining that the target product is successfully authorized.

5. The method of claim 1, further comprising:

and updating the state information of each target node according to the cluster authorization result.

6. The method of claim 2, wherein determining the authorization result of the target product at the cluster based on the authorization information and the second product registration information comprises:

acquiring target cluster information and hardware information of a target node associated with the target cluster from the authorization information;

and if the hardware information of each target node in the target cluster is respectively consistent with the hardware information of each target node in the second product registration information, determining that the authorization of the target product is successful.

7. A product authorization management method performed by a second node, comprising:

8. The method of claim 7, wherein encrypting the target product with a private key of a key pair to obtain an encrypted product comprises:

and encrypting the target product by using the private key, and encoding the encrypted target product by using Base64 to obtain the encrypted product.

9. The method of claim 7, wherein before encrypting the target product with the private key of the key pair to obtain the encrypted product, the method further comprises:

generating a key pair based on an asymmetric encryption algorithm; wherein the key pair comprises a private key and a public key.

10. A product authorization management device configured at a first node, comprising:

the first product registration information generation module is used for decrypting the encrypted product by adopting the public key to obtain a target product and generating first product registration information when the installation operation of the target product is executed if the encrypted product and the public key sent by the second node are received; wherein the target product is an installation package;

11. A product authorization management device configured at a second node, comprising:

12. An electronic device, comprising:

one or more processors;

a storage device for storing one or more programs,

when executed by the one or more processors, cause the one or more processors to implement a product authorization management method performed by a first node as recited in any of claims 1-6, or a product authorization management method performed by a second node as recited in any of claims 7-9.

13. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out a product authorization management method executed by a first node according to any one of claims 1 to 6, or a product authorization management method executed by a second node according to any one of claims 7 to 9.