CN116167020A - Software authorization method and system - Google Patents

Software authorization method and system Download PDF

Info

Publication number
CN116167020A
CN116167020A CN202211555438.7A CN202211555438A CN116167020A CN 116167020 A CN116167020 A CN 116167020A CN 202211555438 A CN202211555438 A CN 202211555438A CN 116167020 A CN116167020 A CN 116167020A
Authority
CN
China
Prior art keywords
authorization
software
information
target software
client
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211555438.7A
Other languages
Chinese (zh)
Inventor
邓邦庞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Segi Information Technology Co ltd
Original Assignee
Shenzhen Segi Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Segi Information Technology Co ltd filed Critical Shenzhen Segi Information Technology Co ltd
Priority to CN202211555438.7A priority Critical patent/CN116167020A/en
Publication of CN116167020A publication Critical patent/CN116167020A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Abstract

The invention provides a software authorization method and a system, wherein the software authorization method comprises the following steps: when a client purchases target software, binding and encrypting the client information, the software running environment information and the authorization information of the target software to generate an authorization certificate, and then providing the target software and the authorization certificate for the client; when the client uses the target software, the target software adopts the authorization certificate to carry out authorization verification, monitors the use condition of the target software according to the authorization information after the verification is passed, and reports the use condition to an authorization server; and the authorization server judges whether the use of the target software is legal or not according to the reported information. By adopting the technical scheme of the invention, flexible authorization can be performed according to the needs of clients, and software is easy to issue, authorize, track and manage.

Description

Software authorization method and system
Technical Field
The invention relates to the field of computer software, in particular to a software authorization method and a system.
Background
At present, software protection methods adopted at home and abroad are mainly divided into two main types: hard encryption and soft encryption protection methods. There are two main software protection products for these two protection modes: hard encryption products represented by dongles and soft encryption products represented by serial numbers. However, both the hard encryption and the soft encryption have the defects, such as the use of a dongle, if a plurality of software runs on the same machine, the plurality of dongles are needed to protect, interference among the dongles with different models is not eliminated, and the corresponding dongles also need to be replaced along with the authorization of the software version, so that the cost of the software is increased. For another example, the use of the serial number of the software eliminates the defects caused by hardware, but the serial number is easy to be stolen, a software developer cannot prevent the user from disclosing the serial number, and an unauthorized user still has the opportunity to normally use the software, so that the loss caused by a software manufacturer is self-evident.
The effective electronic authorized software protection scheme can not only avoid the problems, but also provide a rich and personalized authorization scheme for software users, and is convenient for realizing tracking after-sale and management authorization. The market share of the software protection scheme of electronic authorization is gradually surpassed by the dongle abroad, and the software authorization scheme has many advantages not possessed by hardware encryption: for example, the logistics process is eliminated in the software issuing process, the cost is reduced, the electronic issuing can be realized anytime and anywhere, and the distribution and the management are easy. The hard encryption technology represented by the dongle firstly lacks management and statistics functions on user data, and secondly, the existence of hardware also brings related problems of production, logistics, installation, maintenance and the like, so that the cost is high, the network distribution and sales of software cannot be realized, and the hard encryption technology can be replaced by a more optimized and effective software authorization technology. The software authorization protection mode is becoming a product of development of internet technology and cloud computing technology on the basis of the traditional protection mode, on one hand, electronic release and electronic authorization of software are easy to realize, and meanwhile, the software authorization protection mode is more convenient to use and manage, and on the other hand, the software authorization protection mode is consistent with the current environment-friendly popular idea, so that the electronic authorization scheme is a development trend of the future software protection industry.
The software protection product commonly used in China at present is a dongle, and the development modes of soft encryption and software electronic authorization are not commonly formed. On one hand, domestic software developers also stay on the traditional thought that hard encryption is safer than soft encryption; on the other hand, the software authorization products independently developed in China are still to be perfected, and most of the software authorization products are purchased abroad, and the price of the abroad software authorization products is too high. From the reality, the domestic software protection technology and products mainly have the following problems:
1. purchase once and lifetime authorization does not provide a flexible authorization mechanism. With the development of the software industry, the requirements of software users become more and more flexible, and different users need different time and different trial period software. The software developer should allow the user to terminate the use of a certain module at any time, and at the same time, start the use of a certain module at any time, so that the sense of "required and used" flexible authorization can be achieved in a true sense only.
2. The software development cost is high. The presence of hardware introduces production, logistics, installation and maintenance costs, and this cost grows linearly with the increase in software users. The hardware is inevitably discharged in the use process
At present, various faults exist, and software responsible personnel cannot process the fault hardware through an electronic way, so that the maintenance cost of the hardware is increased, and the bad use feeling is brought to users.
3. Electronic distribution, authorization, tracking and management of the internet is not possible. The hardware itself determines that the software cannot be distributed in an electronic manner. The authorization of the hardware cannot be electronic, and the user can go to the software company to accept the transaction by himself or the company sends the relevant staff to go to the gate for the transaction. Timing authority policies may give users the perception of software product functionality as too much restriction, while overall usage efficiency is relatively low. The software developer cannot count or check the situation of the user using the software online, so that the software developer is inconvenient to manage the software user effectively.
4. Once broken, can be replicated in large quantities, and is difficult to remedy. The dongles used in large quantity are easy to crack by hardware copying, and once the dongles are cracked, the dongles can be copied in large quantity, so that the dongles are difficult to remedy, and the loss of software developers can reach the irreparable step.
5. Parallel concatenation of different types of hardware may create interference. If a plurality of software runs on the same machine, a plurality of software dogs are connected in series for protection, interference among software dogs of different models is not eliminated, and corresponding software dogs also need to be replaced along with the authorization of software versions, so that more resources are wasted.
Disclosure of Invention
The invention aims to provide a software authorization method and a system which can flexibly authorize according to the needs of clients and are easy to issue, authorize, track and manage.
In an embodiment of the present invention, a software authorization method is provided, which includes:
when a client purchases target software, binding and encrypting the client information, the software running environment information and the authorization information of the target software to generate an authorization certificate, and then providing the target software and the authorization certificate for the client;
when the client uses the target software, the target software adopts the authorization certificate to carry out authorization verification, monitors the use condition of the target software according to the authorization information after the verification is passed, and reports the use condition to an authorization server;
and the authorization server judges whether the use of the target software is legal or not according to the reported information.
In the embodiment of the invention, the client information comprises an enterprise name and a mail address; the software running environment information comprises machine codes of a machine on which the software runs; the authorization information comprises software version, functional modules, account number, deployment scale and authorization period.
In the embodiment of the invention, the encryption process of the authorization certificate comprises the following steps:
encrypting the machine code of the machine operated by the software by adopting an MD5 algorithm;
encrypting the client information and the authorization information by adopting an internal confusion algorithm;
and encrypting the two encrypted data by adopting an RSA algorithm to generate a digital signature.
In the embodiment of the present invention, the execution process of the internal confusion algorithm is as follows:
A. the merging operation ex+cur is carried out on ex and cur to obtain a byte array b8;
B. the server generates 22-bit random number ran22 and combines the 22-bit random number ran with b8, v, u and r to form a 32-bit byte array bt32;
C. performing an OR operation on the bt32 and the 8 th byte b [8] of b8, b32, b8 to generate b32xor;
D. performing a 0 hypothesis AND OR operation H0 on b32xor to generate a mixXOR32;
E. base64 encoding mxiXor32 produces sign b64,
wherein v is software version information, u is user information, r is authorization rule, ex is authorization deadline, and cur is current system time.
In the embodiment of the invention, the target software adopts the authorization certificate to carry out authorization verification, and the method comprises the following steps:
extracting data of machine codes after MD5 encoding from the authorization certificate;
acquiring a machine code of the equipment and performing MD5 coding;
comparing whether the two MD5 codes are consistent, if so, verifying to pass, otherwise, failing to verify.
In the embodiment of the invention, before the target software is sent to the client, the method further comprises the following steps:
and integrating the functional module in the authorization information into the target software and encrypting the executable code of the target software.
In the embodiment of the invention, encrypting the executable code of the target software comprises the following steps:
the data used by the program is confused, and the change data storage, the coding and the change data access are comprehensively used;
reorganizing a Class file of the target software and confusing code symbols;
digitally signing the code file package;
the authorization template code is encrypted using the AES encryption algorithm.
In the embodiment of the invention, the authorization server is an authorization server arranged at a cloud end or a proxy authorization server arranged in an offline local area network of a client.
The embodiment of the invention also provides a software authorization system which comprises a certificate encryption module and an authorization server which are positioned on a software providing platform server and a monitoring protection module which is implanted in target software,
the certificate encryption module is used for binding and encrypting the client information, the software running environment information and the authorization information of the target software to generate an authorization certificate when the client purchases the target software;
the monitoring protection module is used for carrying out authorization verification by adopting the authorization certificate when a client uses the target software, monitoring the use condition of the target software according to the authorization information after the verification is passed and reporting the use condition to an authorization server;
and the authorization server is used for judging whether the use of the target software is legal or not according to the information reported by the monitoring protection module.
In the embodiment of the invention, the client information comprises an enterprise name and a mail address; the software running environment information comprises machine codes of a machine on which the software runs; the authorization information comprises software version, functional modules, account number, deployment scale and authorization period.
In the embodiment of the invention, the encryption process of the certificate encryption module to the authorization certificate comprises the following steps:
encrypting the machine code of the machine operated by the software by adopting an MD5 algorithm;
encrypting the client information and the authorization information by adopting an internal confusion algorithm;
and encrypting the two encrypted data by adopting an RSA algorithm to generate a digital signature.
In the embodiment of the present invention, the execution process of the internal confusion algorithm is as follows:
A. the merging operation ex+cur is carried out on ex and cur to obtain a byte array b8;
B. the server generates 22-bit random number ran22 and combines the 22-bit random number ran with b8, v, u and r to form a 32-bit byte array bt32;
C. performing an OR operation on the bt32 and the 8 th byte b [8] of b8, b32, b8 to generate b32xor;
D. performing a 0 hypothesis AND OR operation H0 on b32xor to generate a mixXOR32;
E. base64 encoding mxiXor32 produces sign b64,
wherein v is software version information, u is user information, r is authorization rule, ex is authorization deadline, and cur is current system time.
In the embodiment of the present invention, the software authorization system further includes:
and the software protection module is arranged on the software providing platform server and is used for integrating the function module in the authorization information into the target software and encrypting the executable code of the target software.
In the embodiment of the invention, the software protection module encrypts the executable code of the target software, and the method comprises the following steps:
the data used by the program is confused, and the change data storage, the coding and the change data access are comprehensively used;
reorganizing a Class file of the target software and confusing code symbols;
digitally signing the code file package;
the authorization template code is encrypted using the AES encryption algorithm.
In the embodiment of the present invention, the software authorization system further includes:
the proxy authorization server is arranged in the client local area network, and is used for receiving information reported by the monitoring protection modules in the target software installed in a plurality of machines in the local area network under the closed network environment, judging whether the use of the target software is legal or not, and determining whether to stop the use of the target software or not according to a judging result.
Compared with the prior art, the software authorization method and system provided by the invention have the following advantages:
1. and the software release efficiency is improved.
The software authorization system based on the public key cryptosystem integrates software encryption and authorization management, so that on one hand, the software is effectively prevented from being pirated, and a software developer can release the software with confidence; on the other hand, the user may use the software according to the authorized license, and the basic elements of software authorization generally include the authorized license number, the service life, the use and the authorized function blocks of the software. Meanwhile, the after-sales management of upgrading, tracking and pushing personalized services for users can be facilitated.
2. Increase sales opportunities and reduce piracy threats.
Software authorization system based on public key cryptosystem customizes various authorization models for users: different service lives, different versions, different use numbers, different function module use rights and different user rights can greatly increase the sales opportunities of the software. The security measures of the method can reduce the threat of software copying and piracy by adopting an advanced encryption method based on a public key cryptosystem, and effectively protect the copyright and commercial interests of software developers.
3. Is convenient to manage.
The software authorization system based on the public key cryptosystem adopts a modularized structural design, thereby being convenient for personalized customization and pushing of personalized services. The security management based on roles can make users in different levels in the organization to be in charge of each other, and manage and use the corresponding authorization certificates. The security level can be easily adjusted and the use authority of the authorization certificate can be controlled by the authorization system in the later stage of issuing the authorization certificate.
4. The cost is reduced and the value is improved.
The presence of a hardware dongle in the traditional hard encryption method brings additional costs to the software vendor, including manufacturing, initialization, transportation, installation and maintenance costs, and the cost of the hardware dongle increases with the increase of software users. And a soft encryption method superior to hard encryption is adopted based on a public key cryptosystem, so that extra cost brought by hardware is effectively avoided. Meanwhile, the management efficiency is improved, the operation cost is reduced, and more value is brought to software developers.
Drawings
FIG. 1 is a flow chart of a software authorization method according to an embodiment of the invention.
Fig. 2 is a flow chart of a software authorization authentication process according to an embodiment of the present invention.
FIG. 3 is a flow chart of encrypting software in an embodiment of the present invention.
Fig. 4 is a flowchart of a software authorization method authorization verification according to an embodiment of the present invention.
Fig. 5 is a schematic structural diagram of a software authorization system according to an embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present invention more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
The implementation of the present invention is described in detail below in connection with specific embodiments.
As shown in fig. 1, in an embodiment of the present invention, a software authorization method is provided, which includes:
when a client purchases target software, binding and encrypting the client information, the software running environment information and the authorization information of the target software to generate an authorization certificate, and then providing the target software and the authorization certificate for the client;
when the client uses the target software, the target software adopts the authorization certificate to carry out authorization verification, monitors the use condition of the target software according to the authorization information after the verification is passed, and reports the use condition to an authorization server;
and the authorization server judges whether the use of the target software is legal or not according to the reported information.
In the embodiment of the invention, the client information comprises an enterprise name and a mail address; the software running environment information comprises machine codes of a machine running the software, such as Mac addresses and hard disk serial codes; the authorization information comprises software version, functional modules, account number, deployment scale and authorization period.
It should be noted that, the authorization certificate is a carrier for authorization management, the copyright of the software product is protected by the distribution mechanism of the license file, and the software developer can limit that only the purchased user can use the software on a specific machine, and the user can only operate the software after taking the authorization certificate.
In the embodiment of the present invention, the license encryption mainly adopts an internal confusion algorithm+md5+rsa algorithm, and specifically, in the embodiment of the present invention, the encryption process for the authorization certificate includes:
encrypting the machine code of the machine operated by the software by adopting an MD5 algorithm;
encrypting the client information and the authorization information by adopting an internal confusion algorithm;
and encrypting the two encrypted data by adopting an RSA algorithm to generate a digital signature.
It should be noted that the purpose of the first two algorithms is to ensure the integrity of the encrypted data and prevent the protected data from being tampered with maliciously. The asymmetric encryption algorithm RSA is used for encrypting and decrypting data in the process of generating and verifying the authorization certificate by a user, and besides, the RSA algorithm is used for carrying out abstract and digital signature on the data by combining the MD5 algorithm and the internal confusion algorithm, so that the protection force on the encrypted data is stronger. The combination of the three algorithms can play a good role in protecting the encryption key and the security of data transmission. In the RSA algorithm, two keys are required: public keys and private keys. The public key and the private key are a pair and are different from each other, and the decryption key cannot be pushed out from the encryption key, and vice versa. If the data is encrypted by the public key, the data can be successfully decrypted only by the corresponding private key; conversely, if the data is encrypted with a private key, then the decryption can be successfully performed only with the corresponding public key. For those who possess a decryption key (typically a private key), it is easy to obtain plaintext by a decryption algorithm; the person without the decryption key can not finish decryption to obtain the plaintext, so that the possibility that an illegal user randomly falsifies the authorization certificate is technically eliminated. Under an asymmetric encryption system, the public key is not required to be transmitted in an encrypted mode, distribution is relatively simple, and the purpose of data encryption can be achieved by only storing the key.
In the embodiment of the present invention, the execution process of the internal confusion algorithm is as follows:
A. the merging operation ex+cur is carried out on ex and cur to obtain a byte array b8;
B. the server generates 22-bit random number ran22 and combines the 22-bit random number ran with b8, v, u and r to form a 32-bit byte array bt32;
C. performing an OR operation on the bt32 and the 8 th byte b [8] of b8, b32, b8 to generate b32xor;
D. performing a 0 hypothesis AND OR operation H0 on b32xor to generate a mixXOR32;
E. base64 encoding mxiXor32 produces sign b64,
wherein v is software version information, u is user information, r is authorization rule, ex is authorization deadline, and cur is current system time.
As shown in fig. 2, in the embodiment of the present invention, the target software performs authorization verification by using the authorization certificate, including:
extracting data of machine codes after MD5 encoding from the authorization certificate;
acquiring a machine code of the equipment and performing MD5 coding;
comparing whether the two MD5 codes are consistent, if so, verifying to pass, otherwise, failing to verify.
If the verification fails, limiting the use or the deactivation of the software according to the rule; and if the verification is successful, the software is operated, the operation condition of the target software is monitored according to the content of the authorization certificate, and the monitoring information is sent to the authorization server.
Further, as shown in fig. 3, in the embodiment of the present invention, before sending the target software to the client, the method further includes: and integrating the functional module in the authorization information into the target software and encrypting the executable code of the target software. The method comprises the steps of integrating a functional module in authorization information into target software, adopting authorization api integration, and encrypting executable codes of the target software, wherein the encryption comprises trap burial points, code confusion, code file signature and code encryption. The following detailed description is given respectively.
Authorization api integration: the ability sdk to provide integrated authorization protection code for object code that needs to reference sdk api integrated buried points at verified places, such as: counting user accounts: the integration environment needs to check the api and the like at the software service starting place, and the integration of different authorized apis needs to be carried out by the target software embedded on different target codes. Non-business class detection sdk is automatically integrated using probe technology, such as: flow statistics, environment feature code verification, validity period verification and the like, and target software selects indexes which need authorization protection.
Trap buries the point: the data trap is also called as a data trap, which confuses the data used by the program, and comprehensively uses the changed data storage, the code and the changed data access. Changing the data storage and encoding may disrupt the manner in which the program is stored. For example, unpacking an array of 10 members into 10 variables and disturbing the names of these variables; converting a two-dimensional array into a one-dimensional array, etc.
Code confusion: and reorganizing the Class files in the target software program by using a confusion tool, and carrying out confusion on code symbols so that the processed codes and the pre-processed codes complete the same functions. But the obfuscated code is difficult to read. Symbol confusion is, for example, method names, variable names, the names of which often bear a certain meaning. For example, a method named getKeyLength (), then this method is likely to be the length that is used to return keys. Symbol confusion is the scrambling of such information, turning it into a representation of no significance, e.g., numbering all variables from vairant_001; numbering starts from method_001 for all methods. The purpose of code obfuscation is to increase the man's difficulty of decompilers reading the code.
Code file signature: by digitally signing and verifying the code file package, the file package is prevented from being tampered.
Code encryption: using AES encryption algorithm to encrypt the authorized template code, the code is decoded by the custom class loader before loading, the decoding part uses or converts the code into the local code which can not be decompiled, and the non-local code calls such as: java is invoked through JNI technology.
As further shown in fig. 2, when the client starts the target software, after verification by using the authorization certificate, the client needs to monitor the running condition of the target software according to the content of the authorization certificate and send the monitoring information to the authorization server. For the online authorization server located at the cloud, the running condition of the software can be directly monitored, so that whether the running of the target software exceeds the authorization range is found, and whether the running of the target software is stopped is determined. As shown in fig. 4, for the authorization monitoring problem under the closed network environment, the software publisher provides an offline proxy authorization server set in the client local area network for controlling the authorization mode limited by the deployment scale, concurrency number, user number, etc., in the local area network, each node device is responsible for reporting its own flow and node number to the proxy authorization server, and the proxy authorization server checks the authorization certificate after reporting data statistics through the node, and decides whether to stop the service according to the result.
Further, as shown in fig. 5, corresponding to the above-mentioned software authorization method, in the embodiment of the present invention, a software authorization system is further provided, which includes a certificate encryption module located in a software providing platform server, a software protection module, an authorization server, a monitoring protection module implanted in target software, and a proxy authorization server disposed in an offline local area network where a client is located. The following description will be given separately.
And the certificate encryption module is used for binding and encrypting the client information, the software running environment information and the authorization information of the target software to generate an authorization certificate when the client purchases the target software.
In the embodiment of the invention, the client information comprises an enterprise name and a mail address; the software running environment information comprises machine codes of a machine on which the software runs; the authorization information comprises software version, functional modules, account number, deployment scale and authorization period.
In the embodiment of the invention, the encryption process of the certificate encryption module to the authorization certificate comprises the following steps:
encrypting the machine code of the machine operated by the software by adopting an MD5 algorithm;
encrypting the client information and the authorization information by adopting an internal confusion algorithm;
and encrypting the two encrypted data by adopting an RSA algorithm to generate a digital signature.
In the embodiment of the present invention, the execution process of the internal confusion algorithm is as follows:
A. the merging operation ex+cur is carried out on ex and cur to obtain a byte array b8;
B. the server generates 22-bit random number ran22 and combines the 22-bit random number ran with b8, v, u and r to form a 32-bit byte array bt32;
C. performing an OR operation on the bt32 and the 8 th byte b [8] of b8, b32, b8 to generate b32xor;
D. performing a 0 hypothesis AND OR operation H0 on b32xor to generate a mixXOR32;
E. base64 encoding mxiXor32 produces sign b64,
wherein v is software version information, u is user information, r is authorization rule, ex is authorization deadline, and cur is current system time.
The software protection module is used for integrating the function module in the authorization information into the target software and encrypting the executable code of the target software.
In the embodiment of the invention, the software protection module encrypts the executable code of the target software, and the method comprises the following steps:
the data used by the program is confused, and the change data storage, the coding and the change data access are comprehensively used;
reorganizing a Class file of the target software and confusing code symbols;
digitally signing the code file package;
the authorization template code is encrypted using the AES encryption algorithm.
And the monitoring protection module is used for carrying out authorization verification by adopting the authorization certificate when the client uses the target software, monitoring the use condition of the target software according to the authorization information after the verification is passed and reporting the use condition to the authorization server.
And the authorization server is used for judging whether the use of the target software is legal or not according to the information reported by the monitoring protection module.
The proxy authorization server is used for receiving information reported by the monitoring protection modules in the target software installed in a plurality of machines in the local area network under the closed network environment, judging whether the use of the target software is legal or not, and determining whether to stop the use of the target software or not according to a judging result.
In summary, the software authorization method and system provided by the invention have the following advantages:
1. and the software release efficiency is improved.
The software authorization system based on the public key cryptosystem integrates software encryption and authorization management, so that on one hand, the software is effectively prevented from being pirated, and a software developer can release the software with confidence; on the other hand, the user may use the software according to the authorized license, and the basic elements of software authorization generally include the authorized license number, the service life, the use and the authorized function blocks of the software. Meanwhile, the after-sales management of upgrading, tracking and pushing personalized services for users can be facilitated.
2. Increase sales opportunities and reduce piracy threats.
Software authorization system based on public key cryptosystem customizes various authorization models for users: different service lives, different versions, different use numbers, different function module use rights and different user rights can greatly increase the sales opportunities of the software. The security measures of the method can reduce the threat of software copying and piracy by adopting an advanced encryption method based on a public key cryptosystem, and effectively protect the copyright and commercial interests of software developers.
3. Is convenient to manage.
The software authorization system based on the public key cryptosystem adopts a modularized structural design, thereby being convenient for personalized customization and pushing of personalized services. The security management based on roles can make users in different levels in the organization to be in charge of each other, and manage and use the corresponding authorization certificates. The security level can be easily adjusted and the use authority of the authorization certificate can be controlled by the authorization system in the later stage of issuing the authorization certificate.
4. The cost is reduced and the value is improved.
The presence of a hardware dongle in the traditional hard encryption method brings additional costs to the software vendor, including manufacturing, initialization, transportation, installation and maintenance costs, and the cost of the hardware dongle increases with the increase of software users. And a soft encryption method superior to hard encryption is adopted based on a public key cryptosystem, so that extra cost brought by hardware is effectively avoided. Meanwhile, the management efficiency is improved, the operation cost is reduced, and more value is brought to software developers.
The foregoing description of the preferred embodiments of the invention is not intended to be limiting, but rather is intended to cover all modifications, equivalents, and alternatives falling within the spirit and principles of the invention.

Claims (10)

1. A method of software authorization, comprising:
when a client purchases target software, binding and encrypting the client information, the software running environment information and the authorization information of the target software to generate an authorization certificate, and then providing the target software and the authorization certificate for the client;
and when the client uses the target software, the target software adopts the authorization certificate to carry out authorization verification.
2. The software authorization method according to claim 1, further comprising:
after the target software passes the verification, monitoring the service condition of the target software according to the authorization information and reporting the service condition to an authorization server;
and the authorization server judges whether the use of the target software is legal or not according to the reported information.
3. The software authorization method according to claim 2, wherein the client information includes a business name, a mail address; the software running environment information comprises machine codes of a machine on which the software runs; the authorization information comprises software version, functional modules, account number, deployment scale and authorization period.
4. A software authorisation method as claimed in claim 3 in which the encryption process of the authorisation certificate comprises:
encrypting the machine code of the machine operated by the software by adopting an MD5 algorithm;
encrypting the client information and the authorization information by adopting an internal confusion algorithm;
and encrypting the two encrypted data by adopting an RSA algorithm to generate a digital signature.
5. The software authorization method according to claim 4, wherein the internal confusion algorithm is performed as follows:
A. the merging operation ex+cur is carried out on ex and cur to obtain a byte array b8;
B. the server generates 22-bit random number ran22 and combines the 22-bit random number ran with b8, v, u and r to form a 32-bit byte array bt32;
C. performing an OR operation on the bt32 and the 8 th byte b [8] of b8, b32, b8 to generate b32xor;
D. performing a 0 hypothesis AND OR operation H0 on b32xor to generate a mixXOR32;
E. base64 encoding mxiXor32 produces sign b64,
wherein v is software version information, u is user information, r is authorization rule, ex is authorization deadline, and cur is current system time.
6. The software authorization method according to claim 4, wherein the target software performs authorization verification using the authorization certificate, comprising:
extracting data of machine codes after MD5 encoding from the authorization certificate;
acquiring a machine code of the equipment and performing MD5 coding;
comparing whether the two MD5 codes are consistent, if so, verifying to pass, otherwise, failing to verify.
7. A software authorization method according to claim 3, further comprising: before sending the target software to the client, the method further comprises:
and integrating the functional module in the authorization information into the target software and encrypting the executable code of the target software.
8. The software authorization method according to claim 7, wherein encrypting the executable code of the target software includes:
the data used by the program is confused, and the change data storage, the coding and the change data access are comprehensively used;
reorganizing a Class file of the target software and confusing code symbols;
digitally signing the code file package;
the authorization template code is encrypted using the AES encryption algorithm.
9. The software authorization method according to claim 2, wherein the authorization server is an authorization server set in a cloud or a proxy authorization server set in an offline local area network of the client.
10. A software authorization system is characterized by comprising a certificate encryption module positioned on a software providing platform server, an authorization server side and a monitoring protection module implanted in target software,
the certificate encryption module is used for binding and encrypting the client information, the software running environment information and the authorization information of the target software to generate an authorization certificate when the client purchases the target software;
the monitoring protection module is used for carrying out authorization verification by adopting the authorization certificate when a client uses the target software;
and the authorization server is used for judging whether the use of the target software is legal or not according to the information reported by the monitoring protection module.
CN202211555438.7A 2022-12-06 2022-12-06 Software authorization method and system Pending CN116167020A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211555438.7A CN116167020A (en) 2022-12-06 2022-12-06 Software authorization method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211555438.7A CN116167020A (en) 2022-12-06 2022-12-06 Software authorization method and system

Publications (1)

Publication Number Publication Date
CN116167020A true CN116167020A (en) 2023-05-26

Family

ID=86419038

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211555438.7A Pending CN116167020A (en) 2022-12-06 2022-12-06 Software authorization method and system

Country Status (1)

Country Link
CN (1) CN116167020A (en)

Similar Documents

Publication Publication Date Title
US7270193B2 (en) Method and system for distributing programs using tamper resistant processor
US6801999B1 (en) Passive and active software objects containing bore resistant watermarking
US6898706B1 (en) License-based cryptographic technique, particularly suited for use in a digital rights management system, for controlling access and use of bore resistant software objects in a client computer
US6233567B1 (en) Method and apparatus for software licensing electronically distributed programs
EP1942430B1 (en) Token Passing Technique for Media Playback Devices
US20060149683A1 (en) User terminal for receiving license
US9520990B2 (en) System and method for software protection and secure software distribution
US6047242A (en) Computer system for protecting software and a method for protecting software
EP2110772A2 (en) Method and apparatus for protecting information and privacy
US20080262968A1 (en) Software licensing control via mobile devices
JP2005518041A (en) Methods and configurations for protecting software
JP2007511810A (en) Proof of execution using random number functions
KR20140000352A (en) Device and method for a backup of rights objects
CN101923616A (en) Service provision device in copyright protection, user terminal and copyright protection method
KR100755708B1 (en) Method and apparatus for consuming contents using temporary license
US6651169B1 (en) Protection of software using a challenge-response protocol embedded in the software
Mana et al. An efficient software protection scheme
JP2008021021A (en) License authentication method for software
US20050246285A1 (en) Software licensing using mobile agents
KR101415786B1 (en) A Hybrid Design system and method of Online Execution Class and Encryption-based Copyright Protection for Android Apps
CN116167020A (en) Software authorization method and system
KR20070113510A (en) Method and device for security on digital rights management system
Grimen et al. Software-based copy protection for temporal media during dissemination and playback
KR200445920Y1 (en) Anti System-Copy Device which consists of Decryption IC and Encryption algorithm
KR20090089223A (en) Encryption/decryption method for using official document

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination