CN116226793A - Software authorization method, device, equipment and medium based on distributed cluster - Google Patents
Software authorization method, device, equipment and medium based on distributed cluster Download PDFInfo
- Publication number
- CN116226793A CN116226793A CN202310207590.4A CN202310207590A CN116226793A CN 116226793 A CN116226793 A CN 116226793A CN 202310207590 A CN202310207590 A CN 202310207590A CN 116226793 A CN116226793 A CN 116226793A
- Authority
- CN
- China
- Prior art keywords
- authorization
- application code
- application
- code
- ciphertext
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 64
- 238000013475 authorization Methods 0.000 claims abstract description 131
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 32
- 150000003839 salts Chemical class 0.000 claims abstract description 15
- 230000004044 response Effects 0.000 claims abstract description 11
- 230000006870 function Effects 0.000 claims description 33
- 238000012795 verification Methods 0.000 claims description 31
- 239000004973 liquid crystal related substance Substances 0.000 claims description 3
- 238000013461 design Methods 0.000 abstract description 4
- 238000004364 calculation method Methods 0.000 abstract description 3
- 238000000926 separation method Methods 0.000 abstract description 3
- 238000004883 computer application Methods 0.000 abstract description 2
- 238000004590 computer program Methods 0.000 description 9
- 238000012545 processing Methods 0.000 description 9
- 238000004891 communication Methods 0.000 description 8
- 238000005516 engineering process Methods 0.000 description 8
- 230000008569 process Effects 0.000 description 6
- 238000010586 diagram Methods 0.000 description 5
- 238000011161 development Methods 0.000 description 3
- 230000018109 developmental process Effects 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 230000008901 benefit Effects 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 230000032683 aging Effects 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000001953 sensory effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000007704 transition Effects 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/105—Arrangements for software license management or administration, e.g. for managing licenses at corporate level
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Technology Law (AREA)
- Multimedia (AREA)
- Databases & Information Systems (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- Data Mining & Analysis (AREA)
- Computer And Data Communications (AREA)
Abstract
The embodiment of the disclosure provides a software authorization method, device, equipment and medium based on a distributed cluster, which are applied to the technical field of computer application. The method comprises the steps of receiving an application code generation request of a current client, and obtaining an authorization file and an application file; generating a first application code based on a preset algorithm in response to the absence of the authorization file and the application file; encrypting the first application code, and carrying out salt adding treatment to obtain a first ciphertext; and returning the first ciphertext to the current client. In a full-container calculation and separation environment, the software application codes are stored in a scattered manner by constructing a scattered and durable combined application code and a complex logic design of a combined means, so that the problem of authorization permission of complex and changeable cluster information is solved.
Description
Technical Field
The present disclosure relates to the field of computer application technologies, and in particular, to a method, an apparatus, a device, and a medium for software authorization based on distributed clusters.
Background
The core idea of software protection is to prevent software from being pirated. Software authorization is an extension and development of the concept of software protection. The goal of software authorization is to allow a software user to use software according to purchase permissions, involving the content of the number of installed copies of the software, the time of use, the application range, and the functional modules. The advent of software authorization technology, particularly cloud authorization technology, has solved software developer's demands for software sales digitization, automation and manageability, is a converged paradigm of software authorization technology and "internet +". The software authorization can provide a complete set of complete solutions from the design, development integration and debugging of the software authorization to the generation, distribution and management of the software authorization on the basis of realizing the software protection technology. The transition from traditional software protection to software authorization is not only the inevitable result of the development of software protection technology in the internet age, but also the strong desire of developers to reduce the cost of protection, release, management and maintenance of software, and to respond more quickly to changes in user demands and markets. The traditional software authorization technology often needs to bind physical hardware information of each node in the cluster to generate an application code, then generates an authorization code according to a certain logic design algorithm, and decodes according to the authorization code in the software use process to obtain authorization information. The authorization technology for binding physical hardware information can cause the information of the application code to change when the cluster information changes, such as IP address changes, hard disk replacement, node addition and the like, and finally causes the problem that the authorization code cannot be checked correctly after decoding.
Disclosure of Invention
The disclosure provides a software authorization method, device, equipment and medium based on a distributed cluster.
According to a first aspect of the present disclosure, a software authorization method based on distributed clusters is provided. The method comprises the following steps:
receiving an application code generation request of a current client, and acquiring an authorization file and an application file;
generating a first application code based on a preset algorithm in response to the absence of the authorization file and the application file;
encrypting the first application code, and carrying out salt adding treatment to obtain a first ciphertext;
and returning the first ciphertext to the current client.
Further, the first application code includes a second application code and a third application code, wherein the second application code is stored by the container, and the third application code is stored by the database.
Further, the generating the first application code based on the preset algorithm includes:
acquiring the second application code and the third application code; wherein the second application code is generated in the container based on a preset algorithm, and the third application code is generated in the database based on a preset algorithm;
and generating the first application code according to the second application code and the third application code.
Further, the encrypting and salifying the first application code to obtain a first ciphertext includes:
acquiring application time;
according to the application time and a preset salt value, an encryption function is called to encrypt the first application code, and a first ciphertext is obtained; the encryption function is any function used for encryption in a preset encryption and decryption algorithm library.
Further, the method further comprises:
judging whether the current node is an edge node or not;
responding to the current node as an edge node, and generating a fourth application code based on a preset algorithm;
and encrypting the fourth application code and the first ciphertext, and adding salt to obtain a second ciphertext.
Further, the method further comprises:
receiving an authorization verification request; the authorization check request is obtained by intercepting a request of a system software interface by an interceptor; the authorization check request comprises a third ciphertext;
invoking a decryption function in a preset encryption and decryption algorithm library to decode the third ciphertext to obtain authorization information; the decryption function is a function which corresponds to the encryption function and is used for decryption;
and carrying out authorization verification based on the authorization information.
Further, the authorization information includes a first authorization code, a second authorization code, and an authorization time, and the performing authorization verification based on the authorization information includes:
comparing the first authorization code with the fourth application code;
comparing the second authorization code with the first application code in response to the first authorization code being consistent with the fourth application code;
responding to the comparison of the second authorization code and the first application code to be consistent, and comparing the authorization time with the application time;
and generating an authorization passing instruction to enable the interceptor to pass the authorization check request when the authorization time is within the application time range.
According to a second aspect of the present disclosure, a software authorization apparatus based on a distributed cluster is provided. The device comprises:
the information receiving module is used for receiving an application code generation request of the current client and acquiring an authorization file and an application file;
the query module is used for responding to the absence of the authorization file and the application file;
the application code generation module is used for generating a first application code based on a preset algorithm;
the encryption module is used for encrypting the first application code and adding salt to obtain a first ciphertext;
and the sending module is used for returning the first ciphertext to the current client.
According to a third aspect of the present disclosure, an electronic device is provided. The electronic device includes: a memory and a processor, the memory having stored thereon a computer program, the processor implementing the method as described above when executing the program.
According to a fourth aspect of the present disclosure, there is provided a computer readable storage medium having stored thereon a computer program which when executed by a processor implements a method according to the first aspect of the present disclosure.
The software authorization method, the device, the equipment and the medium based on the distributed cluster, which are provided by the embodiment of the disclosure, generate the application codes of the nodes according to the application codes respectively stored in the container and the database, and encrypt and transmit the application codes to ensure the safety of the application codes, so that the software authorization method which is safer and more reliable and can adapt to the complex and changeable cluster information environment is provided by using a mode of storing the software application codes in a scattered manner and a mode of correspondingly combining the application codes in a fully-containerized calculation and separation environment. In addition, the nodes involved in the distributed cluster generate application codes in a corresponding mode according to the levels of the nodes, so that the multi-level nodes can be verified step by step during authorization verification, and the security and reliability of the authorization verification are improved.
It should be understood that what is described in this summary is not intended to limit the critical or essential features of the embodiments of the disclosure nor to limit the scope of the disclosure. Other features of the present disclosure will become apparent from the following description.
Drawings
The above and other features, advantages and aspects of embodiments of the present disclosure will become more apparent by reference to the following detailed description when taken in conjunction with the accompanying drawings. For a better understanding of the present disclosure, and without limiting the disclosure thereto, the same or similar reference numerals denote the same or similar elements, wherein:
FIG. 1 illustrates a flow chart of a distributed cluster-based software authorization method according to an embodiment of the present disclosure;
FIG. 2 illustrates a flow chart of a distributed cluster-based software authorization method according to yet another embodiment of the present disclosure;
FIG. 3 illustrates a flow chart of a distributed cluster-based software authorization method according to yet another embodiment of the present disclosure;
FIG. 4 illustrates a flow chart of a distributed cluster-based software authorization method according to yet another embodiment of the present disclosure;
FIG. 5 illustrates a block diagram of a distributed cluster-based software authorization apparatus, according to an embodiment of the disclosure;
fig. 6 illustrates a block diagram of an exemplary electronic device capable of implementing embodiments of the present disclosure.
Detailed Description
For the purposes of making the objects, technical solutions and advantages of the embodiments of the present disclosure more apparent, the technical solutions of the embodiments of the present disclosure will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present disclosure, and it is apparent that the described embodiments are some embodiments of the present disclosure, but not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments in this disclosure without inventive faculty, are intended to be within the scope of this disclosure.
In addition, the term "and/or" herein is merely an association relationship describing an association object, and means that three relationships may exist, for example, a and/or B may mean: a exists alone, A and B exist together, and B exists alone. In addition, the character "/" herein generally indicates that the front and rear associated objects are an "or" relationship.
The invention relates to a software authorization method suitable for a distributed container cluster environment, which comprises a data center server, a center node and an edge node, wherein the center node is responsible for the authorization verification of the edge node and then transmits an authorization code of the center node and an authorization code I of the edge node to the data center server, and the data center server completes the authorization verification of the center node and the edge node; or the central node uniformly transmits the authorization code of the central node and the authorization code I of the edge node to the data center server, and the data center server completes authorization verification of the central node and the edge node.
Fig. 1 illustrates a flowchart of a distributed cluster-based software authorization method 100 according to an embodiment of the present disclosure. The method 100 comprises the following steps:
In some embodiments, when an application code generation request of a client is received, a function code generated by the application code is called, the function can call an authorization file query path of a file system, such as a/etc/context/. Lc path, to query whether an authorization file exists, if the authorization file exists, the function code indicates that the authorization code has been generated before and has not been disabled, and the function code directly returns the authorization code updated with the authorization time to the client; if the application file does not exist, further inquiring whether the application file exists or not, and inquiring a path, such as a/etc/context/. Rc path, of the application file through a function call file system, if the application file exists, the application code exists, and generation of a new application code is not needed. In addition, the authorization file is stored according to the authorization time in an aging way, and when the authorization time is exceeded, the authorization file automatically fails, namely, a corresponding authorization file query path cannot be queried according to the function of calling whether the corresponding query authorization file exists. The same is true for the aged storage of the application document. And the data center server timely cleans up and updates the invalid authorization files and application files. While ensuring the authorization security, the system memory space is excessively occupied, the system load is reduced, and the operation efficiency is improved.
And step 120, generating a first application code based on a preset algorithm in response to the absence of the authorization file and the application file.
In some embodiments, the processing of step 110 requires the system to generate a new application code when the authorization file and the application file are not present. The first application code comprises a second application code and a third application code, the second application code is generated in the container based on a preset algorithm, and the third application code is generated in the database based on the preset algorithm. For example, a second application code is generated in the container based on a preset algorithm: 991be53e-574e-4d4c-bdee-f92542a2bc98, generating a third application code in a database based on a preset algorithm: 314763dc-1b96-46fe-aa2d-b01e830f6f83, and then splicing and combining the second application code and the third application code to obtain a first application code: 991be53e-574e-4d4c-bdee-f92542a2bc98@314763dc-1b96-46fe-aa2d-b01e830f6f83. The preset algorithm may be set by an operator according to experience in a self-defining manner, or may be generated randomly by using a random algorithm according to a set application code generation rule, and the splicing and combining rule of the two application codes may be joint, intersection, position replacement, and the like, which is not limited by the above examples. Therefore, by storing the application codes in a scattered manner, one part of the application codes are stored in the container, and the other part of the application codes are stored in the database, namely the application codes are not bound with any physical cluster information, when the cluster information changes, such as IP address changes, hard disk replacement and node addition, and the clusters are subjected to capacity expansion and maintenance operation and the like, the application codes are not affected, the application codes are not changed, and the problem that the authorization codes cannot be checked correctly after decoding is avoided. Meanwhile, the application code and the persistent file of the authorization code are stored in the storage and the database of the container where the authorization service operates, so that horizontal expansion is supported.
And 130, encrypting the first application code, and adding salt to obtain a first ciphertext.
In some embodiments, in order to securely transmit the application code generated in step 120 to the client, it needs to be encrypted: acquiring application time; according to the application time and a preset salt value, an encryption function is called to encrypt the first application code, and a first ciphertext is obtained; the encryption function is any function used for encryption in a preset encryption and decryption algorithm library. The application time comprises application start time and application end time. For example, any encryption function in a preset encryption and decryption algorithm library, such as an RSA encryption function, and a preset salt value geosis.wisdom.zhcxyjy, an application start time 2023-2-10 and an application end time 2023-2-12 are called, for the first application code: 991be53e-574e-4d4c-bdee-f92542a2bc98@314763dc-1b96-46fe-aa2d-b01e830f6f83 to obtain a first ciphertext:
RjtRJ5w2mwE ckWvw8xmzowJTwO7PVm7iQIfO3/WpQthG9B4E7RPS5KY o3w4rS9Cy6EAO+1r6W2eAZQdXp7vvxhZ1uBprYrPV+T9J8b+UNaAu+mPR VeHubwuvp0US+b2JQ6AtkNb+41WoLSlyt7Wn5FZdq5/dBVkbH14wzd7ZIo7qVLud2 JFUXvGoPsTfI 8/ernnemlCyxBVEihl 9FZN5 LWQjF1 vpeDD/XRmGGGVGBSEQd 4/YZxZ3YQYFCbukmVyanGDmUHH8 DZARcjCjZY 40tbpjH7XNh fK5wvBz26YY4/zEeI+fjPDu2 sskhDgtDqanYLLt244+ FdA 8/ug=. It should be noted that the encryption function herein is not limited by the above examples.
And 140, returning the first ciphertext to the current client.
In some embodiments, the encrypted application code obtained in step 130 is sent to the client to complete the application code generation request of the software.
According to the software authorization method, device, equipment and medium based on the distributed cluster, which are provided by the embodiment, the application codes of the nodes are generated according to the application codes respectively stored in the container and the database, and the application codes are encrypted and transmitted so as to ensure the safety of the application codes, and the software authorization method which is safer and more reliable and can adapt to the complex and changeable cluster information environment is provided by using a mode of storing the software application codes in a scattered manner and a mode of correspondingly combining the application codes in a fully-containerized calculation and separation environment. In addition, the nodes involved in the distributed cluster generate application codes in a corresponding mode according to the levels of the nodes, so that the multi-level nodes can be verified step by step during authorization verification, and the security and reliability of the authorization verification are improved.
Based on the foregoing embodiment, in still another embodiment provided in the present disclosure, the method 200 includes the following steps:
And 220, generating a fourth application code based on a preset algorithm in response to the current node being an edge node.
And 230, encrypting the fourth application code and the first ciphertext, and adding salt to obtain a second ciphertext.
In some embodiments, the method 100 may be implemented based on a central node and an edge node in a distributed cluster environment, where the application codes of the central node and the edge node are both generated. Furthermore, it relates to the fact that the application code of an edge node can be generated by the method 200 if it is an edge node. For example, in the process of generating the application code, if the current node is an edge node, a first ciphertext of the central node is generated, then the application code of the edge node is generated on the basis of the first ciphertext, and then encryption and salt adding processing are carried out on the application code of the edge node.
Based on the above embodiment, in a further embodiment provided in the present disclosure, the authorization verification flowchart shown in fig. 3 specifically includes the following steps:
in step 310, an authorization check request is received.
The authorization check request is obtained by intercepting a request of a system software interface by an interceptor; the authorization check request includes a third ciphertext.
And 320, calling a decryption function in a preset encryption and decryption algorithm library to decode the third ciphertext to obtain authorization information.
Wherein the decryption function is a function for decryption corresponding to the encryption function.
And 330, performing authorization verification based on the authorization information.
In some embodiments, the interceptor intercepts the authorization code of the software interface, then invokes a decryption function in a preset encryption and decryption algorithm library to decode the intercepted authorization code, and then performs authorization verification based on the decrypted authorization information. The authorization verification process can be that the center node completes authorization verification of the edge node before the data center server completes authorization verification, and the authorization verification of the data center server can be that the center node and the edge node are both authorized and verified, or only the center node is verified.
Based on the foregoing embodiment, in a further embodiment of the present disclosure, an authorization verification flowchart as shown in fig. 4 is provided, where authorization verification is performed by a data center server on both a center node and an edge node, and specifically includes the following steps:
And step 420, comparing the second authorization code with the first application code in response to the first authorization code being identical to the fourth application code.
And step 430, comparing the authorization time with the application time in response to the second authorization code being identical to the first application code.
And step 440, generating an authorization pass instruction to enable the interceptor to release the authorization check request in response to the authorization time being within the application time range.
In some embodiments, when the unique application code is automatically generated and the authorized service is deployed in multiple instances, a plurality of nodes are down, and the authorized verification service can be normally provided. The data center server completes authorization verification of the center node and the edge node, wherein the authorization information obtained in step 330 includes a first authorization code, a second authorization code and an authorization time, the first authorization code is compared with a fourth application code, the second authorization code is compared with the first application code, and the comparison results are consistent, so that the authorization code verification is correct, whether the authorization time is correct or not needs to be further verified at the moment, and if the authorization time is within a time limit range, the verification is passed at the moment.
In some embodiments, the center node and the edge node may be authenticated by the data center server after the center node performs the first authentication of the edge node; the center node may be authenticated by the data center server after the center node is authenticated by the edge node. The authorization verification process of the central node comprises the following steps: comparing the first authorization code with the fourth application code to be consistent, wherein the authorization time is within a time limit range; the process of verifying the central node by the data center server comprises the following steps: and comparing the second authorization code with the first application code to ensure that the authorization time is within a time limit range. Similarly, if the application codes of the center node and the edge node are both generated according to the method 100, the different verification methods described above may also be used, which will not be described herein. Therefore, the operator can perform user-defined setting when performing system setting, and perform verification by adopting one or a combination of a plurality of verification modes, so that the flexibility and the security of authorization verification are improved.
It should be noted that, for simplicity of description, the foregoing method embodiments are all described as a series of acts, but it should be understood by those skilled in the art that the present disclosure is not limited by the order of acts described, as some steps may be performed in other orders or concurrently in accordance with the present disclosure. Further, those skilled in the art will also appreciate that the embodiments described in the specification are all alternative embodiments, and that the acts and modules referred to are not necessarily required by the present disclosure.
The foregoing is a description of embodiments of the method, and the following further describes embodiments of the present disclosure through examples of apparatus.
Fig. 5 illustrates a block diagram of a distributed cluster-based software authorization apparatus 500, according to an embodiment of the disclosure. As shown in fig. 5, the apparatus 500 includes:
the information receiving module 510 is configured to receive an application code generation request of a current client, and obtain an authorization file and an application file;
the application code generation module 520 is configured to generate a first application code based on a preset algorithm in response to the authorization file and the application file not being present;
the encryption module 530 is configured to encrypt and perform salt adding processing on the first application code to obtain a first ciphertext;
and a sending module 540, configured to return the first ciphertext to the current client.
It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the described modules may refer to corresponding procedures in the foregoing method embodiments, which are not described herein again.
According to embodiments of the present disclosure, the present disclosure also provides an electronic device, a readable storage medium and a computer program product.
Fig. 6 shows a schematic block diagram of an electronic device 600 that may be used to implement embodiments of the present disclosure. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile devices, such as personal digital processing, cellular telephones, smartphones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations of the disclosure described and/or claimed herein.
The device 600 includes a computing unit 601 that can perform various suitable actions and processes according to computer programs stored in a Read Only Memory (ROM) 602 or loaded from a storage unit 608 into a Random Access Memory (RAM) 603. In the RAM 603, various programs and data required for the operation of the device 600 may also be stored. The computing unit 601, ROM602, and RAM 603 are connected to each other by a bus 604. An input/output (I/O) interface 605 is also connected to bus 604.
Various components in the device 600 are connected to the I/O interface 605, including: an input unit 606 such as a keyboard, mouse, etc.; an output unit 607 such as various types of displays, speakers, and the like; a storage unit 608, such as a magnetic disk, optical disk, or the like; and a communication unit 609 such as a network card, modem, wireless communication transceiver, etc. The communication unit 609 allows the device 600 to exchange information/data with other devices via a computer network, such as the internet, and/or various telecommunication networks.
The computing unit 601 may be a variety of general and/or special purpose processing components having processing and computing capabilities. Some examples of computing unit 601 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various specialized Artificial Intelligence (AI) computing chips, various computing units running machine learning model algorithms, a Digital Signal Processor (DSP), and any suitable processor, controller, microcontroller, etc. The computing unit 601 performs the various methods and processes described above, such as method 100 and/or method 200. For example, in some embodiments, method 100 and/or method 200 may be implemented as a computer software program tangibly embodied on a machine-readable medium, such as storage unit 608. In some embodiments, part or all of the computer program may be loaded and/or installed onto the device 600 via the ROM602 and/or the communication unit 609. When the computer program is loaded into RAM 603 and executed by computing unit 601, one or more steps of method 100 and/or method 200 described above may be performed. Alternatively, in other embodiments, computing unit 601 may be configured to perform method 100 and/or method 200 in any other suitable manner (e.g., by means of firmware).
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuit systems, field Programmable Gate Arrays (FPGAs), application Specific Integrated Circuits (ASICs), application Specific Standard Products (ASSPs), systems On Chip (SOCs), load programmable logic devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs, the one or more computer programs may be executed and/or interpreted on a programmable system including at least one programmable processor, which may be a special purpose or general-purpose programmable processor, that may receive data and instructions from, and transmit data and instructions to, a storage system, at least one input device, and at least one output device.
Program code for carrying out methods of the present disclosure may be written in any combination of one or more programming languages. These program code may be provided to a processor or controller of a general purpose computer, special purpose computer, or other programmable data processing apparatus such that the program code, when executed by the processor or controller, causes the functions/operations specified in the flowchart and/or block diagram to be implemented. The program code may execute entirely on the machine, partly on the machine, as a stand-alone software package, partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of this disclosure, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. The machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on a computer having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and pointing device (e.g., a mouse or trackball) by which a user can provide input to the computer. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user may be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic input, speech input, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a background component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such background, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), wide Area Networks (WANs), and the internet.
The computer system may include a client and a server. The client and server are typically remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server may be a cloud server, a server of a distributed system, or a server incorporating a blockchain.
It should be appreciated that various forms of the flows shown above may be used to reorder, add, or delete steps. For example, the steps recited in the present disclosure may be performed in parallel, sequentially, or in a different order, provided that the desired results of the disclosed aspects are achieved, and are not limited herein.
The above detailed description should not be taken as limiting the scope of the present disclosure. It will be apparent to those skilled in the art that various modifications, combinations, sub-combinations and alternatives are possible, depending on design requirements and other factors. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present disclosure are intended to be included within the scope of the present disclosure.
Claims (10)
1. A software authorization method based on a distributed cluster, applied to a server, comprising the following steps:
receiving an application code generation request of a current client, and acquiring an authorization file and an application file;
generating a first application code based on a preset algorithm in response to the absence of the authorization file and the application file;
encrypting the first application code, and carrying out salt adding treatment to obtain a first ciphertext;
and returning the first ciphertext to the current client.
2. The method of claim 1, wherein the first application code comprises a second application code and a third application code, wherein the second application code is stored by a container and the third application code is stored by a database.
3. The method of claim 2, wherein the generating the first application code based on the preset algorithm comprises:
acquiring the second application code and the third application code; wherein the second application code is generated in the container based on a preset algorithm, and the third application code is generated in the database based on a preset algorithm;
and generating the first application code according to the second application code and the third application code.
4. The method of claim 1, wherein the encrypting and salifying the first application code to obtain a first ciphertext includes:
acquiring application time;
according to the application time and a preset salt value, an encryption function is called to encrypt the first application code, and a first ciphertext is obtained; the encryption function is any function used for encryption in a preset encryption and decryption algorithm library.
5. The method according to claim 1, wherein the method further comprises:
judging whether the current node is an edge node or not;
responding to the current node as an edge node, and generating a fourth application code based on a preset algorithm;
and encrypting the fourth application code and the first ciphertext, and adding salt to obtain a second ciphertext.
6. The method of claim 5, wherein the method further comprises:
receiving an authorization verification request; the authorization check request is obtained by intercepting a request of a system software interface by an interceptor; the authorization check request comprises a third ciphertext;
invoking a decryption function in a preset encryption and decryption algorithm library to decode the third ciphertext to obtain authorization information; the decryption function is a function which corresponds to the encryption function and is used for decryption;
and carrying out authorization verification based on the authorization information.
7. The method of claim 6, wherein the authorization information includes a first authorization code, a second authorization code, and an authorization time, and wherein the performing authorization verification based on the authorization information comprises:
comparing the first authorization code with the fourth application code;
comparing the second authorization code with the first application code in response to the first authorization code being consistent with the fourth application code;
responding to the comparison of the second authorization code and the first application code to be consistent, and comparing the authorization time with the application time;
and generating an authorization passing instruction to enable the interceptor to pass the authorization check request when the authorization time is within the application time range.
8. A distributed cluster-based software authorization apparatus, comprising:
the information receiving module is used for receiving an application code generation request of the current client and acquiring an authorization file and an application file;
the application code generation module is used for responding to the absence of the authorization file and the application file and generating a first application code based on a preset algorithm;
the encryption module is used for encrypting the first application code and adding salt to obtain a first ciphertext;
and the sending module is used for returning the first ciphertext to the current client.
9. An electronic device, comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein, the liquid crystal display device comprises a liquid crystal display device,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1-7.
10. A non-transitory computer readable storage medium storing computer instructions for causing the computer to perform the method of any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310207590.4A CN116226793A (en) | 2023-03-06 | 2023-03-06 | Software authorization method, device, equipment and medium based on distributed cluster |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310207590.4A CN116226793A (en) | 2023-03-06 | 2023-03-06 | Software authorization method, device, equipment and medium based on distributed cluster |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116226793A true CN116226793A (en) | 2023-06-06 |
Family
ID=86590785
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310207590.4A Pending CN116226793A (en) | 2023-03-06 | 2023-03-06 | Software authorization method, device, equipment and medium based on distributed cluster |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116226793A (en) |
-
2023
- 2023-03-06 CN CN202310207590.4A patent/CN116226793A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110324399B (en) | Bringing cluster awareness into a facility management portal | |
| US10796001B2 (en) | Software verification method and apparatus | |
| WO2021121407A1 (en) | Capacity changing method and apparatus for virtual machine | |
| KR102490490B1 (en) | Method and device for magnetic disk encryption protection | |
| US10049029B1 (en) | Networked multi-interface host debugger | |
| CN111478974B (en) | Network connection method and device, electronic equipment and readable storage medium | |
| CN111200593A (en) | Application login method and device and electronic equipment | |
| US20220092155A1 (en) | Protecting an item of software | |
| CN109769010B (en) | Method, device, equipment and storage medium for accessing CloudStack server based on SDK | |
| WO2017114103A1 (en) | Method and apparatus for processing cloud encryptor | |
| US20200349264A1 (en) | Data decryption method and apparatus, and electronic device | |
| CN111400743B (en) | Transaction processing method, device, electronic equipment and medium based on blockchain network | |
| CN111353150B (en) | Trusted boot method, trusted boot device, electronic equipment and readable storage medium | |
| CN113609156B (en) | Data query and write method and device, electronic equipment and readable storage medium | |
| CN116226793A (en) | Software authorization method, device, equipment and medium based on distributed cluster | |
| CN109995534B (en) | Method and device for carrying out security authentication on application program | |
| CN114051029B (en) | Authorization method, authorization device, electronic equipment and storage medium | |
| CN114567678A (en) | Resource calling method and device of cloud security service and electronic equipment | |
| CN112306527A (en) | Server upgrading method and device, computer equipment and storage medium | |
| CN113190812A (en) | Login method, system, electronic equipment and storage medium | |
| EP4307607A1 (en) | System and method of secured interface to a blockchain based network | |
| CN113966510A (en) | Trusted device and computing system | |
| CN110888646A (en) | Deployment method, device, system and storage medium | |
| CN114024780B (en) | Node information processing method and device based on Internet of things equipment | |
| CN110609866A (en) | Method, apparatus and computer program product for negotiating transactions |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |