CN117540348A - Method for generating and verifying software authorization file - Google Patents
Method for generating and verifying software authorization file Download PDFInfo
- Publication number
- CN117540348A CN117540348A CN202311516251.0A CN202311516251A CN117540348A CN 117540348 A CN117540348 A CN 117540348A CN 202311516251 A CN202311516251 A CN 202311516251A CN 117540348 A CN117540348 A CN 117540348A
- Authority
- CN
- China
- Prior art keywords
- authorization
- authorization file
- file
- time stamp
- authorized
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 31
- 238000013475 authorization Methods 0.000 claims abstract description 201
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 13
- 230000004048 modification Effects 0.000 claims description 12
- 238000012986 modification Methods 0.000 claims description 12
- 238000012795 verification Methods 0.000 claims description 4
- 230000001172 regenerating effect Effects 0.000 claims description 3
- 238000009434 installation Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 210000001072 colon Anatomy 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 230000008676 import Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000000638 solvent extraction Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/123—Restricting unauthorised execution of programs by using dedicated hardware, e.g. dongles, smart cards, cryptographic processors, global positioning systems [GPS] devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Remote Sensing (AREA)
- Radar, Positioning & Navigation (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a method for generating and verifying a software authorization file. The generating method comprises the following steps: giving authorization parameters required in generating an authorization file; the authorization parameters comprise hardware fingerprint characteristics sn_id of a user, an authorization validity period and an authorization file encryption key; assigning values to the internal attribute parameters in the plaintext template of the authorization file according to the authorization parameters to generate the plaintext of the authorization file; the internal attribute parameters comprise a first generation time stamp, a last time use time stamp, an expiration time stamp of the authorization file and a secret key encrypted in the authorization file; a first encryption algorithm is called by adopting a secret key encrypted in the authorization file to encrypt values of all internal attribute parameters in the authorization file plaintext, so as to obtain a first authorization file ciphertext; and calling a second encryption algorithm by adopting the authorization file encryption key to encrypt the first authorization file ciphertext to obtain a second authorization file ciphertext, and taking the second authorization file ciphertext as a final authorization file.
Description
Technical Field
The invention relates to the technical field of sensitive information access control, in particular to a method for generating and verifying a software authorization file.
Background
Currently software authorization mainly includes three modes: one way is to purchase an authorization code that can be used indefinitely in an off-line situation; one way is to generate the authorization file based on the hardware fingerprint, but since the hardware fingerprint (e.g., mac address) is relatively simple to obtain, it may be modified to bypass the authorization. Still another way is to judge the information of the authorization file or write the authorization information into the database, but the content of the authorization file may be cracked and modified to cause the authorization to be out of control, and the password of the database may be revealed to cause the authorization information in the database to be modified.
Disclosure of Invention
In order to realize effective authorization of software products and prevent the copyright of software from being infringed, the invention provides a method for generating and verifying a software authorization file.
In one aspect, the present invention provides a method for generating a software authorization file, including:
step 1: giving authorization parameters required in generating an authorization file; the authorization parameters comprise hardware fingerprint characteristics sn_id of a user, an authorization validity period and an authorization file encryption key;
step 2: assigning values to the internal attribute parameters in the plaintext template of the authorization file according to the authorization parameters to generate the plaintext of the authorization file; the internal attribute parameters comprise a first generation time stamp, a last time use time stamp, an expiration time stamp of the authorization file and a secret key encrypted in the authorization file;
step 3: a first encryption algorithm is called by adopting a secret key encrypted in the authorization file to encrypt values of all internal attribute parameters in the authorization file plaintext, so as to obtain a first authorization file ciphertext;
step 4: and calling a second encryption algorithm by adopting the authorization file encryption key to encrypt the first authorization file ciphertext to obtain a second authorization file ciphertext, and taking the second authorization file ciphertext as a final authorization file.
Further, a key encrypted inside the authorization file is generated according to the authorization file encryption key and the current timestamp.
Further, the authorization parameters further include: the system comprises authorization file description information, an authorization module list, the number of authorized collectors, the number of log sources which can be authorized to communicate, the type of analysis files which can be authorized to be used and version information of authorized products.
Further, the internal attribute parameters further include: the method comprises the steps of managing a comment tag, a serial number, the number of authorized collectors, the number of log sources authorized to communicate and the type of an analysis file authorized to use; the serial number consists of sn_id, version information of the authorized product and an authorized module list.
In another aspect, the present invention provides a method for verifying a software authorization file, including:
step 1: decrypting the second authorization file ciphertext to obtain a first authorization file ciphertext;
step 2: decrypting the values of all internal attribute parameters in the first authorization file secret, and storing the obtained plaintext values into a system variable; the internal attribute parameters comprise a first generation time stamp, a last time use time stamp, an expiration time stamp of the authorization file and a secret key encrypted in the authorization file;
step 3: starting a daemon thread so as to check the decrypted authorization file at intervals of set time by using the daemon thread, and specifically comprising the following steps:
comparing the expiration time stamp of the decrypted authorization file with the current time stamp of the system to determine whether the authorization is expired;
comparing the current time stamp of the system with the last modification time of the key configuration file to judge whether the system time is maliciously modified, if the malicious modification exists, prompting an authorization error, and modifying the last modification time of the key configuration file into the current time stamp of the system;
and reading the last time use time stamp of the backed-up authorization file from the local database, comparing the last time use time stamp with the last time use time stamp of the decrypted authorization file, and prompting an authorization error if the last time use time stamp of the backed-up authorization file is inconsistent with the last time use time stamp of the decrypted authorization file.
Further, the internal attribute parameters further include: the serial number consists of a hardware fingerprint feature sn_id of a user, version information of an authorized product and an authorized module list;
correspondingly, in step 3, the method specifically further comprises:
extracting the version information of the authorized product from the decrypted serial number and judging whether the version information is matched with the current version of the system or not;
and extracting the hardware fingerprint feature sn_id of the user from the decrypted serial number, and judging whether the hardware fingerprint feature sn_id is matched with the current hardware of the system.
Further, the internal attribute parameters further include: the number of authorized collectors, the number of log sources that the authorization can communicate, and the type of resolution file that the authorization can use;
correspondingly, after step 3, the method further comprises:
step 4: when judgment and service call are needed, the verification of the related authorization item is carried out, and the method specifically comprises the following steps:
verifying the number of the current usable collectors according to the decrypted authorized number of the collectors;
verifying the current number of the log sources capable of being communicated according to the decrypted number of the log sources capable of being communicated under authorization;
and verifying the type of the analysis file which can be used currently according to the type of the analysis file which can be used by the decrypted authorization.
Further, in step 3, the method further includes:
if the last time use time stamp of the backup authorization file is consistent with the last time use time stamp of the decrypted authorization file, assigning the last time use time stamp of the decrypted authorization file by utilizing the current time stamp of the system, and regenerating a new authorization file; at the same time, the current timestamp of the system is recorded as the last time used timestamp of the backup authorization file and is stored in a local database.
The invention has the beneficial effects that:
when the authorization file is generated, the two-stage encryption is set, so that the difficulty and complexity of authorization cracking are increased, the copyright of the software product is effectively protected, and the legal rights and interests of a developer of the software product are maintained. Meanwhile, when the authorization file is verified, the system time and the last time used timestamp of the authorization file are verified, so that illegal users can be prevented from bypassing the control of the authorization expiration time.
Drawings
Fig. 1 is a flow chart of a method for generating a software authorization file according to an embodiment of the present invention;
fig. 2 is a flow chart of a verification method of a software authorization file according to an embodiment of the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the present invention more apparent, the technical solutions in the embodiments of the present invention will be clearly described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The authorization mechanism applicable to the embodiment of the invention is as follows: after the user obtains the software product installation package, the software is installed by using an installation script provided by the software, the software information system (hereinafter referred to as system) is accessed after the installation is completed, the system can automatically detect that the software is not authorized, the page prompts the user to need to import an authorization file, and the authorization code lic _code for applying authorization is displayed on the page. The software product provider generates a license.lic authorization file using an authorization file generator according to lic _code. After the license file is imported, the user can normally access and use the authorized module and function in the license file within the validity period.
Example 1
As shown in fig. 1, the method for generating a software authorization file provided by the embodiment of the invention specifically includes the following steps:
s101: giving authorization parameters required in generating an authorization file; the authorization parameters comprise hardware fingerprint characteristics sn_id of a user, an authorization validity period and an authorization file encryption key;
specifically, the hardware fingerprint feature sn_id of the user is generated according to the user hardware fingerprint information. The user hardware fingerprint information includes one or more of mac address, hard disk serial number, CPU ID, and memory serial number.
It should be noted that, the above authorization parameters are necessary, and in addition, the authorization parameters may further include: the system comprises authorization file description information, an authorization module list, the number of authorized collectors, the number of log sources which can be authorized to communicate, the type of analysis files which can be authorized to be used and version information of authorized products.
S102: assigning values to the internal attribute parameters in the plaintext template of the authorization file according to the authorization parameters to generate the plaintext of the authorization file; the internal attribute parameters comprise a first generation time stamp, a last time use time stamp, an expiration time stamp of the authorization file and a secret key encrypted in the authorization file;
specifically, the encryption key of the internal encryption of the authorization file is generated according to the encryption key of the authorization file and the current timestamp, so that the freshness and randomness of the encryption key of the internal encryption of the authorization file are ensured, and the authorization file is prevented from being tampered randomly.
Further, the internal attribute parameters further include: the method comprises the steps of managing a comment tag, a serial number, the number of authorized collectors, the number of log sources authorized to communicate and the type of an analysis file authorized to use; the serial number consists of sn_id, version information of the authorized product and an authorized module list.
Specifically, the internal attribute parameters and other function and performance limiting parameters are recorded in the authorization file, so that the authorization file is called for information comparison every time the system is accessed and restarted, unauthorized hardware installation of the system is prevented, a user is prevented from accessing the system beyond the authorized time, the user is prevented from using an unauthorized module, the user is prevented from using a low-version authorization file to authorize high-version software, and the ultra-performance ultra-limited use system is prevented.
S103: a first encryption algorithm is called by adopting a secret key encrypted in the authorization file to encrypt values of all internal attribute parameters in the authorization file plaintext, so as to obtain a first authorization file ciphertext;
s104: and calling a second encryption algorithm by adopting the authorization file encryption key to encrypt the first authorization file ciphertext to obtain a second authorization file ciphertext, and taking the second authorization file ciphertext as a final authorization file.
It should be noted that the first encryption algorithm and the second encryption algorithm may be the same or different, and the embodiment of the invention does not limit the types of encryption algorithms.
Example 2
On the basis of the above embodiment, the authorization parameters required when generating the authorization file are set as follows:
hardware fingerprint feature (hereinafter referred to as sn_id), authorization validity period (hereinafter referred to as expiration), authorization file encryption key (hereinafter referred to as encryption key), authorization file description information (hereinafter referred to as description), authorization module list (hereinafter referred to as modules), number of authorized collectors (hereinafter referred to as collector-limit), number of log sources (hereinafter referred to as log source-limit) which can be authorized to communicate, type of analysis file (hereinafter referred to as ext-parameter-types) which can be authorized to use, version information of an authorized product (hereinafter referred to as version);
default original plaintext templates for the authorization file are set as described in the properties file below.
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
<properties>
<comment>AThena License</comment>
<entry key="ftA">1692839183013</entry>
<entry key="rtB">1692839183013</entry>
<entry key="ltC">1700615183013</entry>
<entry key="ckD">xle.ipt1692839183013</entry>
<entry key="slA">v7:1000:none,codename-ipt,reserved1,reserved4,reserved11,reserved12,reserved13,reserved14,reserved15,dds:normal</entry>
<entry key="collector-limit">0</entry>
<entry key="logsource-limit">1000</entry>
<entry key="ext-parse-types">/server/Windows,/server/Linux,/server/AIX</entry>
</properties>
Wherein, the "comment tag" represents a file description, and is replaced by an incoming description when the authorization file is actually generated; "ftA" represents the first generation time stamp of the authorization file; "rtB" indicates the last time the authorization file was used; "ltC" indicates an authorization file expiration time stamp; "ckD" means a key encrypted inside an authorization file; "slA" means a serial number;
the assignment logic for generating the authorization file is as follows: assigning a current timestamp of the system to ftA and rtB; calculating the expiration time stamp of the authorization file obtained by calculation in the authorization parameter, and assigning the expiration time stamp to ltC; generating new_encrypteKey assignment to ckD by combining the encrypteKey in the authorization parameter with the current timestamp; partitioning the assignment to slA with a colon using sn_id+version+modules; the collector-limit, logsource-limit, ext-parameter-types and the like are directly obtained through assignment of authorization parameters.
Based on the plaintext authorization file, the ckD is used as an encryption key to call a related encryption algorithm, and each attribute value is encrypted to obtain the following internal encryption authorization file, namely a first authorization file ciphertext:
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
<properties>
<comment>AThena License</comment>
<entry key="ftA">6J4MLs7A8HIVR56Hab3YWQ==</entry>
<entry key="rtB">6J4MLs7A8HIVR56Hab3YWQ==</entry>
<entry key="ltC">C6mJtWTKYnsQ6vigol9Ivw==</entry>
<entry key="ckD">mLZ2kY8dEqZmWew38x5AW45qGAv/jrIB2UI4hVTHifs=</entry>
<entry key="ext-bigdata-node-limit">3OtR2UB/eE/3oiPFsG1p9A==</entry>
<entry key="slA">4nOsHBn6CIvox42WiIM9sowA0zhkNSNM91WLvmJJ+S+aDdlhAlpiGIDgJU4aHut+tINAYqW+yd2C
7pV2ObI5UADwSDtumiHlEskwBXVuAXIXC/DfjljEAR+kXlqYMkCeLXeqkJ23dNqXDPR/d02Nw4wW
tZJEVIE/R0scLcELrVst4sPH4wKc1C5xr+T2fbyUqDQQudjMXH5dOFvHLWMb1DJrUJ8A4sJ0SaOz
Qntylvo=</entry>
<entry key="collector-limit">hTMz8tGZgb6iqcrHNRNtUw==</entry>
<entry key="logsource-limit">iIOju5zCtFjj165Lqyg0EQ==</entry>
<entry key="ext-parse-types">jc5iwgMQbFV0JP6tdIalhQ==</entry>
</properties>
and calling a related encryption algorithm by using the encrypteKey as an encryption key to encrypt the whole authorized file content to obtain an authorized file with a file name of license.
8bBZY5l4tuGbjgySilu4C6Y8jcZTGnMR6NfJyd51KrGTuZ+UtGkLr3Wwr0nyKOA1PgrRxY4BhILP
uWMRqC5jp5+eg6QJJQbz2UbVsMRYsrFDWxVjk4TaE/KaW6ln5e9cqUKhEmwRArxlOwyYE7M679xJ
RKUvB0qHg//lBW/6AzRtt82k39v+pGU55cDQtz/0e0vuH3Z7gqsqqQT8OD31n4vV07pkbd2S2GnS
IbXVrD8romIKVR6f+W3NEmpxaNwv42sEa2xhd+H3DDZJzZm7f2yf+QFT/cm1HGgPoWVFKbpRSFp6
lvOBiqVttCbGknznrPIyyMpf/1mF2S4c+NhJqZYzxWhnqwmSBqDE9Vz+Seinm6kWv1mjYmji/BrY
nvhWQaFUjxNXR6q+4XBK0XbgkhCduPDS0sVu1GUBZOtp1jpu5XV8zp2yIPvC0JQhbzVEpDHtFC02
ND6j6v+Eg3qEWpC0cVAIqUFv3YAEXbfpCnDDXLbeZk+afGgmHXRxkpuTCYO49U+j+7dzliHyCvw0
NuZJLjuWAoQa9cRkRNq9AiJvkyLtolhBXH2bsHFwW1AqUHKQaVTxgFU+F784pDMKsmiSoQktmzO/
vv9BWFC640heydKNI0blLFiJg+TCtyh1QELi5hpTsDs6CdZFNF+CBKJGSgirQdv2SSeEEY+P97VG
AcAzO9nbB+95sCW3lgQb3/vUBm22Vyv721Ql/YtgnrYoVMoRVCozHuhTjegzd816ayHukCezMAm9
6hflC1NEPpEKK2cAJqGWApY3TgsLzmiv2YDlSFEuc9PVg6wb3HzF/i4RUmj+HrFnXIG9NWBz+x5m
Rh7HmLPC9y8NeNVQJ42dlWAcauV2ZJQX7X0jkKCnnHMdN5CT7e9MJONV28/D7ifXWedQf+/xGj9C
mPSegUi5sM4wES3AhyEl0/lMsF5hG8izDamqNpUpvUQOaZT5g3lt1qfrMccErvWd74PCDzHvzNrr
lsgFAmhLTsD3O/VF+VSUvkV5CJPLRoreuVQe8YJ/mpGpxlYECFwvvoCwq218nqsKPH0HimH6AEBO
H+LdS7JHBOKpShOa2SWjBPPrAwB5p3PBhD5JJk3wNOv9BfKkTuzLGs8Y8q+auSupajPxFCMu6ocA
JPX62eTYD45Q26LP1IfNgsxXNiJU+BnnLDRUj2/spI4mhF9TSDl/OEyYziYKmwbTV92G7hYXStiG
q5OkWilmmoO/IRdiiJZYm5BoIy82hitAFDueSeBUyKublQZmY4eLZdSRK19i6RhiKdgrv7sDutXm
4cLl5K0j4A7KO4oVLjuv5BrMtXM5cbow6R8g4Zf6a9u5LRcPEm3XIwj8/eMmk7IhRfm4WqW8aHmO
Y7+XJybKdh2hfcHYyrivURZWRLf1ZAxkJXzO0Blqx2xvjchwjAuXvanJeMFe60R9Wjemd39eXcoU
hjtAyy6JkCWbhSUxX9bJiRlswiUm+lWNTOtAEmgT8jR+rbPUaj7oVu+DETKJiWd8pLfZ3CIj7YQ4
KZWyZPTlMfvEJP/3hZPOxrY5FmRIr6gjIm0u5P8ibaJAjbIXrkqxjNdGZ+w58kFZPgU0EfSghNXe
h4BDYmqUT8rmmReB2N7e+pS2sdu6zBp7vb6oru6KsS9r4t0hSDig+chAcS0yOHEh2kmOLeSMWukR
bZJLsNUsa3PTwdVXSqlJsIz9BG51zS5OyCjZyAdqiANPfOQPxM847UfcfXQU9ACM/HI0+/qpXNY6
WSa5jJsy6J1TvJuwoPga/7vBTVCbU3ruoqXXlrolqUislIYoxlP1+KkEeEEkEt5A+WWkcN1f7bW3
Zd7TxX+DlPVZCd/ZrCAh286wt1gGPwvZZxkAz/1ZJHFGwUassZjo/F7CkgzWxiMlpDquvV0DeGdI
YL2E9INFoQjGOa/1D6vawRSpUQkEctdUlf5p3v0dL6J5VTkulhqLGGgKxNVV3gQu1G8QDzdi803A
TqDHyekD4pB/BaiKDQCVASb2PaSzmTTzW/8e6WPHg++I5MhZSuomgXQhB4TvBetQVwKZc/ULN1gM
kUgasviE04AiWfgbppCdKvHwF/XYTvgkkphY8Rrj/zJ79NxhqoHKt1qJQZMNGnHMRB0hj4t1V5EH
n5c/wpQb+4uaJdXo+pvX3y9apPVuG8BoLJ1MxHS9FbkUGDvcd5f0Td5MiTiwlc2BqppF8ZdILFg+
BgJ6usMujHcOdSHZ5Qb6wk3B/iJu+F9ZWFrap8KDe9+6Qzv3MiY65Oi56Egja1YlBbRCBxha6JaA
2u285OjJ0JYR8ItH27mKri2Ng3JtTArcaQGiG7h/0765UsqZQX0w
Example 3
On the basis of the above embodiments, as shown in fig. 2, an embodiment of the present invention provides a method for verifying a software authorization file, including the following steps:
s301: decrypting the second authorization file ciphertext to obtain a first authorization file ciphertext;
s302: decrypting the values of all internal attribute parameters in the first authorization file secret, and storing the obtained plaintext values into a system variable; the internal attribute parameters comprise a first generation time stamp, a last time use time stamp, an expiration time stamp of the authorization file and a secret key encrypted in the authorization file;
s303: the daemon thread is started to check the decrypted authorization file at intervals of set time (in the embodiment of the present invention, set to check every 30 minutes), specifically including:
comparing the expiration time stamp of the decrypted authorization file with the current time stamp of the system to determine whether the authorization is expired;
comparing the current time stamp of the system with the last modification time of the key configuration file to judge whether the system time is maliciously modified, if the malicious modification exists, prompting an authorization error, and modifying the last modification time of the key configuration file into the current time stamp of the system;
specifically, the compared key configuration files should not be known from outside, in this embodiment, web xml is selected as the key configuration file. If the current timestamp of the system is not greater than the last modification time of web xml, the system time is adjusted back by artificial malicious modification, thereby the control of the authorization expiration time is bypassed, and the system reports authorization errors.
Reading the last time use time stamp (rtB _db) of the backed-up authorization file from the local database, comparing the last time use time stamp with the last time use time stamp (rtB) of the decrypted authorization file, and prompting an authorization error if the last time use time stamp is inconsistent with the last time use time stamp; if rtB _db is consistent with rtB, assigning rtB by using the current timestamp of the system, and regenerating a new authorization file; at the same time, the current timestamp record of the system is stored as rtB db in the local database, ready for the next examination.
On the basis of the foregoing embodiment, if the internal attribute parameters further include: the serial number consists of a hardware fingerprint feature sn_id of a user, version information of an authorized product and an authorized module list; then in step S303 the daemon thread also needs to check as follows:
extracting the version information of the authorized product from the decrypted serial number and judging whether the version information is matched with the current version of the system or not;
and extracting the hardware fingerprint feature sn_id of the user from the decrypted serial number, and judging whether the hardware fingerprint feature sn_id is matched with the current hardware of the system.
On the basis of the foregoing embodiment, if the internal attribute parameters further include: the number of authorized collectors, the number of log sources that the authorization can communicate, and the type of resolution file that the authorization can use; then after step S303, further comprising:
s304: when judgment and service call are needed, the verification of the related authorization item is carried out, and the method specifically comprises the following steps:
verifying the number of the current usable collectors according to the decrypted authorized number of the collectors;
verifying the current number of the log sources capable of being communicated according to the decrypted number of the log sources capable of being communicated under authorization;
and verifying the type of the analysis file which can be used currently according to the type of the analysis file which can be used by the decrypted authorization.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and are not limiting; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.
Claims (8)
1. A method for generating a software authorization file, comprising:
step 1: giving authorization parameters required in generating an authorization file; the authorization parameters comprise hardware fingerprint characteristics sn_id of a user, an authorization validity period and an authorization file encryption key;
step 2: assigning values to the internal attribute parameters in the plaintext template of the authorization file according to the authorization parameters to generate the plaintext of the authorization file; the internal attribute parameters comprise a first generation time stamp, a last time use time stamp, an expiration time stamp of the authorization file and a secret key encrypted in the authorization file;
step 3: a first encryption algorithm is called by adopting a secret key encrypted in the authorization file to encrypt values of all internal attribute parameters in the authorization file plaintext, so as to obtain a first authorization file ciphertext;
step 4: and calling a second encryption algorithm by adopting the authorization file encryption key to encrypt the first authorization file ciphertext to obtain a second authorization file ciphertext, and taking the second authorization file ciphertext as a final authorization file.
2. A method of generating a software authorization file according to claim 1, wherein the encrypted key within the authorization file is generated based on the authorization file encryption key and a current timestamp.
3. The method for generating a software authorization file according to claim 1, wherein the authorization parameters further include: the system comprises authorization file description information, an authorization module list, the number of authorized collectors, the number of log sources which can be authorized to communicate, the type of analysis files which can be authorized to be used and version information of authorized products.
4. A method of generating a software authorization file according to claim 3, wherein the internal attribute parameters further comprise: the method comprises the steps of managing a comment tag, a serial number, the number of authorized collectors, the number of log sources authorized to communicate and the type of an analysis file authorized to use; the serial number consists of sn_id, version information of the authorized product and an authorized module list.
5. A method for verifying a software authorization document, comprising:
step 1: decrypting the second authorization file ciphertext to obtain a first authorization file ciphertext;
step 2: decrypting the values of all internal attribute parameters in the first authorization file secret, and storing the obtained plaintext values into a system variable; the internal attribute parameters comprise a first generation time stamp, a last time use time stamp, an expiration time stamp of the authorization file and a secret key encrypted in the authorization file;
step 3: starting a daemon thread so as to check the decrypted authorization file at intervals of set time by using the daemon thread, and specifically comprising the following steps:
comparing the expiration time stamp of the decrypted authorization file with the current time stamp of the system to determine whether the authorization is expired;
comparing the current time stamp of the system with the last modification time of the key configuration file to judge whether the system time is maliciously modified, if the malicious modification exists, prompting an authorization error, and modifying the last modification time of the key configuration file into the current time stamp of the system;
and reading the last time use time stamp of the backed-up authorization file from the local database, comparing the last time use time stamp with the last time use time stamp of the decrypted authorization file, and prompting an authorization error if the last time use time stamp of the backed-up authorization file is inconsistent with the last time use time stamp of the decrypted authorization file.
6. The method of claim 5, wherein the internal attribute parameters further comprise: the serial number consists of a hardware fingerprint feature sn_id of a user, version information of an authorized product and an authorized module list;
correspondingly, in step 3, the method specifically further comprises:
extracting the version information of the authorized product from the decrypted serial number and judging whether the version information is matched with the current version of the system or not;
and extracting the hardware fingerprint feature sn_id of the user from the decrypted serial number, and judging whether the hardware fingerprint feature sn_id is matched with the current hardware of the system.
7. The method of claim 5, wherein the internal attribute parameters further comprise: the number of authorized collectors, the number of log sources that the authorization can communicate, and the type of resolution file that the authorization can use;
correspondingly, after step 3, the method further comprises:
step 4: when judgment and service call are needed, the verification of the related authorization item is carried out, and the method specifically comprises the following steps:
verifying the number of the current usable collectors according to the decrypted authorized number of the collectors;
verifying the current number of the log sources capable of being communicated according to the decrypted number of the log sources capable of being communicated under authorization;
and verifying the type of the analysis file which can be used currently according to the type of the analysis file which can be used by the decrypted authorization.
8. The method according to claim 5, wherein in step 3, further comprising:
if the last time use time stamp of the backup authorization file is consistent with the last time use time stamp of the decrypted authorization file, assigning the last time use time stamp of the decrypted authorization file by utilizing the current time stamp of the system, and regenerating a new authorization file; at the same time, the current timestamp of the system is recorded as the last time used timestamp of the backup authorization file and is stored in a local database.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311516251.0A CN117540348A (en) | 2023-11-14 | 2023-11-14 | Method for generating and verifying software authorization file |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311516251.0A CN117540348A (en) | 2023-11-14 | 2023-11-14 | Method for generating and verifying software authorization file |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117540348A true CN117540348A (en) | 2024-02-09 |
Family
ID=89785530
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311516251.0A Pending CN117540348A (en) | 2023-11-14 | 2023-11-14 | Method for generating and verifying software authorization file |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117540348A (en) |
-
2023
- 2023-11-14 CN CN202311516251.0A patent/CN117540348A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8160247B2 (en) | Providing local storage service to applications that run in an application execution environment | |
| CN111723383B (en) | Data storage and verification method and device | |
| US7305564B2 (en) | System and method to proactively detect software tampering | |
| US11962694B2 (en) | Key pair generation based on environmental factors | |
| US8769675B2 (en) | Clock roll forward detection | |
| US8175269B2 (en) | System and method for enterprise security including symmetric key protection | |
| WO2013107362A1 (en) | Method and system for protecting data | |
| CN110324358B (en) | Video data management and control authentication method, module, equipment and platform | |
| CN113395406B (en) | Encryption authentication method and system based on power equipment fingerprint | |
| WO2022216625A1 (en) | Enhanced asset management using an electronic ledger | |
| US20040260968A1 (en) | Server with file verification | |
| CN116964586A (en) | Authorization encryption | |
| US20230244797A1 (en) | Data processing method and apparatus, electronic device, and medium | |
| CN117540348A (en) | Method for generating and verifying software authorization file | |
| CN114884661A (en) | Hybrid security service password system and implementation method thereof | |
| KR101249343B1 (en) | Method for protection of a digital rights file | |
| CN112733166A (en) | license authentication and authorization function realization method and system | |
| CN111292082A (en) | Public key management method, device and equipment in block chain type account book | |
| CN114567486B (en) | Method and system for regulating and controlling metering parameters of intelligent metering equipment | |
| US20240111884A1 (en) | Authenticating a File System Within Untrusted Storage | |
| US20230066159A1 (en) | Controlling program execution using an access key | |
| CN117892290A (en) | Vehicle refreshing method, device, terminal equipment and storage medium | |
| CN117519597A (en) | Virtual disk management and control method, device, electronic equipment and readable storage medium | |
| CN117521035A (en) | Software offline authorization management method and device, electronic equipment and storage medium | |
| CN116186645A (en) | Product authorized deployment method and device based on containerization |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |