CN117807567A - Software function authorization method and device - Google Patents
Software function authorization method and device Download PDFInfo
- Publication number
- CN117807567A CN117807567A CN202311864593.1A CN202311864593A CN117807567A CN 117807567 A CN117807567 A CN 117807567A CN 202311864593 A CN202311864593 A CN 202311864593A CN 117807567 A CN117807567 A CN 117807567A
- Authority
- CN
- China
- Prior art keywords
- authorization
- information
- preset
- software
- code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000013475 authorization Methods 0.000 title claims abstract description 357
- 238000000034 method Methods 0.000 title claims abstract description 76
- 238000012795 verification Methods 0.000 claims abstract description 115
- 230000008569 process Effects 0.000 claims abstract description 12
- 230000006870 function Effects 0.000 claims description 54
- 238000004891 communication Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 6
- 230000004044 response Effects 0.000 description 5
- 238000012545 processing Methods 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000013478 data encryption standard Methods 0.000 description 3
- 238000011161 development Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000003993 interaction Effects 0.000 description 3
- 230000002452 interceptive effect Effects 0.000 description 3
- 230000008901 benefit Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000002860 competitive effect Effects 0.000 description 1
- 239000012141 concentrate Substances 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The application provides a software function authorization method and device, and relates to the technical field of computers. The method comprises the steps of responding to non-first login operation aiming at preset software, and obtaining a use license file aiming at the preset software, wherein the use license file is a license file obtained in the first login process of the preset software in advance; loading a use permission file to obtain an authorization code of preset software; adopting a preset asymmetric decryption algorithm to asymmetrically decrypt the authorization code to obtain authorization plaintext information; reading first local equipment information of preset software; performing authorization verification according to the authorization plaintext information and the first local equipment information; if the authorization verification is passed, the user information of the authorization non-first login operation has the use authority of the target function of the preset software corresponding to the use permission file. Therefore, the authorization code of the preset software is obtained from the server in advance, the information security is ensured through asymmetric decryption, and the authorization security and accuracy are ensured through authorization verification.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a software function authorization method and device.
Background
At present, with the development of communication technology, the application of data encryption and decryption technology has become more and more widespread. For software manufacturers, if they want to develop services rapidly in increasingly severe competition, there is a need to have an effective means to protect their core technology and data security to ensure their own competitive advantage. The authorization mode is also various, the software manufacturer is authorized online, a public network server needs to be built, and the cost is high; and the offline authorization mode is particularly important for environments in which public networks cannot be used or environments in which the confidentiality of data is strictly required in government enterprises, financial industries and the like. Currently, offline authorization is mostly performed based on a separate encryption algorithm, and the security of the method is poor.
Disclosure of Invention
The invention aims to overcome the defects in the prior art, and provides a software function authorization method and device, so as to solve the problems of poor authorization security and the like in the prior art.
In order to achieve the above purpose, the technical solution adopted in the embodiment of the present application is as follows:
in a first aspect, an embodiment of the present application provides a method for authorizing a software function, applied to a client device, where the method includes:
responding to non-first login operation aiming at preset software, and acquiring a use permission file aiming at the preset software, wherein the use permission file is a permission file acquired in the first login process of the preset software in advance;
loading the use permission file and acquiring an authorization code of the preset software;
adopting a preset asymmetric decryption algorithm to perform asymmetric decryption on the authorization code to obtain authorization plaintext information;
reading first local equipment information of the preset software;
performing authorization verification according to the authorization plaintext information and the first local equipment information;
and if the authorization verification is passed, authorizing the user information of the non-first login operation to have the use authority of the target function of the preset software corresponding to the use permission file.
Optionally, the authorizing plaintext information includes: authorization identity information and authorization deadline information, wherein the first local device information comprises: local identity information and current system time; the authorization verification according to the authorization plaintext information and the first local device information includes:
carrying out identity verification according to the authorized identity information and the local identity information;
if the identity verification is passed, carrying out the period verification according to the authorization period information and the current system time;
if the deadline verification passes, determining that the authorization verification passes.
Optionally, the method further comprises:
and if the authentication is not passed, outputting first authorization failure indication information to indicate that the local identity information is not authorized.
Optionally, the method further comprises:
if the authentication is passed, but the period authentication is not, outputting second authorization failure indication information to indicate that the authorization period information is expired.
Optionally, the authorizing plaintext information further includes: authorization version information; the first local device information further includes: current version information;
before the authentication is performed according to the authorized identity information and the local identity information, the method further comprises:
and carrying out version verification according to the authorized version information and the current version information.
Optionally, before the responding to the non-first login operation for the preset software and acquiring the use permission file for the preset software, the method further includes:
responding to a first login operation aiming at the preset software, and acquiring hardware information of the client device;
adopting a preset symmetric encryption algorithm to encrypt the hardware information to generate an authorization application code;
the authorization application code is sent to a server, so that the server adopts a preset symmetric decryption algorithm to decrypt the authorization application code to obtain the hardware information, and an authorization code of the preset software is generated based on the hardware information;
receiving the authorization code of the preset software sent by the server, wherein the authorization code is obtained by encrypting the authorization information by adopting a preset asymmetric encryption algorithm by the server;
adopting the preset asymmetric decryption algorithm to asymmetrically decrypt the authorization code to obtain the authorization plaintext information;
reading second local equipment information of the preset software;
performing authorization verification according to the authorization plaintext information and the second local equipment information;
and if the authorization verification is passed, storing the authorization code as the use permission file.
Optionally, after the authorization code is stored as the use permission file, the method further includes:
and the user information for authorizing the first login operation has the use authority of the target function of the preset software corresponding to the use permission file.
In a second aspect, an embodiment of the present application provides a method for authorizing a software function, applied to a server, where the method includes:
receiving an authorization application code sent by client equipment;
decrypting the authorization application code by adopting a preset symmetric decryption algorithm to obtain hardware information;
acquiring authorization information according to the hardware information, encrypting the authorization information by adopting a preset asymmetric encryption algorithm, and generating an authorization code of preset software;
and sending the authorization code to the client device so that the client device adopts a preset asymmetric decryption algorithm to asymmetrically decrypt the authorization code to obtain authorization plaintext information.
In a third aspect, an embodiment of the present application provides a software function authorization apparatus, applied to a client device, where the apparatus includes:
the acquisition module is used for responding to non-first login operation of preset software and acquiring a use license file of the preset software, wherein the use license file is a license file acquired in the first login process of the preset software in advance;
the acquisition module is also used for loading the use permission file and acquiring an authorization code of the preset software;
the first decryption module is used for carrying out asymmetric decryption on the authorization code by adopting a preset asymmetric decryption algorithm to obtain authorization plaintext information;
the acquisition module is further used for reading first local equipment information of the preset software;
the verification module is used for carrying out authorization verification according to the authorization plaintext information and the first local equipment information;
and the authorization module is used for authorizing the user information of the non-first login operation to have the use permission of the target function of the preset software corresponding to the use permission file if the authorization verification is passed.
In a fourth aspect, an embodiment of the present application provides a software function authorization apparatus, applied to a server, where the apparatus includes:
the receiving module is used for receiving the authorization application code sent by the client device;
the second decryption module is used for decrypting the authorization application code by adopting a preset symmetric decryption algorithm to obtain the hardware information;
the encryption module is used for acquiring authorization information according to the hardware information, encrypting the authorization information by adopting a preset asymmetric encryption algorithm and generating an authorization code of the preset software;
and the sending module is used for sending the authorization code to the client device so that the client device adopts the preset asymmetric decryption algorithm to asymmetrically decrypt the authorization code to obtain the authorization plaintext information.
Compared with the prior art, the application has the following beneficial effects:
the application provides a software function authorization method and a device, wherein the method is characterized in that a use permission file aiming at preset software is obtained by responding to non-first login operation aiming at the preset software, wherein the use permission file is a permission file obtained in the first login process of the preset software in advance; loading a use permission file to obtain an authorization code of preset software; adopting a preset asymmetric decryption algorithm to asymmetrically decrypt the authorization code to obtain authorization plaintext information; reading first local equipment information of preset software; performing authorization verification according to the authorization plaintext information and the first local equipment information; if the authorization verification is passed, the user information of the authorization non-first login operation has the use authority of the target function of the preset software corresponding to the use permission file. Therefore, the authorization code of the preset software is obtained from the server in advance, the information security is ensured through asymmetric decryption, and the security and accuracy of authorization are ensured through authorization verification.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the embodiments will be briefly described below, it being understood that the following drawings only illustrate some embodiments of the present invention and therefore should not be considered as limiting the scope, and other related drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a flow chart of a software function authorization method provided in the present application;
fig. 2 is a flow chart of an authorization verification method according to an embodiment of the present application;
fig. 3 is a flowchart of a first login software function authorization method provided in an embodiment of the present application;
FIG. 4 is a flowchart of another software function authorization method provided in the present application;
fig. 5 is a schematic diagram of a software function authorization device according to an embodiment of the present application;
FIG. 6 is a schematic diagram of another software function authorization apparatus according to an embodiment of the present application;
fig. 7 is a schematic diagram of a client device according to an embodiment of the present application.
Icon: 501-acquisition module, 502-first decryption module, 503-verification module, 504-authorization module, 601-receiving module, 602-second decryption module, 603-encryption module, 604-sending module, 701-processor, 702-storage medium.
Detailed Description
For the purposes of making the objects, technical solutions and advantages of the embodiments of the present invention more clear, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is apparent that the described embodiments are some embodiments of the present application, but not all embodiments. The components of the embodiments of the present application, which are generally described and illustrated in the figures herein, may be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the present application, as provided in the accompanying drawings, is not intended to limit the scope of the application, as claimed, but is merely representative of selected embodiments of the application. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments herein without making any inventive effort, are intended to be within the scope of the present application.
It should be noted that: like reference numerals and letters denote like items in the following figures, and thus once an item is defined in one figure, no further definition or explanation thereof is necessary in the following figures.
Furthermore, the terms "first," "second," and the like, if any, are used merely for distinguishing between descriptions and not for indicating or implying a relative importance.
It should be noted that the features of the embodiments of the present invention may be combined with each other without conflict.
In order to improve security, the application provides a software function authorization method and device.
Before describing a software function authorization method provided by the application, explanation is made on a client device and a server.
The software function authorization method is applied to a B/S structure (Browser/Server, browser/Server mode), wherein the B/S structure is a network structure mode after WEB rise, and the WEB Browser is the most main application software of client equipment. The mode unifies the client, concentrates the core part of system function realization on the server, and simplifies the development, maintenance and use of the system. The client device only needs to install one browser, and the Server installs databases such as SQL Server, oracle, MYSQL and the like. The interaction between the client device and the Server, namely the data interaction between the browser and the database is carried out through the Web Server.
A software function authorization method provided in the present application is explained by a specific example as follows. Fig. 1 is a flow chart of a software function authorization method provided in the present application, where an execution subject of the method is a client device, and the client device has a computing processing function. As shown in fig. 1, the method includes:
s101, responding to non-first login operation aiming at preset software, and acquiring a use permission file aiming at the preset software.
The license file is a license file obtained in advance in the first login process of the preset software. The license file stores an authorization code of the preset software.
When a user logs in preset software, authorization verification is needed. When the user logs in for the first time, the use permission file is stored in the client device, and the use permission file for the preset software can be directly obtained for subsequent authorization verification.
S102, loading a use license file and acquiring an authorization code of preset software.
The authorization code of the preset software is the authorization code of the current client device for the preset software. The authorization code of the preset software is stored in the use permission file in the form of a character string, and the use permission file is loaded, so that the authorization code of the preset software can be directly obtained.
S103, adopting a preset asymmetric decryption algorithm to carry out asymmetric decryption on the authorization code to obtain authorization plaintext information.
The authorization code is obtained by encrypting authorization information by a preset asymmetric encryption algorithm in advance. Therefore, the authorization code is asymmetrically decrypted by adopting a preset asymmetric decryption algorithm, so that the authorization plaintext information can be obtained.
When the authorization code is asymmetrically decrypted, a private key required by the asymmetric decryption is also required. When the client device responds to clicking to enter the preset software, the client device performs interactive communication with the server to acquire the private key for asymmetrically decrypting the authorization code.
Illustratively, the preset asymmetric decryption algorithm is an RSA encryption algorithm or an encryption algorithm such as DSA (digital signature algorithm ). Illustratively, taking an RSA encryption algorithm as an example for explanation, an RSA private key and an RSA public key may be generated by using the RSA encryption algorithm, and the authorization code may be asymmetrically decrypted by using the RSA private key to obtain authorization plaintext information. Before the method, the server adopts the RSA public key to carry out asymmetric encryption on the authorization information in advance to obtain the authorization code, and the public key of the RSA is difficult to crack, so that the security of the information can be ensured by encrypting the authorization information through the public key, and the information leakage problem is prevented.
S104, reading first local equipment information of preset software.
The first local device information is device information of the client device currently logged in by the preset software.
S105, performing authorization verification according to the authorization plaintext information and the first local device information.
The authorization plaintext information comprises authorization information about preset software of the current login user. If the first local device information accords with the authorized plaintext information, the authorization verification is passed, and if the first local device information does not accord with the authorized plaintext information, the authorization verification is not passed.
And S106, if the authorization verification is passed, the user information of the authorization non-first login operation has the use authority of the target function of the preset software corresponding to the use permission file.
If the authorization verification is passed, the user logs in the current client device and can use the target function of the preset software corresponding to the license file to finish the authorization verification.
Therefore, the authorization code of the preset software is obtained from the server in advance, the information security is ensured through asymmetric decryption, and the security and accuracy of authorization are ensured through authorization verification.
To sum up, in this embodiment, in response to a non-first login operation for the preset software, a use license file for the preset software is obtained, where the use license file is a license file obtained in advance in a first login process of the preset software; loading a use permission file to obtain an authorization code of preset software; adopting a preset asymmetric decryption algorithm to asymmetrically decrypt the authorization code to obtain authorization plaintext information; reading first local equipment information of preset software; performing authorization verification according to the authorization plaintext information and the first local equipment information; if the authorization verification is passed, the user information of the authorization non-first login operation has the use authority of the target function of the preset software corresponding to the use permission file. Therefore, the authorization code of the preset software is obtained from the server in advance, the information security is ensured through asymmetric decryption, and the security and accuracy of authorization are ensured through authorization verification.
On the basis of the embodiment corresponding to fig. 1, the embodiment of the application also provides an authorization verification method. Fig. 2 is a flowchart of an authorization verification method according to an embodiment of the present application. As shown in fig. 2, the authorized plaintext information includes: authorization identity information and authorization deadline information, the first local device information includes: local identity information and current system time; performing authorization verification according to the authorization plaintext information and the first local device information in S105 includes:
s201, carrying out identity verification according to the authorized identity information and the local identity information.
If the local identity information is consistent with the authorized identity information, the identity verification is passed. If the local identity information is inconsistent with the authorized identity information, the identity verification is not passed.
Wherein the authorization identity information includes: authorization hardware information and authorization user information, wherein the local identity information comprises: local hardware information and local user information. And when the local identity information is verified to be consistent with the authorized identity information, simultaneously verifying whether the local hardware information is consistent with the authorized hardware information and whether the local user information is consistent with the authorized user information.
S202, if the identity verification is passed, carrying out the period verification according to the authorized period information and the current system time.
After the authentication passes, the deadline authentication is performed to ensure the authorization security and improve the authorization authentication efficiency. And if the current system time is within the authorized deadline information, passing the deadline verification. If the current system time is not within the authorized deadline information, the deadline verification is not passed.
And S203, if the term verification is passed, determining that the authorization verification is passed.
To sum up, in this embodiment, identity verification is performed according to the authorized identity information and the local identity information; if the identity verification is passed, carrying out the time limit verification according to the authorized time limit information and the current system time; if the deadline verification passes, determining that the authorization verification passes. Thus, the authorization security is ensured, and the authorization verification efficiency is improved.
Based on the embodiment corresponding to fig. 2, in another embodiment of the present application, the method further includes:
if the authentication is not passed, outputting first authorization failure indication information to indicate that the local identity information is not authorized.
If the authentication is not passed, the user is prompted to have no identity authority through the first authorization failure indication information, so that the user knows the reason of the authorization failure, and the efficiency of the authorization verification is improved.
To sum up, in this embodiment, if the authentication is not passed, the first authorization failure indication information is output to indicate that the local identity information is not authorized. Thus, the efficiency of authorization verification is improved.
Based on the embodiment corresponding to fig. 2, in another embodiment of the present application, the method further includes:
if the authentication is passed but the period authentication is not, outputting second authorization failure indication information to indicate that the authorization period information is expired.
If the term verification is not passed, the second authorization failure indication information prompts the user that the authorization term has expired, so that the user knows the reason of the authorization failure, and the efficiency of the authorization verification is improved.
To sum up, in the embodiment, if the authentication is passed but the period authentication is not passed, the second authorization failure indication information is output to indicate that the authorization period information has expired. Thus, the efficiency of authorization verification is improved.
On the basis of the embodiment corresponding to fig. 2, in another embodiment of the present application, the authorizing plaintext information further includes: authorization version information; the first local device information further includes: current version information.
Before the authentication according to the authorized identity information and the local identity information in S201, the method further includes:
and carrying out version verification according to the authorized version information and the current version information.
If the authorized version information is consistent with the current version information, the version verification is passed. If the authorized version information is inconsistent with the current version information, the version verification is not passed.
After the version verification is passed, the identity verification is performed according to the authorized identity information and the local identity information. Thus, the authorization verification efficiency is improved.
To sum up, in this embodiment, the authorized plaintext information further includes: authorization version information; the first local device information further includes: current version information; and carrying out version verification according to the authorized version information and the current version information. Thus, the authorization verification efficiency is improved.
On the basis of the embodiment corresponding to fig. 1, the embodiment of the application also provides a software function authorization method for first login. Fig. 3 is a flowchart of a first login software function authorization method according to an embodiment of the present application. As shown in fig. 3, before the usage permission file for the preset software is acquired in response to the non-first login operation for the preset software in S101, the method further includes:
s301, responding to a first login operation aiming at preset software, and acquiring hardware information of the client device.
When a user logs in preset software for the first time, in order to acquire authorization information, hardware information of the client device is acquired first.
S302, adopting a preset symmetric encryption algorithm to encrypt the hardware information, and generating an authorization application code.
The hardware information used for authorizing the application is safer by encrypting the hardware information.
The preset symmetric encryption algorithm may be an encryption algorithm such as AES (Advanced Encryption Standard ), DES (Data Encryption Standard, data encryption standard), and the like. For example, taking AES algorithm as an example, when the client device responds to click to enter the preset software, the client device may generate a random 16-bit AES key, and encrypt the hardware information with the first key during subsequent encryption to obtain the authorization application code. And sends the 16-bit AES key to the server so that the server decrypts the authorization application code using the 16-bit AES key.
S303, sending the authorization application code to the server.
The server adopts a preset symmetric decryption algorithm to decrypt the authorization application code to obtain hardware information, and generates an authorization code of preset software based on the hardware information;
s304, receiving an authorization code of preset software sent by the server.
The authorization code is obtained by encrypting the authorization information by adopting a preset asymmetric encryption algorithm.
S305, adopting a preset asymmetric decryption algorithm to carry out asymmetric decryption on the authorization code to obtain authorization plaintext information;
the authorization code is obtained by encrypting authorization information by a preset asymmetric encryption algorithm in advance. Therefore, the authorization code is asymmetrically decrypted by adopting a preset asymmetric decryption algorithm, so that the authorization plaintext information can be obtained.
When the authorization code is asymmetrically decrypted, a private key required by the asymmetric decryption is also required. When the client device responds to clicking to enter the preset software, the client device performs interactive communication with the server to acquire the private key for asymmetrically decrypting the authorization code.
S306, reading second local equipment information of preset software;
the second local device information is device information of the client device on which the preset software logs for the first time.
S307, performing authorization verification according to the authorization plaintext information and the second local device information;
the authorization plaintext information comprises authorization information about preset software of the current login user. If the second local device information accords with the authorized plaintext information, the authorization verification is passed, and if the second local device information does not accord with the authorized plaintext information, the authorization verification is not passed.
Specifically, the authorized plaintext information includes: the authorization version information, the authorization identity information and the authorization deadline information, and the second local device information comprises: current version information, local identity information, and current system time. And carrying out version verification according to the authorized version information and the current version information. If the version verification is passed, the identity verification is performed according to the authorized identity information and the local identity information. And if the authentication passes, performing deadline authentication according to the authorized deadline information and the current system time. If the deadline verification passes, determining that the authorization verification passes.
And S308, if the authorization verification is passed, storing the authorization code as a use permission file.
The authorization code is stored as a use license file to facilitate authorization verification in the subsequent non-first login.
Therefore, the information security is ensured by symmetrically encrypting the hardware information and acquiring the authorization code of the preset software from the server, the information is encrypted twice by asymmetric decryption, and the authorization security and the authorization accuracy are ensured by authorization verification.
To sum up, in this embodiment, hardware information of the client device is obtained in response to a first login operation for preset software; adopting a preset symmetric encryption algorithm to encrypt the hardware information to generate an authorization application code; transmitting the authorization application code to a server, so that the server adopts a preset symmetric decryption algorithm to decrypt the authorization application code to obtain hardware information, and generating an authorization code of preset software based on the hardware information; receiving an authorization code of preset software sent by a server, wherein the authorization code is obtained by encrypting authorization information by the server through a preset asymmetric encryption algorithm; adopting a preset asymmetric decryption algorithm to asymmetrically decrypt the authorization code to obtain authorization plaintext information; reading second local equipment information of preset software; performing authorization verification according to the authorization plaintext information and the second local equipment information; if the authorization verification is passed, the authorization code is stored as a use license file. Therefore, the information security is ensured by symmetrically encrypting the hardware information and acquiring the authorization code of the preset software from the server, the two times of encryption are realized, and the authorization security and the accuracy are ensured by authorization verification.
On the basis of the embodiment corresponding to fig. 3, in another embodiment of the present application, after storing the authorization code as the use permission file in S308, the method further includes:
the user information authorizing the first login operation has a use right of a target function of the preset software corresponding to the use permission file.
If the authorization verification is passed, the user logs in the current client device and can use the target function of the preset software corresponding to the license file to finish the authorization verification.
To sum up, in the present embodiment, the user information authorizing the first login operation has the use authority of the target function of the preset software corresponding to the use permission file. Thus, the authorization efficiency is improved.
Another software function authorization method provided in the present application is explained by a specific example as follows. Fig. 4 is a flow chart of another software function authorization method provided in the present application, where an execution subject of the method is a server, and the server has a computing processing function. As shown in fig. 4, the method includes:
s401, receiving an authorization application code sent by the client device.
S402, decrypting the authorization application code by adopting a preset symmetric decryption algorithm to obtain hardware information.
When the client device responds to clicking to enter the operation of the preset software, the client device generates a random 16-bit AES key and sends the 16-bit AES key to the server, so that the server decrypts the authorization application code by using the 16-bit AES key to obtain hardware information.
S403, acquiring authorization information according to the hardware information, and encrypting the authorization information by adopting a preset asymmetric encryption algorithm to generate an authorization code of preset software.
When the client device responds to clicking to enter the preset software, the client device performs interactive communication with the server, and the server sends a private key of a preset asymmetric encryption algorithm to the client device.
S404, the authorization code is sent to the client device, so that the client device adopts a preset asymmetric decryption algorithm to asymmetrically decrypt the authorization code, and authorization plaintext information is obtained.
To sum up, in this embodiment, an authorization application code sent by a client device is received; decrypting the authorization application code by adopting a preset symmetric decryption algorithm to obtain hardware information; acquiring authorization information according to the hardware information, encrypting the authorization information by adopting a preset asymmetric encryption algorithm, and generating an authorization code of preset software; and sending the authorization code to the client device so that the client device adopts a preset asymmetric decryption algorithm to asymmetrically decrypt the authorization code to obtain the authorization plaintext information. Therefore, the information security is ensured through asymmetric encryption, and the security and accuracy of authorization are ensured.
On the basis of the embodiment of the application, the authorization information is obtained based on symmetric encryption of the hardware information, and the authorization information is asymmetrically encrypted to form an authorization code. Accordingly, in the authorization verification process, the authorization code corresponding to the target function of the preset software is verified through one-time verification, so that the security of the authorization information of the preset software is ensured. And then, identity and term verification is carried out through secondary verification, so that the validity and reliability of the authorization file of the target function corresponding to the target software are ensured, and the security of the authorization process of the target function corresponding to the target software is ensured.
Further, the purpose of software authorization is to allow the user to use the software according to the purchase permission, and the software installation number, the use time, the function module and other contents are related. In the software function authorization method based on the B/S architecture, the user only needs to open the browser lightly and easily to complete the authorization according to the flow operation. The encryption performance is improved through the high-efficiency data interaction mode between the client equipment where the browser is located and the server, and finally the safety intensity of software and the use experience of users are improved, so that the method and the device can be widely applied to web development application.
The following describes a software function authorization device, a storage medium, and the like provided in the present application for execution, and specific implementation processes and technical effects thereof are referred to above, which are not described in detail below.
Fig. 5 is a schematic diagram of a software function authorization apparatus provided in an embodiment of the present application, applied to a client device, where the apparatus includes:
the obtaining module 501 is configured to obtain, in response to a non-first login operation for the preset software, a use license file for the preset software, where the use license file is a license file obtained in advance during a first login process of the preset software.
The obtaining module 501 is further configured to load a use license file, and obtain an authorization code of the preset software.
The first decryption module 502 is configured to perform asymmetric decryption on the authorization code by using a preset asymmetric decryption algorithm, so as to obtain authorization plaintext information.
The obtaining module 501 is further configured to read first local device information of the preset software.
And the verification module 503 is configured to perform authorization verification according to the authorization plaintext information and the first local device information.
And the authorization module 504 is configured to authorize, if the authorization verification passes, that the user information of the non-first login operation has the use authority of the target function of the preset software corresponding to the use permission file.
Further, the verification module 503 is specifically configured to authorize plaintext information including: authorization identity information and authorization deadline information, the first local device information includes: local identity information and current system time; carrying out identity verification according to the authorized identity information and the local identity information; if the identity verification is passed, carrying out the time limit verification according to the authorized time limit information and the current system time; if the deadline verification passes, determining that the authorization verification passes.
Further, the verification module 503 is specifically further configured to output the first authorization failure indication information to indicate that the local identity information is not authorized if the identity verification is not passed.
Further, the verification module 503 is specifically further configured to output second authorization failure indication information to indicate that the authorization deadline information has expired if the authentication is passed but the deadline is not passed.
Further, the verification module 503 is specifically further configured to authorize plaintext information further includes: authorization version information; the first local device information further includes: current version information; and carrying out version verification according to the authorized version information and the current version information.
Further, the obtaining module 501 is further configured to obtain hardware information of the client device in response to a first login operation for the preset software; adopting a preset symmetric encryption algorithm to encrypt the hardware information to generate an authorization application code; transmitting the authorization application code to a server, so that the server adopts a preset symmetric decryption algorithm to decrypt the authorization application code to obtain hardware information, and generating an authorization code of preset software based on the hardware information; receiving an authorization code of preset software sent by a server, wherein the authorization code is obtained by encrypting authorization information by the server through a preset asymmetric encryption algorithm; adopting a preset asymmetric decryption algorithm to asymmetrically decrypt the authorization code to obtain authorization plaintext information; reading second local equipment information of preset software; performing authorization verification according to the authorization plaintext information and the second local equipment information; if the authorization verification is passed, the authorization code is stored as a use license file.
Further, the authorization module 504 is further configured to authorize that the user information of the first login operation has a use right of a target function of the preset software corresponding to the use permission file.
Fig. 6 is a schematic diagram of another software function authorization apparatus provided in an embodiment of the present application, applied to a server, where the apparatus includes:
a receiving module 601, configured to receive an authorization application code sent by a client device.
The second decryption module 602 is configured to decrypt the authorization application code by using a preset symmetric decryption algorithm to obtain hardware information.
The encryption module 603 is configured to obtain authorization information according to the hardware information, encrypt the authorization information by using a preset asymmetric encryption algorithm, and generate an authorization code of preset software.
And the sending module 604 is configured to send the authorization code to the client device, so that the client device adopts a preset asymmetric decryption algorithm to asymmetrically decrypt the authorization code, and obtain authorization plaintext information.
Fig. 7 is a schematic diagram of a client device provided in an embodiment of the present application, where the client device may be a device with a computing processing function.
The client device includes: a processor 701, and a storage medium 702. The processor 701 and the storage medium 702 are connected by a bus.
The storage medium 702 is used to store a program, and the processor 701 calls the program stored in the storage medium 702 to execute the above-described method embodiment. The specific implementation manner and the technical effect are similar, and are not repeated here.
The structural principle of the server is similar to that of the client device, and will not be described again here.
Optionally, the present invention further provides a storage medium comprising a program, which when executed by a processor is adapted to carry out the above-described method embodiments. In the several embodiments provided in the present invention, it should be understood that the disclosed apparatus and method may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of the units is merely a logical function division, and there may be additional divisions when actually implemented, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other forms.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in hardware plus software functional units.
The integrated units implemented in the form of software functional units described above may be stored in a storage medium. The software functional unit is stored in a storage medium, and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) or a processor (english: processor) to perform some of the steps of the methods according to the embodiments of the invention. And the aforementioned storage medium includes: u disk, mobile hard disk, read-Only Memory (ROM), random access Memory (Random Access Memory, RAM), magnetic disk or optical disk, etc.
Claims (10)
1. A method for authorizing software functions, applied to a client device, the method comprising:
responding to non-first login operation aiming at preset software, and acquiring a use permission file aiming at the preset software, wherein the use permission file is a permission file acquired in the first login process of the preset software in advance;
loading the use permission file and acquiring an authorization code of the preset software;
adopting a preset asymmetric decryption algorithm to perform asymmetric decryption on the authorization code to obtain authorization plaintext information;
reading first local equipment information of the preset software;
performing authorization verification according to the authorization plaintext information and the first local equipment information;
and if the authorization verification is passed, authorizing the user information of the non-first login operation to have the use authority of the target function of the preset software corresponding to the use permission file.
2. The method of claim 1, wherein authorizing plaintext information comprises: authorization identity information and authorization deadline information, wherein the first local device information comprises: local identity information and current system time; the authorization verification according to the authorization plaintext information and the first local device information includes:
carrying out identity verification according to the authorized identity information and the local identity information;
if the identity verification is passed, carrying out the period verification according to the authorization period information and the current system time;
if the deadline verification passes, determining that the authorization verification passes.
3. The method according to claim 2, wherein the method further comprises:
and if the authentication is not passed, outputting first authorization failure indication information to indicate that the local identity information is not authorized.
4. The method according to claim 2, wherein the method further comprises:
if the authentication is passed, but the period authentication is not, outputting second authorization failure indication information to indicate that the authorization period information is expired.
5. The method of claim 2, wherein authorizing plaintext information further comprises: authorization version information; the first local device information further includes: current version information;
before the authentication is performed according to the authorized identity information and the local identity information, the method further comprises:
and carrying out version verification according to the authorized version information and the current version information.
6. The method of claim 1, wherein the responding to a non-first-time login operation for a preset software, before obtaining a use permission file for the preset software, the method further comprises:
responding to a first login operation aiming at the preset software, and acquiring hardware information of the client device;
adopting a preset symmetric encryption algorithm to encrypt the hardware information to generate an authorization application code;
the authorization application code is sent to a server, so that the server adopts a preset symmetric decryption algorithm to decrypt the authorization application code to obtain the hardware information, and an authorization code of the preset software is generated based on the hardware information;
receiving the authorization code of the preset software sent by the server, wherein the authorization code is obtained by encrypting the authorization information by adopting a preset asymmetric encryption algorithm by the server;
adopting the preset asymmetric decryption algorithm to asymmetrically decrypt the authorization code to obtain the authorization plaintext information;
reading second local equipment information of the preset software;
performing authorization verification according to the authorization plaintext information and the second local equipment information;
and if the authorization verification is passed, storing the authorization code as the use permission file.
7. The method of claim 6, wherein after storing the authorization code as the use license file, the method further comprises:
and the user information for authorizing the first login operation has the use authority of the target function of the preset software corresponding to the use permission file.
8. A method for authorizing a software function, applied to a server, the method comprising:
receiving an authorization application code sent by client equipment;
decrypting the authorization application code by adopting a preset symmetric decryption algorithm to obtain hardware information;
acquiring authorization information according to the hardware information, encrypting the authorization information by adopting a preset asymmetric encryption algorithm, and generating an authorization code of preset software;
and sending the authorization code to the client device so that the client device adopts a preset asymmetric decryption algorithm to asymmetrically decrypt the authorization code to obtain authorization plaintext information.
9. A software function authorization apparatus for application to a client device, the apparatus comprising:
the acquisition module is used for responding to non-first login operation of preset software and acquiring a use license file of the preset software, wherein the use license file is a license file acquired in the first login process of the preset software in advance;
the acquisition module is also used for loading the use permission file and acquiring an authorization code of the preset software;
the first decryption module is used for carrying out asymmetric decryption on the authorization code by adopting a preset asymmetric decryption algorithm to obtain authorization plaintext information;
the acquisition module is further used for reading first local equipment information of the preset software;
the verification module is used for carrying out authorization verification according to the authorization plaintext information and the first local equipment information;
and the authorization module is used for authorizing the user information of the non-first login operation to have the use permission of the target function of the preset software corresponding to the use permission file if the authorization verification is passed.
10. A software function authorization apparatus for use with a server, the apparatus comprising:
the receiving module is used for receiving the authorization application code sent by the client device;
the second decryption module is used for decrypting the authorization application code by adopting a preset symmetric decryption algorithm to obtain hardware information;
the encryption module is used for acquiring authorization information according to the hardware information, encrypting the authorization information by adopting a preset asymmetric encryption algorithm and generating an authorization code of preset software;
and the sending module is used for sending the authorization code to the client device so that the client device adopts a preset asymmetric decryption algorithm to asymmetrically decrypt the authorization code to obtain authorization plaintext information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311864593.1A CN117807567A (en) | 2023-12-29 | 2023-12-29 | Software function authorization method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311864593.1A CN117807567A (en) | 2023-12-29 | 2023-12-29 | Software function authorization method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117807567A true CN117807567A (en) | 2024-04-02 |
Family
ID=90426533
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311864593.1A Pending CN117807567A (en) | 2023-12-29 | 2023-12-29 | Software function authorization method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117807567A (en) |
-
2023
- 2023-12-29 CN CN202311864593.1A patent/CN117807567A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110061846B (en) | Method, device and computer readable storage medium for identity authentication and confirmation of user node in block chain | |
| CN110519309B (en) | Data transmission method, device, terminal, server and storage medium | |
| CN1985466B (en) | Method of delivering direct proof private keys in signed groups to devices using a distribution CD | |
| EP3171310A1 (en) | Biological recognition technology-based mobile payment device, method and apparatus, computer program and recording medium | |
| US9300639B1 (en) | Device coordination | |
| CN110636043A (en) | File authorization access method, device and system based on block chain | |
| CN106302606B (en) | Across the application access method and device of one kind | |
| CN115242553B (en) | Data exchange method and system supporting safe multi-party calculation | |
| US20040143741A1 (en) | Multi-stage authorisation system | |
| EP3843323A1 (en) | Computation device, computation method, computation program, and computation system | |
| CN115580413A (en) | Zero-trust multi-party data fusion calculation method and device | |
| CN113329004B (en) | Authentication method, system and device | |
| CN111865869A (en) | Registration and authentication method and device based on random mapping, medium and electronic equipment | |
| CN110601836B (en) | Key acquisition method, device, server and medium | |
| KR101856530B1 (en) | Encryption system providing user cognition-based encryption protocol and method for processing on-line settlement, security apparatus and transaction approval server using thereof | |
| CN112217636A (en) | Data processing method and device based on block chain, computer equipment and medium | |
| CN115514578B (en) | Block chain based data authorization method and device, electronic equipment and storage medium | |
| CN113127818A (en) | Block chain-based data authorization method and device and readable storage medium | |
| CN110602075A (en) | File stream processing method, device and system for encryption access control | |
| CN117807567A (en) | Software function authorization method and device | |
| CN112825093B (en) | Security baseline checking method, host, server, electronic device and storage medium | |
| CN112733166A (en) | license authentication and authorization function realization method and system | |
| CN112202794A (en) | Transaction data protection method and device, electronic equipment and medium | |
| CN105989489B (en) | A kind of method and payment terminal of IC card networking certification | |
| CN113672898B (en) | Service authorization method, authorization device, system, electronic device and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |