Summary of the invention
The technical problem to be solved in the present invention provides a kind of when using enterprise edition software, prevents to exceed the method and system that the client node of number of licenses uses to greatest extent, improves the management control ability.
For solving the problems of the technologies described above, the invention provides a kind of system of software licensing, comprising:
Client node is used for installation enterprises version software; And, verify whether other client nodes are validated user according to the checking request that other client nodes send;
Certificate server is used for the request of sending according to described client node, judges whether the current number of nodes that activated exceeds number of licenses, if not, then activates the described enterprise edition software that described client node is installed; And, verify whether described client node is validated user according to the checking request that client node sends;
Authorization server is used for the request according to described certificate server, authorizes the authority that it carries out described activation.
Described certificate server also is used to upgrade the authority that client node uses described enterprise edition software.
Described certificate server is to the function of authorization server authentication, and the function of activation, checking client node and renewal authority is finished by management maintenance unit, authorization sequence authentication ' unit and broadcaster communications unit, wherein,
The management maintenance unit is used to preserve the information of each client node that has been activated, and it is managed;
The authorization sequence authentication ' unit is used to receive, the communication information of transmission and authorization server;
Broadcaster communications unit is used to receive, send the broadcast message of utilizing between LAN broadcast agreement and the client node.
Described client node also is used for the lastest imformation according to the certificate server transmission, upgrades local software license limit.
Described client node install and use software function, verify other client nodes and upgrade the function of local software rights of using, finish by authentication ' unit, time-delay control module and broadcaster communications unit, wherein,
Authentication ' unit, the information of other client nodes when being used to preserve each the checking, and judge whether have the node that exceeds number of licenses to use software in the current LAN (Local Area Network);
The time-delay control module is used to limit the use of the client node that exceeds number of licenses;
Broadcaster communications unit is used to receive, send the broadcast message of utilizing between LAN broadcast agreement and certificate server and other client nodes.
The present invention also provides a kind of method of software licensing, comprising:
81) certificate server receives the authorization message of authorization server, if agree to authorize, then enters next step;
82) certificate server receives the activation request of client node;
83) certificate server judges that whether the current number of nodes that activated exceeds number of licenses, if not, is then activated this client node; If then will not activate;
After client node was activated, this client node that is activated sent the checking solicited message to certificate server and other client nodes; After certificate server and other client nodes receive described checking solicited message, according to this authorization information this client node is verified respectively that if not by arbitrary checking, described client node can not continue to use this software.
Described step 81) also comprise before:
91) certificate server sends authorization requests information to authorization server;
When 92) authorization server receives described authorization requests information, judge whether the authorization sequence in this information is number effective; If then enter next step; If not, then send the authorization message that will not authorize to certificate server, and execution in step 93 not);
93) authorization server sends the authorization message of agreeing mandate to certificate server.
Described step 93) also comprise: authorization server is preserved described mandate preface sharp number, and record sends the information of the certificate server place LAN (Local Area Network) of request authorization message, and this authorization sequence is number corresponding with this LAN (Local Area Network).
Step 83) method that described in client node is activated is: send authorization sequence number to this client node; Client node is preserved in this locality after receiving this authorization sequence number.
The activation request of the described client node that certificate server receives step 82) comprises the nodal information corresponding with this node; When described step 83) client node being activated, preserve this nodal information.
Certificate server is verified client node and is comprised:
Certificate server judges whether the authorization sequence of described client node is number effective, if then continue next step; If not, then send checking and do not pass through information;
Whether the information of judging described client node is kept in the certificate server, if then send checking and pass through information; If not, then send checking and do not pass through information.
Other client nodes are verified described client node and are comprised:
161) other client nodes judge whether the authorization sequence of described client node is number effective, if then continue next step; If not, then send checking by information, and execution in step 162 not);
162) judge whether the client node of the activation quantity be kept at the active client node exceeds number of licenses, if not, then send checking by information, and execution in step 163 not); If then continue next step;
163) described client node enters the time-delay state, continues to use this software and continue to send the checking solicited message in the time-delay time limit, if also then be not moved to end use by checking.
Describedly judge whether authorization sequence number effectively comprises: the authorization sequence whether authorization sequence number of judging described client node preserves with certificate server or other client nodes is number identical, if then effective, otherwise invalid.
Described checking is regularly carried out.
When the authorization sequence information updating of certificate server, also comprise:
Certificate server receives the authorization message again of authorization server, if agree to authorize, then sends the authorization sequence lastest imformation to client node;
After the client node that has activated is received this lastest imformation, send update request;
Certificate server sends new authorization sequence information according to the update request of client node;
Client node uses new authorization sequence information to replace original authorization sequence information.
Compared with prior art, the present invention has the following advantages:
1, by certificate server is set, client node must activate by certificate server, and the sequence number of obtaining the authorization could use software, has guaranteed that the client node quantity that is activated is controlled within the number of licenses.
2, between the client node, verify mutually between client node and certificate server, avoid occurring existing by illegally cracking the node that exceeds licensed number that is activated.
3, when the client node number that uses in the LAN (Local Area Network) surpasses number of licenses, perhaps when certain client node can't communicate with other client nodes, use delay unit that the client node of above-mentioned two kinds of situations is carried out pot life control, thereby guarantee that the use node number in LAN (Local Area Network) is no more than the quantity of licence.
4, help management to number of licenses.When increasing or reduce the quantity of licence, certificate server obtains the authorization sequence information after the renewal, upgrade original sequence number information of each client node by Radio Broadcasting Agreements, what guarantee that client nodes all in a LAN (Local Area Network) uses is same sequence number information.
5, since the node of LAN (Local Area Network) when using enterprise edition software, certificate server at first will carry out the authentication of authorization sequence number to authorization server, has guaranteed that same authorization sequence number can not use in a plurality of LAN (Local Area Network).
6, help the client node in the LAN (Local Area Network) is managed.When certain client node machine will not re-use software, can pass through the authentication service management unit, the information of its node is deleted from the maintenance of information table, so just can guarantee that new node uses.
Embodiment
For above-mentioned purpose of the present invention, feature and advantage can be become apparent more, the present invention is further detailed explanation below in conjunction with the drawings and specific embodiments.
With reference to Fig. 1, be the system architecture synoptic diagram of the Control Software usage license of the present invention, this system comprises: authorization server 11, certificate server 12, client node 13.Described certificate server 12 and client node 13 are arranged in the LAN (Local Area Network), and authorization server 11 is positioned on the public network, and the certificate server 12 by internet and LAN (Local Area Network) communicates.Below this system is elaborated.
Client node 13: be used to install and use the node of enterprise edition software, and the checking of regularly carrying out client node and other client nodes, certificate server 12.For finishing above-mentioned functions, each client node 13 is provided with time-delay control module, authentication ' unit and broadcaster communications unit.The effect of time-delay control module is the use that restriction exceeds the node of number of licenses, when the client node number that uses in the LAN (Local Area Network) surpasses number of licenses, perhaps when certain client node can't communicate with other client nodes, use delay unit that the client node of above-mentioned two kinds of situations is carried out pot life control; Be provided with the nodal information temporary table in the authentication ' unit, the information of other nodes when being used to preserve each checking, and judge whether have the node that exceeds licensed number to use software in the current LAN (Local Area Network) according to described nodal information temporary table; Broadcaster communications unit is used to receive, send the broadcast message of utilizing between LAN broadcast agreement and other client nodes.
Authorization server 11: the server by software supplier provides, be connected with the certificate server 12 of LAN (Local Area Network), the authorization sequence that is used for enterprise edition software that certificate server 12 is sent number authenticates.
Certificate server 12: be used at the software licensing of LAN (Local Area Network) inner control client node 13 and the server of management maintenance authorization information.Certificate server 12 is the identical node in status in LAN (Local Area Network) with client node 13, can intercom mutually by Radio Broadcasting Agreements, according to the request that client node 13 sends, client node 13 is used activation and checking.For finishing above-mentioned functions, certificate server 12 is provided with the authorization sequence authentication ' unit, broadcaster communications unit, management maintenance unit.The authorization sequence authentication ' unit is used to receive, the communication information of transmission and authorization server 11; Broadcaster communications unit is used to receive, send the broadcast message of utilizing between LAN broadcast agreement and the client node 13; The management maintenance unit is provided with the maintenance of information table, is used to preserve the information of each client node 13 that has been activated, and it is managed.
After client node 13 install software, must activate by certificate server 12 and could use software.When client node 13 when certificate server 12 requesting activation are used software, certificate server 12 is obtained the authorization earlier after the authorization sequence number authentication of server 11, in the number of licenses scope, activate described client node 13 by the management maintenance unit, the information of client node 13 is kept in the maintenance of information table of management maintenance unit, and authorization sequence number is issued client node 13.
With reference to Fig. 2, be the method flow diagram of the Control Software usage license of the present invention.The quantity of the node of install software is not necessarily limited in the licensed number in the LAN (Local Area Network).The client node of install software need activate the install software of this client node before normal the use, and this process can guarantee that the client node quantity of legal use software is controlled within the number of licenses.When the LAN (Local Area Network) of install software need be used software, at first need to carry out following steps:
Step 21, certificate server connects authorization server, sends request authentication information.The certificate server of LAN (Local Area Network) connects the authorization server that sends to software supplier with known authorization sequence number by network.
Whether the authorization sequence that step 22, authorization server judges receive is number effective.If effectively, continue step 23, otherwise, enter step 29, notify this certificate server not by authentication.Authorization server is according to previous authorization sequence of preserving number and corresponding LAN Information thereof, judges whether this authorization sequence number is used by other LAN (Local Area Network).If judge that then this authorization sequence is number invalid; If not, then judge further combined with other condition.
Step 23 is preserved requesting party's information, feedback request side authenticate by.Authorization server carries out record with the information of this sequence number and certificate server place LAN (Local Area Network), and this authorization sequence is number corresponding with this LAN (Local Area Network), and sends authentication and pass through information.
Certificate server at first with authorization server, carry out the authentication of authorization sequence number.After authentication is passed through, become legal certificate server, but other client node install software in this LAN (Local Area Network).If other has other LAN (Local Area Network) to desire to reuse this sequence number and authenticates, authorization server is by searching so, when the LAN Information of finding this authorization sequence number pairing LAN Information and current record is not inconsistent, then can not be by its authentication, so just guaranteed that an authorization sequence number can not use in a plurality of LAN (Local Area Network).
Step 24, client node be the broadcast request active information in LAN (Local Area Network).After client node carries out install software, send requesting activation information by Radio Broadcasting Agreements.This requesting activation information comprises the hardware information of active client node, for example, and information such as hard disk sequence number, IP address.Writing down above-mentioned information, mainly is for client node being managed, for example, when certain client node does not re-use software, should in time deleting the information that this node is preserved in certificate server maintenance of information table, in order to avoid take a permission.
Step 25, certificate server receive requesting activation information, judge that whether the number of nodes that has activated is greater than licensed number.After certificate server is received authentication request, judge that whether the client node quantity that authentication has been installed in the maintenance of information table exceeds number of licenses, if not, carry out step 26; If then notify the active client node can't activate use software.
Step 26 is preserved this client node relevant information, sends authorization sequence number, activates this node.Certificate server is preserved the active client nodal information in the maintenance of information table, and authorization sequence number encryption is sent to the active client node.Information encryption is in order to prevent that other from not cracking this sequence number by the client node that authentication activates by illegal mode to authorization sequence.
Step 27, this client node encrypting storing sequence number is finished authentication and activation, and this client node can legal use software.In like manner, the encrypting storing sequence number also is to be cracked in order to prevent.
Step 28, the client node that is using and other client nodes with certificate server, are regularly verified.When each client node uses software,, whether be validated user to verify each client node by the regularly mutual transmission information of Radio Broadcasting Agreements.Because certificate server is the identical node in status with client node, therefore also comprise the checking between client node and certificate server in LAN (Local Area Network).Under the usual channel, the user really can't activating software, and what consider here is the situation of obtaining authorization sequence number, cracking certificate server to occur illegally cracking.Therefore add this step of mutual checking between the client node, be equivalent to a dual fail-safe.
With reference to Fig. 3, this figure is the interior checking process flow diagram of LAN (Local Area Network) of above-mentioned steps 28.When each client node uses software, authentication ' unit in each node, will be every a period of time by its broadcaster communications unit to other nodes (comprising other client nodes and certificate server) broadcast message, information comprises information such as the authorization sequence number, IP address of node.Described checking flow process comprises:
Step 31, whether certain client node A can carry out broadcast communication with other nodes or certificate server, if then carry out verification step 331 or step 332, uses otherwise enter time-delay.Disconnect when the network of client node connects, or the LAN (Local Area Network) network that uses fire wall to mask this software is when connecting, this client node can't be communicated by letter with other nodes (client node or certificate server), and this client node just enters the time-delay state.In the time-delay time limit, this client node normally uses software, but if still can't communicate with other nodes the time, this client node will be moved to end this time and use.
Step 32, client node A is to LAN broadcast requests verification information.
After step 331, certificate server received the broadcasting authorization information, A verified to client node.
After step 332, other client nodes received the broadcasting authorization information, A verified to client node.
Above-mentioned steps 331 and step 332 are carried out synchronously, if checking is passed through, then continue step 34, verify to describe in detail below the unsanctioned situation.
Step 34, certificate server or other client nodes send checking and arrive described client node A by information.
Step 35, client node A normally uses software after receiving that information is passed through in checking.During use, still regularly to LAN broadcast requests verification information.Client node A can not continue to use this software after passing through arbitrary authentication of certificate server or other client nodes.
Wherein, step 331 is described can be the checking process flow diagram of certificate server with reference to shown in Figure 4, comprising:
After step 41, certificate server receive this broadcasting authorization information, judge whether the authorization sequence of described client node A is number effective.When the authorization sequence of the authorization sequence of client node A number and its place LAN (Local Area Network) is number identical, be considered as effectively, promptly authorization sequence number can not be used in a plurality of LAN (Local Area Network).As if effectively, continue step 42, do not arrive client node A otherwise send checking by information.
Step 42, certificate server judge further whether the nodal information of described client node A is kept in the maintenance of information table, if then continue step 34, promptly send checking by information, otherwise send checking not by information, finish proof procedure.
Wherein, step 332 is described can be the checking process flow diagram of client node with reference to shown in Figure 5, receive the broadcasting authorization information of client node A when other client nodes after, carry out following steps:
Step 51, after other client nodes such as B received this broadcasting authorization information, its authentication ' unit judged whether the authorization sequence of described client node A is number effective.As if effectively, continue step 52, do not arrive client node A otherwise send checking by information, finish this proof procedure.
Step 52, further judge current record at the number of nodes that is using of client node B whether greater than number of licenses.If in the nodal information temporary table of client node B, the client node quantity of using software of preserving is greater than number of licenses, then send checking and do not arrive client node A by information, enter step 53, otherwise in the nodal information temporary table, preserve the information of client node A, and continue step 34, promptly send checking and pass through information.
Step 53, client node A enters the time-delay user mode.Certain node in the LAN (Local Area Network) can send information to client node A, informs that it has exceeded number of licenses, enters the time-delay user mode.In the time-delay time limit, client node A continues to use software, and continues to send requests verification information to other nodes, and certain node finishes its use in surpassing time-delay time limit or LAN (Local Area Network).
If certain client node does not activate by certificate server, number be activated but crack authorization sequence by illegal means, when this client node during,, can find the existence of this illegal node that activates by the checking of above-mentioned certificate server to LAN broadcast requests verification information; By the checking of above-mentioned other client nodes, can will use the node numerical control of software in the number of licenses scope simultaneously.
With reference to Fig. 6, be the process flow diagram that upgrades authorization sequence information in the LAN (Local Area Network).Comprise:
Authorization sequence information after step 61, certificate server obtain to upgrade.When increasing or reduce the quantity of software license, the sequence number information of this software will be modified, and for example, uses a new authorization sequence number, perhaps continuing to use on the basis of original sequence number, only upgrades the quantity information of permission to use.Use the LAN node of this software original sequence number information that just should upgrade in time this moment.
Step 62 authenticates again to authorization server.Certificate server is carried out authorization server authenticating step shown in Figure 2, i.e. step 22,23 and 24 is carried out the authentication of new authorization sequence number.If pass through, continue step 63, otherwise ban use of this software.
Step 63 is replaced original sequence number information, and sequence number information is upgraded in broadcasting.Certificate server replaces original sequence number information with new authorization sequence information, and upgrades sequence number information to the client node broadcasting of LAN (Local Area Network).
After step 64, each client node are received this renewal sequence number information, send the request lastest imformation to authorization server.
Step 65, certificate server are encrypted the sequence number information that sends after upgrading to the client node that has activated.After certificate server is received the request lastest imformation that client node sends, judge the information of whether preserving described client node in its maintenance of information table, if then this client node is activated, the sequence number information after certificate server will upgrade is encrypted and is sent to this client node.Otherwise do not send.
Step 66, client node upgrades original sequence number information.Client node replaces original sequence number information after receiving sequence number information after the renewal that certificate server sends, and encrypting storing.
The process of above-mentioned renewal authorization sequence information helps the management to number of licenses, and what guarantee client node uses all in a LAN (Local Area Network) is same sequence number information.
More than the method and system of a kind of Control Software usage license provided by the present invention is described in detail, used specific case herein principle of the present invention and embodiment are set forth, the explanation of above embodiment just is used for helping to understand method of the present invention and core concept thereof; Simultaneously, for one of ordinary skill in the art, according to thought of the present invention, part in specific embodiments and applications all can change.In sum, this description should not be construed as limitation of the present invention.