Embodiment
For the purpose, technical scheme and the advantage that make the embodiment of the invention clearer, below in conjunction with the accompanying drawing in the embodiment of the invention, technical scheme in the embodiment of the invention is clearly and completely described, obviously, described embodiment is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not paying the every other embodiment that is obtained under the creative work prerequisite.
Software on the terminal can be copied on another terminal in order to solve present user, and use to other users unnecessary software and hardware encryption device, cause the inaccurate problem of soft ware authorization, the embodiment of the invention provides a kind of method and apparatus of soft ware authorization.
As shown in Figure 1, the method for the soft ware authorization that the embodiment of the invention provides comprises:
Step 101 is the terminal generation soft ware authorization file of install software, and described arbitrary soft ware authorization file has the attribute that repels with a terminal of other soft ware authorization file coexistences;
Step 102 before operation institute installed software, is verified described soft ware authorization file and the hardware encipher device information that sets in advance.
The method of the soft ware authorization that the embodiment of the invention provides is by the two provides soft ware authorization in conjunction with the method for verifying to soft ware authorization file and hardware encipher device.Because described soft ware authorization file has the attribute that repels with a terminal of other soft ware authorization file coexistences, prevented that the soft ware authorization file is copied on other terminal, make the software on each terminal on this terminal, to use, having solved present user can copy to the software on the terminal on another terminal, and use to other users unnecessary software and hardware encryption device, cause the inaccurate problem of soft ware authorization.The technical scheme that the embodiment of the invention provides can be carried out soft ware authorization like clockwork to distributed software system.
In order to make those skilled in the art can more be expressly understood the technical scheme that the embodiment of the invention provides, below by specific embodiment, the method for the soft ware authorization that another embodiment of the present invention is provided is elaborated.
As shown in Figure 2, the method for the soft ware authorization that another embodiment of the present invention provides comprises:
Step 201 is for an above software on each terminal in the distributed software system is provided with unique sign respectively;
In the present embodiment, be example so that three terminals to be arranged in the distributed software system, three terminals are known as terminal 1, terminal 2 and terminal 3 respectively.Two softwares are installed on terminal 1, unique A, B of being designated are set for these two softwares respectively; A software is installed on terminal 2, give this software setting unique be designated C; Three softwares are installed on terminal 3, unique D, E, F of being designated are set for these three softwares respectively.Wherein, the installation number of described software on terminal can rationally be disposed according to user intention, and be for example bigger if software takies resource, can on a terminal this software only be installed, to improve the processing speed of terminal; Also several less softwares of resource that take can be installed on the terminal together, the concrete condition of the software of buying on the user is decided.
Step 202 is for described each terminal is provided with the hardware encipher device information;
In the present embodiment, the hardware encipher device can be a softdog commonly used at present, also can be other hardware encipher device.For example,, in described three hardware encipher devices, write identical hardware identification sequence number respectively for terminal 1, terminal 2, terminal 3 are distributed a hardware encipher device respectively, or other identical hardware information.Suppose that this hardware identification sequence number is 111, it is 111 hardware encipher device that then described three terminals all have a hardware identification sequence number.
Step 203 is that described terminal generates the soft ware authorization file according to described sign and described hardware encipher device information;
In the present embodiment, corresponding three the different soft ware authorization files of three terminals, the soft ware authorization file of each terminal correspondence be according to this terminal corresponding hardware encryption device information and on this terminal the sign of installed software generate.Preferably, described soft ware authorization file is the XML file layout, and described XML file is generated by Automatic Program.Soft ware authorization file 1 with generation terminal 1 is that example illustrates, the sequence number of the hardware encipher device of terminal 1 is 111, install software is designated A and B on the terminal 1, therefore, form is that the value of the node of the described hardware encipher device of expression in the soft ware authorization file 1 of XML is 111, and the value of representing the node of described software identification is A, B; In like manner, can generate soft ware authorization file 2, the value of wherein said each node is respectively 111, C; Soft ware authorization file 3, the value of wherein said each node is respectively 111, D, E, F.Three soft ware authorization files that generate place respectively on the corresponding terminal, and arbitrary soft ware authorization file has the attribute that repels with a terminal of other soft ware authorization file coexistences, and promptly can only there be a soft ware authorization file in each terminal.For example, three soft ware authorization files adopt identical filename, leave in respectively under the assigned catalogue of each terminal, if soft ware authorization file 2 is copied on the terminal 1, can override original legal soft ware authorization file 1, thereby prevent that the soft ware authorization file is replicated.
Step 204 generates the eap-message digest of described soft ware authorization file;
In the present embodiment, in order to prevent that the soft ware authorization file from being distorted, behind the generation soft ware authorization file, described soft ware authorization file is made eap-message digest, promptly adopt certain cryptographic algorithm to encrypt, generate the fixing eap-message digest of a string length described soft ware authorization file.Described cryptographic algorithm can be MD5, or SHA1, or other cryptographic algorithm.The eap-message digest difference that different soft ware authorization files generates is distinguished called after eap-message digest 1, eap-message digest 2 and eap-message digest 3 with it, three eap-message digests that generate is write respectively in the corresponding soft ware authorization file manage.
Step 205 before operation institute installed software, is verified described soft ware authorization file and described hardware encipher device information.
Further, as shown in Figure 3, to how carrying out user rs authentication be described in detail below, below all to move the software that is designated A on the terminal 1 with the user be that example illustrates:
Step 301 is obtained described soft ware authorization file and described hardware encipher device information;
In the present embodiment, when the user moves software A on the terminal 1, whether at first will judge on the terminal 1 existing hardware encipher device, if the hardware encipher device is not connected to terminal 1, the prompting user does not have the hardware encipher device, and software can not move; If the hardware encipher device has been connected to terminal 1, read the hardware identification sequence number of described hardware encipher device.
In the present embodiment, obtaining the soft ware authorization file is to obtain by the soft ware authorization fileinfo that is stored in advance on the reading terminals 1 under the assigned catalogue.
Step 302 judges whether described soft ware authorization file is modified;
In the present embodiment, the soft ware authorization fileinfo that reads in the step 301 is made eap-message digest, compare and judge whether this soft ware authorization fileinfo is modified with the eap-message digest in being stored in this soft ware authorization file in advance, wherein, that the soft ware authorization fileinfo is made the cryptographic algorithm that adopts in cryptographic algorithm that eap-message digest adopts and the step 204 is identical for this step.For example, if the soft ware authorization fileinfo that reads on terminal 1 in the step 301 is a soft ware authorization file 1, soft ware authorization file 1 is made eap-message digest, compare with the eap-message digest 1 in the described soft ware authorization file 1, see whether both are identical, if identical, then soft ware authorization file 1 is not modified, and changes step 303 over to; If different, prompting user software authority 1 is modified, and software can not move.In like manner, if the soft ware authorization fileinfo that reads on terminal 1 in the step 301 is a soft ware authorization file 2, soft ware authorization file 2 is made eap-message digest, compare with the eap-message digest 2 in the described soft ware authorization file 2, see whether both are identical, if identical, then soft ware authorization file 2 is not modified, and changes step 303 over to; If different, prompting user software authority 2 is modified, and software can not move.
Step 303 judges whether described soft ware authorization file and described hardware encipher device information mate;
In the present embodiment, if what read on terminal 1 in the step 301 is the hardware identification sequence number 111 of the hardware encipher device of this distributed software system, what suppose to read on terminal 1 is the soft ware authorization file 1 that is not modified, the value of the node of expression hardware encipher device is 111 in the then described soft ware authorization file 1, be complementary with hardware identification sequence number 111, change step 304 over to; What suppose to read on terminal 1 in the step 301 is the soft ware authorization file 2 that is not modified, and the value of the node of expression hardware encipher device is 111 in the then described soft ware authorization file 2, is complementary with hardware identification sequence number 111, changes step 304 over to; In like manner, what suppose to read on terminal 1 in the step 301 is the soft ware authorization file 3 that is not modified, and situation is similar, repeats no more.If what read on terminal 1 in the step 301 is the hardware identification sequence number 101 of the hardware encipher device of other distributed software systems, be which soft ware authorization file then regardless of what read, the value of the node of its expression hardware encipher device does not all match with described hardware identification sequence number 101, at this moment, prompting user hardware and software does not match, and software can not move.
Step 304 judges whether comprise the current sign of wanting operating software in the described soft ware authorization file;
In the present embodiment, what read on the terminal 1 is under the situation of hardware identification sequence number 111 of hardware encipher device of this distributed software system, what suppose to read on terminal 1 is the soft ware authorization file 1 that is not modified, the nodal value of expression software identification is A, B in the then described soft ware authorization file 1, the sign A that has comprised the software that the user will move, checking is passed through, and allows user's operation to be designated the software of A; What suppose to read on terminal 1 is the soft ware authorization file 2 that is not modified, the value of the node of expression software identification is C in the then described soft ware authorization file 2, the sign A that does not comprise the software that the user will move, prompting user software authority mistake, software can not move; In like manner, what suppose to read on terminal 1 is the soft ware authorization file 3 that is not modified, the value of the node of expression software identification is D, E, F in the then described soft ware authorization file 3, the sign A that does not comprise the software that the user will move, prompting user software authority mistake, software can not move.
In the present embodiment, can adopt logical value 0 and 1 to represent whether comprise the current sign A that wants operating software in the soft ware authorization file.When described logical value is 0, represent to verify and do not pass through that the user can not move this software A; Otherwise the user is operating software A normally.
The method of the soft ware authorization that the embodiment of the invention provides is by the two provides soft ware authorization in conjunction with the method for verifying to soft ware authorization file and hardware encipher device.Because described soft ware authorization file has the attribute that repels with a terminal of other soft ware authorization file coexistences, prevented that the soft ware authorization file is copied on other terminal, make the software on each terminal on this terminal, to use, having solved present user can copy to the software on the terminal on another terminal, and use to other users unnecessary software and hardware encryption device, cause the inaccurate problem of soft ware authorization.The technical scheme that the embodiment of the invention provides can be carried out soft ware authorization like clockwork to distributed software system.
As shown in Figure 4, the embodiment of the invention also provides a kind of device of soft ware authorization, comprising:
First generation unit 401, be used to the terminal of install software to generate the soft ware authorization file, described arbitrary soft ware authorization file has the attribute that repels with a terminal of other soft ware authorization file coexistences, its concrete implementation method can be described referring to step 201 as shown in Figure 2~203, repeats no more herein.
Authentication unit 402, be used for before operation institute installed software, soft ware authorization file that is generated by described first generation unit 401 and the hardware encipher device information that sets in advance are verified, its concrete implementation method can be described referring to step 301 as shown in Figure 3~304, repeats no more herein.
Further, as shown in Figure 5, described first generation unit 401 comprises:
Unit 4011 is set, is used to an above software of installing on the described terminal that unique sign is set respectively;
First generates subelement 4012, is used for according to by the described hardware encipher device information that the sign of unit 4011 settings is set and sets in advance being described terminal generation soft ware authorization file.
Further, as shown in Figure 6, the device of the soft ware authorization that the embodiment of the invention provides also comprises:
Second generation unit 403 is used to generate the eap-message digest by the soft ware authorization file of described first generation unit 401 generations, and its concrete implementation method can be described referring to step 204 as shown in Figure 2, repeats no more herein.
Further, as shown in Figure 7, described authentication unit 402 comprises:
Acquiring unit 4021 is used to obtain soft ware authorization file and the described hardware encipher device information that is generated by described first generation unit 401;
The 3rd judging unit 4025 is used to judge whether described soft ware authorization file is modified;
First judging unit 4022 is used to judge whether described soft ware authorization file and described hardware encipher device information mate;
Second judging unit 4023 is used for judging whether described soft ware authorization file comprises the current sign of wanting operating software;
Output unit 4024 is used to export the judged result by described first judging unit and described second judging unit.
The device of the soft ware authorization that the embodiment of the invention provides is by the two provides soft ware authorization in conjunction with the method for verifying to soft ware authorization file and hardware encipher device.Because described soft ware authorization file has the attribute that repels with a terminal of other soft ware authorization file coexistences, prevented that the soft ware authorization file is copied on other terminal, make the software on each terminal on this terminal, to use, having solved present user can copy to the software on the terminal on another terminal, and use to other users unnecessary software and hardware encryption device, cause the inaccurate problem of soft ware authorization.The technical scheme that the embodiment of the invention provides can be carried out soft ware authorization like clockwork to distributed software system.
One of ordinary skill in the art will appreciate that all or part of step that realizes in the foregoing description method is to instruct relevant hardware to finish by program, described program can be stored in the computer-readable recording medium, as ROM/RAM, magnetic disc or CD etc.
The above; only be the specific embodiment of the present invention, but protection scope of the present invention is not limited thereto, anyly is familiar with those skilled in the art in the technical scope that the present invention discloses; can expect easily changing or replacing, all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion by described protection domain with claim.