CN105471809B - The verification method and system of soft ware authorization information - Google Patents
The verification method and system of soft ware authorization information Download PDFInfo
- Publication number
- CN105471809B CN105471809B CN201410231627.8A CN201410231627A CN105471809B CN 105471809 B CN105471809 B CN 105471809B CN 201410231627 A CN201410231627 A CN 201410231627A CN 105471809 B CN105471809 B CN 105471809B
- Authority
- CN
- China
- Prior art keywords
- authority
- software
- xml nodes
- authorization message
- xml
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention discloses a kind of verification method and system of soft ware authorization information, wherein method includes:Wan side provides the authority of the software, and the authority is generated according to the user information of the user of the authorization message and customization software of the software;The authority is imported to the software administrative center at Intranet end;When software administrative center with the wide area network in the case of being not connected with, by separation net tool soft ware authorization related data is obtained from wan side, the software administrative center parses the authority of importing, and the information of parsing is compared with the authorisation related data that the separation net tool obtains, to carry out the verification of authorization message.The present invention is realized normally carries out authority checking in two kinds of software management center network and separation net.
Description
Technical field
The present invention relates to technical field of network security, and in particular to a kind of verification method and system of soft ware authorization information.
Background technology
For software protection, core concept is to prevent software against piracy;And the target of soft ware authorization be allow it is soft
Part user uses software according to purchase license, is related to the installation number of software, usage time, application range and function module
Etc. contents.Soft ware authorization is developed to from software protection, is based primarily upon following reason:1. the function and module of software are increasingly
More, software developer carrys out selling software according to function module.2. the development for using sales mode on demand of software, user wish to press
According to usage time, software is bought and used to number etc..3. the growth of software users quantity and the increase of software version, exploitation
Quotient needs preferably management software purchase and uses.
In order to realize software protection, need to verify the authorization message of software for user.For for enterprise
Security software product, the verification that this kind of software carries out authorization message have some particularity.Because in enterprise, if network environment
Closing, and need to carry out stringent control to the authorization message of safety product, common networking detection authorizes will be relatively difficult.
Therefore, how to network and the authorization message in enterprise security software is not verified under networked environment in server-side, be one
Technical problem needed to be considered.
Invention content
In view of the above problems, it is proposed that the present invention overcoming the above problem in order to provide one kind or solves at least partly
State the verification method and system of the soft ware authorization information of problem.
One side according to the present invention provides a kind of verification method of soft ware authorization information, including:Wan side provides
The authority of the software, the authority are the users of the authorization message and the customization software according to the software
User information generate;The authority is imported to the software administrative center at Intranet end;When software administrative center be in
In the case of the wide area network is not connected, soft ware authorization related data, the software are obtained from wan side by separation net tool
Administrative center parses the authority of importing, and the information of parsing is related to the mandate that the separation net tool obtains
Data are compared, to carry out the verification of authorization message.
Preferably, described to include using the user information and authorization message generation authority:Using can expand
Markup language xml is opened up, the user information and the authorization message are generated into different xml nodes respectively, generation is with xml nodes
The authority of content, and the authority head that the xml nodes generate the authority is calculated by checking algorithm.
Preferably, the first xml nodes are generated, the user information is stored in the first xml nodes;Generate second
Xml nodes are stored in the authorization message in the 2nd xml nodes;The first xml nodes are calculated using checking algorithm
The first check value and the 2nd xml nodes the second check value, and by first check value and it is described second verification
Value the 3rd xml nodes of deposit;Generation includes the authority of the first xml nodes, the 2nd xml nodes, the 3rd xml nodes,
The authority head includes the distinctive mark and check value of authority.
Preferably, further include:Xml document including the first xml nodes, the 2nd xml nodes, the 3rd xml nodes is carried out
Encryption, generates encrypted authority.
Preferably, the verification of the authorization message includes:Authority is decrypted, the information after being decrypted;Root
According to wan side latest data, determine whether authority is legal.
Preferably, whether the determining authority is legal includes:Determine that user is by the check value of authority head
It is no legal;And/or determine software whether in service life by the authorization message in authority;And/or pass through mandate
Whether the authorization message in file determines software without departing from use scope.
Preferably, further include:When software administrative center be in under wide area network connection, the software administrative center pair
The authority of importing is parsed, and verifies interface by outer net and the information of parsing is transmitted to wide area network progress authorization message
Verification.
Preferably, after the authority is imported the software administrative center at Intranet end, further include:Judge whether needle
Preset triggering verification operation is executed to the software, if so, being obtained from wan side by separation net tool described in executing
The step of authorisation related data.
Preferably, the preset triggering verification operation includes:The software is updated, and/or, to the software
Upgraded.
Preferably, the separation net tool refers to that can be obtained from wan side and preserve answering for soft ware authorization related data
Use program.
Preferably, the authorization message include authorization type, authorize the up time, client's number of endpoint, server-side points,
Product version information.
Preferably, the user information includes account, sequence number, company information, contact method.
One side according to the present invention, provides a kind of verification system of soft ware authorization information, including wan side with it is interior
Net end, wherein the wan side provides the authority of the software, and the authority is imported to the software at Intranet end
Administrative center, wherein the authority is the use according to the user of the authorization message and customization software of the software
What family information generated;When software administrative center be in the wide area network it is not connected in the case of, by separation net tool from wide area
It nets end and obtains soft ware authorization related data, the information of software administrative center parsing is obtained with the separation net tool soft
Part authorisation related data is compared, to carry out the verification of authorization message.
Preferably, the wan side utilizes extensible markup language xml, respectively by the user information and the mandate
Information generates different xml nodes, generates using xml nodes as the authority of content, and calculates the xml by checking algorithm and save
Point generates the authority head of the authority.
Preferably, the wan side generates the first xml nodes, and user's letter is stored in the first xml nodes
Breath;The 2nd xml nodes are generated, the authorization message is stored in the 2nd xml nodes;Also, it is calculated using checking algorithm
Go out the first check value of the first xml nodes and the second check value of the 2nd xml nodes, and described first is verified
Value and second check value are stored in the 3rd xml nodes;And it includes the first xml nodes, the 2nd xml nodes, third to generate
The authority of xml nodes, the authority head include the distinctive mark and check value of authority.
Preferably, the wan side is also to the xml texts including the first xml nodes, the 2nd xml nodes, the 3rd xml nodes
Part is encrypted, and generates encrypted authority.
Preferably, the software administrative center specifically includes the verification of authorization message:Authority is decrypted, is obtained
Information after to decryption;According to wan side latest data, determine whether authority is legal.
Preferably, the software administrative center determines whether user is legal by the check value of authority head;And/or
Determine software whether in service life by the authorization message in authority;And/or believed by the mandate in authority
Whether breath determines software without departing from use scope.
Preferably, when software administrative center is in under wide area network connection, the software administrative center is to importing
Authority is parsed, and verifies interface by outer net and the information of parsing is transmitted to the verification that wide area network carries out authorization message.
Preferably, the software administrative center that awards is additionally operable to, and judges whether that executing preset triggering for the software tests
Card operation, if so, obtaining authorisation related data from wan side by separation net tool described in executing.
Preferably, the preset triggering verification operation includes:The software is updated, and/or, to the software
Upgraded.
22, system as claimed in claim 13, which is characterized in that the separation net tool refers to can be from wan side
Obtain and preserve the application program of soft ware authorization related data.
Preferably, the authorization message include authorization type, authorize the up time, client's number of endpoint, server-side points,
Product version information.
Preferably, the user information includes account, sequence number, company information, contact method.
As it can be seen that the present invention is in wan side by generating authority, and authority is supplied to the software at Intranet end
Administrative center is responsible for executing the verification of authorization message by software administrative center, specifically, under enterprise's networking situation, the software
Authorization message is directly passed to wide area network by network interface and verified by administrative center;It, should under enterprise not networking situation
Software administrative center obtains wan side latest data by a separation net tool, and the latest data of acquisition is used for as verification
The foundation of authorization message.Therefore, the present invention realize in the case that two kinds of software management center network and separation net normally into
Row authority checking.In addition, by being organized into data structure using xml to user information and authorization message, and utilize encryption/verification
Algorithm carries out data processing, ensure that the safety of authorization message.
Above description is only the general introduction of technical solution of the present invention, in order to better understand the technical means of the present invention,
And can be implemented in accordance with the contents of the specification, and in order to allow above and other objects of the present invention, feature and advantage can
It is clearer and more comprehensible, below the special specific implementation mode for lifting the present invention.
Description of the drawings
By reading the detailed description of hereafter preferred embodiment, various other advantages and benefit are common for this field
Technical staff will become clear.Attached drawing only for the purpose of illustrating preferred embodiments, and is not considered as to the present invention
Limitation.And throughout the drawings, the same reference numbers will be used to refer to the same parts.In the accompanying drawings:
Fig. 1 shows the verification system framework figure of soft ware authorization information according to an embodiment of the invention;And
Fig. 2 shows the verification method flow charts of soft ware authorization information according to an embodiment of the invention.
Specific implementation mode
The exemplary embodiment of the disclosure is more fully described below with reference to accompanying drawings.Although showing the disclosure in attached drawing
Exemplary embodiment, it being understood, however, that may be realized in various forms the disclosure without should be by embodiments set forth here
It is limited.On the contrary, these embodiments are provided to facilitate a more thoroughly understanding of the present invention, and can be by the scope of the present disclosure
Completely it is communicated to those skilled in the art.
As previously described, how right under enterprises not networking situation by taking the security software for enterprises as an example
The software carries out the verification of authorization message, is a technical issues that need to address.In the embodiment of the present invention, set in Intranet end
Software administrative center is set, to as the bridge between contact Intranet end client and wide area network.It, should under enterprise's networking situation
Authorization message is directly passed to wide area network by network interface and verified by software administrative center;In enterprise's not networking situation
Under, which obtains wan side latest data by a separation net tool, and the latest data of acquisition is for making
To verify the foundation of authorization message.
Referring to Fig. 1, the verification system framework figure of soft ware authorization information according to an embodiment of the invention is shown.At this
In example, which pushed away towards the large-scale enterprises and institutions such as such as government, army, finance, manufacturing industry, medical treatment, education
Go out using Prevention-Security as the terminal security solution of core, for enterprises user build security defensive system.
The verification system of the soft ware authorization information includes two parts, and a part is Intranet end, and another part is wan side.
Further include software administrative center other than including numerous enterprises terminal at Intranet end.Software administrative center relies on private clound skill
Art provides physical examination, antivirus, patch installing, centralized management, distributing policy etc. work for enterprise terminal, and is enterprise terminal
Private clound killing service is provided.Wan side includes the equipment such as cloud security system and upgrade server.Software administrative center makees
For two-part bridge, the communication between Intranet end and wan side is established.Specifically, software administrative center and cloud security system
Between into killing data transmission of racking, data transmission when between upgrade server upgrade/update.
In practical applications, triggering verification operation can be pre-set, when software is performed preset triggering verification operation
When, execute a series of operations verified to authorization message.Specifically, preset triggering verification operation includes:To described soft
Part is updated, and/or, the software is upgraded.For example, when to software upgrade/update, generally requires and be directed to
Client carries out the verification of authorization message, this exactly starts the opportunity of the present invention program.
Below with a concrete instance, the verification process to how to carry out soft ware authorization information is described in detail.
Referring to Fig. 2, the verification method flow chart of soft ware authorization information according to an embodiment of the invention is shown.
S201:In wan side, authorization message is generated;
In the background program (not shown in figure 1) of wan side, authorization message is inputted, and data are written into authorization message
Library.Wherein, authorization message be indicate the information of software product, such as including authorization type, authorize can use time, client
The information such as number of endpoint (the maximum client terminal quantity of permission), server-side points (the maximum service end quantity of permission), product version.
S202:In wan side, user information is obtained, and authority is generated using user information and authorization message;
Wan side provides specific soft ware authorization file to specific user, which believed according to the mandate of software
Cease and customize the software user user information generate.In short, software customized exploitation is exactly according to enterprise customer
Concrete condition and specific requirement, design software system simultaneously provide corresponding service.
The step need using user information input by user (present invention is illustrated using " enterprise " as user, below
Have detailed example to user information), wherein user logs in software interface on any station terminal can realize user information
Input, being not intended to limit must be operated in the terminal of Intranet end.
After wan side obtains user information input by user, by user information and authorization message according to certain rule
It is organized into certain data structure, and authority can be generated after encryption/verification scheduling algorithm processing.For example, available
User information and authorization message are generated different xml nodes by xml (extensible markup language) respectively, and it is interior to generate with xml nodes
The authority of appearance, and the authority head that xml nodes generate authority is calculated by checking algorithm.Wherein, xml can be used
Carry out flag data, define data type, is a kind of original language that permission user is defined the markup language of oneself, it is very
It is suitble to network transmission, provides unified method to describe and exchange the structural data independently of application program or supplier.
For example, the specific process for generating authority using xml mechanism is, the first xml nodes are generated, in the first xml
User information is stored in node;The 2nd xml nodes are generated, authorization message is stored in the 2nd xml nodes;Utilize checking algorithm meter
Calculate the first check value of the first xml nodes and the second check value of the 2nd xml nodes, and by the first check value and the second school
It tests value and is stored in the 3rd xml nodes;Generation includes the authority of the first xml nodes, the 2nd xml nodes, the 3rd xml nodes, is awarded
It includes the information such as distinctive mark and the check value of authority to weigh file header.Wherein, can also to include the first xml nodes,
2nd xml nodes, the 3rd xml nodes xml document be encrypted, to generate encrypted authority.
It is authorized it will be understood by those skilled in the art that the process for generating authority is equivalent to activate for specific user
The process of information.
Illustrate the process for generating authority with a specific example below.
For example, the page that can be accessed by user, allows user to fill in into company information.
Generate authority mechanism be:
The first xml nodes " userinfo " are generated, account, sequence number, company name, the information such as contact method are stored in;
The 2nd xml nodes " prodinfo " are generated, the corresponding product version of deposit authority authorizes limitation (end point
Number, time restriction) etc. relevant informations;
Each node in userinfo nodes is connected with random value, and calculates crc values A;
Each node in prodinfo nodes is connected with random value, and calculates crc values B;
A and B are stored in another xml node " header ";
The xml document ultimately generated contains userinfo, tri- nodes of prodinfo, header;
In the character string of the xml formats ultimately generated, rc4 encryptions, result C, for verifying are carried out with random value;
The length of distinctive mark comprising authority, generated time, check value C, file size etc. in authority head
Information.
S203:Authority is imported to the software administrative center at Intranet end;
In networking, the software administrative center at Intranet end gets authority by network interface from wan side, and
There are locals.
Above step is early-stage preparations step.When to software upgrade/update, generally requires and awarded for client
The verification of information is weighed, therefore executes step S204 or step S205.
S204:When enterprise is under networked environment, software administrative center parses the authority of importing, and passes through
Outer net verifies interface and the information of parsing is transmitted to the verification that wan side carries out authorization message;
Specifically, after control centre imports authority and is decrypted, the information in authority is extracted,
Interface is verified by outer net, the information of parsing is passed into wan side, to verify software pipe using wan side latest data
Whether the authorization message at reason center is legal.For example, verification can be executed by the upgrade server of wan side.
Wherein, judge whether authority that software administrative center is locally stored is legal and may include many aspects, for example, logical
The check value for crossing authority head determines whether user is legal, (refers specifically to authorize by the authorization message in authority
" authorizing the time that can be used " in information) software is determined whether in service life, alternatively, passing through awarding in authority
Power information (referring specifically to " client's number of endpoint " in authorization message and/or " server-side points ") determine software whether without departing from
Use scope etc..
S205:When enterprise be in not under wide area network connection (separation net environment), by separation net tool from wide area
It nets end and obtains soft ware authorization related data, software administrative center parses the authority of importing, and by the information of parsing
The soft ware authorization related data obtained with separation net tool is compared, to carry out the verification of authorization message.
Due to that under separation net environment, directly cannot verify interface to verify by outer net, need by a separation net
Tool provides and the extraneous mode connecting.Firstly, it is necessary to increase separation net tool, the separation net tool in software administrative center
Authority is decrypted as under networked environment and could can normally it make after the interface of verification is verified
With.The separation net tool can be understood as an application program, software administrative center can be downloaded to from wide area network, or pass through
Software administrative center is copied to by mobile hard disk or USB flash disk etc. after network download.Wide area network is preserved in the separation net tool
Hold the newest data in relation to authorizing.Then, by comparing the latest data and software administrative center sheet of the acquisition of separation net tool
The authorization message on ground just allows the data in normal update separation net if identical.
Wherein, similar with illustrating in step S204, the mandate that software administrative center is locally stored is judged in step S205
Whether file is legal to may include many aspects, for example, determining whether user is legal, by awarding by the check value of authority head
Authorization message (referring specifically to " authorize can use time " in authorization message) in power file determine software whether
In service life, alternatively, (referring specifically to " the client's number of endpoint " in authorization message by the authorization message in authority
And/or " server-side points ") determine software whether without departing from use scope etc..It is in software pipe only in step S205
Verification is completed at reason center, rather than is verified to wide area network.
Corresponding to the above-mentioned verification method of soft ware authorization information, the present invention also provides a kind of verification systems of soft ware authorization information
System.The system includes wan side and Intranet end, wherein
In wan side, authorization message is generated, and, obtain user information, and utilize the user information and described
Authorization message generates authority;
The authority is imported the software administrative center at Intranet end by wan side;
When enterprise is under networked environment, the software administrative center parses the authority of importing, and passes through
Outer net verifies interface and the information of parsing is transmitted to the verification that wan side carries out authorization message;
When enterprise is under separation net environment, the newest number of server is obtained from wan side by separation net tool first
According to, then the information that the software administrative center parses is compared with the latest data that the separation net tool obtains, from
And carry out the verification of authorization message.
Preferably, the wan side utilizes extensible markup language xml, respectively by the user information and the mandate
Information generates different xml nodes, generates using xml nodes as the authority of content, and calculates the xml by checking algorithm and save
Point generates the authority head of the authority.
Preferably, the wan side generates the first xml nodes, and user's letter is stored in the first xml nodes
Breath;The 2nd xml nodes are generated, the authorization message is stored in the 2nd xml nodes;Also, it is calculated using checking algorithm
Go out the first check value of the first xml nodes and the second check value of the 2nd xml nodes, and described first is verified
Value and second check value are stored in the 3rd xml nodes;And it includes the first xml nodes, the 2nd xml nodes, third to generate
The authority of xml nodes, the authority head include the distinctive mark and check value of authority.
Preferably, the wan side is also to the xml texts including the first xml nodes, the 2nd xml nodes, the 3rd xml nodes
Part is encrypted, and generates encrypted authority.
Preferably, the software administrative center specifically includes the verification of authorization message:Authority is decrypted, is obtained
Information after to decryption;According to wan side latest data, determine whether authority is legal.
Preferably, the software administrative center determines whether user is legal by the check value of authority head;And/or
Determine software whether in service life by the authorization message in authority;And/or believed by the mandate in authority
Whether breath determines software without departing from use scope.
Preferably, the software administrative center that awards is additionally operable to, and judges whether that executing preset triggering for the software tests
Card operation, if so, obtaining authorisation related data from wan side by separation net tool described in executing.For example, described preset
Triggering verification operation include:The software is updated, and/or, the software is upgraded.
Preferably, the separation net tool refers to that can be obtained from wan side and preserve answering for soft ware authorization related data
Use program.
Preferably, the authorization message include authorization type, authorize the up time, client's number of endpoint, server-side points,
Product version information.
Preferably, the user information includes account, sequence number, company information, contact method.
As it can be seen that the present invention is in wan side by generating authority, and authority is supplied to the software at Intranet end
Administrative center is responsible for executing the verification of authorization message by software administrative center, specifically, under enterprise's networking situation, the software
Authorization message is directly passed to wide area network by network interface and verified by administrative center;It, should under enterprise not networking situation
Software administrative center obtains wan side latest data by a separation net tool, and the latest data of acquisition is used for as verification
The foundation of authorization message.Therefore, the present invention realize in the case that two kinds of software management center network and separation net normally into
Row authority checking.In addition, by being organized into data structure using xml to user information and authorization message, and utilize encryption/verification
Algorithm carries out data processing, ensure that the safety of authorization message.
Algorithm and display be not inherently related to any certain computer, virtual system or miscellaneous equipment provided herein.
Various general-purpose systems can also be used together with teaching based on this.As described above, it constructs required by this kind of system
Structure be obvious.In addition, the present invention is not also directed to any certain programmed language.It should be understood that can utilize various
Programming language realizes the content of invention described herein, and the description done above to language-specific is to disclose this hair
Bright preferred forms.
In the instructions provided here, numerous specific details are set forth.It is to be appreciated, however, that the implementation of the present invention
Example can be put into practice without these specific details.In some instances, well known method, structure is not been shown in detail
And technology, so as not to obscure the understanding of this description.
Similarly, it should be understood that in order to simplify the disclosure and help to understand one or more of each inventive aspect,
Above in the description of exemplary embodiment of the present invention, each feature of the invention is grouped together into single implementation sometimes
In example, figure or descriptions thereof.However, the method for the disclosure should be construed to reflect following intention:It is i.e. required to protect
Shield the present invention claims the more features of feature than being expressly recited in each claim.More precisely, as following
Claims reflect as, inventive aspect is all features less than single embodiment disclosed above.Therefore,
Thus the claims for following specific implementation mode are expressly incorporated in the specific implementation mode, wherein each claim itself
All as a separate embodiment of the present invention.
Those skilled in the art, which are appreciated that, to carry out adaptively the module in the equipment in embodiment
Change and they are arranged in the one or more equipment different from the embodiment.It can be the module or list in embodiment
Member or component be combined into a module or unit or component, and can be divided into addition multiple submodule or subelement or
Sub-component.Other than such feature and/or at least some of process or unit exclude each other, it may be used any
Combination is disclosed to all features disclosed in this specification (including adjoint claim, abstract and attached drawing) and so to appoint
Where all processes or unit of method or equipment are combined.Unless expressly stated otherwise, this specification (including adjoint power
Profit requires, abstract and attached drawing) disclosed in each feature can be by providing the alternative features of identical, equivalent or similar purpose come generation
It replaces.
In addition, it will be appreciated by those of skill in the art that although some embodiments described herein include other embodiments
In included certain features rather than other feature, but the combination of the feature of different embodiments means in of the invention
Within the scope of and form different embodiments.For example, in the following claims, embodiment claimed is appointed
One of meaning mode can use in any combination.
The all parts embodiment of the present invention can be with hardware realization, or to run on one or more processors
Software module realize, or realized with combination thereof.It will be understood by those of skill in the art that can use in practice
Microprocessor or digital signal processor (DSP) realize the verification system of soft ware authorization information according to the ... of the embodiment of the present invention
In some or all components some or all functions.The present invention is also implemented as described herein for executing
Some or all equipment or program of device (for example, computer program and computer program product) of method.In this way
Realization the present invention program can may be stored on the computer-readable medium, or can with one or more signal shape
Formula.Such signal can be downloaded from internet website and be obtained, and either be provided on carrier signal or with any other shape
Formula provides.
It should be noted that the present invention will be described rather than limits the invention for above-described embodiment, and ability
Field technique personnel can design alternative embodiment without departing from the scope of the appended claims.In the claims,
Any reference mark between bracket should not be configured to limitations on claims.Word "comprising" does not exclude the presence of not
Element or step listed in the claims.Word "a" or "an" before element does not exclude the presence of multiple such
Element.The present invention can be by means of including the hardware of several different elements and being come by means of properly programmed computer real
It is existing.In the unit claims listing several devices, several in these devices can be by the same hardware branch
To embody.The use of word first, second, and third does not indicate that any sequence.These words can be explained and be run after fame
Claim.
The present invention provides following scheme:
A1, a kind of verification method of soft ware authorization information, including:
Wan side provides the authority of the software, the authority be according to the authorization message of the software with
And the user information generation of the user of the customization software;
The authority is imported to the software administrative center at Intranet end;
When software administrative center be in the wide area network it is not connected in the case of, obtained from wan side by separation net tool
Take soft ware authorization related data, the software administrative center to parse the authority of importing, and by the information of parsing with
The authorisation related data that the separation net tool obtains is compared, to carry out the verification of authorization message.
A2, the method as described in A1, it is described to generate authority packet using the user information and the authorization message
It includes:
Using extensible markup language xml, the user information and the authorization message are generated into different xml respectively and saved
Point is generated using xml nodes as the authority of content, and is calculated the xml nodes by checking algorithm and generated the mandate text
The authority head of part.
A3, the method as described in A2,
The first xml nodes are generated, the user information is stored in the first xml nodes;The 2nd xml nodes are generated,
It is stored in the authorization message in the 2nd xml nodes;
Using checking algorithm calculate the first xml nodes the first check value and the 2nd xml nodes
Two check values, and first check value and second check value are stored in the 3rd xml nodes;
Generation includes the authority of the first xml nodes, the 2nd xml nodes, the 3rd xml nodes, the mandate text
Part head includes the distinctive mark and check value of authority.
A4, the method as described in A3 further include:
Xml document including the first xml nodes, the 2nd xml nodes, the 3rd xml nodes is encrypted, is generated encrypted
Authority.
A5, the method as described in A4, the verification of the authorization message include:
Authority is decrypted, the information after being decrypted;
According to wan side latest data, determine whether authority is legal.
A6, the method as described in A5, whether the determining authority is legal to include:
Determine whether user is legal by the check value of authority head;And/or
Determine software whether in service life by the authorization message in authority;And/or
Determine software whether without departing from use scope by the authorization message in authority.
A7, the method as described in A1 further include:
When software administrative center be in under wide area network connection, authority of the software administrative center to importing
It is parsed, and interface is verified by outer net, the information of parsing is transmitted to the verification that wide area network carries out authorization message.
A8, the method as described in A1 are also wrapped after the authority is imported the software administrative center at Intranet end
It includes:
Judge whether to execute preset triggering verification operation for the software, if so, passing through separation net described in executing
The step of tool obtains authorisation related data from wan side.
A9, the method as described in A8, the preset triggering verification operation include:The software is updated, and/
Or, upgrading to the software.
A10, the method as described in A1, the separation net tool refer to that can be obtained from wan side and preserve soft ware authorization
The application program of related data.
A11, such as A1-A10 any one of them methods, the authorization message include authorization type, authorize the up time,
Client's number of endpoint, server-side points, product version information.
A12, such as A1-A10 any one of them methods, the user information include account, sequence number, company information, connection
It is mode.
B13, a kind of verification system of soft ware authorization information, including wan side and Intranet end, wherein
The wan side provides the authority of the software, and the authority is imported to the software pipe at Intranet end
Reason center, wherein the authority is the user according to the user of the authorization message and customization software of the software
What information generated;
When software administrative center be in the wide area network it is not connected in the case of, obtained from wan side by separation net tool
Soft ware authorization related data is taken, the soft ware authorization that the information of software administrative center parsing is obtained with the separation net tool
Related data is compared, to carry out the verification of authorization message.
B14, the system as described in B13, the wan side utilizes extensible markup language xml, respectively by the user
Information and the authorization message generate different xml nodes, generate using xml nodes as the authority of content, and are calculated by verifying
Method calculates the authority head that the xml nodes generate the authority.
B15, the system as described in B14, the wan side generate the first xml nodes, are deposited in the first xml nodes
Enter the user information;The 2nd xml nodes are generated, the authorization message is stored in the 2nd xml nodes;Also, it utilizes
Checking algorithm calculates the first check value of the first xml nodes and the second check value of the 2nd xml nodes, and will
First check value and second check value are stored in the 3rd xml nodes;And it includes the first xml nodes, second to generate
The authority of xml nodes, the 3rd xml nodes, the authority head include distinctive mark and the school of authority
Test value.
B16, the system as described in B15, the wan side is also to including the first xml nodes, the 2nd xml nodes, third
The xml document of xml nodes is encrypted, and generates encrypted authority.
B17, the system as described in B16, the software administrative center specifically include the verification of authorization message:To authorizing text
Part is decrypted, the information after being decrypted;According to wan side latest data, determine whether authority is legal.
B18, the system as described in B17, the software administrative center determine that user is by the check value of authority head
It is no legal;And/or determine software whether in service life by the authorization message in authority;And/or pass through mandate
Whether the authorization message in file determines software without departing from use scope.
B19, the system as described in B13, when software administrative center be in under wide area network connection, the software management
Center parses the authority of importing, and the information of parsing is transmitted to wide area network by outer net verification interface and is authorized
The verification of information.
B20, the system as described in B13, the software administrative center that awards are additionally operable to, and judge whether to execute for the software
Preset triggering verification operation, if so, obtaining authorisation related data from wan side by separation net tool described in executing.
B21, the system as described in B20, the preset triggering verification operation include:The software is updated, and/
Or, upgrading to the software.
B22, the system as described in B13, the separation net tool refer to that can obtain and preserve software to award from wan side
Weigh the application program of related data.
B23, such as B13-B22 any one of them systems, the authorization message include authorization type, authorize can be used when
Between, client's number of endpoint, server-side points, product version information.
B24, such as B13-B22 any one of them systems, the user information include account, sequence number, company information, connection
It is mode.
Claims (24)
1. a kind of verification method of soft ware authorization information, which is characterized in that including:
Wan side provides the authority of the software, and the authority is the authorization message according to the software and determines
Make the user information generation of the user of the software;
The authority is imported to the software administrative center at Intranet end;
When software administrative center be in the wide area network it is not connected in the case of, obtained from wan side by separation net tool soft
Part authorisation related data, the software administrative center parse the authority of importing, and by the information of parsing with it is described
The authorisation related data that separation net tool obtains is compared, to carry out the verification of authorization message;At software administrative center
In under the wide area network connection, authorization message is directly passed to wide area by the software administrative center by network interface
Net is verified.
2. the method as described in claim 1, which is characterized in that the authority be according to the authorization message of the software with
And the user information generation of the user of the customization software, including:
Using extensible markup language xml, the user information and the authorization message are generated into different xml nodes respectively, it is raw
At using xml nodes as the authority of content, and the xml nodes are calculated by checking algorithm and generate awarding for the authority
Weigh file header.
3. method as claimed in claim 2, which is characterized in that
The first xml nodes are generated, the user information is stored in the first xml nodes;The 2nd xml nodes are generated, in institute
It states in the 2nd xml nodes and is stored in the authorization message;
The first check value of the first xml nodes and the second school of the 2nd xml nodes are calculated using checking algorithm
Value is tested, and first check value and second check value are stored in the 3rd xml nodes;
Generation includes the authority of the first xml nodes, the 2nd xml nodes, the 3rd xml nodes, the authority head
Distinctive mark including authority and check value.
4. method as claimed in claim 3, which is characterized in that further include:
Xml document including the first xml nodes, the 2nd xml nodes, the 3rd xml nodes is encrypted, encrypted mandate is generated
File.
5. method as claimed in claim 4, which is characterized in that the verification of the authorization message includes:
Authority is decrypted, the information after being decrypted;
According to wan side latest data, determine whether authority is legal.
6. method as claimed in claim 5, which is characterized in that whether the determining authority is legal to include:
Determine whether user is legal by the check value of authority head;And/or
Determine software whether in service life by the authorization message in authority;And/or
Determine software whether without departing from use scope by the authorization message in authority.
7. the method as described in claim 1, which is characterized in that further include:
When software administrative center is in under wide area network connection, the software administrative center carries out the authority of importing
Parsing, and interface is verified by outer net, the information of parsing is transmitted to the verification that wide area network carries out authorization message.
8. the method as described in claim 1, which is characterized in that in the software management that the authority is imported to Intranet end
After the heart, further include:
Judge whether to execute preset triggering verification operation for the software, if so, passing through separation net tool described in executing
The step of authorisation related data being obtained from wan side.
9. method as claimed in claim 8, which is characterized in that the preset triggering verification operation includes:To the software
It is updated, and/or, the software is upgraded.
10. the method as described in claim 1, which is characterized in that the separation net tool refers to that can be obtained from wan side
And preserve the application program of soft ware authorization related data.
11. such as claim 1-10 any one of them methods, which is characterized in that the authorization message includes authorization type, awards
Weigh up time, client's number of endpoint, server-side points, product version information.
12. such as claim 1-10 any one of them methods, which is characterized in that the user information include account, sequence number,
Company information, contact method.
13. a kind of verification system of soft ware authorization information, which is characterized in that including wan side and Intranet end, wherein
The wan side provides the authority of the software, and the authority is imported in the software management at Intranet end
The heart, wherein the authority is the user information according to the user of the authorization message and customization software of the software
It generates;
When software administrative center be in the wide area network it is not connected in the case of, obtained from wan side by separation net tool soft
Part authorisation related data, the information that the software administrative center is parsed are related to the soft ware authorization that the separation net tool obtains
Data are compared, to carry out the verification of authorization message;When software administrative center be in under the wide area network connection,
Authorization message is directly passed to wide area network by network interface and verified by the software administrative center.
14. system as claimed in claim 13, which is characterized in that the wan side utilizes extensible markup language xml, point
The user information and the authorization message are not generated into different xml nodes, generated using xml nodes as the authority of content,
And the authority head that the xml nodes generate the authority is calculated by checking algorithm.
15. system as claimed in claim 14, which is characterized in that the wan side generates the first xml nodes, described the
It is stored in the user information in one xml nodes;The 2nd xml nodes are generated, the mandate letter is stored in the 2nd xml nodes
Breath;Also, using checking algorithm calculate the first xml nodes the first check value and the 2nd xml nodes
Two check values, and first check value and second check value are stored in the 3rd xml nodes;And it includes first to generate
The authority of xml nodes, the 2nd xml nodes, the 3rd xml nodes, the authority head include the spy of authority
Different mark and check value.
16. system as claimed in claim 15, which is characterized in that the wan side is also to including the first xml nodes, second
Xml nodes, the 3rd xml nodes xml document be encrypted, generate encrypted authority.
17. system as claimed in claim 16, which is characterized in that the software administrative center is specific to the verification of authorization message
Including:Authority is decrypted, the information after being decrypted;According to wan side latest data, determine that authority is
It is no legal.
18. system as claimed in claim 17, which is characterized in that the verification that the software administrative center passes through authority head
Value determines whether user is legal;And/or determine software whether in service life by the authorization message in authority;With/
Or, determining software whether without departing from use scope by the authorization message in authority.
19. system as claimed in claim 13, which is characterized in that when software administrative center is in and wide area network connection
Under, the software administrative center parses the authority of importing, and verifies interface by outer net and pass the information of parsing
The verification of authorization message is carried out to wide area network.
20. system as claimed in claim 13, which is characterized in that the software administrative center is additionally operable to, and judges whether to be directed to
The software executes preset triggering verification operation, is awarded if so, executing described obtained from wan side by separation net tool
Weigh related data.
21. system as claimed in claim 20, which is characterized in that the preset triggering verification operation includes:To described soft
Part is updated, and/or, the software is upgraded.
22. system as claimed in claim 13, which is characterized in that the separation net tool refers to that can be obtained from wan side
And preserve the application program of soft ware authorization related data.
23. such as claim 13-22 any one of them systems, which is characterized in that the authorization message includes authorization type, awards
Weigh up time, client's number of endpoint, server-side points, product version information.
24. such as claim 13-22 any one of them systems, which is characterized in that the user information includes account, sequence
Number, company information, contact method.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410231627.8A CN105471809B (en) | 2014-05-28 | 2014-05-28 | The verification method and system of soft ware authorization information |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410231627.8A CN105471809B (en) | 2014-05-28 | 2014-05-28 | The verification method and system of soft ware authorization information |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105471809A CN105471809A (en) | 2016-04-06 |
| CN105471809B true CN105471809B (en) | 2018-11-09 |
Family
ID=55609086
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410231627.8A Active CN105471809B (en) | 2014-05-28 | 2014-05-28 | The verification method and system of soft ware authorization information |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105471809B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110580406B (en) * | 2019-07-23 | 2021-08-10 | 中国航天系统科学与工程研究院 | Internet file self-help importing system and method |
| CN111159657A (en) * | 2019-11-22 | 2020-05-15 | 深圳智链物联科技有限公司 | Application program authentication method and system |
| CN114676393B (en) * | 2022-05-26 | 2022-08-26 | 杭州微帧信息科技有限公司 | Software off-line authentication method |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102375953A (en) * | 2010-08-10 | 2012-03-14 | 上海贝尔股份有限公司 | Software certification method and software certification device |
| CN102479304A (en) * | 2010-11-26 | 2012-05-30 | 深圳市硅格半导体有限公司 | Method, client and system for software access control |
| CN102497374A (en) * | 2011-12-13 | 2012-06-13 | 方正国际软件有限公司 | Off-line available software license centralized security authentication system based on cloud computation, and method of the same |
| CN103745139A (en) * | 2013-12-29 | 2014-04-23 | 国云科技股份有限公司 | Software authorization control method |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030088516A1 (en) * | 1999-12-21 | 2003-05-08 | Eric B. Remer | Software anti-piracy licensing |
-
2014
- 2014-05-28 CN CN201410231627.8A patent/CN105471809B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102375953A (en) * | 2010-08-10 | 2012-03-14 | 上海贝尔股份有限公司 | Software certification method and software certification device |
| CN102479304A (en) * | 2010-11-26 | 2012-05-30 | 深圳市硅格半导体有限公司 | Method, client and system for software access control |
| CN102497374A (en) * | 2011-12-13 | 2012-06-13 | 方正国际软件有限公司 | Off-line available software license centralized security authentication system based on cloud computation, and method of the same |
| CN103745139A (en) * | 2013-12-29 | 2014-04-23 | 国云科技股份有限公司 | Software authorization control method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105471809A (en) | 2016-04-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102880456B (en) | Plug-in loading method and system | |
| CN104462959B (en) | A kind of method for reinforcing and protecting, server and the system of Android application | |
| CN103729597B (en) | System starts method of calibration, system starts calibration equipment and terminal | |
| CN102760219B (en) | A kind of Android platform software protection system, method and apparatus | |
| CN105471810B (en) | The verification method and system of soft ware authorization information | |
| US20150294092A1 (en) | Application security framework | |
| CN103763354B (en) | The method and device that a kind of data of upgrading are downloaded | |
| CN107395614A (en) | Single-point logging method and system | |
| US20120137138A1 (en) | Package audit tool | |
| CN106095523A (en) | A kind of method and system realizing Android compiling isolation | |
| CN106095522A (en) | A kind of method realizing distributed compilation and distributed compilation system | |
| CN105849760A (en) | Systems for access control and system integration | |
| CN106055377A (en) | Method for achieving distributed compiling and distributed compiling system | |
| CN107896244A (en) | A kind of distribution method of version file, client and server | |
| AU2019340705B2 (en) | Optimized execution of fraud detection rules | |
| CN105793862A (en) | Directed execution of dynamic programs in isolated environments | |
| CN106355049A (en) | Method and device for reinforcing dynamic linking library SO file of Android installation package | |
| CN105471809B (en) | The verification method and system of soft ware authorization information | |
| CN110287102A (en) | Core data detection processing method, apparatus, computer equipment and storage medium | |
| CN110196809A (en) | Interface test method and device | |
| CN106257879A (en) | A kind of method and apparatus downloading application | |
| CN103020827B (en) | Payment processing method and system | |
| CN109067746A (en) | Communication means and device between client and server | |
| Di Pierro | web2py | |
| Chittoda | Mastering Blockchain Programming with Solidity: Write production-ready smart contracts for Ethereum blockchain with Solidity |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20161226 Address after: 100016 Jiuxianqiao Chaoyang District Beijing Road No. 10, building 15, floor 17, layer 1701-26, 3 Applicant after: BEIJING QI'ANXIN SCIENCE & TECHNOLOGY CO., LTD. Address before: 100088 Beijing city Xicheng District xinjiekouwai Street 28, block D room 112 (Desheng Park) Applicant before: Beijing Qihoo Technology Co., Ltd. Applicant before: Qizhi Software (Beijing) Co., Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: 100032 Building 3 332, 102, 28 Xinjiekouwai Street, Xicheng District, Beijing Patentee after: Qianxin Technology Group Co., Ltd. Address before: 100016 Jiuxianqiao Chaoyang District Beijing Road No. 10, building 15, floor 17, layer 1701-26, 3 Patentee before: BEIJING QI'ANXIN SCIENCE & TECHNOLOGY CO., LTD. |