CN106529216B - Software authorization system and software authorization method based on public storage platform - Google Patents
Software authorization system and software authorization method based on public storage platform Download PDFInfo
- Publication number
- CN106529216B CN106529216B CN201610955892.XA CN201610955892A CN106529216B CN 106529216 B CN106529216 B CN 106529216B CN 201610955892 A CN201610955892 A CN 201610955892A CN 106529216 B CN106529216 B CN 106529216B
- Authority
- CN
- China
- Prior art keywords
- authorization
- software
- platform
- information
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000003860 storage Methods 0.000 title claims abstract description 57
- 238000000034 method Methods 0.000 title claims abstract description 38
- 238000013475 authorization Methods 0.000 claims abstract description 292
- 238000012795 verification Methods 0.000 claims description 18
- 230000008569 process Effects 0.000 claims description 16
- 230000006854 communication Effects 0.000 claims description 11
- 238000004891 communication Methods 0.000 claims description 9
- 238000009826 distribution Methods 0.000 claims description 8
- 238000004458 analytical method Methods 0.000 claims description 6
- 230000003993 interaction Effects 0.000 claims description 3
- 238000012545 processing Methods 0.000 claims description 3
- 230000002452 interceptive effect Effects 0.000 claims description 2
- 238000012423 maintenance Methods 0.000 abstract description 4
- 230000006399 behavior Effects 0.000 description 9
- 238000011161 development Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 5
- 238000007493 shaping process Methods 0.000 description 5
- 238000005336 cracking Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000008901 benefit Effects 0.000 description 2
- 235000017166 Bambusa arundinacea Nutrition 0.000 description 1
- 235000017491 Bambusa tulda Nutrition 0.000 description 1
- 241001330002 Bambuseae Species 0.000 description 1
- 235000015334 Phyllostachys viridis Nutrition 0.000 description 1
- 230000002159 abnormal effect Effects 0.000 description 1
- 239000011425 bamboo Substances 0.000 description 1
- 238000004883 computer application Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/105—Arrangements for software license management or administration, e.g. for managing licenses at corporate level
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/107—License processing; Key processing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/123—Restricting unauthorised execution of programs by using dedicated hardware, e.g. dongles, smart cards, cryptographic processors, global positioning systems [GPS] devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/606—Protecting data by securing the transmission between two devices or processes
Abstract
The invention provides a software authorization system and a software authorization method based on a public storage platform, wherein the software authorization system comprises an authorization management end, an authorization information database, the public storage platform and an authorization client, the public storage platform can be divided into a plurality of functional platforms such as a log platform, a registration platform, an authorization platform and the like according to different functions of the public storage platform, and a software developer can use a relatively safe network authorization service on the premise of 0 software development cost, 0 hardware investment and maintenance cost.
Description
[ technical field ] A method for producing a semiconductor device
The invention relates to a computer software authorization method, in particular to a software authorization system and a software authorization method based on a common storage platform.
[ background of the invention ]
With the comprehensive popularization of the internet plus, various small tools and application software are launched like spring bamboo shoots. While these tools provide great convenience for our daily work and life, software authorization and copyright management also face great challenges.
Some classical commercial software usually invests in separate hardware equipment, develops a proprietary authorization service program, builds a complete authorization service, and authorizes and manages issued software. Unlike these commercial software, such small-scale application software usually includes a single technical innovation point, and developers do not have much resources and energy for developing the software authorization management system. And compared with the special authorized service, the economic benefit brought by the tool is smaller in input and output. For these reasons, for example, the types of applications requiring payment in Android and IOS application stores are mostly authorized by downloading with payment, so that the authorization has no flexibility.
Conventional network authorization keeps registration or authorization information on the remote authorization server side and can separate critical algorithms from software. During the running process of the software to be authorized, the software to be authorized can interact with the server end irregularly to carry out authorization verification, and the running behavior of the software is determined according to the result.
The difficulty of reverse cracking is increased by using network authorization, and meanwhile, software authorization behaviors can be obtained, and some abnormal authorizations are flexibly managed, so that the authorization for prolonging and stopping is convenient. However, designing and developing a complete network authorization service not only increases the hardware investment of the authorization service terminal, but also increases the development and maintenance costs of software developers. In addition, in general, a common software developer does not have the domain knowledge of the development of the security-type service application, and if the security of the designed authorization service cannot be guaranteed, the realized software authorization will flow in form.
The document is based on the research and implementation of the software authorization control technology of an electronic mail system and an MD5 algorithm [ J ]. computer applications and software, 2003,20(9): 72-74. The software authorization service is realized by storing authorization information by using E-Mail, and the following problems exist:
first, it is not a network authorization mode. It only accesses the authorization E-Mail and downloads the authorization file when the software has no local authorization file or the authorization file is invalid. And the following real authentication process only accesses the generated authorization file. Therefore, the E-Mail only serves as a storage medium for distributing the authorization information in the authorization verification process, and the software authorization process is actually realized through a local authorization file.
Secondly, the safety is poor. It does not mention the method of verifying the validity period, and it is a simple point that the attacker can achieve the purpose of cracking by modifying the system time. The deep entry point, the accessed E-Mail account number and password and whether the communication process is encrypted or not are not described, and an attacker can construct false authorized E-Mail. Furthermore, an attacker can write the software of the registry under the condition of not destroying the integrity of the software to be authorized, generate an authorization file and obtain permanent authorization service.
[ summary of the invention ]
In order to solve the problems, the invention provides a software authorization system and a software authorization method based on a public storage platform, the model is based on the public storage platform, an encryption method is used for protecting authorization information, software authorization service is realized, and a software developer can use safe and flexible software authorization management service on the premise of 0 development cost and 0 hardware investment.
The purpose of the invention is realized by the following technical scheme:
a software authorization system based on a public storage platform comprises an authorization management terminal, an authorization information database, the public storage platform and an authorization client terminal;
the authorization management terminal is used by a software developer and is used for managing a client key, software authorization and a public storage platform;
the authorization information database stores software user registration and authorization information managed by the authorization management terminal and public storage platform account data;
the public storage platform is a log platform, a registration platform and an authorization platform according to different functions; the log platform is used for recording log information in the software client authorization process; the registration platform receives software registration information, and the authorization management terminal generates authorization information according to the software registration information; the authorization platform is used for storing software authorization information;
and the authorization client is embedded into the software to be authorized in the software development stage and interacts with the public storage platform to realize the acquisition and verification of software authorization information.
Further, the common storage platform provides storage services to users using a common protocol or a dedicated interface for publicly accessible free or charged storage space.
Further, the public storage platform comprises Web Server services such as E-Mail, FTP, microblog and blog space and various network cloud disks based on cloud storage.
Further, the authorization management terminal at least has read, write and delete rights to the public storage platform; the authorization client has at least write right to the log platform and the registration platform, and has at least read right to the authorization platform.
Further, the authorization management terminal and the authorization client terminal protect the integrity of the interactive data between the authorization management terminal and the authorization client terminal by using an encryption method, and each of the authorization management terminal and the authorization client terminal has a pair of authorization keys and a public key; the encryption method can use an asymmetric or symmetric encryption method, and when the asymmetric encryption method is used, the authorization key and the public key are respectively a private key and a public key; when a symmetric encryption method is used, the authorization key is the same as the public key.
Further, the authorization management terminal encrypts the authorization information stored in the authorization platform by using an authorization key of the authorization management terminal and a public key of the authorization client terminal, so as to ensure that the authorization information cannot be forged or tampered. The authorization client encrypts the registration information and the log record by using the public key of the authorization management terminal, and then sends the registration information and the log record to the registration platform and the log platform respectively.
Furthermore, data interaction between the authorization management terminal and the authorization client and the public storage platform ensures the integrity of communication data by using SSL secure communication links provided by the public storage platform.
The software authorization method based on the public storage platform comprises the following steps:
(1) a registration request: the software to be authorized sends the registration information to the registration platform through the authorization client, wherein the address and the account number list of the registration platform authorize the key through the authorization management terminal
Storing the encrypted data in an authorized client; the sent registration information uses the public key of the authorization management terminal
Encrypting;
(2) registration processing: the authorization management terminal receives the registration information, respectively generates authorization information and an authorization file, and stores the information into an authorization information database;
(3) authorization information distribution: the authorization management terminal sends the authorization information to the authorization platform, and the authorization information uses the authorization key of the authorization management terminal
Carrying out encryption;
(4) authorization file distribution: the authorization management terminal sends the authorization file to the software user and stores the authorization file in a software storage system to be authorizedIn the system, the authorization file uses an authorization key K of an authorization management terminals-and a public key of an authorized client
And encrypting;
(5) obtaining authorization information: when the software to be authorized runs, the authorization client accesses the authorization platform to acquire encrypted authorization information;
(6) authorization verification: after obtaining the encrypted authorization information, the authorization client uses the public key of the authorization management end
And its own authorization key
Decrypting to obtain plaintext authorization information; then, acquiring the current date and time through a standard time server, verifying the validity period in the authorization information, and performing authorization verification; finally, the authorization client returns a verification result to the software to be authorized to determine the subsequent behavior of the software;
(7) log write: after each registration or authorization is completed, the authorization client encrypts and sends an operation result, software and client information to the log platform;
(8) log analysis and management: and the authorization management terminal analyzes the use condition of the software through the behavior recorded by the log.
The invention has the following advantages:
(1) the software and hardware cost is low
The software authorization system realized by the model of the invention uses a free public storage platform to store the authorization information, thus the investment of hardware and the maintenance cost thereof are not needed. In terms of software overhead, only in the development process, the authorization client is embedded into the software to be authorized, and platform related parameters such as platform account information and a management terminal public key are set. Without concern for development, deployment, and maintenance work for authorization management.
(2) Communication and data encryption
Most of the common public storage platforms at present provide secure communication connection modes, such as SSL, SFTP, HTTPS, etc., and data encryption during communication can be achieved by directly using these connections, thereby ensuring data integrity.
In addition, because the related data quantity such as the authorization information is small, the data stored in the platform can all use an asymmetric encryption mode, the data security is ensured, and meanwhile, the influence of time overhead generated by encryption on the authorization process is small.
(3) High expansibility
The public storage platform has high reliability and can support large concurrency, for example, the number of clients simultaneously accessing the same HTTP page is supported, or the number of users simultaneously logging in the FTP server can be many. Therefore, the software authorization system realized by the invention can achieve the aim of supporting the simultaneous access of a higher number of authorized clients by expanding the number of the account numbers of the platform.
(4) Higher network authorization service security performance
Compared with the traditional network authorization model, the software authorization system based on the public storage platform has no loss of the safety and reliability of the service. And because the clustered service and the technology of the service provider of the public storage platform are accumulated, the performance of the invention in resisting DDoS attack is better than the authorized service built by a developer.
[ description of the drawings ]
FIG. 1 is a schematic diagram of the system architecture and workflow of the present invention;
FIG. 2 is a functional framework diagram of the authorization management side in the embodiment;
FIG. 3 is a functional framework diagram of an authorization client in an embodiment;
FIG. 4 is a flowchart illustrating the process of verifying the authorization of the software to be authorized in the embodiment.
[ detailed description ] embodiments
The technical solution of the present invention will be described in detail and fully with reference to the following examples, and it should be understood that the described examples are only a part of the examples of the present invention, and not all of the examples. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The common storage platform based software authorization system 100 of the present invention mainly comprises 5 modules, as shown in fig. 1. The system comprises an authorization management terminal 101, an authorization information database 102, a public storage platform 103 and an authorization client 104; the common storage platform 103 is divided into a log platform 1031, a registration platform 1032 and an authorization platform 1033 according to different functions; the log platform 1031 is used for recording log information in the software client authorization process; the registration platform 1032 receives the software registration information, and the authorization management terminal 101 generates authorization information according to the software registration information; authorization platform 1033 is used to store software authorization information;
the three types of platforms in the dashed box store and exchange data such as registrations, authorizations, and logs in the authorization process by means of existing common storage platforms 103, e.g., E-Mail, FTP, Web Server, etc. The authorization management is controlled by the software developer to manage the distribution of client keys, authorization information, and public platforms. The figure in the figure is the system work flow sequence; the italic content in each module is the data information and the owned key stored by the corresponding module.
The specific description is as follows:
the authorization management terminal 101: the authorization of software and various common platform accounts can be managed;
registration platform 1032: the software developer generates authorization information according to the contents;
authorization platform 1033: storing the authorized information for the software to be authorized to read and verify;
log platform 1031: recording log information when an authorized client side carries out authorized access, and allowing a software developer to analyze the behavior of the software user, wherein the log information is used as an authorization management basis;
the authorization client 104: the software is embedded in the software to be authorized in the software development process, and interacts with a registration, authorization and log platform to realize the normal software authorization function.
Data module
Before describing the workflow of the present invention, a description of the pairs of keys and key data information used in the system is first presented.
Authorization management side key: includes a pair of authorization keys
And a public key
The authorization key is only used at the authorization manager 101 and the public key is attached to each of the authorization clients 104.
Authorization of client Key: a pair of authorization keys for each authorization client 104
And a public key
The authorization key is stored in an authorization file and the public key is stored in the authorization information database 102.
Communication key: the SSL connection is established by the certificate provided by the public platform in the communication process, and the SSL connection is not limited and managed by the invention.
Registration information (reg _ info): the authorization client 104 provides the software operating environment identification code and the basic user information, such as the user name, the registered mailbox, and the like.
Authorization information (auth _ info): generated by the authorization management terminal 101 according to the registration information, and stored in the authorization platform 1033. Including software identification code, authorized client identification code, authorized validity period and the like.
Authorization file (auth _ file): generated by the authorization management terminal 101, sent to and stored in the local storage system of the software to be authorized. Authorization Key containing authorization client 104
Address and account information of authorization platform 1033, and the like。
Workflow process
The whole work flow of the invention can be divided into four parts of registration, authorized distribution, authorized verification and log recording. Next, the respective processes of the present invention will be described in the order of numerals in fig. 1. The data interaction of each process is carried out by using an SSL encrypted communication link.
Registration procedure
1. And (6) registering the request. The software to be authorized sends the registration information to the registration platform 1032, wherein the address and account list of the registration platform 1032 passes through the authorization key of the authorization management terminal 101
Encrypted and stored in the authorized client 104. The transmitted registration information uses its public key
And (4) encrypting.
2. And (6) registration processing. The authorization management terminal 101 receives the registration information, generates authorization information and an authorization file, respectively, and stores these pieces of information in the authorization information database 102.
Authorized distribution
3. And distributing the authorization information. The authorization management side 101 sends authorization information to the authorization platform 1033, and the authorization information is encrypted by using an authorization key of the authorization management side 101 and a public key of the authorization client side 104.
4. File distribution is authorized. And sending the authorization file to the software user, and storing the authorization file in a software storage system to be authorized. The authorization file is encrypted using the authorization key of the authorization management terminal 101.
Authorization verification
5. And obtaining the authorization information. When the software to be authorized runs, the authorization client 104 accesses the authorization platform 1033 to obtain the encrypted authorization information.
6. And (4) authorization verification. After obtaining the encrypted authorization information, the authorization client 104 decrypts the encrypted authorization information by using the public key of the authorization management terminal 101 and the authorization key thereof, and obtains the authorization information in plaintext. And then, acquiring the current date and time through a standard time server, verifying the validity period in the authorization information, and performing authorization verification. And finally, the authorization client 104 returns a verification result to the software to be authorized to determine the subsequent behavior of the software.
Log logging
7. And (6) log writing. After each registration or authorization is completed, the authorization client 104 encrypts the operation result, the software and the client information and sends the encrypted operation result, software and client information to the log platform 1031.
8. And log analysis and management. The authorization management terminal 101 analyzes the usage of the software according to the behavior recorded by the log. For example, whether malicious cracking exists or not is taken as the basis of authorization management.
The following describes a technical solution of the present invention by using a free FTP as a public storage platform and using an asymmetric encryption technology as an encryption method in combination with the accompanying drawings in the embodiments of the present invention.
1. Authorization management terminal
Fig. 2 is a functional block diagram of the authorization management side 101 in the embodiment, and the user layer includes specific functions used by a software developer, such as account management of a common storage platform, software authorization management, authorization log analysis, and the like. The interface layer provides a set of interfaces for operating data in the common storage platform.
(1) Database table structure
In this embodiment, Microsoft Access is used as the authorization database, and the authorization database mainly includes two data tables, as shown in tables 1 and 2.
TABLE 1 platform information Table
TABLE 2 authorization information Table
| Field(s) | Type (B) | Size and breadth | Description of the invention |
| Aid | Automatic numbering | Long shaping type | Recording ID |
| Lpid | Number of | Long shaping type | Association journal platform ID |
| Rpid | Number of | Long shaping type | Association registration platform ID |
| Apid | Number of | Long shaping type | Association authorization platform ID |
| Ackey | Text | 255 | Public key |
| Askey | Text | 255 | Authorization key |
| Astatus | Number of | Shaping machine | Authorization status |
| Ardate | Date/time | General date | Last on-line time |
| Aedate | Date/time | General date | Authorization expiration time |
(2) Platform management
The platform management mainly manages account information of the public storage platform, including adding, modifying and deleting platform addresses, user names, passwords and the like.
(3) Registration management
And after receiving the new registration information, distributing a public storage platform account number for the new registration information, and generating a random encryption key pair. Then, the authorization information and the authorization file are generated respectively and stored in the authorization information database 102. And finally writes the authorization information into authorization platform 1033.
(4) Log analysis
The authorization management terminal 101 automatically obtains the log information from the log platform, so that the software developer can analyze the software user behavior, and the analysis is used as the authorization management basis.
(5) Authorization management
After the registration is completed, the software developer can dynamically manage the authorization state, the validity period and the like.
2. Authorization client
The authorized client sends registration information to registration platform 1032 without registering. After registration is completed, authorization information is obtained from authorization platform 1033 and verified. During the registration and authorization process, the log is sent to the log platform 1031.
Fig. 3 is a functional block diagram of the authorization client 104 in an embodiment, where the user layer is a specific function used by the authorization client 104, and the interface layer provides an interface for operating data in the common storage platform.
Fig. 4 is a flowchart of the operation of authorization client 104 for registration and authorization verification. And after the verification is finished, informing the software to be authorized of the authorization verification result, and determining the subsequent operation behavior by the software according to the result.
The foregoing is a preferred embodiment of the present invention, and various modifications and substitutions can be made by those skilled in the art without departing from the technical principle of the present invention, and should be considered as the protection scope of the present invention.
Claims (3)
1. A software authorization system based on a common storage platform, characterized in that: the system comprises an authorization management terminal (101), an authorization information database (102), a public storage platform (103) and an authorization client terminal (104);
the authorization management terminal (101) is used by a software developer and used for managing (103) an authorization client key, software authorization and a public storage platform;
the authorization information database (102) stores software user registration and authorization information managed by the authorization management terminal (101) and public storage platform account information;
the common storage platform (103) is divided into a log platform (1031), a registration platform (1032) and an authorization platform (1033) according to different functions of the common storage platform; the log platform (1031) is used for recording log information in the software authorization process; the registration platform (1032) receives software registration information, and the authorization management terminal (101) generates authorization information according to the software registration information; an authorization platform (1033) for storing software authorization information;
the authorization client (104) is embedded into the software to be authorized in the software development stage and interacts with the public storage platform (103) to realize the acquisition and verification of software authorization information;
the public storage platform (103) provides storage services to users using a general protocol or a dedicated interface for publicly accessible free or charged storage space; the public storage platform (103) comprises Web Server services such as E-Mail, FTP, microblog and blog spaces and various network cloud disks based on cloud storage;
the authorization management terminal (101) at least has read, write and delete rights to the public storage platform (103); the authorization client (104) has at least write right for the log platform (1031) and the registration platform (1032), and at least read right for the authorization platform (1033);
the method comprises the following steps that an authorization management terminal (101) and an authorization client (104) protect integrity of interactive data between the authorization management terminal and the authorization client, the authorization management terminal (101) and the authorization client (104) respectively have a pair of authorization keys and a public key, the encryption method is an asymmetric or symmetric encryption method, and when the asymmetric encryption method is used, the authorization keys and the public key are respectively a private key and a public key; when a symmetric encryption method is used, the authorization key is the same as the public key;
the authorization management terminal (101) encrypts authorization information stored in the authorization platform (1033) by using an authorization key of the authorization management terminal (101) and a public key of an authorization client terminal (104) to ensure that the authorization information cannot be forged or tampered; the authorization client (104) encrypts the registration information and the log record by using the public key of the authorization management terminal (101), and then sends the registration information and the log record to the registration platform (1032) and the log platform (1031) respectively.
2. The common storage platform based software authorization system according to claim 1, characterized in that: data interaction between the authorization management terminal (101) and the authorization client terminal (104) and the public storage platform (103) ensures the integrity of communication data by utilizing an SSL secure communication link provided by the public storage platform (103).
3. A software authorization method based on the system of claim 1, characterized in that it comprises the following steps:
(1) a registration request: the software to be authorized sends the registration information to the registration platform (1032) through the authorization client (104), wherein the address and account list of the registration platform (1032) authorizes the key through the authorization management terminal (101)
Storing the encrypted data in an authorized client (104); the transmitted registration information uses the public key of the authorization management terminal (101)
Encrypting;
(2) registration processing: the authorization management terminal (101) receives the registration information, respectively generates authorization information and an authorization file, and stores the information into an authorization information database (102);
(3) authorization information distribution: the authorization management terminal (101) sends the authorization information to the authorization platform (1033), and the authorization information uses the authorization key of the authorization management terminal (101)
Carrying out encryption;
(4) authorization file distribution: the authorization management terminal (101) sends the authorization file to the software user, the authorization file is stored in the software storage system to be authorized, and the authorization file uses the authorization key of the authorization management terminal (101)
And a public key of the authorized client (104)
Carrying out encryption;
(5) authorization information acquisition: when the software to be authorized runs, an authorization client (104) accesses an authorization platform (1033) to acquire encrypted authorization information;
(6) authorization verification: after obtaining the encrypted authorization information, the authorization client (104) uses the public key of the authorization management terminal (101)
And authorizing client (104) authorization key
Decrypting to obtain plaintext authorization information; then, acquiring the current date and time through a standard time server, verifying the validity period in the authorization information, and performing authorization verification; finally, the authorization client (104) returns a verification result to the software to be authorized to determine the subsequent behavior of the software;
(7) log write: after each registration or authorization is completed, the authorization client (104) encrypts and sends the operation result, the software and the client information to the log platform (1031);
(8) log analysis and management: and the authorization management terminal (101) analyzes the use condition of the software through the behavior recorded by the log.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610955892.XA CN106529216B (en) | 2016-10-27 | 2016-10-27 | Software authorization system and software authorization method based on public storage platform |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610955892.XA CN106529216B (en) | 2016-10-27 | 2016-10-27 | Software authorization system and software authorization method based on public storage platform |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106529216A CN106529216A (en) | 2017-03-22 |
| CN106529216B true CN106529216B (en) | 2022-04-22 |
Family
ID=58325509
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610955892.XA Active CN106529216B (en) | 2016-10-27 | 2016-10-27 | Software authorization system and software authorization method based on public storage platform |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106529216B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106934261A (en) * | 2017-03-31 | 2017-07-07 | 山东超越数控电子有限公司 | A kind of storage of license information and extracting method based on database |
| CN109241705A (en) * | 2018-08-29 | 2019-01-18 | 中科鼎富(北京)科技发展有限公司 | A kind of software authorization method and system |
| CN109584002A (en) * | 2018-11-24 | 2019-04-05 | 深圳市晓舟科技有限公司 | Shopping recommender system |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101860525A (en) * | 2009-09-25 | 2010-10-13 | 深圳市安捷信联科技有限公司 | Realizing method of electronic authorization warrant, intelligent terminal, authorization system and verification terminal |
| CN103152336A (en) * | 2013-02-22 | 2013-06-12 | 浪潮电子信息产业股份有限公司 | Distributed authorization and authentication method in cloud computing environment |
| CN103906054A (en) * | 2012-12-28 | 2014-07-02 | 上海农业信息有限公司 | Method and system for authorization of software function modules of internet of things |
| CN104050397A (en) * | 2013-03-11 | 2014-09-17 | 钱景 | Method and system for controlling and managing software |
| CN104601551A (en) * | 2014-12-25 | 2015-05-06 | 重庆森鑫炬科技有限公司 | Security verification system for software product |
| CN105025012A (en) * | 2015-06-12 | 2015-11-04 | 深圳大学 | An access control system and an access control method thereof oriented towards a cloud storage service platform |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6799277B2 (en) * | 1998-06-04 | 2004-09-28 | Z4 Technologies, Inc. | System and method for monitoring software |
| EP2820794B1 (en) * | 2012-02-27 | 2020-01-01 | Deshpande, Nachiket Girish | Authentication and secured information exchange system, and method therefor |
| CN103078858B (en) * | 2012-12-31 | 2015-08-26 | 上海同岩土木工程科技有限公司 | Based on the soft ware authorization trial method of web services and signing certificate |
| CN103491097B (en) * | 2013-09-30 | 2016-07-13 | 华中师范大学 | Software authorization system based on public-key cryptosystem |
| CN104700002B (en) * | 2013-12-05 | 2018-02-27 | 航天信息软件技术有限公司 | A kind of method of software protection, mandate and registration |
-
2016
- 2016-10-27 CN CN201610955892.XA patent/CN106529216B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101860525A (en) * | 2009-09-25 | 2010-10-13 | 深圳市安捷信联科技有限公司 | Realizing method of electronic authorization warrant, intelligent terminal, authorization system and verification terminal |
| CN103906054A (en) * | 2012-12-28 | 2014-07-02 | 上海农业信息有限公司 | Method and system for authorization of software function modules of internet of things |
| CN103152336A (en) * | 2013-02-22 | 2013-06-12 | 浪潮电子信息产业股份有限公司 | Distributed authorization and authentication method in cloud computing environment |
| CN104050397A (en) * | 2013-03-11 | 2014-09-17 | 钱景 | Method and system for controlling and managing software |
| CN104601551A (en) * | 2014-12-25 | 2015-05-06 | 重庆森鑫炬科技有限公司 | Security verification system for software product |
| CN105025012A (en) * | 2015-06-12 | 2015-11-04 | 深圳大学 | An access control system and an access control method thereof oriented towards a cloud storage service platform |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106529216A (en) | 2017-03-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11314891B2 (en) | Method and system for managing access to personal data by means of a smart contract | |
| Lim et al. | Blockchain technology the identity management and authentication service disruptor: a survey | |
| US11757641B2 (en) | Decentralized data authentication | |
| CN103563294B (en) | Certification and authorization method for cloud computing platform security | |
| CN105103488B (en) | By the policy Enforcement of associated data | |
| CN109257209A (en) | A kind of data center server centralized management system and method | |
| CN109787988A (en) | A kind of identity reinforces certification and method for authenticating and device | |
| KR20160138063A (en) | Techniques to operate a service with machine generated authentication tokens | |
| US8818906B1 (en) | Systems and methods for performing authentication of a customer interacting with a banking platform | |
| CN101965574B (en) | Authentication information generation system, authentication information generation method and a client device | |
| CN103259663A (en) | User unified authentication method in cloud computing environment | |
| CN103179134A (en) | Single sign on method and system based on Cookie and application server thereof | |
| CN100397814C (en) | Uniform identication method and system based on network | |
| CN103152179A (en) | Uniform identity authentication method suitable for multiple application systems | |
| CN106302606B (en) | Across the application access method and device of one kind | |
| CN108632241B (en) | Unified login method and device for multiple application systems | |
| CN113748657B (en) | Method, node, system and computer readable storage medium for license authentication | |
| WO2023009969A1 (en) | Non-fungible token authentication | |
| CN109150547A (en) | A kind of system and method for the digital asset real name registration based on block chain | |
| CN114666168B (en) | Decentralized identity certificate verification method and device, and electronic equipment | |
| CN106529216B (en) | Software authorization system and software authorization method based on public storage platform | |
| MX2007013310A (en) | Method, system, and program product for connecting a client to a network. | |
| CN114760070A (en) | Digital certificate issuing method, digital certificate issuing center and readable storage medium | |
| CN115514578B (en) | Block chain based data authorization method and device, electronic equipment and storage medium | |
| CN116346415A (en) | Multi-factor login authentication method and device for industrial control PLC system and PLC system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |