CN107247891B - Method for realizing software distribution control by adopting hybrid encryption algorithm - Google Patents
Method for realizing software distribution control by adopting hybrid encryption algorithm Download PDFInfo
- Publication number
- CN107247891B CN107247891B CN201710261600.7A CN201710261600A CN107247891B CN 107247891 B CN107247891 B CN 107247891B CN 201710261600 A CN201710261600 A CN 201710261600A CN 107247891 B CN107247891 B CN 107247891B
- Authority
- CN
- China
- Prior art keywords
- software
- information
- certificate file
- certificate
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 17
- 239000000284 extract Substances 0.000 claims abstract description 4
- 230000008676 import Effects 0.000 claims abstract description 4
- 241000282472 Canis lupus familiaris Species 0.000 claims description 48
- 230000006870 function Effects 0.000 description 21
- 238000009434 installation Methods 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/123—Restricting unauthorised execution of programs by using dedicated hardware, e.g. dongles, smart cards, cryptographic processors, global positioning systems [GPS] devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/101—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities
- G06F21/1014—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities to tokens
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Radar, Positioning & Navigation (AREA)
- Remote Sensing (AREA)
- Storage Device Security (AREA)
Abstract
A method for realizing software release control by adopting a hybrid encryption algorithm comprises the following steps: s1, establishing a database by the background controller; s2, starting software by a user, acquiring the unique identification information of the computer, and sending a certificate file to the background controller; s3, the background controller distributes a hardware dog for the user, extracts the decoding information of the purchased software function module, and transmits a certificate back to the computer installed with the software; s4, the user receives the certificate file and the hardware dog, inserts the hardware dog into the computer and imports the certificate file; and acquiring decoding information of the purchased software functional module, matching the decoding information with the corresponding functional module in the software, and operating the purchased software functional module. The hybrid encryption algorithm realizes the security certificate module for performing certificate control on the background controller, namely the registration system and the outgoing software, has double protection of hardware encryption and soft encryption, has high security, and can be used in all occasions needing software use control.
Description
Technical Field
The invention relates to a security certificate module for controlling software release, which is realized by adopting a hybrid encryption algorithm, controls the time efficiency and the function point of the software release, and is suitable for controlling commercial paid software and keeping the confidentiality of company scientific research technology.
Background
At present, the software architecture on the PC mainly comprises B/S (browser Server), C/S (client Server) and local software which does not need a server.
Commercial BS architecture software is generally a large data system deployed on a client server to implement web page access, and this system may be operated in a local area network or a public network environment, and a person skilled in the art can easily obtain a deployment package in a server web server to deploy and use the system.
Commercial CS framework software and local software are generally given to customers in the form of installation packages, and automatic installation and use are carried out through the installation packages
For commercial software of a company or software containing self-developed technology, in order to ensure that profits can be recovered from the outside or the technology is not embezzled or imitated maliciously, it is necessary to control the release of the software by using a security certificate module.
At present, most commercial software in the market adopts a registration code verification mechanism, and the problems that multiple computers use one registration code or the time is changed to continue using the registration code are easy to occur.
Disclosure of Invention
The invention aims to solve the problem of providing a security certificate module which is realized by adopting a hybrid encryption algorithm and used for issuing control to software, uniformly managing BS, CS and local software, having the functions of hardware encryption and soft encryption, being compatible with most development languages and being capable of crossing PC platforms. Based on these traits, C + + is adopted as a development language, and a security module used by the registration system and software, respectively, is generated.
The technical scheme of the invention is as follows:
a method for realizing software distribution control by adopting a hybrid encryption algorithm adopts a hardware dog and a background controller, and comprises the following steps:
s1, the background controller establishes a database, records user information, purchase information and certificate file generation records, the user information comprises computer unique identification information (comprising one or a combination of more of MAC address, hard disk physical serial number and CPUID) and hardware dogs allocated to the user information, the purchase information comprises a software function module and a validity period, and the certificate file generation records comprise user information and purchase information;
s2, the user starts software to obtain the unique identification information of the computer, and stores the information in the certificate file, and sends the certificate file to the background controller (the user communicates with the background controller, transmits the certificate file, or prints the certificate file, and sends the certificate file to the background controller by mail or fax);
s3, the background controller allocates a hardware dog for the user, extracts the decoding information of the purchased software function module, loads the decoding information, the validity period and the hardware dog information of the software function module purchased by the user into a certificate file, and transmits the information back to the computer installed with the software; (the user can also purchase software in advance, select the required function module and the validity period, store the function module and the validity period in the database, and call corresponding purchase information by the background controller for configuration when the user starts the software); the background controller generates a record of the certificate file and stores the record;
s4, the user receives the certificate file and the hardware dog, inserts the hardware dog into the computer and imports the certificate file; and matching the hardware dog information in the certificate with the inserted hardware dog, if the matching fails, stopping running, if the matching succeeds, acquiring decoding information of the purchased software functional module, matching the decoding information with the corresponding functional module in the software, running the purchased software functional module, and controlling the running time of the purchased software functional module according to the validity period.
Further, in step S2, the unique identification information of the computer is encrypted and stored in the certificate file, and correspondingly, the background controller decrypts the unique identification information in the certificate file; the encryption method is an MD5 encryption method.
Further, in step S3, a clock module is configured in the hardware dog, in corresponding step S4, the clock module in the hardware dog is configured correspondingly according to the validity period of the software, the user runs the function module of the purchased software, and determines whether the usage time expires according to the clock in the hardware dog.
Further, when the user needs to replace the running software of the computer, the background controller calls corresponding software function module information and the residual service time in the generated record according to the newly acquired unique identification information of the computer, and regenerates the certificate and record of the software and the hardware dog after the computer is replaced.
Further, in step S2, the software is started to generate RSA2048 key pair a including public key PKA and private key SKA, store the public key PKA and the unique identification information of the computer in the certificate file, and send the certificate file to the background controller;
in step S3, the background controller generates an RSA2048 KEY pair B including a public KEY PKB and a private KEY SKB, and randomly generates an AES KEY, encrypts the AES KEY using the private KEY SKB and the public KEY PKA in sequence, encrypts the certificate file including the software function module decoding information, the validity period, and the hardware dog information generated in this step using the encrypted KEY, and sends the encrypted certificate file and the public KEY PKB to the user;
in step S4, after acquiring the certificate file, the software decrypts and verifies the certificate file by using the private KEY SKA and the public KEY PKB in sequence to obtain the AES KEY, and decrypts the certificate file by using the KEY to obtain the information of the certificate.
The invention has the beneficial effects that:
the hybrid encryption algorithm realizes the security certificate module for performing certificate control on the background controller, namely the registration system and the outgoing software, has double protection of hardware encryption and soft encryption, has high security, and can be used in all occasions needing software use control.
In the invention, the clock module is arranged in the hardware dog, so that the service cycle of the software is realized by depending on the issued hardware dog, and the problem of inaccurate clock of a user computer or clock tampering is effectively prevented.
Detailed Description
The present invention is further described below in connection with examples, which although preferred embodiments, it should be understood that the present invention may be embodied in various forms and should not be limited to the embodiments set forth herein.
A method for realizing software distribution control by adopting a hybrid encryption algorithm adopts a hardware dog and a background controller, and comprises the following steps:
s1, the background controller establishes a database, records user information, purchase information and certificate file generation records, the user information comprises computer unique identification information (comprising one or a combination of more of MAC address, hard disk physical serial number and CPUID) and hardware dogs allocated to the user information, the purchase information comprises a software function module and a validity period, and the certificate file generation records comprise user information and purchase information;
s2, the user starts software to obtain the unique identification information of the computer, the information MD5 is encrypted and stored in the certificate file, and the certificate file is sent to the background controller (the user communicates with the background controller, transmits the certificate file, or prints the certificate file, and sends the certificate file to the background controller in a mail or fax mode);
s3, the background controller allocates a hardware dog for the user, extracts the decoding information of the purchased software function module, loads the decoding information, the validity period and the hardware dog information of the software function module purchased by the user into a certificate file, and transmits the information back to the computer installed with the software; (the user can also purchase software in advance, select the required function module and the validity period, store the function module and the validity period in the database, and call corresponding purchase information by the background controller for configuration when the user starts the software); the background controller generates a record of the certificate file and stores the record;
s4, the user receives the certificate file and the hardware dog, inserts the hardware dog into the computer and imports the certificate file; and matching the hardware dog information in the certificate with the inserted hardware dog, if the matching fails, stopping running, if the matching succeeds, acquiring decoding information of the purchased software functional module, matching the decoding information with the corresponding functional module in the software, running the purchased software functional module, and controlling the running time of the purchased software functional module according to the validity period.
Further, in step S3, a clock module is configured in the hardware dog, in corresponding step S4, the clock module in the hardware dog is configured correspondingly according to the validity period of the software, the user runs the function module of the purchased software, and determines whether the usage time expires according to the clock in the hardware dog.
Further, when the user needs to replace the running software of the computer, the background controller calls corresponding software function module information and the residual service time in the generated record according to the newly acquired unique identification information of the computer, and regenerates the certificate and record of the software and the hardware dog after the computer is replaced.
Further, in step S2, the software is started to generate RSA2048 key pair a including public key PKA and private key SKA, store the public key PKA and the unique identification information of the computer in the certificate file, and send the certificate file to the background controller;
in step S3, the background controller generates an RSA2048 KEY pair B including a public KEY PKB and a private KEY SKB, and randomly generates an AES KEY, encrypts the AES KEY using the private KEY SKB and the public KEY PKA in sequence, encrypts the certificate file including the software function module decoding information, the validity period, and the hardware dog information generated in this step using the encrypted KEY, and sends the encrypted certificate file and the public KEY PKB to the user;
in step S4, after acquiring the certificate file, the software decrypts and verifies the certificate file by using the private KEY SKA and the public KEY PKB in sequence to obtain the AES KEY, and decrypts the certificate file by using the KEY to obtain the information of the certificate.
In the specific implementation:
the implementation of the whole set of solution requires the cooperation of a background control system and a hardware dog.
A third party encryption library of open source Cryptopp is used in the encryption aspect;
in the aspect of hardware dog, a SafeNet series of softdog is used, a virtual clock is arranged in the hardware dog, and part of implementation codes are as follows:
and acquiring unique information, an MAC address, a hard disk physical serial number and a CPUID of the computer.
Windows uses wmi service to obtain, Linux system uses assembly instruction to obtain, part realizes the code as follows:
interface:
1. obtaining a registration code for use by a registration system
EXPORT_API int __stdcall STDCALL_GET_LICENSEKEY
(char LICENSE KEY- -returned LICENSE result
const char _ ID, -systematic code
const char ACTIVE DATE, - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
const char ACTIVE _ QUANTITY, -number of users
const char _ SOFTWARE identifier
const char FUNCTION POINT
const char IS USEDOG)), hardware dog information
2. Obtaining hardware dog state-universal interface
EXPORT_API int __stdcall STDCALL_GET_DOGSTATUS(
char DOG STATUS), a returned hardware DOG STATUS
3. Obtaining a unique identifier for use by a non-registered system
EXPORT_API int __stdcall STDCALL_GET_LICENSE_ID(
char LICENSE _ ID, -returned system code
);
4. Obtaining the verification result-used by the unregistered system
EXPORT_API int __stdcall STDCALL_VALIDATE (
charx EXPIRE, -returned due date
char FUNCTION, return FUNCTION point
CAPACITY of char CAPACITY
const char KEY, register code
const char SOFTWARE source SOFTWARE identifier
Having described embodiments of the present invention, the foregoing description is intended to be exemplary, not exhaustive, and not limited to the embodiments disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the described embodiments.
Claims (7)
1. A method for realizing software distribution control by adopting a hybrid encryption algorithm is characterized in that a hardware dog and a background controller are adopted, and the method comprises the following steps:
s1, the background controller establishes a database, records user information, purchase information and certificate file generation records, wherein the user information comprises computer unique identification information and hardware dogs distributed to the computer unique identification information, the purchase information comprises a software function module and a validity period, and the certificate file generation records comprise the user information and the purchase information;
s2, the user starts the software, obtains the unique identification information of the computer, saves the information in the certificate file, and sends the certificate file to the background controller;
s3, the background controller allocates a hardware dog for the user, extracts the decoding information of the purchased software function module, loads the decoding information, the validity period and the hardware dog information of the software function module purchased by the user into a certificate file, and transmits the information back to the computer installed with the software; the background controller generates a record of the certificate file and stores the record;
s4, the user receives the certificate file and the hardware dog, inserts the hardware dog into the computer and imports the certificate file; matching the hardware dog information in the certificate with the inserted hardware dog, if the matching fails, stopping running, if the matching succeeds, acquiring decoding information of the purchased software functional module, matching the decoding information with the corresponding functional module in the software, running the purchased software functional module, and controlling the running time of the purchased software functional module according to the validity period;
in step S2, software is started to generate an RSA2048 key pair a including a public key PKA and a private key SKA, store the public key PKA and unique identification information of the computer in a certificate file, and send the certificate file to the background controller;
in step S3, the background controller generates an RSA2048 KEY pair B including a public KEY PKB and a private KEY SKB, and randomly generates an AES KEY, encrypts the AES KEY using the private KEY SKB and the public KEY PKA in sequence, encrypts the certificate file including the software function module decoding information, the validity period, and the hardware dog information generated in this step using the encrypted KEY, and sends the encrypted certificate file and the public KEY PKB to the user;
in step S4, after acquiring the certificate file, the software decrypts and verifies the certificate file by using the private KEY SKA and the public KEY PKB in sequence to obtain the AES KEY, and decrypts the certificate file by using the KEY to obtain the information of the certificate.
2. The method for implementing software distribution control using hybrid encryption algorithm as claimed in claim 1, wherein in step S1, the unique identification information includes: a combination of one or more of a MAC address, a hard disk physical serial number, and a CPUID.
3. The method for controlling software release by using hybrid encryption algorithm as claimed in claim 1, wherein in step S2, the unique identification information of the computer is encrypted and stored in the certificate file, and the corresponding background controller decrypts the unique identification information in the certificate file.
4. The method for implementing software release control using hybrid encryption algorithm as claimed in claim 3, wherein said encryption method is MD5 encryption method.
5. The method for realizing software distribution control by using hybrid encryption algorithm as claimed in claim 1, wherein in step S3, the hardware dog is configured with a clock module, in corresponding step S4, the clock module in the hardware dog is configured correspondingly according to the validity period of software usage, the user runs the function module of the purchased software, and determines whether the usage time is due according to the clock in the hardware dog.
6. The method for realizing software release control by adopting a hybrid encryption algorithm as claimed in claim 1, wherein when a user needs to replace the running software of the computer, the background controller calls the corresponding software function module information and the remaining use time in the generated record according to the newly acquired unique identification information of the computer, and regenerates the certificate and record of the software and the hardware dog after replacing the computer.
7. The method for implementing software release control by using hybrid encryption algorithm as claimed in claim 1, wherein in step S2, the user communicates with the background controller, transmits the certificate file, or prints the certificate file, and sends the certificate file to the background controller by mail or fax.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710261600.7A CN107247891B (en) | 2017-04-20 | 2017-04-20 | Method for realizing software distribution control by adopting hybrid encryption algorithm |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710261600.7A CN107247891B (en) | 2017-04-20 | 2017-04-20 | Method for realizing software distribution control by adopting hybrid encryption algorithm |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107247891A CN107247891A (en) | 2017-10-13 |
| CN107247891B true CN107247891B (en) | 2020-02-28 |
Family
ID=60016840
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710261600.7A Active CN107247891B (en) | 2017-04-20 | 2017-04-20 | Method for realizing software distribution control by adopting hybrid encryption algorithm |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107247891B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110032831A (en) * | 2018-01-11 | 2019-07-19 | 上海有云信息技术有限公司 | The generation method of software certificate, apparatus and system |
| CN110502909B (en) * | 2019-08-06 | 2021-06-01 | 北京北信源软件股份有限公司 | File encryption method and device and file decryption method and device |
| CN113051532A (en) * | 2019-12-27 | 2021-06-29 | 施德朗(广州)电气科技有限公司 | Software authorization method and device, computer equipment and storage medium |
| CN111339520B (en) * | 2020-02-24 | 2022-07-22 | 南京南瑞继保电气有限公司 | Hardware dog-based online control method, electronic equipment and storage medium |
| CN113572600B (en) * | 2020-12-31 | 2024-03-01 | 广东国腾量子科技有限公司 | Quantum key safe storage system |
| CN115134331A (en) * | 2022-05-26 | 2022-09-30 | 四川福泰美科技有限公司 | System and method for generating unique identifier of industrial Internet of things |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2015267A2 (en) * | 2007-06-26 | 2009-01-14 | Aruze Corporation | Game processing apparatus for performing area authentication of gaming information |
| CN103942472A (en) * | 2014-04-14 | 2014-07-23 | 立德高科(北京)数码科技有限责任公司 | Method and device used for preventing unauthorized user from starting software |
| CN104517042A (en) * | 2013-09-29 | 2015-04-15 | 北京行的科技有限公司 | Use authority method and device of intelligent interactive toys |
| CN104850764A (en) * | 2015-05-22 | 2015-08-19 | 东信和平科技股份有限公司 | Smart card based software protection method and system |
| CN106548043A (en) * | 2016-11-01 | 2017-03-29 | 广东浪潮大数据研究有限公司 | A kind of authorization method of application program, installation method, installation end and system |
-
2017
- 2017-04-20 CN CN201710261600.7A patent/CN107247891B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2015267A2 (en) * | 2007-06-26 | 2009-01-14 | Aruze Corporation | Game processing apparatus for performing area authentication of gaming information |
| CN104517042A (en) * | 2013-09-29 | 2015-04-15 | 北京行的科技有限公司 | Use authority method and device of intelligent interactive toys |
| CN103942472A (en) * | 2014-04-14 | 2014-07-23 | 立德高科(北京)数码科技有限责任公司 | Method and device used for preventing unauthorized user from starting software |
| CN104850764A (en) * | 2015-05-22 | 2015-08-19 | 东信和平科技股份有限公司 | Smart card based software protection method and system |
| CN106548043A (en) * | 2016-11-01 | 2017-03-29 | 广东浪潮大数据研究有限公司 | A kind of authorization method of application program, installation method, installation end and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107247891A (en) | 2017-10-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107247891B (en) | Method for realizing software distribution control by adopting hybrid encryption algorithm | |
| US20210365528A1 (en) | Controlling access to digital assets | |
| US8763159B1 (en) | System and method for application license management in virtual environments | |
| WO2018024061A1 (en) | Method, device and system for licensing shared digital content | |
| US8230222B2 (en) | Method, system and computer program for deploying software packages with increased security | |
| WO2017063523A1 (en) | Service authentication method, apparatus and system | |
| EP0909413B1 (en) | Distribution and controlled use of software products | |
| US10678893B2 (en) | Methods and related apparatus for managing access to digital assets | |
| CN104756127A (en) | Secure data handling by a virtual machine | |
| US20060088167A1 (en) | Method and system for backup and restore of a context encryption key for a trusted device within a secured processing system | |
| CN101872404B (en) | Method for protecting Java software program | |
| JP2001067135A (en) | Prevention against illegal usage of function work in electric communication system | |
| CN101256607B (en) | Method for remote updating and controlling use of software protection apparatus | |
| JP2004110646A (en) | License issuance server, processor, software execution management device, license issuance method and license issuance program | |
| JP2011048661A (en) | Virtual server encryption system | |
| CN104104692A (en) | Virtual machine encryption method, decryption method and encryption-decryption control system | |
| CN103347090A (en) | Software license management system based on enterprise network | |
| CN111782344A (en) | Method and system for providing password resources and host machine | |
| US6651169B1 (en) | Protection of software using a challenge-response protocol embedded in the software | |
| CN103403729A (en) | Secure management and personalization of unique code signing keys | |
| US20120047074A1 (en) | Methods of protecting software programs from unauthorized use | |
| CN111984936A (en) | Authorization allocation method, device, server and storage medium | |
| CN101119255A (en) | Dotnet LAN software encrypting service terminal activation method | |
| US20080313743A1 (en) | Network Software License Management and Piracy Protection | |
| JP2004234591A (en) | Update system, disclosure server, terminal, license issuing server, and program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20210420 Address after: Qidong City, Jiangsu province 226200 Nantong City Lin Yang Lu No. 666 Patentee after: JIANGSU LINYANG ENERGY Co.,Ltd. Patentee after: Nanjing Linyang Electric Co.,Ltd. Address before: 226200 Jiangsu city of Nantong province Qidong Economic Development Zone No. 666 Lin Yang Lu Patentee before: JIANGSU LINYANG ENERGY Co.,Ltd. |
|
| TR01 | Transfer of patent right |