CN108259429A - A kind of method and system controlled for software distribution - Google Patents

A kind of method and system controlled for software distribution Download PDF

Info

Publication number
CN108259429A
CN108259429A CN201611245071.3A CN201611245071A CN108259429A CN 108259429 A CN108259429 A CN 108259429A CN 201611245071 A CN201611245071 A CN 201611245071A CN 108259429 A CN108259429 A CN 108259429A
Authority
CN
China
Prior art keywords
feature
software
caller
caller information
authoring program
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201611245071.3A
Other languages
Chinese (zh)
Other versions
CN108259429B (en
Inventor
王海涛
张学军
熊林欣
谢宇
张玉魁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Aerospace network security technology (Shenzhen) Co.,Ltd.
Original Assignee
Aisino Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Aisino Corp filed Critical Aisino Corp
Priority to CN201611245071.3A priority Critical patent/CN108259429B/en
Publication of CN108259429A publication Critical patent/CN108259429A/en
Application granted granted Critical
Publication of CN108259429B publication Critical patent/CN108259429B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Stored Programmes (AREA)

Abstract

The present invention relates to a kind of for the method and system that is controlled of software distribution, the method includes:Authoring program extracts software translating feature and caller information, and passes through encryption method and the feature and information are formed encryption message and the feature and information are digitally signed;Comparison request including encryption message and digital signature is sent to feature database by authoring program by network, and request feature database is compared;After feature database obtains comparison request, digital signature is verified, after digital signature is by verification, encryption message is decrypted in feature database, obtains software translating feature and caller information;And feature database compares the software translating feature of acquisition and caller information with pre-stored software translating feature and caller information, when the two is identical, determines that caller has permission calling, feature database returning response, program normal use;When the two differs, authoring program exits.

Description

A kind of method and system controlled for software distribution
Technical field
The present invention relates to software control field, and more particularly, to a kind of side controlled for software distribution Method and system.
Background technology
With the continuous development of computer technology, computer software programs are more and more, for Maintenance Development person and exploitation The right to use of software is distributed in the interests of quotient, many software vendor's selections using technological means such as software authentication or mandates, so as to The interests that legalize of software are obtained, if desired for user's purchase modes such as software registration machine or software use authorization number, but with The development of technology, the situation that software is secondary use and uses is more and more, and many third parties are using various means to having authorized Software carry out shell adding, it is illegal call, program or module are replaced in modification, are distorted and be locally located or the modes such as contents of program eliminate this Protection kind to software, so as to achieve the effect that normal use or counterfeit use, and therefrom obtain interests.Such as by for user Distribute soft ware authorization number, a grant number is generated in advance according to the software that user buys in developer, and when user installation software inputs Grant number, program can be by online or the grant number is authenticated offline, and grant number then allows user to use by certification, no Then refuse to use.This method cannot be guaranteed the software not by secondary distribution, i.e. user develops new procedures on this basis, should The program function of routine call normal authorization, so as to possess the function of authoring program, the interests of authoring program developer are damaged. Also a kind of situation is exactly that user is needed to provide hardware characteristics when distributing, and this hardware characteristics are specific to authorized user, are opened Hair manufacturer authorizes product using hardware characteristics, and the software after authorizing in this way can only use in mounting hardware equipment, make The various inconveniences used into user, such as developer is needed to authorize again after hardware damage.In this case, how to have Effect protects software secondary distribution, ensures that software will not alter program carry out two by hacker or lawless people after distribution Secondary distribution becomes a urgent job.In order to meet this protection distributed to software, the legitimate rights and interests of developer are ensured, It is the problem of this method needs to discuss.
Invention content
In order to solve the above problem existing for background technology, the present invention provides a kind of side controlled for software distribution Method is used to user be prevented to carry out secondary distribution to the software after the first distribution of software, the method includes:
Authoring program extracts software translating feature and caller information, and passes through encryption method and compile the software of extraction It translates feature and caller information forms encryption message and carries out digital label to the software translating feature and caller information Name;
Comparison request including encryption message and digital signature is sent to feature database by authoring program by network, and request is special Sign library is compared;
After feature database obtains comparison request, digital signature is verified, after digital signature is by verification, feature database pair Encryption message is decrypted, and obtains software translating feature and caller information;And
Feature database is by the software translating feature of acquisition and caller information and pre-stored software translating feature and calling Person's information is compared, and when the two is identical, determines that caller has permission calling, feature database returning response, program normally makes With;When the two differs, authoring program exits.
Further, feature database, the feature are established before authoring program extraction software translating feature and caller information Library storage authoring program is compiled into the software translating feature after software, allows to call and the calling journey of secondary use authoring program The caller information and binding software translating feature and caller information of sequence and the feature database establish authoring program and tune With the incidence relation between program.
Further, the software translating feature includes:Compilation time, compiling content characteristic abstract, compiling file size With the signing messages for being digitally signed and obtaining to authoring program after compiling, the caller information includes:Caller The version information of title, the file size of caller and caller.
Further, after feature database obtains comparison request, digital signature is verified, when digital signature is not over testing During card, degree of authorization exits.
According to another aspect of the present invention, the present invention provides a kind of for the system that is controlled of software distribution, for User is prevented to carry out secondary distribution to the software after first distribution of software, the system comprises:
Feature database is used to storing the software translating feature after authoring program is compiled into software, allows to call and is secondary It is authorized using the caller information and binding software translating feature and caller information of the caller of authoring program and foundation Incidence relation between program and caller;
Feature extraction unit is used to make authoring program extraction software translating feature and caller information;
Feature encryption unit, the software translating feature and caller for being used to extract authoring program by encryption method are believed Breath forms encryption message and the software translating feature and caller information is digitally signed;Feature communication unit, It the comparison request including encryption message and digital signature is sent to feature database and asks spy for authoring program to be made to pass through network Sign library is compared;
Feature decryption unit is used for after feature database obtains comparison request, digital signature is verified, is verified Afterwards, encryption message is decrypted in feature database, obtains software translating feature and caller information;And
Signature verification unit is used to make feature database by the software translating feature of acquisition and caller information with prestoring Software translating feature and caller information compared, when the two is identical, determine that caller has permission calling, feature database Returning response, program normal use, when the two differs, authoring program exits.
Further, the software translating feature in feature database includes compilation time, compiling content characteristic abstract, compiling file The signing messages and caller information for being digitally signed and obtaining to authoring program after size and compiling include caller Title, the file size of caller and caller version information.
Further, in feature decryption unit, after feature database obtains comparison request, digital signature is verified, when When digital signature is not over verification, degree of authorization exits.
Description of the drawings
By reference to the following drawings, exemplary embodiments of the present invention can be more fully understood by:
Fig. 1 is the flow chart of method controlled for software distribution of the specific embodiment of the invention;And
Fig. 2 is the structure chart of system controlled for software distribution of the specific embodiment of the invention.
Specific embodiment
Exemplary embodiments of the present invention are introduced referring now to attached drawing, however, the present invention can use many different shapes Formula is implemented, and be not limited to the embodiment described herein, and to provide these embodiments be to disclose at large and fully The present invention, and fully convey the scope of the present invention to person of ordinary skill in the field.Show for what is be illustrated in the accompanying drawings Term in example property embodiment is not limitation of the invention.In the accompanying drawings, identical cells/elements use identical attached Icon is remembered.
Unless otherwise indicated, term used herein has person of ordinary skill in the field (including scientific and technical terminology) It is common to understand meaning.Further it will be understood that with the term that usually used dictionary limits, should be understood as and its The linguistic context of related field has consistent meaning, and is not construed as Utopian or too formal meaning.
Fig. 1 is the flow chart of method controlled for software distribution of the specific embodiment of the invention.
Authoring program extracts software translating feature and caller information, and passes through encryption method and compile the software of extraction It translates feature and caller information forms encryption message and carries out digital label to the software translating feature and caller information Name;
Comparison request including encryption message and digital signature is sent to feature database by authoring program by network, and request is special Sign library is compared;
After feature database obtains comparison request, digital signature is verified, after digital signature is by verification, feature database pair Encryption message is decrypted, and obtains software translating feature and caller information;And
Feature database is by the software translating feature of acquisition and caller information and pre-stored software translating feature and calling Person's information is compared, and when the two is identical, determines that caller has permission calling, feature database returning response, program normally makes With;When the two differs, authoring program exits.
Preferably, feature database, the feature database are established before authoring program extraction software translating feature and caller information It stores the software translating feature after authoring program is compiled into software, allow to call the caller of simultaneously secondary use authoring program Caller information and binding software translating feature and caller information and the feature database establish authoring program and calling Incidence relation between program.
Preferably, the software translating feature includes:Compilation time, compiling content characteristic abstract, compiling file size and The signing messages for being digitally signed and obtaining to authoring program after compiling, the caller information include:The name of caller The version information of title, the file size of caller and caller.
Preferably, after feature database obtains comparison request, digital signature is verified, when digital signature is not over verification When, degree of authorization exits.
Fig. 2 is the structure chart of system controlled for software distribution of the specific embodiment of the invention.
Feature database is used to storing the software translating feature after authoring program is compiled into software, allows to call and is secondary It is authorized using the caller information and binding software translating feature and caller information of the caller of authoring program and foundation Incidence relation between program and caller;
Feature extraction unit is used to make authoring program extraction software translating feature and caller information;
Feature encryption unit, the software translating feature and caller for being used to extract authoring program by encryption method are believed Breath forms encryption message and the software translating feature and caller information is digitally signed;Feature communication unit, It the comparison request including encryption message and digital signature is sent to feature database and asks spy for authoring program to be made to pass through network Sign library is compared;
Feature decryption unit is used for after feature database obtains comparison request, digital signature is verified, is verified Afterwards, encryption message is decrypted in feature database, obtains software translating feature and caller information;And
Signature verification unit is used to make feature database by the software translating feature of acquisition and caller information with prestoring Software translating feature and caller information compared, when the two is identical, determine that caller has permission calling, feature database Returning response, program normal use, when the two differs, authoring program exits.
Preferably, it is big to include compilation time, compiling content characteristic abstract, compiling file for the software translating feature in feature database The signing messages and caller information for being digitally signed and obtaining to authoring program after small and compiling include caller The version information of title, the file size of caller and caller.
Preferably, in feature decryption unit, after feature database obtains comparison request, digital signature is verified, works as number When word signature is not over verification, degree of authorization exits.
By the way that above embodiments describe the present invention.However, it is known in those skilled in the art, as subsidiary Patent right requirement limited, in addition to the present invention other embodiments disclosed above are equally fallen in the scope of the present invention It is interior.
Normally, all terms used in the claims are all solved according to them in the common meaning of technical field It releases, unless in addition clearly being defined wherein.All references " one/described/be somebody's turn to do【Device, component etc.】" all it is opened ground At least one of described device, component etc. example is construed to, unless otherwise expressly specified.Any method disclosed herein Step need not all be run with disclosed accurate sequence, unless explicitly stated otherwise.

Claims (7)

1. a kind of method controlled for software distribution, for preventing user to the software after the first distribution of software Carry out secondary distribution, which is characterized in that the method includes:
Authoring program extracts software translating feature and caller information, and it is special by the software translating of extraction to pass through encryption method Caller information of seeking peace forms encryption message and the software translating feature and caller information is digitally signed;
Comparison request including encryption message and digital signature is sent to feature database by authoring program by network, asks feature database It is compared;
After feature database obtains comparison request, digital signature is verified, after digital signature is by verification, feature database is to encryption Message is decrypted, and obtains software translating feature and caller information;And
Feature database believes the software translating feature of acquisition and caller information with pre-stored software translating feature and caller Breath is compared, and when the two is identical, determines that caller has permission calling, feature database returning response, program normal use;When When the two differs, authoring program exits.
2. according to the method described in claim 1, it is characterized in that, authoring program extraction software translating feature and caller information Establish feature database before, the feature library storage authoring program is compiled into the software translating feature after software, allows to call simultaneously The caller information and binding software translating feature and caller information of the caller of secondary use authoring program, Yi Jisuo It states feature database and establishes incidence relation between authoring program and caller.
3. according to the method described in claim 1, it is characterized in that, the software translating feature includes:In compilation time, compiling The signing messages for being digitally signed and obtaining to authoring program after holding feature extraction, compiling file size and compiling, the tune User's information includes:The version information of the title of caller, the file size of caller and caller.
4. according to the method described in claim 1, it is characterized in that, feature database is obtained after comparing request, to digital signature progress Verification, when digital signature is not over verification, degree of authorization exits.
5. a kind of system controlled for software distribution, for preventing user to the software after the first distribution of software Carry out secondary distribution, which is characterized in that the system comprises:
Feature database is used to store the software translating feature after authoring program is compiled into software, allows to call simultaneously secondary use The caller information of the caller of authoring program and binding software translating feature and caller information and establish authoring program Incidence relation between caller;
Feature extraction unit is used to make authoring program extraction software translating feature and caller information;
Feature encryption unit is used for the software translating feature for extracting authoring program by encryption method and caller information shape Into encryption message and the software translating feature and caller information are digitally signed;Feature communication unit, is used for Authoring program is made to pass through network the comparison request including encryption message and digital signature is sent to feature database and asks feature database It is compared;
Feature decryption unit is used for after feature database obtains comparison request, digital signature is verified, after being verified, Encryption message is decrypted in feature database, obtains software translating feature and caller information;And
Signature verification unit, be used to making feature database by the software translating feature of acquisition and caller information with it is pre-stored soft Part compiles feature and caller information is compared, and when the two is identical, determines that caller has permission calling, feature database returns Response, program normal use, when the two differs, authoring program exits.
6. system according to claim 5, which is characterized in that software translating feature in feature database include compilation time, The signing messages for being digitally signed and obtaining to authoring program after compiling content characteristic abstract, compiling file size and compiling, And the version information of title of the caller information including caller, the file size of caller and caller.
7. system according to claim 5, which is characterized in that in feature decryption unit, asked when feature database obtains comparison Afterwards, digital signature is verified, when digital signature is not over verification, degree of authorization exits.
CN201611245071.3A 2016-12-29 2016-12-29 Method and system for controlling software distribution Active CN108259429B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611245071.3A CN108259429B (en) 2016-12-29 2016-12-29 Method and system for controlling software distribution

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611245071.3A CN108259429B (en) 2016-12-29 2016-12-29 Method and system for controlling software distribution

Publications (2)

Publication Number Publication Date
CN108259429A true CN108259429A (en) 2018-07-06
CN108259429B CN108259429B (en) 2021-01-29

Family

ID=62719914

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611245071.3A Active CN108259429B (en) 2016-12-29 2016-12-29 Method and system for controlling software distribution

Country Status (1)

Country Link
CN (1) CN108259429B (en)

Citations (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1987715A (en) * 2005-12-19 2007-06-27 普天信息技术研究院 Method for protecting software
CN101408917A (en) * 2008-10-22 2009-04-15 厦门市美亚柏科资讯科技有限公司 Method and system for detecting application program behavior legality
CN101430749A (en) * 2008-10-31 2009-05-13 金蝶软件(中国)有限公司 Software permission monitoring method, system and electronic equipment
CN102024120A (en) * 2009-09-18 2011-04-20 无锡安腾软件开发有限公司 Method for using digital signature to detect falsification possibility of software
CN103246848A (en) * 2013-03-26 2013-08-14 北京深思数盾科技有限公司 Software security protection method and equipment
US20140013429A1 (en) * 2011-11-29 2014-01-09 Tencent Technology (Shenzhen) Company Limited Method for processing an operating application program and device for the same
CN103560883A (en) * 2013-10-30 2014-02-05 南京邮电大学 Safety identification method, between android application programs, based on user right
CN103888410A (en) * 2012-12-19 2014-06-25 卓望数码技术(深圳)有限公司 Application authentication method and system
CN103957189A (en) * 2014-03-28 2014-07-30 北界创想(北京)软件有限公司 Application program interaction method and device
CN104392151A (en) * 2014-11-27 2015-03-04 北京深思数盾科技有限公司 Software protection method and system
CN104462980A (en) * 2014-12-30 2015-03-25 北京奇虎科技有限公司 Authority management method, device and system of application programs and mobile terminal
CN105472605A (en) * 2014-08-15 2016-04-06 中国电信股份有限公司 Mobile phone application calling authentication method, multifunctional universal smart card and mobile terminal
CN105631249A (en) * 2014-10-30 2016-06-01 江苏威盾网络科技有限公司 Distributed software controllable authorization system and method
CN106209746A (en) * 2015-05-07 2016-12-07 阿里巴巴集团控股有限公司 A kind of safety service provides method and server

Patent Citations (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1987715A (en) * 2005-12-19 2007-06-27 普天信息技术研究院 Method for protecting software
CN101408917A (en) * 2008-10-22 2009-04-15 厦门市美亚柏科资讯科技有限公司 Method and system for detecting application program behavior legality
CN101430749A (en) * 2008-10-31 2009-05-13 金蝶软件(中国)有限公司 Software permission monitoring method, system and electronic equipment
CN102024120A (en) * 2009-09-18 2011-04-20 无锡安腾软件开发有限公司 Method for using digital signature to detect falsification possibility of software
US20140013429A1 (en) * 2011-11-29 2014-01-09 Tencent Technology (Shenzhen) Company Limited Method for processing an operating application program and device for the same
CN103888410A (en) * 2012-12-19 2014-06-25 卓望数码技术(深圳)有限公司 Application authentication method and system
CN103246848A (en) * 2013-03-26 2013-08-14 北京深思数盾科技有限公司 Software security protection method and equipment
CN103560883A (en) * 2013-10-30 2014-02-05 南京邮电大学 Safety identification method, between android application programs, based on user right
CN103957189A (en) * 2014-03-28 2014-07-30 北界创想(北京)软件有限公司 Application program interaction method and device
CN105472605A (en) * 2014-08-15 2016-04-06 中国电信股份有限公司 Mobile phone application calling authentication method, multifunctional universal smart card and mobile terminal
CN105631249A (en) * 2014-10-30 2016-06-01 江苏威盾网络科技有限公司 Distributed software controllable authorization system and method
CN104392151A (en) * 2014-11-27 2015-03-04 北京深思数盾科技有限公司 Software protection method and system
CN104462980A (en) * 2014-12-30 2015-03-25 北京奇虎科技有限公司 Authority management method, device and system of application programs and mobile terminal
CN106209746A (en) * 2015-05-07 2016-12-07 阿里巴巴集团控股有限公司 A kind of safety service provides method and server

Also Published As

Publication number Publication date
CN108259429B (en) 2021-01-29

Similar Documents

Publication Publication Date Title
US7899187B2 (en) Domain-based digital-rights management system with easy and secure device enrollment
JP5065911B2 (en) Private and controlled ownership sharing
CN111404696B (en) Collaborative signature method, security service middleware, related platform and system
US9306954B2 (en) Apparatus, systems and method for virtual desktop access and management
CN105516104A (en) Identity verification method and system of dynamic password based on TEE (Trusted execution environment)
US20040088541A1 (en) Digital-rights management system
CN100490387C (en) Token-based fine granularity access control system and method for application server
CN105408912A (en) Process authentication and resource permissions
CN103098068A (en) Method and apparatus for an ephemeral trusted device
KR101724401B1 (en) Certification System for Using Biometrics and Certification Method for Using Key Sharing and Recording medium Storing a Program to Implement the Method
CN104798083A (en) Method and system for verifying an access request
CN103390122B (en) Application program transmitting method, application program operating method, sever and terminal
CN109922027A (en) A kind of trusted identity authentication method, terminal and storage medium
EP3029879A1 (en) Information processing device, information processing method, and computer program
CN107040520A (en) A kind of cloud computing data-sharing systems and method
CN107194237A (en) Method, device, computer equipment and the storage medium of application security certification
CN107180173A (en) unlocking method and device
CN105430649B (en) WIFI cut-in method and equipment
JP5781678B1 (en) Electronic data utilization system, portable terminal device, and method in electronic data utilization system
CN110287725A (en) A kind of equipment and its authority control method, computer readable storage medium
KR20200115902A (en) Method for Providing Secret Security Processing by using Smart Contract
CN108259429A (en) A kind of method and system controlled for software distribution
KR101208617B1 (en) Apparatus for sharing single certificate of multi application and method thereof
CN110008761A (en) A kind of privacy information camouflage method
EP3048776B1 (en) Methods for managing content, computer program products and secure element

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20220216

Address after: 518054 room A06, podium building, 4th floor, 11a, building 11, Shenzhen Bay ecological science and Technology Park, Yuehai street, Shenzhen, Guangdong

Patentee after: Aerospace network security technology (Shenzhen) Co.,Ltd.

Address before: 100195 Aerospace Information Park, No.18, xingshikou Road, Haidian District, Beijing

Patentee before: AISINO Corp.