CN108259429A - A kind of method and system controlled for software distribution - Google Patents
A kind of method and system controlled for software distribution Download PDFInfo
- Publication number
- CN108259429A CN108259429A CN201611245071.3A CN201611245071A CN108259429A CN 108259429 A CN108259429 A CN 108259429A CN 201611245071 A CN201611245071 A CN 201611245071A CN 108259429 A CN108259429 A CN 108259429A
- Authority
- CN
- China
- Prior art keywords
- feature
- software
- caller
- caller information
- authoring program
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
- Stored Programmes (AREA)
Abstract
The present invention relates to a kind of for the method and system that is controlled of software distribution, the method includes:Authoring program extracts software translating feature and caller information, and passes through encryption method and the feature and information are formed encryption message and the feature and information are digitally signed;Comparison request including encryption message and digital signature is sent to feature database by authoring program by network, and request feature database is compared;After feature database obtains comparison request, digital signature is verified, after digital signature is by verification, encryption message is decrypted in feature database, obtains software translating feature and caller information;And feature database compares the software translating feature of acquisition and caller information with pre-stored software translating feature and caller information, when the two is identical, determines that caller has permission calling, feature database returning response, program normal use;When the two differs, authoring program exits.
Description
Technical field
The present invention relates to software control field, and more particularly, to a kind of side controlled for software distribution
Method and system.
Background technology
With the continuous development of computer technology, computer software programs are more and more, for Maintenance Development person and exploitation
The right to use of software is distributed in the interests of quotient, many software vendor's selections using technological means such as software authentication or mandates, so as to
The interests that legalize of software are obtained, if desired for user's purchase modes such as software registration machine or software use authorization number, but with
The development of technology, the situation that software is secondary use and uses is more and more, and many third parties are using various means to having authorized
Software carry out shell adding, it is illegal call, program or module are replaced in modification, are distorted and be locally located or the modes such as contents of program eliminate this
Protection kind to software, so as to achieve the effect that normal use or counterfeit use, and therefrom obtain interests.Such as by for user
Distribute soft ware authorization number, a grant number is generated in advance according to the software that user buys in developer, and when user installation software inputs
Grant number, program can be by online or the grant number is authenticated offline, and grant number then allows user to use by certification, no
Then refuse to use.This method cannot be guaranteed the software not by secondary distribution, i.e. user develops new procedures on this basis, should
The program function of routine call normal authorization, so as to possess the function of authoring program, the interests of authoring program developer are damaged.
Also a kind of situation is exactly that user is needed to provide hardware characteristics when distributing, and this hardware characteristics are specific to authorized user, are opened
Hair manufacturer authorizes product using hardware characteristics, and the software after authorizing in this way can only use in mounting hardware equipment, make
The various inconveniences used into user, such as developer is needed to authorize again after hardware damage.In this case, how to have
Effect protects software secondary distribution, ensures that software will not alter program carry out two by hacker or lawless people after distribution
Secondary distribution becomes a urgent job.In order to meet this protection distributed to software, the legitimate rights and interests of developer are ensured,
It is the problem of this method needs to discuss.
Invention content
In order to solve the above problem existing for background technology, the present invention provides a kind of side controlled for software distribution
Method is used to user be prevented to carry out secondary distribution to the software after the first distribution of software, the method includes:
Authoring program extracts software translating feature and caller information, and passes through encryption method and compile the software of extraction
It translates feature and caller information forms encryption message and carries out digital label to the software translating feature and caller information
Name;
Comparison request including encryption message and digital signature is sent to feature database by authoring program by network, and request is special
Sign library is compared;
After feature database obtains comparison request, digital signature is verified, after digital signature is by verification, feature database pair
Encryption message is decrypted, and obtains software translating feature and caller information;And
Feature database is by the software translating feature of acquisition and caller information and pre-stored software translating feature and calling
Person's information is compared, and when the two is identical, determines that caller has permission calling, feature database returning response, program normally makes
With;When the two differs, authoring program exits.
Further, feature database, the feature are established before authoring program extraction software translating feature and caller information
Library storage authoring program is compiled into the software translating feature after software, allows to call and the calling journey of secondary use authoring program
The caller information and binding software translating feature and caller information of sequence and the feature database establish authoring program and tune
With the incidence relation between program.
Further, the software translating feature includes:Compilation time, compiling content characteristic abstract, compiling file size
With the signing messages for being digitally signed and obtaining to authoring program after compiling, the caller information includes:Caller
The version information of title, the file size of caller and caller.
Further, after feature database obtains comparison request, digital signature is verified, when digital signature is not over testing
During card, degree of authorization exits.
According to another aspect of the present invention, the present invention provides a kind of for the system that is controlled of software distribution, for
User is prevented to carry out secondary distribution to the software after first distribution of software, the system comprises:
Feature database is used to storing the software translating feature after authoring program is compiled into software, allows to call and is secondary
It is authorized using the caller information and binding software translating feature and caller information of the caller of authoring program and foundation
Incidence relation between program and caller;
Feature extraction unit is used to make authoring program extraction software translating feature and caller information;
Feature encryption unit, the software translating feature and caller for being used to extract authoring program by encryption method are believed
Breath forms encryption message and the software translating feature and caller information is digitally signed;Feature communication unit,
It the comparison request including encryption message and digital signature is sent to feature database and asks spy for authoring program to be made to pass through network
Sign library is compared;
Feature decryption unit is used for after feature database obtains comparison request, digital signature is verified, is verified
Afterwards, encryption message is decrypted in feature database, obtains software translating feature and caller information;And
Signature verification unit is used to make feature database by the software translating feature of acquisition and caller information with prestoring
Software translating feature and caller information compared, when the two is identical, determine that caller has permission calling, feature database
Returning response, program normal use, when the two differs, authoring program exits.
Further, the software translating feature in feature database includes compilation time, compiling content characteristic abstract, compiling file
The signing messages and caller information for being digitally signed and obtaining to authoring program after size and compiling include caller
Title, the file size of caller and caller version information.
Further, in feature decryption unit, after feature database obtains comparison request, digital signature is verified, when
When digital signature is not over verification, degree of authorization exits.
Description of the drawings
By reference to the following drawings, exemplary embodiments of the present invention can be more fully understood by:
Fig. 1 is the flow chart of method controlled for software distribution of the specific embodiment of the invention;And
Fig. 2 is the structure chart of system controlled for software distribution of the specific embodiment of the invention.
Specific embodiment
Exemplary embodiments of the present invention are introduced referring now to attached drawing, however, the present invention can use many different shapes
Formula is implemented, and be not limited to the embodiment described herein, and to provide these embodiments be to disclose at large and fully
The present invention, and fully convey the scope of the present invention to person of ordinary skill in the field.Show for what is be illustrated in the accompanying drawings
Term in example property embodiment is not limitation of the invention.In the accompanying drawings, identical cells/elements use identical attached
Icon is remembered.
Unless otherwise indicated, term used herein has person of ordinary skill in the field (including scientific and technical terminology)
It is common to understand meaning.Further it will be understood that with the term that usually used dictionary limits, should be understood as and its
The linguistic context of related field has consistent meaning, and is not construed as Utopian or too formal meaning.
Fig. 1 is the flow chart of method controlled for software distribution of the specific embodiment of the invention.
Authoring program extracts software translating feature and caller information, and passes through encryption method and compile the software of extraction
It translates feature and caller information forms encryption message and carries out digital label to the software translating feature and caller information
Name;
Comparison request including encryption message and digital signature is sent to feature database by authoring program by network, and request is special
Sign library is compared;
After feature database obtains comparison request, digital signature is verified, after digital signature is by verification, feature database pair
Encryption message is decrypted, and obtains software translating feature and caller information;And
Feature database is by the software translating feature of acquisition and caller information and pre-stored software translating feature and calling
Person's information is compared, and when the two is identical, determines that caller has permission calling, feature database returning response, program normally makes
With;When the two differs, authoring program exits.
Preferably, feature database, the feature database are established before authoring program extraction software translating feature and caller information
It stores the software translating feature after authoring program is compiled into software, allow to call the caller of simultaneously secondary use authoring program
Caller information and binding software translating feature and caller information and the feature database establish authoring program and calling
Incidence relation between program.
Preferably, the software translating feature includes:Compilation time, compiling content characteristic abstract, compiling file size and
The signing messages for being digitally signed and obtaining to authoring program after compiling, the caller information include:The name of caller
The version information of title, the file size of caller and caller.
Preferably, after feature database obtains comparison request, digital signature is verified, when digital signature is not over verification
When, degree of authorization exits.
Fig. 2 is the structure chart of system controlled for software distribution of the specific embodiment of the invention.
Feature database is used to storing the software translating feature after authoring program is compiled into software, allows to call and is secondary
It is authorized using the caller information and binding software translating feature and caller information of the caller of authoring program and foundation
Incidence relation between program and caller;
Feature extraction unit is used to make authoring program extraction software translating feature and caller information;
Feature encryption unit, the software translating feature and caller for being used to extract authoring program by encryption method are believed
Breath forms encryption message and the software translating feature and caller information is digitally signed;Feature communication unit,
It the comparison request including encryption message and digital signature is sent to feature database and asks spy for authoring program to be made to pass through network
Sign library is compared;
Feature decryption unit is used for after feature database obtains comparison request, digital signature is verified, is verified
Afterwards, encryption message is decrypted in feature database, obtains software translating feature and caller information;And
Signature verification unit is used to make feature database by the software translating feature of acquisition and caller information with prestoring
Software translating feature and caller information compared, when the two is identical, determine that caller has permission calling, feature database
Returning response, program normal use, when the two differs, authoring program exits.
Preferably, it is big to include compilation time, compiling content characteristic abstract, compiling file for the software translating feature in feature database
The signing messages and caller information for being digitally signed and obtaining to authoring program after small and compiling include caller
The version information of title, the file size of caller and caller.
Preferably, in feature decryption unit, after feature database obtains comparison request, digital signature is verified, works as number
When word signature is not over verification, degree of authorization exits.
By the way that above embodiments describe the present invention.However, it is known in those skilled in the art, as subsidiary
Patent right requirement limited, in addition to the present invention other embodiments disclosed above are equally fallen in the scope of the present invention
It is interior.
Normally, all terms used in the claims are all solved according to them in the common meaning of technical field
It releases, unless in addition clearly being defined wherein.All references " one/described/be somebody's turn to do【Device, component etc.】" all it is opened ground
At least one of described device, component etc. example is construed to, unless otherwise expressly specified.Any method disclosed herein
Step need not all be run with disclosed accurate sequence, unless explicitly stated otherwise.
Claims (7)
1. a kind of method controlled for software distribution, for preventing user to the software after the first distribution of software
Carry out secondary distribution, which is characterized in that the method includes:
Authoring program extracts software translating feature and caller information, and it is special by the software translating of extraction to pass through encryption method
Caller information of seeking peace forms encryption message and the software translating feature and caller information is digitally signed;
Comparison request including encryption message and digital signature is sent to feature database by authoring program by network, asks feature database
It is compared;
After feature database obtains comparison request, digital signature is verified, after digital signature is by verification, feature database is to encryption
Message is decrypted, and obtains software translating feature and caller information;And
Feature database believes the software translating feature of acquisition and caller information with pre-stored software translating feature and caller
Breath is compared, and when the two is identical, determines that caller has permission calling, feature database returning response, program normal use;When
When the two differs, authoring program exits.
2. according to the method described in claim 1, it is characterized in that, authoring program extraction software translating feature and caller information
Establish feature database before, the feature library storage authoring program is compiled into the software translating feature after software, allows to call simultaneously
The caller information and binding software translating feature and caller information of the caller of secondary use authoring program, Yi Jisuo
It states feature database and establishes incidence relation between authoring program and caller.
3. according to the method described in claim 1, it is characterized in that, the software translating feature includes:In compilation time, compiling
The signing messages for being digitally signed and obtaining to authoring program after holding feature extraction, compiling file size and compiling, the tune
User's information includes:The version information of the title of caller, the file size of caller and caller.
4. according to the method described in claim 1, it is characterized in that, feature database is obtained after comparing request, to digital signature progress
Verification, when digital signature is not over verification, degree of authorization exits.
5. a kind of system controlled for software distribution, for preventing user to the software after the first distribution of software
Carry out secondary distribution, which is characterized in that the system comprises:
Feature database is used to store the software translating feature after authoring program is compiled into software, allows to call simultaneously secondary use
The caller information of the caller of authoring program and binding software translating feature and caller information and establish authoring program
Incidence relation between caller;
Feature extraction unit is used to make authoring program extraction software translating feature and caller information;
Feature encryption unit is used for the software translating feature for extracting authoring program by encryption method and caller information shape
Into encryption message and the software translating feature and caller information are digitally signed;Feature communication unit, is used for
Authoring program is made to pass through network the comparison request including encryption message and digital signature is sent to feature database and asks feature database
It is compared;
Feature decryption unit is used for after feature database obtains comparison request, digital signature is verified, after being verified,
Encryption message is decrypted in feature database, obtains software translating feature and caller information;And
Signature verification unit, be used to making feature database by the software translating feature of acquisition and caller information with it is pre-stored soft
Part compiles feature and caller information is compared, and when the two is identical, determines that caller has permission calling, feature database returns
Response, program normal use, when the two differs, authoring program exits.
6. system according to claim 5, which is characterized in that software translating feature in feature database include compilation time,
The signing messages for being digitally signed and obtaining to authoring program after compiling content characteristic abstract, compiling file size and compiling,
And the version information of title of the caller information including caller, the file size of caller and caller.
7. system according to claim 5, which is characterized in that in feature decryption unit, asked when feature database obtains comparison
Afterwards, digital signature is verified, when digital signature is not over verification, degree of authorization exits.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611245071.3A CN108259429B (en) | 2016-12-29 | 2016-12-29 | Method and system for controlling software distribution |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611245071.3A CN108259429B (en) | 2016-12-29 | 2016-12-29 | Method and system for controlling software distribution |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108259429A true CN108259429A (en) | 2018-07-06 |
CN108259429B CN108259429B (en) | 2021-01-29 |
Family
ID=62719914
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611245071.3A Active CN108259429B (en) | 2016-12-29 | 2016-12-29 | Method and system for controlling software distribution |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108259429B (en) |
Citations (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1987715A (en) * | 2005-12-19 | 2007-06-27 | 普天信息技术研究院 | Method for protecting software |
CN101408917A (en) * | 2008-10-22 | 2009-04-15 | 厦门市美亚柏科资讯科技有限公司 | Method and system for detecting application program behavior legality |
CN101430749A (en) * | 2008-10-31 | 2009-05-13 | 金蝶软件(中国)有限公司 | Software permission monitoring method, system and electronic equipment |
CN102024120A (en) * | 2009-09-18 | 2011-04-20 | 无锡安腾软件开发有限公司 | Method for using digital signature to detect falsification possibility of software |
CN103246848A (en) * | 2013-03-26 | 2013-08-14 | 北京深思数盾科技有限公司 | Software security protection method and equipment |
US20140013429A1 (en) * | 2011-11-29 | 2014-01-09 | Tencent Technology (Shenzhen) Company Limited | Method for processing an operating application program and device for the same |
CN103560883A (en) * | 2013-10-30 | 2014-02-05 | 南京邮电大学 | Safety identification method, between android application programs, based on user right |
CN103888410A (en) * | 2012-12-19 | 2014-06-25 | 卓望数码技术(深圳)有限公司 | Application authentication method and system |
CN103957189A (en) * | 2014-03-28 | 2014-07-30 | 北界创想(北京)软件有限公司 | Application program interaction method and device |
CN104392151A (en) * | 2014-11-27 | 2015-03-04 | 北京深思数盾科技有限公司 | Software protection method and system |
CN104462980A (en) * | 2014-12-30 | 2015-03-25 | 北京奇虎科技有限公司 | Authority management method, device and system of application programs and mobile terminal |
CN105472605A (en) * | 2014-08-15 | 2016-04-06 | 中国电信股份有限公司 | Mobile phone application calling authentication method, multifunctional universal smart card and mobile terminal |
CN105631249A (en) * | 2014-10-30 | 2016-06-01 | 江苏威盾网络科技有限公司 | Distributed software controllable authorization system and method |
CN106209746A (en) * | 2015-05-07 | 2016-12-07 | 阿里巴巴集团控股有限公司 | A kind of safety service provides method and server |
-
2016
- 2016-12-29 CN CN201611245071.3A patent/CN108259429B/en active Active
Patent Citations (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1987715A (en) * | 2005-12-19 | 2007-06-27 | 普天信息技术研究院 | Method for protecting software |
CN101408917A (en) * | 2008-10-22 | 2009-04-15 | 厦门市美亚柏科资讯科技有限公司 | Method and system for detecting application program behavior legality |
CN101430749A (en) * | 2008-10-31 | 2009-05-13 | 金蝶软件(中国)有限公司 | Software permission monitoring method, system and electronic equipment |
CN102024120A (en) * | 2009-09-18 | 2011-04-20 | 无锡安腾软件开发有限公司 | Method for using digital signature to detect falsification possibility of software |
US20140013429A1 (en) * | 2011-11-29 | 2014-01-09 | Tencent Technology (Shenzhen) Company Limited | Method for processing an operating application program and device for the same |
CN103888410A (en) * | 2012-12-19 | 2014-06-25 | 卓望数码技术(深圳)有限公司 | Application authentication method and system |
CN103246848A (en) * | 2013-03-26 | 2013-08-14 | 北京深思数盾科技有限公司 | Software security protection method and equipment |
CN103560883A (en) * | 2013-10-30 | 2014-02-05 | 南京邮电大学 | Safety identification method, between android application programs, based on user right |
CN103957189A (en) * | 2014-03-28 | 2014-07-30 | 北界创想(北京)软件有限公司 | Application program interaction method and device |
CN105472605A (en) * | 2014-08-15 | 2016-04-06 | 中国电信股份有限公司 | Mobile phone application calling authentication method, multifunctional universal smart card and mobile terminal |
CN105631249A (en) * | 2014-10-30 | 2016-06-01 | 江苏威盾网络科技有限公司 | Distributed software controllable authorization system and method |
CN104392151A (en) * | 2014-11-27 | 2015-03-04 | 北京深思数盾科技有限公司 | Software protection method and system |
CN104462980A (en) * | 2014-12-30 | 2015-03-25 | 北京奇虎科技有限公司 | Authority management method, device and system of application programs and mobile terminal |
CN106209746A (en) * | 2015-05-07 | 2016-12-07 | 阿里巴巴集团控股有限公司 | A kind of safety service provides method and server |
Also Published As
Publication number | Publication date |
---|---|
CN108259429B (en) | 2021-01-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7899187B2 (en) | Domain-based digital-rights management system with easy and secure device enrollment | |
JP5065911B2 (en) | Private and controlled ownership sharing | |
CN111404696B (en) | Collaborative signature method, security service middleware, related platform and system | |
US9306954B2 (en) | Apparatus, systems and method for virtual desktop access and management | |
CN105516104A (en) | Identity verification method and system of dynamic password based on TEE (Trusted execution environment) | |
US20040088541A1 (en) | Digital-rights management system | |
CN100490387C (en) | Token-based fine granularity access control system and method for application server | |
CN105408912A (en) | Process authentication and resource permissions | |
CN103098068A (en) | Method and apparatus for an ephemeral trusted device | |
KR101724401B1 (en) | Certification System for Using Biometrics and Certification Method for Using Key Sharing and Recording medium Storing a Program to Implement the Method | |
CN104798083A (en) | Method and system for verifying an access request | |
CN103390122B (en) | Application program transmitting method, application program operating method, sever and terminal | |
CN109922027A (en) | A kind of trusted identity authentication method, terminal and storage medium | |
EP3029879A1 (en) | Information processing device, information processing method, and computer program | |
CN107040520A (en) | A kind of cloud computing data-sharing systems and method | |
CN107194237A (en) | Method, device, computer equipment and the storage medium of application security certification | |
CN107180173A (en) | unlocking method and device | |
CN105430649B (en) | WIFI cut-in method and equipment | |
JP5781678B1 (en) | Electronic data utilization system, portable terminal device, and method in electronic data utilization system | |
CN110287725A (en) | A kind of equipment and its authority control method, computer readable storage medium | |
KR20200115902A (en) | Method for Providing Secret Security Processing by using Smart Contract | |
CN108259429A (en) | A kind of method and system controlled for software distribution | |
KR101208617B1 (en) | Apparatus for sharing single certificate of multi application and method thereof | |
CN110008761A (en) | A kind of privacy information camouflage method | |
EP3048776B1 (en) | Methods for managing content, computer program products and secure element |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right | ||
TR01 | Transfer of patent right |
Effective date of registration: 20220216 Address after: 518054 room A06, podium building, 4th floor, 11a, building 11, Shenzhen Bay ecological science and Technology Park, Yuehai street, Shenzhen, Guangdong Patentee after: Aerospace network security technology (Shenzhen) Co.,Ltd. Address before: 100195 Aerospace Information Park, No.18, xingshikou Road, Haidian District, Beijing Patentee before: AISINO Corp. |