CN109344569B - Software use authorization method and system - Google Patents
Software use authorization method and system Download PDFInfo
- Publication number
- CN109344569B CN109344569B CN201811141163.6A CN201811141163A CN109344569B CN 109344569 B CN109344569 B CN 109344569B CN 201811141163 A CN201811141163 A CN 201811141163A CN 109344569 B CN109344569 B CN 109344569B
- Authority
- CN
- China
- Prior art keywords
- user
- client
- target software
- software
- authorization
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000013475 authorization Methods 0.000 title claims abstract description 189
- 238000000034 method Methods 0.000 title claims abstract description 33
- 230000007246 mechanism Effects 0.000 claims abstract description 58
- 230000004913 activation Effects 0.000 claims description 36
- 230000006870 function Effects 0.000 claims description 15
- 238000012545 processing Methods 0.000 claims description 9
- 230000005236 sound signal Effects 0.000 claims description 4
- 230000009467 reduction Effects 0.000 claims description 3
- 238000012790 confirmation Methods 0.000 claims description 2
- 238000010586 diagram Methods 0.000 description 13
- 238000004590 computer program Methods 0.000 description 6
- 230000008901 benefit Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000013507 mapping Methods 0.000 description 2
- 230000003213 activating effect Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/105—Arrangements for software license management or administration, e.g. for managing licenses at corporate level
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention discloses an authorization method and system for software use, which obtains client characteristics generated by a target software program operated by a client through an internal software authorization mechanism; wherein the customer characteristics include: customer hardware characteristics, customer software characteristics, and customer user attribute characteristics; generating authorization information aiming at different user attribute characteristics according to the acquired client characteristics; returning the generated authorization information to the authorization software, and controlling the use permission of the user to the target software according to the corresponding authorization information; the purpose of finely controlling the software use authorization based on the user attribute characteristics is achieved, the flexibility is improved, and the software authorization is more targeted.
Description
Technical Field
The invention relates to the technical field of information security, in particular to an authorization method and an authorization system for software use.
Background
In the software industry, software developers use various methods and techniques to protect software in order to maintain their own interests, so that users need to be authorized to use the software normally. Currently, common software protection technologies are classified into hardware authorization and software authorization. The hardware authorization uses additional hardware products (such as bus devices of USB, Ukey and the like), the safety is high, but the general use cost is high. Software authorization can be divided into online and offline, and the security of the software authorization is lower than that of hardware authorization. The online authorization relies on the Internet, so that the dynamic control and online activation of the authorization can be realized, but the offline authorization is not influenced when the use scene is limited.
At present, most of authorization methods used by software are relatively general and are not fine enough; for example, the authorization of the same company has the same use authority no matter the position of the user; this does not take advantage of corporate control over software usage rights.
Disclosure of Invention
The invention provides a software use authorization method and a software use authorization system, which are used for finely controlling the use authorization of software so that the control of software authorization is more targeted.
The invention provides a software use authorization method, which comprises the following steps:
the internal authorization mechanism of the target software acquires the client characteristics generated when the client runs the target software program; wherein the customer characteristics include: customer hardware characteristics, customer software characteristics, and customer user attribute characteristics;
generating authorization information aiming at different user attribute characteristics according to the acquired client characteristics;
and returning the generated authorization information to the target software, and controlling the use permission of the user to the target software according to the corresponding authorization information.
Preferably, the client feature further comprises: the client runs the random variable of the client server system environment corresponding to the target software program;
the client characteristics obtained by the target software internal authorization mechanism are generated by the client running the target software program, and the target software internal authorization mechanism performs the following operations:
acquiring client hardware characteristics, client software characteristics and user attribute characteristics, and acquiring a client server system environment random variable corresponding to a client running a target software program; wherein the guest hardware features include: CPU serial number, hard disk serial number, mainboard serial number and/or MAC address; the client software features include: operating system information, operating system serial number, and/or current installed software version number; the user attribute features include: the position grade of the user in the enterprise, the time length of the user entering the job, the total working year of the user and the department to which the user belongs; the client server system environment random variables include: obtaining the current system time of the client server and/or the geographical position of the client server;
generating a terminal attribute characteristic A by utilizing the client hardware characteristic and the client software characteristic;
encrypting the terminal attribute characteristic A by using the client environment random variable to obtain a terminal attribute characteristic B;
and serializing the terminal attribute characteristics B and the user attribute characteristics by utilizing a first serialization mode to obtain corresponding client characteristics.
Preferably, the generating authorization information for different user attribute features according to the extracted client features includes:
the internal authorization mechanism of the target software performs reduction processing on the client characteristics by utilizing a first deserialization mode to obtain a terminal attribute characteristic B and a user attribute characteristic corresponding to the client;
determining a data access range of the target software according to the user attribute characteristics;
acquiring a server system environment random variable corresponding to an internal authorization mechanism of the target software, and generating corresponding authorization information by using the terminal attribute characteristic B and the server system environment random variable according to the data access range;
wherein the server system environment random variable comprises: a generation time stamp of the authorization information.
Preferably, the determining the data access range of the target software according to the user attribute features includes:
analyzing the extracted user attribute information to obtain a user role corresponding to the user attribute information;
and searching a pre-stored user role and user use permission configuration table according to the acquired user role, and acquiring the data access range of the target software corresponding to the user role.
Preferably, the generating corresponding authorization information includes:
determining the use validity period of the target software and the activation complexity level of the target software according to the user attribute characteristics;
selecting an activation mode matched with the activation complexity level according to the activation complexity level of the target software;
and writing the use validity period of the target software and the selected activation mode into the authorization information.
Corresponding to the software use authorization method provided by the embodiment, the embodiment of the invention also provides a software use authorization system, wherein the software use authorization system comprises a target software internal authorization mechanism; wherein the target software internal authorization mechanism comprises:
the acquisition module is used for acquiring client characteristics generated by a client running a target software program; wherein the customer characteristics include: customer hardware characteristics, customer software characteristics, and customer user attribute characteristics;
the generating module is used for generating authorization information aiming at different user attribute characteristics according to the acquired client characteristics;
and the authorization module is used for returning the generated authorization information to the target software and controlling the use permission of the user on the target software according to the corresponding authorization information.
Preferably, the client feature further comprises: the client runs the random variable of the client server system environment corresponding to the target software program; the client characteristics obtained by the internal authorization mechanism of the target software are generated by the target software program run by the client server;
the software usage authorization system further comprises a target software internal authorization module, which is used for:
acquiring client hardware characteristics, client software characteristics and user attribute characteristics, and acquiring a client server system environment random variable corresponding to a client running a target software program; wherein the guest hardware features include: CPU serial number, hard disk serial number, mainboard serial number and/or MAC address; the client software features include: operating system information, operating system serial number, and/or current installed software version number; the user attribute features include: the position grade of the user in the enterprise, the time length of the user entering the job, the total working year of the user and the department to which the user belongs; the client server system environment random variables include: obtaining the current system time of the client server and/or the geographical position of the client server;
generating a terminal attribute characteristic A by utilizing the client hardware characteristic and the client software characteristic;
encrypting the terminal attribute characteristic A by using the client environment random variable to obtain a terminal attribute characteristic B;
and serializing the terminal attribute characteristics B and the user attribute characteristics by utilizing a first serialization mode to obtain corresponding client characteristics.
Preferably, the target software internal authorization mechanism is further configured to:
restoring the client characteristics by using a first deserialization mode to obtain a terminal attribute characteristic B and a user attribute characteristic corresponding to the client;
determining a data access range of the target software according to the user attribute characteristics;
acquiring a server system environment random variable corresponding to target software, and generating corresponding authorization information by using the terminal attribute characteristic B and the server environment random variable according to the data access range;
wherein the server system environment random variable comprises: a generation time stamp of the authorization information.
Preferably, the target software internal authorization mechanism is further configured to:
analyzing the extracted user attribute information to obtain a user role corresponding to the user attribute information;
and searching a pre-stored user role and user use permission configuration table according to the acquired user role, and acquiring the data access range of the target software corresponding to the user role.
Preferably, the target software internal authorization mechanism is further configured to:
determining the use validity period of the target software and the activation complexity level of the target software according to the user attribute characteristics;
selecting an activation mode matched with the activation complexity level according to the activation complexity level of the target software;
and writing the use validity period of the target software and the selected activation mode into the authorization information.
The authorization method and the system for software use can achieve the following beneficial effects:
acquiring client characteristics generated by a client running a target software program through an internal authorization mechanism of the target software; wherein the customer characteristics include: customer hardware characteristics, customer software characteristics, and customer user attribute characteristics; generating authorization information aiming at different user attribute characteristics according to the acquired client characteristics; returning the generated authorization information to the target software, and controlling the use permission of the user to the target software according to the corresponding authorization information; the purpose of finely controlling the software use authorization based on the user attribute characteristics is achieved, the flexibility is improved, and the software authorization is more targeted.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
The technical solution of the present invention is further described below by means of the accompanying drawings and examples.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the principles of the invention and not to limit the invention. In the drawings:
FIG. 1 is a flow diagram of one embodiment of a method for authorizing software use in accordance with the present invention;
FIG. 2 is a functional block diagram of one embodiment of an authorization system for software use in accordance with the present invention;
fig. 3 is a functional block diagram of another embodiment of the authorization system for software use of the present invention.
Detailed Description
The preferred embodiments of the present invention will be described in conjunction with the accompanying drawings, and it will be understood that they are described herein for the purpose of illustration and explanation and not limitation.
The invention provides a software use authorization method and a software use authorization system, which are used for finely controlling the use authorization of software, so that the control of the software authorization is more targeted, and the flexibility of the software use authorization is improved.
FIG. 1 is a flow chart illustrating one embodiment of a method for authorizing software usage of the present invention; the authorization method for software use of the present invention can be implemented as steps S10-S30 described as follows:
step S10, the internal authorization mechanism of the target software acquires the client characteristics generated by the client running the target software program; wherein the customer characteristics include: customer hardware characteristics, customer software characteristics, and customer user attribute characteristics;
in the embodiment of the invention, after the target software is installed on the host machine, the program corresponding to the target software is operated on the host machine, a user triggers and generates a client characteristic request in the target software program, and client characteristics are obtained at a specific function position in the target program; the user's trigger operation is allowed to be invoked when the user accesses the target software program and the target software program has not yet been activated.
The host machine receives a sending instruction triggered by a user and provides the client characteristics to an internal authorization mechanism of the target software. The target software internal authorization mechanism receives client characteristics generated by a target software program run by a client, wherein the client characteristics include but are not limited to: customer hardware characteristics such as CPU serial number, hard disk serial number, motherboard serial number, and/or MAC address; client software features such as operating system information, operating system serial number, and/or current installed software version number, etc.; and user attribute characteristics of the client, such as the position grade of the user in the enterprise, the time length of the user's job, the total working life of the user, the department to which the user belongs, and the like.
Step S20, generating authorization information aiming at different user attribute characteristics according to the acquired client characteristics;
the internal authorization mechanism of the target software generates authorization information aiming at different user attribute characteristics according to the acquired client characteristics, such as client hardware characteristics, client software characteristics and user attribute characteristics of the client; for example, different weight values are set for different attributes in the user attribute features, a weight sum corresponding to the user attribute features is obtained according to the weight values corresponding to the different attributes in the user attribute features, an authorization level corresponding to the user attribute features is obtained according to a range to which the weight sum belongs, and then an entitlement range corresponding to the user attribute features is obtained according to the obtained authorization level, so that authorization information for the user attribute features is generated. The nature of the authorization information can be specific text information, and the authorization information can be stored in a file or sent to the user in the form of mail or the like.
And step S30, returning the generated authorization information to the target software, and controlling the use authority of the user to the target software according to the corresponding authorization information.
And the internal authorization mechanism of the target software returns the authorization information to the target software, so that the client server runs a corresponding target software program based on the authorization information. And the internal authorization mechanism of the target software controls the use authority of the user to the target software according to the authorization information.
In a preferred embodiment of the present invention, the obtaining of the client characteristics generated by the client running the target software program further includes obtaining auxiliary identification information of the user, and determining the client characteristics of the user according to the auxiliary identification information;
the auxiliary identification information includes: touch identification information and voice identification information;
the determining the client characteristics of the user according to the auxiliary identification information comprises the following steps:
when the auxiliary identification information is touch identification information, detecting touch input operation of a user on the touch input interface;
if the touch input operation is detected, acquiring information of a contact area corresponding to the touch input operation;
judging whether the user is an adult or a child according to the information of the contact area corresponding to the touch input operation and the information of the preset contact area;
when the electronic equipment is in a startup confirmation state, if the user is judged to be an adult, the electronic equipment is started; if the user is judged to be a child, the electronic equipment is closed;
when the electronic equipment is in a state to be unlocked, if the user is judged to be an adult, unlocking the electronic equipment; if the user is judged to be a child, the electronic equipment is kept locked;
when the electronic equipment receives a request of starting a set application or function from the user, if the user is judged to be an adult, starting the set application or function; if the user is judged to be a child, the set application or function is not started;
wherein the information of the preset contact area includes: at least one of a long axis of a designated finger of an adult, and a long axis of the designated finger of a child; or, the information of the preset contact area includes: a long axis of a digit of an adult designated finger, and a long axis of a digit of the designated finger of a child; or, the information of the preset contact area includes: at least one of a long axis of the palm of the adult and a long axis of the palm of the child; or, the information of the preset contact area includes: at least one of a long axis of an adult's palm, and a long axis of a child's palm;
the information of the preset contact area includes: at least one of an area of a designated finger of an adult, and an area of the designated finger of a child; or, the information of the preset contact area includes: an area of a digit of a designated finger of an adult, and an area of a digit of the designated finger of a child; or, the information of the preset contact area includes: at least one of an area of a palm of an adult and an area of a palm of a child; or, the information of the preset contact area includes: at least one of an area of a palm of an adult, and an area of a palm of a child;
when the auxiliary identification information is voice identification information, identifying the user according to the following method: registering in a memory acoustic models of a plurality of users and a user identification for identifying each user associated with each acoustic model, picking up the user's voice to obtain an input audio signal responsive to the user's voice, processing the obtained input audio signal to detect the acoustic model, and comparing the detected acoustic model with the registered acoustic models to determine whether any of the acoustic models registered in the memory matches the detected acoustic model, and in the case where there is one registered acoustic model that matches the detected voice, identifying the client feature by the user identification associated with the matching acoustic model registered in the memory.
In a preferred embodiment of the present invention, in order to improve the security of the authorization information, the authorization information may be encrypted according to a preset encryption method, such as an M5 encryption method. And when the encrypted authorization information is returned to the target software by the internal authorization mechanism of the target software, the corresponding encryption key is sent to the target software. When the target software receives the authorization information, the authorization information is decrypted based on the decryption key; for example, when the target software decrypts the authorization information, the decryption key is paired with the encryption key, and if the pairing is successful, the authorization information is decrypted successfully; if the pairing is not possible, the authorization information cannot be decrypted.
In a preferred embodiment of the present invention, the client feature further comprises: the client runs a client environment random variable corresponding to the target software program; the client characteristics obtained by the internal authorization mechanism of the target software are generated by the client running the target software program, and the target software executes the following operations:
acquiring client hardware characteristics, client software characteristics and user attribute characteristics, and acquiring a client server system environment random variable corresponding to a client running a target software program; the customer environment random variable includes: obtaining the current system time of the client server and/or the geographical position of the client server; generating a terminal attribute characteristic A by utilizing the client hardware characteristic and the client software characteristic; for example, in a specific application scenario, the target software may use a motherboard serial number of the client server as an initial value a, sum the values of a, and then obtain a remainder for 255 to obtain a value b; b is used as a parameter to scramble original data of a by using a sequential scrambling function F to obtain c; summing the numerical values of d by using an operating system serial number d in the client software characteristics, then obtaining a remainder value of 255 to obtain a numerical value e, and using a sequence scrambling function F to scramble the original data of d by using e as a parameter to obtain F; and c and f are combined to obtain the terminal attribute characteristic A.
The target software encrypts the terminal attribute feature A by using the client environment random variable to obtain a terminal attribute feature B; and serializing the terminal attribute characteristics B and the user attribute characteristics by utilizing a first serialization mode to obtain corresponding client characteristics, and sending the obtained client characteristics to an internal authorization mechanism of the target software.
In a preferred embodiment of the present invention, the target software internal authorization mechanism generates authorization information for different user attribute features according to the extracted client features, and the following method may be implemented:
the internal authorization mechanism of the target software performs reduction processing on the client characteristics by utilizing a first deserialization mode to obtain a terminal attribute characteristic B and a user attribute characteristic corresponding to the client; determining a data access range of the target software according to the user attribute characteristics; meanwhile, obtaining a server system environment random variable corresponding to an internal authorization mechanism of the target software, wherein the server system environment random variable includes but is not limited to: the generation time stamp of the authorization information, the generation of the unique identification code of the authorization information operator and the like. And the internal authorization mechanism of the target software generates corresponding authorization information by utilizing the terminal attribute characteristic B and the server environment random variable according to the determined data access range of the target software.
Further, when determining the data access range of the target software according to the user attribute characteristics, the internal authorization mechanism of the target software can be implemented by the following steps:
analyzing the extracted user attribute information, such as the working duration of the user, the total working life of the user, the department to which the user belongs, the position grade of the user in an enterprise and the like, by an internal authorization mechanism of the target software; acquiring a user role corresponding to the user attribute information according to the user attribute information; in the embodiment of the present invention, the user role may be understood as: a set of persons with the same authority, that is, one user role may include a plurality of operators, and one operator may belong to a plurality of user roles; one user role may have operation authorization for a plurality of functions, and one function may also be owned by a plurality of user roles.
In a specific application scenario, an attribute role comparison table corresponding to different target software may be set for the target software, that is, different user roles are set for different user attribute information, and a mapping relationship table between the user attribute information and the user roles is created according to the correspondence relationship. When the internal authorization mechanism of the target software obtains the user attribute information, the mapping relation table can be searched according to the user attribute information, so that the user role corresponding to the user attribute information is obtained.
In addition, in a specific application scenario, the internal authorization mechanism of the target software may also pre-establish and store a user role and a user usage right configuration table, where user usage rights corresponding to different user roles are stored in the configuration table. And searching a pre-stored user role and user use permission configuration table by the internal authorization mechanism of the target software according to the acquired user role, so as to acquire the data access range of the target software corresponding to the user role.
In a preferred embodiment of the present invention, the generation of the corresponding authorization information by the internal authorization mechanism of the target software may be implemented as follows:
the internal authorization mechanism of the target software determines the use validity period of the target software according to the user attribute characteristics, such as the use validity duration or the use validity starting time point and ending time point; wherein, the use validity period of the target software is the time when the target software is activated at the client server, and the use validity period is calculated.
In addition, the internal authorization mechanism of the target software can determine the activation complexity level of the target software according to specific user attribute characteristics; and then selecting an activation mode matched with the activation complexity level according to the activation complexity level of the target software. For example, the level of activation complexity is different, and the manner of activation and the degree of activation complexity are also different. After the use validity period and the corresponding activation mode of the target software are determined, the use validity period and the selected activation mode of the target software are written into the authorization information by the internal authorization mechanism of the target software. And after the client obtains the corresponding authorization information, activating the target software by adopting an activation mode corresponding to the target software, and using the target software within the valid use period after the target software is activated.
The authorization method used by the software obtains the client characteristics generated by the client operating the target software program through the internal authorization mechanism of the target software; wherein the customer characteristics include: customer hardware characteristics, customer software characteristics, and customer user attribute characteristics; generating authorization information aiming at different user attribute characteristics according to the acquired client characteristics; returning the generated authorization information to an internal authorization mechanism of the target software, and controlling the use permission of the user on the target software according to the corresponding authorization information; the purpose of finely controlling the software use authorization based on the user attribute characteristics is achieved, the flexibility is improved, and the software authorization is more targeted.
Corresponding to the software use authorization method provided by the embodiment, the embodiment of the invention also provides a software use authorization system; FIG. 2 is a functional block diagram of one embodiment of an authorization system for software use in accordance with the present invention; the authorization system used by the software of the invention comprises a target software internal authorization mechanism 100; the target software internal authorization mechanism 100 includes:
an obtaining module 110, configured to obtain a client characteristic generated by a client running a target software program; wherein the customer characteristics include: customer hardware characteristics, customer software characteristics, and customer user attribute characteristics;
a generating module 120, configured to generate authorization information for different user attribute characteristics according to the obtained client characteristics;
and the authorization module 130 is configured to return the generated authorization information to the target software, and control the usage right of the target software by the user according to the corresponding authorization information.
In a preferred embodiment of the present invention, the client feature further includes: the client runs the random variable of the client server system environment corresponding to the target software program; the client characteristics obtained by the target software internal authorization mechanism 100 are generated by the target software program run by the client.
FIG. 3 is a functional block diagram of another embodiment of the software use authorization system of the present invention, as shown in FIG. 3; the software usage authorization system further comprises a target software internal authorization module 200, wherein the target software internal authorization module 200 is configured to:
acquiring customer hardware characteristics, customer software characteristics and user attribute characteristics, and acquiring customer environment random variables corresponding to a customer when the customer runs a target software program; wherein the guest hardware features include: CPU serial number, hard disk serial number, mainboard serial number and/or MAC address; the client software features include: operating system information, operating system serial number, and/or current installed software version number; the user attribute features include: the position grade of the user in the enterprise, the time length of the user entering the job, the total working year of the user and the department to which the user belongs; the customer environment random variable includes: obtaining the current system time of the client server and/or the geographical position of the client server;
generating a terminal attribute characteristic A by utilizing the client hardware characteristic and the client software characteristic;
encrypting the terminal attribute characteristic A by using the client environment random variable to obtain a terminal attribute characteristic B;
and serializing the terminal attribute characteristics B and the user attribute characteristics by utilizing a first serialization mode to obtain corresponding client characteristics.
In a preferred embodiment of the present invention, the target software internal authorization mechanism 100 is further configured to:
restoring the client characteristics by using a first deserialization mode to obtain a terminal attribute characteristic B and a user attribute characteristic corresponding to the client;
determining a data access range of the target software according to the user attribute characteristics;
acquiring a server system environment random variable corresponding to the target software internal authorization mechanism 100, and generating corresponding authorization information by using the terminal attribute characteristic B and the server system environment random variable according to the data access range;
wherein the server system environment random variable comprises: a generation time stamp of the authorization information.
In a preferred embodiment of the present invention, the target software internal authorization mechanism 100 is further configured to:
analyzing the extracted user attribute information to obtain a user role corresponding to the user attribute information;
and searching a pre-stored user role and user use permission configuration table according to the acquired user role, and acquiring the data access range of the target software corresponding to the user role.
In a preferred embodiment of the present invention, the target software internal authorization mechanism 100 is further configured to:
determining the use validity period of the target software and the activation complexity level of the target software according to the user attribute characteristics;
selecting an activation mode matched with the activation complexity level according to the activation complexity level of the target software;
and writing the use validity period of the target software and the selected activation mode into the authorization information.
The authorization system used by the software acquires the client characteristics generated by the client running the target software program through the internal authorization mechanism of the target software; wherein the customer characteristics include: customer hardware characteristics, customer software characteristics, and customer user attribute characteristics; generating authorization information aiming at different user attribute characteristics according to the acquired client characteristics; returning the generated authorization information to the target software, and controlling the use permission of the user to the target software according to the corresponding authorization information; the purpose of finely controlling the software use authorization based on the user attribute characteristics is achieved, the flexibility is improved, and the software authorization is more targeted.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.
Claims (10)
1. A method for authorizing software usage, the method comprising:
the internal authorization mechanism of the target software acquires the client characteristics generated when the client runs the target software program; wherein the customer characteristics include: customer hardware characteristics, customer software characteristics, and customer user attribute characteristics;
generating authorization information aiming at different user attribute characteristics according to the acquired client characteristics;
returning the generated authorization information to the target software, and controlling the use permission of the user to the target software according to the corresponding authorization information;
the method comprises the steps of obtaining client characteristics generated by a client running a target software program, obtaining auxiliary identification information of a user, and determining the client characteristics of the user according to the auxiliary identification information;
the auxiliary identification information includes: touch identification information and/or voice identification information;
the determining the customer characteristics of the user according to the auxiliary identification information comprises the following steps:
when the auxiliary identification information is touch identification information, detecting touch input operation of a user on a touch input interface;
if the touch input operation is detected, acquiring information of a contact area corresponding to the touch input operation;
judging whether the user is an adult or a child according to the information of the contact area corresponding to the touch input operation and the information of the preset contact area;
when the electronic equipment is in a startup confirmation state, if the user is judged to be an adult, the electronic equipment is started; if the user is judged to be a child, the electronic equipment is closed;
when the electronic equipment is in a state to be unlocked, if the user is judged to be an adult, unlocking the electronic equipment; if the user is judged to be a child, the electronic equipment is kept locked;
when the electronic equipment receives a request of starting a set application or function from the user, if the user is judged to be an adult, starting the set application or function; if the user is judged to be a child, the set application or function is not started;
wherein the information of the preset contact area includes: at least one of a long axis of a designated finger of an adult, and a long axis of the designated finger of a child; or, the information of the preset contact area includes: a long axis of a digit of an adult designated finger, and a long axis of a digit of the designated finger of a child; or, the information of the preset contact area includes: at least one of a long axis of the palm of the adult and a long axis of the palm of the child; or, the information of the preset contact area includes: at least one of a long axis of a palm of an adult and a long axis of a palm of a child, or information of the preset contact area, includes: at least one of an area of a designated finger of an adult, and an area of the designated finger of a child; or, the information of the preset contact area includes: an area of a digit of a designated finger of an adult, and an area of a digit of the designated finger of a child; or, the information of the preset contact area includes: at least one of an area of a palm of an adult and an area of a palm of a child; or, the information of the preset contact area includes: at least one of an area of a palm of an adult, and an area of a palm of a child;
when the auxiliary identification information is voice identification information, identifying the user according to the following method: registering in a memory acoustic models of a plurality of users and a user identification for identifying each user associated with each acoustic model, picking up the user's voice to obtain an input audio signal responsive to the user's voice, processing the obtained input audio signal to detect the acoustic models, and comparing the detected acoustic models with the registered acoustic models to determine whether any of the acoustic models registered in the memory matches the detected acoustic models, and in the case where there is one registered acoustic model that matches the detected voice, identifying the client feature by the user identification associated with the matching acoustic model registered in the memory;
in order to improve the security of the authorization information, the authorization information is encrypted according to a preset encryption mode, when an internal authorization mechanism of the target software returns the encrypted authorization information to the target software, the corresponding encryption key is sent to the target software, and when the target software receives the authorization information, the authorization information is decrypted based on the decryption key.
2. A method for authorizing software use as claimed in claim 1, wherein the client feature further comprises: the client runs a client environment random variable corresponding to the target software program;
the client characteristics obtained by the target software internal authorization mechanism are generated by the client running the target software program, and the target software internal authorization mechanism executes the following operations:
acquiring customer hardware characteristics, customer software characteristics and user attribute characteristics, and acquiring customer environment random variables corresponding to a customer when the customer runs a target software program; wherein the guest hardware features include: CPU serial number, hard disk serial number, mainboard serial number and/or MAC address; the client software features include: operating system information, operating system serial number, and/or current installed software version number; the user attribute features include: the position grade of the user in the enterprise, the time length of the user for entering the job, the total working year of the user and/or the department to which the user belongs; the client environment random variable is obtained according to the current system time of the client server and/or the geographical position of the client server;
generating a terminal attribute characteristic A by utilizing the client hardware characteristic and the client software characteristic;
encrypting the terminal attribute characteristic A by using the client environment random variable to obtain a terminal attribute characteristic B;
and serializing the terminal attribute characteristics B and the user attribute characteristics by utilizing a first serialization mode to obtain corresponding client characteristics.
3. A method for authorizing use of software as claimed in claim 2, wherein the generating authorization information for different user attribute characteristics based on the obtained client characteristics comprises:
the internal authorization mechanism of the target software performs reduction processing on the client characteristics by utilizing a first deserialization mode to obtain a terminal attribute characteristic B and a user attribute characteristic corresponding to the client;
determining a data access range of the target software according to the user attribute characteristics;
acquiring a client environment random variable corresponding to an internal authorization mechanism of the target software, and generating corresponding authorization information by using the terminal attribute characteristic B and the client environment random variable according to the data access range;
wherein the customer environment random variable comprises: a generation time stamp of the authorization information.
4. A method for authorizing software use as claimed in claim 3 wherein said determining a data access scope for the target software based on said user attribute characteristics comprises:
analyzing the extracted user attribute information to obtain a user role corresponding to the user attribute information;
and searching a pre-stored user role and user use permission configuration table according to the acquired user role, and acquiring the data access range of the target software corresponding to the user role.
5. The method of authorizing software use of claim 3 wherein the generating corresponding authorization information comprises:
determining the use validity period of the target software and the activation complexity level of the target software according to the user attribute characteristics;
selecting an activation mode matched with the activation complexity level according to the activation complexity level of the target software;
and writing the use validity period of the target software and the selected activation mode into the authorization information.
6. A software use authorization system based on the software use authorization method of claim 1, the software use authorization system comprising a target software internal authorization mechanism; wherein the internal authorization mechanism of the target software comprises:
the acquisition module is used for acquiring client characteristics generated by a client running a target software program; wherein the customer characteristics include: customer hardware characteristics, customer software characteristics, and customer user attribute characteristics;
the generating module is used for generating authorization information aiming at different user attribute characteristics according to the acquired client characteristics;
and the authorization module is used for returning the generated authorization information to the target software and controlling the use permission of the user on the target software according to the corresponding authorization information.
7. A software use authorization system according to claim 6, characterized in that the client features further comprise: the client runs a client environment random variable corresponding to the target software program; the client characteristics obtained by the internal authorization mechanism of the target software are generated by a target software program run by a client;
the software usage authorization system further comprises a target software internal authorization module, which is used for:
acquiring customer hardware characteristics, customer software characteristics and user attribute characteristics, and acquiring customer environment random variables corresponding to a customer when the customer runs a target software program; wherein the guest hardware features include: CPU serial number, hard disk serial number, mainboard serial number and/or MAC address; the client software features include: operating system information, operating system serial number, and/or current installed software version number; the user attribute features include: the position grade of the user in the enterprise, the time length of the user for entering the job, the total working year of the user and/or the department to which the user belongs; the client environment random variable is obtained according to the current system time of the client server and/or the geographical position of the client server;
generating a terminal attribute characteristic A by utilizing the client hardware characteristic and the client software characteristic;
encrypting the terminal attribute characteristic A by using the client environment random variable to obtain a terminal attribute characteristic B;
and serializing the terminal attribute characteristics B and the user attribute characteristics by utilizing a first serialization mode to obtain corresponding client characteristics.
8. The system of claim 7, wherein the target software internal authorization mechanism is further configured to:
restoring the client characteristics by using a first deserialization mode to obtain a terminal attribute characteristic B and a user attribute characteristic corresponding to the client;
determining a data access range of the target software according to the user attribute characteristics;
acquiring a client environment random variable corresponding to an internal authorization mechanism of the target software, and generating corresponding authorization information by using the terminal attribute characteristic B and the client environment random variable according to the data access range;
wherein the customer environment random variable comprises: a generation time stamp of the authorization information.
9. The system of claim 8, wherein the target software internal authorization mechanism is further configured to:
analyzing the extracted user attribute information to obtain a user role corresponding to the user attribute information;
and searching a pre-stored user role and user use permission configuration table according to the acquired user role, and acquiring the data access range of the target software corresponding to the user role.
10. The system of claim 9, wherein the target software internal authorization mechanism is further configured to:
determining the use validity period of the target software and the activation complexity level of the target software according to the user attribute characteristics;
selecting an activation mode matched with the activation complexity level according to the activation complexity level of the target software;
and writing the use validity period of the target software and the selected activation mode into the authorization information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811141163.6A CN109344569B (en) | 2018-09-28 | 2018-09-28 | Software use authorization method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811141163.6A CN109344569B (en) | 2018-09-28 | 2018-09-28 | Software use authorization method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109344569A CN109344569A (en) | 2019-02-15 |
| CN109344569B true CN109344569B (en) | 2020-09-18 |
Family
ID=65307152
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811141163.6A Active CN109344569B (en) | 2018-09-28 | 2018-09-28 | Software use authorization method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109344569B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111163090A (en) * | 2019-12-30 | 2020-05-15 | 重庆同汇勘测规划有限公司 | Authorization method and system based on server time service equipment |
| CN114266015A (en) * | 2021-12-20 | 2022-04-01 | 深圳市元征软件开发有限公司 | Method and device for opening function permission, electronic equipment and storage medium |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7591000B2 (en) * | 2003-02-14 | 2009-09-15 | Oracle International Corporation | System and method for hierarchical role-based entitlements |
| CN103186725B (en) * | 2011-12-31 | 2016-10-05 | 北大方正集团有限公司 | software authorization method and device |
| CN103491097B (en) * | 2013-09-30 | 2016-07-13 | 华中师范大学 | Software authorization system based on public-key cryptosystem |
| CN105608366B (en) * | 2014-11-18 | 2019-07-12 | 华为软件技术有限公司 | User authority control method and device |
| WO2018119644A1 (en) * | 2016-12-27 | 2018-07-05 | 深圳配天智能技术研究院有限公司 | Software authorization method, system and device |
| CN108062461A (en) * | 2017-11-23 | 2018-05-22 | 珠海格力电器股份有限公司 | A kind of software authorization method, apparatus and system |
-
2018
- 2018-09-28 CN CN201811141163.6A patent/CN109344569B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN109344569A (en) | 2019-02-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9069936B2 (en) | Licensing verification for application use | |
| US10635054B2 (en) | Authentication system and method thereof | |
| CN107241364B (en) | File downloading method and device | |
| US9104888B2 (en) | Secure data storage | |
| CN108429638B (en) | Server operation and maintenance method, device and system and electronic equipment | |
| CN111538961B (en) | Method, device, equipment and storage medium for activating software | |
| CN111917773A (en) | Service data processing method and device and server | |
| CN104134021A (en) | Software tamper-proofing verification method and software tamper-proofing verification device | |
| CN102946392A (en) | URL (Uniform Resource Locator) data encrypted transmission method and system | |
| CN110177111B (en) | Information verification method, system and device | |
| US20190050555A1 (en) | Enforcing Trusted Application Settings for Shared Code Libraries | |
| CN109344569B (en) | Software use authorization method and system | |
| EP3999980A1 (en) | User authentication based on behavioural biometrics | |
| CN112751832A (en) | Online authorization authentication method, equipment and storage medium for virtual machine operating system | |
| CN117708794A (en) | Equipment authorization method and equipment authorization device | |
| CN110719257A (en) | Method, device and equipment for managing authority of single-page application and storage medium | |
| US20090172778A1 (en) | Rule-based security system and method | |
| US9122878B1 (en) | Software license management with drifting component | |
| CN110602121B (en) | Network key obtaining method and device and computer readable storage medium | |
| CN110830252B (en) | Data encryption method, device, equipment and storage medium | |
| CN112035826A (en) | Password management method, device, storage medium and electronic equipment | |
| CN111222929A (en) | Electronic invoice application method and device supporting dynamic file permission | |
| CN111444118B (en) | Process protection method, device, terminal equipment and storage medium | |
| CN114329431B (en) | New user verification method based on mobile equipment multiple feature detection | |
| KR101466606B1 (en) | System and method of preventing from illicit use of application for smart device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |