CN110324283A - Licensing Methods, apparatus and system based on asymmetric encryption - Google Patents
Licensing Methods, apparatus and system based on asymmetric encryption Download PDFInfo
- Publication number
- CN110324283A CN110324283A CN201810276390.3A CN201810276390A CN110324283A CN 110324283 A CN110324283 A CN 110324283A CN 201810276390 A CN201810276390 A CN 201810276390A CN 110324283 A CN110324283 A CN 110324283A
- Authority
- CN
- China
- Prior art keywords
- request
- usb key
- license authentication
- license
- network equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
A kind of Licensing Methods based on asymmetric encryption, apparatus and system are disclosed in the embodiment of the present application.This method is the License Authentication request including license verification information for receiving the network equipment and sending, and verifies later to license verification information, obtains License Authentication result;Condition is not copied based on default, and request serial number, request random number and the customer number in License Authentication request are verified, License Authentication result is obtained;License Authentication response is sent to the network equipment, License Authentication response includes License Authentication as a result, so that the network equipment executes the operation of the License Authentication result instruction.As it can be seen that this method is verified by the license verification information to the network equipment, License Authentication is obtained as a result, controlling network equipment operation corresponding function or the current license of unloading according to verification result, improves the safety of network equipment operation.
Description
Technical field
This application involves field of communication technology more particularly to a kind of Licensing Methods based on asymmetric encryption, device and it is
System.
Background technique
Currently, with the hair of network function virtualization (Network Function Virtualization, NFV) technology
Exhibition, the sale form of the network equipment are gradually changed into software form by example, in hardware.The network equipment is generally required through license
Mode controls the function and performance operation of itself.When the network equipment is that example, in hardware is presented, the network equipment is according to hardware
The ID of itself generates effective License Info, the characteristics of can not being replicated by hardware ID itself, achievees the purpose that control license.
When the network equipment is presented in a software form, since the network equipment can not predict the hardware environment of its operation in advance, just can not yet
License Info is made in advance by binding hardware information.So the network equipment at this time be by special file, as identifying code,
The modes such as networking activation obtain License Info, but there are some problems for aforesaid way, and such as: License Management mechanism is easy to be cracked,
And there are a large amount of information to be illegally duplicated inside enterprise private network, and being illegally duplicated of License Info is caused (or to be let out
Dew).
In view of the above-mentioned problems, following two solution exists in the prior art:
Scheme one, using asymmetric encryption and decryption technology, in advance by the program of private key embedded network equipment, License Info is logical
Public key encryption is crossed, and imports encrypted License Info to the network equipment, after the network equipment is using the private key pair encryption being embedded in
License Info is decrypted, if successful decryption, then it is assumed that is effectively to permit, i.e., uses the license, net without other network equipments
Network equipment operates normally.
Scheme two introduces permission management server, and the License Info of batch is imported permission management server.When will permit
It when management server is deployed in corporate intranet environment, is interacted by the network equipment and permission management server, is managed by license
Reason server authenticates the network equipment, if authenticating successfully, then it is assumed that is effectively to permit, the network equipment operates normally.
However, being permitted in permission management server in the program and License Info of the network equipment in scheme one and scheme two
Can information be all easy to be illegally duplicated, multiple-route cluster equipment can be made to cause the network equipment to be transported using the license after illegal copies
Capable safety is lower.
Summary of the invention
The embodiment of the present application provides a kind of Licensing Methods based on asymmetric encryption, apparatus and system, improves network and sets
The safety of received shipment row.
In a first aspect, providing a kind of Licensing Methods based on asymmetric encryption, this method is applied in licensing system
On permission management server, this method may include:
The License Authentication request that the network equipment is sent is received, License Authentication request is for requesting to the network equipment wait run
Function carry out License Authentication, License Authentication request include license verification information, license verification information include request serial number, request
Random number, customer number;Wherein, request serial number indicates the request number of times of License Authentication request;Requesting random number is to issue license
The random number generated when checking request, and the random number that License Authentication request generates every time is different, customer number is preset permitted
Can system unifying identifier;Condition is not copied based on default, and request serial number, request random number and customer number are verified,
Obtain License Authentication result;To the network equipment send License Authentication response, License Authentication response include License Authentication as a result, so that
The network equipment executes the operation of License Authentication result instruction.As it can be seen that this method by the license verification information to the network equipment into
Row verifying obtains License Authentication as a result, controlling network equipment operation corresponding function or the current license of unloading according to verification result, mentions
The high safety of network equipment operation.
In an optional realization, condition is not copied based on default, to request serial number, request random number and customer number
It is verified, obtains License Authentication result, comprising: if verifying request serial number zero, and the client of customer number and storage compiles
It is number consistent, then obtain the License Authentication result for indicating to be proved to be successful;If verifying the preceding primary request that request serial number is equal to storage
Serial number adds 1, and request random number is not equal to the preceding primary request random number of storage, and customer number and the customer number of storage one
It causes, then obtains the License Authentication result for indicating to be proved to be successful;If verifying the preceding primary request serial number that request serial number is equal to storage,
Random number is requested to be equal to the preceding primary request random number of storage, and customer number is consistent with the customer number of storage, then obtains table
Show the License Authentication result being proved to be successful.Which is to obtain a kind of mode of the uniqueness and consistency of license verification information,
Further ensure the safety of network equipment operation.
In an optional realization, when License Authentication result indicates License Authentication success, permitted to network equipment transmission
It can verify that response, comprising: when License Authentication result indicates License Authentication success, send signature request to USB Key, signature is asked
It asks including information to be signed, information to be signed includes License Authentication result and USB Key certificate, and USB Key certificate is to USB
What Key was obtained from USB Key before sending signature request;Receive the signing messages that USB Key is sent, signing messages USB
Key treats signing messages using private key and carries out encrypted information;License Authentication response is sent to the network equipment, License Authentication is rung
It should include License Authentication result, USB Key certificate and signing messages, so that the network equipment runs function to be run, A.L.S.
Breath includes the License Authentication result of encryption and the USB Key certificate of encryption.As it can be seen that the network equipment can be by USB Key certificate pair
Signing messages is verified, i.e., verifies to USB Key, is checked the matching of USB Key certificate and private key, is further ensured that
The safety of network equipment operation.
In an optional realization, before sending signature request to USB Key, this method further include: receive USB Key
The USB Key certificate sent according to the access request of permission management server;If the CA certificate of storage verifies USB Key certificate
Effectively, then text to be signed is sent to USB Key, text to be signed is any text of permission management server;Receive USB
The signature text that Key is sent, signature text carry out encrypted text to text to be signed using private key for USB Key;It is based on
Received USB Key certificate is decrypted signature text, the text after being decrypted;If decryption after text with it is to be signed
Text is consistent, then sends name acquiring request to USB Key;Receive the USB Key that USB Key is sent according to name acquiring request
Current name;According to the current name of USB Key, determine that USB Key is the USB Key not being illegally duplicated;To USB Key
Current name renamed, obtain the new current name of USB Key;New current name is sent to USB Key.It can
See, by interacting with USB Key, successively verifies validity, USB Key certificate and the USB of USB Key certificate in USB Key
The matching of the private key of Key storage, and the current name by checking USB Key, judge whether USB Key is illegally duplicated
It crosses, further ensures the safety of network equipment operation.
In an optional realization, according to the current name of USB Key, determine that USB Key is not illegally duplicated
USB Key, comprising: the title of the USB Key of storage is consistent with current name if detecting, it is determined that USB Key is not illegal
Copy;Alternatively, if detecting the title of not stored USB Key, it is determined that USB Key is not illegally duplicated.
In an optional realization, this method further include: after the first preset time period, new current name is determined
For current name, returns and execute the USB Key certificate for receiving that USB Key is sent according to the access request of permission management server
Step.
Second aspect, provides another Licensing Methods based on asymmetric encryption, and this method is applied in licensing system
The network equipment on, this method comprises: sending License Authentication request to permission management server, License Authentication request is to network
The function to be run of equipment carries out the request of License Authentication, and License Authentication request includes license verification information, License Authentication letter
Breath includes request serial number, request random number, customer number;Wherein, request serial number indicates the request number of times of License Authentication request;Please
Seeking random number is the random number that the request of each License Authentication generates, and the random number that each License Authentication request generates is different, client
Number is the unifying identifier of preset licensing system;Permission management server is received according to request serial number, request random number and visitor
The License Authentication response that family number is sent, License Authentication response include License Authentication result;Execute the instruction of License Authentication result
Operation.As it can be seen that the network equipment of this method according to obtained License Authentication as a result, operation corresponding function or the current license of unloading,
Improve the safety of network equipment operation.
In an optional realization, the operation of the License Authentication result instruction is executed, comprising: if License Authentication result
It indicates License Authentication success, then runs function to be run;If License Authentication result indicates License Authentication failure, unloading is executed
Permit operation and/or from reboot operation.
In an optional realization, License Authentication response further includes USB Key certificate and signing messages, signing messages packet
Include the License Authentication result of encryption and the USB Key certificate of encryption;USB Key certificate based on the received tests the license of encryption
Card result and the USB Key certificate of encryption are decrypted, the USB Key certificate for the License Authentication result and decryption decrypted;
When USB Key certificate is consistent with the USB Key certificate of decryption, and License Authentication result is consistent with the License Authentication result of decryption
When, run function to be run.As it can be seen that the network equipment can verify USB Key certificate to signing messages, i.e., to USB
Key is verified, and checks the matching of USB Key certificate and private key, further ensures the safety of network equipment operation.
The third aspect provides a kind of license management apparatus, the apparatus may include:
Receiving unit, for receiving the License Authentication request of network equipment transmission, License Authentication request is for requesting to net
The function to be run of network equipment carries out License Authentication, and License Authentication request includes license verification information, license verification information packet
Include request serial number, request random number, customer number;Wherein, request serial number indicates the request number of times of License Authentication request;Request with
Machine number is to issue the random number generated when License Authentication request, and the random number that License Authentication request generates every time is different, client
Number is the unifying identifier of preset licensing system;
Authentication unit tests request serial number, request random number and customer number for not copying condition based on default
Card, obtains License Authentication result;
Transmission unit, for the network equipment send License Authentication response, License Authentication response include License Authentication as a result,
So that the network equipment executes the operation of License Authentication result instruction.
One it is optional realize, authentication unit, if specifically for verifying request serial number zero, and customer number with
The customer number of storage is consistent, then obtains the License Authentication result for indicating to be proved to be successful;
Add 1, before request random number is not equal to storage if verifying request serial number and being equal to the preceding primary request serial number stored
Primary request random number, and customer number is consistent with the customer number of storage, then obtains the License Authentication knot for indicating to be proved to be successful
Fruit;
If verifying the preceding primary request serial number that request serial number is equal to storage, request random number, which is equal to the preceding of storage, is once asked
Random number is sought, and customer number is consistent with the customer number of storage, then obtains the License Authentication result for indicating to be proved to be successful.
In an optional realization, transmission unit is also used to when License Authentication result indicates License Authentication success, to
USB Key sends signature request, and signature request includes information to be signed, and information to be signed includes License Authentication result and USB
Key certificate, USB Key certificate are to obtain at USB Key before sending signature request to USB Key;
Receiving unit, is also used to receive the signing messages of USB Key transmission, and signing messages is that USB Key utilizes private key pair
Information to be signed carries out encrypted information;
Transmission unit, is also used to send License Authentication response to the network equipment, and License Authentication response includes License Authentication knot
Fruit, USB Key certificate and signing messages, so that the network equipment runs function to be run, signing messages includes the license of encryption
The USB Key certificate of verification result and encryption.
In an optional realization, which further includes decryption unit, determination unit and name unit;
Receiving unit is also used to before sending signature request to USB Key, is received USB Key and is taken according to License Management
The USB Key certificate that the access request of device of being engaged in is sent;
Transmission unit, if to verify USB Key certificate effective for the CA certificate for being also used to store, to USB Key send to
Signature text, text to be signed are any text of permission management server;
Receiving unit, is also used to receive the signature text of USB Key transmission, and signature text is that USB Key utilizes private key pair
Text to be signed carries out encrypted text;
Decryption unit is decrypted signature text, the text after being decrypted for being based on received USB Key certificate
This;
Transmission unit sends name acquiring to USB Key if the text after being also used to decrypt is consistent with text to be signed
Request;
Receiving unit is also used to receive the current name for the USB Key that USB Key is sent according to name acquiring request;
Determination unit determines that USB Key is the USB not being illegally duplicated for the current name according to USB Key
Key;
Unit is named, is renamed for the current name to USB Key, obtains the new current name of USB Key;
Transmission unit is also used to send new current name to USB Key.
One it is optional realize, determination unit, if the title of the USB Key specifically for detecting storage and current
Title is consistent, it is determined that USB Key is not illegally duplicated;
Alternatively, if detecting the title of not stored USB Key, it is determined that USB Key is not illegally duplicated.
In an optional realization, determination unit is also used to after the first preset time period, and new current name is true
It is set to current name, returns to triggering receiving unit and execute reception USB Key according to the transmission of the access request of permission management server
USB Key certificate the step of.
Fourth aspect provides a kind of network equipment, which may include:
Transmission unit, for sending License Authentication request to permission management server, License Authentication request is to set to network
Standby function to be run carries out the request of License Authentication, and License Authentication request includes license verification information, license verification information
Including request serial number, request random number, customer number;Wherein, request serial number indicates the request number of times of License Authentication request;Request
Random number is the random number that the request of each License Authentication generates, and the random number that each License Authentication request generates is different, Ke Hubian
Number be preset licensing system unifying identifier;
Receiving unit is sent for receiving permission management server according to request serial number, request random number and customer number
License Authentication response, License Authentication response include License Authentication result;
Execution unit, for executing the operation of License Authentication result instruction.
In an optional realization, execution unit, if being specifically used for License Authentication result indicates License Authentication success,
Run function to be run;If License Authentication result indicates License Authentication failure, executes unloading permit operation and/or restart certainly
Operation.
In an optional realization, which includes decryption unit;
License Authentication response further includes USB Key certificate and signing messages, and signing messages includes the License Authentication knot of encryption
The USB Key certificate of fruit and encryption;
Decryption unit, for USB Key certificate based on the received, to the License Authentication result of encryption and the USB of encryption
Key certificate is decrypted, the USB Key certificate for the License Authentication result and decryption decrypted;
Running unit, it is consistent with the USB Key certificate of decryption specifically for working as USB Key certificate, and License Authentication result
When consistent with the License Authentication result of decryption, function to be run is run.
5th aspect, provide a kind of permission management server, the permission management server include processor, communication connect
Mouth, memory and communication bus, wherein processor, communication interface, memory complete mutual communication by communication bus;
Memory, for storing computer program;
Processor, when for executing the program stored on memory, the method for realizing any one of above-mentioned first aspect
Step.
6th aspect, provides a kind of network equipment, which includes processor, communication interface, memory and lead to
Believe bus, wherein processor, communication interface, memory complete mutual communication by communication bus;
Memory, for storing computer program;
Processor, when for executing the program stored on memory, the method for realizing any one of above-mentioned second aspect
Step.
7th aspect, provides a kind of licensing system, which may include the permission management server of the 5th aspect, the
The network equipment and USB Key of six aspects.
Eighth aspect provides a kind of computer readable storage medium, and meter is stored in the computer readable storage medium
Calculation machine program, the computer program realized when being executed by processor in above-mentioned first aspect any method and step or on
State any method and step in second aspect.
It follows that the technical solution of the application is the License Authentication request for receiving the network equipment and sending, for requesting
License Authentication is carried out to the function to be run of the network equipment, License Authentication request includes license verification information;To License Authentication
Information is verified, and License Authentication result is obtained;When License Authentication result indicates License Authentication success, sent to the network equipment
License Authentication response including License Authentication result, so that the network equipment runs function to be run;When License Authentication result table
When showing License Authentication failure, License Authentication response is sent to the network equipment, License Authentication response includes License Authentication result and refers to
Show information, to indicate the current license of network server unloading and/or execute reboot operation.As it can be seen that this method is by setting network
Standby license verification information is verified, and obtains License Authentication as a result, controlling the network equipment according to verification result runs corresponding function
Current license can or be unloaded, the safety of network equipment operation is improved.
Detailed description of the invention
Fig. 1 is a kind of structural schematic diagram of licensing system provided in an embodiment of the present invention;
Fig. 2 is a kind of Licensing Methods flow diagram based on asymmetric encryption provided in an embodiment of the present invention;
Fig. 3 is another Licensing Methods flow diagram based on asymmetric encryption provided in an embodiment of the present invention;
Fig. 4 is a kind of structural schematic diagram of license management apparatus provided in an embodiment of the present invention;
Fig. 5 is a kind of structural schematic diagram of the network equipment provided in an embodiment of the present invention;
Fig. 6 is a kind of structural schematic diagram of permission management server provided in an embodiment of the present invention;
Fig. 7 is the structural schematic diagram of another network equipment provided in an embodiment of the present invention.
Specific embodiment
Below in conjunction with the attached drawing in the embodiment of the present application, technical solutions in the embodiments of the present application carries out clear, complete
Site preparation description, it is clear that described embodiment is only some embodiments of the present application, is not whole embodiments.Based on this
Apply for embodiment, every other implementation obtained by those of ordinary skill in the art without making creative efforts
Example, shall fall in the protection scope of this application.
Licensing Methods provided in an embodiment of the present invention based on asymmetric encryption are applied in licensing system as shown in Figure 1
In, which can apply on Cloud Server.The licensing system may include USB Key, permission management server and
The network equipment.
USB Key is a kind of hardware device of USB interface, is built in single-chip microcontroller or intelligent card chip, and USB Key includes
Memory module, memory module are used to store the private key and corresponding USB Key certificate of user, and and permission management server
It is communicated.
Permission management server for managing the license verification information of the network equipment, and passes through USB Key control operation shape
State.Permission management server may include that license monitoring module, USB Key interactive module, USB Key authentication module and safety pass
Defeated layer protocol (Transport Layer Security, TLS) encrypted transmission module.
Wherein, permit monitoring module, for monitoring and receiving the License Authentication request of network equipment transmission, according in request
License verification information, identify whether the license of the network equipment effective, and return to License Authentication result and corresponding to the network equipment
Execute operation.The information such as request serial number, customer number, request random number that license verification information may include.Request serial number
Indicate the request number of times of License Authentication request;Request random number is the random number generated when sending License Authentication request, and every time
The random number that License Authentication request generates is different, and customer number is the unifying identifier of preset licensing system.
USB Key interactive module obtains the USB Key card stored in USB Key after establishing connection with USB Key
Book, the title of USB Key, the title of modification USB Key, and stored, and send text to be signed to USB Key, it should
Text to be signed is any text in permission management server.
USB Key authentication module, for using the certificate authority prestored (Certificate Authority, CA)
The validity of certification authentication USB Key certificate, using the private key in received USB Key certification authentication USB Key matching,
The consistency of the current name of USB Key is verified using the title of the preceding USB Key once stored, and the operation of itself is set
End time.
TLS encrypted transmission module, for related by Secure Socket Layer (Secure Sockets Layer, SSL) agreement
Application programming interfaces (Application Program Interface, API) and USB Key and the network equipment establish and encrypt
Transmission channel, the transmission channel is for the information transmission in communication interaction.
The network equipment for being communicated with permission management server, and executes the finger that permission management server is sent
Show operation.The network equipment may include License Authentication module and TLS encrypted transmission module.
Wherein, License Authentication module, for sending License Authentication request, and reception license pipe to permission management server
The License Authentication result and execute operation accordingly that reason server is sent, such as delete permit operation, reboot operation etc..
TLS encrypted transmission module, for establishing encrypted transmission channel with permission management server using SSL correlation API,
The transmission channel is for the information transmission in communication interaction.
The Licensing Methods that the licensing system executes may include permission management server to the verification process of USB Key, be permitted
Can management server verification process that the network equipment is permitted and the network equipment to permission management server application verifying license
Process.As it can be seen that the characteristics of can not being copied by USB Key certificate in USB Key and private key, it can effective guarantee License Management clothes
Device and License Info itself be engaged in after illegal copies, is unable to normal use.Encrypted transmission channel is used inside licensing system simultaneously
It is communicated, the safety of effective guarantee interaction message, so that License Management mechanism can not be cracked.
Preferred embodiment of the present application is illustrated below in conjunction with Figure of description, it should be understood that described herein
Preferred embodiment only for the purpose of illustrating and explaining the present invention and is not intended to limit the present invention, and in the absence of conflict, this Shen
Please in embodiment and embodiment in feature can be combined with each other.
Fig. 2 is a kind of Licensing Methods flow diagram based on asymmetric encryption provided in an embodiment of the present invention.Such as Fig. 2 institute
Show, the executing subject of this method is permission management server, and this method may include:
Step 210 receives the License Authentication request that the network equipment is sent, and License Authentication request includes license verification information,
License verification information includes request serial number, request random number and customer number.
License Authentication request is for requesting the function to be run to the network equipment to carry out License Authentication, license verification information
It may include request serial number, request random number, customer number.Wherein, request serial number indicates the License Authentication that the network equipment is sent
The request number of times of request;Request random number is to issue the random number generated when License Authentication request, and License Authentication is requested every time
The random number of generation is different, and customer number is the unifying identifier of preset licensing system, and a set of licensing system presets identical visitor
Family number.
Before executing the step, permission management server obtains USB Key by sending access request to USB Key
USB Key certificate.If it is invalid that the CA certificate of permission management server storage verifies USB Key certificate, terminate authenticated
Journey;If it is effective that the CA certificate of permission management server storage verifies USB Key certificate, text to be signed is sent to USB Key
This, text to be signed is any text of permission management server, receives the signature text that USB Key is sent, and signature text is
USB Key carries out encrypted text to text to be signed using private key;Based on received USB Key certificate, to signature text
The text after being decrypted is decrypted.If the text and text to be signed after decryption are inconsistent, verification process is terminated;If solution
Text after close is consistent with text to be signed, then name acquiring request is sent to USB Key, to obtain the current of USB Key
Title;According to the current name of USB Key, determine that USB Key is the USB Key not being illegally duplicated, later to USB Key's
Current name is renamed, and obtains the new current name of USB Key, and stored, it is rear to USB Key send update
Information is indicated, to indicate that current name is replaced with new current name by USB Key.
Optionally, if detecting, the title of the USB of storage is consistent with current name, and permission management server determines USB
Key is the USB Key not being illegally duplicated.Alternatively, if detecting the title of not stored USB Key, it is determined that USB Key is not
The USB Key being illegally duplicated.
As it can be seen that verifying the validity of USB Key certificate by CA certificate, pass through USB Key certificate and private key encryption mistake
Signature file, verifying USB Key certificate and private key in USB Key has matching, to show that the USB Key is legal
USB Key, further, in the case where USB Key is legal, pass through verifying storage USB Key title and obtain
The consistency of current name determines that USB Key is not to be illegally duplicated, further ensures the safety of network equipment operation.
Optionally, after the first preset time period, new current name is determined as current name by permission management server,
The step of executing the USB Key certificate that the reception USB Key is sent according to the access request of permission management server is returned, it can
Whether with regular check, whether the USB Key is illegally duplicated, i.e., used by other permission management servers.
Return to step 210, after network equipment starting, the network equipment needs to run that it has to operation function
License Authentication request is sent to the permission management server that connection has been established.
Wherein, the network equipment to the process that permission management server establishes connection include following situations:
In the case where the network equipment prestores permission management server address, the network equipment is according to preset License Management
Server address sends connection request to permission management server;
If connection failure, the network equipment is sent out to the permission management server again after the default reconnection period
Connection request is sent, until the number retransmitted terminates when reaching default retransmission threshold, to guarantee the License Authentication of the network equipment
Process can be normally carried out.It should be noted that if the not up to default retransmission threshold of the number retransmitted, and the pre-connection time
More than the default maximum Connection Time, then the network equipment carries out reboot operation.
In the case where the network equipment is without permission management server address, if the waiting time of the network equipment is more than to preset most
The big Connection Time, then the network equipment carries out reboot operation.
If successful connection, the network equipment sends License Authentication request to permission management server.
Step 220 does not copy condition based on default, verifies, obtains to request serial number, request random number and customer number
To License Authentication result.
Firstly, to license verification information carry out verifying include to the uniqueness of received license verification information and consistency into
Row verifying, specifically:
It verifies the network equipment and sends whether the request serial number of License Authentication request is zero;
When verifying request serial number zero, i.e. the network user sends License Authentication to permission management server for the first time and asks
When asking, license verification information has uniqueness at this time.
When verifying request serial number non-zero, i.e. the network equipment is once transmitted across License Authentication request to permission management server
When, add 1 if verifying request serial number and being equal to the preceding primary request serial number stored, request random number is once asked not equal to the preceding of storage
Random number is sought, then license verification information has uniqueness at this time.Conversely, once being asked if verifying request serial number and being equal to the preceding of storage
Serial number is asked to add 1, request random number is equal to the preceding primary request random number of storage;Alternatively, being deposited if verifying request serial number and being not equal to
The preceding primary request serial number of storage adds 1, preceding primary request random number of the request random number not equal to storage;Alternatively, being asked if verifying
Serial number is asked to add 1 not equal to the preceding primary request serial number of storage, request random number is equal to the preceding primary request random number of storage, then is permitted
It can verify that information does not have uniqueness.
When the network equipment, which retransmits the same License Authentication to permission management server, requests, if verifying request sequence
Number be equal to storage preceding primary request serial number, request random number be equal to storage preceding primary request random number, then at this time license test
Demonstrate,proving information has uniqueness.Conversely, if verifying preceding primary request serial number of the request serial number not equal to storage, request random number etc.
Random number is once requested before storage;Alternatively, if verifying preceding primary request serial number of the request serial number not equal to storage, request
Preceding primary request random number of the random number not equal to storage;Alternatively, if verifying the preceding primary request that request serial number is equal to storage
Serial number, request random number is not equal to the preceding primary request random number of storage, then license verification information does not have uniqueness at this time.
That is, three of the above situation with uniqueness meets one, then it is assumed that the license verification information has only
One property, i.e., be not illegally duplicated.Secondly, when customer number is consistent with the customer number of storage, it is believed that the License Authentication
Information is with uniformity.Conversely, when the customer number of customer number and storage is inconsistent, it is believed that the license verification information does not have
There is consistency.Wherein, a kind of mode of the uniqueness and consistency of license verification information, it is ensured that the peace of network equipment operation
Quan Xing.
Whether License Authentication result is to indicate License Authentication successfully as a result, if license verification information has uniqueness and one
Cause property, then it is assumed that the license verification information is verified success, on the contrary, then it is assumed that the license verification information is verified failure.
Step 230 sends License Authentication response to the network equipment, and License Authentication response includes License Authentication result.
When License Authentication result indicates License Authentication success, License Authentication response, License Authentication are sent to the network equipment
Response includes License Authentication as a result, so that the network equipment runs function to be run.
When verifying request serial number zero, and when customer number is consistent with the customer number that permission management server stores,
Obtain the License Authentication result for indicating to be proved to be successful.
When verifying request serial number non-zero, request serial number is verified equal to the preceding primary request serial number of storage and adds 1, request
Random number is not equal to the preceding primary request random number stored, and customer number is consistent with the customer number of storage, obtains indicating to test
Demonstrate,prove successful License Authentication result.
When the network equipment, which retransmits the same License Authentication to permission management server, requests, request serial number is verified
Equal to once requesting serial number before storage, request random number is equal to the preceding primary request random number of storage, and customer number with deposit
The customer number of storage is consistent, obtains the License Authentication result for indicating to be proved to be successful.
When permission management server detects appearance or more verifying situation, permission management server can be by directly to net
Network equipment sends the mode of License Authentication result, and the notice network equipment runs function to be run.
Optionally, in order to which the accuracy for improving License Authentication is permitted when License Authentication result indicates License Authentication success
Management server can send signature request to USB Key, which includes information to be signed, and information to be signed includes being permitted
It can verify that result and USB Key certificate.
USB Key treats signing messages using private key and is encrypted, and obtains signing messages, and be sent to license management services
Device.
Later, permission management server sends License Authentication response to the network equipment, and License Authentication response includes license
Verification result, USB Key certificate and signing messages, signing messages include the License Authentication result of encryption and the USB Key of encryption
Certificate.
Network equipment USB Key certificate based on the received, the USB Key certificate of License Authentication result and encryption to encryption
It is decrypted, the USB Key certificate for the License Authentication result and decryption decrypted;As the USB of USB Key certificate and decryption
Key certificate is consistent, and when License Authentication result is consistent with the License Authentication result of decryption, the network equipment runs function to be run
Energy.As it can be seen that the network equipment can verify USB Key certificate to signing messages, i.e., USB Key is verified, checked
The matching of USB Key certificate and private key further ensures the safety of network equipment operation.
It is understood that the network equipment content that received License Authentication responds every time can be according to actual operation feelings
Condition and License Authentication accuracy actually required adjust accordingly, and the embodiment of the present invention is it is not limited here.For example, License Management
The License Authentication response that server is sent to the network equipment for the first time only includes License Authentication result;For the second time to the same network
The License Authentication response that equipment is sent includes License Authentication result, USB Key certificate and signing messages;For the third time to the same net
Network equipment send License Authentication response only include License Authentication as a result, and so on.
Further, if license verification information cannot have uniqueness and consistency simultaneously, the License Authentication is believed at this time
Breath is verified failure, and permission management server sends License Authentication response to the network equipment at this time, and License Authentication response includes being permitted
It can verify that as a result, to indicate the current license of network server unloading and/or execute reboot operation.
Fig. 3 is another Licensing Methods flow diagram based on asymmetric encryption provided in an embodiment of the present invention.Such as Fig. 3
Shown, this method may include:
Step 301, permission management server send access request to USB Key.
Step 302, USB Key send the access response including USB key certificate to permission management server.
The validity of the CA certificate verifying USB Key certificate of step 303, permission management server based on storage, if effectively,
Then follow the steps 304;If invalid, 314 are thened follow the steps.
Step 304, permission management server send text to be signed to USB Key.
Step 305, USB Key encrypt text to be signed based on the private key of storage, obtain signature text.
Step 306, USB Key send signature text to permission management server.
Step 307, permission management server are based on USB Key certificate and signature text are decrypted, after being decrypted
Text.
The consistency of text and text to be signed after step 308, permission management server judgement decryption, if unanimously,
Execute step 309;If inconsistent, 314 are thened follow the steps.
Step 309, permission management server send name acquiring request to USB Key.
Step 310, USB Key request the current name that USB Key is sent to permission management server according to name acquiring.
Step 311, according to the current name of USB Key, judge whether USB Key is not to be illegally duplicated, if so, holding
Row step 312, if it is not, thening follow the steps 314.
Step 312, permission management server rename the current name of USB Key, obtain the new of USB key
Current name.
Step 313, permission management server send the new current name of USB Key to USB Key.
Step 314 terminates License Authentication process.
Step 315, the network equipment send License Authentication request to permission management server, and License Authentication request includes being permitted
It can verify that information.
Step 316, permission management server, which are based on presetting, does not copy condition, verifies to license verification information, if testing
It demonstrate,proves successfully, thens follow the steps 317;If authentication failed thens follow the steps 322.
It is described in detail for including signing messages in the successful License Authentication response of License Authentication below:
Step 317, permission management server send signature request to USB Key, which includes information to be signed.
Information to be signed includes License Authentication result and USB Key certificate.
Step 318, USB Key encrypt License Authentication result based on the private key of storage, obtain signing messages.
Signing messages includes the License Authentication result of encryption and the USB Key certificate of encryption.
Step 319, permission management server receive the signing messages that USB Key is sent.
Step 320, permission management server send License Authentication response to the network equipment, and License Authentication response includes being permitted
It can verify that successful result, USB Key certificate and signing messages.
Step 321, the network equipment execute function to be run.
Step 322, permission management server send License Authentication response to the network equipment, and License Authentication response includes being permitted
It can verify that the result of failure.
Step 323, the network equipment execute the current license of unloading and/or execute reboot operation.
It follows that permission management server receives testing including license for network equipment transmission in the above embodiments of the present application
Demonstrate,prove the License Authentication request of information;Condition is not copied based on default later, license verification information is verified, and is obtained license and is tested
Demonstrate,prove result;License Authentication response is sent to the network equipment, License Authentication response includes License Authentication as a result, so that the network equipment is held
The operation of row License Authentication result instruction.As it can be seen that this method is verified by the license verification information to the network equipment, obtain
License Authentication is currently permitted as a result, controlling network equipment operation corresponding function or unloading according to verification result, is improved network and is set
The safety of received shipment row.
Corresponding with the above method the embodiment of the invention provides a kind of license management apparatus, as shown in figure 4, the device can
To include: receiving unit 410, authentication unit 420 and transmission unit 430.
Receiving unit 410, for receiving the License Authentication request of network equipment transmission, License Authentication request is for request pair
The function to be run of the network equipment carries out License Authentication, and License Authentication request includes license verification information, license verification information
Including request serial number, request random number and customer number;Wherein, request serial number indicates the request number of times of License Authentication request;Please
Seeking random number is to issue the random number generated when License Authentication request, and the random number that License Authentication request generates every time is different,
Customer number is the unifying identifier of preset licensing system;
Authentication unit 420, for not copying condition based on default, to request serial number, request random number and customer number into
Row verifying, obtains License Authentication result;
Transmission unit 430, for sending License Authentication response to the network equipment, License Authentication response includes License Authentication knot
Fruit, so that the network equipment executes the operation of License Authentication result instruction.
Optionally, authentication unit 420, if specifically for verifying request serial number zero, and the visitor of customer number and storage
Family number is consistent, then obtains the License Authentication result for indicating to be proved to be successful;
Add 1, before request random number is not equal to storage if verifying request serial number and being equal to the preceding primary request serial number stored
Primary request random number, and customer number is consistent with the customer number of storage, then obtains the License Authentication knot for indicating to be proved to be successful
Fruit;
If verifying the preceding primary request serial number that request serial number is equal to storage, request random number, which is equal to the preceding of storage, is once asked
Random number is sought, and customer number is consistent with the customer number of storage, then obtains the License Authentication result for indicating to be proved to be successful.
Optionally, transmission unit 430 are also used to send out when License Authentication result indicates License Authentication success to USB Key
Signature request is sent, signature request includes information to be signed, and information to be signed includes License Authentication result and USB Key certificate, USB
Key certificate is to obtain at USB Key before sending signature request to USB Key;
Receiving unit 410, is also used to receive the signing messages of USB Key transmission, and signing messages is that USB Key utilizes private key
It treats signing messages and carries out encrypted information;
Transmission unit 430, is also used to send License Authentication response to the network equipment, and License Authentication response includes License Authentication
As a result, USB Key certificate and signing messages, so that the network equipment runs function to be run, signing messages includes being permitted for encryption
It can verify that the USB Key certificate of result and encryption.
Optionally, which further includes decryption unit 440, determination unit 450 and name unit 460;
Receiving unit 410 is also used to before sending signature request to USB Key, receives USB Key according to License Management
The USB Key certificate that the access request of server is sent;
Transmission unit 430 is sent if to verify USB Key certificate effective for the CA certificate for being also used to store to USB Key
Text to be signed, text to be signed are any text of permission management server;
Receiving unit 410, is also used to receive the signature text of USB Key transmission, and signature text is that USB Key utilizes private key
Encrypted text is carried out to text to be signed;
Decryption unit 440 is decrypted signature text, after being decrypted for being based on received USB Key certificate
Text;
Transmission unit 430 sends title to USB Key if the text after being also used to decrypt is consistent with text to be signed
Acquisition request;
Receiving unit 410 is also used to receive the current name for the USB Key that USB Key is sent according to name acquiring request;
Determination unit 450 determines that USB Key is the USB not being illegally duplicated for the current name according to USB Key
Key;
Unit is named, is renamed for the current name to USB Key, obtains the new current name of USB Key;
Transmission unit 430 is also used to send new current name to USB Key.
Optionally it is determined that unit 450, if the title of the USB Key specifically for detecting storage is consistent with current name,
Then determine that USB Key is not illegally duplicated;
Alternatively, if detecting the title of not stored USB Key, it is determined that USB Key is not illegally duplicated.
Optionally it is determined that unit 450, is also used to after the first preset time period, new current name is determined as currently
Title returns and executes the step of receiving the USB Key certificate that USB Key is sent according to the access request of permission management server.
The above embodiment of the present invention provides the function of each functional unit of license management apparatus, can pass through above-mentioned each method
Step realizes, therefore, the embodiment of the present invention provides the specific work process of each unit in license management apparatus and beneficial
Effect does not repeat again herein.
Corresponding with the above method the embodiment of the invention provides a kind of network equipments, as shown in figure 5, the equipment can wrap
It includes: transmission unit 510, receiving unit 520 and execution unit 530.
Transmission unit 510, for sending License Authentication request to permission management server, License Authentication request is to network
The function to be run of equipment carries out the request of License Authentication, and License Authentication request includes license verification information, License Authentication letter
Breath includes request serial number, request random number, customer number;Wherein, request serial number indicates the request number of times of License Authentication request;Please
Seeking random number is the random number that the request of each License Authentication generates, and the random number that each License Authentication request generates is different, client
Number is the unifying identifier of preset licensing system;
Receiving unit 520 is sent out for receiving permission management server according to request serial number, request random number and customer number
The License Authentication response sent, License Authentication response include License Authentication result;
Execution unit 530, for executing the operation of License Authentication result instruction.
Optionally, execution unit is run to be run if being specifically used for License Authentication result indicates License Authentication success
Function;If License Authentication result indicates License Authentication failure, unloading permit operation is executed and/or from reboot operation.
Optionally, which further includes decryption unit 540;
License Authentication response further includes USB Key certificate and signing messages, and signing messages includes the License Authentication knot of encryption
The USB Key certificate of fruit and encryption;
Decryption unit 540, for USB Key certificate based on the received, to the License Authentication result of encryption and the USB of encryption
Key certificate is decrypted, the USB Key certificate for the License Authentication result and decryption decrypted;
Running unit 530, it is consistent with the USB Key certificate of decryption specifically for working as USB Key certificate, and License Authentication knot
When fruit is consistent with the License Authentication result of decryption, function to be run is run.
The above embodiment of the present invention provides the function of each functional unit of the network equipment, can pass through above-mentioned various method steps
It realizes, therefore, the embodiment of the present invention provides the specific work process and beneficial effect of each unit in the network equipment, herein
It does not repeat again.
The embodiment of the invention also provides a kind of permission management servers, as shown in fig. 6, connecing including processor 610, communication
Mouth 620, memory 630 and communication bus 640, wherein processor 610, communication interface 620, memory 630 pass through communication bus
640 complete mutual communication.
Memory 630, for storing computer program;
Processor 610 when for executing the program stored on memory 630, realizes following steps:
The License Authentication request that the network equipment is sent is received, License Authentication request is for requesting to the network equipment wait run
Function carry out License Authentication, License Authentication request include license verification information, license verification information include request serial number, request
Random number, customer number;Wherein, request serial number indicates the request number of times of License Authentication request;Requesting random number is to issue license
The random number generated when checking request, and the random number that License Authentication request generates every time is different, customer number is preset permitted
Can system unifying identifier;
Condition is not copied based on default, request serial number, request random number and customer number are verified, and is obtained license and is tested
Demonstrate,prove result;
License Authentication response is sent to the network equipment, License Authentication response includes License Authentication as a result, so that the network equipment
Execute the operation of License Authentication result instruction.
The embodiment and beneficial effect solved the problems, such as due to each device of permission management server in above-described embodiment
Each step in embodiment shown in Fig. 2 be may refer to realize, therefore, permission management server provided in an embodiment of the present invention
Specific work process and beneficial effect, do not repeat again herein.
The embodiment of the invention also provides a kind of network equipment, as shown in fig. 7, comprises processor 710, communication interface 720,
Memory 730 and communication bus 740, wherein processor 710, communication interface 720, memory 730 are complete by communication bus 740
At mutual communication.
Memory 730, for storing computer program;
Processor 710 when for executing the program stored on memory 730, realizes following steps:
License Authentication request is sent to permission management server, License Authentication request is the function to be run to the network equipment
It can be carried out the request of License Authentication, License Authentication request includes license verification information, and license verification information includes request serial number, asks
Ask random number, customer number;Wherein, request serial number indicates the request number of times of License Authentication request;Requesting random number is to be permitted every time
It can verify that the random number that request generates, the random number that each License Authentication request generates is different, and customer number is preset license
The unifying identifier of system;
Permission management server is received to be rung according to the License Authentication that request serial number, request random number and customer number are sent
It answers, License Authentication response includes License Authentication result;
Execute the operation of License Authentication result instruction.
The embodiment and beneficial effect solved the problems, such as due to each device of the network equipment in above-described embodiment can join
Each step in embodiment as shown in Figure 2 realizes, therefore, the specific works mistake of the network equipment provided in an embodiment of the present invention
Journey and beneficial effect, do not repeat again herein.
Wherein, communication bus mentioned above can be Peripheral Component Interconnect standard (Peripheral Component
Interconnect, PCI) bus or expanding the industrial standard structure (Extended Industry Standard
Architecture, EISA) bus etc..The communication bus can be divided into address bus, data/address bus, control bus etc..For just
It is only indicated with a thick line in expression, figure, it is not intended that an only bus or a type of bus.
Communication interface is for the communication between above-mentioned electronic equipment and other equipment.
Memory may include random access memory (Random Access Memory, RAM), also may include non-easy
The property lost memory (Non-Volatile Memory, NVM), for example, at least a magnetic disk storage.Optionally, memory may be used also
To be storage device that at least one is located remotely from aforementioned processor.
Above-mentioned processor can be general processor, including central processing unit (Central Processing Unit,
CPU), network processing unit (Network Processor, NP) etc.;It can also be digital signal processor (Digital Signal
Processing, DSP), it is specific integrated circuit (Application Specific Integrated Circuit, ASIC), existing
It is field programmable gate array (Field-Programmable Gate Array, FPGA) or other programmable logic device, discrete
Door or transistor logic, discrete hardware components.
In another embodiment provided by the invention, a kind of licensing system is additionally provided, which includes shown in fig. 6 permitted
It can management server and the network equipment shown in Fig. 7.
In another embodiment provided by the invention, a kind of computer readable storage medium is additionally provided, which can
It reads to be stored with instruction in storage medium, when run on a computer, so that computer executes any institute in above-described embodiment
The Licensing Methods stated.
In another embodiment provided by the invention, a kind of computer program product comprising instruction is additionally provided, when it
When running on computers, so that computer executes any Licensing Methods in above-described embodiment.
It should be understood by those skilled in the art that, the embodiment in the embodiment of the present application can provide as method, system or meter
Calculation machine program product.Therefore, complete hardware embodiment, complete software embodiment can be used in the embodiment of the present application or combine soft
The form of the embodiment of part and hardware aspect.Moreover, being can be used in the embodiment of the present application in one or more wherein includes meter
Computer-usable storage medium (including but not limited to magnetic disk storage, CD-ROM, the optical memory of calculation machine usable program code
Deng) on the form of computer program product implemented.
It is referring to according to the method for embodiment, equipment (system) and calculating in the embodiment of the present application in the embodiment of the present application
The flowchart and/or the block diagram of machine program product describes.It should be understood that can be realized by computer program instructions flow chart and/or
The combination of the process and/or box in each flow and/or block and flowchart and/or the block diagram in block diagram.It can mention
For the processing of these computer program instructions to general purpose computer, special purpose computer, Embedded Processor or other programmable datas
The processor of equipment is to generate a machine, so that being executed by computer or the processor of other programmable data processing devices
Instruction generation refer to for realizing in one or more flows of the flowchart and/or one or more blocks of the block diagram
The device of fixed function.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates,
Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or
The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting
Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or
The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one
The step of function of being specified in a box or multiple boxes.
Although the preferred embodiment in the embodiment of the present application has been described, once a person skilled in the art knows
Basic creative concept, then additional changes and modifications may be made to these embodiments.So appended claims are intended to explain
Being includes preferred embodiment and all change and modification for falling into range in the embodiment of the present application.
Obviously, those skilled in the art embodiment in the embodiment of the present application can be carried out various modification and variations without
It is detached from the spirit and scope of embodiment in the embodiment of the present application.If in this way, in the embodiment of the present application embodiment these modification
Within the scope of belonging in the embodiment of the present application claim and its equivalent technologies with modification, then also it is intended in the embodiment of the present application
It includes these modifications and variations.
Claims (22)
1. a kind of Licensing Methods based on asymmetric encryption, which is characterized in that the method applies the license in licensing system
In management server, which comprises
Receive the License Authentication request that the network equipment is sent, License Authentication request for request to the network equipment to
The function of operation carries out License Authentication, and the License Authentication request includes license verification information, and the license verification information includes
Request serial number, request random number and customer number;Wherein, the request serial number indicates the request time of the License Authentication request
Number;The request random number be the random number that generates when issuing License Authentication request, and every time License Authentication request generation with
Machine number is different, and the customer number is the unifying identifier of preset licensing system;
Condition is not copied based on default, and the request serial number, the request random number and the customer number are verified, obtained
To License Authentication result;
Send License Authentication response to the network equipment, License Authentication response include the License Authentication as a result, so that
The network equipment executes the operation of the License Authentication result instruction.
2. the method as described in claim 1, which is characterized in that it is described not copy condition based on default, to the request serial number,
The request random number and the customer number are verified, and License Authentication result is obtained, comprising:
If verifying the request serial number zero, and the customer number is consistent with the customer number of storage, then obtain indicating to test
Demonstrate,prove the successfully License Authentication result;
If verifying the preceding primary request serial number that the request serial number is equal to storage adds 1, the request random number is not equal to storage
Preceding primary request random number, and the customer number is consistent with the customer number of storage, then obtains the institute for indicating to be proved to be successful
State License Authentication result;
If verifying the preceding primary request serial number that the request serial number is equal to storage, the request random number is equal to the previous of storage
Secondary request random number, and the customer number is consistent with the customer number of storage, then obtains the license for indicating to be proved to be successful
Verification result.
3. the method as described in claim 1, which is characterized in that described when the License Authentication result indicates License Authentication success
When, the Xiang Suoshu network equipment sends License Authentication response, comprising:
When the License Authentication result indicates License Authentication success, signature request, the signature request are sent to USB Key
Information to be signed is included, the information to be signed includes the License Authentication result and USB Key certificate, the USB Key certificate
For what is obtained at the USB Key before the transmission signature request to USB Key;
The signing messages that the USB Key is sent is received, the signing messages is that the USB Key utilizes private key to described wait sign
Name information carries out encrypted information;
License Authentication response is sent to the network equipment, it includes the License Authentication result that the License Authentication, which responds, described
USB Key certificate and the signing messages, so that the network equipment operation function to be run, the signing messages packet
Include the License Authentication result of encryption and the USB Key certificate of encryption.
4. method as claimed in claim 3, which is characterized in that before the transmission signature request to USB Key, the method
Further include:
Receive the USB Key certificate that USB Key is sent according to the access request of permission management server;
If it is effective that the CA certificate of storage verifies the USB Key certificate, text to be signed, institute are sent to the USB Key
State any text that text to be signed is the permission management server;
The signature text that the USB Key is sent is received, the signature text is that the USB Key utilizes private key to described wait sign
Name text carries out encrypted text;
Based on the received USB Key certificate, the signature text is decrypted, the text after being decrypted;
If the text after the decryption is consistent with the text to be signed, name acquiring request is sent to the USB Key;
Receive the current name for the USB Key that the USB Key is sent according to name acquiring request;
According to the current name of the USB Key, determine that the USB Key is the USB Key not being illegally duplicated;
The current name of the USB Key is renamed, the new current name of the USB Key is obtained;
The new current name is sent to the USB Key.
5. method as claimed in claim 4, which is characterized in that the current name according to the USB Key, determine described in
USB Key is the USB Key not being illegally duplicated, comprising:
If detecting, the title of the USB Key of storage is consistent with the current name, it is determined that the USB Key is not non-
Method copy;
Alternatively, if detecting the title of the not stored USB Key, it is determined that the USB Key is not illegally duplicated.
6. method as claimed in claim 4, which is characterized in that the method also includes:
After the first preset time period, the new current name is determined as the current name, returns and executes the reception
The step of USB Key certificate that USB Key is sent according to the access request of permission management server.
7. a kind of Licensing Methods based on asymmetric encryption, which is characterized in that the method applies the network in licensing system
In equipment, which comprises
License Authentication request is sent to permission management server, the License Authentication request is to the network equipment wait run
Function carry out the request of License Authentication, License Authentication request includes license verification information, the license verification information packet
Include request serial number, request random number and customer number;Wherein, the request serial number indicates the request time of the License Authentication request
Number;The request random number be the random number that generates when issuing License Authentication request, and every time License Authentication request generation with
Machine number is different, and the customer number is the unifying identifier of preset licensing system;
Receive what the permission management server was sent according to the request serial number, the request random number and the customer number
License Authentication response, the License Authentication response includes License Authentication result;
Execute the operation of the License Authentication result instruction.
8. the method for claim 7, which is characterized in that the operation for executing the License Authentication result instruction, packet
It includes:
If the License Authentication result indicates License Authentication success, the operation function to be run;
If the License Authentication result indicates License Authentication failure, unloading permit operation is executed and/or from reboot operation.
9. the method for claim 7, which is characterized in that the License Authentication response further includes USB Key certificate and label
Name information, the signing messages include the License Authentication result of encryption and the USB Key certificate of encryption;
The USB Key certificate based on the received, the USB Key certificate of License Authentication result and the encryption to the encryption
It is decrypted, the USB Key certificate for the License Authentication result and decryption decrypted;
When the USB Key certificate is consistent with the USB Key certificate of decryption, and the license of the License Authentication result and decryption is tested
When card result is consistent, the operation function to be run.
10. a kind of license management apparatus, which is characterized in that described device includes:
Receiving unit, for receiving the License Authentication request of network equipment transmission, the License Authentication request is for requesting to institute
The function to be run of stating the network equipment carries out License Authentication, and the License Authentication request includes license verification information, described to be permitted
It can verify that information includes request serial number, request random number and customer number;Wherein, the request serial number indicates the License Authentication
The request number of times of request;The request random number be to issue the random number that generates when License Authentication is requested, and each License Authentication
Request the random number generated different, the customer number is the unifying identifier of preset licensing system;
Authentication unit compiles the request serial number, the request random number and the client for not copying condition based on default
It number is verified, obtains License Authentication result;
Transmission unit, for sending License Authentication response to the network equipment, the License Authentication response includes License Authentication
As a result, so that the network equipment executes the operation of the License Authentication result instruction.
11. device as claimed in claim 10, which is characterized in that the authentication unit, if specifically for verifying described ask
Serial number zero is sought, and the customer number is consistent with the customer number of storage, then obtains indicating that the license being proved to be successful is tested
Demonstrate,prove result;
If verifying the preceding primary request serial number that the request serial number is equal to storage adds 1, the request random number is not equal to storage
Preceding primary request random number, and the customer number is consistent with the customer number of storage, then obtains the institute for indicating to be proved to be successful
State License Authentication result;
If verifying the preceding primary request serial number that the request serial number is equal to storage, the request random number is equal to the previous of storage
Secondary request random number, and the customer number is consistent with the customer number of storage, then obtains the license for indicating to be proved to be successful
Verification result.
12. device as claimed in claim 10, which is characterized in that the transmission unit is also used to when the License Authentication knot
Fruit indicate License Authentication success when, to USB Key send signature request, the signature request includes information to be signed, it is described to
Signing messages includes the License Authentication result and USB Key certificate, and the USB Key certificate is to send out described to USB Key
Send the acquisition from the USB Key before signature request;
The receiving unit, is also used to receive the signing messages that the USB Key is sent, and the signing messages is the USB
Key carries out encrypted information to the information to be signed using private key;
The transmission unit is also used to send License Authentication response to the network equipment, and the License Authentication response includes institute
License Authentication result, the USB Key certificate and the signing messages are stated, so that network equipment operation is described to be run
Function, the signing messages include the License Authentication result of encryption and the USB Key certificate of encryption.
13. device as claimed in claim 12, which is characterized in that described device further includes decryption unit, determination unit and life
Name unit;
The receiving unit is also used to before sending signature request to USB Key, is received USB Key and is taken according to License Management
The USB Key certificate that the access request of device of being engaged in is sent;
The transmission unit, if to verify the USB Key certificate effective for the CA certificate for being also used to store, to the USB
Key sends text to be signed, and the text to be signed is any text of the permission management server;
The receiving unit, is also used to receive the signature text that the USB Key is sent, and the signature text is the USB
Key carries out encrypted text to the text to be signed using private key;
The decryption unit is decrypted the signature text, is solved for being based on the received USB Key certificate
Text after close;
The transmission unit, if the text being also used to after the decryption is consistent with the text to be signed, to the USB Key
Send name acquiring request;
The receiving unit is also used to receive the USB Key that the USB Key is sent according to name acquiring request
Current name;
The determination unit determines that the USB Key is not to be illegally duplicated for the current name according to the USB Key
USB Key;
The name unit is renamed for the current name to the USB Key, obtains the new of the USB Key
Current name;
The transmission unit is also used to send the new current name to the USB Key.
14. device as claimed in claim 13, which is characterized in that the determination unit, if specifically for detecting storage
The title of the USB Key is consistent with the current name, it is determined that the USB Key is not illegally duplicated;
Alternatively, if detecting the title of the not stored USB Key, it is determined that the USB Key is not illegally duplicated.
15. device as claimed in claim 13, which is characterized in that the determination unit is also used in the first preset time period
Afterwards, the new current name is determined as the current name, returns and triggers the receiving unit execution reception USB
The step of USB Key certificate that Key is sent according to the access request of permission management server.
16. a kind of network equipment, which is characterized in that the equipment includes:
Transmission unit, for sending License Authentication request to permission management server, the License Authentication request is to the net
The function to be run of network equipment carries out the request of License Authentication, and the License Authentication request includes license verification information, described
License verification information includes request serial number, request random number and customer number;Wherein, the request serial number indicates that the license is tested
Demonstrate,prove the request number of times of request;The request random number is to issue the random number generated when License Authentication request, and license is tested every time
The random number that card request generates is different, and the customer number is the unifying identifier of preset licensing system;
Receiving unit, for receiving the permission management server according to the request serial number, the request random number and described
The License Authentication response that customer number is sent, the License Authentication response includes License Authentication result;
Execution unit, for executing the operation of the License Authentication result instruction.
17. equipment as claimed in claim 16, which is characterized in that the execution unit, if being specifically used for the License Authentication
As a result License Authentication success is indicated, then the operation function to be run;
If the License Authentication result indicates License Authentication failure, unloading permit operation is executed and/or from reboot operation.
18. equipment as claimed in claim 16, which is characterized in that the equipment includes decryption unit;
The License Authentication response further includes USB Key certificate and signing messages, and the signing messages includes that the license of encryption is tested
Demonstrate,prove the USB Key certificate of result and encryption;
The decryption unit, for the USB Key certificate based on the received, License Authentication result to the encryption and described
The USB Key certificate of encryption is decrypted, the USB Key certificate for the License Authentication result and decryption decrypted;
The running unit, it is consistent with the USB Key certificate of decryption specifically for working as the USB Key certificate, and the license
When verification result is consistent with the License Authentication result of decryption, the operation function to be run.
19. a kind of permission management server, which is characterized in that the permission management server includes processor, communication interface, deposits
Reservoir and communication bus, wherein processor, communication interface, memory complete mutual communication by communication bus;
Memory, for storing computer program;
Processor when for executing the program stored on memory, realizes any method and step of claim 1-6.
20. a kind of network equipment, which is characterized in that the network equipment includes that processor, communication interface, memory and communication are total
Line, wherein processor, communication interface, memory complete mutual communication by communication bus;
Memory, for storing computer program;
Processor when for executing the program stored on memory, realizes any method and step of claim 7-9.
21. a kind of licensing system, which is characterized in that the system comprises the License Management clothes described in USB Key, claim 19
The network equipment described in business device and claim 20.
22. a kind of computer readable storage medium, which is characterized in that be stored with computer in the computer readable storage medium
Program realizes claim the 1-6 any method and step or claim when the computer program is executed by processor
Any method and step of 7-9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810276390.3A CN110324283B (en) | 2018-03-30 | 2018-03-30 | Permission method, device and system based on asymmetric encryption |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810276390.3A CN110324283B (en) | 2018-03-30 | 2018-03-30 | Permission method, device and system based on asymmetric encryption |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110324283A true CN110324283A (en) | 2019-10-11 |
| CN110324283B CN110324283B (en) | 2021-08-06 |
Family
ID=68111456
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810276390.3A Active CN110324283B (en) | 2018-03-30 | 2018-03-30 | Permission method, device and system based on asymmetric encryption |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110324283B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113852621A (en) * | 2021-09-18 | 2021-12-28 | 中汽创智科技有限公司 | License information determination method and device based on Jenkins server and storage medium |
| CN114928453A (en) * | 2022-05-19 | 2022-08-19 | 芯跳科技(广州)有限公司 | USB device security verification method, system, electronic device and storage medium |
| CN115622811A (en) * | 2022-12-14 | 2023-01-17 | 深圳市鑫宇鹏电子科技有限公司 | Verification method, device and system of burning license and electronic equipment |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060174110A1 (en) * | 2005-01-31 | 2006-08-03 | Microsoft Corporation | Symmetric key optimizations |
| CN103916390A (en) * | 2014-03-20 | 2014-07-09 | 汉柏科技有限公司 | License control method and device in cloud calculating system |
| CN104579663A (en) * | 2013-10-24 | 2015-04-29 | 上海中移通信技术工程有限公司 | Method for limiting validity of digital certificate |
| CN105491062A (en) * | 2015-12-30 | 2016-04-13 | 北京神州绿盟信息安全科技股份有限公司 | Client software protection method and device, and client |
| CN106650404A (en) * | 2016-10-28 | 2017-05-10 | 美的智慧家居科技有限公司 | Terminal legality verifying method and device |
| US20170170972A1 (en) * | 2015-12-15 | 2017-06-15 | Nuvoton Technology Corporation | Unmanned aerial vehicle operator identity authentication system |
| CN107404382A (en) * | 2016-05-18 | 2017-11-28 | 奥多比公司 | Use the licensable feature of access token control software |
| CN107682160A (en) * | 2017-10-31 | 2018-02-09 | 美的智慧家居科技有限公司 | The authentication method and device of a kind of production equipment, electronic equipment |
| CN107832589A (en) * | 2017-11-29 | 2018-03-23 | 苏州科达科技股份有限公司 | Software copyright protecting method and its system |
-
2018
- 2018-03-30 CN CN201810276390.3A patent/CN110324283B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060174110A1 (en) * | 2005-01-31 | 2006-08-03 | Microsoft Corporation | Symmetric key optimizations |
| CN104579663A (en) * | 2013-10-24 | 2015-04-29 | 上海中移通信技术工程有限公司 | Method for limiting validity of digital certificate |
| CN103916390A (en) * | 2014-03-20 | 2014-07-09 | 汉柏科技有限公司 | License control method and device in cloud calculating system |
| US20170170972A1 (en) * | 2015-12-15 | 2017-06-15 | Nuvoton Technology Corporation | Unmanned aerial vehicle operator identity authentication system |
| CN105491062A (en) * | 2015-12-30 | 2016-04-13 | 北京神州绿盟信息安全科技股份有限公司 | Client software protection method and device, and client |
| CN107404382A (en) * | 2016-05-18 | 2017-11-28 | 奥多比公司 | Use the licensable feature of access token control software |
| CN106650404A (en) * | 2016-10-28 | 2017-05-10 | 美的智慧家居科技有限公司 | Terminal legality verifying method and device |
| CN107682160A (en) * | 2017-10-31 | 2018-02-09 | 美的智慧家居科技有限公司 | The authentication method and device of a kind of production equipment, electronic equipment |
| CN107832589A (en) * | 2017-11-29 | 2018-03-23 | 苏州科达科技股份有限公司 | Software copyright protecting method and its system |
Non-Patent Citations (2)
| Title |
|---|
| ERNIE BRICKELL、JIANGTAO LI: ""Enhanced Privacy ID: A Direct Anonymous Attestation Scheme with Enhanced Revocation Capabilities"", 《IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING》 * |
| 温海龙、谷大武: ""具有许可控制功能可认证的群组密钥协商方案"", 《上海交通大学学报》 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113852621A (en) * | 2021-09-18 | 2021-12-28 | 中汽创智科技有限公司 | License information determination method and device based on Jenkins server and storage medium |
| CN113852621B (en) * | 2021-09-18 | 2023-10-31 | 中汽创智科技有限公司 | License information determining method and device based on Jenkins server and storage medium |
| CN114928453A (en) * | 2022-05-19 | 2022-08-19 | 芯跳科技(广州)有限公司 | USB device security verification method, system, electronic device and storage medium |
| CN115622811A (en) * | 2022-12-14 | 2023-01-17 | 深圳市鑫宇鹏电子科技有限公司 | Verification method, device and system of burning license and electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110324283B (en) | 2021-08-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104869175B (en) | Cross-platform account resource-sharing implementation method, apparatus and system | |
| JP5522307B2 (en) | System and method for remote maintenance of client systems in electronic networks using software testing with virtual machines | |
| CN105379223B (en) | Manage the method and apparatus to the access of ERM | |
| US11095635B2 (en) | Server authentication using multiple authentication chains | |
| CN105164633B (en) | The configuration and verifying carried out by trusted provider | |
| US20140331297A1 (en) | Secured access to resources using a proxy | |
| US8646062B2 (en) | Remote authentication based on challenge-response using digital certificates | |
| WO2022121461A1 (en) | Method, apparatus and device for constructing token for cloud platform resource access control | |
| CN106452772B (en) | Terminal authentication method and device | |
| CN110177124B (en) | Identity authentication method based on block chain and related equipment | |
| CN107124431A (en) | Method for authenticating, device, computer-readable recording medium and right discriminating system | |
| CN103685138A (en) | Method and system for authenticating application software of Android platform on mobile internet | |
| TW201525755A (en) | Method for verifying legitimacy, middle server and computer-readable storage medium | |
| US20140082695A1 (en) | Secure account creation | |
| CN110493237A (en) | Identity management method, device, computer equipment and storage medium | |
| US20140157368A1 (en) | Software authentication | |
| CN109361508A (en) | Data transmission method, electronic equipment and computer readable storage medium | |
| CN110324283A (en) | Licensing Methods, apparatus and system based on asymmetric encryption | |
| CN107835160A (en) | Third party's user authen method based on Quick Response Code | |
| CN109388915A (en) | A kind of software authorization method, apparatus and system | |
| CN105681030A (en) | Key management system, method and device | |
| Xin et al. | Property-based remote attestation oriented to cloud computing | |
| CN109495458A (en) | A kind of method, system and the associated component of data transmission | |
| CN116232683A (en) | Authentication method, device and computer medium of industrial micro-service system | |
| CN109710692A (en) | User information processing method, device and storage medium in a kind of block chain network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |