CN112702301B - license verification control method, device, equipment and storage medium - Google Patents
license verification control method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN112702301B CN112702301B CN201911008070.0A CN201911008070A CN112702301B CN 112702301 B CN112702301 B CN 112702301B CN 201911008070 A CN201911008070 A CN 201911008070A CN 112702301 B CN112702301 B CN 112702301B
- Authority
- CN
- China
- Prior art keywords
- verification
- verified
- license
- network element
- identifier
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000012795 verification Methods 0.000 title claims abstract description 484
- 238000000034 method Methods 0.000 title claims abstract description 57
- 238000012790 confirmation Methods 0.000 claims abstract description 71
- 238000004891 communication Methods 0.000 claims description 21
- 238000004590 computer program Methods 0.000 claims description 20
- 238000012545 processing Methods 0.000 claims description 11
- 230000006870 function Effects 0.000 claims description 6
- 230000000977 initiatory effect Effects 0.000 claims description 3
- 230000008569 process Effects 0.000 description 10
- 238000007726 management method Methods 0.000 description 6
- 238000004458 analytical method Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- RYGMFSIKBFXOCR-UHFFFAOYSA-N Copper Chemical compound [Cu] RYGMFSIKBFXOCR-UHFFFAOYSA-N 0.000 description 1
- 230000002159 abnormal effect Effects 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 229910052802 copper Inorganic materials 0.000 description 1
- 239000010949 copper Substances 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000013508 migration Methods 0.000 description 1
- 230000005012 migration Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000000737 periodic effect Effects 0.000 description 1
- 230000008929 regeneration Effects 0.000 description 1
- 238000011069 regeneration method Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 230000007723 transport mechanism Effects 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Storage Device Security (AREA)
- Small-Scale Networks (AREA)
Abstract
The embodiment of the invention provides a license verification control method, a device, equipment and a storage medium, wherein a network element to be verified firstly sends a verification code confirmation request to at least one verification equipment, the verification code confirmation request comprises a verification code of the license to be verified and a verification identifier to be verified, which is bound with the verification code, and the verification identifier to be verified can uniquely represent the identity of the network element to be verified; when the verification results received from the verification equipment are verification results which confirm success, the network element to be verified indicates that the verification code adopted by the network element is not stolen by other network elements or equipment, and the verification code is adopted to verify the license to be verified at the moment; the network element to be verified is verified to verify the license by adopting the verification code under the condition that the verification code adopted by the network element to be verified is unique and is not stolen by other equipment, so that the license is prevented from being stolen, and the safety and the reliability of the network are improved.
Description
Technical Field
The present invention relates to the field of communications, and in particular, to a license verification control method, device, apparatus, and storage medium.
Background
Under a non-virtualized environment, a network element often uses a hardware identifier which cannot be changed by a user as a license verification code to perform license verification, such as a MAC (Media Access Control Address, media access control) address of a network card; since these verification codes cannot be altered, they are stolen for license verification, and thus the risk of license theft is small. However, in the virtualized environment, the virtual network element as the APP cannot know the specific hardware used by the virtual network element, i.e. the unique identifier of the hardware; even if some technologies are adopted, the virtual network element knows what hardware is used by a certain virtual machine and the unique identifier of the hardware, the hardware identifier cannot be used for verifying the legitimacy of license, because a plurality of virtual machines or a plurality of network elements can share the same hardware, such as a CPU (Central processing Unit), a magnetic disk and a network card, and the hardware identifiers have no uniqueness compared with the virtual network element; after migration, self-healing and regeneration, other hardware is used by the virtualized network element or virtual machine, namely the used hardware identifier is changed; the above factors all cause that the verification code adopted by the virtual network element for verifying the license has no uniqueness to the network element, so that the license of the network element has larger theft risk, and the security and reliability of the network are reduced.
Disclosure of Invention
The license verification control method, device, equipment and storage medium provided by the embodiment of the invention solve the problems that the network element has no uniqueness to the network element due to the verification code adopted by license verification, so that the license of the network element has larger theft risk and the safety and reliability of the network are reduced.
In order to solve the above technical problems, an embodiment of the present invention provides a license verification control method, including:
sending a verification code confirmation request to at least one verification device, wherein the verification code confirmation request comprises a verification code of a license to be verified and a verification identifier to be confirmed which is bound with the verification code, and the verification identifier to be confirmed can uniquely represent the identity of a network element to be verified;
when the verification results received from the verification equipment are verification results which confirm success, verifying the license to be verified by adopting the verification code;
the verification result of the successful confirmation is sent by the verification device when the following conditions are met: and determining that verification identifiers which are recorded locally and are bound with the verification codes do not exist in the verification identifiers which are different from the verification identifiers to be confirmed.
In order to solve the above technical problems, the embodiment of the present invention further provides a license verification control method for a network element to be verified, including:
receiving a verification code confirmation request sent by a network element to be verified, wherein the verification code confirmation request comprises a verification code of license to be verified and a verification identifier to be confirmed which is bound with the verification code, and the verification identifier to be confirmed can uniquely represent the identity of the network element to be verified;
and when the verification identifier which is recorded locally and is bound with the verification code does not exist and is different from the verification identifier to be verified, sending a verification result of successful verification to the network element to be verified.
In order to solve the above technical problem, an embodiment of the present invention further provides a license verification control device on a verification device side, including:
the anti-theft verification initiating module is used for sending a verification code confirmation request to at least one verification device, wherein the verification code confirmation request comprises a verification code of a license to be verified and a verification identifier to be verified, which is bound with the verification code, and the verification identifier to be verified can uniquely represent the identity of a network element to be verified;
the license verification processing module is used for verifying the license to be verified by adopting the verification code when verification results received from the verification equipment are verification results which confirm success;
the verification result of the successful confirmation is sent by the verification device when the following conditions are met: and determining that verification identifiers which are recorded locally and are bound with the verification codes do not exist in the verification identifiers which are different from the verification identifiers to be confirmed.
In order to solve the above technical problem, an embodiment of the present invention further provides a license verification control device, including:
the request receiving module is used for receiving a verification code confirmation request sent by a network element to be verified, wherein the verification code confirmation request comprises a verification code of license to be verified and a verification identifier to be verified, which is bound with the verification code, and the verification identifier to be verified can uniquely represent the identity of the network element to be verified;
and the anti-theft verification processing module is used for determining that a verification result which is confirmed to be successful is sent to the network element to be verified when a verification identifier which is different from the verification identifier to be confirmed does not exist in the locally recorded verification identifiers which are bound with the verification codes.
In order to solve the technical problem, an embodiment of the present invention further provides a communication device, which is characterized by including a first processor, a first memory, and a first communication bus;
the first communication bus is used for connecting the first processor and a first memory;
the first processor is configured to execute a first computer program stored in the first memory, so as to implement the steps of the license verification control method on the network element side to be verified as described above.
In order to solve the technical problem, the embodiment of the invention also provides verification equipment, which comprises a second processor, a second memory and a second communication bus;
the second communication bus is used for connecting the second processor and a second memory;
the second processor is configured to execute a second computer program stored in the second memory to implement the steps of the license authentication control method on the authentication device side as described above.
To solve the above technical problem, an embodiment of the present invention further provides a computer readable storage medium, where a first computer program is stored in the computer readable storage medium, and when the first computer program is executed by a first processor, the steps of the license verification control method on the network element side to be verified are implemented;
or, the computer-readable storage medium stores a second computer program which, when executed by a second processor, implements the steps of the license authentication control method on the authentication device side as described above.
Advantageous effects
According to the license verification control method, the device, the equipment and the storage medium provided by the embodiment of the invention, before the to-be-verified network element adopts the verification code to verify the to-be-verified license, the verification code confirmation request is sent to at least one verification equipment, the verification code confirmation request comprises the verification code of the to-be-verified license and the to-be-verified identification bound with the verification code, and the to-be-verified identification can uniquely represent the identity of the to-be-verified network element; when the verification results received from the verification equipment are verification results which confirm success, the network element to be verified indicates that the verification code adopted by the network element is not stolen by other network elements or equipment, and the verification code is adopted to verify the license to be verified at the moment; the network element to be verified is verified to verify the license by adopting the verification code under the condition that the verification code adopted by the network element to be verified is unique and is not stolen by other equipment, so that the license is prevented from being stolen, and the safety and the reliability of the network are improved.
Additional features and corresponding advantages of the invention will be set forth in the description which follows, and in part will be apparent from the description, or may be learned by practice of the invention.
Drawings
Fig. 1 is a schematic flow chart of a license verification control method on a network element side to be verified according to an embodiment of the present invention;
fig. 2 is a schematic flow chart of a license verification control method at a verification device side according to the first embodiment of the present invention;
fig. 3 is a schematic structural diagram of a license verification control device on a network element side to be verified in a second embodiment of the present invention;
fig. 4 is a schematic diagram of a license verification control device on a verification device side according to a second embodiment of the present invention;
FIG. 5 is a schematic flow chart of a verification process of verification identification collision-free according to a second embodiment of the invention;
FIG. 6 is a schematic flow chart of a verification process for verifying that a conflict exists in a mark according to a second embodiment of the present invention;
FIG. 7 is a schematic diagram of a verification identifier replacement process according to a second embodiment of the present invention;
fig. 8 is a schematic structural diagram of a communication device according to a third embodiment of the present invention;
fig. 9 is a schematic structural diagram of a verification device according to a third embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the following detailed description of the embodiments of the present invention is given with reference to the accompanying drawings. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
Embodiment one:
aiming at the problems that in the related art, a verification code adopted by a network element for verifying the license is not unique to the network element, so that the license of the network element has a large theft risk and the safety and reliability of the network are reduced. In this embodiment, the network element to be verified uses the verification code to perform license verification under the condition that the verification code adopted by the network element to be verified is determined to have uniqueness by means of the verification device and is not stolen by other devices, so that license is prevented from being stolen, and the security and reliability of the network are improved.
In this embodiment, at least one other device connected to a network element that needs to perform license verification (i.e., a network element to be verified, where a license that needs to be verified is a license to be verified) may be used as a verification device that helps to confirm whether a verification code adopted by the network element to be verified is stolen. It should be understood that the network element to be verified in this embodiment may be a virtual network element or a physical network element; the verification device in this embodiment may be a device (for example, a security management platform or a server) that is set in the network and is specifically used for performing security management verification, or may be another network element (for example, an adjacent network element of the network element to be verified) that is connected to the network element to be verified in the network, where in some application scenarios, one network element to be verified may be used as the verification device of another network element to be verified at the same time. And the method can be flexibly set according to specific network environments and requirements. And it should be understood that the number of verification devices that are set up corresponding to a network element to be verified, and which devices are set up as verification devices of the network element to be verified, can be flexibly set.
In this embodiment, the authentication code adopted by the network element to be authenticated for the authenticated license may be flexibly set, so long as normal authentication for the license can be achieved. For example, in one example, the verification code may be: generating based on the identification of at least one other device connected with the network element to be verified and/or the unified management identification of the network element to be verified; wherein the other device herein may be at least one neighbouring network element of the network element to be verified; the identification of the other devices may include, but is not limited to, at least one of a remote IP, a hostname, a locale number (which is the code of the switch);
in one example, the unified management identifier of the network element to be verified includes, but is not limited to, at least one of a home IP, a hostname, and a locale number of the network element to be verified.
It should be appreciated that in some examples, when the validation code is generated using a combination of two or more of the above examples, various combination rules or algorithms may be flexibly employed for generation.
In this embodiment, the network element to be authenticated may send an authentication code confirmation request to at least one authentication device at any time after the network element to be authenticated is started. For example, in some examples, the network element to be authenticated may send a verification code confirmation request to the at least one verification device after it has completed the startup; in other examples, the network element to be authenticated may send an authentication code confirmation request to the at least one authentication device after it completes the start-up, when license authentication is required; in other examples, after the network element to be verified completes the start, a verification code confirmation request may be sent to at least one verification device according to a set time interval, where the time interval may be the same, and verification is sent periodically at this time; the time intervals can also be set differently or randomly, thereby realizing copper strip verification and further improving safety. Of course, other triggering conditions can be set according to actual requirements to trigger the network element to be verified to send a verification code confirmation request to at least one verification device, so as to determine whether the verification code of the network element to be verified is stolen.
In this embodiment, in order to determine whether the verification code of the network element to be verified is stolen by other devices, the verification code of the network element to be verified and the verification identifier capable of uniquely characterizing the network element to be verified may be bound; when the network element to be verified sends a verification code confirmation request to the verification device, the verification code confirmation request comprises a verification code and a verification identifier bound with the verification code, and the verification identifier is used as the to-be-verified identifier which needs to be verified by the verification device.
In this embodiment, the verification identifier bound to the verification code may be any information capable of uniquely characterizing the identity of the network element to be verified, for example, the verification identifier may be, but is not limited to, an identifier generated based on at least one of a situation number, a host name, and an IP of a necessary service of the network element to be verified. And it should be understood that, when the network element to be verified needs to send verification code confirmation requests to more than two verification devices, if at least two verification devices are in the process of determining whether the verification code of the network element to be verified is stolen, the verification identifiers of the network element to be verified adopted are different, and the verification identifiers included in the verification code confirmation requests sent by the network element to be verified to the verification devices can be different. For example, assuming that the verification identifier adopted by the verification device a is the office number of the network element to be verified, and the verification identifier adopted by the verification device B is the IP of the necessary service of the network element to be verified, the verification code confirmation request sent by the network element to be verified to the verification device a includes the verification code and the bound office number, and the verification code confirmation request sent to the verification device B includes the verification code and the IP of the necessary service of the bound IP of the necessary service. The diversified verification determination can further ensure the uniqueness of the verification code adopted by the network element, prevent the verification code from being stolen, and further improve the security.
In some examples of this embodiment, when the network element to be authenticated needs to send an authentication code confirmation request to more than two authentication devices, it may be required to receive the authentication result sent by the authentication devices, and if the authentication results are all necessarily successful in confirmation, it is not confirmed that the authentication code is stolen, and license authentication is performed using the authentication code.
In other examples, when the network element to be verified needs to send verification code confirmation requests to more than two verification devices, it is possible that some verification devices are currently in a disconnected network or other states that cannot normally return verification results in consideration of actual networking applications; therefore, for these cases, the minimum number of received verification results may be set to require n, and when the number of received verification results within the set period of time is greater than or equal to n and both are verification success, it may also be confirmed that the verification code is not stolen, and license verification is performed using the verification code.
For easy understanding, the following description of the present embodiment is provided by way of example with reference to a license verification control method flow on the network element side to be verified. As described with reference to fig. 1, the method includes:
s101: the network element to be verified sends a verification code confirmation request to at least one verification device.
In this embodiment, the network element to be verified may directly send a verification code confirmation request to the verification device, and the network element to be verified may indirectly send the verification code confirmation request to the verification device through other devices.
In this embodiment, the verification code confirmation request sent by the network element to be verified includes the verification code of the license to be verified and the verification identifier to be confirmed bound to the verification code, and as described in the above analysis, the verification identifier to be confirmed can uniquely characterize the identity of the network element to be verified.
S102: and when the verification results received from the verification equipment are verification results which confirm success, the network element to be verified adopts the verification code to verify the license to be verified. After the license is verified, the license can be used to open the functions and services limited by the license.
In this embodiment, the verification result of confirmation of success is sent by the verification device when the following condition is satisfied: the verification device determines that verification identifiers which are recorded locally and are bound with the verification codes do not exist in verification identifiers which are different from verification identifiers to be confirmed, and the verification device does not find that the verification codes of the network elements to be verified are stolen.
And conversely, when the verification device determines that the verification identifier which is recorded locally and is bound with the verification code is different from the verification identifier to be verified, the verification device indicates that the verification device discovers that the verification code of the network element to be verified is stolen, and sends a verification result of verification failure to the network element to be verified.
As shown by the above analysis, in this step, when the network element to be verified sends verification code confirmation requests to a plurality of verification devices, the network element to be verified can verify the license to be verified by adopting the verification codes when the verification results sent by all the verification devices are received and the verification results are successful in confirmation; and the verification code is adopted to verify the license to be verified when the number of the verification results received in the set time period is greater than or equal to n and the verification is successful according to the specific application requirements.
In this step, when the verification result received from the verification device includes a verification result of a confirmation failure, verification of the license to be verified is not performed using the verification code. Optionally, the network element may also perform an alarm or other security process in parallel. In some examples, the verification device may also send the conflicting verification identity directly or through the network element to be verified to a security management platform for security analysis for analysis or traceability.
In some examples of this embodiment, the verification device corresponding to the network element to be verified may include at least one device that must be interworked when the network element to be verified performs the function corresponding to the license to be verified, for example, may be an adjacent network element that includes, but is not limited to, must be interworked, and in some examples, may also include other devices that may replace the device that must be interworked.
As shown by the above analysis, in some application scenarios, the network element to be verified can send a verification code confirmation request to at least one verification device according to a set time interval, so as to dynamically verify whether the adopted verification code is stolen or not, and further improve authentication security.
When the verification code of the network element to be verified is confirmed to be successful, the condition that the verification identifier of the network element to be verified is changed due to the reasons of modifying the configuration of the network element and the like can also occur; in order to avoid the situation that the verification device misjudges that the verification code of the network element to be verified is stolen in this case, the license verification control method provided by the embodiment may further include:
when detecting that the verification identifier for uniquely characterizing the identity of the network element to be verified changes, the network element to be verified sends a replacement request comprising the changed new verification identifier to at least one verification device, so that the verification device replaces the verification identifier bound with the verification code, which is recorded locally, with the new verification identifier. Optionally, the verification device may further send a replacement success message to the network element to be verified after the replacement is completed.
Accordingly, on the verification device side, the license verification control method executed by the verification device side is shown in fig. 2, and includes:
s201: and the verification equipment receives a verification code confirmation request sent by the network element to be verified.
The verification code confirmation request comprises a verification code of a to-be-verified license and a to-be-confirmed verification identifier bound with the verification code, wherein the to-be-confirmed verification identifier can uniquely represent the identity of the to-be-verified network element.
S202: the verification device determines whether verification identifiers which are different from verification identifiers to be confirmed exist in verification identifiers which are bound with verification codes and recorded locally, if not, the verification device goes to S203; otherwise, go to S204;
s203: and sending a verification result for confirming success to the network element to be verified.
S204: and sending a verification result of the confirmation failure to the network element to be verified.
In this embodiment, after the authentication device receives the replacement request sent by the network element to be authenticated, a new authentication identifier is extracted from the replacement request, and the old authentication identifier of the network element to be authenticated recorded locally is replaced by the new authentication identifier, so that subsequent correct authentication is ensured.
Therefore, by adopting the license verification control method provided by the embodiment, the license can be effectively prevented from being stolen; when the method is applied to a non-virtualized environment, license can be manufactured again without replacing hardware, so that the safety is improved, the resource utilization rate is improved, and the cost is reduced.
Embodiment two:
the embodiment provides a license verification control device, which may be disposed in a communication device as a network element to be verified, as shown in fig. 3, and includes:
the anti-theft verification initiating module 301 is configured to send a verification code confirmation request to at least one verification device, where the verification code confirmation request includes a verification code of a license to be verified and a verification identifier to be verified bound to the verification code, where the verification identifier to be verified can uniquely characterize an identity of a network element to be verified; the specific process is shown in the above embodiment, and will not be described herein.
The license verification processing module 302 is configured to verify the license to be verified by using the verification code when the verification results received from the verification device are verification results that confirm success; the specific processing procedure is shown in the above embodiment, and will not be described herein.
The embodiment also provides a license verification control device capable of being arranged in the verification device, please refer to fig. 4, which includes:
the request receiving module 401 is configured to receive a verification code confirmation request sent by a network element to be verified, where the verification code confirmation request includes a verification code of a license to be verified and a verification identifier to be verified bound to the verification code, and the verification identifier to be verified can uniquely characterize an identity of the network element to be verified; the specific processing procedure is shown in the above embodiment, and will not be described herein.
The anti-theft verification processing module 402 is configured to send a verification result of successful verification to the network element to be verified when no verification identifier different from the verification identifier to be verified exists in the locally recorded verification identifiers bound to the verification code. The specific processing procedure is shown in the above embodiment, and will not be described herein.
For ease of understanding, the present embodiment is further described below with reference to several cases as examples.
Case one: the normal verification code confirmation process, please refer to fig. 5, includes:
s501: and the network element to be verified completes the startup.
S502: the network element to be verified respectively sends verification code confirmation requests to verification equipment A and verification equipment N; the verification code confirmation request comprises a verification code of the license to be verified and a verification identifier to be confirmed which is bound with the verification code, and the verification identifier to be confirmed can uniquely represent the identity of the network element to be verified.
S503: the verification device A and the verification device N respectively confirm the verification code and the bound verification identifier to be confirmed in the received verification code confirmation request, and confirm whether other verification identifiers which are bound with the verification code and are different from the verification identifier to be confirmed exist or not; if yes, indicating that a conflict identifier exists, and sending a verification failure verification result to the network element to be verified; otherwise, a successful verification result is sent to the network element to be verified, and no conflict identification is assumed in the example.
S504: both the verification device A and the verification device N determine that no conflict identification exists, and send verification results confirming success.
S505: and the received verification results are all successful verification, and the license is verified by using the verification code. Verification is successful, meaning that the configured license can be used normally.
Optionally, the network element to be verified can perform periodic verification according to requirements, so as to prevent license from being stolen due to abnormal confirmation equipment.
And a second case: the confirmation process for verifying that the identifier has a conflict is shown in fig. 6, and includes:
s601: and the network element to be verified completes the startup.
S602: the network element to be verified respectively sends verification code confirmation requests to verification equipment A and verification equipment N; the verification code confirmation request comprises a verification code of the license to be verified and a verification identifier to be confirmed which is bound with the verification code, and the verification identifier to be confirmed can uniquely represent the identity of the network element to be verified.
S603: the verification device A and the verification device N respectively confirm the verification code and the bound verification identifier to be confirmed in the received verification code confirmation request, and confirm whether other verification identifiers which are bound with the verification code and are different from the verification identifier to be confirmed exist or not; if yes, indicating that a conflict identifier exists, and sending a verification failure verification result to the network element to be verified; otherwise, a confirmation success verification result is sent to the network element to be verified, and in the example, it is assumed that verification equipment A confirms that a conflict identifier exists.
S604: the verification device A determines that conflict identification exists and sends a verification result of failure verification; the verification device N determines that no conflict identification exists and sends a verification result of successful verification.
S605: the received verification result has a verification result with failed verification, the verification code is invalid, and the verification code cannot be used for verifying license; the network element cannot use license-limited functions, services.
And a third case: and (3) a replacement process of the network element verification mark change:
when the network element to be verified discovers that the verification identifier of the network element is changed due to configuration change, a replacement identifier mark can be automatically added in a verification code confirmation request to generate a replacement request, and after the verification equipment receives the request, old verification identifiers corresponding to verification codes are replaced, and a verification success message is returned. Wherein, the replacement identifier is added in the verification code confirmation request and can be changed by the network element according to the configuration and added as required; the above process, as shown in fig. 7, includes:
s701: the network element to be verified discovers that the configuration related to the verification identifier is changed after the verification code of the license has been confirmed successfully by the adjacent network element.
S702: the network element to be verified sends a replacement request to the verification device A and the verification device N, wherein the replacement request at least comprises the new verification identifier after being changed.
S703: the verification device A and the verification device N use the verification code in the replacement request and the new verification identification to compare with the record of the device, and replace the record of the old verification identification corresponding to the verification code.
S704: the verification device A and the verification device N send replacement success information to the network element to be verified. And the network element to be verified subsequently uses the new verification identifier and verification equipment to carry out verification code confirmation.
In the above-mentioned case of the embodiment, license may be a License management method for matching with a business quote, and by performing classification authorization on software and hardware of a wireless product, continuous profit is achieved. The method can be applied to but not limited to all use scenes of the wireless product software package, such as various types of scenes such as tests, exhibitions, demonstrations, engineering, business and the like which need the wireless product to run.
Embodiment III:
the present embodiment also provides a communication device, which can be used as a network element to be authenticated, as shown in fig. 8, and includes a first processor 801, a first memory 802, and a first communication bus 803;
a first communication bus 803 is used to enable a communication connection between the first processor 801 and the first memory 802;
in one example, the first processor 801 may be configured to execute a first computer program stored in the first memory 802 to implement the license authentication control method steps performed on the network element side to be authenticated in the above embodiments.
The present embodiment also provides an authentication apparatus, which includes a second processor 901, a second memory 902, and a second communication bus 903, as shown in fig. 9;
the second communication bus 903 is used to implement a communication connection between the second processor 901 and the second memory 902;
in one example, the second processor 901 may be configured to execute a second computer program stored in the second memory 902 to implement license authentication control method steps performed on the authentication device side in the above embodiments.
The present embodiments also provide a computer-readable storage medium including volatile or nonvolatile, removable or non-removable media implemented in any method or technology for storage of information, such as computer-readable instructions, data structures, computer program modules or other data. Computer-readable storage media includes, but is not limited to, RAM (Random Access Memory ), ROM (Read-Only Memory), EEPROM (Electrically Erasable Programmable Read Only Memory, charged erasable programmable Read-Only Memory), flash Memory or other Memory technology, CD-ROM (Compact Disc Read-Only Memory), digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by a computer.
In one example, the computer readable storage medium in the present embodiment may be used to store a first computer program, which may be executed by a first processor, to implement the license authentication control method steps performed on the network element side to be authenticated as in the above embodiments.
In another example, the computer readable storage medium in the present embodiment may be used to store a second computer program executable by a second processor to implement license authentication control method steps performed on the authentication device side as in the above embodiments.
The present embodiment also provides a first computer program (or first computer software), which may be distributed on a computer readable medium and executed by a computable device, so as to implement the steps of the license verification control method performed on the network element side to be verified as shown in the above embodiments. And in some cases at least one of the steps shown or described may be performed in a different order than that described in the above embodiments.
The present embodiment also provides a second computer program (or second computer software) that can be distributed on a computer readable medium and executed by a computable device to implement at least one step of the license authentication control method executed on the authentication apparatus side as described in the above embodiments; and in some cases at least one of the steps shown or described may be performed in a different order than that described in the above embodiments.
The present embodiment also provides a computer program product comprising computer readable means having stored thereon any one of the computer programs as described above. The computer readable means in this embodiment may comprise a computer readable storage medium as shown above.
It will be apparent to one skilled in the art that all or some of the steps of the methods, systems, functional modules/units in the apparatus disclosed above may be implemented as software (which may be implemented in computer program code executable by a computing apparatus), firmware, hardware, and suitable combinations thereof. In a hardware implementation, the division between the functional modules/units mentioned in the above description does not necessarily correspond to the division of physical components; for example, one physical component may have multiple functions, or one function or step may be performed cooperatively by several physical components. Some or all of the physical components may be implemented as software executed by a processor, such as a central processing unit, digital signal processor, or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit.
Furthermore, as is well known to those of ordinary skill in the art, communication media typically embodies computer readable instructions, data structures, computer program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and may include any information delivery media. Therefore, the present invention is not limited to any specific combination of hardware and software.
The foregoing is a further detailed description of embodiments of the invention in connection with the specific embodiments, and it is not intended that the invention be limited to the specific embodiments described. It will be apparent to those skilled in the art that several simple deductions or substitutions may be made without departing from the spirit of the invention, and these should be considered to be within the scope of the invention.
Claims (14)
1. A license verification control method, comprising:
sending a verification code confirmation request to at least one verification device, wherein the verification code confirmation request comprises a verification code of a license to be verified and a verification identifier to be confirmed which is bound with the verification code, and the verification identifier to be confirmed can uniquely represent the identity of a network element to be verified;
when the verification results received from the verification equipment are verification results which confirm success, verifying the license to be verified by adopting the verification code;
the verification result of the successful confirmation is sent by the verification device when the following conditions are met: and determining that verification identifiers which are recorded locally and are bound with the verification codes do not exist in the verification identifiers which are different from the verification identifiers to be confirmed.
2. The license verification control method according to claim 1, wherein the verification code is: based on the identification of at least one other device connected with the network element to be verified and/or the unified management identification of the network element to be verified.
3. The license verification control method according to claim 2, wherein the identification of the other device includes at least one of a remote IP, a host name, a locale number;
the unified management identifier comprises at least one of a home IP, a host name and a situation number of the network element to be verified.
4. The license verification control method according to claim 1, wherein the verification to be confirmed is identified as: and generating based on at least one of the office number, the host name and the IP of the necessary service of the network element to be verified.
5. The license authentication control method according to any one of claims 1 to 4, characterized in that the authentication device comprises at least one device with which the network element to be authenticated has to interwork to perform the corresponding function of the license to be authenticated.
6. The license verification control method according to any one of claims 1 to 4, wherein the transmitting a verification code confirmation request to at least one verification device includes: and sending verification code confirmation requests to at least one verification device according to the set time intervals.
7. The license verification control method according to any one of claims 1 to 4, wherein the license to be verified is not verified with the verification code when a verification result of a confirmation failure is included in the verification results received from the verification device;
the verification result of the verification failure is sent by the verification device when the following conditions are met:
and determining that verification identifiers which are recorded locally and are bound with the verification codes exist in verification identifiers which are different from the verification identifiers to be confirmed.
8. The license verification control method according to any one of claims 1 to 4, characterized in that the method further comprises:
when detecting that the verification identifier for uniquely characterizing the identity of the network element to be verified changes, sending a replacement request comprising the changed new verification identifier to the at least one verification device, so that the verification device can replace the verification identifier bound with the verification code and recorded locally with the new verification identifier.
9. A license verification control method comprises the following steps:
receiving a verification code confirmation request sent by a network element to be verified, wherein the verification code confirmation request is sent to at least one verification device, and comprises a verification code of a license to be verified and a verification identifier to be verified, which is bound with the verification code and can uniquely represent the identity of the network element to be verified;
and when the verification results received from the verification equipment are verification results which are successful in verification, the verification code is adopted to verify the license to be verified.
10. A license authentication control device, comprising:
the anti-theft verification initiating module is used for sending a verification code confirmation request to at least one verification device, wherein the verification code confirmation request comprises a verification code of a license to be verified and a verification identifier to be verified, which is bound with the verification code, and the verification identifier to be verified can uniquely represent the identity of a network element to be verified;
the license verification processing module is used for verifying the license to be verified by adopting the verification code when verification results received from the verification equipment are verification results which confirm success;
the verification result of the successful confirmation is sent by the verification device when the following conditions are met: and determining that verification identifiers which are recorded locally and are bound with the verification codes do not exist in the verification identifiers which are different from the verification identifiers to be confirmed.
11. A license authentication control device, comprising:
the request receiving module is used for receiving a verification code confirmation request sent by a network element to be verified, wherein the verification code confirmation request is sent to at least one verification device, the verification code confirmation request comprises a verification code of a license to be verified and a verification identifier to be verified, which is bound with the verification code, and the verification identifier to be verified can uniquely represent the identity of the network element to be verified;
and the anti-theft verification processing module is used for determining that a verification result which is confirmed to be successful is sent to the network element to be verified when a verification identifier which is different from the verification identifier to be confirmed does not exist in the locally recorded verification identifier which is bound with the verification code, and verifying the license to be verified by adopting the verification code when the verification results received from the verification equipment are the verification result which is confirmed to be successful.
12. A communication device comprising a first processor, a first memory, and a first communication bus;
the first communication bus is used for connecting the first processor and a first memory;
the first processor is configured to execute a first computer program stored in the first memory to implement the steps of the license verification control method according to any one of claims 1 to 8.
13. An authentication device comprising a second processor, a second memory, and a second communication bus;
the second communication bus is used for connecting the second processor and a second memory;
the second processor is configured to execute a second computer program stored in the second memory to implement the steps of the license verification control method according to claim 9.
14. A computer readable storage medium, characterized in that the computer readable storage medium stores a first computer program which, when executed by a first processor, implements the steps of the license authentication control method according to any one of claims 1-8;
or, the computer readable storage medium stores a second computer program, which when executed by a second processor, implements the steps of the license authentication control method according to claim 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911008070.0A CN112702301B (en) | 2019-10-22 | 2019-10-22 | license verification control method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911008070.0A CN112702301B (en) | 2019-10-22 | 2019-10-22 | license verification control method, device, equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112702301A CN112702301A (en) | 2021-04-23 |
| CN112702301B true CN112702301B (en) | 2024-04-12 |
Family
ID=75504781
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911008070.0A Active CN112702301B (en) | 2019-10-22 | 2019-10-22 | license verification control method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112702301B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101242404A (en) * | 2007-02-08 | 2008-08-13 | 联想(北京)有限公司 | A validation method and system based on heterogeneous network |
| CN106034126A (en) * | 2015-03-17 | 2016-10-19 | 阿里巴巴集团控股有限公司 | Verification method of identifying code and apparatus thereof |
| CN106992956A (en) * | 2016-01-21 | 2017-07-28 | 阿里巴巴集团控股有限公司 | A kind of methods, devices and systems for realizing inter-device authentication |
| CN108418834A (en) * | 2018-04-04 | 2018-08-17 | 成都鹏业软件股份有限公司 | A kind of internet of things equipment auth method |
| CN109981680A (en) * | 2019-04-08 | 2019-07-05 | 上海人行道网络信息技术有限公司 | A kind of access control implementation method, device, computer equipment and storage medium |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1818958A (en) * | 2005-12-01 | 2006-08-16 | 厦门好旺角信息技术开发有限公司 | On-line payment method and system for network game virtual property trade |
| CA2936810C (en) * | 2014-01-16 | 2018-03-06 | Arz MURR | Device, system and method of mobile identity verification |
-
2019
- 2019-10-22 CN CN201911008070.0A patent/CN112702301B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101242404A (en) * | 2007-02-08 | 2008-08-13 | 联想(北京)有限公司 | A validation method and system based on heterogeneous network |
| CN106034126A (en) * | 2015-03-17 | 2016-10-19 | 阿里巴巴集团控股有限公司 | Verification method of identifying code and apparatus thereof |
| CN106992956A (en) * | 2016-01-21 | 2017-07-28 | 阿里巴巴集团控股有限公司 | A kind of methods, devices and systems for realizing inter-device authentication |
| CN108418834A (en) * | 2018-04-04 | 2018-08-17 | 成都鹏业软件股份有限公司 | A kind of internet of things equipment auth method |
| CN109981680A (en) * | 2019-04-08 | 2019-07-05 | 上海人行道网络信息技术有限公司 | A kind of access control implementation method, device, computer equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112702301A (en) | 2021-04-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9432339B1 (en) | Automated token renewal using OTP-based authentication codes | |
| CN110798466B (en) | Verification method and system for software license in virtual machine scene | |
| EP2695083A2 (en) | Cluster unique identifier | |
| CN109063423B (en) | Application software authorization method and system | |
| CN104199654A (en) | Open platform calling method and device | |
| CN103414589A (en) | Method and device for managing resource information | |
| CN111489256A (en) | Cross-chain processing method, equipment and system for multi-chain block chain system | |
| CN110222535B (en) | Processing device, method and storage medium for block chain configuration file | |
| CN111126940B (en) | Service application processing method, device, equipment and computer readable storage medium | |
| CN108696831B (en) | Short message sending method and device | |
| EP4195033A1 (en) | Method and apparatus for upgrading blockchain system, and terminal device | |
| CN114363008B (en) | Virtual device authentication method and device, electronic device and storage medium | |
| CN111431957B (en) | File processing method, device, equipment and system | |
| CN111489156A (en) | Transaction method based on block chain, electronic device and readable storage medium | |
| CN110619022A (en) | Node detection method, device, equipment and storage medium based on block chain network | |
| CN105101040A (en) | Resource creating method and device | |
| CN112702301B (en) | license verification control method, device, equipment and storage medium | |
| CN112671603A (en) | Fault detection method and server | |
| CN111190754B (en) | Block chain event notification method and block chain system | |
| CN114048457A (en) | Multi-platform user relationship creation method, device, system and storage medium | |
| CN111935251B (en) | Block chain network management method, network, device, equipment and storage medium | |
| US11405222B2 (en) | Methods and systems for enrolling device identifiers (DEVIDs) on redundant hardware | |
| CN114448710A (en) | ONU authentication method, ONU authentication device, optical line terminal and readable storage medium | |
| CN111124445B (en) | Home gateway upgrading method and home gateway | |
| CN113849802A (en) | Equipment authentication method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |