CN112749383A - Software authentication method and related product - Google Patents
Software authentication method and related product Download PDFInfo
- Publication number
- CN112749383A CN112749383A CN201911039023.2A CN201911039023A CN112749383A CN 112749383 A CN112749383 A CN 112749383A CN 201911039023 A CN201911039023 A CN 201911039023A CN 112749383 A CN112749383 A CN 112749383A
- Authority
- CN
- China
- Prior art keywords
- software
- authenticated
- verification information
- authentication
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 84
- 238000012795 verification Methods 0.000 claims abstract description 366
- 238000004590 computer program Methods 0.000 claims description 8
- 238000013475 authorization Methods 0.000 description 72
- 238000012545 processing Methods 0.000 description 34
- 230000008569 process Effects 0.000 description 20
- 230000006870 function Effects 0.000 description 11
- 238000010586 diagram Methods 0.000 description 7
- 230000008859 change Effects 0.000 description 6
- 238000009434 installation Methods 0.000 description 5
- 230000005012 migration Effects 0.000 description 4
- 238000003672 processing method Methods 0.000 description 4
- 230000010076 replication Effects 0.000 description 4
- 238000013508 migration Methods 0.000 description 3
- 230000004913 activation Effects 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 230000003190 augmentative effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 235000019800 disodium phosphate Nutrition 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000001052 transient effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Databases & Information Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Data Mining & Analysis (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Stored Programmes (AREA)
Abstract
The embodiment of the application discloses a software authentication method and a related product, wherein the method comprises the following steps: acquiring first verification information and/or first timestamp information from an authentication file of software to be authenticated; and determining that the software to be authenticated is authenticated successfully under the condition that the first verification information is matched with second verification information stored in a memory and/or the current time is matched with the time indicated by the first timestamp information.
Description
Technical Field
The present application relates to the field of computers, and in particular, to a software authentication method and related products.
Background
At present, a software authorization management and control scheme is generally adopted to bind software to a machine to be installed so as to avoid illegal use of the software. In the software authorization management and control scheme, before a license (license) is applied, some physical information of a machine needs to be collected to be used as a machine fingerprint, and the machine is authorized by using the machine fingerprint as a basis for identifying the machine, so that the software is prevented from running on an unauthorized machine. The machine fingerprint may be data of one or more kinds of information, such as a Central Processing Unit (CPU), a hard disk, a Media Access Control (MAC) Address, and the like.
However, the above solution in the cloud computing environment has at least one of the following problems: (1) in a cloud computing environment, a virtual machine runs in a physical server cluster and is not fixed on a specific physical server, information such as a CPU (central processing unit), a hard disk and an MAC (media access control) address of the virtual machine can change along with different physical server nodes where the virtual machine is located, so that the physical server environment where software runs cannot be used as a basis for identifying the machine, once the virtual machine is migrated, legal authentication is carried out through physical information, and the software cannot be normally used. (2) In the cloud computing environment, the virtual machine can generate a virtual machine consistent with the original virtual machine in a copying mode; if the software in the virtual machine is the fingerprint generated by collecting the physical information, the newly copied virtual machine can obtain the same fingerprint information as the original virtual machine, so that the software can normally run in the newly copied virtual machine, thereby causing the software to be wrongly multiplexed or illegally used. Therefore, there is a need to develop a software management scheme capable of solving at least one of the above-mentioned problems.
Disclosure of Invention
The embodiment of the application discloses a software authentication method and a related product
In a first aspect, an embodiment of the present application discloses a software authentication method, which may include: acquiring first verification information and/or first timestamp information from an authentication file of software to be authenticated; and determining that the software to be authenticated is authenticated successfully under the condition that the first verification information is matched with second verification information stored in a memory and/or the current time is matched with the time indicated by the first timestamp information.
The execution main body of the embodiment of the application can be a software running device. The software running device may be a server, or other electronic devices that can run a virtual machine, such as a computer, or a virtual machine, or other types of physical devices. The method provided by the embodiment of the application is suitable for the cloud computing environment, namely the software to be authenticated runs in the virtual machine. In a cloud computing environment, virtual machines run in a cluster of physical servers and are not fixed on a particular physical server, i.e., a virtual machine may be migrated from one physical server to another physical server. Since the first verification information and/or the first timestamp information are independent of the physical information of the software running device, after the virtual machine is migrated, the software running on the virtual machine can still pass authentication. In a cloud computing environment, a virtual machine can generate a virtual machine consistent with an original virtual machine in a copying mode. However, the virtual machine generated by the replication cannot replicate the second authentication information stored in the memory of the original virtual machine, and thus the condition that the first authentication information is the same as the second authentication information stored in the memory cannot be satisfied. In addition, since the replication of the virtual machine requires a certain time, the virtual machine generated by the replication cannot satisfy a condition that a time interval between the current time and the time indicated by the first timestamp information is less than a time threshold. That is, software on a virtual machine created by replication cannot pass authentication (i.e., authentication fails).
In the embodiment of the application, the software to be authenticated is authenticated by adopting the first verification information and/or the first timestamp information in the authentication file of the software to be authenticated without machine fingerprint, so that the problems of failure of authorization authentication caused by physical information change of a virtual machine and illegal use of the software caused by illegal copying of software data in a cloud computing environment can be effectively solved.
In an optional implementation manner, the determining that the software to be authenticated is authenticated successfully in the case that the first verification information matches second verification information stored in a memory, and/or the current time matches the time indicated by the first timestamp information includes: and determining that the software to be authenticated is authenticated successfully under the condition that the first verification information is not matched with the second verification information stored in the memory and the current time is matched with the time indicated by the first timestamp information.
Since the second authentication information stored in the memory is a randomly generated character string. When the software to be authenticated is carried out for the first time, the first verification information is not matched with the second verification information stored in the memory. In the implementation mode, under the condition that the current time is matched with the time indicated by the first timestamp information, the software to be authenticated is determined to be successfully authenticated; authorized software may be enabled to authenticate when first authenticated.
In an optional implementation, the matching of the current time with the time indicated by the first timestamp information includes: a time interval between the current time and the time indicated by the first timestamp information is less than a time threshold.
In an optional implementation manner, the obtaining first verification information and/or first timestamp information from an authentication file of software to be authenticated includes: acquiring the first verification information from the authentication file of the software to be authenticated; and under the condition that the first verification information does not match with the second verification information, acquiring the first timestamp information from the authentication file.
In this implementation, in a case where the first verification information does not match the second verification information, acquiring first timestamp information from the authentication file; the operation of acquiring the time stamp information can be reduced.
In an optional implementation manner, before the obtaining the first verification information and/or the first timestamp information from the authentication file of the software to be authenticated, the method further includes: acquiring third verification information from the authentication file; the acquiring first verification information and/or first timestamp information from an authentication file of software to be authenticated comprises: and in the case that the third verification information comprises a target character, acquiring the first verification information and/or the first timestamp information from the authentication file.
The target character may be one or more preset characters, such as "$$$". In the implementation mode, whether the software to be authenticated is authorized software can be quickly and effectively verified, and the operation is simple.
In an optional implementation manner, after obtaining the third verification information from the authentication file, the method further includes: and determining that the software to be authenticated fails to authenticate under the condition that the third verification information does not comprise the target character. In the implementation mode, the authentication failure of the software to be authenticated can be accurately and quickly determined.
In an optional implementation manner, after the obtaining the first verification information and/or the first timestamp information from the authentication file of the software to be authenticated, the method further includes: and determining that the software to be authenticated fails to authenticate under the condition that the first authentication information is different from the second authentication information and the current time is matched with the time indicated by the first timestamp information.
In an optional implementation manner, before determining that the software to be authenticated is successfully authenticated, the method further includes: generating the second verification information in the process of starting the software to be authenticated; and storing the second verification information to the memory.
In an optional implementation manner, before the obtaining the first verification information and/or the first timestamp information from the authentication file of the software to be authenticated, the method further includes: carrying out authentication and authorization processing on the software to be authenticated; and starting the software to be authenticated after finishing the authentication and authorization processing of the software to be authenticated.
In an optional implementation manner, the performing authentication and authorization processing on the software to be authenticated includes: randomly generating a first character string; obtaining third verification information based on the first character string and the target character; storing the third verification information to the authentication file.
In an optional implementation manner, the obtaining third verification information based on the first character string and the target character includes: obtaining the third verification information by splicing the first character string and the target character; the storing the third verification information to the authentication file comprises: and encrypting the third verification information, and storing the encrypted third verification information to the authentication file.
In an optional implementation manner, the performing authentication and authorization processing on the software to be authenticated further includes: generating the first timestamp information based on the current system time corresponding to the authentication and authorization processing; and encrypting the first timestamp information, and storing the encrypted first timestamp information to the authentication file.
In an optional implementation manner, after determining that the software to be authenticated is successfully authenticated, the method further includes: updating the first timestamp information in the authentication file.
In this implementation manner, the first timestamp information in the authentication file is updated, so that a time interval between the time indicated by the timestamp information in the authentication file and the current time may be smaller than a time threshold, so that after the virtual machine is migrated, the software to be authenticated may still pass authentication.
In an optional implementation manner, the updating the first timestamp information in the authentication file includes: encrypting the current system time to obtain second timestamp information; and updating the time stamp information in the authentication file from the first time stamp information to the second time stamp information.
In an optional implementation manner, after determining that the software to be authenticated is successfully authenticated, the method further includes: encrypting the second authentication information in a case where the first authentication information is different from the second authentication information; and updating the first verification information in the authentication file into the encrypted second verification information.
In this implementation manner, the first verification information in the authentication file is updated to the encrypted second verification information, so that after the virtual machine is migrated, the second verification information stored in the memory is the same as the first verification information in the authentication file, and thus the software to be authenticated running in the virtual machine can still be authenticated successfully after the virtual machine is migrated.
In an optional implementation manner, the obtaining first verification information and/or first timestamp information from an authentication file of software to be authenticated includes: reading target content in the authentication file of the software to be authenticated; and decrypting the target content to obtain the first verification information and/or the first timestamp information.
In an optional implementation manner, the software to be authenticated is executed on a software execution device, and after it is determined that the software to be authenticated is authenticated successfully, the method further includes: migrating the software to be authenticated from the software running equipment to target equipment; the target device acquires the second verification information from the authentication file of the software to be authenticated; and under the condition that the second verification information is matched with the second verification information in the memory of the target device, determining that the software to be authenticated is authenticated successfully.
The target device and the software running device may be the same type of device. For example, the target device and the software running device are a server, a tablet computer, a desktop computer, a notebook computer, a virtual machine, and the like. After the software to be authenticated is migrated from the software running device to the target device, data in the memory of the software running device is migrated to the target device, and the authentication file is also migrated to the target device. That is, after the software to be authenticated is migrated from the software running device to the target device, the memory of the target device stores the second verification information. Therefore, after the software to be authenticated is migrated, the authentication can still be successful.
In a second aspect, an embodiment of the present application provides another software authentication method, where the method includes: the software running equipment acquires target verification information from an authentication file of the software to be authenticated; and the software running equipment runs the software to be authenticated under the condition that the software to be authenticated is determined to be authorized software based on the target verification information.
In the embodiment of the application, whether the software to be authenticated is authorized software is determined based on the target verification information acquired from the authentication file of the software to be authenticated, rather than according to the machine fingerprint, so that the problems of failure of authorization authentication caused by physical information change of a virtual machine and illegal use of the software caused by illegal copying of software data in a cloud computing environment can be effectively solved.
In an optional implementation manner, after the software running device obtains the target verification information from the authentication file of the software to be authenticated, the method further includes: and under the condition that the software to be authenticated is determined to be unauthorized software based on the target verification information, ending the running of the software to be authenticated.
In an alternative implementation, the target verification information includes first timestamp information and/or first verification information; the determining that the software to be authenticated is authorized software based on the target verification information comprises: and under the condition that the time indicated by the first timestamp information is matched with the current time and/or the second verification information stored in the memory is matched with the first verification information, determining the software to be authenticated as authorized software.
In an alternative implementation, the target authentication information includes first authentication information and first timestamp information; the acquiring of the target verification information from the authentication file of the software to be authenticated comprises: acquiring the first verification information from the authentication file of the software to be authenticated; and under the condition that the second verification information is not stored in the memory or the first verification information is not matched with the second verification information stored in the memory, acquiring the first timestamp information from the authentication file.
In an optional implementation manner, the target verification information further includes third verification information; the obtaining the first verification information from the authentication file of the software to be authenticated comprises: acquiring the third verification information from the authentication file of the software to be authenticated; and acquiring the first verification information from the authentication file under the condition that the third verification information comprises a target character.
In an optional implementation manner, the determining, based on the target verification information, that the software to be authenticated is unauthorized software includes: under the condition that the second verification information stored in the memory is different from the first verification information, determining a time interval between the time indicated by the first timestamp information and the current time; and under the condition that the time interval is not smaller than the time threshold, determining that the software to be authenticated is unauthorized software.
In an optional implementation manner, after the running of the software to be authenticated, the method further includes: updating the first timestamp information in the authentication file.
In an optional implementation manner, the updating the first timestamp information in the authentication file includes: encrypting the current system time to obtain second timestamp information; and updating the time stamp information in the authentication file from the first time stamp information to the second time stamp information.
In an optional implementation manner, after the running of the software to be authenticated, the method further includes: updating the first verification information in the authentication file to the second verification information.
In an optional implementation manner, the updating the first verification information in the authentication file to the second verification information includes: encrypting the second authentication information if the first authentication information does not match the second authentication information; and updating the first verification information in the authentication file into the encrypted second verification information.
In an optional implementation manner, before the software running device acquires the target verification information from the authentication file of the software to be authenticated, the method further includes: installing the software to be authenticated; performing authentication authorization on the software to be authenticated, wherein the authentication authorization comprises the generation of the target verification information; storing the target verification information into the authentication file; and starting the software to be authenticated.
In an optional implementation manner, the generating the target verification information includes: generating the first timestamp information in the target verification information based on a current system time.
In an optional implementation manner, the generating the target verification information includes: randomly generating a first character string; and obtaining the third verification information in the target verification information based on the first character string and the target character.
In an optional implementation manner, the obtaining, based on the first character string and the target character, third verification information in the target verification information includes: obtaining the third verification information by splicing the first character string and the target character; the storing the target verification information to the authentication file comprises: and encrypting the third verification information, and storing the encrypted third verification information to the authentication file.
In an optional implementation manner, the starting the software to be authenticated includes: generating second verification information; and storing the second verification information to the memory.
In an optional implementation manner, the acquiring, by the software running device, the target verification information from the authentication file of the software to be authenticated includes: reading target information in the authentication file of the software to be authenticated; and decrypting the target information to obtain the target verification information.
In a third aspect, an embodiment of the present application provides a software running device, where the software running device includes: the software authentication device comprises an acquisition unit, a verification unit and a verification unit, wherein the acquisition unit is used for acquiring first verification information and/or first timestamp information from an authentication file of software to be authenticated; and the determining unit is used for determining that the software to be authenticated is successfully authenticated under the condition that the first verification information is matched with second verification information stored in a memory and/or the current time is matched with the time indicated by the first timestamp information.
In an optional implementation manner, the determining unit is specifically configured to determine that the software to be authenticated is authenticated successfully when the first verification information does not match the second verification information stored in the memory, and the current time matches the time indicated by the first timestamp information.
In an optional implementation, the matching of the current time with the time indicated by the first timestamp information includes: a time interval between the current time and the time indicated by the first timestamp information is less than a time threshold.
In an optional implementation manner, the obtaining unit is specifically configured to obtain the first verification information from the authentication file of the software to be authenticated; and under the condition that the first verification information does not match with the second verification information, acquiring the first timestamp information from the authentication file.
In an optional implementation manner, the obtaining unit is further configured to obtain third verification information from the authentication file; the obtaining unit is specifically configured to obtain the first verification information and/or the first timestamp information from the authentication file when the third verification information includes a target character.
In an optional implementation manner, the determining unit is further configured to determine that the software to be authenticated fails to authenticate when the third verification information does not include the target character.
In an optional implementation manner, the determining unit is further configured to determine that the software to be authenticated fails to authenticate if the first verification information is different from the second verification information and a current time matches a time indicated by the first timestamp information.
In an optional implementation manner, the apparatus further includes: the generating unit is used for generating the second verification information in the starting process of the software to be authenticated; and the storage unit is used for storing the second verification information to the memory.
In an optional implementation manner, the apparatus further includes: the authentication and authorization unit is used for performing authentication and authorization processing on the software to be authenticated; and the starting unit is used for starting the software to be authenticated after the authentication and authorization processing of the software to be authenticated is completed.
In an optional implementation manner, the authentication and authorization unit is specifically configured to randomly generate a first character string; obtaining third verification information based on the first character string and the target character; storing the third verification information to the authentication file.
In an optional implementation manner, the authentication and authorization unit is specifically configured to obtain the third verification information by splicing the first character string and the target character; and encrypting the third verification information, and storing the encrypted third verification information to the authentication file.
In an optional implementation manner, the authentication and authorization unit is further configured to generate the first timestamp information based on a current system time corresponding to the authentication and authorization processing; and encrypting the first timestamp information, and storing the encrypted first timestamp information to the authentication file.
In an optional implementation manner, the apparatus further includes: a first updating unit, configured to update the first timestamp information in the authentication file.
In an optional implementation manner, the first updating unit is specifically configured to encrypt the current system time to obtain second timestamp information; and updating the time stamp information in the authentication file from the first time stamp information to the second time stamp information.
In an optional implementation manner, the apparatus further includes: a second updating unit configured to encrypt the second authentication information if the first authentication information is different from the second authentication information; and updating the first verification information in the authentication file into the encrypted second verification information.
In an optional implementation manner, the obtaining unit is specifically configured to read target content in the authentication file of the software to be authenticated; and decrypting the target content to obtain the first verification information and/or the first timestamp information.
In a third aspect, an embodiment of the present application provides a software running device, including: the acquiring unit is used for acquiring target verification information from an authentication file of the software to be authenticated; and the running unit is used for running the software to be authenticated under the condition that the determining unit determines that the software to be authenticated is authorized software based on the target verification information.
In an optional implementation manner, the running unit is further configured to end the running of the software to be authenticated when it is determined that the software to be authenticated is unauthorized software based on the target verification information.
In an alternative implementation, the target verification information includes first timestamp information and/or first verification information; the determining unit is further configured to determine that the software to be authenticated is authorized software when the time indicated by the first timestamp information matches the current time and/or second verification information stored in a memory matches the first verification information.
In an alternative implementation, the target authentication information includes first authentication information and first timestamp information;
the acquiring unit is specifically configured to acquire the first verification information from the authentication file of the software to be authenticated; and under the condition that the second verification information is not stored in the memory or the first verification information is not matched with the second verification information stored in the memory, acquiring the first timestamp information from the authentication file. .
In an optional implementation manner, the target verification information further includes third verification information; the acquiring unit is specifically configured to acquire the third verification information from the authentication file of the software to be authenticated; and acquiring the first verification information from the authentication file under the condition that the third verification information comprises a target character.
In an optional implementation manner, the determining unit is specifically configured to determine, when the second verification information stored in the memory is different from the first verification information, a time interval between a time indicated by the first timestamp information and a current time; and under the condition that the time interval is not smaller than the time threshold, determining that the software to be authenticated is unauthorized software.
In an optional implementation manner, the apparatus further includes: a first updating unit, configured to update the first timestamp information in the authentication file.
In an optional implementation manner, the first updating unit is specifically configured to encrypt the current system time to obtain second timestamp information; and updating the time stamp information in the authentication file from the first time stamp information to the second time stamp information.
In an optional implementation manner, the apparatus further includes: a second updating unit, configured to update the first verification information in the authentication file to the second verification information.
In an optional implementation manner, the second updating unit is specifically configured to encrypt the second verification information when the first verification information does not match the second verification information; and updating the first verification information in the authentication file into the encrypted second verification information.
In an optional implementation manner, the apparatus further includes: the installation unit is used for installing the software to be authenticated; the authentication and authorization unit is used for performing authentication and authorization on the software to be authenticated, wherein the authentication and authorization comprises the generation of the target verification information; a storage unit configured to store the target verification information in the authentication file; and the starting unit is used for starting the software to be authenticated.
In an optional implementation manner, the authentication and authorization unit is specifically configured to generate the first timestamp information in the target verification information based on a current system time.
In an optional implementation manner, the authentication and authorization unit is specifically configured to randomly generate a first character string; and obtaining the third verification information in the target verification information based on the first character string and the target character.
In an optional implementation manner, the authentication and authorization unit is specifically configured to obtain the third verification information by splicing the first character string and the target character; the apparatus further comprises: an encryption unit configured to encrypt the third authentication information; the storage unit is specifically configured to store the encrypted third verification information to the authentication file.
In an optional implementation manner, the starting unit is specifically configured to generate second verification information; and storing the second verification information to the memory.
In an optional implementation manner, the obtaining unit is specifically configured to read target information in the authentication file of the software to be authenticated; and decrypting the target information to obtain the target verification information.
In a fifth aspect, an embodiment of the present application provides an electronic device, including: a memory for storing a program; a processor for executing the program stored in the memory, the processor being configured to perform the method of any one of the above first to second aspects and any one of the alternative implementations when the program is executed.
In a sixth aspect, an embodiment of the present application provides a chip, where the chip includes a processor and a data interface, where the processor reads instructions stored on a memory through the data interface, and executes a method according to the first aspect to the second aspect and any optional implementation manner described above.
In a seventh aspect, the present application provides a computer-readable storage medium, where a computer program is stored in the computer-readable storage medium, where the computer program includes program instructions, and when the program instructions are executed by a processor, the processor is caused to execute the method of the first aspect to the second aspect and any optional implementation manner.
In an eighth aspect, the present application provides a computer program product, which includes program instructions, and when executed by a processor, causes the processor to execute the method of the first aspect to the second aspect and any optional implementation manner.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments or the background art of the present application, the drawings required to be used in the embodiments or the background art of the present application will be described below.
Fig. 1 is a flowchart of a software authentication method according to an embodiment of the present application;
fig. 2 is a flowchart of an authentication and authorization processing method according to an embodiment of the present application;
fig. 3 is a flowchart of a program running process provided in an embodiment of the present application;
FIG. 4A is a flowchart of another software authentication method provided by an embodiment of the present application;
FIG. 4B is a flowchart of another software authentication method according to an embodiment of the present application;
fig. 5 is a flowchart illustrating a process of a dynamic timestamp function module according to an embodiment of the present application;
FIG. 6 is a flowchart of another software authentication method provided by an embodiment of the present application;
fig. 7 is a schematic structural diagram of a software operating device according to an embodiment of the present application;
fig. 8 is a schematic structural diagram of another software operating device according to an embodiment of the present application;
fig. 9 is a schematic structural diagram of a server according to an embodiment of the present application.
Detailed Description
The terms "first," "second," and "third," etc. in the description and claims of the present application and the above-described drawings are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. Furthermore, the terms "comprises" and "comprising," as well as any variations thereof, are intended to cover a non-exclusive inclusion, such as a list of steps or elements. A method, system, article, or apparatus is not necessarily limited to those steps or elements explicitly listed, but may include other steps or elements not explicitly listed or inherent to such process, system, article, or apparatus. "and/or" is used to indicate the selection of one or both between two objects to which it is connected. For example "A and/or B" means A, B or A + B.
In a cloud computing environment, virtual machines run in a cluster of physical servers and are not fixed on a particular physical server. Information such as a CPU (central processing unit), a hard disk, an MAC (media access control) address and the like of the virtual machine can change along with different physical server nodes where the virtual machine is located, so that a physical server environment in which software runs can not be used as a basis for identifying the machine, once the virtual machine is migrated, legal authentication is carried out through physical information, and the software cannot be normally used. In a cloud computing environment, a virtual machine can generate a virtual machine consistent with an original virtual machine in a copying mode; therefore, if the software in the virtual machine is the fingerprint generated by collecting the physical information, the newly copied virtual machine can obtain the same fingerprint information as the original virtual machine, so that the software can normally run in the newly copied virtual machine, and the software is mistakenly reused or illegally used. Therefore, research is needed to solve the problem of failure of authorization authentication caused by changes in physical information of virtual machines in a cloud computing environment and to solve the problem of illegal use of software caused by illegal copying of software data. Embodiments of the present application provide a software authentication scheme that can address at least one of these two issues.
Referring to fig. 1, fig. 1 is a diagram illustrating a software authentication method according to an embodiment of the present disclosure.
101. The software running equipment acquires first verification information and/or first timestamp information from an authentication file of the software to be authenticated.
The software running device may be a device having a software running environment. The software running device may be a server, or may be other electronic devices that can run a virtual machine, such as a computer, or may be a virtual machine. The software to be authenticated may be software running in a virtual machine, or may be software running on a server or a computer device. The computer device may be a desktop computer, a laptop computer, a tablet computer, a virtual reality device, an augmented reality device, and the like. In some embodiments, the authentication file may store encrypted first verification information and/or encrypted first timestamp information; the software running device can read the content of the authentication file and decrypt the read content to obtain first verification information and/or first timestamp information.
In some embodiments, the software running device may perform the following operations before performing step 101: and acquiring third verification information from the authentication file. And the software running equipment acquires the first verification information and/or the first timestamp information from the authentication file under the condition that the third verification information comprises a target character. The target character may be one or more preset characters, such as "$$$". In some embodiments, the software running device performs an authentication authorization process on the software to be authenticated before authenticating the software to be authenticated. After the software running device performs authentication and authorization processing on the software to be authenticated, the authentication file of the software to be authenticated may store the third verification information. It is understood that the third verification information is not included in the authentication file of the software to be authenticated, which is not subjected to the authentication authorization process. In some embodiments, the software running device determines that the software to be authenticated fails to authenticate when the third verification information does not include the target character. That is, the software operating device determines that the software to be authenticated is unauthorized software when the third verification information does not include the target character. When the third verification information does not comprise the target character, the software running equipment can accurately and quickly determine that the software to be authenticated fails to be authenticated.
102. And determining that the software to be authenticated is authenticated successfully under the condition that the first verification information is matched with the second verification information stored in the memory and/or the current time is matched with the time indicated by the first timestamp information.
The matching of the first authentication information and the second authentication information stored in the memory may be that the first authentication information and the second authentication information are the same. The matching of the current time with the time indicated by the first timestamp information may be that a time interval between the current time and the time indicated by the first timestamp information is less than a time threshold. The time threshold may be 2 seconds, 3 seconds, 4 seconds, 5 seconds, etc., and the embodiment of the present application is not limited.
Step 101 and step 102 can be understood as operations of the software running device to authenticate the software to be authenticated. In some embodiments, the software running device performs an authentication authorization process on the software to be authenticated before authenticating the software to be authenticated. The authentication and authorization processing of the software to be authenticated is mainly to complete the authentication operation of the legal use of the software to be authenticated. After the software running device performs authentication and authorization processing on the software to be authenticated, first verification information and/or first timestamp information may be stored in an authentication file of the software to be authenticated. The first authentication information may be a character string set in advance, for example, "YYYYYY". The first time stamp information may be time stamp information generated by the software running device according to the system time when the software running device performs the operation of performing the authentication and authorization process on the software to be authenticated. For example, the first timestamp information is a system time when the software running device performs an operation of performing an authentication authorization process on the software to be authenticated. Therefore, the software running device can accurately determine whether the software to be authenticated is authorized software by executing step 102, that is, whether the software to be authenticated is authenticated successfully.
In some embodiments, step 102 may be replaced with: and determining that the software to be authenticated fails to authenticate under the condition that the first verification information is different from the second verification information and the time interval between the current time and the time indicated by the first timestamp information is not less than the time threshold. Optionally, after determining that the authentication of the software to be authenticated fails, the software running device ends the running of the software to be authenticated. It can be understood that the first verification information and/or the first timestamp information are/is stored in the authentication file of the software to be authenticated, which is subjected to the authentication and authorization process. If the first verification information is different from the second verification information, and the time interval between the current time and the time indicated by the first timestamp information is not less than the time threshold, the software to be authenticated must not be authenticated and authorized, i.e., the software to be authenticated is unauthorized software. In the embodiment, the software to be authenticated can be accurately and quickly determined to be unauthorized software.
In some embodiments, the software running device may perform the following operations before performing step 102: randomly generating a character string to obtain the second verification information; and storing the second verification information to the memory. Since the second authentication information is a character string generated randomly, the first authentication information and the second authentication information are often different. It is understood that the first verification information and the second verification information are unlikely to be substantially identical when the software to be authenticated is authenticated for the first time. Optionally, after determining that the software to be authenticated is successfully authenticated, the software running device encrypts the second verification information under the condition that the first verification information is different from the second verification information; and updating the first verification information in the authentication file into the encrypted second verification information. Thus, the memory of the software running device and the authentication file both store the second verification information. After the virtual machine is migrated, the data in the memory and the authentication file are migrated to a new server, and the software to be authenticated running in the virtual machine can be successfully authenticated. Because the virtual machine generated by copying cannot copy the second verification information stored in the memory of the original virtual machine and cannot meet the condition that the first verification information in the authentication file is the same as the second verification information stored in the memory, the software running in the virtual machine generated by copying fails in authentication. It can be understood that the migrated virtual machine and the virtual machine generated by copying can be accurately distinguished by comparing the second verification information in the memory with the first verification information in the authentication file, and authorized software (corresponding to software in the migrated virtual machine) and unauthorized software (corresponding to software in the virtual machine generated by copying) can also be accurately distinguished.
In the embodiment of the application, the software to be authenticated is authenticated by adopting the first verification information and/or the first timestamp information in the authentication file of the software to be authenticated without machine fingerprint, so that the problems of failure of authorization authentication caused by physical information change of a virtual machine and illegal use of the software caused by illegal copying of software data in a cloud computing environment can be effectively solved.
In some embodiments, the software running device may update the timestamp information in the authentication file after determining that the authentication of the software to be authenticated is successful. Optionally, the software running device may periodically write the encrypted timestamp information into the authentication file. Illustratively, the software running device encrypts the current system time to obtain second timestamp information; and updating the first time stamp information in the authentication file to the second time stamp information. For example, the software running device updates the timestamp information in the authentication file every second after determining that the software to be authenticated is successfully authenticated. In the implementation mode, the timestamp information in the authentication file is updated in time, so that the software to be authenticated running in the virtual machine can still be successfully authenticated after the virtual machine is migrated.
In one embodiment, the software running device can perform authentication and authorization processing on the software to be authenticated before authenticating the software to be authenticated. That is, the software running apparatus may perform the authentication and authorization process on the software to be authenticated before performing step 101 and step 102. The authentication and authorization process is mainly to complete the authentication operation of the legal use of the software. It will be appreciated that the software that has undergone the authentication authorization process can pass the authentication. One implementation of the process of authenticating and authorizing software is described below.
Fig. 2 is a flowchart of an authentication and authorization processing method according to an embodiment of the present application. As shown in fig. 2, the method may include:
201. the software running device randomly generates a first character string.
For example, a character string including 8 characters is randomly generated, resulting in a first character string.
202. And obtaining third verification information based on the first character string and the target character.
The third verification information may be obtained based on the first character string and the target character in the following manner: and obtaining the third verification information by splicing the first character string and the target character. For example, the first string is "aw 31v 2"% and the target character is "$$", and the third verification information is "aw 31v2 $% $". The first character string is used as an identification of the software to be authenticated so as to distinguish different software.
203. And storing the third verification information to the authentication file.
Optionally, the storing the third verification information into the authentication file may be encrypting the third verification information, and storing the encrypted third verification information into the authentication file. In some embodiments, the software running device may install the software to be authenticated before executing the authentication and authorization processing method flow in fig. 2. After the installation of the software to be authenticated is completed, the software running equipment generates an authentication file cert _ file, wherein the authentication file may include 3 parts, a user information area a, a default setting value of "xxxxxxxx", a verification information area B, a default setting value of "YYYYYY", a timestamp information area C, and a default setting value of "ZZZZZZ". Optionally, in the process of installing the software to be authenticated, authorization information is received; and after the authorization information passes the authentication, finishing the installation of the software to be authenticated. The authorization information may be an authorization serial number or other information for the software to be authenticated. For example, the storing of the encrypted third verification information in the authentication file may be writing the encrypted third verification information in the user information area a, overwriting a default setting value "XXXXXX".
204. And acquiring the current system time.
The current system time (corresponding to the unencrypted first timestamp information) may be the system time c1 of the virtual machine currently being run by the software running device.
205. And encrypting the current system time c1 to obtain a ciphertext c 2.
For example, the software running device encrypts the current system time c1 using Advanced Encryption Standard (AES) to obtain a ciphertext c2 (corresponding to the encrypted first timestamp information). The ciphertext c2 may be the encrypted first time stamp information or other time stamp information.
206. And writing the ciphertext into a timestamp information area of the authentication file, and covering a default value 'ZZZZZZZZZZZZ'.
207. And starting the software program to be authenticated to run.
In the embodiment of the application, the first timestamp information and the third verification information are written in the authentication file of the software to be authenticated, so that the software to be authenticated can be accurately authenticated according to the authentication file.
In some embodiments, the authentication method flow in the foregoing embodiments is only a portion of a complete software administration scheme. The complete software management and control scheme can be realized by the coordination operation of software operation control, authorization processing, authentication judgment and dynamic timestamp. The software operation equipment can comprise a software operation control module, an authorization processing module, an authentication module and a dynamic timestamp function module, and the specific scheme of each part is as follows:
(1) software operation control module
When installing the software to be authenticated, the software running equipment generates an authentication file in a system (namely, a system of a virtual machine); the first authentication information, the third authentication information and the first timestamp information are encrypted, and the initial content of the first authentication information, the third authentication information and the first timestamp information is default specific data; when the software to be authenticated is started, randomly generating a section of character string as second verification information, and storing the second verification information into the memory; then reading the content of the authentication file, and transmitting the decrypted authentication data to an authentication module for authentication judgment; and receiving an authentication result returned by the authentication module, starting the timestamp function module if the authentication result is passed, and normally operating the software to be authenticated, otherwise, ending the operation of the software to be authenticated.
The software running control module is used for implementing program running processing, and mainly judges whether the authorization of the software to be authenticated is normal or not so as to determine whether the software to be authenticated is normally run or not, and the flow of the software running control module is shown in fig. 3:
301, the second authentication information is randomly generated.
For example, a character string b1 is randomly generated as the second verification information of the operation of the software to be authenticated.
302. And allocating a memory and storing the second verification information into the memory.
303. And reading the content of the authentication file, and transmitting authentication data S obtained by decrypting the content to an authentication module.
304. And judging the authentication result R returned by the authentication module.
305. And if the authentication result is that the authentication is successful, starting the timestamp function module and normally operating the software to be authenticated.
Illustratively, the value of the authentication result R is "yes" or "yes", indicating that the authentication is successful.
306. And if the authentication result is authentication failure, ending the operation of the software to be authenticated.
Illustratively, the value of the authentication result R is 'no' or 'no', indicating that the authentication failed.
(2) Authorization processing module
Randomly generating a section of character string and combining the character string with the target character to form third verification information; encrypting the third verification information and storing the encrypted third verification information into an authentication file; generating first time stamp information based on the current system time, and storing the encrypted first time stamp information into an authentication file; and starting the software to be authenticated to run. The authorization processing module may be used to implement the method flow in fig. 2.
(3) Authentication module
Receiving authentication data, and analyzing third verification information from the authentication data; if the third verification information is illegal (i.e. does not include the target character), directly returning failure (i.e. authentication failure); if the third verification information is legal (namely comprises the target character), the first verification information is analyzed from the authentication data; if the first verification information is the same as the second verification information recorded in the current program memory, returning to pass (namely, authentication is successful); otherwise, continuously analyzing the first timestamp information from the authentication information, comparing the first timestamp information with the current system time, if the difference value between the first timestamp information and the current time is larger than a set threshold value, returning to the authentication failure, and if not, encrypting the second verification information recorded in the memory, storing the encrypted second verification information in the authentication file, and returning to the authentication file to pass.
The authentication module is used for realizing authentication processing of the software to be authenticated and determining whether the software to be authenticated passes authentication or not through validity judgment of the third verification information, the first verification information and the first timestamp information of the software to be authenticated. Illustratively, by (i.e., authentication is successful), then "yes" or "yes" is returned; fails (i.e., authentication fails), then an' "no" or "no" is returned. In some embodiments, the process flow of the authentication module is as shown in FIG. 4A:
401. and receiving the authentication data S and analyzing the third verification information a from the authentication data.
For example, the receiving of the authentication data S may be receiving authentication data from the software operation control module, and the authentication data may include third verification information stored in the authentication file, the first timestamp information, and the first verification information.
402. It is determined whether the third authentication information includes the target character.
If the target character is not included, go to step 411; if the target character is included, go to step 403. And returning to 'no' or 'no' to indicate that the user identity is invalid, namely the software to be authenticated fails to be authenticated.
403. The first verification information b is parsed from the authentication data.
404. And comparing whether the first verification information b obtained by analyzing the authentication data is the same as the second verification information b1 in the memory.
If not, go to step 405; if yes, go to step 408. Returning "yes" or "yes" indicates that the software to be authenticated is successfully authenticated.
405. First timestamp information is parsed from the authentication data.
406. The current time cc is obtained.
407. It is determined whether a time interval between the current time cc and the time c indicated by the first timestamp information is less than a time threshold.
The time threshold may be 1 second, 3 seconds, 5 seconds, 10 seconds, etc. If yes, go to step 408; if not, go to step 411. For example, if the value of the current time cc minus the time c indicated by the first time stamp information is greater than 5 seconds, it is determined that the software to be authenticated fails in authentication.
408. Authentication is successful, returning either "yes" or "yes".
409. B2 is generated by encrypting the second authentication information b1 in the memory.
410. B2 is written into the verification information area of the authentication file, overwriting the old value.
411. Authentication fails, returning either a 'no' or 'no'.
In some embodiments, the authentication module may also implement the method flow in fig. 1. By executing the method flow in fig. 4, the software running device authenticates the software subjected to the authentication and authorization process, the software in the virtual machine generated by copying cannot be authenticated, and the software in the virtual machine after migration can be authenticated.
Fig. 4B is a flowchart of another software authentication method according to an embodiment of the present application. It is to be understood that the method flow in fig. 4A may be a method flow of the software operating device authenticating the software to be authenticated (i.e., first authentication), and the method flow in fig. 4B may be a method flow of the target device authenticating the software to be authenticated (non-first authentication) after the software to be authenticated is migrated from the software operating device to the target device. That is, the flow of the software authentication method performed by the target device does not need to perform steps 409 and 410. The target device and the software running device may be the same type of device. For example, the target device and the software running device are a server, a tablet computer, a desktop computer, a notebook computer, a virtual machine, and the like.
When the software running device authenticates the software to be authenticated, since the second verification information (i.e., the randomly generated verification information) in the memory of the software running device does not match the first verification information obtained by analyzing the authentication data (i.e., the software running device performs step 405 after performing step 404), the software running device authenticates the software to be authenticated by performing step 407. After executing the authentication authorization processing method flow in fig. 2, the software running device executes the authentication flow in fig. 4 immediately (i.e. the time between executing the method flow in fig. 2 and executing the method flow in fig. 4 is less than a certain time duration, for example, 1 second), so that the time interval between the time indicated by the first timestamp information generated by executing the method flow in fig. 2 and the current time is less than the time threshold, so that the software to be authenticated is authenticated. After the software to be authenticated passes the authentication, the software operating device writes the second verification information in the memory into the authentication file to cover the first verification information, so that the software to be authenticated can be authenticated accurately by comparing the second verification information in the memory with the verification information in the authentication file after the software to be authenticated is migrated to other devices. For the unauthorized software, the time stamp information in the authentication file of the unauthorized software cannot be updated in time, so that the unauthorized software cannot pass the authentication.
When the target device authenticates the software to be authenticated (not for the first time), the software to be authenticated can be authenticated because the second verification information in the memory of the software operating device matches the verification information obtained by analyzing the authentication data (i.e., the software operating device performs step 408 after performing step 404). Since it takes a long time (e.g., 30 seconds, 1 minute, etc.) for both the copy and the migration software, the time interval between the time indicated by the timestamp information in the respective authentication files and the current time is greater than the time threshold for both the authorized software in which the migration occurs and the unauthorized software generated by the copy. That is, neither authorized software for which migration has occurred nor unauthorized software generated by copying can be authenticated by the time stamp information in the authentication file. After the software to be authenticated is migrated from the software running device to the target device, the second verification information in the memory of the software running device is migrated to the memory of the target device, so that the target device can determine that the software to be authenticated is successfully authenticated by executing step 404. Since the software generated by the copying cannot copy the second verification information in the memory of the software running device to the new device, the software generated by the copying cannot pass the authentication. It is understood that by performing the method of fig. 4B, the migrated software to be authenticated may be authenticated and unauthorized software may not be authenticated.
(4) Dynamic timestamp function module
Generating first timestamp information based on the current system time, and storing the encrypted first timestamp information into an authentication file; and then waits for a certain time interval (e.g., one second) and repeats such a process.
The dynamic timestamp module is mainly used for regularly and uninterruptedly writing encrypted timestamp information into the authentication file, namely periodically updating the timestamp information in the authentication file. The processing flow of the dynamic timestamp function module is shown in fig. 5:
501. the current system time cc1 is obtained.
502. The cc1 is encrypted by AES to generate a ciphertext cc 2.
503. Cc2 is written to the timestamp information area of the authentication file, overwriting the old value.
504. Wait for the target duration, and then loop through steps 501-503 again.
The target time duration may be 100 milliseconds, 1 second, 2 seconds, etc., and the embodiment of the present application is not limited.
Fig. 6 is a software authentication method provided in an embodiment of the present application, and is applied to a software running device running a virtual machine, as shown in fig. 6, the method may include:
601. and the software running equipment acquires target verification information from the authentication file of the software to be authenticated.
Optionally, before the software running device obtains the target verification information from the authentication file of the software to be authenticated, the method further includes: installing the software to be authenticated; performing authentication authorization on the software to be authenticated, wherein the authentication authorization comprises generating the target verification information; storing the target verification information into the authentication file; and starting the software to be authenticated. The software running device may perform authentication and authorization on the software to be authenticated by using the method flow in fig. 2. Optionally, the target verification information may include the first timestamp information, the first verification information, and the third verification information.
Optionally, the software running device may obtain the target verification information from the authentication file of the software to be authenticated in the following manner: reading target information in the authentication file of the software to be authenticated; and decrypting the target information to obtain the target verification information.
602. And the software running equipment runs the software to be authenticated under the condition that the software to be authenticated is determined to be authorized software based on the target verification information.
In some embodiments, the target verification information includes first timestamp information and/or first verification information; the implementation manner of determining the software to be authenticated as the authorized software based on the target verification information may be: and under the condition that the time indicated by the first timestamp information is matched with the current time and/or the second verification information stored in the memory is matched with the first verification information, determining the software to be authenticated as authorized software. Optionally, the target verification information includes first verification information and first timestamp information; the above-mentioned implementation manner of obtaining the target verification information from the authentication file of the software to be authenticated may be: acquiring the first verification information from the authentication file of the software to be authenticated; and acquiring the first timestamp information from the authentication file when the second verification information is not stored in the memory or the first verification information is not matched with the second verification information stored in the memory. Optionally, the target verification information further includes third verification information; the obtaining the first verification information from the authentication file of the software to be authenticated includes: acquiring the third verification information from the authentication file of the software to be authenticated; and acquiring the first verification information from the authentication file when the third verification information includes the target character.
In some embodiments, step 602 may be replaced with: and under the condition that the software to be authenticated is determined to be unauthorized software based on the target verification information, ending the operation of the software to be authenticated. Illustratively, the target verification information includes first timestamp information and/or first verification information; the implementation manner of determining that the software to be authenticated is unauthorized software based on the target verification information may be: determining a time interval between a time indicated by the first timestamp information and a current time when the second verification information stored in the memory is different from the first verification information; and under the condition that the time interval is not smaller than the time threshold, determining that the software to be authenticated is unauthorized software.
In the embodiment of the application, whether the software to be authenticated is authorized software is determined based on the target verification information acquired from the authentication file of the software to be authenticated, rather than according to the machine fingerprint, so that the problems of failure of authorization authentication caused by physical information change of a virtual machine and illegal use of the software caused by illegal copying of software data in a cloud computing environment can be effectively solved.
In some embodiments, the software running device may periodically update the timestamp information in the authentication file after determining that the software to be authenticated is authorized software. Illustratively, the software running device executes the method flow of fig. 5 to update the timestamp information in the authentication file.
In this implementation manner, the time stamp information in the authentication file is updated, so that a time interval between the time indicated by the time stamp information in the authentication file and the current time is smaller than a time threshold, so that after the virtual machine migrates, the software to be authenticated can still pass authentication.
In some embodiments, after determining that the software to be authenticated is authorized software, the software running device may perform the following operations: encrypting the second authentication information when the first authentication information is different from the second authentication information; and updating the first verification information in the authentication file into the encrypted second verification information.
In this implementation manner, the first verification information in the authentication file is updated to the encrypted second verification information, so that after the virtual machine is migrated, the second verification information stored in the memory is the same as the first verification information in the authentication file, and thus the software to be authenticated running in the virtual machine can still be authenticated successfully after the virtual machine is migrated.
Fig. 7 is a diagram illustrating a structure of a software running device according to an embodiment of the present application, and as shown in fig. 7, the software running device may include:
an obtaining unit 701, configured to obtain first verification information and/or first timestamp information from an authentication file of software to be authenticated;
a determining unit 702, configured to determine that the software to be authenticated is authenticated successfully when the first verification information matches second verification information stored in the memory, and/or when the current time matches the time indicated by the first timestamp information.
In an optional implementation manner, the determining unit 702 is specifically configured to determine that the software to be authenticated is authenticated successfully when the first verification information does not match the second verification information stored in the memory, and a current time matches a time indicated by the first timestamp information.
In an optional implementation manner, the matching of the current time and the time indicated by the first timestamp information includes: the time interval between the current time and the time indicated by the first timestamp information is less than a time threshold.
In an optional implementation manner, the obtaining unit 701 is specifically configured to obtain the first verification information from the authentication file of the software to be authenticated; and acquiring the first time stamp information from the authentication file when the first verification information does not match the second verification information.
In an optional implementation manner, the obtaining unit 701 is specifically configured to obtain third verification information from the authentication file; and acquiring the first verification information and/or the first timestamp information from the authentication file when the third verification information includes a target character.
In an optional implementation manner, the determining unit 702 is further configured to determine that the software to be authenticated fails to authenticate when the third verification information does not include the target character.
In an optional implementation manner, the determining unit 702 is further configured to determine that the software to be authenticated fails to authenticate when the first verification information is different from the second verification information and a current time matches a time indicated by the first timestamp information.
In an optional implementation manner, the software running device further includes:
a generating unit 703, configured to generate the second verification information in a process of starting the software to be authenticated;
a storage unit 704, configured to store the second verification information in the memory.
In an optional implementation manner, the software running device further includes:
an authentication and authorization unit 705, configured to perform authentication and authorization processing on the software to be authenticated;
the starting unit 706 is configured to start the software to be authenticated after the authentication and authorization processing on the software to be authenticated is completed.
In an optional implementation manner, the authentication and authorization unit 705 is specifically configured to randomly generate a first character string; obtaining third verification information based on the first character string and the target character; and storing the third verification information into the authentication file.
In an optional implementation manner, the authentication and authorization unit 705 is specifically configured to obtain the third verification information by concatenating the first character string and the target character; and encrypting the third verification information, and storing the encrypted third verification information in the authentication file.
In an optional implementation manner, the authentication and authorization unit 705 is further configured to generate the first timestamp information based on a current system time corresponding to the authentication and authorization processing; and encrypting the first time stamp information, and storing the encrypted first time stamp information in the authentication file.
In an optional implementation manner, the software running device further includes: a first updating unit 707 configured to update the first timestamp information in the authentication file.
In an optional implementation manner, the first updating unit 707 is specifically configured to encrypt the current system time to obtain second timestamp information; and updating the time stamp information in the authentication file from the first time stamp information to the second time stamp information.
In an optional implementation manner, the software running device further includes: a second updating unit 708 configured to encrypt the second authentication information when the first authentication information is different from the second authentication information; and updating the first verification information in the authentication file into the encrypted second verification information.
In an optional implementation manner, the obtaining unit 701 is specifically configured to read target content in the authentication file of the software to be authenticated; and decrypting the target content to obtain the first verification information and/or the first timestamp information.
The second updating unit 708 and the first updating unit 707 may be the same unit or different units. Available, the obtaining unit 701 and the determining unit 702 correspond to an authentication module; the generation unit 703 and the storage unit 704 correspond to software operation control modules, and the authentication authorization unit 705, the activation unit 706, and the second update unit 708 correspond to authorization processing modules; the first updating unit 707 corresponds to a dynamic time stamp function module.
Fig. 8 is a diagram illustrating a structure of another software operating device according to an embodiment of the present application. As shown in fig. 8, the software running device may include:
an obtaining unit 801, configured to obtain target verification information from an authentication file of software to be authenticated;
an operating unit 802, configured to operate the software to be authenticated when the determining unit 803 determines that the software to be authenticated is authorized software based on the target verification information.
In an optional implementation manner, the running unit 802 is further configured to end the running of the software to be authenticated, when it is determined that the software to be authenticated is unauthorized software based on the target verification information.
In an optional implementation manner, the target verification information includes first timestamp information and/or first verification information;
the determining unit 803 is further configured to determine that the software to be authenticated is authorized software when the time indicated by the first timestamp information matches the current time and/or when the second verification information stored in the memory matches the first verification information.
In an alternative implementation, the target verification information includes first verification information and first timestamp information;
an obtaining unit 801, configured to obtain the first verification information from the authentication file of the software to be authenticated; and acquiring the first timestamp information from the authentication file when the second verification information is not stored in the memory or the first verification information is not matched with the second verification information stored in the memory.
In an optional implementation manner, the target verification information further includes third verification information;
an obtaining unit 801, configured to obtain the third verification information from the authentication file of the software to be authenticated; and acquiring the first verification information from the authentication file when the third verification information includes the target character.
In an optional implementation manner, the determining unit 803 is specifically configured to determine, in a case that the second verification information stored in the memory is different from the first verification information, a time interval between a time indicated by the first timestamp information and a current time; and under the condition that the time interval is not smaller than the time threshold, determining that the software to be authenticated is unauthorized software.
In an optional implementation manner, the software running device further includes:
a first updating unit 804, configured to update the first timestamp information in the authentication file.
In an optional implementation manner, the first updating unit 804 is specifically configured to encrypt the current system time to obtain second timestamp information; and updating the time stamp information in the authentication file from the first time stamp information to the second time stamp information.
In an optional implementation manner, the apparatus further includes:
a second updating unit 805 configured to update the first verification information in the authentication file to the second verification information.
In an optional implementation manner, the second updating unit 805 is specifically configured to encrypt the second authentication information if the first authentication information does not match the second authentication information; and updating the first verification information in the authentication file into the encrypted second verification information.
In an optional implementation manner, the apparatus further includes:
an installation unit 806, configured to install the software to be authenticated;
an authentication and authorization unit 807 for performing authentication and authorization on the software to be authenticated, wherein the authentication and authorization includes generating the target verification information;
a storage unit 808 configured to store the target verification information in the authentication file;
the starting unit 809 is configured to start the software to be authenticated.
In an alternative implementation, the authentication and authorization unit 807 is specifically configured to generate the first timestamp information in the target verification information based on a current system time.
In an alternative implementation, the authentication and authorization unit 807 is specifically configured to randomly generate a first character string; and obtaining the third verification information in the target verification information based on the first character string and the target character.
In an optional implementation manner, the authentication and authorization unit 807 is specifically configured to obtain the third verification information by concatenating the first character string and the target character; the above apparatus further comprises:
an encryption unit 810 configured to encrypt the third authentication information;
the storage unit 808 is specifically configured to store the encrypted third verification information in the authentication file.
In an alternative implementation manner, the starting unit 809 is specifically configured to generate the second verification information; and storing the second verification information to the memory.
In an optional implementation manner, the obtaining unit 801 is specifically configured to read target information in the authentication file of the software to be authenticated; and decrypting the target information to obtain the target verification information.
The second updating unit 805 and the first updating unit 804 may be the same unit or different units. Available, the acquisition unit 801 and the determination unit 803 correspond to an authentication module; the operation unit 802, the installation unit 806 correspond to a software operation control module, and the authentication authorization unit 807, the storage unit 808, the startup unit 809 encryption unit 810, and the second update unit 805 correspond to an authorization processing module; the first updating unit 804 corresponds to a dynamic time stamp function module.
It should be understood that the above division of the units of the software running device is only a division of logical functions, and the actual implementation may be wholly or partially integrated into one physical entity, or may be physically separated. For example, the above units may be processing elements which are set up separately, or may be implemented by integrating the same chip, or may be stored in a storage element of the controller in the form of program codes, and a certain processing element of the processor calls and executes the functions of the above units. In addition, the units can be integrated together or can be independently realized. The processing element may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the method or the units above may be implemented by hardware integrated logic circuits in a processor element or instructions in software. The processing element may be a general-purpose processor, such as a Central Processing Unit (CPU), or may be one or more integrated circuits configured to implement the above method, such as: one or more application-specific integrated circuits (ASICs), one or more microprocessors (DSPs), one or more field-programmable gate arrays (FPGAs), etc.
Fig. 9 is a schematic structural diagram of a server according to an embodiment of the present application, where the server 900 may have a relatively large difference due to different configurations or performances, and may include one or more Central Processing Units (CPUs) 922 (e.g., one or more processors) and a memory 932, and one or more storage media 930 (e.g., one or more mass storage devices) for storing applications 942 or data 944. Memory 932 and storage media 930 can be, among other things, transient storage or persistent storage. The program stored on the storage medium 930 may include one or more modules (not shown), each of which may include a series of instruction operations for the server. Still further, a central processor 922 may be provided in communication with the storage medium 930 to execute a series of instruction operations in the storage medium 930 on the server 900. The server 900 may be a software running device as provided herein.
The server 900 may also include one or more power supplies 926, one or more wired or wireless network interfaces 950, one or more input-output interfaces 958, and/or one or more operating systems 941, such as Windows ServerTM, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM, etc.
The steps performed by the software running device in the above embodiment may be based on the server structure shown in fig. 9. Specifically, the central processor 922 may implement the functions of each unit in fig. 7 and 8.
In an embodiment of the present application, there is provided a computer-readable storage medium storing a computer program which, when executed by a processor, implements: acquiring first verification information and/or first timestamp information from an authentication file of software to be authenticated; and determining that the software to be authenticated is authenticated successfully under the condition that the first verification information is matched with second verification information stored in a memory and/or the current time is matched with the time indicated by the first timestamp information.
In an embodiment of the present application, there is provided another computer-readable storage medium storing a computer program which, when executed by a processor, implements: acquiring target verification information from an authentication file of software to be authenticated; and running the software to be authenticated under the condition that the software to be authenticated is determined to be authorized software based on the target verification information.
Embodiments of the present application provide a computer program product containing instructions, which when run on a computer, cause the computer to execute the software authentication method provided by the foregoing embodiments.
While the invention has been described with reference to specific embodiments, the scope of the invention is not limited thereto, and those skilled in the art can easily conceive various equivalent modifications or substitutions within the technical scope of the invention. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (10)
1. A method of software authentication, comprising:
acquiring first verification information and/or first timestamp information from an authentication file of software to be authenticated;
and determining that the software to be authenticated is authenticated successfully under the condition that the first verification information is matched with second verification information stored in a memory and/or the current time is matched with the time indicated by the first timestamp information.
2. The method according to claim 1, wherein the determining that the software to be authenticated is successfully authenticated in the case that the first verification information matches with second verification information stored in a memory, and/or the current time matches with the time indicated by the first timestamp information comprises:
and determining that the software to be authenticated is authenticated successfully under the condition that the first verification information is not matched with the second verification information stored in the memory and the current time is matched with the time indicated by the first timestamp information.
3. The method of claim 1 or 2, wherein the matching of the current time with the time indicated by the first timestamp information comprises: a time interval between the current time and the time indicated by the first timestamp information is less than a time threshold.
4. A method of software authentication, comprising:
the software running equipment acquires target verification information from an authentication file of the software to be authenticated;
and the software running equipment runs the software to be authenticated under the condition that the software to be authenticated is determined to be authorized software based on the target verification information.
5. The method according to claim 4, wherein after the software running device obtains the target verification information from the authentication file of the software to be authenticated, the method further comprises:
and under the condition that the software to be authenticated is determined to be unauthorized software based on the target verification information, ending the running of the software to be authenticated.
6. The method according to claim 4 or 5, wherein the target authentication information comprises first timestamp information and/or first authentication information; the determining that the software to be authenticated is authorized software based on the target verification information comprises:
and under the condition that the time indicated by the first timestamp information is matched with the current time and/or the second verification information stored in the memory is matched with the first verification information, determining the software to be authenticated as authorized software.
7. A software running device, comprising:
the software authentication device comprises an acquisition unit, a verification unit and a verification unit, wherein the acquisition unit is used for acquiring first verification information and/or first timestamp information from an authentication file of software to be authenticated;
and the determining unit is used for determining that the software to be authenticated is successfully authenticated under the condition that the first verification information is matched with second verification information stored in a memory and/or the current time is matched with the time indicated by the first timestamp information.
8. A software running device, comprising:
the acquiring unit is used for acquiring target verification information from an authentication file of the software to be authenticated;
and the running unit is used for running the software to be authenticated under the condition that the determining unit determines that the software to be authenticated is authorized software based on the target verification information.
9. A computer-readable storage medium, in which a computer program is stored, the computer program comprising program instructions which, when executed by a processor of an electronic device, cause the processor to carry out the method of any one of claims 1 to 6.
10. An electronic device comprising a memory and a processor; the memory is used for storing programs; the processor configured to execute the program stored in the memory, the processor configured to perform the method of any of claims 1 to 6 when the program is executed.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911039023.2A CN112749383A (en) | 2019-10-29 | 2019-10-29 | Software authentication method and related product |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911039023.2A CN112749383A (en) | 2019-10-29 | 2019-10-29 | Software authentication method and related product |
Publications (1)
Publication Number | Publication Date |
---|---|
CN112749383A true CN112749383A (en) | 2021-05-04 |
Family
ID=75641645
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201911039023.2A Pending CN112749383A (en) | 2019-10-29 | 2019-10-29 | Software authentication method and related product |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112749383A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113742706A (en) * | 2021-09-08 | 2021-12-03 | 杭州涂鸦信息技术有限公司 | Authorization authentication method, device and medium for application program |
CN113867818A (en) * | 2021-09-28 | 2021-12-31 | 潍柴动力股份有限公司 | Method and device for generating ini file, computer equipment and medium |
CN114676393A (en) * | 2022-05-26 | 2022-06-28 | 杭州微帧信息科技有限公司 | Software off-line authentication method |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110296429A1 (en) * | 2010-06-01 | 2011-12-01 | International Business Machines Corporation | System and method for management of license entitlements in a virtualized environment |
CN102479304A (en) * | 2010-11-26 | 2012-05-30 | 深圳市硅格半导体有限公司 | Method, client and system for software access control |
CN103078858A (en) * | 2012-12-31 | 2013-05-01 | 上海同岩土木工程科技有限公司 | Web service and signature certificate-based software trial authorization method |
CN103902878A (en) * | 2012-12-28 | 2014-07-02 | 杭州华三通信技术有限公司 | License authentication method and device under virtual environment |
CN106598863A (en) * | 2016-12-19 | 2017-04-26 | 广州视源电子科技股份有限公司 | Method and device for verifying copyright of embedded software |
CN108989021A (en) * | 2018-06-04 | 2018-12-11 | 北京辰森世纪科技股份有限公司 | Information authentication method, device, computer equipment and readable storage medium storing program for executing |
CN109933958A (en) * | 2017-12-19 | 2019-06-25 | 镇江飞协软件开发有限公司 | The method and system of software protection |
CN110198296A (en) * | 2018-04-27 | 2019-09-03 | 腾讯科技(深圳)有限公司 | Method for authenticating and device, storage medium and electronic device |
CN110198539A (en) * | 2019-01-02 | 2019-09-03 | 腾讯科技(深圳)有限公司 | A kind of authentication method and its device, equipment and storage medium |
-
2019
- 2019-10-29 CN CN201911039023.2A patent/CN112749383A/en active Pending
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110296429A1 (en) * | 2010-06-01 | 2011-12-01 | International Business Machines Corporation | System and method for management of license entitlements in a virtualized environment |
CN102479304A (en) * | 2010-11-26 | 2012-05-30 | 深圳市硅格半导体有限公司 | Method, client and system for software access control |
CN103902878A (en) * | 2012-12-28 | 2014-07-02 | 杭州华三通信技术有限公司 | License authentication method and device under virtual environment |
CN103078858A (en) * | 2012-12-31 | 2013-05-01 | 上海同岩土木工程科技有限公司 | Web service and signature certificate-based software trial authorization method |
CN106598863A (en) * | 2016-12-19 | 2017-04-26 | 广州视源电子科技股份有限公司 | Method and device for verifying copyright of embedded software |
CN109933958A (en) * | 2017-12-19 | 2019-06-25 | 镇江飞协软件开发有限公司 | The method and system of software protection |
CN110198296A (en) * | 2018-04-27 | 2019-09-03 | 腾讯科技(深圳)有限公司 | Method for authenticating and device, storage medium and electronic device |
CN108989021A (en) * | 2018-06-04 | 2018-12-11 | 北京辰森世纪科技股份有限公司 | Information authentication method, device, computer equipment and readable storage medium storing program for executing |
CN110198539A (en) * | 2019-01-02 | 2019-09-03 | 腾讯科技(深圳)有限公司 | A kind of authentication method and its device, equipment and storage medium |
Non-Patent Citations (1)
Title |
---|
孙浩男;鹤荣育;郭丽;: "一种可信虚拟平台底层环境验证方案", 计算机应用与软件, no. 08, 31 August 2018 (2018-08-31) * |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113742706A (en) * | 2021-09-08 | 2021-12-03 | 杭州涂鸦信息技术有限公司 | Authorization authentication method, device and medium for application program |
CN113867818A (en) * | 2021-09-28 | 2021-12-31 | 潍柴动力股份有限公司 | Method and device for generating ini file, computer equipment and medium |
CN113867818B (en) * | 2021-09-28 | 2024-04-16 | 潍柴动力股份有限公司 | Method, device, computer equipment and medium for generating ini file |
CN114676393A (en) * | 2022-05-26 | 2022-06-28 | 杭州微帧信息科技有限公司 | Software off-line authentication method |
CN114676393B (en) * | 2022-05-26 | 2022-08-26 | 杭州微帧信息科技有限公司 | Software off-line authentication method |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN112074836B (en) | Apparatus and method for protecting data through trusted execution environment | |
US11741230B2 (en) | Technologies for secure hardware and software attestation for trusted I/O | |
KR101265099B1 (en) | A Method For Software Security Treatment And A Storage Medium | |
KR100792287B1 (en) | Method for security and the security apparatus thereof | |
CN107003866A (en) | The safety establishment of encrypted virtual machine from encrypted template | |
TWI627554B (en) | Methods for blocking unauthorized applications and apparatuses using the same | |
US11601281B2 (en) | Managing user profiles securely in a user environment | |
CN112749383A (en) | Software authentication method and related product | |
JP7256861B2 (en) | secure computer system | |
US20110271350A1 (en) | method for protecting software | |
CN110334531B (en) | Virtual machine key management method, master node, system, storage medium and device | |
KR20130093775A (en) | Apparatus, method, terminal and system for recovery protection of system files | |
CN101447009A (en) | Method, device and system for installing software | |
CN101447013A (en) | Method, device and system for running software | |
CN108363912B (en) | Program code secret protection method and device | |
KR101711024B1 (en) | Method for accessing temper-proof device and apparatus enabling of the method | |
CN113228016A (en) | Apparatus and method for luxo software decryption | |
CN102117394A (en) | Method and device for detecting whether a computer file has been copied and method and device for enabling such detection | |
KR101226615B1 (en) | A Device For Software Obfuscation And A System For Software Security Treatment | |
CN112445705B (en) | Software running system, method and device based on trusted verification and computer equipment | |
CN115221549A (en) | LPC bus safety access method, system, terminal and storage medium | |
CN114579337A (en) | Method and system for generating core dump in user equipment | |
US9177160B1 (en) | Key management in full disk and file-level encryption | |
CN113343215A (en) | Embedded software authorization and authentication method and electronic equipment | |
CN112099901A (en) | Method and device for configuring virtual machine memory data encryption mode and CPU chip |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |