CN113157340A - Program starting method, program authorization device and electronic equipment - Google Patents
Program starting method, program authorization device and electronic equipment Download PDFInfo
- Publication number
- CN113157340A CN113157340A CN202110447095.1A CN202110447095A CN113157340A CN 113157340 A CN113157340 A CN 113157340A CN 202110447095 A CN202110447095 A CN 202110447095A CN 113157340 A CN113157340 A CN 113157340A
- Authority
- CN
- China
- Prior art keywords
- server
- identity information
- container
- program
- authorization
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 230
- 238000013475 authorization Methods 0.000 claims abstract description 207
- 238000012795 verification Methods 0.000 claims abstract description 102
- 238000004590 computer program Methods 0.000 claims description 16
- 238000001514 detection method Methods 0.000 claims description 4
- 230000000694 effects Effects 0.000 abstract description 7
- 238000010586 diagram Methods 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000011895 specific detection Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
- G06F9/44505—Configuring for program initiating, e.g. using registry, configuration files
- G06F9/4451—User profiles; Roaming
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Stored Programmes (AREA)
Abstract
The invention provides a program starting method, a program authorization method, a device and electronic equipment, wherein the program starting method is applied to a first server, the first server comprises a first container, and the method comprises the following steps: under the condition that a user is detected to start the target program in the first container based on the authorization file, detecting whether process information corresponding to the target program exists in a starting process list or not; under the condition that the starting process list comprises process information corresponding to the target program, respectively verifying the identity information of the first server and the identity information of the first container based on the authorization file to obtain a verification result; and in the case that the verification result indicates that the verification is successful, starting the target program in the first container. The program starting method, the program authorization device and the electronic equipment can solve the problem that an existing software authorization mechanism is poor in authorization effect.
Description
Technical Field
The present application relates to the field of computer technologies, and in particular, to a program starting method, a program authorization method, an apparatus, and an electronic device.
Background
In the prior art, after a user purchases legal software from a software developer, the user usually receives an authorization file sent by the software developer, and can start the purchased software on a physical machine based on the authorization file. During the process of using the purchased software, the authorization file usually limits the concurrency amount of the service provided by the software, for example, when the user purchases the software for converting voice into text, the authorization file can limit the maximum concurrency amount of the software for converting voice into text to be n, and when the number of requests for converting voice into text received by the physical machine at the same time exceeds n, a queue is created.
Based on this, in order to increase the amount of concurrency of services provided by software, users typically deploy purchased software on a container basis, and after the container is authorized by a software developer, the user can mirror the container on the same physical machine, thereby obtaining multiple successfully authorized containers. In this way, the user can provide services by starting a plurality of containers simultaneously, and each successfully authorized container can provide the services with the maximum concurrency limited by the authorization file, so that the maximum concurrency of the services provided by the physical machine is effectively increased. However, the large concurrency of services obtained by users in this manner severely infringes the legitimate interests of software developers. Therefore, the existing software authorization mechanism has the problem of poor authorization effect.
Disclosure of Invention
The program starting method, the program authorization device and the electronic equipment can solve the problem that an existing software authorization mechanism is poor in authorization effect.
In order to solve the technical problems, the specific implementation scheme of the invention is as follows:
in a first aspect, an embodiment of the present invention provides a program starting method, which is applied to a first server, where the first server includes a first container, and the method includes:
under the condition that a user is detected to start a target program in the first container based on an authorization file, detecting whether process information corresponding to the target program exists in a starting process list or not, wherein the starting process list comprises the process information of all containers in the first server;
under the condition that the starting process list comprises process information corresponding to the target program, respectively verifying the identity information of the first server and the identity information of the first container based on the authorization file to obtain a verification result;
and starting the target program in the first container if the verification result indicates that the verification is successful.
In a second aspect, an embodiment of the present invention further provides a program authorization method, applied to a second server, including:
under the condition of receiving an authorization request sent by a first server, acquiring identity information of the first server and identity information of a first container, wherein the first server comprises the first container, and the authorization request is a request for requesting authorization of a target program in the first container;
generating a first authorization file based on the identity information of the first server and the identity information of the first container;
and sending the first authorization file to the first server.
In a third aspect, an embodiment of the present invention further provides a program authorization method, including:
under the condition that a second server receives an authorization request sent by a first server, acquiring deployment indication information of a target program in the first server;
acquiring identity information of a first server and identity information of a first container when the deployment indication information indicates that the target program is deployed in the first container in the first server;
the second server generates a first authorization file based on the identity information of the first server and the identity information of the first container;
the second server sends the first authorization file to the first server;
and the first server respectively verifies the identity information of the first server and the identity information of the first container based on the first authorization file when detecting that the target program in the first container is started by the user based on the first authorization file.
In a fourth aspect, an embodiment of the present invention further provides a program starting apparatus, where the program starting apparatus includes a first container, and the apparatus includes:
the detection module is used for detecting whether process information corresponding to the target program exists in a starting process list or not under the condition that a user is detected to start the target program in the first container based on an authorization file, wherein the starting process list comprises the process information of all containers in the first server;
the first verification module is configured to, when the start process list includes process information corresponding to the target program, respectively verify the identity information of the first server and the identity information of the first container based on the authorization file to obtain a verification result;
and the starting module is used for starting the target program in the first container under the condition that the verification result indicates that the verification is successful.
In a fifth aspect, an embodiment of the present invention further provides a program authorization apparatus, including:
the program starting device comprises a first obtaining module, a second obtaining module and a third obtaining module, wherein the first obtaining module is used for obtaining identity information of a program starting device and identity information of a first container under the condition of receiving an authorization request sent by the program starting device, the program starting device comprises the first container, and the authorization request is a request for requesting authorization of a target program in the first container;
the first generation module is used for generating a first authorization file based on the identity information of the program starting device and the identity information of the first container;
and the first sending module is used for sending the first authorization file to the program starting device.
In a sixth aspect, an embodiment of the present invention further provides an electronic device, which includes a processor, a memory, and a computer program stored in the memory and executable on the processor, and when executed by the processor, the electronic device implements the method steps described in the first to third aspects.
In a seventh aspect, the present invention further provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the method steps in the first to third aspects are implemented.
In the embodiment of the application, under the condition that it is detected that the user starts the target program in the first container based on the authorization file and the process information corresponding to the target program exists in the start process list, the identity information of the server attached to the first container and the identity information of the first container are respectively verified based on the authorization file, and the target program in the first container is allowed to be started under the condition that the verification is successful, so that the problem that the user increases the concurrency of the service provided by the target program in a mirror image container mode can be effectively avoided, and the problem that the authorization effect of the existing authorization mechanism is poor is solved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments of the present invention will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without inventive exercise.
FIG. 1 is a flowchart of a program start method according to an embodiment of the present invention;
FIG. 2 is a flowchart of a program authorization method provided by an embodiment of the invention;
FIG. 3 is a flow chart of another program authorization method provided by the embodiment of the invention;
fig. 4 is a block diagram of a program starting apparatus according to an embodiment of the present invention;
fig. 5 is a block diagram of a program authorizing apparatus provided in the embodiment of the present invention;
fig. 6 is a block diagram of another program authorizing apparatus provided in the embodiment of the present invention;
fig. 7 is a block diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, fig. 1 is a flowchart of a program starting method provided in an embodiment of the present application, where the method is applied to a first server, where the first server includes a first container, and the method includes:
102, when the starting process list includes process information corresponding to the target program, verifying the identity information of the first server and the identity information of the first container respectively based on the authorization file to obtain a verification result;
The target program is an application program which is developed by a software developer and needs an authorized license to normally operate, and accordingly, the first server may be a server of a user who purchases the target program, and the user purchases the target program and deploys the target program to the first server so as to use a corresponding service provided by the target program. For example, the target program may provide a user with common background services such as a speech-to-text service, a computing service, and the like.
The identity information of the first server may be information such as an ID of the first server or a hardware serial number of the host. The first container may refer to a virtual machine deployed in a first server, and the identity information of the first container may refer to an ID of the first container, where the ID of the container in the server is automatically generated when the container is created and remains unchanged during a life cycle of the container, and therefore, ID numbers of different containers in the same server are different. The ID of the container may be determined by looking at control groups (cgroups) information on the first server.
It is understood that the authorization file may be pre-stored with the identity information of the target server and the identity information of the target container through authorization. Specifically, after deploying the target program in the target container in the target server, the user may apply for authorization to the software developer, and the software developer may acquire the identity information of the target server and the identity information of the target container based on the authorization program and may generate the authorization file based on the identity information of the target server and the identity information of the target container when confirming that the user has purchased the target program, and then may send the generated authorization file to the target server, so that the target container of the subsequent target server normally starts the target program based on the authorization file.
Since the ID number of the container in the server may change after the server is restarted, that is, the identity information of the first container may change as the first server is restarted. When the ID of the first container changes, the process of verifying the identity information of the container by the authorization file cannot be performed in the process of starting the target program, so that the user can only apply for the authorization file from the software developer again, and if the authorization of the software developer is not timely, the problem that the service provided by the target program in the first container is unavailable is caused.
Based on this, in the embodiment of the present application, when it is detected that the user starts the target program in the first container based on the authorization file, it is first detected whether process information corresponding to the target program exists in the start process list. If the process information corresponding to the target program exists in the starting process list, the first server has the normally running target program, namely the first server can normally provide the service provided by the target program; in this case, when it is detected that the user starts the target program in the first container based on the authorization file, the authorization program in the first container may check the identity information of the first server and the identity information of the first container based on the authorization file at the same time, so as to avoid a problem that the user increases the concurrency of the service provided by the target program in a manner of mirroring the container.
Accordingly, in a case where the process information corresponding to the target program is not included in the start process list, that is, the first server may be restarted, and the first server cannot normally provide the service provided by the target program at present, in this case, the problem that the service in the first server that has passed the authorization is not available is avoided. In this embodiment, when the process list does not include the process information corresponding to the target program, only the identity information of the first server is checked to determine whether the first server is an authorized server, and when the first server passes the check, the target program in the first container is normally started, so that the problem that the service in the first server that has passed the authorization is unavailable is avoided.
It should be noted that, a plurality of containers may exist on the first server at the same time to obtain the authorization of the software developer, and when all the target programs deployed on the containers in the first server obtain the authorization of the software developer, a plurality of target programs that respectively obtain the authorization may be started on the first server at the same time.
The specific detection method for detecting whether the process information corresponding to the target service exists in the start process list may be: inquiring in the starting process list based on the application name of the target program, and when a process comprising the application name of the target program is inquired, indicating that process information corresponding to the target service exists in the starting process list; otherwise, when the process including the application name of the target program is not queried, it can be stated that the process information corresponding to the target service does not exist in the starting process list.
Specifically, the authorization file is a file pre-stored in a first container, and when it is detected that a user starts an object program in the first container based on the authorization file, it is detected whether process information corresponding to the object program exists in a start process list, and when the start process list includes the process information corresponding to the object program, the authorization program in the first container may check identity information of the first server and identity information of the first container based on the authorization file to determine whether the first container is a container that passes authorization, and only when the identity information is checked based on the authorization file, the object program is run and started in the first container, otherwise, the start process of the object program in the first container is stopped.
In this way, when the first container is a container obtained by mirroring based on a target container, even if an authorization file generated by a software developer exists in the first container, the target container is a container in the first server, and a target program deployed in the target container is authorized by the software developer. However, because the identity information of the first container is different from that of the target container, the target program in the first container cannot be started, and thus cannot provide services for the user, thereby avoiding the problem that the user increases the concurrency of the services provided by the target program in a manner of mirroring the container.
In this embodiment, when it is detected that the user starts the target program in the first container based on the authorization file, the identity information of the server to which the first container is attached and the identity information of the first container are respectively verified based on the authorization file, and the target program in the first container is allowed to be started only when the verification is successful, so that the problem that the user increases the concurrency of the service provided by the target program in a mirror image container mode can be effectively avoided, and the problem that the authorization effect of the existing authorization mechanism is poor is solved.
Optionally, the verifying the identity information of the first server and the identity information of the first container based on the authorization file respectively to obtain the verification result includes:
decrypting the authorization file to obtain first identity information and second identity information;
verifying the identity information of the first server based on the first identity information, and verifying the identity information of the first container based on the second identity information;
under the condition that the identity information of the first server is matched with the first identity information and the identity information of the first container is matched with the second identity information, outputting a verification result of successful verification;
and under the condition that the identity information of the first server is not matched with the first identity information or the identity information of the first container is not matched with the second identity information, outputting a verification result of verification failure.
The software developer can encrypt the authorization file while generating the authorization file so as to improve the security of the authorization file in the transmission and subsequent use processes. It can be understood that, while the target program is deployed in the physical machine, an authorization program corresponding to the target program generally needs to be deployed, and a developer configures an encryption rule of an authorization file in advance in the authorization program, so that the authorization program can decrypt the authorization file based on the encryption rule before verifying the identity information of the server and the identity information of the container by using the authorization file, thereby obtaining the first identity information and the second identity information recorded in the authorization file, where the first identity information may be the identity information of the target server, and the second identity information may be the identity information of the target container.
Optionally, the verifying the identity information of the first server based on the authorization file to obtain the verification result includes:
decrypting the authorization file to obtain first identity information;
verifying the identity information of the first server based on the first identity information;
under the condition that the identity information of the first server is matched with the first identity information, outputting a verification result of successful verification;
and under the condition that the identity information of the first server is not matched with the first identity information, outputting a verification result of verification failure.
Specifically, only the identity information of the first server is checked when the process information corresponding to the target program is not included in the start process list. The verification process for verifying the identity information of the first server based on the authorization file is similar to the verification process for verifying the identity information of the first server and the identity information of the first container based on the authorization file in the above embodiment, but in this embodiment, when the authorization file is decrypted, only the first identity information is obtained, for example, when the first identity information and the second identity information are encrypted and stored in the authorization file in different encryption manners, only the first identity information is decrypted, and the identity information of the first server is verified based on the decrypted first identity information.
Referring to fig. 2, fig. 2 is a flowchart of a program authorization method provided in an embodiment of the present application, where the method is applied to a second server, and the method includes:
The second server may be a server of a software developer, and the software developer may manage the target program in the server of the user through the second server, for example, the software developer may authorize the target program deployed in the first server of the user through the second server.
Specifically, after the user purchases the target program and successfully deploys the target program in the first container, when the target program is started for the first time, the user needs to apply for authorization from the software developer, for example, when the user starts the target program for the first time, the authorization program in the first container may actively send an authorization request to the second server, and at this time, the second server controls the authorization program in the first server to acquire the identity information of the first server and the identity information of the first container, and sends the acquired identity information of the first server and the acquired identity information of the first container to the second server. In this way, after receiving the identity information of the first server and the identity information of the first container, the second server may verify, based on the identity information of the first server, that the first server determines whether the first server successfully purchases the target program, and in a case where it is determined that the first server successfully purchases the target program, generate a first authorization file based on the identity information of the first server and the identity information of the first container; the first authorization file is then sent to the first server. Thereby ensuring that the target program deployed in the subsequent first container can be normally started based on the first authorization file.
Optionally, the generating a first authorization file based on the identity information of the first server and the identity information of the first container includes:
encrypting the identity information of the first server based on a first encryption method to obtain first encryption information;
encrypting the identity information of the first container based on a second encryption method to obtain second encryption information;
splicing the first encryption information and the second encryption information to obtain target information;
and encrypting the target information to obtain the first authorization file.
It is understood that the first encryption method and the second encryption method are different encryption methods, wherein the first encryption method, the second encryption method and the method for encrypting the target information may be encryption methods commonly used in the prior art, for example, encryption methods such as AES and MD5, and of course, the encryption method may also be an encryption algorithm defined by a developer himself, such as a bit operation on a plaintext.
In the embodiment, different encryption methods are adopted to encrypt the identity information of the first server and the identity information of the first container respectively, and the encrypted first encryption information and the encrypted second encryption information are spliced and then encrypted again, so that the security of the authorization file in the transmission and use processes can be further improved.
Optionally, the obtaining the identity information of the first server and the identity information of the first container when the authorization request sent by the first server is received includes:
under the condition of receiving an authorization request sent by a first server, acquiring deployment indication information of a target program in the first server;
acquiring identity information of the first server and identity information of the first container under the condition that the deployment indication information indicates that the target program is deployed in the first container;
after obtaining the deployment indication information of the target program in the first server, the method further includes:
acquiring identity information of the first server if the deployment indication information indicates that the target program is deployed on the first server;
generating a second authorization file based on the identity information of the first server;
and sending the second authorization file to the first server.
Specifically, the first server may control the authorization program in the first server to obtain the deployment indication information when receiving the authorization request, where the deployment indication information indicates a deployment manner of the target program in the first server, and when the deployment manner of the target program in the first server is container deployment and the target program is deployed in the first container, the first server may obtain the identity information of the first server and the identity information of the first container, and generate the first authorization file based on the identity information of the first server and the identity information of the first container.
Accordingly, when the deployment indication information indicates that the target program is deployed in the first server, that is, the target program is non-containerized, at this time, since the user cannot increase the concurrency of the services provided by the target program by using a method of mirroring a container, only the identity information of the first server needs to be acquired, a second authorization file is generated based on the identity information of the first server, and then the second authorization file is sent to the first server. The subsequent first server may directly launch the target program deployed directly on the first server based on the second authorization file.
The above-mentioned determining the deployment manner of the target program on the first server may be determined by looking up information of control groups (cgroups) on the first server. The generation process of the second authorization file is similar to the generation process of the first authorization file, and is not repeated herein to avoid repetition.
Referring to fig. 3, fig. 3 is a flowchart of another program authorization method provided in an embodiment of the present application, where the method includes the following steps:
Optionally, when detecting that the user starts the target program in the first container based on the first authorization file, the verifying, by the first server, the identity information of the first server and the identity information of the first container based on the first authorization file respectively includes:
the first server detects whether process information corresponding to the target program exists in a starting process list or not under the condition that a user starts the target program in the first container based on the first authorization file, wherein the starting process list comprises the process information of all containers in the first server;
under the condition that the starting process list comprises process information corresponding to the target program, the first server respectively verifies the identity information of the first server and the identity information of the first container based on the first authorization file to obtain a verification result;
and starting the target program in the first container if the verification result indicates that the verification is successful.
Optionally, after the identity information of the first server and the identity information of the first container are respectively verified based on the authorization file, the method further includes:
stopping the starting process of the target program in the first container when the verification result indicates that the verification fails.
Optionally, after detecting whether process information corresponding to the target program exists in the start-up process list, the method further includes:
and under the condition that the process information corresponding to the target program is not included in the starting process list, verifying the identity information of the first server based on the authorization file to obtain the verification result.
Optionally, after obtaining the deployment indication information of the target program in the first server, the method further includes:
acquiring identity information of the first server if the deployment indication information indicates that the target program is deployed on the first server;
generating a second authorization file based on the identity information of the first server;
and sending the second authorization file to the first server.
It should be noted that, for the specific implementation process of each step in the method provided in this embodiment, reference may be made to the above-mentioned embodiment, and all beneficial effects in the above-mentioned embodiment can be achieved, so that details are not described here to avoid repetition.
Referring to fig. 4, fig. 4 is a flowchart of a program starting apparatus 400 according to an embodiment of the present application, where the program starting apparatus 400 includes a first container, and the apparatus includes:
a detecting module 401, configured to detect, when it is detected that a user starts an object program in the first container based on an authorization file, whether process information corresponding to the object program exists in a start process list, where the start process list includes process information of all containers in the first server;
a first verification module 402, configured to, when the start process list includes process information corresponding to the target program, respectively verify, based on the authorization file, the identity information of the first server and the identity information of the first container to obtain a verification result;
a starting module 403, configured to start the target program in the first container if the verification result indicates that the verification is successful.
Optionally, the program starting apparatus 400 further includes:
a stopping module, configured to stop a starting process of the target program in the first container when the verification result indicates that the verification fails.
Optionally, the first checking module 402 includes:
a detection submodule, configured to detect whether process information corresponding to an object program exists in a start process list when it is detected that a user starts the object program in a first container based on an authorization file, where the start process list includes process information of all containers in the program starting apparatus 400;
and the verification sub-module is configured to, when the starting process list includes the process information corresponding to the target program, respectively verify the identity information of the program starting apparatus 400 and the identity information of the first container based on the authorization file, so as to obtain the verification result.
Optionally, the first checking module 402 is further configured to, when the process information corresponding to the target program is not included in the starting process list, check the identity information of the program starting apparatus 400 based on the authorization file, and obtain the check result.
The check submodule comprises:
the decryption unit is used for decrypting the authorization file to obtain first identity information and second identity information;
a verification unit, configured to verify the identity information of the program starting apparatus 400 based on the first identity information, and verify the identity information of the first container based on the second identity information;
an output unit, configured to output a verification result that the verification is successful when the identity information of the program starting apparatus 400 matches the first identity information and the identity information of the first container matches the second identity information;
the output unit is further configured to output a verification result indicating that the verification fails when the identity information of the program starting apparatus 400 is not matched with the first identity information, or the identity information of the first container is not matched with the second identity information.
Optionally, the decryption unit is further configured to decrypt the authorization file to obtain first identity information;
the verification unit is further configured to verify the identity information of the program starting apparatus 400 based on the first identity information;
the output unit is further configured to output a verification result of successful verification when the identity information of the program starting apparatus 400 is matched with the first identity information;
the output unit is further configured to output a verification result indicating that the verification fails when the identity information of the program starting apparatus 400 is not matched with the first identity information.
The program starting apparatus 400 provided in the embodiment of the present invention can implement each process in the foregoing method embodiments, and is not described here again to avoid repetition.
Referring to fig. 5, fig. 5 is a flowchart of a program authorization apparatus 500 according to an embodiment of the present application, including:
a first obtaining module 501, configured to obtain identity information of a program starting apparatus and identity information of a first container when an authorization request sent by the program starting apparatus is received, where the program starting apparatus includes the first container, and the authorization request is a request for requesting authorization to a target program in the first container;
a first generating module 502, configured to generate a first authorization file based on the identity information of the program starting apparatus and the identity information of the first container;
a first sending module 503, configured to send the first authorization file to the program starting apparatus.
Optionally, the first generating module 502 includes:
the encryption submodule is used for encrypting the identity information of the program starting device based on a first encryption method to obtain first encryption information;
the encryption submodule is further used for encrypting the identity information of the first container based on a second encryption method to obtain second encryption information;
the splicing submodule is used for splicing the first encryption information and the second encryption information to obtain target information;
the encryption submodule is further configured to encrypt the target information to obtain the first authorization file.
Optionally, the first obtaining module 501 is configured to, in a case that an authorization request sent by a program starting apparatus is received, obtain deployment indication information of a target program in the program starting apparatus;
the first obtaining module 501 is further configured to obtain the identity information of the program starting apparatus and the identity information of the first container when the deployment indication information indicates that the target program is deployed in the first container.
Optionally, the first obtaining module 501 is further configured to, when the deployment indication information indicates that the target program is deployed in the program starting apparatus, obtain identity information of the program starting apparatus;
the first generating module 502 is further configured to generate a second authorization file based on the identity information of the program starting apparatus;
the first sending module 503 is further configured to send the second authorization file to the program starting apparatus.
The program authorization apparatus 500 provided in the embodiment of the present invention can implement each process in the foregoing method embodiments, and is not described here again to avoid repetition.
Referring to fig. 6, fig. 6 is another program authorization apparatus 600 provided in an embodiment of the present application, where the program authorization apparatus 600 includes:
a second obtaining module 601, configured to obtain deployment indication information of a target program in a first server when a second server receives an authorization request sent by the first server;
a third obtaining module 602, configured to obtain, if the deployment indication information indicates that the target program is deployed in a first container in the first server, identity information of the first server and identity information of the first container;
a second generating module 603, configured to generate, by the second server, a first authorization file based on the identity information of the first server and the identity information of the first container;
a second sending module 604, configured to send the first authorization file to the first server by the second server;
a second verification module 605, configured to, when the first server detects that the user starts the target program in the first container based on the first authorization file, respectively verify the identity information of the first server and the identity information of the first container based on the first authorization file.
Optionally, the second check module 605 includes:
the detection submodule is used for detecting whether process information corresponding to the target program exists in a starting process list or not under the condition that the first server detects that a user starts the target program in the first container based on the first authorization file, wherein the starting process list comprises the process information of all containers in the first server;
the verification submodule is used for respectively verifying the identity information of the first server and the identity information of the first container by the first server based on the first authorization file under the condition that the starting process list comprises the process information corresponding to the target program, so as to obtain a verification result;
and the starting sub-module is used for starting the target program in the first container under the condition that the verification result indicates that the verification is successful.
Optionally, the second check module 605 is further configured to, when the process information corresponding to the target program is not included in the start process list, check the identity information of the first server based on the authorization file to obtain the check result.
Optionally, the program authorization apparatus 600 further includes:
a stopping module, configured to stop a starting process of the target program in the first container when the verification result indicates that the verification fails.
Optionally, the third obtaining module 602 is further configured to obtain the identity information of the first server if the deployment indication information indicates that the target program is deployed in the first server;
the second generating module 603 is further configured to generate a second authorization file based on the identity information of the first server;
the second sending module 604 is further configured to send the second authorization file to the first server.
The program authorization apparatus 600 provided in the embodiment of the present invention can implement each process in the foregoing method embodiments, and is not described here again to avoid repetition.
Referring to fig. 7, fig. 7 is a structural diagram of an electronic device according to another embodiment of the present invention, and as shown in fig. 7, the electronic device includes: the service interface flow control apparatus 700 includes: a processor 701, a memory 702 and a computer program stored on the memory 702 and operable on the processor, the various components of the data transmission apparatus 700 being coupled together by a bus interface 703, the computer program, when executed by the processor 701, implementing the steps of:
under the condition that a user is detected to start a target program in the first container based on an authorization file, respectively verifying the identity information of the first server and the identity information of the first container based on the authorization file to obtain a verification result;
starting the target program in the first container under the condition that the verification result indicates that the verification is successful;
stopping the starting process of the target program in the first container when the verification result indicates that the verification fails.
Optionally, when it is detected that the user starts the target program in the first container based on the authorization file, respectively verifying the identity information of the first server and the identity information of the first container based on the authorization file to obtain a verification result, where the verifying step includes:
under the condition that a user is detected to start a target program in a first container based on an authorization file, detecting whether process information corresponding to the target program exists in a starting process list, wherein the starting process list comprises the process information of all containers in the first server;
and under the condition that the starting process list comprises the process information corresponding to the target program, respectively verifying the identity information of the first server and the identity information of the first container based on the authorization file to obtain the verification result.
Optionally, after detecting whether process information corresponding to the target program exists in the start-up process list, the method further includes:
and under the condition that the process information corresponding to the target program is not included in the starting process list, verifying the identity information of the first server based on the authorization file to obtain the verification result.
Optionally, the verifying the identity information of the first server and the identity information of the first container based on the authorization file respectively to obtain the verification result includes:
decrypting the authorization file to obtain first identity information and second identity information;
verifying the identity information of the first server based on the first identity information, and verifying the identity information of the first container based on the second identity information;
under the condition that the identity information of the first server is matched with the first identity information and the identity information of the first container is matched with the second identity information, outputting a verification result of successful verification;
and under the condition that the identity information of the first server is not matched with the first identity information or the identity information of the first container is not matched with the second identity information, outputting a verification result of verification failure.
Optionally, the verifying the identity information of the first server based on the authorization file to obtain the verification result includes:
decrypting the authorization file to obtain first identity information;
verifying the identity information of the first server based on the first identity information;
under the condition that the identity information of the first server is matched with the first identity information, outputting a verification result of successful verification;
and under the condition that the identity information of the first server is not matched with the first identity information, outputting a verification result of verification failure.
Furthermore, the computer program may further implement the following steps when executed by the processor 701:
under the condition of receiving an authorization request sent by a first server, acquiring identity information of the first server and identity information of a first container, wherein the first server comprises the first container, and the authorization request is a request for requesting authorization of a target program in the first container;
generating a first authorization file based on the identity information of the first server and the identity information of the first container;
and sending the first authorization file to the first server.
Optionally, the generating a first authorization file based on the identity information of the first server and the identity information of the first container includes:
encrypting the identity information of the first server based on a first encryption method to obtain first encryption information;
encrypting the identity information of the first container based on a second encryption method to obtain second encryption information;
splicing the first encryption information and the second encryption information to obtain target information;
and encrypting the target information to obtain the first authorization file.
Optionally, the obtaining the identity information of the first server and the identity information of the first container when the authorization request sent by the first server is received includes:
under the condition of receiving an authorization request sent by a first server, acquiring deployment indication information of a target program in the first server;
and acquiring the identity information of the first server and the identity information of the first container under the condition that the deployment indication information indicates that the target program is deployed in the first container.
Optionally, after obtaining the deployment indication information of the target program in the first server, the method further includes:
acquiring identity information of the first server if the deployment indication information indicates that the target program is deployed on the first server;
generating a second authorization file based on the identity information of the first server;
and sending the second authorization file to the first server.
Furthermore, the computer program may further implement the following steps when executed by the processor 701:
under the condition that a second server receives an authorization request sent by a first server, acquiring deployment indication information of a target program in the first server;
acquiring identity information of a first server and identity information of a first container when the deployment indication information indicates that the target program is deployed in the first container in the first server;
the second server generates a first authorization file based on the identity information of the first server and the identity information of the first container;
the second server sends the first authorization file to the first server;
and the first server respectively verifies the identity information of the first server and the identity information of the first container based on the first authorization file when detecting that the target program in the first container is started by the user based on the first authorization file.
Optionally, when detecting that the user starts the target program in the first container based on the first authorization file, the verifying, by the first server, the identity information of the first server and the identity information of the first container based on the first authorization file respectively includes:
the first server detects whether process information corresponding to the target program exists in a starting process list or not under the condition that a user starts the target program in the first container based on the first authorization file, wherein the starting process list comprises the process information of all containers in the first server;
under the condition that the starting process list comprises process information corresponding to the target program, the first server respectively verifies the identity information of the first server and the identity information of the first container based on the first authorization file to obtain a verification result;
and starting the target program in the first container if the verification result indicates that the verification is successful.
Optionally, after the identity information of the first server and the identity information of the first container are respectively verified based on the authorization file, the method further includes:
stopping the starting process of the target program in the first container when the verification result indicates that the verification fails.
Optionally, after detecting whether process information corresponding to the target program exists in the start-up process list, the method further includes:
and under the condition that the process information corresponding to the target program is not included in the starting process list, verifying the identity information of the first server based on the authorization file to obtain the verification result.
Optionally, after obtaining the deployment indication information of the target program in the first server, the method further includes:
acquiring identity information of the first server if the deployment indication information indicates that the target program is deployed on the first server;
generating a second authorization file based on the identity information of the first server;
and sending the second authorization file to the first server.
An embodiment of the present invention further provides an electronic device, which includes a processor, a memory, and a computer program stored in the memory and capable of running on the processor, where the computer program, when executed by the processor, implements the processes of the foregoing method embodiments, and can achieve the same technical effects, and details are not repeated here to avoid repetition.
The embodiment of the present invention further provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the computer program implements the processes of the method embodiments, and can achieve the same technical effects, and in order to avoid repetition, the details are not repeated here. The computer-readable storage medium may be a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling an electronic device (such as a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present invention.
While the present invention has been described with reference to the embodiments shown in the drawings, the present invention is not limited to the embodiments, which are illustrative and not restrictive, and it will be apparent to those skilled in the art that various changes and modifications can be made therein without departing from the spirit and scope of the invention as defined in the appended claims.
Claims (14)
1. A program starting method applied to a first server, the first server including a first container, the method comprising:
under the condition that a user is detected to start a target program in the first container based on an authorization file, detecting whether process information corresponding to the target program exists in a starting process list or not, wherein the starting process list comprises the process information of all containers in the first server;
under the condition that the starting process list comprises process information corresponding to the target program, respectively verifying the identity information of the first server and the identity information of the first container based on the authorization file to obtain a verification result;
and starting the target program in the first container if the verification result indicates that the verification is successful.
2. The method of claim 1, wherein after the verifying the identity information of the first server and the identity information of the first container based on the authorization file respectively, the method further comprises:
stopping the starting process of the target program in the first container when the verification result indicates that the verification fails.
3. The method according to claim 1, wherein after detecting whether the process information corresponding to the target program exists in the startup process list, the method further comprises:
and under the condition that the process information corresponding to the target program is not included in the starting process list, verifying the identity information of the first server based on the authorization file to obtain the verification result.
4. The method according to claim 2, wherein the verifying the identity information of the first server and the identity information of the first container based on the authorization file respectively to obtain the verification result comprises:
decrypting the authorization file to obtain first identity information and second identity information;
verifying the identity information of the first server based on the first identity information, and verifying the identity information of the first container based on the second identity information;
under the condition that the identity information of the first server is matched with the first identity information and the identity information of the first container is matched with the second identity information, outputting a verification result of successful verification;
and under the condition that the identity information of the first server is not matched with the first identity information or the identity information of the first container is not matched with the second identity information, outputting a verification result of verification failure.
5. A method for authorizing a program, applied to a second server, comprising:
under the condition of receiving an authorization request sent by a first server, acquiring identity information of the first server and identity information of a first container, wherein the first server comprises the first container, and the authorization request is a request for requesting authorization of a target program in the first container;
generating a first authorization file based on the identity information of the first server and the identity information of the first container;
and sending the first authorization file to the first server.
6. The method of claim 5, wherein obtaining the identity information of the first server and the identity information of the first container in case of receiving the authorization request sent by the first server comprises:
under the condition of receiving an authorization request sent by a first server, acquiring deployment indication information of a target program in the first server;
and acquiring the identity information of the first server and the identity information of the first container under the condition that the deployment indication information indicates that the target program is deployed in the first container.
7. The method of claim 6, wherein after obtaining the deployment indication information of the target program in the first server, the method further comprises:
acquiring identity information of the first server if the deployment indication information indicates that the target program is deployed on the first server;
generating a second authorization file based on the identity information of the first server;
and sending the second authorization file to the first server.
8. A program authorization method, comprising:
under the condition that a second server receives an authorization request sent by a first server, acquiring deployment indication information of a target program in the first server;
acquiring identity information of a first server and identity information of a first container when the deployment indication information indicates that the target program is deployed in the first container in the first server;
the second server generates a first authorization file based on the identity information of the first server and the identity information of the first container;
the second server sends the first authorization file to the first server;
and the first server respectively verifies the identity information of the first server and the identity information of the first container based on the first authorization file when detecting that the target program in the first container is started by the user based on the first authorization file.
9. The method of claim 8, wherein the first server checks the identity information of the first server and the identity information of the first container based on the first authorization file when detecting that the target program in the first container is started by a user based on the first authorization file, and the method comprises:
the first server detects whether process information corresponding to the target program exists in a starting process list or not under the condition that a user starts the target program in the first container based on the first authorization file, wherein the starting process list comprises the process information of all containers in the first server;
under the condition that the starting process list comprises process information corresponding to the target program, the first server respectively verifies the identity information of the first server and the identity information of the first container based on the first authorization file to obtain a verification result;
and starting the target program in the first container if the verification result indicates that the verification is successful.
10. The method of claim 9, wherein after the verifying the identity information of the first server and the identity information of the first container based on the authorization file respectively, the method further comprises:
stopping the starting process of the target program in the first container when the verification result indicates that the verification fails.
11. A program launch device, said program launch device comprising a first container, said device comprising:
the detection module is used for detecting whether process information corresponding to the target program exists in a starting process list or not under the condition that a user is detected to start the target program in the first container based on an authorization file, wherein the starting process list comprises the process information of all containers in the first server;
the first verification module is configured to, when the start process list includes process information corresponding to the target program, respectively verify the identity information of the first server and the identity information of the first container based on the authorization file to obtain a verification result;
and the starting module is used for starting the target program in the first container under the condition that the verification result indicates that the verification is successful.
12. A program authorization apparatus, comprising:
the program starting device comprises a first obtaining module, a second obtaining module and a third obtaining module, wherein the first obtaining module is used for obtaining identity information of a program starting device and identity information of a first container under the condition of receiving an authorization request sent by the program starting device, the program starting device comprises the first container, and the authorization request is a request for requesting authorization of a target program in the first container;
the first generation module is used for generating a first authorization file based on the identity information of the program starting device and the identity information of the first container;
and the first sending module is used for sending the first authorization file to the program starting device.
13. An electronic device comprising a processor, a memory and a computer program stored on the memory and executable on the processor, the computer program, when executed by the processor, implementing the steps of the method according to any one of claims 1 to 10.
14. A computer-readable storage medium, characterized in that a computer program is stored on the computer-readable storage medium, which computer program, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 10.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110447095.1A CN113157340A (en) | 2021-04-25 | 2021-04-25 | Program starting method, program authorization device and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110447095.1A CN113157340A (en) | 2021-04-25 | 2021-04-25 | Program starting method, program authorization device and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113157340A true CN113157340A (en) | 2021-07-23 |
Family
ID=76870300
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110447095.1A Pending CN113157340A (en) | 2021-04-25 | 2021-04-25 | Program starting method, program authorization device and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113157340A (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110798466A (en) * | 2019-10-29 | 2020-02-14 | 西安雷风电子科技有限公司 | Verification method and system for software license in virtual machine scene |
| CN112613083A (en) * | 2021-01-04 | 2021-04-06 | 北京数字认证股份有限公司 | Application authorization verification method and device based on application container engine |
-
2021
- 2021-04-25 CN CN202110447095.1A patent/CN113157340A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110798466A (en) * | 2019-10-29 | 2020-02-14 | 西安雷风电子科技有限公司 | Verification method and system for software license in virtual machine scene |
| CN112613083A (en) * | 2021-01-04 | 2021-04-06 | 北京数字认证股份有限公司 | Application authorization verification method and device based on application container engine |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106657152B (en) | Authentication method, server and access control device | |
| WO2013182155A1 (en) | Firmware version upgrade method and system | |
| CN109145628B (en) | Data acquisition method and system based on trusted execution environment | |
| CN106357694B (en) | Access request processing method and device | |
| CN112836202A (en) | Information processing method and device and server | |
| US11003435B2 (en) | Manifest trialing techniques | |
| CN110837643B (en) | Activation method and device of trusted execution environment | |
| CN104573475A (en) | Method and system for authenticating transcoding service program | |
| CN111125665A (en) | Authentication method and device | |
| CN112380501B (en) | Equipment operation method, device, equipment and storage medium | |
| CN108737101B (en) | Application program verification method and device and cloud server | |
| CN112118209B (en) | Account operation method and device of vehicle equipment | |
| CN112231674A (en) | Skip verification method and system for URL (Uniform resource locator) address and electronic equipment | |
| US8522046B2 (en) | Method, apparatus and system for acquiring service by portable device | |
| CN111182010B (en) | Local service providing method and device | |
| CN113157340A (en) | Program starting method, program authorization device and electronic equipment | |
| JP2009199147A (en) | Communication control method and communication control program | |
| CN115563588A (en) | Software offline authentication method and device, electronic equipment and storage medium | |
| CN116032484A (en) | Method and device for safely starting communication equipment and electronic equipment | |
| CN115795438A (en) | Method and system for authorizing application program and readable storage medium | |
| CN112287305B (en) | Data processing method, user lock and server | |
| JP5049179B2 (en) | Information processing terminal device and application program activation authentication method | |
| JP4814993B2 (en) | Device to be debugged, authentication program, and debug authentication method | |
| CN115587342B (en) | Software product authorization license protection system and method | |
| WO2024066327A1 (en) | In-vehicle application activation method, vehicle-mounted device, and vehicle |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210723 |