CN113254887A - Authorization method of application program, computing device and storage medium - Google Patents
Authorization method of application program, computing device and storage medium Download PDFInfo
- Publication number
- CN113254887A CN113254887A CN202110624008.5A CN202110624008A CN113254887A CN 113254887 A CN113254887 A CN 113254887A CN 202110624008 A CN202110624008 A CN 202110624008A CN 113254887 A CN113254887 A CN 113254887A
- Authority
- CN
- China
- Prior art keywords
- information
- authorization
- hardware
- check value
- application program
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000013475 authorization Methods 0.000 title claims abstract description 180
- 238000000034 method Methods 0.000 title claims abstract description 82
- 238000003860 storage Methods 0.000 title claims abstract description 28
- 238000004458 analytical method Methods 0.000 claims description 4
- 125000004122 cyclic group Chemical group 0.000 claims description 3
- 238000004891 communication Methods 0.000 description 16
- 238000012795 verification Methods 0.000 description 14
- 230000008569 process Effects 0.000 description 11
- 230000008901 benefit Effects 0.000 description 7
- 238000009792 diffusion process Methods 0.000 description 7
- 238000012545 processing Methods 0.000 description 6
- 230000006870 function Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 230000002093 peripheral effect Effects 0.000 description 3
- 230000006855 networking Effects 0.000 description 2
- 238000005728 strengthening Methods 0.000 description 2
- 230000007723 transport mechanism Effects 0.000 description 2
- 230000004913 activation Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000007667 floating Methods 0.000 description 1
- 230000001771 impaired effect Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000035755 proliferation Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/123—Restricting unauthorised execution of programs by using dedicated hardware, e.g. dongles, smart cards, cryptographic processors, global positioning systems [GPS] devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/73—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by creating or determining hardware identification, e.g. serial numbers
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Mathematical Physics (AREA)
- General Health & Medical Sciences (AREA)
- Radar, Positioning & Navigation (AREA)
- Remote Sensing (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Storage Device Security (AREA)
- Stored Programmes (AREA)
Abstract
The invention discloses an authorization method of an application program, a computing device and a storage medium, wherein the authorization method of the application program is executed in the computing device, and the method comprises the following steps: extracting at least one piece of authorization information pre-stored in the computing equipment, wherein the authorization information comprises at least one piece of first hardware encryption information, an authorization serial number of an application program and a first check value; analyzing the authorization information to judge whether the authorization information is correct or not; when the authorization information is determined to be correct, acquiring hardware information related to a preset matching rule of the computing equipment; encrypting each piece of hardware information respectively to generate each piece of second hardware encryption information; and matching the second hardware encryption information with the first hardware encryption information, and when a preset matching rule is met, authorizing successfully.
Description
Technical Field
The invention relates to the technical field of computers, in particular to an authorization method of an application program, a computing device and a storage medium.
Background
As computer technology continues to evolve, so too do computer software (i.e., applications) continually evolve in iterations. Meanwhile, the problem of authorization of computer software is more and more prominent, and for a fee-charging software manufacturer, if the software is cracked and diffused, huge losses are brought to a company. The issue of authorization is therefore also a problem that software companies must appreciate.
Disclosure of Invention
In view of the above, the present invention has been made to provide an application program authorization method, a computing device, and a storage medium that overcome or at least partially solve the above-mentioned problems.
According to an aspect of the present invention, there is provided a method of authorizing an application program, the method being performed in a computing device, the method comprising: extracting at least one piece of authorization information pre-stored in the computing equipment, wherein the authorization information comprises at least one piece of first hardware encryption information, an authorization serial number of an application program and a first check value; analyzing the authorization information to judge whether the authorization information is correct or not; when the authorization information is determined to be correct, acquiring hardware information related to a preset matching rule of the computing equipment; encrypting each piece of hardware information respectively to generate each piece of second hardware encryption information; and matching the second hardware encryption information with the first hardware encryption information, and when a preset matching rule is met, authorizing successfully.
Optionally, in the authorization method for the application according to the present invention, the authorization information is written into a BIOS chip of the computing device by burning.
Optionally, in the method for authorizing an application according to the present invention, the method further includes a step of generating authorization information, including: at least one piece of hardware information in the computing equipment is encrypted respectively to generate respective first hardware encryption information; obtaining an authorized serial number of an application program; and coding the first hardware encryption information and the authorization serial number of the application program based on a check value generation algorithm to generate a first check value.
Optionally, in the method for authorizing an application according to the present invention, the step of parsing the authorization information to determine whether the authorization information is correct includes: analyzing the authorization information, and respectively obtaining first hardware encryption information, an authorization serial number of an application program and a first check value; coding the first hardware encryption information obtained by analysis and the authorization serial number of the application program through a check value generation algorithm to generate a second check value; judging whether the first check value is the same as the second check value; if the first check value is the same as the second check value, judging whether the authorization serial number of the application program is legal or not; and if the authorization serial number of the application program is legal, the authorization information is confirmed to be correct.
Optionally, in the method for authorizing an application according to the present invention, when it is determined that the authorization information is correct, the step of obtaining hardware information related to a preset matching rule of the computing device includes: acquiring hardware identifications corresponding to the first hardware encryption information; and acquiring hardware information related to hardware identifications in the current computing equipment.
Optionally, in the authorization method of the application according to the present invention, the encryption algorithm is SHA 256; the check value generation algorithm is a cyclic redundancy check algorithm.
Optionally, in the method for authorizing an application according to the present invention, the method for generating authorization information further includes: and structuring the first hardware encryption algorithm, the authorization serial number of the application program and the first check value.
Optionally, in the method for authorizing an application according to the present invention, matching the second hardware encryption information with the first hardware encryption information, and when a preset matching rule is satisfied, the step of successfully authorizing includes: and matching the second hardware encryption information with the first hardware encryption information, and when the matching degree reaches a preset threshold value, successfully authorizing.
According to yet another aspect of the invention, there is provided a computing device comprising: at least one processor; and a memory storing program instructions, wherein the program instructions are configured to be executed by the at least one processor, the program instructions comprising instructions for performing the above-described method.
According to yet another aspect of the present invention, there is provided a readable storage medium storing program instructions which, when read and executed by a computing device, cause the computing device to perform the above-described method.
The scheme of the invention adopts a mode of binding the hardware information and the software authorization serial number, solves the problem of infinite diffusion of the authorization serial number, thereby reducing the loss of software manufacturers and strengthening the support to the legal software.
The scheme also provides a hardware information matching rule, and the authorization verification process can still be normally completed when the user replaces part of hardware, so that a certain degree of freedom can be provided for the user, the user experience is improved, and the benefit protection of a software provider is enhanced.
The foregoing description is only an overview of the technical solutions of the present invention, and the embodiments of the present invention are described below in order to make the technical means of the present invention more clearly understood and to make the above and other objects, features, and advantages of the present invention more clearly understandable.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
FIG. 1 is a flow chart illustrating software authorization using software authorization sequence number binding hardware information in the prior art;
FIG. 2 shows a schematic diagram of a computing device 200, according to one embodiment of the invention;
FIG. 3 illustrates a flow diagram of a method 300 for generating authorization information and burning the authorization information into a computing device in an authorization method for an application according to one embodiment of the invention;
fig. 4 shows a flowchart of an authorization information verification method 400 in an authorization method of an application according to an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
Currently popular computer software (application program) generally adopts an authorization mode of binding a software authorization serial number or a software authorization serial number with computer hardware information and the like for authorization activation. When the hardware information binding mode is adopted, the main components (such as a motherboard, a CPU, a magnetic disk, a memory, a network card, a video card, a sound card, and the like) of the computer are known, and after the software manufacturer performs networking authorization, the authorization information is generally stored in the computing device in a file form. Fig. 1 shows a flow chart of software authorization by binding hardware information with a software authorization serial number in the prior art. As shown in fig. 1, the specific process of the prior art in software authorization is as follows:
and reading the authorization file information of the client machine and judging whether the authorization file exists or not.
If the authorization file does not exist, the authorization fails.
If the authorization file exists, the short machine authorization file information of gram number is read, and whether network connection exists is judged in the process.
And under the condition that the network connection is judged, the authorization information verification is completed through the authorization server.
And under the condition that no network connection exists, reading the authorization state when the software is opened on the local ground for the current time as the verification result (for example, the last time of successful authorization verification, the current default authorization success; the last time of failed authorization verification, and the current continued authorization failure). Or a direct identification of authorization failure. When the software is opened each time, the software is compared with the authorization information stored in the authorization server, then the authorization server issues the authorization verification result of the client software, and when the software is disconnected or the software cannot be connected to the authorization server, the authorization verification of the software cannot be completed, so that the authorization state of the software when the software is opened last time can be continued or the result of the authorization verification failure can be returned.
With the authorization scheme provided above, the following problems inevitably exist:
1) because of some conditions, the authentication cannot be performed due to the offline, and the authorization cannot be obtained.
2) Only serial number authorization is carried out, and hardware information is not bound; resulting in the authorization of unlimited proliferation once the sequence number leaks; or to solve the problem of the diffusion of the authorization caused by the diffusion of the serial number, and then the requirement of networking, which in turn causes the defect 1.
3) Single hardware information is bound, and the problem of authorization diffusion caused by only serial number authorization is solved; but introduces the following problems
a. An invalid binding is formed because the hardware is not canonical resulting in the invalidation of a single piece of hardware information.
b. Once the hardware is replaced, the authorization is invalidated.
4) The hardware information is fully bound, so that the probability of forming invalid binding is reduced, but a new problem is introduced: the user adds and replaces individual hardware, which causes the failure of authorization, and then brings the problems of reduced user experience, impaired user benefit, increased after-sale investment of software manufacturers, and the like.
5) The computer file is used for recording the authorization state and the authorization information, and the authorization diffusion can be caused by the file diffusion; or file binding hardware information, but the authorization is invalid because a user replaces individual hardware.
In order to solve the problems in the prior art, the embodiment of the invention provides a new authorization method for application programs (software), which is divided into two stages, wherein the first stage is carried out in the production process of a complete machine (computing equipment) manufacturer, the complete machine manufacturer reads effective values (such as N pieces of hardware information including a main board, a BIOS (basic input/output system), a hard disk, a cpu (central processing unit), a network card, an internal memory, a display card, a sound card and the like) of hardware information required in a matching rule according to a preset hardware information matching rule, and encrypts the read effective values of the hardware information one by one; and binding all ciphertexts generated after encryption with the authorization serial number of the application program, and calculating to generate a check value, so that final authorization information is generated and written into the BIOS. It should be noted that, in the computing device, a piece of authorization information may be configured and arranged in advance, where a piece of authorization information corresponds to authorization of an application program, which is not listed here.
The second stage is a stage of verifying the authorization information, the software firstly reads the authorization information stored in the BIOS, all hardware information ciphertexts and authorization serial numbers are taken out from the read authorization information to calculate check values, the obtained check values are compared with the check values in the authorization information, and if the two check values are the same, the read authorization serial numbers are verified to be valid or invalid; and if the serial number is a legal authorization serial number, reading all hardware information in the matching rule range on the machine, performing encryption calculation one by one, matching the encrypted ciphertext with the hardware information ciphertext read in the BIOS according to the matching rule, and determining that authorization verification is successful if the matching rule is satisfied (if 7 hardware information exist in the matching range and the ciphertexts of 5 or more hardware information are the same, matching is successful).
The present embodiment provides that both phases of the authorization method for an application are performed in a computing device. FIG. 2 shows a block diagram of a computing device 200, according to one embodiment of the invention. As shown in FIG. 2, in a basic configuration 202, a computing device 200 typically includes a system memory 206 and one or more processors 204. A memory bus 208 may be used for communication between the processor 204 and the system memory 206.
Depending on the desired configuration, the processor 204 may be any type of processing, including but not limited to: a microprocessor (μ P), a microcontroller (μ C), a digital information processor (DSP), or any combination thereof. The processor 204 may include one or more levels of cache, such as a level one cache 210 and a level two cache 212, a processor core 214, and registers 216. Example processor cores 214 may include Arithmetic Logic Units (ALUs), Floating Point Units (FPUs), digital signal processing cores (DSP cores), or any combination thereof. The example memory controller 218 may be used with the processor 204, or in some implementations the memory controller 218 may be an internal part of the processor 204.
Depending on the desired configuration, system memory 206 may be any type of memory, including but not limited to: volatile memory (such as RAM), non-volatile memory (such as ROM, flash memory, etc.), or any combination thereof. System memory 206 may include an operating system 220, one or more applications 222, and program data 224. The application 222 is actually a plurality of program instructions that direct the processor 204 to perform corresponding operations. In some implementations, the application 222 can be arranged to execute instructions on the operating system with the program data 224 by the one or more processors 204. Operating system 220 may be, for example, Linux, Windows, or the like, which includes program instructions for handling basic system services and for performing hardware-dependent tasks. The application 222 includes program instructions for implementing various user-desired functions, and the application 222 may be, for example, but not limited to, a browser, instant messenger, a software development tool (e.g., an integrated development environment IDE, a compiler, etc.), and the like. When the application 222 is installed into the computing device 200, a driver module may be added to the operating system 220.
When the computing device 200 is started, the processor 204 reads program instructions of the operating system 220 from the memory 206 and executes them. Applications 222 run on top of operating system 220, utilizing the interface provided by operating system 220 and the underlying hardware to implement various user-desired functions. When the user starts the application 222, the application 222 is loaded into the memory 206, and the processor 204 reads the program instructions of the application 222 from the memory 206 and executes the program instructions.
Computing device 200 also includes storage device 232, storage device 232 including removable storage 236 and non-removable storage 238, each of removable storage 236 and non-removable storage 238 being connected to storage interface bus 234.
Computing device 200 may also include an interface bus 240 that facilitates communication from various interface devices (e.g., output devices 242, peripheral interfaces 244, and communication devices 246) to the basic configuration 202 via the bus/interface controller 230. The example output device 242 includes a graphics processing unit 248 and an audio processing unit 250. They may be configured to facilitate communication with various external devices, such as a display or speakers, via one or more a/V ports 252. Example peripheral interfaces 244 can include a serial interface controller 254 and a parallel interface controller 256, which can be configured to facilitate communications with external devices such as input devices (e.g., keyboard, mouse, pen, voice input device, touch input device) or other peripherals (e.g., printer, scanner, etc.) via one or more I/O ports 258. An example communication device 246 may include a network controller 260, which may be arranged to facilitate communications with one or more other computing devices 262 over a network communication link via one or more communication ports 264.
A network communication link may be one example of a communication medium. Communication media may typically be embodied by computer readable instructions, data structures, program modules, and may include any information delivery media, such as carrier waves or other transport mechanisms, in a modulated data signal. A "modulated data signal" may be a signal that has one or more of its data set or its changes made in such a manner as to encode information in the signal. By way of non-limiting example, communication media may include wired media such as a wired network or private-wired network, and various wireless media such as acoustic, Radio Frequency (RF), microwave, Infrared (IR), or other wireless media. The term computer readable media as used herein may include both storage media and communication media.
The computing device 200 also includes a storage interface bus 234 coupled to the bus/interface controller 230. The storage interface bus 234 is coupled to the storage device 232, and the storage device 232 is adapted to store data. Example storage devices 232 may include removable storage 236 (e.g., CD, DVD, U-disk, removable hard disk, etc.) and non-removable storage 238 (e.g., hard disk drive, HDD, etc.).
In the computing device 200 according to the invention, the application 222 comprises a plurality of program instructions to perform the method 300 or the method 400. The method for authorizing the application program of the present invention includes the method for generating the authorization information and burning the authorization information into the computing device in the first phase (corresponding to the method 300) and the method for verifying the authorization information in the second phase (corresponding to the method 400), which are described below.
Fig. 3 shows a flowchart of a method 300 for generating authorization information and burning the authorization information into a computing device in an authorization method of an application according to an embodiment of the present invention. The method 300 is suitable for execution in a computing device, such as the computing device 200 described above.
As shown in fig. 3, the purpose of the method 300 is to generate and burn authorization information into a computing device, the method 300 begins with step S302.
In step S302, at least one piece of hardware information in the computing device is encrypted, and respective first hardware encryption information is generated. The aforementioned computing device includes a plurality of hardware (e.g., a motherboard, a BIOS, a hard disk, a cpu, a network card, a memory, a video card, a sound card, etc.), and the staff needs to set a range of matching degree of the hardware information according to actual hardware configuration and validity and reliability of the hardware information, that is, which hardware is selected as the hardware information to be bound. In other words, it is necessary to store in the computing device which hardware information that needs to be encrypted.
Illustratively, the validity and reliability of the hard disk are higher than those of the sound card, the information of the hard disk is preferably selected as the binding information, and the reliability and the validity can be determined by referring to the user replacement ratio or the number of times in the historical data between the two.
In one specific example, the following ranges of hardware information matching degrees may be referred to:
a. hard disk information + CPU information + memory information + BIOS information + mainboard information + network card information;
b. hard disk 1 information + hard disk 2 information + mainboard information + network card 1 information + network card 2 information;
c. motherboard information + BIOS information + CPU information + memory information.
Wherein, a, b and c respectively represent the range of the matching degree of the hardware information.
After the range of the matching degree of the hardware information is determined, the hardware information of all hardware in the range of the matching degree of the selected hardware information is read, and all the hardware information in the range of the matching degree of the hardware information is encrypted one by adopting an encryption algorithm. Preferably, SHA256 encryption algorithm may be used, but it is not limited thereto, and other hash encryption algorithm such as MD5, or encryption algorithm such as RSA, DSA, etc. may also be used.
Continuing with the foregoing example, taking SHA256 as an example, encrypting the hardware in each hardware information matching degree may be expressed as:
a1SHA256 (hard disk information) + SHA256(CPU information) + SHA256 (memory information) + SHA256(BIOS information) + SHA256 (motherboard information) + SHA256 (network card information);
b1SHA256 (hard disk 1 information) + SHA256 (hard disk 2 information) + SHA256 (motherboard information) + SHA256 (network card 1 information) + SHA256 (network card 2 information);
c1SHA256 (motherboard information) + SHA256(BIOS information) + SHA256(CPU information) + SHA256 (memory information).
Wherein, a1 ,b1 ,c1Each containing a plurality of hardware encryption information.
It should be noted that the hardware information needs to uniquely specify the hardware, for example, if the hardware is a motherboard, the motherboard information may be a serial number of the motherboard, if the hardware is a CPU, the CPU information may be a CPU serial number, if the motherboard is a network card, the network card information may be a network card MAC, and the like.
In step S304, an authorization serial number of the application program is acquired. The authorized serial number of the application is provided by the software vendor.
In step 306, based on the check value generation algorithm, the first hardware encryption information and the authorization serial number of the application program are encoded to generate a first check value. Specifically, the check value generation algorithm may employ a cyclic redundancy check algorithm (CRC), although not limited thereto.
In a specific example, the information a is encrypted by hardware in the above example1The following description is made with respect to the authorized serial number encoding of the application:
check value (a)1The authorized serial number of the application) = CRC [ SHA256 (hard disk information) + SHA256(CPU information) + SHA256 (memory information) + SHA256(BIOS information) + SHA256 (motherboard information) + SHA256 (network card information) + + SHA256 (network card information) +Authorization sequence number of application).
In this example, a complete authorization message (a)1) Can be expressed as:
of course, in order to further improve the stability of authorization and the diversity of authorization, a plurality of authorization information may be generated as alternatives for the same application program, so as to ensure that the authorization verification process can still be normally completed when part of the hardware is replaced. For example, with the method in this example, the information b about the aforementioned hardware encryption information b is generated separately1And c1Corresponding authorization information (b)1) And authorization information (c)1)。
In step 308, the generated authorization information is written into a bios (basic Input Output system) chip of the computing device by burning. Multiple authorization messages can be recorded in the BIOS chip, for example, authorization message (a)1) Authorization information (b)1) And authorization information (c)1) It is also possible to burn only one authorization information, which is not limited herein.
Based on the above, the authorization information is actually a long array, which is not convenient for storage and analysis, and therefore, before the authorization information is burned into the BIOS chip, the method 300 further includes:
and structuring the first hardware encryption algorithm, the authorization serial number of the application program and the first check value. And forming a structural body by the first hardware encryption algorithm, the authorization serial number of the application program and the first check value. In particular, a correlation algorithm may be used for the structuring process, for example:
struct authorinfo
{
char SHA256_disk[32];
char SHA256_cpu[32];
char SHA256_board[32];
char sn[32];
int crc;
}。
after the authorization information is subjected to structured processing, on one hand, burning of the authorization information can be facilitated, and on the other hand, the confidentiality of the authorization information can be improved.
Alternatively, the authorization information may be burned into the BIOS chip in a table manner, for example, as follows:
| name of field | Field length (byte) |
| Hard disk encryption information | 32 |
| CPU encryption information | 32 |
| Mainboard encryption information | 32 |
| Application authorization sequence number | 16 |
| Check value | 4 |
The process of generating and burning the authorization information in the first stage in the method for authorizing the application program provided by the embodiment is completed.
Fig. 4 shows a flowchart of an authorization information verification method 400 in an authorization method of an application according to an embodiment of the present invention. The method 400 is suitable for execution in a computing device, such as the computing device 200 described above.
As shown in fig. 4, the method 400 is directed to verifying authorization information, and begins with step S402, in which at least one piece of authorization information pre-stored in a computing device is extracted, the authorization information including at least one piece of first hardware encryption information, an authorization serial number of an application program, and a first check value. The authorization information is pre-programmed into the BIOS chip of the computing device, and the generation process and programming process correspond to the method 300, which are not described herein again.
In step S404, the authorization information is parsed to determine whether the authorization information is correct.
Specifically, the authorization information is analyzed, and first hardware encryption information, an authorization serial number of an application program and a first check value are respectively obtained; coding the first hardware encryption information and the authorization serial number of the application program through a check value generation algorithm to generate a second check value; judging whether the first check value is the same as the second check value; if the first check value is the same as the second check value, judging whether the authorization serial number of the application program is legal or not; and if the authorization serial number of the application program is legal, the authorization information is confirmed to be correct. Correspondingly, when the first check value is different from the second check value or the application program is illegal after being subjected to the authorization sequence, the authorization fails.
It is to be noted that the check value generation algorithm employed in generating the second verification value should be the same as the check value generation algorithm employed in the aforementioned step S306.
In a specific example, whether the authorized serial number of the application program is legal is judged, and a rule of a software manufacturer corresponding to the application program when the software manufacturer generates the authorized serial number can be queried, for example, the authorized serial numbers generated by the software manufacturer are all numbers, and if non-numbers (such as letters) appear in the obtained authorized serial number of the application program, the software serial number of the application program is not legal; alternatively, the authorization serial number generated by the software manufacturer is 11 bits, and the obtained authorization serial number of the application program is more or less than 11, which indicates that the software serial number of the application program is illegal, and the like.
It should be noted that, if the authorization information is structured during generation, the authorization information needs to be inversely structured during analysis, that is, the authorization information is processed by an algorithm inverse to the structural algorithm.
In step S406, when the authorization information is determined to be correct, each piece of hardware information related to the preset matching rule of the computing device is acquired.
Specifically, each hardware identifier corresponding to the first hardware encryption information is obtained; and acquiring hardware information related to hardware identifications in the current computing equipment. The hardware identification can be understood as a hardware name, in other words, which hardware is encrypted in the first hardware encryption information is obtained, and then the hardware information of the hardware configured in the computing device is checked. The hardware information may be obtained through a document such as a description matched with the computing device, or may be obtained by checking an attribute of the computing device, which is not limited in this embodiment.
In one specific example, the preset matching rule may be: the matching hardware information range corresponding to the first hardware encryption information is 7 pieces of hardware, and then the current computing equipment only needs to satisfy that 5 pieces or more of hardware information are the same as the hardware in the matching hardware information range corresponding to the first hardware encryption information, or the matching range is 5 pieces of hardware, and the matching range satisfies that 3 pieces or more of hardware information are the same.
In step S408, the hardware information is encrypted to generate second hardware encrypted information.
It should be noted that the encryption algorithm used in generating the second hardware encryption information should be the same as that used in generating the first hardware encryption information.
In step S410, the second hardware encryption information is matched with the first hardware encryption information, and when a preset matching rule is satisfied, the authorization is successful. Specifically, the second hardware encryption information is matched with the first hardware encryption information, and when the matching degree reaches a preset threshold value, authorization is successful. For example, the first hardware encryption information corresponds to 7 hardware encryption information, if the corresponding 5 hardware encryption information in the second hardware encryption information is the same as that in the first hardware encryption information, the authorization is successful, and the authorization is failed by the other person.
The scheme of the invention adopts a mode of binding the hardware information and the software authorization serial number, solves the problem of infinite diffusion of the authorization serial number, thereby reducing the loss of software manufacturers and strengthening the support to the legal software.
The scheme also provides a hardware information matching rule, and the authorization verification process can still be normally completed when the user replaces part of hardware, so that a certain degree of freedom can be provided for the user, the user experience is improved, and the benefit protection of a software provider is enhanced.
The various techniques described herein may be implemented in connection with hardware or software or, alternatively, with a combination of both. Thus, the methods and apparatus of the present invention, or certain aspects or portions thereof, may take the form of program code (i.e., instructions) embodied in tangible media, such as removable hard drives, U.S. disks, floppy disks, CD-ROMs, or any other machine-readable storage medium, wherein, when the program is loaded into and executed by a machine, such as a computer, the machine becomes an apparatus for practicing the invention.
In the case of program code execution on programmable computers, the computing device will generally include a processor, a storage medium readable by the processor (including volatile and non-volatile memory and/or storage elements), at least one input device, and at least one output device. Wherein the memory is configured to store program code; the processor is configured to perform the method of the invention according to instructions in said program code stored in the memory.
By way of example, and not limitation, readable media may comprise readable storage media and communication media. Readable storage media store information such as computer readable instructions, data structures, program modules or other data. Communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media. Combinations of any of the above are also included within the scope of readable media.
In the description provided herein, algorithms and displays are not inherently related to any particular computer, virtual system, or other apparatus. Various general purpose systems may also be used with examples of this invention. The required structure for constructing such a system will be apparent from the description above. Moreover, the present invention is not directed to any particular programming language. It is appreciated that a variety of programming languages may be used to implement the teachings of the present invention as described herein, and any descriptions of specific languages are provided above to disclose preferred embodiments of the invention.
In the description provided herein, numerous specific details are set forth. It is understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be interpreted as reflecting an intention that: that the invention as claimed requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this invention.
Those skilled in the art will appreciate that the modules or units or components of the devices in the examples disclosed herein may be arranged in a device as described in this embodiment or alternatively may be located in one or more devices different from the devices in this example. The modules in the foregoing examples may be combined into one module or may be further divided into multiple sub-modules.
Those skilled in the art will appreciate that the modules in the device in an embodiment may be adaptively changed and disposed in one or more devices different from the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and furthermore they may be divided into a plurality of sub-modules or sub-units or sub-components. All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or elements of any method or apparatus so disclosed, may be combined in any combination, except combinations where at least some of such features and/or processes or elements are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
Furthermore, those skilled in the art will appreciate that while some embodiments described herein include some features included in other embodiments, rather than other features, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.
Furthermore, some of the described embodiments are described herein as a method or combination of method elements that can be performed by a processor of a computer system or by other means of performing the described functions. A processor having the necessary instructions for carrying out the method or method elements thus forms a means for carrying out the method or method elements. Further, the elements of the apparatus embodiments described herein are examples of the following apparatus: the apparatus is used to implement the functions performed by the elements for the purpose of carrying out the invention.
As used herein, unless otherwise specified the use of the ordinal adjectives "first", "second", "third", etc., to describe a common object, merely indicate that different instances of like objects are being referred to, and are not intended to imply that the objects so described must be in a given sequence, either temporally, spatially, in ranking, or in any other manner.
While the invention has been described with respect to a limited number of embodiments, those skilled in the art, having benefit of this description, will appreciate that other embodiments can be devised which do not depart from the scope of the invention as described herein. Furthermore, it should be noted that the language used in the specification has been principally selected for readability and instructional purposes, and may not have been selected to delineate or circumscribe the inventive subject matter. Accordingly, many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the appended claims. The present invention has been disclosed in an illustrative rather than a restrictive sense with respect to the scope of the invention, as defined in the appended claims.
Claims (10)
1. A method of authorization of an application, executed in a computing device, the method comprising:
extracting at least one piece of authorization information pre-stored in the computing device, wherein the authorization information comprises at least one piece of first hardware encryption information, an authorization serial number of the application program and a first check value;
analyzing the authorization information to judge whether the authorization information is correct or not;
when the authorization information is determined to be correct, acquiring hardware information related to a preset matching rule of the computing equipment;
encrypting each piece of hardware information to generate each piece of second hardware encryption information;
and matching the second hardware encryption information with the first hardware encryption information, and when the preset matching rule is met, authorizing successfully.
2. The method of claim 1, wherein the authorization information is written to a BIOS chip of the computing device by burning.
3. The method of claim 1, further comprising the step of generating the authorization information comprising:
at least one piece of hardware information in the computing equipment is encrypted respectively to generate respective first hardware encryption information;
obtaining an authorization serial number of the application program;
and coding each piece of first hardware encryption information and the authorization serial number of the application program based on a check value generation algorithm to generate the first check value.
4. A method according to claim 1 or 3, wherein the step of parsing the authorisation information to determine whether the authorisation information is correct comprises:
analyzing the authorization information, and respectively obtaining the first hardware encryption information, the authorization serial number of the application program and the first check value;
coding the first hardware encryption information obtained by analysis and the authorization serial number of the application program through a check value generation algorithm to generate a second check value;
judging whether the first check value is the same as the second check value;
if the first check value is the same as the second check value, judging whether the authorization serial number of the application program is legal or not;
and if the authorization serial number of the application program is legal, confirming that the authorization information is correct.
5. The method of claim 1, wherein the step of obtaining hardware information related to the preset matching rules of the computing device upon determining that the authorization information is correct comprises:
acquiring hardware identifiers corresponding to the first hardware encryption information;
and acquiring each piece of hardware information related to each hardware identification in the current computing equipment.
6. The method of claim 3, wherein the encryption algorithm is SHA 256; the check value generation algorithm is a cyclic redundancy check algorithm.
7. The method of claim 3, wherein the generating authorization information further comprises:
and structuring the first hardware encryption algorithm, the authorization serial number of the application program and the first check value.
8. The method of claim 1, wherein the matching the second hardware encryption information with the first hardware encryption information, and when a preset matching rule is satisfied, the authorizing successfully comprises:
and matching the second hardware encryption information with the first hardware encryption information, and when the matching degree reaches a preset threshold value, successfully authorizing.
9. A computing device, comprising:
at least one processor; and
a memory storing program instructions configured for execution by the at least one processor, the program instructions comprising instructions for performing the method of any of claims 1-8.
10. A readable storage medium storing program instructions that, when read and executed by a computing device, cause the computing device to perform the method of any of claims 1-8.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110624008.5A CN113254887A (en) | 2021-06-04 | 2021-06-04 | Authorization method of application program, computing device and storage medium |
| PCT/CN2021/124292 WO2022252466A1 (en) | 2021-06-04 | 2021-10-18 | Application authorization method, computing device, and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110624008.5A CN113254887A (en) | 2021-06-04 | 2021-06-04 | Authorization method of application program, computing device and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113254887A true CN113254887A (en) | 2021-08-13 |
Family
ID=77186570
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110624008.5A Pending CN113254887A (en) | 2021-06-04 | 2021-06-04 | Authorization method of application program, computing device and storage medium |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN113254887A (en) |
| WO (1) | WO2022252466A1 (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113761479A (en) * | 2021-09-15 | 2021-12-07 | 厦门熵基科技有限公司 | Software authorization method, system, equipment and computer storage medium |
| CN114117364A (en) * | 2022-01-24 | 2022-03-01 | 北京麟卓信息科技有限公司 | Offline software license control method and system |
| CN114510685A (en) * | 2022-01-28 | 2022-05-17 | 统信软件技术有限公司 | Reset method of authorization state, and update method and system of authorization state |
| WO2022252466A1 (en) * | 2021-06-04 | 2022-12-08 | 统信软件技术有限公司 | Application authorization method, computing device, and storage medium |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117077184B (en) * | 2023-10-17 | 2024-01-30 | 西安热工研究院有限公司 | Method, system, equipment and medium for authorizing and keeping secret of upper computer software of DCS (distributed control system) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109598104A (en) * | 2018-11-28 | 2019-04-09 | 武汉虹旭信息技术有限责任公司 | Soft ware authorization based on timestamp and secret authentication file protects system and method |
| CN110162936A (en) * | 2019-05-31 | 2019-08-23 | 北京比特安索信息技术有限公司 | A kind of use authorization method of software content |
| CN110659457A (en) * | 2019-09-20 | 2020-01-07 | 安徽听见科技有限公司 | Application authorization verification method and device and client |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103592927A (en) * | 2013-11-26 | 2014-02-19 | 蓝盾信息安全技术股份有限公司 | Method for binding product server and service function through license |
| CN109840398A (en) * | 2019-02-14 | 2019-06-04 | 北京儒博科技有限公司 | Software authorization method, device, equipment and storage medium |
| US11507700B2 (en) * | 2019-10-03 | 2022-11-22 | Insyde Software Corp. | Firmware-based method for securely enabling hardware devices during a computing platform boot sequence |
| CN111709010B (en) * | 2020-06-19 | 2021-05-07 | 山东省计算中心(国家超级计算济南中心) | Terminal authentication information extraction and verification method and system based on state cryptographic algorithm |
| CN113254887A (en) * | 2021-06-04 | 2021-08-13 | 统信软件技术有限公司 | Authorization method of application program, computing device and storage medium |
-
2021
- 2021-06-04 CN CN202110624008.5A patent/CN113254887A/en active Pending
- 2021-10-18 WO PCT/CN2021/124292 patent/WO2022252466A1/en unknown
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109598104A (en) * | 2018-11-28 | 2019-04-09 | 武汉虹旭信息技术有限责任公司 | Soft ware authorization based on timestamp and secret authentication file protects system and method |
| CN110162936A (en) * | 2019-05-31 | 2019-08-23 | 北京比特安索信息技术有限公司 | A kind of use authorization method of software content |
| CN110659457A (en) * | 2019-09-20 | 2020-01-07 | 安徽听见科技有限公司 | Application authorization verification method and device and client |
Non-Patent Citations (1)
| Title |
|---|
| QQ362556656: "揭秘TPM安全芯片技术及应用", 《HTTPS://WENKU.BAIDU.COM/VIEW/03F5803483C4BB4CF7ECD166.HTML》 * |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2022252466A1 (en) * | 2021-06-04 | 2022-12-08 | 统信软件技术有限公司 | Application authorization method, computing device, and storage medium |
| CN113761479A (en) * | 2021-09-15 | 2021-12-07 | 厦门熵基科技有限公司 | Software authorization method, system, equipment and computer storage medium |
| CN113761479B (en) * | 2021-09-15 | 2024-03-12 | 厦门熵基科技有限公司 | Software authorization method, system, equipment and computer storage medium |
| CN114117364A (en) * | 2022-01-24 | 2022-03-01 | 北京麟卓信息科技有限公司 | Offline software license control method and system |
| CN114117364B (en) * | 2022-01-24 | 2022-03-29 | 北京麟卓信息科技有限公司 | Offline software license control method and system |
| CN114510685A (en) * | 2022-01-28 | 2022-05-17 | 统信软件技术有限公司 | Reset method of authorization state, and update method and system of authorization state |
| CN114510685B (en) * | 2022-01-28 | 2024-05-14 | 统信软件技术有限公司 | Authorization state resetting method, authorization state updating method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2022252466A1 (en) | 2022-12-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113254887A (en) | Authorization method of application program, computing device and storage medium | |
| CN112699342B (en) | Authorization control method, authorization device and computing equipment | |
| CN108900471B (en) | Server, client, network system and method for transmitting data | |
| US8560820B2 (en) | Single security model in booting a computing device | |
| CN113343185B (en) | Authorization method of client application, computing device and storage medium | |
| US20090259855A1 (en) | Code Image Personalization For A Computing Device | |
| CN112182550A (en) | Authorization method, authorization system, activation device and computing equipment for application program | |
| JP2008537224A (en) | Safe starting method and system | |
| WO2007000993A1 (en) | Verification method, information processing device, recording medium, verification system, certification program, and verification program | |
| CN113746638B (en) | NFT storage method, NFT restoration method, computer device, and storage medium | |
| US20130019110A1 (en) | Apparatus and method for preventing copying of terminal unique information in portable terminal | |
| CN115001766B (en) | Efficient multi-node batch remote proving method | |
| CN116522368A (en) | Firmware decryption analysis method for Internet of things equipment, electronic equipment and medium | |
| CN114189553A (en) | Flow playback method, system and computing equipment | |
| CN106569907A (en) | System start-up file verifying and compiling method | |
| CN111464258B (en) | Data verification method, device, computing equipment and medium | |
| EP2779568B1 (en) | Access control method | |
| JP2021517409A (en) | Storage device authentication fix | |
| WO2021139443A1 (en) | Data access control method and apparatus, and data access device and system | |
| CN113536361A (en) | Method and device for realizing trusted reference library and computing equipment | |
| CN112187786A (en) | Service processing method, device, server and storage medium of network service | |
| CN113806810B (en) | Authentication method, authentication system, computing device, and storage medium | |
| CN116756784B (en) | System verification method and device, electronic equipment and readable storage medium | |
| CN114327657B (en) | Large mirror image division downloading and signature verification method based on Fastboot and storage medium thereof | |
| WO2022120572A1 (en) | Tamper verification method and apparatus |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |