CN113343183A - Authorization method and system based on UKEY - Google Patents
Authorization method and system based on UKEY Download PDFInfo
- Publication number
- CN113343183A CN113343183A CN202110429993.4A CN202110429993A CN113343183A CN 113343183 A CN113343183 A CN 113343183A CN 202110429993 A CN202110429993 A CN 202110429993A CN 113343183 A CN113343183 A CN 113343183A
- Authority
- CN
- China
- Prior art keywords
- authorization
- ukey
- authorized
- information
- control information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000013475 authorization Methods 0.000 title claims abstract description 206
- 238000000034 method Methods 0.000 title claims abstract description 29
- 230000007774 longterm Effects 0.000 abstract 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/123—Restricting unauthorised execution of programs by using dedicated hardware, e.g. dongles, smart cards, cryptographic processors, global positioning systems [GPS] devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/105—Arrangements for software license management or administration, e.g. for managing licenses at corporate level
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Technology Law (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Multimedia (AREA)
- Radar, Positioning & Navigation (AREA)
- Remote Sensing (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses an authorization method and system based on UKEY.A read-only area and a read-write area are arranged in the UKEY, an authorization service program is loaded in a device to be authorized, and locally configured information of a project to be authorized is loaded; loading and decrypting authorization control information in the UKEY through an authorization service program, verifying the correctness of the to-be-authorized item information according to the authorization control information, and generating hardware fingerprint information of equipment by combining the to-be-authorized item information after judging that the to-be-authorized item information is correct; and generating an authorization file according to the hardware fingerprint information of the equipment. The UKEY is additionally provided with the read-write area, so that the hardware fingerprint information of the historical authorization equipment can be read, and the authorization process of the historical authorization equipment is simplified. In addition, the authorization file is stored in the authorized device by loading the authorization service program in the local setting. Commercial software in the equipment can normally run only by checking the correctness of the authorization file, so that the long-term occupation of the USB interface of the equipment is avoided. Furthermore, by this approach, it is possible to quickly authorize commercial software in a plurality of different devices in a very short time.
Description
Technical Field
The invention relates to the technical field of software authorization and decryption, in particular to an authorization method and system based on UKEY.
Background
In the business software industry, in order to protect the legitimate rights of developers, software often needs to be authorized, and only authorized users can use the corresponding business software. There are several commonly used authorization methods: one is online authorization, equipment needing authorization sends equipment information and an authorization code to an authorization center at the cloud end, and the authorization center performs authorization after verifying the correctness of the information; one is off-line authorization, which is to encrypt and write authorization information into a UKEY hardware device, and when a commercial software is run, a corresponding authorization UKEY must be inserted, and once the UKEY is pulled out, the user cannot continue to use the device. For online authorization, it is necessary that authorized devices must be networked, but for some military industries, security units, the devices are not allowed to be networked, and online authorization is completely infeasible. Although offline UKEY authorization is not networked, the UKEY needs to be always kept in a plugged-in state, which is not beautiful, and also has the risk of service interruption caused by the fact that commercial software cannot normally run after the UKEY is unplugged.
Disclosure of Invention
The present invention is directed to overcome the above technical deficiencies, and to provide an authorization method and system based on UKEY to solve the above problems.
In order to achieve the above technical object, a first aspect of the technical solution of the present invention provides an authorization method based on UKEY, which includes the following steps:
setting a read-only area and a read-write area in the UKEY, encrypting the authorization control information and writing the authorization control information into the read-only area in the UKEY;
loading an authorization service program in the equipment to be authorized, and loading the locally configured information of the items to be authorized from a local configuration file of the equipment to be authorized;
the authorization service program loads authorization control information in the UKEY and analyzes the authorization control information, checks the correctness of the to-be-authorized item information according to the authorization control information, and generates hardware fingerprint information of the equipment by combining the to-be-authorized item information after judging that the to-be-authorized item information is correct;
and the authorization service program generates an authorization file according to the hardware fingerprint information of the equipment to finish authorization work.
The invention provides an authorization system based on UKEY in a second aspect, which comprises the following functional modules:
the UKEY setting module is used for setting a read-only area and a read-write area in the UKEY, encrypting the authorization control information and writing the authorization control information into the read-only area in the UKEY;
the local setting module is used for loading an authorization service program in the equipment to be authorized and loading the locally configured information of the items to be authorized from the local configuration file of the equipment to be authorized;
the decryption loading module is used for loading the authorization control information in the UKEY by the authorization service program, analyzing the authorization control information, checking the correctness of the to-be-authorized item information according to the authorization control information, and generating hardware fingerprint information of the equipment by combining the to-be-authorized item information after judging that the to-be-authorized item information is correct;
and the authorization completion module is used for generating an authorization file by the authorization service program according to the hardware fingerprint information of the equipment to complete authorization work.
Compared with the prior art, the authorization method and the authorization system based on the UKEY have the following beneficial effects that:
1. hardware information of authorized equipment can be collected while offline authorization is carried out, and the problem that whether authorization information is repeated or not is conveniently compared in the future;
2. the authorization efficiency is improved, and batch authorization is convenient; the manual intervention is greatly reduced, and the possibility of manual misoperation is avoided.
3. An authorization file is generated based on authorization control information in the UKEY and stored in authorized equipment, the UKEY does not need to be inserted into the equipment all the time, the use of the UKEY is reduced, the occupation of a USB interface of the equipment is avoided, and the potential risk of service interruption caused by the fact that commercial software cannot be used due to the fact that the USB is pulled out or damaged possibly is avoided;
4. the authorization is more safe, the authorization is correctly encrypted through the shell adding program, and the authorization program can be decrypted only after the UKEY is correctly authenticated, so that the security of the authorization program is improved.
Drawings
Fig. 1 is a flow chart of an authorization method based on UKEY according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating steps of a UKEY-based authorization method according to an embodiment of the present invention;
fig. 3 is a block diagram of modules of a UKEY-based authorization system according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
As shown in fig. 1 and 2, an embodiment of the present invention provides a UKEY-based authorization method, which includes the following steps:
s1, setting a read-only area and a read-write area in the UKEY, encrypting the authorization control information and writing the authorization control information into the read-only area in the UKEY.
Specifically, the UKEY includes a read-only area and a read-write area, where the read-only area is used to store encrypted authorization control information, and specifically, the authorization control information is stored in an authorization control information list. The following table is an example of a list of authorization control information:
the read-write area is used for recording and storing hardware fingerprint information of the historical authorization equipment, reading the hardware fingerprint information of the historical authorization equipment and recording and reading other historical authorization related information; in addition, the read-write area also stores the authorized quantity, and the authorized quantity is automatically increased by one after authorization.
The steps for writing the authorization control information into UKEY are described as follows:
firstly, writing the authorization control information into a file according to a certain format, then starting a UKEY writing tool, loading the authorization control information file, and finally encrypting the authorization control information and writing the authorization control information into a read-only area in the UKEY.
S2, loading the authorization service program in the device to be authorized, and loading the locally configured information of the items to be authorized from the local configuration file of the device to be authorized.
The authorization service program is used for reading and decrypting authorization control information in the UKEY and authorizing the current equipment; all hardware fingerprint information stored in UKEY may also be derived.
The information of the items to be authorized comprises information such as customer names and product names.
S3, the authorization service program loads the authorization control information in the UKEY and analyzes the authorization control information, checks the correctness of the to-be-authorized item information according to the authorization control information, and generates the hardware fingerprint information of the equipment by combining the to-be-authorized item information after judging that the to-be-authorized item information is correct.
Before the authorization service program loads the authorization control information in the UKEY and decrypts the authorization control information, the authorization service program detects and judges whether the UKEY is inserted in real time, when the authorization service program detects and judges that the UKEY is inserted in real time, the authorization service program verifies the correctness of the UKEY, and loads the authorization control information in the UKEY and decrypts the authorization control information after the UKEY is judged to be authorized.
After the authorization control information is analyzed, the authorization control information in the UKEY needs to be verified, which specifically includes the following steps:
judging whether an authorized amount exists according to the authorized amount information in the authorization control information, if not, recording an error log and prompting that authorization fails;
after the UKEY is judged to have the authorization limit, whether the UKEY authorization control information is subjected to permanent authorization or not is judged according to the authorization time information in the authorization control information, and if the UKEY authorization control information is subjected to permanent authorization, the next step is carried out;
when the UKEY authorization control information is judged not to be permanently authorized, checking whether the current time of the system is within an authorization time range; if the time is not within the authorization time range, the authorization is prompted to fail. If the authorization time range is within the authorization time range or the authorization is permanent, the next step is carried out.
Meanwhile, after the authorization control information is analyzed, the authorization control information needs to be written into a log file of the device to be authorized, so that a user can know the remaining authorization amount in the current UKEY conveniently.
The correctness of the project information to be authorized is verified according to the authorization control information, specifically, whether a client name and a product name in the authorization control information are consistent with a client name and a product name configured on the device to be authorized is verified; and when the client name and the product name in the authorization control information are consistent with the client name and the product name configured on the device to be authorized, generating hardware fingerprint information of the device by combining the item information to be authorized, wherein the hardware fingerprint information comprises a CPU (Central processing Unit) model, a CPU serial number, the number of network ports, a network port MAC (media access control) address and network port type information.
And S4, the authorization service program generates an authorization file according to the hardware fingerprint information of the equipment to finish the authorization work.
Before generating the authorization information of the equipment by combining the project information to be authorized, judging whether the equipment is authorized by comparing whether the hardware fingerprint of the current equipment is consistent with the hardware fingerprint in the hardware fingerprint information stored in the UKEY, and directly calling the historical hardware fingerprint information of the corresponding equipment stored in the read-write area of the UKEY to generate an authorization file for the equipment which is authorized once.
And after the authorization service program generates an authorization file according to the hardware fingerprint information of the equipment, storing the hardware fingerprint into a read-write area of the UKEY.
The authorization method based on the UKEY of the invention can collect the hardware information of the authorized device while off-line authorization by adding the read-write area in the UKEY, simplify the authorization process of the historical authorization device by reading the hardware fingerprint information of the historical authorization device, improve the authorization efficiency, and enable the authorization control information in the UKEY to generate the authorization file to be stored in the authorized device by loading the authorization service program in the local setting, thereby not needing to insert the UKEY on the device all the time, reducing the use of the UKEY, avoiding the occupation of the USB interface of the device, and simultaneously carrying out synchronous authorization on a plurality of commercial software in the same device.
Based on the authorization method based on the UKEY, the invention further provides an authorization system based on the UKEY, as shown in fig. 3, which includes the following functional modules:
a UKEY setting module 10, configured to set a read-only area and a read-write area in a UKEY, encrypt the authorization control information, and write the encrypted authorization control information into the read-only area in the UKEY;
the local setting module 20 is configured to load an authorization service program in the device to be authorized, and load locally configured to-be-authorized item information from a local configuration file of the device to be authorized;
the decryption loading module 30 is used for the authorization service program to load the authorization control information in the UKEY and analyze the authorization control information, check the correctness of the to-be-authorized item information according to the authorization control information, and generate the hardware fingerprint information of the equipment by combining the to-be-authorized item information after judging that the to-be-authorized item information is correct;
and the authorization completion module 40 is used for the authorization service program to generate an authorization file according to the hardware fingerprint information of the equipment, so as to complete the authorization work.
The execution mode of the authorization system based on the UKEY in this embodiment is basically the same as that of the authorization method based on the UKEY, and therefore, detailed description thereof is omitted.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and reference may be made to the related descriptions of other embodiments for parts that are not described or illustrated in a certain embodiment.
Those of ordinary skill in the art would appreciate that the modules, elements, and/or method steps of the various embodiments described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (10)
1. An authorization method based on UKEY is characterized by comprising the following steps:
setting a read-only area and a read-write area in the UKEY, encrypting the authorization control information and writing the authorization control information into the read-only area in the UKEY;
loading an authorization service program in the equipment to be authorized, and loading the locally configured information of the items to be authorized from a local configuration file of the equipment to be authorized;
the authorization service program loads authorization control information in the UKEY and analyzes the authorization control information, checks the correctness of the to-be-authorized item information according to the authorization control information, and generates hardware fingerprint information of the equipment by combining the to-be-authorized item information after judging that the to-be-authorized item information is correct;
and the authorization service program generates an authorization file according to the hardware fingerprint information of the equipment to finish authorization work.
2. The UKEY-based authorization method according to claim 1, wherein the read-write area of the UKEY is used for recording and storing hardware fingerprint information of the historical authorization device and for reading the hardware fingerprint information of the historical authorization device.
3. The UKEY-based authorization method according to claim 1, wherein before the authorization service program loads and decrypts the authorization control information in the UKEY, the authorization service program detects and judges whether the UKEY is inserted in real time, and when the authorization service program detects and judges that the UKEY is inserted in real time, the authorization service program verifies the correctness of the UKEY and loads and decrypts the authorization control information in the UKEY after judging that the UKEY is authorized.
4. The UKEY-based authorization method according to claim 1, wherein after parsing the authorization control information, the authorization control information in the UKEY needs to be verified, specifically comprising the steps of:
judging whether an authorized amount exists according to the authorized amount information in the authorization control information;
after the UKEY is judged to have the authorization limit, whether the UKEY authorization control information is permanently authorized is judged according to the authorization time information in the authorization control information;
and when the UKEY authorization control information is judged not to be permanently authorized, checking whether the current time of the system is within the authorization time range.
5. The UKEY-based authorization method according to claim 1, wherein the authorization control information is written into a log file of the device to be authorized after parsing the authorization control information.
6. The UKEY-based authorization method according to claim 1, wherein the correctness of the information of the item to be authorized is checked according to the authorization control information, specifically, whether the client name and the product name in the authorization control information are consistent with the client name and the product name configured on the device to be authorized is checked.
7. The UKEY-based authorization method according to claim 1, wherein the hardware fingerprint information includes information such as CPU model, CPU serial number, number of network ports, MAC address of network port, type of network port.
8. The UKEY-based authorization method according to claim 1, characterized in that after the authorization service program generates the authorization file according to the hardware fingerprint information of the device, the hardware fingerprint is stored in the read-write area of the UKEY.
9. The UKEY-based authorization method according to claim 1, characterized in that before generating the authorization information of the device in combination with the information of the item to be authorized, the hardware fingerprint of the current device is compared with the hardware fingerprint in the hardware fingerprint information stored in the UKEY to determine whether the device is authorized, and for the device that has been authorized, the historical hardware fingerprint information of the corresponding device stored in the read-write area of the UKEY is directly retrieved to generate the authorization file.
10. An authorization system based on UKEY is characterized by comprising the following functional modules:
the UKEY setting module is used for setting a read-only area and a read-write area in the UKEY, encrypting the authorization control information and writing the authorization control information into the read-only area in the UKEY;
the local setting module is used for loading an authorization service program in the equipment to be authorized and loading the locally configured information of the items to be authorized from the local configuration file of the equipment to be authorized;
the decryption loading module is used for loading the authorization control information in the UKEY by the authorization service program, analyzing the authorization control information, checking the correctness of the to-be-authorized item information according to the authorization control information, and generating hardware fingerprint information of the equipment by combining the to-be-authorized item information after judging that the to-be-authorized item information is correct;
and the authorization completion module is used for generating an authorization file by the authorization service program according to the hardware fingerprint information of the equipment to complete authorization work.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110429993.4A CN113343183A (en) | 2021-04-21 | 2021-04-21 | Authorization method and system based on UKEY |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110429993.4A CN113343183A (en) | 2021-04-21 | 2021-04-21 | Authorization method and system based on UKEY |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113343183A true CN113343183A (en) | 2021-09-03 |
Family
ID=77468224
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110429993.4A Pending CN113343183A (en) | 2021-04-21 | 2021-04-21 | Authorization method and system based on UKEY |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113343183A (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101425112A (en) * | 2008-11-18 | 2009-05-06 | 北京大学 | Digital exequatur sending system and digital work decipher operation method |
| CN102629403A (en) * | 2012-03-14 | 2012-08-08 | 深圳市紫金支点技术股份有限公司 | USB (Universal Serial Bus) flash disk authorization method and system based on ATM (Automatic Teller Machine) equipment |
| CN112165382A (en) * | 2020-09-28 | 2021-01-01 | 大唐高鸿信安(浙江)信息科技有限公司 | Software authorization method and device, authorization server and terminal equipment |
| CN112559976A (en) * | 2020-12-08 | 2021-03-26 | 广联达科技股份有限公司 | Product authorization method and system |
-
2021
- 2021-04-21 CN CN202110429993.4A patent/CN113343183A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101425112A (en) * | 2008-11-18 | 2009-05-06 | 北京大学 | Digital exequatur sending system and digital work decipher operation method |
| CN102629403A (en) * | 2012-03-14 | 2012-08-08 | 深圳市紫金支点技术股份有限公司 | USB (Universal Serial Bus) flash disk authorization method and system based on ATM (Automatic Teller Machine) equipment |
| CN112165382A (en) * | 2020-09-28 | 2021-01-01 | 大唐高鸿信安(浙江)信息科技有限公司 | Software authorization method and device, authorization server and terminal equipment |
| CN112559976A (en) * | 2020-12-08 | 2021-03-26 | 广联达科技股份有限公司 | Product authorization method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7013390B1 (en) | Cryptographic policy filters and policy control method and apparatus | |
| EP2605175B1 (en) | Method and apparatus for checking field replaceable unit and communication device | |
| US7360241B1 (en) | Cryptographic policy filters and policy control method and apparatus | |
| US20060102716A1 (en) | PCMCIA-complaint Smart Card Secured Memory Assembly For Porting User Profiles and Documents | |
| CN112464212B (en) | Data authority control reconstruction method based on mature complex service system | |
| US9940146B2 (en) | Controlling the configuration of computer systems | |
| JP6476167B2 (en) | Self-authentication device and self-authentication method | |
| EP3545646A1 (en) | Cloud-implemented physical token based security | |
| US20040143741A1 (en) | Multi-stage authorisation system | |
| CN101447009A (en) | Method, device and system for installing software | |
| US10042989B2 (en) | Device activation | |
| CN109889334A (en) | Embedded firmware encrypting method, apparatus, wifi equipment and storage medium | |
| CN115913579B (en) | Registration application method and device for smart card certificate | |
| CN113343183A (en) | Authorization method and system based on UKEY | |
| CN114116059B (en) | Implementation method of multistage chained decompression structure cipher machine and cipher computing equipment | |
| CN114547592A (en) | Data processing method and device and electronic equipment | |
| CN114357423A (en) | Data security management system based on transparent encryption, computer equipment and terminal | |
| CN113518951A (en) | Control system, control method, and control device | |
| CN110942313A (en) | Gas card interaction method, gas card payment method and gas card reader | |
| CN104134025A (en) | Mobile terminal locking method and device based on SIM cards and mobile terminal | |
| WO2018017019A1 (en) | Personal security device and method | |
| CN117251876A (en) | Component authorization verification method and system of embedded controller | |
| CN112084518B (en) | Safety identification method based on communication control module | |
| CN108965216B (en) | Method for improving equipment ID security, client, storage medium and computer equipment | |
| CN108933765B (en) | Method, client and server for improving equipment ID security |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210903 |
|
| RJ01 | Rejection of invention patent application after publication |