CN113949516B - Unified authentication permission method, system and storage medium - Google Patents

Unified authentication permission method, system and storage medium Download PDF

Info

Publication number
CN113949516B
CN113949516B CN202111108247.1A CN202111108247A CN113949516B CN 113949516 B CN113949516 B CN 113949516B CN 202111108247 A CN202111108247 A CN 202111108247A CN 113949516 B CN113949516 B CN 113949516B
Authority
CN
China
Prior art keywords
authentication
hardware
license
information
party
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111108247.1A
Other languages
Chinese (zh)
Other versions
CN113949516A (en
Inventor
郭建波
陶永晶
靳志宾
吕占朋
王良佰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Haixing Zeke Information Technology Co ltd
Nanjing Haixing Power Grid Technology Co Ltd
Hangzhou Hexing Electrical Co Ltd
Ningbo Henglida Technology Co Ltd
Original Assignee
Hangzhou Haixing Zeke Information Technology Co ltd
Nanjing Haixing Power Grid Technology Co Ltd
Hangzhou Hexing Electrical Co Ltd
Ningbo Henglida Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Haixing Zeke Information Technology Co ltd, Nanjing Haixing Power Grid Technology Co Ltd, Hangzhou Hexing Electrical Co Ltd, Ningbo Henglida Technology Co Ltd filed Critical Hangzhou Haixing Zeke Information Technology Co ltd
Priority to CN202111108247.1A priority Critical patent/CN113949516B/en
Publication of CN113949516A publication Critical patent/CN113949516A/en
Application granted granted Critical
Publication of CN113949516B publication Critical patent/CN113949516B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a unified authentication and permission method and a unified authentication and permission system, wherein the method comprises the following steps: acquiring hardware authentication server information, and generating hardware authentication information according to the hardware authentication server information; the client sends a license service request to a hardware authentication server, wherein the license service request comprises hardware authentication information and the third party authentication license service platform version, and the hardware authentication server sends the request to a corresponding third party authentication license service platform after passing authentication; the third party authentication License service platform acquires the hardware authentication information, and generates a License file according to the hardware authentication information and the self business data; the third party authentication License service platform issues a corresponding License file according to the client request information; and acquiring heartbeat data of the authentication license service instance of the third-party authentication license service platform, calculating the heartbeat interval of the next authentication license service instance according to a sliding time window algorithm, and executing capacity expansion of the authentication license service.

Description

Unified authentication permission method, system and storage medium
Technical Field
The invention relates to the technical field of service authentication of platforms, in particular to a unified authentication permission method and system.
Background
Currently, the mainstream authentication schemes in the market are divided into two types: off-line authentication code authentication and on-line server authentication. The off-line authentication realizes service management mainly by purchasing legal license, and the scheme is suitable for the scene that the client service is provided with service under the condition of no network or private local area network and the client service is authenticated; the online authentication scheme is generally realized by providing a service authentication server by a service party, and the client service directly communicates with the authentication server in a networking scene to meet the requirement of service authentication.
The existing authentication service mode can only deal with the scene of less servers by manually completing steps such as recording, approval and the like, the technology of containerization, distributed deployment and the like is popular nowadays, and more containerized services can lead to the rapid increase of the service quantity, so that License (License) authentication related work is rapidly increased. Especially when a work order is proliferated when special conditions (such as License and expiration failure) are met, the manual approval can easily lead the customer to wait for a long time, and bad experience is brought to the customer.
For clients, authentication is performed through hardware information, each virtualized service needs to apply for a License to perform service activation, the clients are unacceptable, after the containers are newly added and deleted in certain virtualization technologies, the hardware information of the container virtualization can be changed, the original License cannot be used, and the client operation amount needs to be increased due to re-application. For the third party service of the application platform service, the authentication service cannot be reused, so that the third party service needs to redevelop the authentication scheme of the application, functional redundancy is caused, and the possibility of difficult management and conflict occurs in the later period of software life.
Disclosure of Invention
One of the purposes of the invention is to provide a unified authentication permission method and a unified authentication permission system, which adopt a roulette encryption algorithm and a heartbeat sliding time window algorithm to execute efficient and safe authentication permission information transmission, so that the security of data transmission is improved, wherein the roulette encryption algorithm adopts a long key to search a short key to optimize the memory occupation of a server, and the security performance of symmetric encryption is improved.
The invention further aims to provide a unified authentication permission method and a unified authentication permission system, which integrate a sliding time window algorithm of heartbeat into an authentication request, take the time length as the length of a sliding window, dynamically calculate the next request interval of a current instance, and reduce the bandwidth frequently occupied by the heartbeat under the condition of ensuring multiple service instances so as to improve the performance of a server.
The invention further aims to provide a unified authentication permission method and a unified authentication permission system, wherein the unified authentication permission server is adopted in the method and the system, unified management of authentication behaviors is achieved in a mode that one entity server authenticates a plurality of virtual servers, and flow efficiency of clients and approval personnel is improved.
Another object of the present invention is to provide a unified authentication license method and system, which embed third party authentication information into a license file, so that the third party can perform customized processing on own authentication information.
In order to achieve at least one of the above objects, the present invention further provides a unified authentication license method for cloud server deployment, the method comprising the steps of:
acquiring hardware authentication server information, and generating hardware authentication information according to the hardware authentication server information;
the client sends a license service request to a hardware authentication server, wherein the license service request comprises hardware authentication information and the third party authentication license service platform version, and the hardware authentication server sends the request to a corresponding third party authentication license service platform after passing authentication;
the third party authentication License service platform acquires the hardware authentication information, and generates a License file according to the hardware authentication information and the self business data;
the third party authentication License service platform issues a corresponding License file according to the client request information;
and acquiring heartbeat data of the authentication license service instance of the third-party authentication license service platform, calculating the heartbeat interval of the next authentication license service instance according to a sliding time window algorithm, and executing capacity expansion of the authentication license service.
According to one preferred embodiment of the present invention, the authentication method of the third party license service platform includes:
the hardware authentication server acquires a License file encrypted by a third party authentication License service platform;
the hardware authentication server analyzes the encrypted License file and acquires hardware authentication information;
authenticating a current License file according to the hardware authentication information;
and storing the License file passing the authentication in a specified path.
According to another preferred embodiment of the present invention, the method for generating hardware authentication information includes:
CPU hardware information, MAC address and main board information of the hardware authentication server are obtained, and the CPU hardware information, the MAC address and the main board information are encrypted to obtain the unique hardware authentication information.
According to another preferred embodiment of the present invention, the License file generating method includes:
acquiring business data of a third party authentication license service platform;
acquiring a license service request forwarded by a hardware authentication server, and analyzing hardware authentication information in the license service request;
establishing authentication rules of License;
and compiling the service data, the hardware authentication information and the authentication rule of the License into a License file.
According to another preferred embodiment of the present invention, heartbeat data of an authentication and permission service instance is obtained, and the sliding time window algorithm is adopted to expand the capacity of the authentication and permission service instance, and the specific expansion method includes:
acquiring a self-defined authentication permission service instance time interval x, wherein the sliding number of the current time node is y, and the time interval f (x, y) of the next authentication permission service instance is:
and establishing a time interval of the expected authentication license service instance, and if the time interval of the next authentication license service instance is smaller than the time interval of the expected authentication license service instance, executing interval capacity expansion of the successfully established authentication license service instance.
According to another preferred embodiment of the present invention, the interval expansion method for the authentication license service instance which has been successfully established includes the following steps:
and recording the heartbeat interval of each authentication and permission service instance, and changing the current heartbeat interval into x/y times of the previous heartbeat interval if the current heartbeat interval is within the time interval range of the expected authentication and permission service instance.
According to another preferred embodiment of the present invention, the following operations are further performed according to the sliding time window algorithm: judging the state of all the current authentication and permission service instances, and deleting the dead authentication and permission service instances;
setting the maximum value of the authentication allowed service instances of the hardware device, and recording the number of the authentication allowed service instances which survive currently and the number of the heartbeat which survive.
According to another preferred embodiment of the present invention, the authentication and permission method further includes the steps of:
the hardware authentication server generates a ring key and sends the ring key, the current encryption starting point and the random length to a third party authentication license service platform and a client;
encrypting the information to be sent by the client by adopting a wheel disc encryption algorithm according to the encryption request of the client or the third party authentication License service platform;
the client or the third party authentication license service platform generates a next encryption starting point and a random length, and sends the next encryption starting point and the random length to the hardware authentication server, and the current annular key is encrypted by adopting the next annular key;
and sending the encryption result to the hardware authentication server, and analyzing the next annular key according to the current encryption request by the hardware authentication server and finally decrypting according to the next annular key.
In order to achieve at least one of the above objects, the present invention further provides a unified authentication and approval system for cloud server deployment, which performs the above unified authentication and approval method for cloud server deployment
The present invention further provides a computer readable storage medium storing a computer program executable by a processor to perform a unified authentication licensing method of cloud server deployment as described above.
Drawings
Fig. 1 shows a flowchart of a unified authentication and permission method for cloud server deployment.
Fig. 2 shows a schematic diagram of a sliding time window algorithm in the present invention.
Fig. 3 shows a schematic diagram of the roulette algorithm.
Detailed Description
The following description is presented to enable one of ordinary skill in the art to make and use the invention. The preferred embodiments in the following description are by way of example only and other obvious variations will occur to those skilled in the art. The basic principles of the invention defined in the following description may be applied to other embodiments, variations, modifications, equivalents, and other technical solutions without departing from the spirit and scope of the invention.
It will be understood that the terms "a" and "an" should be interpreted as referring to "at least one" or "one or more," i.e., in one embodiment, the number of elements may be one, while in another embodiment, the number of elements may be plural, and the term "a" should not be interpreted as limiting the number.
Referring to fig. 1-3, the present invention provides a unified license authentication method and system, where the system mainly includes a client, a third party license authentication service platform deployed on a cloud server, and a hardware authentication server executing a unified license authentication service. The invention executes a heartbeat sliding time window algorithm through the hardware authentication server, so that the hardware authentication server can execute high-efficiency, convenient and unified authentication license service and can be used for interfacing different authentication license instances.
Specifically, the authentication license service includes the steps of: the hardware authentication server establishes communication connection with the client and the third party authentication permission service platform respectively, wherein the hardware authentication server is built in the entity server, the third party permission authentication service platform is built in the virtual cloud server, hardware authentication information is established through parameters including CPU hardware information, MAC address, main board information and the like of the entity server hardware, and the hardware authentication information is used as authentication parameters of a License file. The hardware authentication information generation method comprises the following steps: CPU hardware information, MAC address and main board information of the hardware authentication server are obtained, the CPU hardware information, the MAC address and the main board information are encrypted according to preset rules, and encrypted hardware authentication information is generated, for example, an encryption result can be: 6903772679D594EDA7284B25370B8396, wherein the encryption algorithm can be selected as desired, including but not limited to elliptic encryption algorithm, hash encryption, etc., which the present invention is not limited to in detail.
In one preferred embodiment of the present invention, the hardware authentication server may send hardware authentication information to the client and the third party service platform, respectively, and the client selects the version information of the authentication license service platform and the hardware authentication server according to the need to generate an authentication license service request, where the authentication license service request includes a service request parameter, and the client authentication license service request is sent to the hardware authentication server, where the hardware authentication server determines whether the request is legal after obtaining the authentication license service request, and if so, forwards the authentication license service request to the corresponding authentication license service platform according to the version of the authentication license service platform according to the hardware authentication information in the parsed authentication license service request, and it needs to be explained that, since the version data of the platform is unique and the hardware authentication information is unique, it can ensure that the request of the client is unique.
After acquiring the authentication License service request information issued by the hardware authentication server, the authentication License service platform judges whether the hardware authentication information is legal or not according to the hardware authentication information, and if so, encodes the hardware authentication information and service data to form a License file, wherein the service data carries out the addition of the service data according to the service parameters in the authentication License service request, and the service data comprises registration information of the authentication License service platform and a self-defined authentication License logic code. In the License file establishing process, the hardware authentication information and the service data are required to be encrypted, and the encrypted License file is sent to a hardware authentication server.
The hardware authentication server acquires the encrypted License file, stores the encrypted License file in a designated directory, further analyzes the License file, activates the hardware authentication server according to the hardware authentication information in the analyzed License file, automatically acquires authentication permission service platform registration information in service data if the hardware authentication information is the same, and executes customizable authentication permission logic.
In another preferred embodiment of the present invention, the hardware authentication server does not issue hardware authentication information to the client and the third party authentication license service platform after generating the hardware authentication information, so that the hardware authentication information is not embedded in the authentication license request information, and the hardware authentication server may be configured into a plurality of or clustered settings, each hardware authentication server generates unique hardware authentication information according to its own related data, the client hardware authentication server sends an authentication service request, and the hardware authentication server encrypts the hardware authentication information and embeds the encrypted hardware authentication information into the authentication license service request, where the hardware authentication information includes CPU hardware information, MAC address and information after encryption of motherboard information. The hardware authentication server sends the authentication License service request to a third party authentication License service platform of a corresponding version, after the third party authentication License service platform obtains the authentication License request, the third party authentication License service platform decrypts and obtains hardware authentication information in the authentication License request, further generates License files after the decrypted hardware authentication information and the third party authentication License service platform generate business data encryption codes according to the authentication License service request, the third party authentication License service platform uploads the License files to the hardware authentication server, the hardware authentication server analyzes the hardware authentication information in the License files, stores the License files in a designated path, and starts authentication License services corresponding to the business data according to the hardware authentication information in the License files. In this embodiment, no hardware authentication information is required to be issued, and one hardware authentication server can authenticate a plurality of virtual application servers (third party authentication license service platforms) deployed based on cloud. It should be noted that, the authentication rule in the License file may be set according to the third party authentication License service platform, and the detailed rule of the present invention will not be described in detail.
It is worth mentioning that the invention also judges whether the accessed service instance is legal based on the heartbeat sliding time window algorithm, and the specific steps include:
obtaining heartbeat data of a licensed service instance, presetting a user-defined service instance time interval x, wherein the unit is/second, and the definition y is the y-th sliding, and the current instance node interval can be expressed as:
the sliding time window algorithm based on the dynamic heartbeat can calculate the heartbeat time interval of the next instance, release the access quantity of the hardware authentication server to the greatest extent, and perform interval capacity expansion on the authenticated service instance, reduce the heartbeat times, ensure the bandwidth occupation reduction caused by the heartbeat and increase the bandwidth utilization rate.
The hardware authentication server may record heartbeat data of each authentication license instance, and execute heartbeat capacity expansion according to the sliding time window algorithm, where the heartbeat capacity expansion method includes the following steps:
recording the expected heartbeat time of the authentication permission server according to the sliding time window;
if the heartbeat of the next authentication and permission service instance is within the expected heartbeat time, performing heartbeat interval capacity expansion operation, wherein the specific method is to change the next heartbeat interval into x/y times of the previous heartbeat interval, and the heartbeat of the next authentication and permission service instance is no longer within the expected heartbeat time, so that the heartbeat capacity expansion is not performed, and the establishment of a new permission authentication service instance is stopped.
The invention further executes the encrypted communication between the hardware authentication server and the client and the authentication license service platform respectively, wherein the invention prefers a wheel disc encryption algorithm to execute the encrypted communication, and the wheel disc encryption algorithm comprises the following steps:
the hardware authentication server generates a ring key, the client or the authentication license server platform obtains the complete ring key through an http request, and obtains the encryption starting point and random length of the ring key through the http request, for example: the client encrypts the license authentication request information through the key related information acquired by the hardware authentication server, encrypts the next encryption starting point and the key length randomly generated by the client through the last encryption key, and the hardware authentication server decrypts the decryption key of the last encryption request and decrypts other communication contents through the decryption key of the current time. The scheme has the advantages that for different example clients, the server only needs to generate a large key ring, the ring is divided into actual encryption keys through the idea of ring decomposition, the low key repeatability is ensured, and the key can be recycled due to the characteristics of the ring.
For example, please refer to the schematic diagram of the disk encryption algorithm shown in fig. 3, wherein start is 5 as the encryption start point, the random length is 6 as the len value in the figure, and the actual key is: 58kpyb, the actual key is not transmitted in the data transmission process, only 5 and 6 are transmitted, the key is used for encryption by the 5 and 6, and the key is generated by random cutting of the client or the ring key of the license service authentication platform.
In particular, according to embodiments of the present disclosure, the processes described above with reference to flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method shown in the flowcharts. In such embodiments, the computer program may be downloaded and installed from a network via a communication portion, and/or installed from a removable medium. The above-described functions defined in the method of the present application are performed when the computer program is executed by a Central Processing Unit (CPU). It should be noted that the computer readable medium described in the present application may be a computer readable signal medium or a computer readable storage medium, or any combination of the two. The computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the above. More specific examples of the computer-readable storage medium may include, but are not limited to: an electrical connection having one or more wire segments, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present application, however, a computer-readable signal medium may include a data signal propagated in baseband or as part of a carrier wave, with computer-readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
It will be understood by those skilled in the art that the embodiments of the present invention described above and shown in the drawings are merely illustrative and not restrictive of the current invention, and that this invention has been shown and described with respect to the functional and structural principles thereof, without departing from such principles, and that any modifications or adaptations of the embodiments of the invention may be possible and practical.

Claims (8)

1. A unified authentication licensing method for cloud server deployment, the method comprising the steps of:
the hardware authentication server acquires hardware authentication server information and generates hardware authentication information according to the hardware authentication server information;
the client sends a license service request to a hardware authentication server, wherein the license service request comprises hardware authentication information and a third party authentication license service platform version, and the hardware authentication server sends the request to a corresponding third party authentication license service platform after passing authentication;
the third party authentication License service platform acquires the hardware authentication information, and generates a License file according to the hardware authentication information and the self business data;
the third party authentication License service platform issues a corresponding License file to the hardware authentication server;
the hardware authentication server acquires heartbeat data of an authentication license service instance of the third party authentication license service platform, calculates the heartbeat interval of the next authentication license service instance according to a sliding time window algorithm, and executes capacity expansion of the authentication license service instance;
the hardware authentication server acquires heartbeat data of the authentication allowed service instance, and expands the authentication allowed service instance by adopting the sliding time window algorithm, and the specific expansion method comprises the following steps:
acquiring a self-defined heartbeat interval x of the authentication and permission service instance, wherein the sliding times of the current time node are y, and the heartbeat interval of the next authentication and permission service instanceThe method comprises the following steps:
establishing a heartbeat interval of an expected authentication and permission service instance, and if the heartbeat interval of the next authentication and permission service instance is in the heartbeat interval of the expected authentication and permission service instance, executing interval capacity expansion of the successfully established authentication and permission service instance;
the interval capacity expansion method of the authentication permission service instance which is established successfully comprises the following steps:
and recording the heartbeat interval of each authentication and permission service instance, and changing the current heartbeat interval into x/y times of the previous heartbeat interval if the current heartbeat interval is within the heartbeat interval range of the expected authentication and permission service instance.
2. The unified authentication licensing method of a cloud server deployment of claim 1, wherein the authentication method of the third party authentication licensing service platform comprises:
the hardware authentication server acquires a License file encrypted by a third party authentication License service platform;
the hardware authentication server analyzes the encrypted License file and acquires hardware authentication information;
authenticating a current License file according to the hardware authentication information;
and storing the License file passing the authentication in a specified path.
3. The unified authentication permission method of cloud server deployment according to claim 1, wherein the generation method of the hardware authentication information comprises:
CPU hardware information, MAC address and main board information of the hardware authentication server are obtained, and the CPU hardware information, the MAC address and the main board information are encrypted to obtain the unique hardware authentication information.
4. The unified authentication License method of cloud server deployment according to claim 1, wherein the License file generation method comprises:
acquiring business data of a third party authentication license service platform;
acquiring an authentication permission service request forwarded by a hardware authentication server, and analyzing hardware authentication information in the authentication permission service request;
establishing authentication rules of License;
and compiling the service data, the hardware authentication information and the authentication rule of the License into a License file.
5. The unified authentication licensing method of a cloud server deployment of claim 1, further performing the following operations according to the sliding time window algorithm: judging the state of all the current authentication and permission service instances, and deleting the dead authentication and permission service instances;
setting the maximum value of the authentication allowed service instances of the hardware device, and recording the number of the authentication allowed service instances which survive currently and the number of the heartbeat which survive.
6. The unified authentication licensing method of a cloud server deployment of claim 1, further comprising the steps of:
the hardware authentication server generates a current ring key and sends the current ring key, a current encryption starting point and a current random length to a third party authentication license service platform and a client;
the third party authentication License service platform and the client encrypt the current License file and the information to be sent by the current client by adopting a wheel disc encryption algorithm to generate a current encryption request;
the client or the third party authentication license service platform generates a next encryption starting point, the client randomly generates a random length, and the client or the third party authentication license service platform encrypts the next encryption starting point and the random length by adopting a current annular key;
and the client or the third party authentication license service platform sends the encryption result to the hardware authentication server, and the hardware authentication server analyzes the next annular key according to the current encryption request and finally decrypts according to the next annular key.
7. A unified authentication licensing system for cloud server deployment, the system comprising:
a third party authentication license service platform;
a hardware authentication server;
a client;
the hardware authentication server establishes communication connection with the client and the third party authentication license service platform respectively, and the hardware authentication server executes the unified authentication license method deployed by the cloud server according to any one of claims 1-6 with the client and the third party authentication license service platform respectively.
8. A computer readable storage medium, characterized in that the computer readable storage medium stores a computer program, which is executed by a processor to implement a unified authentication licensing method of cloud server deployment according to any of the preceding claims 1-6.
CN202111108247.1A 2021-09-22 2021-09-22 Unified authentication permission method, system and storage medium Active CN113949516B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111108247.1A CN113949516B (en) 2021-09-22 2021-09-22 Unified authentication permission method, system and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111108247.1A CN113949516B (en) 2021-09-22 2021-09-22 Unified authentication permission method, system and storage medium

Publications (2)

Publication Number Publication Date
CN113949516A CN113949516A (en) 2022-01-18
CN113949516B true CN113949516B (en) 2023-07-18

Family

ID=79328839

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111108247.1A Active CN113949516B (en) 2021-09-22 2021-09-22 Unified authentication permission method, system and storage medium

Country Status (1)

Country Link
CN (1) CN113949516B (en)

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9065825B2 (en) * 2010-02-05 2015-06-23 International Business Machines Corporation Method and system for license management
CN103164663B (en) * 2011-12-12 2016-06-29 深圳市腾讯计算机系统有限公司 A kind of server overload guard method based on sliding window and device
CN102497374A (en) * 2011-12-13 2012-06-13 方正国际软件有限公司 Off-line available software license centralized security authentication system based on cloud computation, and method of the same
CN103853918B (en) * 2014-02-21 2017-01-04 南京邮电大学 A kind of cloud computing server dispatching method based on free time prediction
US10706130B2 (en) * 2015-02-06 2020-07-07 Macpaw Inc. System and method for software activation and license tracking
CN109302370B (en) * 2017-07-24 2021-11-02 上海牛卡网络科技有限公司 Client verification method, terminal and server
CN110798466B (en) * 2019-10-29 2021-11-19 西安雷风电子科技有限公司 Verification method and system for software license in virtual machine scene

Also Published As

Publication number Publication date
CN113949516A (en) 2022-01-18

Similar Documents

Publication Publication Date Title
CN111538996B (en) Trusted starting method and device of block chain all-in-one machine
US11153085B2 (en) Secure distributed storage of encryption keys
CN111541553B (en) Trusted starting method and device of block chain all-in-one machine
US9954834B2 (en) Method of operating a computing device, computing device and computer program
US10419214B2 (en) Mobile device management delegate for managing isolated devices
CN110661748B (en) Log encryption method, log decryption method and log encryption device
CN110611657A (en) File stream processing method, device and system based on block chain
US10181954B2 (en) Cloud-based code signing service—hybrid model to avoid large file uploads
CN111814131B (en) Method and device for equipment registration and configuration management
CN105553942A (en) Method and system of applying jump
CN108846671B (en) Online secure transaction method and system based on block chain
CN110602132A (en) Data encryption and decryption processing method
CN113949516B (en) Unified authentication permission method, system and storage medium
CN110011807B (en) Key information maintenance method and system
CN103530169A (en) Method for protecting virtual machine files and user terminal
US11722295B2 (en) Methods, apparatus, and articles of manufacture to securely audit communications
US11455103B2 (en) Cloud secured storage system utilizing multiple cloud servers with processes of file segmentation, encryption and generation of data chunks
US10313315B2 (en) Ensuring information security in data transfers by utilizing proximity keys
CN110619236A (en) File authorization access method, device and system based on file credential information
US11909885B2 (en) Passive optical network security
KR20190111748A (en) Method for generating address information used in transaction of cryptocurrency based on blockchain, electronic apparatus and computer readable recording medium
KR102398380B1 (en) Method and system for key exchagne
CN113420331B (en) Method and device for managing file downloading permission
CN108933765B (en) Method, client and server for improving equipment ID security
CN108965216B (en) Method for improving equipment ID security, client, storage medium and computer equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant